Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-276 LDAP authentication with groups support
  3. ZBXNEXT-3832

LDAP authentication: Zabbix runs LDAP groups sync process (Case 3)

XMLWordPrintable

    • Icon: Change Request (Sub-task) Change Request (Sub-task)
    • Resolution: Won't Do
    • Icon: Trivial Trivial
    • None
    • None
    • Server (S)
    • None
    • Sprint 2, Sprint 3, Sprint 4, Sprint 5, Sprint 6, Sprint 90 (Jul 2022), Sprint 91 (Aug 2022), Sprint 92 (Sep 2022), Sprint 93 (Oct 2022), Sprint 94 (Nov 2022), Sprint 95 (Dec 2022), Sprint 96 (Jan 2023)
    • 7

      ==== Case 3: Zabbix runs LDAP groups sync process ====

      Precondition:

      • Zabbix Administrator done configuration of sync process.
      • Mappings of Zabbix user attributes defined by Zabbix Administrator

      Use Case:

      • Sync process authenticated with technical user in LDAP.
      • If LDAP is AD then...
      • If LDAP is Open Direcotry then...
      • Sync process - for each Zabbix User group with LDAP selectors (repeated for each group)
      • check if Users Group LDAP sync is enabled
      • Sync process uses Zabix Users group LDAP query to find users in LDAP
      • Sync process selects Zabbix Users in group
      • If user exists in LDAP and in Zabbix... <WE USE LOGIC FROM EXISTING SCRIPT>
      • If Zabbix User is marked as LDAP user
      • If Zabbix User not marked as LDAP user
      • If user is missed in LDAP but exists in Zabbix.... <WE USE LOGIC FROM EXISTING SCRIPT>
      • Moved to “No Login” group / or becomes disabled
      • We do not delete LDAP users that are out of sync
      • If user exists in LDAP and missed in Zabbix.... <WE USE LOGIC FROM EXISTING SCRIPT>
      • Create new user and mark it as LDAP user.
      • Sync process records in DB LDAP sync: last success date time, last failure date time, last error message
      • Sync process marks all created users with LDAP connection name.

      Assumptions:

      • Sync process can modify only LDAP User, no access to other users

            zabbix.dev Zabbix Development Team
            palivoda Rostislav Palivoda
            Team B
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: