I want to know if it is possible to import the Active Directory on our Server 2003 to a mySQL database. The reason I am asking is because I need to use the database as a security check when users log into our intraweb. When they log in, the username and password will be checked with what we have on DB. I also want to have this as automated as possible.
Is there any way I can do this? Preferably mySQL since I'm already scripting in that language, otherwise, any alternative method that will make this do-able?
Thanx.
mySQL and Active Directory 2003
-
- Registered User
- Posts: 8346
- Joined: 10 May 2006, 02:00
- Processor: Intel i5-3750
- Motherboard: Gigabyte
- Graphics card: nVidia GTX 550Ti
- Memory: 8GB Jetram
- Contact:
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Re: mySQL and Active Directory 2003
DarkRanger wrote:I want to know if it is possible to import the Active Directory on our Server 2003 to a mySQL database.
If you wanted to authenticate using AD you should have used Microsoft SQL Server.
You could use SQL Server Express - its free, but it only supports data files up to 4GB in size...
-
- Registered User
- Posts: 8346
- Joined: 10 May 2006, 02:00
- Processor: Intel i5-3750
- Motherboard: Gigabyte
- Graphics card: nVidia GTX 550Ti
- Memory: 8GB Jetram
- Contact:
Re: mySQL and Active Directory 2003
I did think about it and I thought it was possible. Which, it clearly isn't. So the only way to get the AD into a DB automatically is with Microsoft SQL server?
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Re: mySQL and Active Directory 2003
You can't import AD into any DB.
With MSSQL you use AD for authentication - which is what I think you want.
With MSSQL you use AD for authentication - which is what I think you want.
-
- Registered User
- Posts: 8346
- Joined: 10 May 2006, 02:00
- Processor: Intel i5-3750
- Motherboard: Gigabyte
- Graphics card: nVidia GTX 550Ti
- Memory: 8GB Jetram
- Contact:
Re: mySQL and Active Directory 2003
OK, how much different is mySQL to MSSQL (query wise) and what would I need to use the AD for Authentication?
Also, before this goes into the complicatedness of SQL, will I be able to get the users details from the AD on authentication? For instance, say he logs in successfully, and I want to retrieve the users name and save it in the session info, would that be possible? I'm assuming it would, and can be done in the same/similar way that it is done with SQL access? (SELECT * FROM users WHERE $loginname = 'username' *purely used as an example to show what I mean).
EDIT:
Okay, found some reading on SQL Server and Active Directory interaction.
So all you say I need is SQL Server Express to get started? Do I install this on any machine (as example, the machine I'll be running the intraweb off) or must it be on the Server with Active Directory on?
EDIT 2:
Seems php.net has a lot of reading for me too regarding setting it up with PHP.
If you think there is anything more to add to this jamin, please post here. I can use all the help I can get regarding this.
Also, before this goes into the complicatedness of SQL, will I be able to get the users details from the AD on authentication? For instance, say he logs in successfully, and I want to retrieve the users name and save it in the session info, would that be possible? I'm assuming it would, and can be done in the same/similar way that it is done with SQL access? (SELECT * FROM users WHERE $loginname = 'username' *purely used as an example to show what I mean).
EDIT:
Okay, found some reading on SQL Server and Active Directory interaction.
So all you say I need is SQL Server Express to get started? Do I install this on any machine (as example, the machine I'll be running the intraweb off) or must it be on the Server with Active Directory on?
EDIT 2:
Seems php.net has a lot of reading for me too regarding setting it up with PHP.
If you think there is anything more to add to this jamin, please post here. I can use all the help I can get regarding this.
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Re: mySQL and Active Directory 2003
Authenticating with AD in MSSQL is as simple as adding a users AD account to SQL.
That is it. After that, they give their AD login credentials when accessing the intranet and SQL will check with AD if the username\password is correct and then allow the user access. You can log the username, login time etc quite easily as well.
I'm not sure if you can do the same in mySQL - wait a bit for a mySQL guru to get back to you on that - it seems you have started in mySQL and you know it better than MSSQL, so if it's possible to do what you want in mySQL maybe it's best you try that route...
That is it. After that, they give their AD login credentials when accessing the intranet and SQL will check with AD if the username\password is correct and then allow the user access. You can log the username, login time etc quite easily as well.
I'm not sure if you can do the same in mySQL - wait a bit for a mySQL guru to get back to you on that - it seems you have started in mySQL and you know it better than MSSQL, so if it's possible to do what you want in mySQL maybe it's best you try that route...
-
- Registered User
- Posts: 8346
- Joined: 10 May 2006, 02:00
- Processor: Intel i5-3750
- Motherboard: Gigabyte
- Graphics card: nVidia GTX 550Ti
- Memory: 8GB Jetram
- Contact:
Re: mySQL and Active Directory 2003
Okay cool. I'll just wait around abit and still browse google...
Re: mySQL and Active Directory 2003
I'm Trying to understand what you want to do.
Instead of directly checking with AD if a user has spesiffic rights you rather want to copy AD into a MySQL database.
and then after that Sync it on a regular basis (Automatically)
This is how AD works.
When loging into Windows your PC keeps your credentials in memory and passes your user name to the AD server on almost everything you do.
I.E when opening Outlook connected to exchange it will pass your User name and Password to AD via Port 389(Not Encrypted) or 636 Encrypted and AD will then Deny or Allow you access to your mailbox
or in some cases applications ask AD if a user has access or not by returning True or False by using an Authorized user to query LDAP.
So you basically need to query AD using Open LDAP somehow if you know how to use the LDAP protocol.
I dont know how you will accomplish that but i think the way you want to do it is worth the try.
http://www.computerperformance.co.uk/Lo ... Export.htm
Is a utillity that can extract ldap to CSV maybe search for a utillity that can dump AD accounts to CSV.
I just dont know how you will go about the passwords though cus you wont be able to dump those.
Instead of directly checking with AD if a user has spesiffic rights you rather want to copy AD into a MySQL database.
and then after that Sync it on a regular basis (Automatically)
This is how AD works.
When loging into Windows your PC keeps your credentials in memory and passes your user name to the AD server on almost everything you do.
I.E when opening Outlook connected to exchange it will pass your User name and Password to AD via Port 389(Not Encrypted) or 636 Encrypted and AD will then Deny or Allow you access to your mailbox
or in some cases applications ask AD if a user has access or not by returning True or False by using an Authorized user to query LDAP.
So you basically need to query AD using Open LDAP somehow if you know how to use the LDAP protocol.
I dont know how you will accomplish that but i think the way you want to do it is worth the try.
http://www.computerperformance.co.uk/Lo ... Export.htm
Is a utillity that can extract ldap to CSV maybe search for a utillity that can dump AD accounts to CSV.
I just dont know how you will go about the passwords though cus you wont be able to dump those.
_̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡
Re: mySQL and Active Directory 2003
Active Directory is fully LDAP3 compliant, and as such the best and most correct way of interfacing with AD is through LDAP. Most languages will support LDAP natively or at the very least through an additional library, which makes it as simple as constructing a correct LDAP query to authenticate against your AD.