Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-1138

Allow users with valid external credentials to be granted generic privileges

    Details

      Description

      We are currently rolling out Zabbix to several hundred users, and the pain of giving them all individual access would be seriously unpleasant. However, we don't want to allow unauthenticated users to be able to see monioring data.

      As a compromise, I have implemented a patch to the LDAP authentication which substitutes an LDAP guest account for authenticated users who lack a Zabbix-internal account.
      The included patch is probably best seen as a proof-of-concept, since solving this properly would likely involve hard-to-maintain deeper changes (although not necessarily large ones).

      In the near future, I will be extending the patch included here to support fetching the substitute user from LDAP groups, and preserving audit trails by remembering who the user logged in as. These are essential our internal use of Zabbix, so (unless nobody is interested ) I'll happily post those patches here.

        Attachments

          Activity

            People

            • Assignee:
              alexei Alexei Vladishev
              Reporter:
              ccooke Charles Cooke
            • Votes:
              6 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated: