I'm currently configuring LDAP authentication for Zabbix, with DUO set up as an MFA intermediary using the DUO Authentication Proxy.
When using the DUO Proxy, Zabbix successfully authenticates users (I get "login successful"), but none of the LDAP attributes—specifically User role, User groups, and Media type—are retrieved. They all show as "No Value."
Tested connecting directly to the DC without DUO, and this worked as expected, with all attributes retrieved successfully.
Some might suggest that DUO is the issue, but I have other services using DUO in a similar fashion, and they’re able to retrieve LDAP attributes without any problems.
This behavior appears specific to Zabbix with the DUO proxy configuration.
Has anyone successfully configured DUO to relay LDAP group and role attributes to Zabbix?
Are there recommended configurations for DUO’s authproxy.cfg or Zabbix’s LDAP group pattern that ensure groups are retrieved?
Any other potential troubleshooting steps I might have missed?
When using the DUO Proxy, Zabbix successfully authenticates users (I get "login successful"), but none of the LDAP attributes—specifically User role, User groups, and Media type—are retrieved. They all show as "No Value."
Tested connecting directly to the DC without DUO, and this worked as expected, with all attributes retrieved successfully.
Some might suggest that DUO is the issue, but I have other services using DUO in a similar fashion, and they’re able to retrieve LDAP attributes without any problems.
This behavior appears specific to Zabbix with the DUO proxy configuration.
Has anyone successfully configured DUO to relay LDAP group and role attributes to Zabbix?
Are there recommended configurations for DUO’s authproxy.cfg or Zabbix’s LDAP group pattern that ensure groups are retrieved?
Any other potential troubleshooting steps I might have missed?
Comment