Luke 37028 Posted March 6, 2018 Share Posted March 6, 2018 For those who run the beta server, if you'd like to be a part of a test group, then please see here: https://emby.media/community/index.php?/topic/56793-ldap-plugin/ Thanks ! Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 6, 2018 Share Posted March 6, 2018 Edit, no need for PM, please see my previous post for a link to the testing thread. Thanks. Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 6, 2018 Share Posted March 6, 2018 These are the settings that are available in the plugin setup screen: https://emby.media/community/index.php?/topic/56793-ldap-plugin/?p=553487 1 Link to comment Share on other sites More sharing options...
Untoten 295 Posted March 7, 2018 Author Share Posted March 7, 2018 (edited) These are the settings that are available in the plugin setup screen: https://emby.media/community/index.php?/topic/56793-ldap-plugin/?p=553487 @@Luke My god this is amazing i want to cry. I will try this when I am back in the states. Two questions: What is the current user sync workflow? A few of my systems have 100+ users who have set their own passwords, do you have any way to get the user credentials so we can manually add the users to our AD or a tool to do this? Edited March 7, 2018 by Untoten Link to comment Share on other sites More sharing options...
selfless 0 Posted March 7, 2018 Share Posted March 7, 2018 This is great, guys! Working like a charm with openldap. Is there a way not to show the users on the loginscreen by default? Link to comment Share on other sites More sharing options...
Untoten 295 Posted March 7, 2018 Author Share Posted March 7, 2018 This is great, guys! Working like a charm with openldap. Is there a way not to show the users on the loginscreen by default? That is what I am hoping comes of this. All user settings global with inheritance from group. Link to comment Share on other sites More sharing options...
ebr 14905 Posted March 7, 2018 Share Posted March 7, 2018 Please take specific questions and troubleshooting of the implementation to the beta thread. Thanks. Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 7, 2018 Share Posted March 7, 2018 @@Luke My god this is amazing i want to cry. I will try this when I am back in the states. Two questions: What is the current user sync workflow? A few of my systems have 100+ users who have set their own passwords, do you have any way to get the user credentials so we can manually add the users to our AD or a tool to do this? There is no sync. You just login and the user gets created on the emby side. 1 Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 7, 2018 Share Posted March 7, 2018 This is great, guys! Working like a charm with openldap. Is there a way not to show the users on the loginscreen by default? We will defer this to other feature requests, but yes. When the user gets automatically created, what we ought to have is the ability for you to specify the default set of settings that they get created with. So having those defaults for new users, that's something that can just go into the core server so that it benefits everyone. 1 Link to comment Share on other sites More sharing options...
Untoten 295 Posted March 7, 2018 Author Share Posted March 7, 2018 There is no sync. You just login and the user gets created on the emby side. What about 'transferring' existing users to LDAP from emby? Link to comment Share on other sites More sharing options...
mueslo 16 Posted March 7, 2018 Share Posted March 7, 2018 (edited) What about 'transferring' existing users to LDAP from emby? I doubt that will be implemented as that is a lot more effort than it's worth. You can do so manually, but only in the unlikely case that the Emby password hash/salt method is compatible with your LDAP server. Edited March 7, 2018 by mueslo Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 7, 2018 Share Posted March 7, 2018 Is it even necessary to transfer? I suppose the only reason would be to configure the user accounts before they are actually used. But is there any other reason beyond that? Link to comment Share on other sites More sharing options...
Untoten 295 Posted March 7, 2018 Author Share Posted March 7, 2018 (edited) Is it even necessary to transfer? I suppose the only reason would be to configure the user accounts before they are actually used. But is there any other reason beyond that? Mostly the fact that all the users have self-set passwords (I do not know them), since I could not enter an email for the users (the attribute only exists for emby connect) to send a recovery email, I would have to figure out who each person is and their contact. I can do it if needed, I am grateful this is being implemented at all, it was more food for thought. Again, I am so so so happy this day is here now. Edited March 7, 2018 by Untoten Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 7, 2018 Share Posted March 7, 2018 Mostly the fact that all the users have self-set passwords (I do not know them), since I could not enter an email for the users (the attribute only exists for emby connect) to send a recovery email, I would have to figure out who each person is and their contact. I can do it if needed, I am grateful this is being implemented at all, it was more food for thought. Again, I am so so so happy this day is here now. I still don't quite follow. Couldn't you just wait for them to login to Emby? At that point, the user in Emby will be created automatically once their LDAP authentication succeeds for the first time. Link to comment Share on other sites More sharing options...
Dibbes 431 Posted March 7, 2018 Share Posted March 7, 2018 Luke, since that's another user, you will have lost statuses and other settings. I was more thinking about the possibility to link an LDAP account with an Emby account so that you use the LDAP to login to the already existing Emby account, hence keeping settings, etc. but using LDAP credentials. Sent from my iPad using Tapatalk 2 Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 8, 2018 Share Posted March 8, 2018 Luke, since that's another user, you will have lost statuses and other settings. I was more thinking about the possibility to link an LDAP account with an Emby account so that you use the LDAP to login to the already existing Emby account, hence keeping settings, etc. but using LDAP credentials. Sent from my iPad using Tapatalk I think on the manage user screen we'll probably have a way to set the login provider for that user. that would allow you to change an existing user to ldap. 1 Link to comment Share on other sites More sharing options...
Dibbes 431 Posted March 8, 2018 Share Posted March 8, 2018 (edited) I installed the LDAP plugin without configuring it yet, and it seems that the users that have the same Emby username as the AD account now have to login with their AD password, where previously the password was blank. Is this expected behaviour? Note: - The OS of the Emby server is Windows 10 Pro x64 (fully updated) and part of the domain - The NSSM service is running with a domain admin account, so there are no access issues with the Synology boxes (which are also part of the AD) - None of the Emby users that have an equivalent (Same account name in both) in AD are Emby admins Edited March 8, 2018 by Dibbes Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 8, 2018 Share Posted March 8, 2018 If they don't have an authentication provider assigned yet then it should try both. Link to comment Share on other sites More sharing options...
Carlo 4330 Posted March 12, 2018 Share Posted March 12, 2018 If there was a "migrate" switch assigned to each user then Emby server could validate the login using the normal password in the DB and if successful reset the password in LDAP on behalf of the user. That's the cleanest way I can think to do it. 1 Link to comment Share on other sites More sharing options...
Luke 37028 Posted March 22, 2018 Share Posted March 22, 2018 The beta looks to be going well. You can now configure default user permissions for newly imported LDAP users, and the change password function is now supported as well. https://emby.media/community/index.php?/topic/56793-ldap-plugin/ Enjoy. Link to comment Share on other sites More sharing options...
Untoten 295 Posted April 7, 2018 Author Share Posted April 7, 2018 The beta looks to be going well. You can now configure default user permissions for newly imported LDAP users, and the change password function is now supported as well. https://emby.media/community/index.php?/topic/56793-ldap-plugin/ Enjoy. Although this is amazing, this request also encompasses SSO, as many users wanted that. So it is >50% done but many of the supporters of this thread do so for SSO. Not discounting your work, this is incredible and adds so many features that come from this, but just want to make it clear that this request is for both. Link to comment Share on other sites More sharing options...
Luke 37028 Posted April 7, 2018 Share Posted April 7, 2018 Thanks for the feedback. Link to comment Share on other sites More sharing options...
Luke 37028 Posted April 7, 2018 Share Posted April 7, 2018 Well you have to start somewhere. Link to comment Share on other sites More sharing options...
Untoten 295 Posted April 17, 2018 Author Share Posted April 17, 2018 Thanks for the feedback. can you change it from completed then lol Link to comment Share on other sites More sharing options...
Luke 37028 Posted April 17, 2018 Share Posted April 17, 2018 A new topic would probably be better, otherwise it's hard to assess the interest level for SSO vs LDAP. There could be a lot who are satisfied with what we've already done but that's difficult to measure. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now