Interested

Hi!

The post is quite self-explanatory, I am just wondering before giving it a try:

1 - what is $user2['usrgrps'] = 11; ?
2 - Did you test the solution?

Many thanks!

BR
Riccardo

That is the default group id the users are put into. I created that user group with read-only permissions.

I have tested the solution with Active Directory. The result is basically that all AD users that are able to authenticate with Active Directory get a user account created in a default user group with read-only permissions.

The harder part is using the SSO username.

-Tom

I found this post useful for enabling the autoadd functionality in my setup. I've since modified it to also handle the fact that AD usernames tend not to be case sensitive, but Zabbix usernames are.

Using the above code, this leads to instances where 'username' and 'UserName' are created as separate users in Zabbix. This may be desirable for some LDAP implementations, but it was undesirable for my use case.

I fixed this by adding the following code block directly before the above code - hoping it will be useful to someone:

Good catch, I think I'll add this to my setup as well. Although a cursory check shows no double accounts, I can see this happening.

Thanks for the code!

-Tom

Don't work for me

I tried this "Hack" but don't work for me, well, not totally.


When a user tries the login for first time, an blank page is shown. If user press the F5 button, then the browser shows the zabbix dashboard page.

The apache log

Quickly search on google and I discover that is made for zabbix 2.2. I work with zabbix 2.4


In zabbix 2.2 the function "andDbNode" exists, but don't in zabbix 2.4..


Anyone can help me with this?


And sorry for the bad english. Still learning.

I think I changed it for 2.4, I show this in my notes:


###################
#Changed for 2.4.4#
###################

++++++++++++++++++++++++++++++++++++++++++++++++++ +
/* Handle case of upper case chars in username by converting to lowercase. */
if (!$userInfo) {
$userInfo = DBfetch(DBselect(
'SELECT u.userid,u.attempt_failed,u.attempt_clock,u.attemp t_ip'.
' FROM users u'.
' WHERE u.alias='.zbx_dbstr(strtolower($name))
));
$name = strtolower($name);
}

if (!$userInfo) {
if ($this->ldapLogin($user)) {
$user2 = array();
$user2['alias'] = $name;
$user2['name'] = $name;
$user2['surname'] = '';
$user2['passwd'] = '';
$user2['url'] = '';
$user2['autologin'] = 1;
$user2['autologout'] = 0;
$user2['lang'] = 'en_US';
$user2['theme'] = 'default';
$user2['refresh'] = 300;
$user2['rows_per_page'] = 250;
$user2['type'] = 1;
$user2['user_medias'] = '';
$user2['usrgrps'] = 16;

self::$userData['type'] = 3;

DBstart();
DBend($this->create($user2));

$userInfo = DBfetch(DBselect(
'SELECT u.userid,u.attempt_failed,u.attempt_clock,u.attemp t_ip'.
' FROM users u'.
' WHERE u.alias='.zbx_dbstr($name)
));
}

}
++++++++++++++++++++++++++++++++++++++++++++++++++ ++

OMG. That was fast.
Thanks for your help.
Why this is not in zabbix oficial version?


Now I will try autmocatically fill the user_media with the e-mail address found on LDAP.

Thanks