ldap_group_to_xpand_role for MariaDB Xpand
This page is part of MariaDB's Documentation.
The parent of this page is: System Variables for MariaDB Xpand
Topics on this page:
Overview
In 23.09:
Regex for transforming an LDAP group DN into an Xpand role.
In 6.1, 6.0, 5.3:
Not present
See also: System Variables for MariaDB Xpand 23.09, in 6.1, in 6.0, and in 5.3
USAGE
The ldap_group_to_xpand_role
system variable can be set by executing SET GLOBAL
:
SET GLOBAL ldap_group_to_xpand_role = '<regex>';
Using SET GLOBAL
to set the value of a global variable in Xpand causes a change that will persist on restart.
DETAILS
The ldap_group_to_xpand_role
system variable sets the regex for transforming an LDAP group DN into an Xpand role.
Standard regex capture groups can be specified in the match pattern with parentheses.
The replacement pattern of the regex can specify backreferences to capture groups from the match pattern in the form of \N
, where N
is a number from 1
to 9
Given the nature of writing backslashes in SQL string literals, the backslash needs to be escaped with another backslash, so a backreference of \1
should be typed as \\1
in the string literal.
These LDAP group DNs are collected from the query specified by ldap_group_query
The desired Xpand roles must be created beforehand. These are regular roles created with CREATE ROLE
SYNONYMS
SCHEMA
PARAMETERS
SKYSQL
PRIVILEGES
EXAMPLES
The following regex will derive the Xpand role name of admins
for an LDAP group DN of cn=admins,ou=groups,dc=example,dc=com
:
SET GLOBAL ldap_group_to_xpand_role = '/^cn=(.+),ou=groups,dc=example,dc=com$/\\1/';
ERROR HANDLING
FEATURE INTERACTION
RESPONSES
DIAGNOSIS
ISO 9075:2016
CHANGE HISTORY
Release Series | History |
---|---|
23.09 |
|
6.1 |
|
6.0 |
|
5.3 |
|