Zabbix Documentation 3.4

3.04.04.4 (current)| In development:5.0 (devel)| Unsupported:1.82.02.22.43.23.44.2Guidelines

User Tools

Site Tools


manual:web_interface:frontend_sections:administration:authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
manual:web_interface:frontend_sections:administration:authentication [2017/06/30 06:30]
martins-v details about full ldap uri
manual:web_interface:frontend_sections:administration:authentication [2018/03/01 13:26]
martins-v you may need to add a 'TLS_REQCERT allow' line to the /etc/openldap/ldap.conf
Line 33: Line 33:
 |//​Login// ​ |Name of a test user (which is currently logged in the Zabbix frontend). This user name must exist in the LDAP server.\\ Zabbix will not activate LDAP authentication if it is unable to authenticate the test user.  | |//​Login// ​ |Name of a test user (which is currently logged in the Zabbix frontend). This user name must exist in the LDAP server.\\ Zabbix will not activate LDAP authentication if it is unable to authenticate the test user.  |
 |//User password// ​ |LDAP password of the test user.  | |//User password// ​ |LDAP password of the test user.  |
 +
 +<note warning>​To make a secure LDAP connection (ldaps) work you may need to add a ''​TLS_REQCERT allow''​ line to the /​etc/​openldap/​ldap.conf configuration file.</​note>​
  
 <note tip>It is recommended to create a separate LDAP account (//Bind DN//) to perform binding and searching over the LDAP server with minimal privileges in the LDAP instead of using real user accounts (used for logging in the Zabbix frontend).\\ Such an approach provides more security and does not require changing the //Bind password// when the user changes his own password in the LDAP server.\\ In the table above it's //​ldap_search//​ account name.</​note>​ <note tip>It is recommended to create a separate LDAP account (//Bind DN//) to perform binding and searching over the LDAP server with minimal privileges in the LDAP instead of using real user accounts (used for logging in the Zabbix frontend).\\ Such an approach provides more security and does not require changing the //Bind password// when the user changes his own password in the LDAP server.\\ In the table above it's //​ldap_search//​ account name.</​note>​