Jump to content

Search the Community

Showing results for tags 'ldap'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android
    • Android TV / Fire TV
    • Windows & Xbox
    • Apple iOS / macOS
    • Apple TV
    • Kodi
    • LG Smart TV
    • Linux & Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Testing Area
    • WMC UI (Beta)
  • Other
    • Non-Emby General Discussion
    • Developer API
    • Hardware
    • Media Clubs

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 15 results

  1. CURRENT STATUS: SSO: Not yet planned LDAP: Development COMPLETED - BETA AVAILABLE >180 direct endorsements >30 MONTHS (>2.5 years) >12,000 views PLEASE BUMP - - - - - PLEASE LIKE - - - - - PLEASE BUMP - - - - - PLEASE LIKE - - - - - PLEASE BUMP This would greatly expand Emby's usage, and possibly more enterprise level adoption, user templating, user groups, SSO, etc. There are also users who have completely abandoned Emby and ended subscriptions due to the lack of this necessary basic functionality. Note: SAML2 is also part of this request. (header auth is also acceptable, at a minimum.) Context: I am trying to use something like openfire as a Instant Messaging solution which already supports LDAP and SAML2. So this would allow the current user of emby to seamlessly use web-based instant messenger with the same username and password as Emby without the need to enter them into a form. This would also allow universal login to be shared with my home PC's, Spiceworks, Ombii, Organizr, etc. The multitude of possible flexible functionality this could add is truly incredible. THIS NEEDS TO BE DONE, myself and others cannot manage a userbase with proprietary passwords for a single service (with no self-service password reset/recovery), when things that have only months of development implement it within days, easily. Status: LDAP - Development Completed - BETA AVAILABLE! Common LDAP solutions to test against:​Open LDAP​ (Open Source) [use this] ApacheDS OpenDJ 389 Directory Server Microsoft Active Directory SSL is NOT actually needed, but Emby team insisted on it anyways: Simply offering a toggle option for auth to send plaintext or encrypted passwords would work just fine. It is ironic to claim the need to be overly security conscious of user passwords, while lagging behind on basic SSL. If SAML is implemented, a SAML request/response can just be signed by an x509 and it is just as secure as TLS using SSL. SSL does not need to be natively supported, as it is perfectly possible to run it through an SSL reverse proxy tunnel and have the same effect. SSL Feature Request: https://emby.media/community/index.php?/topic/33983-ssl-integrationsupport/&do=findComment&comment=322526As of now username and password is encrypted client-side as security as SSL is not natively implemented. Emby team has said this impedes the adoption of both SSO and LDAP. Please see our SSL request topic; like, comment, and endorse it to show how many people would enjoy/gain from this basic security. Ways to satisfy this FR: Direct LDAP connector SAML2 connector General SSO functionality (SSO Header, etc) Allowing user header auth NGINX auth support RADIUS Authentication Other features that are inherently possible if this is implemented: Self service passwords Ability for users to invite users/guests Expiring Accounts (after duration/trigger) Unified credentials for many services Corporate level authentication security User groups Mass User management Update 1: I encourage others to work on this but I am currently seeing what I can do to develop a solution to this myself. If you have experience in this LDAP/SSO/SAML2/SSL/.NET contact myself, @@Luke, @@ebr or the Emby team to let them know, any help is greatly appreciated! By everyone! Update 2: I know there is always the question of "well how many users actually want/will use this", so I compiled a list of some of the other threads/sites where people request this (to apparently no effectiveness in motivating the team). Update 3 (18 MONTH UPDATE): This request has now hit 18 months in age, NO progress made thus far whatsoever. ( ) Update 4: This FR is now the 4th most liked post ON THE ENTIRE FORUM and the 3rd most liked FR ON THE ENTIRE FORUM (ever), the 1st most liked active FR ON THE ENTIRE FORUM and over 4000 views. Counting endorsements besides those on this thread show over 115 direct requests/endorsements for this basic functionality. Lets get this moving guys, this is getting to be a bit much. Almost 2 years waiting on this now. Source Update 5 (9/20/2017): This feature request is now the MOST DESIRED REQUEST EVER MADE TO EMBY, sadly, that has not merited any progress at all. The staff has been working on things they believe Emby users want or may want, but it is clear what people want. We can only hope now our wishes are respected instead of being told what we want and having our requests dismissed. Source Update 6 [2 year update] (10/17/2017): Two years and not a single bit of progress has been made. TWO YEARS!!! To say this is disappointing is an understatement. The entire reason I went from Plex to Emby was because of local user management. THIS IS THE ONLY REASON, so naturally I wanted to have complete control over my users, but after TWO YEARS, still nothing. Update 7 (3/6/2018): DEVELOPMENT HAS STARTED!!! Check Luke's recent comments, if you want to test it out, download the latest beta and install/configure the LDAP plugin to test and give feedback!!! Update 8 (4/6/2018): Development on the LDAP connector has completed from what I gather, not sure if this is only a beta or a primary release; SSO is still a plan for the future but has not been touched. Progress made by other users (looks to be nearly, if not fully complete): https://github.com/MediaBrowser/Emby/pull/1885 https://github.com/MediaBrowser/Emby/pull/2139 Exploits shown by other users against Emby (emphasizing the need for a centralized authentication solution): https://emby.media/community/index.php?/topic/12335-unauthenticated-access-over-the-internet-to-logs-folder/ https://emby.media/community/index.php?/topic/20376-all-folders-visible-to-all-users-after-upgrade/ Related FR that could be helpful: https://emby.media/community/index.php?/topic/46635-support-for-logging-users-in-though-url-scheme/?hl=user Any of these could be interesting to have compatibility with: http://lemonldap-ng.org/welcome/ https://github.com/Jasig/cas http://passportjs.org/ https://www.nginx.com/resources/admin-guide/restricting-access-auth-request/ LDAP/SSO/SAML Requests (~180 endorsements) [>12,000 views] > 95 endorsements on this post ~ 30 endorsementshttps://github.com/MediaBrowser/Emby/issues/1146 > 35 endorsementshttps://www.bountysource.com/issues/24943821-authenticate-users-using-ldap > 14 endorsements​https://feathub.com/tidusjar/Ombi/+122 > 4 endorsementshttps://www.reddit.com/r/emby/comments/5o44wd/creating_deleting_updating_users_with_the_api/ Interview, in article comments user said lack of LDAP STOPPED him from using Emby (Emby is actually losing customers due to the lack of this NECESSARY basic functionality):https://www.linux.com/news/software/multimedia/856128-exclusive-interview-emby-founder-luke-pulverenti Duplicate, user had no progress on first 2 posts (no one from Emby actually tracked this or even replied to him):http://emby.media/community/index.php?/topic/861-mb3-and-active-directory/ http://emby.media/community/index.php?/topic/867-mb3-and-active-directory/ Auth announcement, user 'Drashna' in comments requested LDAP/ADhttp://emby.media/community/index.php?/blog/1/entry-177-manage-your-home-with-emby-users/ Various similar requestshttps://github.com/MediaBrowser/Emby/issues/2494 https://github.com/MediaBrowser/Emby/issues/2493 https://forum.yunohost.org/t/integration-emby/912 http://emby.media/community/index.php?/topic/13081-active-directory-integration/ http://emby.media/community/index.php?/topic/11200-media-browser-3-server-ldap-active-directory/ External SQL auth request:http://emby.media/community/index.php?/topic/27986-emby-and-shared-mysql-database/ http://emby.media/community/index.php?/topic/23509-authenticate-users-via-external-mysql-database/ http://emby.media/community/index.php?/topic/12001-external-login-to-mysql/ #ADFS #SSO #LDAP #ActiveDirectory #MSAD #SAML #SAML2.0 #SAML1.1 #PingFederate #OKTA #LemonLDAP #JASIG #authentication #auth #TLS #SSL #Usergroup #usertemplate #header #authheader #headerauth #security #hardening #authhardening #authenticationheader #externalauth #centralauth #centralizedauth #centralizeddb #exploit #authexploit #security #loginhardening #authenticationhardening #accesscontrol #.NET #SelfService #RADIUS
  2. gianmarcomurru

    LDAP Plugin not working

    Hello! I am trying to configure the LDAP Plugin to work without success. I have an Emby server and my LDAP server deployed as a docker container, they have access to the same docker network. I have ensured that the Emby container can reach the LDAP one successfully. These are my settings on the LDAP Plugin: If I run this from a docker container in the same network (I couldn’t install the required package openldap-clients on the Emby server container). As you see these settings are working here: These are the logs related to the login attempt 2024-03-04 14:59:37.467 Error UserManager: Error authenticating with provider LDAP *** Error Report *** Version: 4.8.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Linux version 6.1.64-Unraid (root@Develop-612) (gcc (GCC) 12.2.0, GNU ld version 2.40-slack151) #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023 Framework: .NET 6.0.25 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 4 Data path: /config Application path: /system Novell.Directory.Ldap.LdapException: LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Matched DN: Source: LDAP TargetSite: Void ChkResultCode() 2024-03-04 14:59:37.468 Error DefaultAuthenticationProvider: Invalid username or password. No user named alessandro exists 2024-03-04 14:59:37.469 Error UserManager: Error authenticating with provider Default *** Error Report *** Version: 4.8.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Linux version 6.1.64-Unraid (root@Develop-612) (gcc (GCC) 12.2.0, GNU ld version 2.40-slack151) #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023 Framework: .NET 6.0.25 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 4 Data path: /config Application path: /system System.Exception: System.Exception: Invalid username or password. at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser) at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: System.Threading.Tasks.Task`1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User) 2024-03-04 14:59:37.470 Warn Server: AUTH-ERROR: 162.154.134.188 - Invalid username or password entered. 2024-03-04 14:59:37.470 Error Server: Invalid username or password entered. Any suggestion? Thank you in advance
  3. When the ldap plug-in connects to the active directory, "Login Error: Invalid user name or password, please try again" is displayed for login. Emby Premiere version: 4.8.30 ldap plugin verison:1.0.43.0 AD: Windows server 2016 LDAP Pugin Config: ADSI EDIT embyserver.txt
  4. Hello together, I connected my Emby instance to my Active Directory for providing User Authentication within Emby. Everything works fine in this aspect. But when I try to change my password from within Emby, I always get the error "Insufficient access rights". In the Emby server logs there is an LdapExemption stating: 2023-06-14 16:18:31.377 Info UserManager: Authentication request for abc has succeeded. 2023-06-14 16:18:31.390 Error Server: Error processing request *** Error Report *** Version: 4.7.13.0 Command line: /app/emby/EmbyServer.dll -programdata /config -ffdetect /app/emby/ffdetect -ffmpeg /app/emby/ffmpeg -ffprobe /app/emby/ffprobe -restartexitcode 3 Operating system: Linux version 4.18.0-477.10.1.el8_8.x86_64 (mockbuild@x86-vm-07.build.eng.bos.redhat.com) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-18) (GCC)) #1 SMP Framework: .NET 6.0.14 OS/Process: x64/x64 Runtime: app/emby/System.Private.CoreLib.dll Processor count: 12 Data path: /config Application path: /app/emby Novell.Directory.Ldap.LdapException: LdapException: Insufficient Access Rights (50) Insufficient Access Rights LdapException: Server Message: 00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 LdapException: Matched DN: Source: LDAP TargetSite: Void ChkResultCode() I tried to investigate this issue and captured the raw network traffic for this. This showed, that showed the following procedure: 1. Lookup user DN using the BindDN configured in the Emby LDAP plugin 2. Create a new LDAP Bind context for the currently logged in user using the entered "Actual password" for verifying this actual password 3. Terminate this user bind context 4. Try to change the modify the user's password using a new LDAP Bind context for the configured BindDN from the Emby LDAP plugin In common settings, so it is in my setup, this statically configured BindDN is an unprivileged "LDAP search user" (in former times often an anonymous context was used for that). Obviously, this search user doesn't have the permission to change other user's passwords. As you are already creating a "personal LDAP context" for verifying the actual password of the logged in user, why you are not simply using this authorized context for modifying the user's password ? From a conceptual point of view with respect to security, this is common practice to have an unprivileged search user and user's tasks are accomplished in an authorized personal LDAP context. Thanks and have a nice day
  5. dylan62370

    LDAP extension Error

    Hello, I currently have a Windows server that runs an Active Directory (AD). All my Linux services (Gitlab, Grafana, etc...) are connected to my AD. It works perfectly, but I can't connect my Emby to it. I installed the LDAP extension and configured everything and when I choose the user it says "Incorrect username or password. Try again." It doesn't even load in 2 seconds it shows this is if I change the IP it's the same.... However if I ping the LDAP no problem it pings so it reaches the LDAP.
  6. When Library Access is set to Enable access to all libraries, everything works as expected : Newly created users through LDAP get all library access granted. However, if you wish to select libraries, then the newly created user gets no library access at all. Emby version 4.8.0.9 (beta) LDAP plugin version 1.0.40.0
  7. nt-it-team

    LDAP plugin - New user defaults

    Hello, We have successfully configured the LDAP plugin. We have multiple users at different ages. Is it possible to set the "Maximum allowed parental rating" to a particular rating for users created through the LDAP plugin? Thanks.
  8. From LDAP test-thread: For greater compatibility, can STARTTLS be implemented? It would save a lot of time mucking about with certificates when using MS AD. This is running perfectly with a Wordpress plugin I'm using. Only had to enter the DC IP, Base DN and credentials and up and running within a minute.
  9. HI Everyone, The LDAP plugin is just amazing and would like to congratulated the designer, we are a large secondary school and use Emby as our main media library, there are a couple of things which would be great to have as options within the LDAP plugin 'New User Defaults' settings. By default the following settings are enabled for any new registered user. Allow Media Conversion Allow social media sharing At the moment we have to check everyday to see if a user has registered and then untick the 2 above options. Is there a way this could be added as an option to the New User Defaults section of the LDAP plugin.
  10. Codeh

    LDAP Authentication Failure

    Hello, I'm having difficulty authenticating via LDAP through the Roku client. I am able to authenticate through the web browser, and I am 100% sure that I am entering the correct password. Attached is my embyserver.txt. I noticed that when attempting to authenticate through the Roku a post request to https://connect.emby.media/service/user/authenticate is logged. Emby Version 3.5.3.0 Roku Version 3.0.111 Roku Express+ Both Emby + OpenLDAP are running inside of docker containers. Please help me debug this! Not sure how long my parents will go without entertainment! Thanks embyserver.txt
  11. Kimballslice1890

    LDAP Question

    Setting up a test machine at work with LDAP integration. it said something about 14 day trial when I installed the plugin but said it was expired before even installing? is Emby Premiere required for LDAP to work? I personally am an Emby Premiere member but until my employer can confirm that the LDAP integration is working as intended, we are doing test runs before subscribing.
  12. albertocastillo2001

    LDAP or any other authentication system?

    Hello I would like to know if this software supports LDAP auth based in groups or any other method of authentication I would like to share the user credentials between different apps Thank you.
  13. Kimballslice1890

    Local Bandwidth Limit

    I had made a prior post requesting LDAP support and was sent to the very large thread that I liked for contribution in my desire to have this support. In the meantime, I am attempting to setup Emby as a replacement for my job's current broadcast system in place. I am looking to limit Local bandwidth to 4mbps per device. I noticed that devices are direct streaming and when looking into this, I saw that all settings to limit bandwidth are for external connections only. Is there a way to limit bandwidth for internal/local connections? If not is there a thread I can post on to request such a feature?
  14. Kimballslice1890

    Emby in Enterprise Environment

    So I work in the IT department at a pretty large school district. We currently have a very painful TV and broadcast system in place that no one seems to have the time to address a better solution. Being I use Emby and am a premiere member and love it, I feel that emby could come into play here. Main question here before moving further, is there any way to sync up Emby to LDAP? maybe active directory? Reason I ask is there are multiple buildings and we would be re-purposing soon to be replaced domain controllers as the Emby servers per site. It would render the solution almost unusable if we had to make changes on each remote site every time adding, removing, or modifying a user (people come and go). I guess this would be like a roaming profile in a sense? For example, If user is at Elementary 1 and goes to Middle School 2, then said user can still log in and access the local content and whatever wide area content is chosen to be available across all servers. Thoughts? Suggestions? Or am I shooting too high on this one?
  15. Untoten

    SSL Integration/Support

    Status: Initiated Blueprint Luke has investigated this, unclear the progress on universal development. App devs have not begun dev for this. Once Luke builds core compatibility it may be 3+ months before app/client SSL adoption. Spread the word! Let's make it known how many Emby users would love to see this feature! I have seen scattered, unorganized requests for this that seemed to die, so this will serve to centralize all support for SSL and to track responses/feedback. This is to request Emby support SSL, both app and web client to server. This would be for Emby Connect setups as well as local user setup. Current Plan: Utilize Lets Encrypt (https://letsencrypt.org/) to allow automated endoint encryption. Luke is currently looking for members that may be able to help automate this at server endpoints. Possible Solutions include subdomains for each client (ex. customer.emby.media) or custom domains for each customer such as DyDNS. Reasons for this: Secure activity/traffic between client and server Allows passwords to be passed plain text from client to server. Would allow development of SSO/LDAP authentication solutions. Please see and support our topic linked below:https://emby.media/community/index.php?/topic/26495-ldap-support/ What is done: Enhanced SSL support on mobile application What is needed: Core universal SSL support App supported SSL Web-app supported SSL Authentication passed over SSL to allow plaintext passwords
×
×
  • Create New...