AT LAST! Updated for 2.4.x
I know it's been a while since i updated this post. I recently had a requirement where an organisation required ldap support to be enabled as well as the ability to have any of their staff log in and use Zabbix.
By default, you aren't able to do this because you need an account to be created in Zabbix before you can log in.
Well, not anymore. I have updated and simplified the patch i wrote almost 5 years ago. The patch will auto create a zabbix account if it does not exist provided that the user is able to be successfully authenticated via an alternative authentication mechanism ie LDAP. The user is created as a regular Zabbix user with all of the defaults. No media etc is configured and their surname is hardcoded to "autocreated".
Pre-installation requirements:
Before you install the patch, you should go to Administration > Users > User groups and ensure the Guests group is enabled.
You'll then need to edit the Guests group and ensure permissions have been appropriately applied. In my scenario, i provided read only access to all groups.
After that you can download the patch and install it. I normally use the Zabbix rpms at repo.zabbix.com because its soooooo much easier in large scale deployments (especially with an internal yum repo) so the absolute path to the file required to be patch is /usr/share/zabbix/include/classes/api/services/CUser.php (or frontends/php/include/classes/api/services/CUser.php if your compiling from source).
Copy the patch file the right location and patch the file using:
patch -p0 -i CUser.php.patch
Patch was tested against 2.4.1 but could be compatible with older versions as well.
Have fun!
I know it's been a while since i updated this post. I recently had a requirement where an organisation required ldap support to be enabled as well as the ability to have any of their staff log in and use Zabbix.
By default, you aren't able to do this because you need an account to be created in Zabbix before you can log in.
Well, not anymore. I have updated and simplified the patch i wrote almost 5 years ago. The patch will auto create a zabbix account if it does not exist provided that the user is able to be successfully authenticated via an alternative authentication mechanism ie LDAP. The user is created as a regular Zabbix user with all of the defaults. No media etc is configured and their surname is hardcoded to "autocreated".
Pre-installation requirements:
Before you install the patch, you should go to Administration > Users > User groups and ensure the Guests group is enabled.
You'll then need to edit the Guests group and ensure permissions have been appropriately applied. In my scenario, i provided read only access to all groups.
After that you can download the patch and install it. I normally use the Zabbix rpms at repo.zabbix.com because its soooooo much easier in large scale deployments (especially with an internal yum repo) so the absolute path to the file required to be patch is /usr/share/zabbix/include/classes/api/services/CUser.php (or frontends/php/include/classes/api/services/CUser.php if your compiling from source).
Copy the patch file the right location and patch the file using:
patch -p0 -i CUser.php.patch
Patch was tested against 2.4.1 but could be compatible with older versions as well.
Have fun!
Would be nice to have this feature built in Zabbix by default.
Comment