[ZBX-25190] Zabbix 7.0.3 : Can't login a first time user account on a non default LDAP Created: 2024 Sep 06  Updated: 2025 Jul 25  Resolved: 2025 Jul 10

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A), Frontend (F)
Affects Version/s: None
Fix Version/s: None

Type: Problem report Priority: Trivial
Reporter: Fabien Assignee: Gregory Chalenko
Resolution: Won't fix Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: 40m
Original Estimate: Not Specified
Environment:

RHEL 8
Zabbix v7.0.3 using Alpine container
podman version 4.9.4-rhel

Issue Links:
Duplicate
Team: Team C
Sprint: S25-W30/31

 Description   

Steps to reproduce:

  1. Create 2 LDAPs server with differents domain with JIT
  2. Set LDAP1 as default
  3. Login with a first time user on LDAP1
  4. Login with a first time user on LDAP2
  5. Set LDAP2 as default
  6. Login with the same user on LDAP1
  7. Login with the same user on LDAP2

Result:

The first time user on LDAP1 is successfully created with the right access

The first time user on LDAP2 is not created and fail with the error "Incorrect user name or password or account is temporarily blocked."

 

When switching default LDAP server, the user already created can successfully login, the LDAP2 user can login and is successfully created.

Expected:
Whatever the default is, a first time user should be able to be sucessfully created with JIT if it exist within one of the configured LDAP servers.

 Comments   
Comment by Gregory Chalenko [ 2025 Jul 10 ]

This is expected behavior and is documented on user provisioning for LDAP page.
When user log in for first time, there are no information about user in Zabbix database, default LDAP server is used to determine are the credentials valid and if so Zabbix will create a new user and associate LDAP server for further login requests.

Generated at Mon Aug 11 07:34:32 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.