ldap_group_to_xpand_role for MariaDB Xpand

Overview

In 23.09:

Regex for transforming an LDAP group DN into an Xpand role.

In 6.1, 6.0, 5.3:

Not present

See also: System Variables for MariaDB Xpand 23.09, in 6.1, in 6.0, and in 5.3

USAGE

The ldap_group_to_xpand_role system variable can be set by executing SET GLOBAL:

SET GLOBAL ldap_group_to_xpand_role = '<regex>';

Using SET GLOBAL to set the value of a global variable in Xpand causes a change that will persist on restart.

DETAILS

The ldap_group_to_xpand_role system variable sets the regex for transforming an LDAP group DN into an Xpand role.

Standard regex capture groups can be specified in the match pattern with parentheses.

The replacement pattern of the regex can specify backreferences to capture groups from the match pattern in the form of \N, where N is a number from 1 to 9

Given the nature of writing backslashes in SQL string literals, the backslash needs to be escaped with another backslash, so a backreference of \1 should be typed as \\1 in the string literal.

These LDAP group DNs are collected from the query specified by ldap_group_query

The desired Xpand roles must be created beforehand. These are regular roles created with CREATE ROLE

SYNONYMS

SCHEMA

PARAMETERS

SKYSQL

PRIVILEGES

EXAMPLES

The following regex will derive the Xpand role name of admins for an LDAP group DN of cn=admins,ou=groups,dc=example,dc=com:

SET GLOBAL ldap_group_to_xpand_role = '/^cn=(.+),ou=groups,dc=example,dc=com$/\\1/';

ERROR HANDLING

FEATURE INTERACTION

RESPONSES

DIAGNOSIS

ISO 9075:2016

CHANGE HISTORY

Release Series

History

23.09

  • Added in MariaDB Xpand 23.09.1.

6.1

  • Not present.

6.0

  • Not present.

5.3

  • Not present.

EXTERNAL REFERENCES