- Issue created by @joe.murray
- Status changed to Postponed: needs info
over 1 year ago 10:12pm 21 September 2023 - 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
I'm confused.
Drupal cannot boot before it knows the MySQL user. (Unless you install Drupal on a different database system, but then you don't need a MySQL user at all.)
If you want something to authenticate to AD and get the MySQL user, before Drupal is able to do anything at all, then...
- I'm wondering where you want to store/cache this MySQL user. It has to be somewhere, assuming you don't want every single uncached HTTP request to your Drupal site to result in a query to AD first.
- You can't use any regular Drupal module for that. Because modules don't work yet. Because Drupal hasn't booted yet.
- I'm wondering about the application / business requirement / ... of this. I can't get a picture straight in my head.
Feel free to fill me in on where I'm misunderstanding something.
- 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
I'm sure it's technically possible though.... the "anything at all" I mentioned, isn't strictly true: things can happen before Drupal properly boots.
It's going to have to be a 'lower' level than a 'regular' Drupal module though. And I don't see SAML authentication assisting there, given that SAML is a protocol that's pretty much designed for the browser (user interactivity).
- 🇨🇦Canada joe.murray
Yes, understood that this is a feature that has to work before Drupal is fully booted. I think it is likely something that requires a lower level library like the one that this and a couple of other SAML libraries use, namely, https://github.com/SAML-Toolkits/php-saml/blob/master/README.md. As @xurizaemon indicates, the creds might need to go into settings.php and then set an appropriate option and params so that PDO connects correctly. I now see the related https://www.drupal.org/forum/support/post-installation/2019-07-19/connec... → . However, looking at PDO (https://www.php.net/manual/en/ref.pdo-mysql.connection.php), I don't believe it supports using active directory authentication of the user. So I'm closing this issue. Sorry for the inconvenience.
- Status changed to Closed: won't fix
over 1 year ago 11:31pm 22 September 2023