Untoten 296 Posted April 19, 2018 Author Share Posted April 19, 2018 A new topic would probably be better, otherwise it's hard to assess the interest level for SSO vs LDAP. There could be a lot who are satisfied with what we've already done but that's difficult to measure. Fair enough, I will try to separate all the information and likes in a different topic. How hard would it be to just accept proxy/header auth? That could be a simple SSO solution that would not require a full up-to-spec SAML implementation. Thank you again for getting this done, with my poor luck I flew out to Denmark the day you released it and have not had a chance to try it yet haha. Link to comment Share on other sites More sharing options...
Luke 37049 Posted May 16, 2018 Share Posted May 16, 2018 I've pushed an update to the LDAP plugin to allow you to specify the default libraries that an LDAP user should be given access to. Thanks ! Link to comment Share on other sites More sharing options...
doug.dimick 12 Posted June 14, 2018 Share Posted June 14, 2018 I'm trying to figure out where I can add my self-signed CA root cert so that I can use the LDAP plugin with SSL. In the Emby docker image there's /etc/ssl/certs/ca-certificates.crt but appending the certificate to that file doesn't appear to help. Where does Emby look for trusted CA certs? Link to comment Share on other sites More sharing options...
Luke 37049 Posted June 14, 2018 Share Posted June 14, 2018 That's a good question. We haven't tested that sort of thing at this point. Link to comment Share on other sites More sharing options...
doug.dimick 12 Posted June 15, 2018 Share Posted June 15, 2018 On another note, I generally permit ldap users to log in using either their uid/username or their email address. Emby treats those as two separate accounts, though. It would be nice if I could tell Emby to use a specific ldap field for the Emby-side account name. The below string works for authentication the way I want, I just wind up with both "doug" and "doug@my.org" as Emby accounts if I log in both ways. User search filter: (&(|(uid={0})(|(mailPrimaryAddress={0})(mail={0})))(memberof=cn=embyusers,cn=groups,cn=accounts,dc=my,dc=org)) Link to comment Share on other sites More sharing options...
Luke 37049 Posted June 15, 2018 Share Posted June 15, 2018 Hi, yes I agree that's a good idea as well. Thanks. Link to comment Share on other sites More sharing options...
twinkybot 3 Posted June 4, 2019 Share Posted June 4, 2019 Nice work with the LDAP plugin Working like a charm. Link to comment Share on other sites More sharing options...
metalcated 22 Posted August 30, 2019 Share Posted August 30, 2019 LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! I saw in the main thread SAML2 connectorIs that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks! Link to comment Share on other sites More sharing options...
Luke 37049 Posted August 30, 2019 Share Posted August 30, 2019 LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! I saw in the main thread SAML2 connector Is that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks! I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks ! Link to comment Share on other sites More sharing options...
metalcated 22 Posted August 30, 2019 Share Posted August 30, 2019 I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks ! https://emby.media/community/index.php?/topic/77083-saml2oauth-login-method-ie-okta/ Thanks! Link to comment Share on other sites More sharing options...
nt-it-team 1 Posted February 5, 2020 Share Posted February 5, 2020 Hello, Will the LDAP integration continue to work after the changes due in March regarding LDAP signing? ref: https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows https://www.pkisolutions.com/reminder-ldap-signing-requirements-in-march-2020/ Link to comment Share on other sites More sharing options...
Luke 37049 Posted February 5, 2020 Share Posted February 5, 2020 Thanks for the info. I guess we'll find out as soon as we can test it. If it doesn't then we'll update the plugin. Link to comment Share on other sites More sharing options...
andrew0404 12 Posted January 12, 2022 Share Posted January 12, 2022 I don't see a separate FR for SSO, did that not ever get created? 4 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now