Jump to content
Untoten

Centralized Authentication Functionality (LDAP/SSO/HTML Header/RADIUS) [DEVELOPMENT STARTED]

Recommended Posts

Untoten

A new topic would probably be better, otherwise it's hard to assess the interest level for SSO vs LDAP. There could be a lot who are satisfied with what we've already done but that's difficult to measure.

Fair enough, I will try to separate all the information and likes in a different topic.  How hard would it be to just accept proxy/header auth?  That could be a simple SSO solution that would not require a full up-to-spec SAML implementation.

 

Thank you again for getting this done, with my poor luck I flew out to Denmark the day you released it and have not had a chance to try it yet haha.

Share this post


Link to post
Share on other sites
Luke

I've pushed an update to the LDAP plugin to allow you to specify the default libraries that an LDAP user should be given access to. Thanks !

Share this post


Link to post
Share on other sites
doug.dimick

I'm trying to figure out where I can add my self-signed CA root cert so that I can use the LDAP plugin with SSL. In the Emby docker image there's /etc/ssl/certs/ca-certificates.crt but appending the certificate to that file doesn't appear to help. Where does Emby look for trusted CA certs?

Share this post


Link to post
Share on other sites
Luke

That's a good question. We haven't tested that sort of thing at this point.

Share this post


Link to post
Share on other sites
doug.dimick

On another note, I generally permit ldap users to log in using either their uid/username or their email address. Emby treats those as two separate accounts, though. It would be nice if I could tell Emby to use a specific ldap field for the Emby-side account name. The below string works for authentication the way I want, I just wind up with both "doug" and "doug@my.org" as Emby accounts if I log in both ways.

 

User search filter:

(&(|(uid={0})(|(mailPrimaryAddress={0})(mail={0})))(memberof=cn=embyusers,cn=groups,cn=accounts,dc=my,dc=org))

Share this post


Link to post
Share on other sites
Luke

Hi, yes I agree that's a good idea as well. Thanks.

Share this post


Link to post
Share on other sites
twinkybot

Nice work with the LDAP plugin :)

Working like a charm.

Share this post


Link to post
Share on other sites
metalcated

LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! :) 


 


I saw in the main thread 


  • SAML2 connector

Is that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks!


Share this post


Link to post
Share on other sites
Luke

 

LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! :)

 

I saw in the main thread 

  • SAML2 connector

Is that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks!

 

 

I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks !

Share this post


Link to post
Share on other sites
Luke

Thanks for the info. I guess we'll find out as soon as we can test it. If it doesn't then we'll update the plugin.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...