[ZBXNEXT-1138] Allow users with valid external credentials to be granted generic privileges Created: 2012 Mar 02  Updated: 2022 Oct 08

Status: Open
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: 1.8.9, 1.8.10, 1.9.9 (beta)
Fix Version/s: None

Type: New Feature Request Priority: Trivial
Reporter: Charles Cooke Assignee: Alexei Vladishev
Resolution: Unresolved Votes: 9
Labels: authentication, ldap, patch, usability
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File ldap_squash_login.patch    

 Description   

We are currently rolling out Zabbix to several hundred users, and the pain of giving them all individual access would be seriously unpleasant. However, we don't want to allow unauthenticated users to be able to see monioring data.

As a compromise, I have implemented a patch to the LDAP authentication which substitutes an LDAP guest account for authenticated users who lack a Zabbix-internal account.
The included patch is probably best seen as a proof-of-concept, since solving this properly would likely involve hard-to-maintain deeper changes (although not necessarily large ones).

In the near future, I will be extending the patch included here to support fetching the substitute user from LDAP groups, and preserving audit trails by remembering who the user logged in as. These are essential our internal use of Zabbix, so (unless nobody is interested ) I'll happily post those patches here.

 Comments   
Comment by Oleksii Zagorskyi [ 2012 Mar 05 ]

Try to search across the Jira, I recall something similar.
Do not forget about the forum as well.

Comment by Charles Cooke [ 2012 Mar 16 ]

I saw a few people in the forum talking about similar things, but the only patches I found are for automatically creating users. That's exactly the opposite of what we need - we want to have as few users in Zabbix as possible.

Comment by Oleksii Zagorskyi [ 2012 Sep 02 ]

related to another ZBXNEXT-276

Comment by Sorin Sbarnea [ 2014 Feb 17 ]

I am quite interested about this feature, we do want to provide Zabbix as a self-service for those looking for a a monitoring solution but our corporate directory contains about 14.000 users, we cannot manually create for every one that may want to try the systems.

Can we have this rolled into current Zabbix?

Generated at Thu Apr 18 07:51:21 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.