Can Zabbix authenticate local and LDAP at the same time. If the user does not exist in a local DB try LDAP or the other way around first LDAP then local?
-
-
I've wanted something like that too, but I don't think it's currently possible.
My primary motivation is so that we can use LDAP authentication as the first try, but if there's a network partition and the web interface is isolated from any of our LDAP servers, have it fall back to using local auth. A monitoring system still needs to be accessible, even when parts of the network are (figuratively) on fire.
We've essentially stuck with local auth to avoid that dependency. -
Fallback to local auth needs to be there.Comment
-
you can have local Auth and LDAP Auth active at the same time BUT:- single user cannot have both LDAP and local Auth enabled at the same time
- LDAP users do not have passwords stored in the zabbix DB
- there's no such thing as "fallback" meaning both of your authentication services - local + LDAP are active at the same time
- you could have user "double" accounts as:
- login - AD user
- login_local - local user account
To workaround this behavior you could setup an API call that will convert all of your LDAP accounts to local accounts if the LDAP server /Active Directory server becomes unreachable.
zabbix USER API reference:
Comment
Comment