Subject Re: [firebird-support] Howto use Active Directory for authentication?
Author Thomas Steinmaurer
> I have been asked to use Active Directory for authorization of users of an app which uses Firebird. I'm total newbie when it comes to AD so I have some questions...
>
> First, do I understand it right that in order to use AD the Firebird server must be installed onto the domain controller server? Or is it possible to use Linux as a DB server and still use AD for user authorization? Or some other win server than the DC server?

Linux is out of question here. Windows Authentication works only when
connecting to a Firebird server running on Windows.

You don't necessarily need installing the Firebird server on a DC.

> Second, user managment, how do you associate user with a role? I assume admin must issue
> GRANT rolename TO SRV\usrname;

Right. Don't forget to use delimited identifiers ("), e.g.:

GRANT rolename TO "SRV\usrname";


It's getting a bit problematic in respect to the length though, because
like any other database object, also SRV\usrname can't exceed 31
characters. So, if you have longish domain and/or user names, you might
hit that limit.

> for each user and then when connecting this role is automatically used (ie no need to specify role when connecting when using AD to auth users). Is this correct? What happens when user has been granted multiple roles?

Don't mix up Firebird roles with e.g. the group mechanism on Windows.
You have to explicitely provide the desired role name at connect time,
so per connection, a connected user can only work in context of a single
role.


> Third, how to use AD with UIB components. The README.trusted_authentication.txt says
> "To use Windows trusted authentication, do not put user and password parameters in DPB/SPB."
> I assume just leaving TUIBDatabase's Username and Password properties empty when connecting will trigger trusted authentication (assuming FB is configured to use AD)?

Correct.



--
With regards,
Thomas Steinmaurer (^TS^)
Firebird Technology Evangelist

http://www.upscene.com/

Do you care about the future of Firebird? Join the Firebird Foundation:
http://www.firebirdsql.org/en/firebird-foundation/