ive been trying all morning and I cant seem to get mine to work either.

Ok, i got it working... But whats the benefit if i still have to create the username before the user can authenticate with it?

also, why should I have to set this up for EACH individual user, which is how this feature seems to be presented??

I think the bennefit is great. Not all AD users should login in zabbix. So when you add a user you give him permissions.
And when you use LDAP you can add users, and you don't get confusing users who forget there passwords.

Vinny,

check my post on the first page. This is my working config for Active directory. BIND password is the domain password for the user.
So i used my administrator account with that password.

The question of the benefits have been answered in previous posts and one
follow-up to your post in this thread, already. So I won't repeat those.

If you set this up as System default, every user automatically uses LDAP (ADS)
for authentication.
We have created a user group which GUI access set to Internal
to allow users to login without requiring ADS or LDAP to be available.

A monitoring solution should depend on the smallest number of other systems and components possible.
That's why,e.g., we don't put the DB on shared external storage !
We do monitor ADS and must be able to report and check a problem (login to ZABBIX) if it doesn't work.
And, at least, some users must be able to logon in any case !
You have to set up this user group and the users in it just once !

Regards

Norbert.

Hi vinny

as mentioned by Tristan see also his post for examples.

You could use any valid domain user to access the AD via LDAP.
At least in our case, that's true.

For me the biggest problem was to identify the DN of a valid user.
Our AD is not that simple like CN=MyLoginName,OU=Users,DC=thecompany,DC=com
as in the examples given here !
As soon as I had identified, e.g. my user, everything works.
The error message means that you didn't choose a valid user DN
for the test. Now we are using a special user for access to lower the
risk of potential security problems like finding the password in the ZABBIX-DB, etc.

How do you find the DN of a valid domain user ?

I recommend using the ldp.exe tool from the Windows 2003 toolkit.
Start it, connect to any DC, bind with, e.g. your credentials (domain user
and password) and search for "sAMAccountName=the-user-you-want-to-use".
In the output you'll find the DN for this user.
Use it and this user's password in ZABBIX LDAP configuration screen
and if everything else is configured well, it will work.
You'll have to use the complete DN aka absolute path to the
user in the AD (LDAP).

I found this very helpful website and downloaded ldp.zip from there.
Installation is not required, just start the ldp.exe in the zip file.

HTH,

Norbert.

Thx u all for those precisions..i wasn't familiar with those denominations...
vinny

LDAP authentication

If it's of any use, I managed to find the necessary settings in ldap.conf on our ldap server.

Also, if you want to use ldap and internal authentication, this thread may be useful http://www.zabbix.com/forum/showthre...highlight=ldap

regards,
MrKen

In response to NOB for my previous post, I had a moment of awakening, and it all "just clicked". I am now enjoying the benefits of Zabbix, and I see why we need to add the user first to Zabbix.

In other systems, OCS Inventory being one, once a user logs in, they are granted default read-only rights, then you can admin them once the account is automatically created.

After really using zabbix now, I can see why they dont use this convention.

All-in-all, a fantastic open source solution.

Help

Struggling to setup:

Last time I used these settings( see picture attached):
cn=Test - my admin acc - 100%

Before that, when I had messed up DN lines It had been giving me an error like wrong credentials , etc

Now, when I choose user(that exists in AD 100% and put a password) and press 'Test' It just says "ERROR: LDAP Login was not successful" With no Details button in the left corner, so I can't really See what's wrong...
Any Ideas?

I could be wrong, but what happens if you tick the 'LDAP Authentication Enabled' box?

Exactly the same(((

I'm just guessing, but you could try:

1) ldap://192.168.39.5

2) For 'Search attribute' I'm using uid not sAMAccountName


As I mentioned in an earlier post, I got my info straight out of ldap.conf

I hope you get this working before you go home.

Good luck

you need to change the "login" to the active directory user.
So if i need to use the test button, i login in zabbix with my administor account. then the test will work. I dont'think that "admin" is a valid ldap user at your environment.


see my previous post for my example.

if your ldap is working you need to tick the "Ldap authentication enabled" box.

you need to use SAMaccountname for Active directory.

Guys, Thanks for your responses!
Weird thing 's just happened:

1) If I'm logged as Internal user Admin,
I go to Authentication -> Choose all as before(Tristan, the previous screen wasn't perfect, I actually had choosen different user called 'zhuravlev' from drop-down menu before pressing 'Test' button.) then I get this error like before(see screen 1)

2) If I'm logged as Internal user 'zhuravlev', which has Super Admin rights and exists in AD as well, and try to the same( funny thing that Login is greyed out in this case, can't choose different user from drop-down menu like I can If logged as 'Admin') I can successfully test LDAP connection!!!(see screen 2) Man, this is strange for me. At least it works this way! Thank you all.