Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15078

API "Frontend Access Disabled" w/LDAP Issue

    XMLWordPrintable

Details

    • Problem report
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 4.0.1rc2, 4.0.1, 4.0 (plan)
    • 4.0.3rc1, 4.2.0alpha2, 4.2 (plan)
    • API (A)
    • None
    • Team D
    • Sprint 46, Nov 2018
    • 0.125

    Description

      In version 4.0 it looks like "Frontend access: Disabled" has changed in the way it works just a bit.  I think this is related to ZBXNEXT-4573.

      In 3.4 and prior when using LDAP as the authentication mechanism "Disabled" worked as expected by still authenticating API users with frontend access disabled against LDAP instead of the internal database.

      Now that it seems both internal and LDAP can be used at the same time Disabled seems to ignore LDAP even if it's the default and it only looks at the internal user database for authentication.

      I propose one of three fixes:

      • Adjust "Disabled" to read from the default authentication mechanism as it did <4.0.
      • Adjust "Disabled" to read more like "Disabled (internal)"
      • Create a second "Disabled" option so there's one for internal, and one for LDAP

      The latter is the preferred method as it provides the most flexibility and keeps the functionality that many like myself are used to present.

      As it stands, anyone using LDAP that upgrades to 4.0 that's doing anything via the API will face authentication failures which can be a very big deal.

      Attachments

        Issue Links

          Activity

            People

              gcalenko Gregory Chalenko
              jonathanspw Jonathan W
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: