Authentication of Drupal's MySQL user

Created on 21 September 2023, over 1 year ago
Updated 22 September 2023, over 1 year ago

Problem/Motivation

I am looking for support for managing the MySQL user via Active Directory. So: not Drupal users, but Drupal's MySQL user. This is intended to allow replacement of specifying the username and password in settings.php with a procedure for authenticating the MySQL user as part of it logging into an Azure MySQL service. Is this something that might be considered for this SAML Authentication module, or is there a different module that you would recommend?

Feature request
Status

Closed: won't fix

Version

3.9

Component

Miscellaneous

Created by

🇨🇦Canada joe.murray

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @joe.murray
  • Status changed to Postponed: needs info over 1 year ago
  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU

    I'm confused.

    Drupal cannot boot before it knows the MySQL user. (Unless you install Drupal on a different database system, but then you don't need a MySQL user at all.)

    If you want something to authenticate to AD and get the MySQL user, before Drupal is able to do anything at all, then...

    • I'm wondering where you want to store/cache this MySQL user. It has to be somewhere, assuming you don't want every single uncached HTTP request to your Drupal site to result in a query to AD first.
    • You can't use any regular Drupal module for that. Because modules don't work yet. Because Drupal hasn't booted yet.
    • I'm wondering about the application / business requirement / ... of this. I can't get a picture straight in my head.

    Feel free to fill me in on where I'm misunderstanding something.

  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU

    I'm sure it's technically possible though.... the "anything at all" I mentioned, isn't strictly true: things can happen before Drupal properly boots.

    It's going to have to be a 'lower' level than a 'regular' Drupal module though. And I don't see SAML authentication assisting there, given that SAML is a protocol that's pretty much designed for the browser (user interactivity).

  • 🇨🇦Canada joe.murray

    Yes, understood that this is a feature that has to work before Drupal is fully booted. I think it is likely something that requires a lower level library like the one that this and a couple of other SAML libraries use, namely, https://github.com/SAML-Toolkits/php-saml/blob/master/README.md. As @xurizaemon indicates, the creds might need to go into settings.php and then set an appropriate option and params so that PDO connects correctly. I now see the related https://www.drupal.org/forum/support/post-installation/2019-07-19/connec... . However, looking at PDO (https://www.php.net/manual/en/ref.pdo-mysql.connection.php), I don't believe it supports using active directory authentication of the user. So I'm closing this issue. Sorry for the inconvenience.

  • Status changed to Closed: won't fix over 1 year ago
  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
Production build 0.71.5 2024