Linux DSN Configuration
This section describes how to set up ODBC connectivity and configure DSNs on several Linux distributions: Debian-based systems, like Ubuntu, and Red Hat Linux platforms, like Red Hat Enterprise Linux (RHEL) and Fedora.
Minimum Linux Versions
Here are the minimum supported versions for Red Hat-based and Debian-based systems:
OS | Min. Version |
Ubuntu | 18.04 |
Debian | 10 |
RHEL | 8 |
Fedora | 28 |
SUSE | 15 |
Installing the Driver Dependencies
Run the following commands as root or with sudo to install the necessary dependencies:
- Debian/Ubuntu:
apt-get install libc6 libstdc++6 zlib1g libgcc1
- RHEL/Fedora:
yum install glibc libstdc++ zlib libgcc
Installing the Driver
You can use standard package management systems to install the driver.
On Debian-based systems, like Ubuntu, run the following command with root or sudo:
dpkg -i /path/to/driver/setup/MySQLODBCDriverforUnix.deb
On systems that support the RPM package format, run the following command with root or sudo:
rpm -ivh /path/to/driver/MySQLODBCDriverforUnix.rpm
Licensing the Driver
Run the following commands to license the driver. To activate a trial, omit the <key> input.
cd /opt/cdata/cdata-odbc-driver-for-mysql/bin/
sudo ./install-license.sh <key>
Connecting through the Driver Manager
The driver manager loads the driver and passes function calls from the application to the driver. You need to register the driver with the driver manager and you define DSNs in the driver manager's configuration files.
The driver installation registers the driver with the unixODBC driver manager and creates a system DSN. The unixODBC driver manager can be used from Python and from many other applications. Your application may embed another driver manager.
Creating the DSN
See Using unixODBC to install unixODBC and configure DSNs. See Using the DataDirect Driver Manager to create a DSN to connect to OBIEE, Informatica, and SAS.
Connecting to MySQL
To connect to MySQL data, set the following properties:- Server: The host name or IP of the server hosting the MySQL database.
- Port: The port of the server hosting the MySQL database.
- Database (optional): The default database to connect to when connecting to the MySQL Server. If this is not set, MySQL returns tables from all available databases.
Authenticating to MySQL
MySQL supports the following types of authentication:- Standard
- NT Lan Manager (NTLM)
- LDAP
- SSL
- SSH
- Azure
- AWS
Standard Authentication
To authenticate using standard authentication, set AuthScheme to Password and set the following properties:- User: The username of the authenticating MySQL user.
- Password: The password associated with the authenticating MySQL user.
NTLM
To authenticate using NTLM, set AuthScheme to NTLM.By default, the driver determines user credentials and the NTLM domain automatically, using either the domain of the PC it is running on or the domain used by the machine running the MySQL instance. To discover the user credentials, the driver reads the current NTLM user.
If you want to specify a different domain, provide different login credentials, or change the target NTLM version via any or all of the following optional properties:
- User: The authenticating NTLM user.
- Password: The authenticating NTLM user's password.
- Domain: The name of the domain you want to connect to.
- NTLMVersion: The NTLM version used by the driver. Legal values are 1 (default) and 2.
LDAP
To authenticate as an LDAP user, set AuthScheme to LDAP.Your LDAP credentials are auto-detected by default. If you want to designate a different user and account, set the following optional properties:
- User: The user to login as.
- Password: The user's password.
SSL
To leverage SSL authentication to connect securely to MySQL data, set these properties:- SSLClientCert: The name of the certificate store for the client certificate. Used in the case of 2-way SSL, where truststore and keystore are kept on both the client and server machines.
- SSLClientCertPassword: The client certificate store's password. Required if the certificate store is password-protected.
- SSLClientCertSubject: The subject of the TLS/SSL client certificate. Used to locate the certificate in the store.
- SSLClientCertType:; The certificate type of the client store.
- SSLServerCert: The certificate to be accepted from the server.
SSH
To authenticate to a remote machine via SSH and access MySQL data, set these properties:- SSHClientCert: The name of the certificate store for the client certificate.
- SSHClientCertPassword: If a client certificate store is password-protected, set this value to the store's password.
- SSHClientCertSubject: The subject of the TLS/SSL client certificate. Used to locate the certificate in the store.
- SSHClientCertType: The certificate type of the client store.
- SSHPassword: The password that you use to authenticate with the SSH server.
- SSHPort: The port used for SSH operations.
- SSHServer: The SSH authentication server you are trying to authenticate against.
- SSHServerFingerPrint: The SSH Server fingerprint used to verify the host you are connecting to.
- SSHUser: The username for authenticating to the SSH server.
MySQL on Azure
You can authenticate to a MySQL database hosted on Azure AD as an Azure AD user (using Azure AD user credentials), using Azure MSI (using a Managed Service Identity), or via an Azure Password. The following table describes required connection parameters for all three authschemes.Parameter | Set To... | Notes | |
Azure AD user | AzureTenant | The Microsoft Online tenant where MySQL is located. | See Note 1. |
AuthScheme | AzureAD | See Note 2. | |
Azure MSI | AzureTenant | The Microsoft Online tenant where MySQL is located. | See Note 1. |
AuthScheme | AzureMSI | Most often used when MySQL is running on an Azure VM. | |
OAuthClientId | Managed identity's client_identity | Required to obtain a token for a managed identity or if the VM has multiple user-assigned managed identities. | |
Azure Password | AuthScheme | AzurePassword | To connect directly using your Azure credentials, specify the User and Password of the account you use to connect to Azure. |
Notes
- AzureTenant is generally supplied in the form companyname.microsoft.com, but it is
also acceptable to specify the tenant Id. (The tenant Id is the same as the directory Id shown in the Azure Portal Azure Active Directory > Properties page.)
When OAuthGrantType is set to CODE (the default), AzureTenant is usually not needed unless the user belongs to multiple tenants. When OAuthGrantType is set to CLIENT, AzureTenant is required.
- The AzureAD AuthScheme is generally used with a custom OAuth application to establish the required OAuth credentials. These usually take the form of an account identifier or cllient ID, and the account password or client secret.
MySQL on AWS
You can connect to a MySQL database hosted on AWS using either IAM roles or EC2 roles.
AWS IAM Roles
Set AuthScheme to AwsIAMRoles.
In many situations, it may be preferable to use an IAM role for authentication instead of the direct security credentials of an AWS root user. If you are specifying the AWSAccessKey and AWSSecretKey of an AWS root user, you may not use roles.
To authenticate as an AWS role, set these properties:
- AWSAccessKey: The access key of the IAM user to assume the role for.
- AWSSecretKey: The secret key of the IAM user to assume the role for.
- AWSRoleARN: Specify the Role ARN for the role you'd like to authenticate with. This will cause the driver to attempt to retrieve credentials for the specified role.
If multi-factor authentication is required, specify the following:
- CredentialsLocation: The location of the settings file where MFA credentials are saved. See the Credentials File Location page under Connection String Options for more information.
- MFASerialNumber: The serial number of the MFA device if one is being used.
- MFAToken: The temporary token available from your MFA device.
Note: If you want to control the duration of the temporary credentials, set the TemporaryTokenDuration property (default: 3600 seconds).
EC2 Instances
Set AuthScheme to AwsEC2Roles.
If you are using the driver from an EC2 Instance and have an IAM Role assigned to the instance, you can use the IAM Role to authenticate. Since the driver automatically obtains your IAM Role credentials and authenticates with them, it is not necessary to specify AWSAccessKey and AWSSecretKey.
If you are also using an IAM role to authenticate, you must additionally set AWSRoleARN to the Role ARN for the role you want to authenticate with.
IMDSv2 Support
The MySQL driver now supports IMDSv2. Unlike IMDSv1, the new version requires an authentication token. Endpoints and response are the same in both versions.
In IMDSv2, the MySQL driver first attempts to retrieve the IMDSv2 metadata token and then uses it to call AWS metadata endpoints. If it is unable to retrieve the token, the driver reverts to IMDSv1.
Set the Driver Encoding
The ODBC drivers need to specify which encoding to use with the ODBC Driver Manager. By default, the CData ODBC Drivers for Unix are configured to use UTF-16 which is compatible with unixODBC, but other Driver Managers may require alternative encoding.
Alternatively, if you are using the ODBC driver from an application that uses the ANSI ODBC API it may be necessary to set the ANSI code page. For example, to import Japanese characters in an ANSI application, you can specify the code page in the config file '/opt/cdata/cdata-odbc-driver-for-mysql/lib/cdata.odbc.mysql.ini':
[Driver]
AnsiCodePage = 932