Zabbix Documentation 3.2

2.23.04.04.2 (current)In development:4.4 (devel)Unsupported:1.82.02.43.23.4

User Tools

Site Tools


manual:web_interface:frontend_sections:administration:authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
manual:web_interface:frontend_sections:administration:authentication [2018/03/01 13:29]
martins-v you may need to add a 'TLS_REQCERT allow' line to the /etc/openldap/ldap.conf
manual:web_interface:frontend_sections:administration:authentication [2018/03/02 09:18] (current)
martins-v expanding entry on 'TLS_REQCERT allow' line to the /etc/openldap/ldap.conf
Line 34: Line 34:
 |//User password// ​ |LDAP password of the test user.  | |//User password// ​ |LDAP password of the test user.  |
  
-<note warning>To make a secure LDAP connection (ldaps) work you may need to add a ''​TLS_REQCERT allow''​ line to the /​etc/​openldap/​ldap.conf configuration file.</​note>​+<note warning>In case of trouble with certificates,​ to make a secure LDAP connection (ldaps) work you may need to add a ''​TLS_REQCERT allow''​ line to the /​etc/​openldap/​ldap.conf configuration file. It may decrease the security of connection to the LDAP catalog.</​note>​
  
 <note tip>It is recommended to create a separate LDAP account (//Bind DN//) to perform binding and searching over the LDAP server with minimal privileges in the LDAP instead of using real user accounts (used for logging in the Zabbix frontend).\\ Such an approach provides more security and does not require changing the //Bind password// when the user changes his own password in the LDAP server.\\ In the table above it's //​ldap_search//​ account name.</​note>​ <note tip>It is recommended to create a separate LDAP account (//Bind DN//) to perform binding and searching over the LDAP server with minimal privileges in the LDAP instead of using real user accounts (used for logging in the Zabbix frontend).\\ Such an approach provides more security and does not require changing the //Bind password// when the user changes his own password in the LDAP server.\\ In the table above it's //​ldap_search//​ account name.</​note>​