Liquibase Enterprise was formerly known as Datical DB.

Skip to end of metadata
  • Created by Former user, last modified by Former user on Mar 01, 2021
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

There are the following types of connection and authentication (security) options available in Datical DB:

  • Microsoft SQL Server with the SQL Authentication and Integrated Security

  • Azure SQL Database and Azure SQL Managed Instance with:

    • SQL Authentication

    • Active Directory Integrated Authentication

    • Active Directory Password Authentication

    • Active Directory MSI Authentication

SQL Authentication

SQL Authentication refers to the authentication of a user when connecting to an Azure SQL Database and using username and password.

If you are a server admin, you can authenticate to any database on the server or instance as the database owner and create additional SQL logins and users, which enable users to connect using username and password.

To connect to an Azure SQL Database with the SQL Authentication (security) from Datical DB, enter the following information:

  • Username

  • Password

  • Hostname

  • Port

  • Database name

  • Instance name

Add the IP address of the machine running sqlcmd to Azure Resource Group.

Azure Active Directory Authentication

The Azure Active Directory authentication refers to the authentication of a user when connecting to an Azure SQL Database and using identities in Azure Active Directory.

Prerequisites

To use the Azure Active Directory authentication mode, you need to:

For more information, see Use Azure Active Directory authentication.

Active Directory Integrated Authentication

The Active Directory Integrated Authentication is a mechanism of connecting to an Azure SQL Database by using an integrated mode with Azure Active Directory.

To use the Active Directory Integrated Security authentication option, follow these steps:

  1. Make sure that you federated the on-premise Active Directory Federation Services (AD FS) with the Azure Active Directory in the cloud.

  2. Make the connection from a domain-joined machine that is federated with Azure Active Directory. You can access an Azure SQL Database without entering credentials when you're logged in to a domain-joined machine.

  3. Additionally, a database user representing your Azure Active Directory principal, or one of the groups the user belongs to, needs to exist in the database and have the CONNECT permission.

  4. Test to verify that you can connect from this machine using Active Directory Integrated Security with your same Liquibase Enterprise/Datical user via another tool such as SSMS (SQL Server Management Studio).

    1. If your connection works, continue on to Step 5.

    2. If your connection fails, here is the link to install SSMS, OBDC Driver 17, and OLE DB Driver 18: Configure Your Client Computers

      1. If your connection works, continue on to Step 5.

      2. If it fails, check to see if adal.dll is in your \Windows\System32 directory. If it is not there, install adal.dll from the following link:

        https://docs.microsoft.com/en-us/sql/connect/oledb/download-oledb-driver-for-sql-server?view=sql-server-ver15

        1. This msi installer should add adal.dll to System32 and Syswow64 folders. Your connection via SSMS or similar tool should now work.

        2. If the connection still does not work, consult with your Azure SQL subject matter expert. For example, it might be necessary to add the adal.dll in your Windows registry.

  5. After verifying your connection via SSMS is successful, ensure that the SQL Server JDBC Driver Authentication Library is in \Windows\System32. The file is named mssql-jdbc_auth-<version>.x64.dll where <version> is a version number for the file.

    1. If the mssql-jdbc_auth-<version>.x64.dll library is not already in \Windows\System32, it can be extracted from the following file (if you have installed the SQL Server JDBC Driver for Liquibase Enterprise/Datical): <datical-install>\plugins\com.datical.db.drivers.mssql_<version>.jar

    2. Using an archive utility, open or extract the com.datical.db.drivers.mssql_<version>.jar file to access its contents.

    3. The DLL is located in the following archive location: com.datical.db.drivers.mssql_1.0.24.jar\auth\x64\mssql-jdbc_auth-<version>.x64.dll

    4. Put the mssql-jdbc_auth-<version>.x64.dll file in \Windows\System32

  6. Make sure sqlcmd (version 13.1 or higher) is installed and on your PATH. You can install it from the following link:

    https://docs.microsoft.com/en-us/sql/tools/sqlcmd-utility?view=sql-server-ver15

For more information about the configuration of the ActiveDirectoryIntegrated authentication, see Connecting using ActiveDirectoryIntegrated authentication.

To create a connection with the Active Directory Integrated mode in Datical DB, select the following:

  • Connection Type - Azure SQL Database

  • Security – Active Directory Integrated Security

Also, enter your hostname, port, application name, database name, and instance name.

Active Directory Password Authentication

As the Azure Active Directory Password Authentication is a mechanism of connecting to an Azure SQL Database by using identities in Azure Active Directory, you can connect to applications by using an Azure Active Directory user name and password.

To connect using the Active Directory Password authentication, follow these steps:

  1. Install the SQL Server JDBC Driver Authentication Library - mssql-jdbc_auth-<version>-<arch>.dll file on your machine. The file is located in the <datical-install>\DaticalDB\plugins\ directory.

  2. Put the mssql-jdbc_auth-<version>-<arch>.dll file in \Windows\System32. There are 32-bit and 64-bit versions of the .dll file included with the Microsoft SQL Server JDBC driver. For example: mssql-jdbc_auth-8.4.1.x64.dll.

For more information about the configuration of the ActiveDirectoryPassword authentication, see Connecting using ActiveDirectoryPassword authentication mode.

To create a connection with the Active Directory Password mode in Datical DB, select the following:

  • Connection Type - Azure SQL Database

  • Security - Active Directory Password Authentication

Also, enter your hostname, port, application name, database name, instance name, username, and password.

Active Directory MSI Authentication

You can use the Active Directory MSI Authentication for connection from inside of an Azure Resource with the Identity feature.

To use the Active Directory MSI Authentication, you need a contained database user representing your Azure Resource's System Assigned Managed Identity or User Assigned Managed Identity, or one of the groups your Managed Identity belongs to, which must exist in the target database and have the CONNECT permission.

Optionally, to acquire the accessToken for establishing the connection, you can specify msiClientId in the Connection or DataSource properties along with the Active Directory MSI Authentication mode, which must include the Client ID of a Managed Identity.

For more information about the configuration of the ActiveDirectoryMSI authentication, see Connecting using ActiveDirectoryMSI authentication mode.

To create a connection with the Active Directory MSI mode in Datical DB, select the following:

  • Connection Type - Azure SQL Database

  • Security - Active Directory MSI Authentication

Also, enter your hostname, port, application name, database name, instance name, and MSI Client ID.

The appdba:sqlcmd change type is not supported when using MSI Authentication. In Packager these change types are produced by the DIRECT package method. Use the sqlfile package method with MSI Authentication instead.

 

  • No labels

Copyright © Liquibase 2012-2022 - Proprietary and Confidential