1. Home
  2. Archive
  3. Hypersocket Prime
  4. Configuration
  5. System Configuration
  6. User Databases
  7. Creating a MySQL Users Realm

Creating a MySQL Users Realm

Can't find what you're looking for?
Request Supporthere

admin 8 January, 2019

Introduction

This article shows you how to connect to a MySQL database users table as your source for users/groups and authentication.

The MySQL Users connector is a much simpler one than the MySQL (Database Tables) one as this connector uses MySQL’s own users as defined in the user table in the database called mysql that exists on all installations. Your usernames will be cached in the system as user@host.

 

Pre-requisite

The MySQL Users Connector extension must be installed.

The MySQL service you are connecting to must be listening on an IP/port that the Hypersocket server can connect to AND the MySQL root user must have permissions to allow connections from the Hypersocket server’s IP address.

For example, looking at open ports you can see that this mysql service is listening on all interfaces (0.0.0.0) on port 3306.

 

Here you can see the mysql root user with correct permissions.

 

Configuring

In the User Realms page, click Create to start the process. Give the new realm a name and select MySQL Users as the Realm Type.

The first tab, Connection, is where the details for the database you are connecting to is held.

 

The options on this tab are:

  • Read Only: Should users be only be read or should updates be allowed for creating/editing users? (defaults to OFF).
  • Hostname: The hostname or IP address of the MySQL server.
  • Port: The port on which the database server is running (default 3306).
  • Username: The username to connect to MySQL as (usually root).
  • Password: The password for the above user.

 

The second tab is Hosts. If more than one realm is being set up it is advised to configure the settings in this tab. 

  • Restrict Hosts: if this option is turned on, then users from another realm will not be able to authenticate to the Hypersocket server when accessing via the defined Realm Host. This can be especially useful in a Managed Service Provider environment. If Restrict Hosts is off, then a user from another realm will be able to authenticate as long as their username is not a duplicate of one on this realm.
  • Realm Hosts: It is strongly advised to configure this setting. Type in the hostname that your users will be using to access the Hypersocket server for this realm. The Hypersocket server then will know to send authentication attempts to this host to the correct User Database. A different hostname should be used for each realm, which requires you are able to configure your domain’s DNS settings so that these hostnames point to the Hypersocket server.

Type in the realm host and press enter to add the host. Multiple hostnames can be configured on a realm.

Without a Realm Host setting, Hypersocket will attempt to authenticate a user on the Default realm first, before trying to find that user on other realms. This can lead to unpredictable behavior in a multi-realm environment.

 

The third tab, Filter, allows you to restrict which user objects are cached by the server. Individual Users and/or Groups can be defined to exclude them.

Type in the user or group you wish to exclude then press enter to add it to the list.

 

The fourth tab, Reconcile, contains settings relating to how the users are cached in Hypersocket. Hypersocket connects to the remote user database periodically to update its list of cached users and then performs an update (reconcile) of this cache by either adding new users, deleting users that no longer exist or updating existing users.

 

The reconcile settings are:

  • Reconcile Every (mins): The number of minutes between each successive user re-caching periods. Defaults to 60 minutes.
  • Retry on Failure (mins): If a connection attempt fails during the reconcile, the number of minutes to wait before retrying. Defaults to 5 minutes.
  • Rebuild Cache: On next reconcile, delete the cache and import all user objects from scratch. This takes more time than a normal reconcile. Defaults to OFF.
  • Purge Duplicates: On rare occasions an out of date cache can cause duplicate users to be created in the cache. If that happens, this option can force removal of these duplicate users and rebuilds the cache. Defaults to OFF.
  • Cache Passwords: Hypersocket will generate a one-way hash of the users’ passwords the next time they log on and cache this. Subsequent authentication attempts do not need to contact the domain controller for authentication until the Hypersocket server is restarted. Defaults to OFF.
  • Reconcile at Login: Performs a reconcile of the user’s account at login. This can ensure that the latest information for that user (such as group membership and AD attributes) are perfectly up to date each login. Generally this is not needed as user accounts do not change very often. Defaults to OFF.

 

There is one more tab that only appears after editing the Realm after it has been created. This tab is Status and contains information relating to the reconcile status:

  • Status: Contains the status of the last reconcile, which can be Completed or Failed.
  • Next Due: The date and time that the next reconcile is due to run.
  • Last Performed: The date and time that the last reconcile was performed.
  • Last Error: If the last reconcile failed, any errors appear in this field.

 

 

Click Create when all of the information has been entered to create the new realm, after which you should be able to see your users in Hypersocket by navigating to Access Control.