[midPoint] RES: Midpoint management RDBMS users - Scripted SQL

Vitor Alves | Gerencianet vitor.alves at gerencianet.com.br
Wed Jul 28 03:53:02 CEST 2021


Hi guys,
Does anyone have any idea how to solve this case? While I can't find any documented paths, I'm creating a Bash script to run through the SSH connector. If anyone has any better ideas, I'm available. Thank you very much in advance.

Regards,
-----
Vitor Alves



AVISO DE CONFIDENCIALIDADE - Esta mensagem da Gerencianet é enviada exclusivamente a seus destinatários e pode conter informações confidenciais, protegidas por sigilo profissional. Se você a recebeu indevidamente, a utilização posterior desta mensagem é desautorizada. Solicitamos que seja devolvida ao remetente para esclarecimento do equívoco.

-----Mensagem original-----
De: Vitor Alves | Gerencianet 
Enviada em: sexta-feira, 23 de julho de 2021 11:09
Para: midpoint at lists.evolveum.com
Assunto: Midpoint management RDBMS users - Scripted SQL

Hi,

I have the following need to manage the permissions of my RDBMS users (In this case MySQL). During my research I found the connector "MySQL Users", but it is discontinued and we don't want to work with connectors that don't have their development in progress. Then I realized that an output would be the "Scripted SQL" connector, because with Groovy scripts I could make these changes. During my research, I found some examples to create the resource, but very few and also a little outdated. I would like to know if I'm on the right path, if this would be the ideal connector, or if in MIDPOINT I won't be able to do this type of identity management. Below are some examples of the commands:

# Show users
SELECT host,user,password_expired,password_last_changed,account_locked FROM user; # Locked user ALTER USER 'name' ACCOUNT LOCK; FLUSH PRIVILEGES; # Unlock user ALTER USER 'name' ACCOUNT UNLOCK; FLUSH PRIVILEGES; # Change password ALTER USER 'name' IDENTIFIED BY 'password'; # Create user CREATE USER 'name'@'%' IDENTIFIED BY 'password'; FLUSH PRIVILEGES;

# Grant permissions
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'name'@'192.168.%' WITH GRANT OPTION;


Has anyone ever come across any similar case? Since now, I appreciate the help of the community.

-----
Vitor Alves
Cloud Analyst
vitor.alves at gerencianet.com.br



More information about the midPoint mailing list