Search the Community
Showing results for tags 'active directory'.
-
When the ldap plug-in connects to the active directory, "Login Error: Invalid user name or password, please try again" is displayed for login. Emby Premiere version: 4.8.30 ldap plugin verison:1.0.43.0 AD: Windows server 2016 LDAP Pugin Config: ADSI EDIT embyserver.txt
- 6 replies
-
- ldap
- active directory
-
(and 1 more)
Tagged with:
-
Hello together, I connected my Emby instance to my Active Directory for providing User Authentication within Emby. Everything works fine in this aspect. But when I try to change my password from within Emby, I always get the error "Insufficient access rights". In the Emby server logs there is an LdapExemption stating: 2023-06-14 16:18:31.377 Info UserManager: Authentication request for abc has succeeded. 2023-06-14 16:18:31.390 Error Server: Error processing request *** Error Report *** Version: 4.7.13.0 Command line: /app/emby/EmbyServer.dll -programdata /config -ffdetect /app/emby/ffdetect -ffmpeg /app/emby/ffmpeg -ffprobe /app/emby/ffprobe -restartexitcode 3 Operating system: Linux version 4.18.0-477.10.1.el8_8.x86_64 (mockbuild@x86-vm-07.build.eng.bos.redhat.com) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-18) (GCC)) #1 SMP Framework: .NET 6.0.14 OS/Process: x64/x64 Runtime: app/emby/System.Private.CoreLib.dll Processor count: 12 Data path: /config Application path: /app/emby Novell.Directory.Ldap.LdapException: LdapException: Insufficient Access Rights (50) Insufficient Access Rights LdapException: Server Message: 00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 LdapException: Matched DN: Source: LDAP TargetSite: Void ChkResultCode() I tried to investigate this issue and captured the raw network traffic for this. This showed, that showed the following procedure: 1. Lookup user DN using the BindDN configured in the Emby LDAP plugin 2. Create a new LDAP Bind context for the currently logged in user using the entered "Actual password" for verifying this actual password 3. Terminate this user bind context 4. Try to change the modify the user's password using a new LDAP Bind context for the configured BindDN from the Emby LDAP plugin In common settings, so it is in my setup, this statically configured BindDN is an unprivileged "LDAP search user" (in former times often an anonymous context was used for that). Obviously, this search user doesn't have the permission to change other user's passwords. As you are already creating a "personal LDAP context" for verifying the actual password of the logged in user, why you are not simply using this authorized context for modifying the user's password ? From a conceptual point of view with respect to security, this is common practice to have an unprivileged search user and user's tasks are accomplished in an authorized personal LDAP context. Thanks and have a nice day
-
Hello, I currently have a Windows server that runs an Active Directory (AD). All my Linux services (Gitlab, Grafana, etc...) are connected to my AD. It works perfectly, but I can't connect my Emby to it. I installed the LDAP extension and configured everything and when I choose the user it says "Incorrect username or password. Try again." It doesn't even load in 2 seconds it shows this is if I change the IP it's the same.... However if I ping the LDAP no problem it pings so it reaches the LDAP.
- 14 replies
-
- ldap
- active directory
-
(and 1 more)
Tagged with:
-
From LDAP test-thread: For greater compatibility, can STARTTLS be implemented? It would save a lot of time mucking about with certificates when using MS AD. This is running perfectly with a Wordpress plugin I'm using. Only had to enter the DC IP, Base DN and credentials and up and running within a minute.
-
Setting up a test machine at work with LDAP integration. it said something about 14 day trial when I installed the plugin but said it was expired before even installing? is Emby Premiere required for LDAP to work? I personally am an Emby Premiere member but until my employer can confirm that the LDAP integration is working as intended, we are doing test runs before subscribing.
- 1 reply
-
- LDAP
- Active Directory
-
(and 1 more)
Tagged with: