Found it...

Found it...

The table is CONFIG. I updeted it (update config set authentication_type=0) and I managed to login with my old admin account...

I had the same problem here, opened a ticket suggesting there be a "fallback" admin account for situations like this. Splunk has it and it saved my butt once.

However...

I'm not able to get LDAP working again...

In drupal, I just "regenerated" the config (I saved it again with the same values) and everything started to work again.

But with zabbix, I'm receiving:

* ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Invalid credentials[/var/www/html/zabbix/include/classes/class.cldap.php:114]
* LDAP: cannot bind by given Bind DN

Does anyone had the some problem recently? I'm using centOS 5.5, zbx 1.8.2 and php 5.1.6

TIA,

Bob

About fallback

The fallback is a nice feature.

The drupal model is a little bit different. The admin account is never sync with ldap. And, it has a mixed mode: if the ldap fails, it uses the internal one.

I don't remember right now exactly how I did it but I think I went in and either altered the config table so authentication information was retrieved internally or deleted the row which defined the ldap server. I'm sorry I don't have anything else for you at this moment.

It is for this very reason, as well as Ldap server dying, that all my users use ldap authentication, but me the Zabbix Admin uses Internal authentication.

Your ldap dies and you're locked out. My ldap dies and I continue working!

MrKen

Reset the LDAP bind password

Zabbix doesn't support anonymous binds to LDAP, so you end up binding with a dedicated account... if your bind account's password fails and you don't have an "internal" admin account, you're hosed!

Reset the LDAP bind password from mysql:

mysql -u root -p
use zabbix;
update config set ldap_bind_password='newpassword' where configid=1;

Then go straight to the administration interface and make sure you set up an admin account that has GUI Access set to "Internal."

I had LDAP working fine over here and then I had to restart the virtual machine (wanted to give it more memory to work with) and now my LDAP auth is doing exactly what bobrivers is describing up there.

I'm unable to gain access to the system at all via the web interface... guess a-deleting stuff in the database I go. This is not a good occurrence to happen during a test to see if Zabbix is what we need for our organization...

In my case, I managed to get the UI working again simply by changing the LDAP server address from the DNS entry to the raw IP address in the database... there is no problem doing lookups of the corresponding machine from the command line so I'm puzzled as to why it went from working to non-working. Working now though.

Edit: http://www.zabbix.com/forum/showpost...6&postcount=20 mentions that you can have multiple usergroups... with different authentication settings.

I already created a different usergroup for my local administrators, so I just went back in and edited the Zabbix Admins group and changed authentication there from "System Default" to "Internal". Now, the original Admin account can log in as well, which should (in theory) mean it can log in even if my LDAP functionality goes south again for some reason since it isn't using LDAP. This may be old news but worth mentioning in more detail (MrKen already said it up there, I just didn't quite process what he was saying... )

Great advice!
It would be great to have the possibility of configuring multiple ldap directories, so that multi-tenancy could be feasible.