Mysql authentication with AD users

Is there an easy way in NS to authenticate mysql (mariadb) using AD users?
I want to migrate an old accessdb into mysql, but not sure how to authenticate users.
I am using Zentyal as my accounts provider if it matters.

I’ve no experience with this so cannot help much but, if I’m not mistaken, using the PAM plugin and users/groups mapping one can authenticate AD/LDAP users to internal users from the mysql system database. For instance, to let some developers access the mysql database.

If it’s at the application level (own database with users table) it might be necessary to program a user interface (with PHP LDAP or any other language).

Ok, thanks, that may lead me in the right direction.
So, I need to still create the user in mariadb, but then the AD user can authenticate to the user using pam? Does that sound correct?

That’s sounds correct for the first case, but if there are users needing the same grant privileges, a group of users can be mapped to log in as one specific mysql user. Note this are internal mysql users to manage databases, for instances for a DBA team, not standard users of an application. At least that’s how I understood it, but again I’m not familiar with this method.

The second use case is different. Another thing you can take a look is apache mod_authnz_pam.

Another thing I was looking for (as a workaround for gibbon howto) in the past weeks was LDAP Synchronization Connector, a java app to keep a database in sync with AD/LDAP users.

Further details about what you have in place and what are the new implementation requirements might make things clearer.

I have nothing in place at the moment, but have nothing complicated planned. I have created my new mariadb database on NS, and I will import all tables from an existing MS Access db. Using an existing MS Access front end, I want to authenticate AD users to new mariadb database using ODBC connector. I basically just need AD users/passwords synced with mariadb users/passwords. We don’t have a lot of users, under 20, so easiest may end up just doing it manually. But, it becomes a pain if passwords are changed monthly.