Jump to content






Photo

Introducing LDAP Support for Emby

Posted by Luke , 16 May 2018 · 7320 views

We're pleased to announce LDAP support for Emby Server, now supported by all Emby apps!

 

Installation

 

To setup LDAP, simply install the LDAP plugin from the Emby plugin catalog. This feature requires an active Emby Premiere subscription.

 

Posted Image

 

Then head over to your LDAP plugin configuration and setup the plugin to connect to your LDAP server:

 

Posted Image

 

Users are imported from LDAP as they sign into Emby. You can even set the default permissions for imported users:

 

Posted Image

 

Important: Users marked as administrators in Emby will always sign into Emby using Emby authentication, not LDAP. This policy is designed to avoid situations where you could potentially become locked out of your Emby Server due to an LDAP problem.

 

Let us know what you think and what improvements you'd like to see !



  • sydlexius, AgileHumor, MikePlanet and 1 other like this



Wohhoo! this one came unexpected. Nice! will deploy it next week. Emby was my last application with stand-alone user management. Thanks a lot!

Photo
jasonwilliams
May 16 2018 07:30 PM
Wow. This is next level for a media app. I didn't even know I wanted this until the announcement came out, and now I can never turn back.

Awesome. Just awesome.

No words, GREAT JOB!

 

Thank you!!

very very very nice! good gob!!!!! Thanks a lot!
But I dont undestand to setup <Bind credentials:>

 

very very very nice! good gob!!!!! Thanks a lot!
But I dont undestand to setup <Bind credentials:>

 

That should be the password for the "user" (aka "Bind DN") EMBY connects to the ldap server to query the directory.

If your LDAP supports anonymous queries (which should be deactivted, except your are on a testsystem or maybe on a localhost only environment) you should not need Bind DN and Bind Credentials.

Luke, I'm a novice to ldap, I have read briefly about it but couldn't figure how this would improve or enhance my current setting. My server is on windows 7, clients on kodi Libreelec so what results should I expect once installed the plugin, my clients are both on LAN and WAN. 

LDAP is a User Directory. You only have to maintain one list of users and use these users on multiple Applications to login.

For example i have an email server, a cloud storage and emby. Once i create a user in the LDAP, this user can login with the same password, in the Email Account, in the CloudStorage and now into Emby as well. There is no need to create this user in the Emby Settings again.

Want to change the password for one user in all 3 Applications? Just goto your ldap server, and change the password once!

(EDIT: this is careless simplified :) )

 

If you dont have an LDAP Server, dont worry about the feature. Then you dont need it.

If you curious and have money to burn and you are into closed source software try to use the microsoft Active Directory. Should be the easiest start.

If you curious and you dont have money to burn start with linux and an openLdap Server and a lot of time. If you have no clue its not easy to get into it.

    • e123enitan likes this

LDAP is a User Directory. You only have to maintain one list of users and use these users on multiple Applications to login.

For example i have an email server, a cloud storage and emby. Once i create a user in the LDAP, this user can login with the same password, in the Email Account, in the CloudStorage and now into Emby as well. There is no need to create this user in the Emby Settings again.

Want to change the password for one user in all 3 Applications? Just goto your ldap server, and change the password once!

(EDIT: this is careless simplified :) )

 

If you dont have an LDAP Server, dont worry about the feature. Then you dont need it.

If you curious and have money to burn and you are into closed source software try to use the microsoft Active Directory. Should be the easiest start.

If you curious and you dont have money to burn start with linux and an openLdap Server and a lot of time. If you have no clue its not easy to get into it.

Thanks, it's becoming clear, more like reduces redundancy, a better centralized user directory and control, and easy access in multi applications sort off. I will exploit it further if there is a benefits for clients either WAN/LAN

That should be the password for the "user" (aka "Bind DN") EMBY connects to the ldap server to query the directory.

If your LDAP supports anonymous queries (which should be deactivted, except your are on a testsystem or maybe on a localhost only environment) you should not need Bind DN and Bind Credentials.

Thank you for reply.
 
Sorry.
But I dont undestand  how to write the "user" and "password" or the user is hard coded in emby ?
 
I have in my active directory, one user eg:potato for read in directory with password eg:passwordatpotato
 
How to write input < potato_passwordatpotato > ?

I like the Idea of changing Default user settings. Is there any way to set this up with normal Emby user accounts? Or any plan to implement this if it does not already exist?

How great, how wonderful, now yes Emby left the others eating dust.
But...
Can anyone explain what this new feature does?
Thank you very much

 

Thank you for reply.
 
Sorry.
But I dont undestand  how to write the "user" and "password" or the user is hard coded in emby ?
 
I have in my active directory, one user eg:potato for read in directory with password eg:passwordatpotato
 
How to write input < potato_passwordatpotato > ?

 

Sorry, i am not sure if i understand your problem, but i will give it a try :)

Your LDAP user potato, does have a Distinguished Name (DN) It should look similar like that: "CN=Potato,OU=Users,DC=YOURDOMAIN,DC=COM"

You have to enter this DN into the "Bind DN" field. And your Password into "Bind Credentials" field.

Sorry, i am not sure if i understand your problem, but i will give it a try :)

Your LDAP user potato, does have a Distinguished Name (DN) It should look similar like that: "CN=Potato,OU=Users,DC=YOURDOMAIN,DC=COM"

You have to enter this DN into the "Bind DN" field. And your Password into "Bind Credentials" field.

you perfect answer to my question. thank you

Photo
robrhedrick
May 18 2018 11:14 AM

What ldap attributes are synced? Future support for thumbnailPhoto attribute?

    • pir8radio likes this

LDAP is a User Directory. You only have to maintain one list of users and use these users on multiple Applications to login.

For example i have an email server, a cloud storage and emby. Once i create a user in the LDAP, this user can login with the same password, in the Email Account, in the CloudStorage and now into Emby as well. There is no need to create this user in the Emby Settings again.

Want to change the password for one user in all 3 Applications? Just goto your ldap server, and change the password once!

(EDIT: this is careless simplified :) )

 

If you dont have an LDAP Server, dont worry about the feature. Then you dont need it.

If you curious and have money to burn and you are into closed source software try to use the microsoft Active Directory. Should be the easiest start.

If you curious and you dont have money to burn start with linux and an openLdap Server and a lot of time. If you have no clue its not easy to get into it.

 

Microsoft Active Directory isn't easy to setup either. Actually under Linux a simple no frills LDAP server is easier to setup and maintain than a full blown Microsoft Active Directory server. I speak from having managed it in an SMB and Enterprise environment. There are times I wanted to slap the designers and developers of AD for the choices they make and how unstable it could be at times.

There are a few good SMB Linux distros out there if you are wanting LDAP and SAMBA4/Active Directory setup. I would recommend looking at: ClearOS, Zentyal, NethServer and Univention. You can also get in to the whole Novell Directory Services (NDS) which is now owned by NetIQ and called eDirectory for hardcore directory services (X.500 Directory which includes DAP, which is a superset of LDAP). X.500 and the NDS are much better than Microsoft AD in my opinion but then Novell started doing directory services way before Microsoft. But I am starting to get way off topic here.

    • motey likes this

Awesome new feature! Will have to start testing. Any chance there is some kind of automated account deprovisioning after account is removed from LDAP or will we have to script that? Also can you set so LDAP users are hidden from login page by default? Prefer to have no users show (minor security through obfuscation).

This is a really cool feature for those IT folks among us with existing home labs.  For those that have tested this, and before I enable it - local accounts are unaffected and still work as before, correct?  With some applications (Zabbix comes to mind), local accounts can be made to work but require additional configuration.

 

Thanks!

Bill

Ldap is very niche.  If you don't know what it is, then I would be very surprised if you need it.  Simple as that really.  Many will know what it is (through work or heavy home hitters or something) but still not need it at home.

May 2020

S M T W T F S
     12
3456789
10111213141516
17181920212223
2425 26 27282930
31