Jump to content

Emby Blog

  • entries
    482
  • comments
    3710
  • views
    3051337

Contributors to this blog

  • Luke 322
  • ebr 64
  • 7illusions 15
  • ScottIsAFool 12
  • Abobader 11
  • radeon 9
  • xnappo 8
  • darwindeeds 7
  • Redshirt 6
  • Cheesegeezer 5
  • leedavies 3
  • Aphid 3
  • techywarrior 3
  • bigjohn 3
  • snazy2000 3
  • Soultaker 2
  • chef 2
  • gcw07 2
  • marcelveldt 1
  • hurricanehrndz 1

Introducing LDAP Support for Emby


Luke

7744 views

We're pleased to announce LDAP support for Emby Server, now supported by all Emby apps!

 

Installation

 

To setup LDAP, simply install the LDAP plugin from the Emby plugin catalog. This feature requires an active Emby Premiere subscription.

 

5afc7cb090c99_Untitled1.png

 

Then head over to your LDAP plugin configuration and setup the plugin to connect to your LDAP server:

 

5afc7d36523b8_Untitled1.png

 

Users are imported from LDAP as they sign into Emby. You can even set the default permissions for imported users:

 

5afc7dc51d737_Untitled1.png

 

Important: Users marked as administrators in Emby will always sign into Emby using Emby authentication, not LDAP. This policy is designed to avoid situations where you could potentially become locked out of your Emby Server due to an LDAP problem.

 

Let us know what you think and what improvements you'd like to see !

  • Like 4

18 Comments


Recommended Comments

Wohhoo! this one came unexpected. Nice! will deploy it next week. Emby was my last application with stand-alone user management. Thanks a lot!

Link to comment
jasonwilliams

Posted

Wow. This is next level for a media app. I didn't even know I wanted this until the announcement came out, and now I can never turn back.

 

Awesome. Just awesome.

Link to comment
very very very nice! good gob!!!!! Thanks a lot!

But I dont undestand to setup <Bind credentials:>

Link to comment

 

very very very nice! good gob!!!!! Thanks a lot!
But I dont undestand to setup <Bind credentials:>

 

That should be the password for the "user" (aka "Bind DN") EMBY connects to the ldap server to query the directory.

If your LDAP supports anonymous queries (which should be deactivted, except your are on a testsystem or maybe on a localhost only environment) you should not need Bind DN and Bind Credentials.

Link to comment
e123enitan

Posted

Luke, I'm a novice to ldap, I have read briefly about it but couldn't figure how this would improve or enhance my current setting. My server is on windows 7, clients on kodi Libreelec so what results should I expect once installed the plugin, my clients are both on LAN and WAN. 

Link to comment

LDAP is a User Directory. You only have to maintain one list of users and use these users on multiple Applications to login.

For example i have an email server, a cloud storage and emby. Once i create a user in the LDAP, this user can login with the same password, in the Email Account, in the CloudStorage and now into Emby as well. There is no need to create this user in the Emby Settings again.

Want to change the password for one user in all 3 Applications? Just goto your ldap server, and change the password once!

(EDIT: this is careless simplified :))

 

If you dont have an LDAP Server, dont worry about the feature. Then you dont need it.

If you curious and have money to burn and you are into closed source software try to use the microsoft Active Directory. Should be the easiest start.

If you curious and you dont have money to burn start with linux and an openLdap Server and a lot of time. If you have no clue its not easy to get into it.

  • Like 1
Link to comment
e123enitan

Posted

LDAP is a User Directory. You only have to maintain one list of users and use these users on multiple Applications to login.

For example i have an email server, a cloud storage and emby. Once i create a user in the LDAP, this user can login with the same password, in the Email Account, in the CloudStorage and now into Emby as well. There is no need to create this user in the Emby Settings again.

Want to change the password for one user in all 3 Applications? Just goto your ldap server, and change the password once!

(EDIT: this is careless simplified :))

 

If you dont have an LDAP Server, dont worry about the feature. Then you dont need it.

If you curious and have money to burn and you are into closed source software try to use the microsoft Active Directory. Should be the easiest start.

If you curious and you dont have money to burn start with linux and an openLdap Server and a lot of time. If you have no clue its not easy to get into it.

Thanks, it's becoming clear, more like reduces redundancy, a better centralized user directory and control, and easy access in multi applications sort off. I will exploit it further if there is a benefits for clients either WAN/LAN

Link to comment

That should be the password for the "user" (aka "Bind DN") EMBY connects to the ldap server to query the directory.

If your LDAP supports anonymous queries (which should be deactivted, except your are on a testsystem or maybe on a localhost only environment) you should not need Bind DN and Bind Credentials.

Thank you for reply.
 
Sorry.
But I dont undestand  how to write the "user" and "password" or the user is hard coded in emby ?
 
I have in my active directory, one user eg:potato for read in directory with password eg:passwordatpotato
 
How to write input < potato_passwordatpotato > ?
Link to comment
frankmomma

Posted

I like the Idea of changing Default user settings. Is there any way to set this up with normal Emby user accounts? Or any plan to implement this if it does not already exist?

Link to comment
CarlosLima

Posted

How great, how wonderful, now yes Emby left the others eating dust.
But...
Can anyone explain what this new feature does?
Thank you very much

Link to comment

 

Thank you for reply.
 
Sorry.
But I dont undestand  how to write the "user" and "password" or the user is hard coded in emby ?
 
I have in my active directory, one user eg:potato for read in directory with password eg:passwordatpotato
 
How to write input < potato_passwordatpotato > ?

 

Sorry, i am not sure if i understand your problem, but i will give it a try :)

Your LDAP user potato, does have a Distinguished Name (DN) It should look similar like that: "CN=Potato,OU=Users,DC=YOURDOMAIN,DC=COM"

You have to enter this DN into the "Bind DN" field. And your Password into "Bind Credentials" field.

Link to comment

Sorry, i am not sure if i understand your problem, but i will give it a try :)

Your LDAP user potato, does have a Distinguished Name (DN) It should look similar like that: "CN=Potato,OU=Users,DC=YOURDOMAIN,DC=COM"

You have to enter this DN into the "Bind DN" field. And your Password into "Bind Credentials" field.

you perfect answer to my question. thank you

Link to comment
robrhedrick

Posted

What ldap attributes are synced? Future support for thumbnailPhoto attribute?

  • Like 1
Link to comment
Protektor

Posted

LDAP is a User Directory. You only have to maintain one list of users and use these users on multiple Applications to login.

For example i have an email server, a cloud storage and emby. Once i create a user in the LDAP, this user can login with the same password, in the Email Account, in the CloudStorage and now into Emby as well. There is no need to create this user in the Emby Settings again.

Want to change the password for one user in all 3 Applications? Just goto your ldap server, and change the password once!

(EDIT: this is careless simplified :))

 

If you dont have an LDAP Server, dont worry about the feature. Then you dont need it.

If you curious and have money to burn and you are into closed source software try to use the microsoft Active Directory. Should be the easiest start.

If you curious and you dont have money to burn start with linux and an openLdap Server and a lot of time. If you have no clue its not easy to get into it.

 

Microsoft Active Directory isn't easy to setup either. Actually under Linux a simple no frills LDAP server is easier to setup and maintain than a full blown Microsoft Active Directory server. I speak from having managed it in an SMB and Enterprise environment. There are times I wanted to slap the designers and developers of AD for the choices they make and how unstable it could be at times.

 

There are a few good SMB Linux distros out there if you are wanting LDAP and SAMBA4/Active Directory setup. I would recommend looking at: ClearOS, Zentyal, NethServer and Univention. You can also get in to the whole Novell Directory Services (NDS) which is now owned by NetIQ and called eDirectory for hardcore directory services (X.500 Directory which includes DAP, which is a superset of LDAP). X.500 and the NDS are much better than Microsoft AD in my opinion but then Novell started doing directory services way before Microsoft. But I am starting to get way off topic here.

  • Like 1
Link to comment
Nanganator

Posted

Awesome new feature! Will have to start testing. Any chance there is some kind of automated account deprovisioning after account is removed from LDAP or will we have to script that? Also can you set so LDAP users are hidden from login page by default? Prefer to have no users show (minor security through obfuscation).

Link to comment
awdspyder

Posted

This is a really cool feature for those IT folks among us with existing home labs.  For those that have tested this, and before I enable it - local accounts are unaffected and still work as before, correct?  With some applications (Zabbix comes to mind), local accounts can be made to work but require additional configuration.

 

Thanks!

Bill

Link to comment

Ldap is very niche.  If you don't know what it is, then I would be very surprised if you need it.  Simple as that really.  Many will know what it is (through work or heavy home hitters or something) but still not need it at home.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...