Comments (6)
Was this ever resolved? I am having same issue configuring ldap plugin with windows server 2016 AD
from jellyfin-plugin-ldapauth.
Can confirm, same for me.
from jellyfin-plugin-ldapauth.
So I found some info on your error here: https://stackoverflow.com/questions/46052873/a-list-of-all-users-ldap-referral-error-ldapreferralexception
I've implemented the proposed fix, can someone test with a build from my repo:
https://github.com/LogicalPhallacy/jellyfin-plugin-ldapauth
from jellyfin-plugin-ldapauth.
@LogicalPhallacy It looks like this breaks the existing OpenSSL compat, at least with my settings:
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: [18:26:07] [ERR] Failed to Connect or Bind to server
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Protocol Error (2) Protocol Error
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Server Message: unsupported extended operation
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Matched DN:
from jellyfin-plugin-ldapauth.
I have the same issue.
Oddly, I have been able to log in with my own AD user account, and a new user I just created, but no other users seem to be able to log on. They get the "Connection Failure" pop-up.
Another strange thing, the log looks like this:
[ERR] Error processing request. URL: "http://media.atticstudios.be/Users/authenticatebyname"
LdapReferralException: Search result reference received, and referral following is off (10) Referral
LdapReferralException: Referral: ldap://###.atticstudios.be/DC=###,DC=atticstudios,DC=be
"###" being a subdomain of atticstudios.be. The tested user account or groups used to filter the logins are not in this subdomain. Not sure why this would be referred to? It is not mentioned in the plugin configuration anywhere (but is a part of AD of course).
The new user account that is able to log on is identical to some of the other ones that do not word. Same OU, same groups. There are no non-alphanumeric characters in the user names.
Anything else I can try or test?
from jellyfin-plugin-ldapauth.
For anyone who came across this issue while setting jellyfin LDAP with AD
Docker host - ubuntu 20 server
Jellyfin docker container - hotio/jellyfin
Jellyfin version - 10.6.2
Ldap plugin version - 9.0.0.0
Windows server 2019
Active directory 2016 forest level
I Have an OU called groups that houses all my security groups
All users are placed in the default CN users
(The jellyfin admin chunk doesn't appear to work I can live with that)
This is my working config with sensative information redacted
<?xml version="1.0"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<LdapServer>192.168.0.254</LdapServer> # This is the AD IP (I have no docker DNS to forward AD DNS to docker containers)
<LdapBaseDn>dc=contoso,dc=com</LdapBaseDn>
<LdapPort>389</LdapPort>
<LdapSearchAttributes>sAMAccountName, userPrincipalName, mail, displayName</LdapSearchAttributes>
<LdapUsernameAttribute>displayName</LdapUsernameAttribute>
<LdapSearchFilter>(memberOf=CN=JellyfinUsers,OU=Groups,DC=contoso,DC=com)</LdapSearchFilter>
<LdapAdminFilter>(memberOf=CN=JellyfinAdmins,OU=Groups,DC=contoso,DC=com)</LdapAdminFilter>
<LdapBindUser>CN=bind,CN=Users,DC=contoso,DC=com</LdapBindUser>
<LdapBindPassword>YOURBINDACCOUNTPASSWORD</LdapBindPassword>
<CreateUsersFromLdap>true</CreateUsersFromLdap>
<UseSsl>false</UseSsl>
<UseStartTls>false</UseStartTls>
<SkipSslVerify>false</SkipSslVerify>
</PluginConfiguration>
from jellyfin-plugin-ldapauth.
Related Issues (20)
- Set Jellyfin's user image through LDAP attribute HOT 1
- About Filter Groups HOT 1
- Password Reset URL HOT 1
- Feature: Option to allow/ disallow transcoding on newly created users
- Feature: Better Support for TLS Certificates HOT 1
- memberUid is broken HOT 1
- LdapException: Size Limit Exceeded (4) HOT 18
- [Issue]: Log flooding with "CustomAuthentication was forbidden."
- Issue with microsoft active directory
- Password in plain text after user's modification HOT 1
- LDAP Filter HOT 4
- User not given administrator rights on first login HOT 2
- Add `LDAP Uid attribute` field
- Cant connect to authentik ldap HOT 2
- Slow bind with SSL/TLS HOT 2
- Incompatibility with 20240214.1-unstable HOT 3
- Password Reset reports try again from your home network HOT 3
- Allow "UPN" attribute with Windows AD HOT 1
- Plugin not compatible with Jellyfin 10.9 HOT 3
- [10.9] User unable to login missing Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jellyfin-plugin-ldapauth.