BestHub
search
Sign in
Operations 5 min read

How to Configure LDAP Authentication in Zabbix: A Step‑by‑Step Guide

This guide walks you through setting up LDAP authentication for Zabbix, covering Active Directory OU creation, Zabbix server LDAP module verification, configuration parameters, user provisioning, fallback to internal authentication, and the related database tables and SQL commands.

Ops Development Stories
Ops Development Stories
Ops Development Stories
How to Configure LDAP Authentication in Zabbix: A Step‑by‑Step Guide

Authentication Methods Overview

Zabbix supports three authentication methods: Internal, LDAP, and HTTP. To use LDAP, Active Directory (AD) and Zabbix must share user accounts, and the credentials entered in the LDAP test authentication must match those in AD.

Windows AD Domain Setup

Create an OU named zabbix in AD, add user accounts within that OU, and set passwords for those accounts.

Zabbix Server Configuration

Verify that the PHP LDAP module is installed.

Configure LDAP settings in Zabbix:

<code>LDAP host: ldap://<i>DC_address</i>
Port: 389 (default)
Base DN: DC=ytzjsj,DC=com
Search attribute: sAMAccountName
Bind DN: CN=Admin,OU=zabbix,DC=ytzjsj,DC=com
Bind password: <i>LDAP_user_password</i>
Login: Admin
User password: password of the AD user</code>

Enable LDAP Authentication

Create a new user in AD (ytzjsj domain) and, when adding the user in Zabbix, leave the password field empty so that AD credentials are used for authentication.

After LDAP is enabled, the new user can log in using AD credentials:

Fallback When LDAP Fails

Switch the authentication type back to Internal, log in with the admin account, and if necessary reset the admin password to

admin

.

<code>use zabbix;  # select database
show tables;  # list tables
desc config;  # view config table structure</code>

User and Authentication Database Tables

The relevant tables are config , users , users_groups , and usrgrp . The

authentication_type

field in

config

determines the method (0 = Internal, 1 = LDAP, 2 = HTTP).

Operational SQL Steps

<code>select userid, alias, passwd from zabbix.users;</code><code>update zabbix.config set authentication_type=0;</code><code>update zabbix.users set passwd=md5("admin") where userid='1';</code><code>flush privileges;</code>

User Database Queries

List all users:

<code>select * from users;</code>

List permission groups:

<code>select * from usrgrp;</code>

List user‑group relationships:

<code>select * from users_groups;</code>

Modify a user's group membership:

<code>update users_groups set usrgrpid='1' where userid=3;
flush privileges;</code>
operationsDatabaseauthenticationActive DirectoryZabbixLDAP
Ops Development Stories
Written by

Ops Development Stories

Maintained by a like‑minded team, covering both operations and development. Topics span Linux ops, DevOps toolchain, Kubernetes containerization, monitoring, log collection, network security, and Python or Go development. Team members: Qiao Ke, wanger, Dong Ge, Su Xin, Hua Zai, Zheng Ge, Teacher Xia.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment