Zabbix frontend can take PHP_AUTH_USER as a php variable in the HTTP Login form, and log the user in by username (instead of username+password). This functionality only works for Internal accounts, regardless of whether the Default Authentication setting is set to LDAP.

HTTP Authentication should provide Login By Username functionality with LDAP (to include its JIT Provisioning feature), such that if a new (to Zabbix Server) user signs in with HTTP, the frontend performs an LDAP Search of the username and provisions an account.

This will facilitate complete integration with mature identity/authentication environments, such as PKI (e.g. smart cards) and IdM/AD.

Currently LDAP authentication is only for username+password on the Zabbix login form, but Zabbix frontend already supports LDAP Search (i.e. not using a password) for re-provisioning known LDAP accounts.

I previously mis-reported this as a bug in ZBX-24685.