The problem is that often LDAP users are managed by an IT group who manages windows desktops, etc. It sometimes becomes difficult to get them to create and manage generic accounts (like 'guest' / 'readonly' / 'noc' whatever), so its sometimes useful to create local accounts on the server which don't do LDAP/Kerberos/whatever network authentication. That is usually why this feature is requested.
-
-
Hello
I would still vote for a local ZABBIX Admin to access the ZABBIX when LDAP is down.
There are different possibilities with different pros & cons as mentioned before. For example, OTRS also makes a copy of the LDAP users into the local database.
AndreasZabbix statistics
Total hosts: 380 - Total items: 12190 - Total triggers: 4530 - Required server performance: 224.2Comment
-
In general, In a perfect world, its true that a single source of authentication is the objectively correct way to do things, but we rarely operate in a perfect world, and trying to force everyone towards that perfect world by crippling software to not work in the real world just means you piss off your users.
The software developers of the platforms that I use shouldn't make my architectural decisions for me. I know that a single source of authentication is better than multiple sources, but if I want to do multiple sources of authentication I probably have a good reason to set things up that way.Comment
-
I do not want to force to a single authentication method. Only that the developers keep additional possibilities in mind when designing the system so that it could be easly extended when the need arise. Thats why I pointed to the idea of cached logins.
AndreasZabbix statistics
Total hosts: 380 - Total items: 12190 - Total triggers: 4530 - Required server performance: 224.2Comment
-
Ok, we still dislike situation with different sources of authentication, but
we decided to give you an ability to force any user groups to authenticate internally.
Implemented in rev. 5815Zabbix | ex GUI developerComment
Comment