Hello, I have already sent this question to the dev mysql forum, but
no one there unfortunately was not able to answer, I hope for your
help)
we have used a lot MySql servers (about 80) and there are many users
on these servers. Maybe there is some mechanism or an application that
allows to systematize the management of rights of users on multiple
servers?.

PavelVD <pdobryakov (AT) gmail (DOT) com> wrote:

Authentication plugins have been introduced in MySQL 5.5

http://dev.mysql.com/doc/refman/5.5/...ntication.html

so this is work in progress and you can expect more features in the
near future. LDAP auth will be supported via PAM (and an auth-pam
plugin is definitely planned).

But you should keep in mind that the auth plugin will only validate
the user name and password. Permissions for database objects (GRANTs)
will still be stored in the MySQL server locally.


XL

On 23 ÜÐà, 01:55, Michael Vilain <vil... (AT) NOspamcop (DOT) net> wrote:
But so far nothing of the sort found

Michael Vilain wrote:
I am having trouble working out how someone with a load of SQL servers
wouldn't either be able to write a web page to manage them or why indeed
they would all be hosted on machines he didn't have (or couldn't set
up) full access to.

e.g. one web server is admin master. It has a PHP or other script and
lots of security. It and only it's IP address is allowed to update
rights (and only rights) table on the rest. Everything firewalled and
logged to the hilt.

On 3/23/2011 5:58 AM, The Natural Philosopher wrote:
You've obviously not worked in a corporate environment. It's not at all
unusual for a corporation to have databases strewn out all over the
world. And in the corporate world, DBA's do NOT have complete access to
the machines - only SysAdmins do.

As for writing a web page - very hard to do when you don't have access
to every machine via the internet. Often times the DBA has to
administer the machine via a VPN, for instance.

And completely out of the question in many corporate situations.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

we have phpmyadmin for management MySql servers,but I'm talking about
the convenience distribution grants to users, review the grants, the
simultaneous distribution grants to multiple servers, audit grants,
easily add users directly to the few servers and so on. in phpmyadmin
no such and unlikely to be because this istrument designed to control
at any one time by one server.

On 3/23/2011 9:03 AM, PavelVD wrote:
It's not just PHPMyAdmin - that's the way MySQL works. It isn't set up
to do what you want.

If you need such things, I suggest you go with a more mature database
such as Oracle, SQLServer or DB2. They should meet your needs.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

Michael Vilain <vilain (AT) NOspamcop (DOT) net> wrote:

Not IMHO

If we assume for a moment, that each database server holds it's own
unique set of database objects - what's the point to store GRANTs for
those somewhere separate? Also the list of objects and allowed
operations can be quite long. Where to store all that data? Do we
really want to have this transferred from the central user directory
to the MySQL servers? For each login request?

But if we accept to rollout the GRANTs only occasionally (i.e. if
something has changed) then we can also keep a central repository of
the GRANTs and duplicate them in the different instances.

Authenticating a user is a different story though. Having password
checks centralized is a very handy thing i.e. for single-sign-on.

There is another concept that is helpful here: roles. It's seems
possible (to me) to store some roles in the dictionary and hand them
to MySQL when a login request is answered. The expansion of roles to
access rules is then done locally on each instance again.

Implementing a role based permission system is on the Todo-List
already: http://forge.mysql.com/worklog/task.php?id=988


XL

On Wed, 23 Mar 2011 14:26:47 -0400, Jerry Stuckle
<jstucklex (AT) attglobal (DOT) net> wrote:

Can MySql do replication of databases accross machines? And if so,
isn't the users stored in a database? One would think something as
simple as user management should be easily done using the servers
ability to replicate data accross servers. I could be wrong. Probably
am. :-\

I think it really would suck if multiple servers would have to be
administered seperately if there were too many of them like his
situation (80 servers?) Yikes!

Maybe a script that can import users from ldap?

-Dr.X

On 3/23/2011 7:35 PM, Dr.X wrote:
Yes, MySQL can do replication, and if you want exactly the same
databases and permissions across multiple systems, it can do that.

But typically multiple servers have different databases and different
permission requirements, so replication will do no good.

You're thinking of small companies which might have the same database(s)
on multiple systems, all with the same permissions. Such is NOT the
case in large enterprise systems. Each system has its own database(s)
and it's own access requirement.

Replication does not help in such an instance.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================