That’s sounds correct for the first case, but if there are users needing the same grant privileges, a group of users can be mapped to log in as one specific mysql user. Note this are internal mysql users to manage databases, for instances for a DBA team, not standard users of an application. At least that’s how I understood it, but again I’m not familiar with this method.
The second use case is different. Another thing you can take a look is apache mod_authnz_pam.
Another thing I was looking for (as a workaround for gibbon howto) in the past weeks was LDAP Synchronization Connector, a java app to keep a database in sync with AD/LDAP users.
Further details about what you have in place and what are the new implementation requirements might make things clearer.