LDAP Plugin not working

[gianmarcomurru 1]

Hello! 

I am trying to configure the LDAP Plugin to work without success.

I have an Emby server and my LDAP server deployed as a docker container, they have access to the same docker network. I have ensured that the Emby container can reach the LDAP one successfully.
 

These are my settings on the LDAP Plugin:

If I run this from a docker container in the same network (I couldn’t install the required package openldap-clients on the Emby server container). As you see these settings are working here:

 

These are the logs related to the login attempt

2024-03-04 14:59:37.467 Error UserManager: Error authenticating with provider LDAP
*** Error Report ***
Version: 4.8.1.0
Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
Operating system: Linux version 6.1.64-Unraid (root@Develop-612) (gcc (GCC) 12.2.0, GNU ld version 2.40-slack151) #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023
Framework: .NET 6.0.25
OS/Process: x64/x64
Runtime: system/System.Private.CoreLib.dll
Processor count: 4
Data path: /config
Application path: /system
Novell.Directory.Ldap.LdapException: LdapException: Invalid Credentials (49) Invalid Credentials
LdapException: Matched DN:
Source: LDAP
TargetSite: Void ChkResultCode()
2024-03-04 14:59:37.468 Error DefaultAuthenticationProvider: Invalid username or password. No user named alessandro exists
2024-03-04 14:59:37.469 Error UserManager: Error authenticating with provider Default
*** Error Report ***
Version: 4.8.1.0
Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
Operating system: Linux version 6.1.64-Unraid (root@Develop-612) (gcc (GCC) 12.2.0, GNU ld version 2.40-slack151) #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023
Framework: .NET 6.0.25
OS/Process: x64/x64
Runtime: system/System.Private.CoreLib.dll
Processor count: 4
Data path: /config
Application path: /system
System.Exception: System.Exception: Invalid username or password.
at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser)
at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken)
Source: Emby.Server.Implementations
TargetSite: System.Threading.Tasks.Task`1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User)
2024-03-04 14:59:37.470 Warn Server: AUTH-ERROR: 162.154.134.188 - Invalid username or password entered.
2024-03-04 14:59:37.470 Error Server: Invalid username or password entered.

Any suggestion?
Thank you in advance

[Luke 37071]

Hi there, it looks like the ldap server is rejecting the login, no?

[gianmarcomurru 1]

On 04/03/2024 at 22:02, Luke said:

Hi there, it looks like the ldap server is rejecting the login, no?

Seems so but it’s quite hard to debug it. I logged in with the same credentials from a ldap client and I have the same setup on Jellyfin working fine. The LDAP server is reachable and the credentials are correct. Still throw that error, do you have perhaps suggestions on how debug it? 

Edited March 9 by gianmarcomurru

[gianmarcomurru 1]

Any suggestion @Luke?

[Luke 37071]

Are you able to get any logging or debug info from the LDAP server?

Also can you try this version of the LDAP plugin? We haven't updated the embedded ldap library in a while, so that's worth a shot:

LDAP.zip

Thanks.

[gianmarcomurru 1]

Hey!

After debugging more, I found this issue which was the user search filter. 

Here's the step I ran:

Run a container to test LDAP queries:

docker run -it --rm ubuntu /bin/bash # add <--network your_ldap_docker_network> if using a custom network

Run these to test your query:

apt-get update && apt-get install -y ldap-utils

ldapsearch \
  -x \
  -H ldap://authentik_ldap:3389 \
  -p 3389 \
  -w 'your_password' -D 'cn=bind_username,ou=users,DC=ldap,DC=goauthentik,DC=io' \
  -b 'OU=users,DC=ldap,DC=goauthentik,DC=io' \
  '(cn=username_of_user_you_are_looking_for)'

If you are using Authentik, these are the settings I am using:

@Lukethank you very much for your help and patience!