Error LDAP Windows server 2016 about jellyfin-plugin-ldapauth HOT 6 CLOSED

Was this ever resolved? I am having same issue configuring ldap plugin with windows server 2016 AD

from jellyfin-plugin-ldapauth.

Can confirm, same for me.

from jellyfin-plugin-ldapauth.

So I found some info on your error here: https://stackoverflow.com/questions/46052873/a-list-of-all-users-ldap-referral-error-ldapreferralexception

I've implemented the proposed fix, can someone test with a build from my repo:
https://github.com/LogicalPhallacy/jellyfin-plugin-ldapauth

from jellyfin-plugin-ldapauth.

@LogicalPhallacy It looks like this breaks the existing OpenSSL compat, at least with my settings:

Aug 27 18:26:07 jf1.i.net jellyfin[30262]: [18:26:07] [ERR] Failed to Connect or Bind to server
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Protocol Error (2) Protocol Error
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Server Message: unsupported extended operation
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Matched DN:

from jellyfin-plugin-ldapauth.

I have the same issue.
Oddly, I have been able to log in with my own AD user account, and a new user I just created, but no other users seem to be able to log on. They get the "Connection Failure" pop-up.
Another strange thing, the log looks like this:

[ERR] Error processing request. URL: "http://media.atticstudios.be/Users/authenticatebyname"
LdapReferralException: Search result reference received, and referral following is off (10) Referral
LdapReferralException: Referral: ldap://###.atticstudios.be/DC=###,DC=atticstudios,DC=be
"###" being a subdomain of atticstudios.be. The tested user account or groups used to filter the logins are not in this subdomain. Not sure why this would be referred to? It is not mentioned in the plugin configuration anywhere (but is a part of AD of course).
The new user account that is able to log on is identical to some of the other ones that do not word. Same OU, same groups. There are no non-alphanumeric characters in the user names.
Anything else I can try or test?

from jellyfin-plugin-ldapauth.

For anyone who came across this issue while setting jellyfin LDAP with AD
Docker host - ubuntu 20 server
Jellyfin docker container - hotio/jellyfin
Jellyfin version - 10.6.2
Ldap plugin version - 9.0.0.0
Windows server 2019
Active directory 2016 forest level

I Have an OU called groups that houses all my security groups
All users are placed in the default CN users
(The jellyfin admin chunk doesn't appear to work I can live with that)
This is my working config with sensative information redacted

<?xml version="1.0"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <LdapServer>192.168.0.254</LdapServer> # This is the AD IP (I have no docker DNS to forward AD DNS to docker containers)
  <LdapBaseDn>dc=contoso,dc=com</LdapBaseDn>
  <LdapPort>389</LdapPort>
  <LdapSearchAttributes>sAMAccountName, userPrincipalName, mail, displayName</LdapSearchAttributes>
  <LdapUsernameAttribute>displayName</LdapUsernameAttribute>
  <LdapSearchFilter>(memberOf=CN=JellyfinUsers,OU=Groups,DC=contoso,DC=com)</LdapSearchFilter>
  <LdapAdminFilter>(memberOf=CN=JellyfinAdmins,OU=Groups,DC=contoso,DC=com)</LdapAdminFilter>
  <LdapBindUser>CN=bind,CN=Users,DC=contoso,DC=com</LdapBindUser>
  <LdapBindPassword>YOURBINDACCOUNTPASSWORD</LdapBindPassword>
  <CreateUsersFromLdap>true</CreateUsersFromLdap>
  <UseSsl>false</UseSsl>
  <UseStartTls>false</UseStartTls>
  <SkipSslVerify>false</SkipSslVerify>
</PluginConfiguration>

from jellyfin-plugin-ldapauth.