ZABBIX FEATURE REQUESTS
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-1138

Allow users with valid external credentials to be granted generic privileges

    Details

      Description

      We are currently rolling out Zabbix to several hundred users, and the pain of giving them all individual access would be seriously unpleasant. However, we don't want to allow unauthenticated users to be able to see monioring data.

      As a compromise, I have implemented a patch to the LDAP authentication which substitutes an LDAP guest account for authenticated users who lack a Zabbix-internal account.
      The included patch is probably best seen as a proof-of-concept, since solving this properly would likely involve hard-to-maintain deeper changes (although not necessarily large ones).

      In the near future, I will be extending the patch included here to support fetching the substitute user from LDAP groups, and preserving audit trails by remembering who the user logged in as. These are essential our internal use of Zabbix, so (unless nobody is interested ) I'll happily post those patches here.

        Activity

        Charles Cooke created issue -
        Charles Cooke made changes -
        Field Original Value New Value
        Attachment ldap_squash_login.patch [ 18281 ]
        Charles Cooke made changes -
        Attachment ldap_squash_login.patch [ 18283 ]
        Charles Cooke made changes -
        Attachment ldap_squash_login.patch [ 18281 ]
        Charles Cooke made changes -
        Comment [ Redirect valid LDAP users without accounts to an 'ldap_guest' account ]
        Charles Cooke made changes -
        Comment [ Redirect valid LDAP users without accounts to an 'ldap_guest' account ]
        Hide
        Oleksiy Zagorskyi added a comment -

        Try to search across the Jira, I recall something similar.
        Do not forget about the forum as well.

        Show
        Oleksiy Zagorskyi added a comment - Try to search across the Jira, I recall something similar. Do not forget about the forum as well.
        Oleksiy Zagorskyi made changes -
        Labels usability authentication ldap usability
        Hide
        Charles Cooke added a comment -

        I saw a few people in the forum talking about similar things, but the only patches I found are for automatically creating users. That's exactly the opposite of what we need - we want to have as few users in Zabbix as possible.

        Show
        Charles Cooke added a comment - I saw a few people in the forum talking about similar things, but the only patches I found are for automatically creating users. That's exactly the opposite of what we need - we want to have as few users in Zabbix as possible.
        Alexander Vladishev made changes -
        Fix Version/s 2.0.1 [ 10403 ]
        Fix Version/s 2.0.0 [ 10062 ]
        Alexander Vladishev made changes -
        Fix Version/s 2.0.2 [ 11308 ]
        Fix Version/s 2.0.1 [ 10403 ]
        Alexander Vladishev made changes -
        Fix Version/s 2.0.3 [ 11312 ]
        Fix Version/s 2.0.2 [ 11308 ]
        richlv made changes -
        Fix Version/s 2.0.3 [ 11312 ]
        Hide
        Oleksiy Zagorskyi added a comment -

        related to another ZBXNEXT-276

        Show
        Oleksiy Zagorskyi added a comment - related to another ZBXNEXT-276
        Alexei Vladishev made changes -
        Zabbix ID NA RTD
        Alexander Vladishev made changes -
        Workflow ZBXNEXT workflow [ 24531 ] Zabbix workflow [ 31475 ]
        richlv made changes -
        Labels authentication ldap usability authentication ldap patch usability
        Hide
        Sorin Sbarnea added a comment -

        I am quite interested about this feature, we do want to provide Zabbix as a self-service for those looking for a a monitoring solution but our corporate directory contains about 14.000 users, we cannot manually create for every one that may want to try the systems.

        Can we have this rolled into current Zabbix?

        Show
        Sorin Sbarnea added a comment - I am quite interested about this feature, we do want to provide Zabbix as a self-service for those looking for a a monitoring solution but our corporate directory contains about 14.000 users, we cannot manually create for every one that may want to try the systems. Can we have this rolled into current Zabbix?
        Alexei Vladishev made changes -
        Workflow Zabbix workflow [ 31475 ] Zabbix workflow - new [ 38468 ]

          People

          • Assignee:
            Alexei Vladishev
            Reporter:
            Charles Cooke
          • Votes:
            5 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated: