How to configure LDAP on Zabbix

In your web interface, go to the AdministrationAuthentication. Change “Default authentication” by “LDAP”.

Configuration LDAP authentication


Go to the “LDAP settings” and configure your server Active Directory or OpenLDAP

External LDAP authentication can be used to check user names and passwords. Note that a user must exist in Zabbix as well, however its Zabbix password will not be used.

Zabbix LDAP authentication works at least with Microsoft Active Directory and OpenLDAP.

Configuration Active Directory for Zabbix 4.0

Configuration parameters:

Enable LDAP authentication Mark the checkbox to enable LDAP authentication.
LDAP host Name of LDAP server. For example: ldap://
For secure LDAP server use ldaps protocol.
With OpenLDAP 2.x.x and later, a full LDAP URI of the form ldap://hostname:port or ldaps://hostname:port may be used.
Port Port of LDAP server. Default is 389.
For secure LDAP connection port number is normally 636.
Not used when using full LDAP URIs.
Base DN Base path to search accounts:
ou=Users,ou=system (for OpenLDAP),
DC=company,DC=com (for Microsoft Active Directory)
Search attribute LDAP account attribute used for search:
uid (for OpenLDAP),
sAMAccountName (for Microsoft Active Directory)
Bind DN LDAP account for binding and searching over the LDAP server, examples:
uid=ldap_search,ou=system (for OpenLDAP),
CN=ldap_search,OU=user_group,DC=company,DC=com (for Microsoft Active Directory)

Required, anonymous binding is not supported.
Case-sensitive login Unmark the checkbox to disable case-sensitive login (enabled by default) for usernames.
E.g. disable case-sensitive login and log in with, for example, ‘ADMIN’ user even if the Zabbix user is ‘Admin’.
Note that with case-sensitive login disabled the login will be denied if multiple users exist in Zabbix database with similar alias (e.g. Admin, admin).
Bind password LDAP password of the account for binding and searching over the LDAP server.
Test authentication Header of a section for testing
Login Name of a test user (which is currently logged in the Zabbix frontend). This user name must exist in the LDAP server.
Zabbix will not activate LDAP authentication if it is unable to authenticate the test user.
User password LDAP password of the test user.

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Site Footer