Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10660

Autocreated LDAP users get created as Zabbix Administrators

    XMLWordPrintable

Details

    • Defect (Security)
    • Status: Closed
    • Major
    • Resolution: Won't fix
    • 2.4.7
    • None
    • Frontend (F)

    Description

      I am using LDAP authentication.

      When a user logs into Zabbix using their LDAP credentials, a Zabbix user is autocreated for them via /usr/share/zabbix/include/classes/api/services/CUser.php lines 987 onwards.

      Line 1002 states

      $ldapUser['usrgrps']            = 7;

      Which means that all auto-created users are created as Zabbix Administrators. This is not desirable as it allows all auto-created users full access to change the configuration of Zabbix - including the ability to change the authentication configuration.

      The user groups that auto-created users get added to should be made configurable via the LDAP authentication configuration.

      A strong argument could be made that the default should not be to add the auto-created users to the Zabbix Administrators group.

      Attachments

        Activity

          People

            Unassigned Unassigned
            mikesilky Mike Griffiths
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: