Ad Widget

Collapse

Zabbix not accepting standard LDAP filter

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jmusbach
    Member
    • Sep 2013
    • 37
    #1

    Zabbix not accepting standard LDAP filter

    Hello, our company would like to get LDAP authentication working with zabbix 2.0.8 but so far have been unable to do so. The main problem we have is that the form does not seem to allow specification of a group that members should belong to. Given that limitation I was hoping that the search attribute field could be used to restrict the allowed users instead. However I have found that zabbix alters the passed in attribute so that it becomes ((<your specified attribute>))=<your username> instead of just (<your specified attribute>). How can I get zabbix to just authenticate using the unaltered attribute?

    Further confusing the matter is that despite the form lacking any sort of group specification, the file that processes the ldap authentication (include/classes/class.cldap.php) contains this code:

    Code:
    // get groups for given user if grouptree is given
    if (isset($this->cnf['grouptree']) && isset($this->cnf['groupfilter'])) {
      $base = $this->makeFilter($this->cnf['grouptree'], $user_result);
      $filter = $this->makeFilter($this->cnf['groupfilter'], $user_result);
      $sr = ldap_search($this->ds, $base, $filter, array($this->cnf['groupkey']));

      if (!$sr) {
        error('LDAP: Reading group memberships failed.');
        return false;
      }

      $result = ldap_get_entries($this->ds, $sr);

      foreach ($result as $grp) {
        if (!empty($grp[$this->cnf['groupkey']][0])) {
          $info['grps'][] = $grp[$this->cnf['groupkey']][0];
        }
      }
    }

    // always add the default group to the list of groups
    if (isset($conf['defaultgroup']) && !str_in_array($conf['defaultgroup'], $info['grps'])) {
      $info['grps'][] = $conf['defaultgroup'];
    }
    So it looks like the code is actually there for group support but it just never made it into the ldap configuration form? Is there any way I could modify the ldap configuration form to utilize this support?

    Thanks!
    Last edited by jmusbach; 21-07-2014, 19:43.
    Tags: None
    • jmusbach
      Member
      • Sep 2013
      • 37
      #2
      As a update to my own thread, I contacted the developers about this and they said that there's already a bug report for this--https://support.zabbix.com/browse/ZB...mment-tabpanel. Unfortunately despite the clear amount of interest in the feature, and the possibly already present code for the feature, there seems to be no eta as yet for this to actually be implemented.

        Comment

        Previous template Next
        Working...