Ad Widget

Collapse

Invalid LDAP JIT provisioning user group mapping configuration.

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Rillekille
    Junior Member
    • Mar 2023
    • 9
    #1

    Invalid LDAP JIT provisioning user group mapping configuration.

    Hi,

    hope someone can help with this problem.

    We are running Zabbix 6.4 and when configuring LDAP authentication something went wrong.

    When we are trying to edit the LDAP configuration and hits the Update button we are getting the error message below, no matter what we try to do:

    "Details Cannot update authentication
    Invalid LDAP JIT provisioning user group mapping configuration."

    If we try to edit the ldap server configuration we get this error message:

    "Invalid LDAP Configuration".

    See attached screenshots.

    Is it a way to correct the LDAP configuration through the UI or is it possible to remove the configuration directly by editing in the database?


    Attached Files
    Tags: ldap, ldap authentication
    • Gloomeye
      Junior Member
      • Aug 2024
      • 4
      #2
      Hi Rillekille,

      I encountered the same issue in Zabbix 6.4 today. I received the error code indicated on line 196 of https://git.zabbix.com/projects/ZBX/...ae3162be0afc65 ba81614c6d53454. It appears that the system throws an error when it fails to locate the "provision_groups" attribute in the JSON data.

      The only LDAP-related setting that can be adjusted from the user interface is the "LDAP group pattern" in the LDAP authentication JIT settings. However, this setting cannot be used to remove the problematic group.

      To resolve the issue, I executed the following SQL query to identify and delete the problematic group from the database:

      SELECT userdirectory_idpgroupid, userdirectoryid, roleid, name FROM public.userdirectory_idpgroup ORDER BY name;


      It seems that the system gets into an infinite loop, repeatedly querying LDAP for a non-existent group.

        Comment

        • Rillekille
          Junior Member
          • Mar 2023
          • 9
          #3
          Hi Gloomeye!

          A colleague of mine solved the problem quite a while ago.
          Really don't know how (or remember now...) how he solved it.

          Thanks for the solution you provided, will keep it if our problems returns in the future.

          Best regards

          /Rickard

            Comment

            Previous template Next
            Working...