It would be great if zabbix LDAP authentication feature could be extended to support user groups. For instance let's say that we have 2 zabbix groups: guest and dba, with all the access defined and working.
If a user in a LDAP is a member of a group called "zabbix_guest" or "zabbix_dba", this groups could be mapped to the zabbix groups.
By doing it this way, we could avoid the need of creating (or duplicate) each user in zabbix and ldap. If a user is a member of a group in LDAP that is mapped to a zabbix group, it could gain access without being created in zabbix.