mySQL and Active Directory 2003

Get help on databases - MySQL, Oracle, Access, etc.
Post Reply
DarkRanger
Registered User
Posts: 8343
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

mySQL and Active Directory 2003

Post by DarkRanger »

I want to know if it is possible to import the Active Directory on our Server 2003 to a mySQL database. The reason I am asking is because I need to use the database as a security check when users log into our intraweb. When they log in, the username and password will be checked with what we have on DB. I also want to have this as automated as possible.

Is there any way I can do this? Preferably mySQL since I'm already scripting in that language, otherwise, any alternative method that will make this do-able?

Thanx.
Image
User avatar
hamin_aus
Forum Moderator
Posts: 18358
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: EVGA GTX680 SC
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: mySQL and Active Directory 2003

Post by hamin_aus »

DarkRanger wrote:I want to know if it is possible to import the Active Directory on our Server 2003 to a mySQL database.
Image

If you wanted to authenticate using AD you should have used Microsoft SQL Server.
You could use SQL Server Express - its free, but it only supports data files up to 4GB in size...
Image
DarkRanger
Registered User
Posts: 8343
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: mySQL and Active Directory 2003

Post by DarkRanger »

I did think about it and I thought it was possible. Which, it clearly isn't. So the only way to get the AD into a DB automatically is with Microsoft SQL server?
Image
User avatar
hamin_aus
Forum Moderator
Posts: 18358
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: EVGA GTX680 SC
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: mySQL and Active Directory 2003

Post by hamin_aus »

You can't import AD into any DB.
With MSSQL you use AD for authentication - which is what I think you want.
Image
DarkRanger
Registered User
Posts: 8343
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: mySQL and Active Directory 2003

Post by DarkRanger »

OK, how much different is mySQL to MSSQL (query wise) and what would I need to use the AD for Authentication?

Also, before this goes into the complicatedness of SQL, will I be able to get the users details from the AD on authentication? For instance, say he logs in successfully, and I want to retrieve the users name and save it in the session info, would that be possible? I'm assuming it would, and can be done in the same/similar way that it is done with SQL access? (SELECT * FROM users WHERE $loginname = 'username' *purely used as an example to show what I mean).

EDIT:
Okay, found some reading on SQL Server and Active Directory interaction.

So all you say I need is SQL Server Express to get started? Do I install this on any machine (as example, the machine I'll be running the intraweb off) or must it be on the Server with Active Directory on?

EDIT 2:

Seems php.net has a lot of reading for me too regarding setting it up with PHP.

If you think there is anything more to add to this jamin, please post here. I can use all the help I can get regarding this.
Image
User avatar
hamin_aus
Forum Moderator
Posts: 18358
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: EVGA GTX680 SC
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: mySQL and Active Directory 2003

Post by hamin_aus »

Authenticating with AD in MSSQL is as simple as adding a users AD account to SQL.
That is it. After that, they give their AD login credentials when accessing the intranet and SQL will check with AD if the username\password is correct and then allow the user access. You can log the username, login time etc quite easily as well.

I'm not sure if you can do the same in mySQL - wait a bit for a mySQL guru to get back to you on that - it seems you have started in mySQL and you know it better than MSSQL, so if it's possible to do what you want in mySQL maybe it's best you try that route...
Image
DarkRanger
Registered User
Posts: 8343
Joined: 10 May 2006, 02:00
Processor: Intel i5-3750
Motherboard: Gigabyte
Graphics card: nVidia GTX 550Ti
Memory: 8GB Jetram
Contact:

Re: mySQL and Active Directory 2003

Post by DarkRanger »

Okay cool. I'll just wait around abit and still browse google...
Image
DeeVeeDee
Registered User
Posts: 172
Joined: 09 Apr 2010, 15:18

Re: mySQL and Active Directory 2003

Post by DeeVeeDee »

I'm Trying to understand what you want to do.
Instead of directly checking with AD if a user has spesiffic rights you rather want to copy AD into a MySQL database.
and then after that Sync it on a regular basis (Automatically)

This is how AD works.
When loging into Windows your PC keeps your credentials in memory and passes your user name to the AD server on almost everything you do.
I.E when opening Outlook connected to exchange it will pass your User name and Password to AD via Port 389(Not Encrypted) or 636 Encrypted and AD will then Deny or Allow you access to your mailbox
or in some cases applications ask AD if a user has access or not by returning True or False by using an Authorized user to query LDAP.
So you basically need to query AD using Open LDAP somehow if you know how to use the LDAP protocol.
I dont know how you will accomplish that but i think the way you want to do it is worth the try.

http://www.computerperformance.co.uk/Lo ... Export.htm
Is a utillity that can extract ldap to CSV maybe search for a utillity that can dump AD accounts to CSV.
I just dont know how you will go about the passwords though cus you wont be able to dump those.
_̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡
Richard_
Registered User
Posts: 2295
Joined: 18 May 2003, 02:00
Location: Durban, South Africa

Re: mySQL and Active Directory 2003

Post by Richard_ »

Active Directory is fully LDAP3 compliant, and as such the best and most correct way of interfacing with AD is through LDAP. Most languages will support LDAP natively or at the very least through an additional library, which makes it as simple as constructing a correct LDAP query to authenticate against your AD.
Post Reply