Details
-
Change Request (Sub-task)
-
Status: Closed
-
Trivial
-
Resolution: Won't Do
-
None
-
None
-
None
-
Team A
-
Sprint 2, Sprint 3, Sprint 4, Sprint 5, Sprint 6
-
7
Description
==== Case 3: Zabbix runs LDAP groups sync process ====
Precondition:
- Zabbix Administrator done configuration of sync process.
- Mappings of Zabbix user attributes defined by Zabbix Administrator
Use Case:
- Sync process authenticated with technical user in LDAP.
- If LDAP is AD then...
- If LDAP is Open Direcotry then...
- Sync process - for each Zabbix User group with LDAP selectors (repeated for each group)
- check if Users Group LDAP sync is enabled
- Sync process uses Zabix Users group LDAP query to find users in LDAP
- Sync process selects Zabbix Users in group
- If user exists in LDAP and in Zabbix... <WE USE LOGIC FROM EXISTING SCRIPT>
- If Zabbix User is marked as LDAP user
- If Zabbix User not marked as LDAP user
- If user is missed in LDAP but exists in Zabbix.... <WE USE LOGIC FROM EXISTING SCRIPT>
- Moved to “No Login” group / or becomes disabled
- We do not delete LDAP users that are out of sync
- If user exists in LDAP and missed in Zabbix.... <WE USE LOGIC FROM EXISTING SCRIPT>
- Create new user and mark it as LDAP user.
- Sync process records in DB LDAP sync: last success date time, last failure date time, last error message
- Sync process marks all created users with LDAP connection name.
Assumptions:
- Sync process can modify only LDAP User, no access to other users