Untoten 303 Posted April 19, 2018 Author Posted April 19, 2018 A new topic would probably be better, otherwise it's hard to assess the interest level for SSO vs LDAP. There could be a lot who are satisfied with what we've already done but that's difficult to measure. Fair enough, I will try to separate all the information and likes in a different topic. How hard would it be to just accept proxy/header auth? That could be a simple SSO solution that would not require a full up-to-spec SAML implementation. Thank you again for getting this done, with my poor luck I flew out to Denmark the day you released it and have not had a chance to try it yet haha.
Luke 40063 Posted May 16, 2018 Posted May 16, 2018 I've pushed an update to the LDAP plugin to allow you to specify the default libraries that an LDAP user should be given access to. Thanks !
doug.dimick 13 Posted June 14, 2018 Posted June 14, 2018 I'm trying to figure out where I can add my self-signed CA root cert so that I can use the LDAP plugin with SSL. In the Emby docker image there's /etc/ssl/certs/ca-certificates.crt but appending the certificate to that file doesn't appear to help. Where does Emby look for trusted CA certs?
Luke 40063 Posted June 14, 2018 Posted June 14, 2018 That's a good question. We haven't tested that sort of thing at this point.
doug.dimick 13 Posted June 15, 2018 Posted June 15, 2018 On another note, I generally permit ldap users to log in using either their uid/username or their email address. Emby treats those as two separate accounts, though. It would be nice if I could tell Emby to use a specific ldap field for the Emby-side account name. The below string works for authentication the way I want, I just wind up with both "doug" and "doug@my.org" as Emby accounts if I log in both ways. User search filter: (&(|(uid={0})(|(mailPrimaryAddress={0})(mail={0})))(memberof=cn=embyusers,cn=groups,cn=accounts,dc=my,dc=org))
Luke 40063 Posted June 15, 2018 Posted June 15, 2018 Hi, yes I agree that's a good idea as well. Thanks.
twinkybot 3 Posted June 4, 2019 Posted June 4, 2019 Nice work with the LDAP plugin Working like a charm.
metalcated 32 Posted August 30, 2019 Posted August 30, 2019 LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! I saw in the main thread SAML2 connectorIs that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks!
Luke 40063 Posted August 30, 2019 Posted August 30, 2019 LDAP works, but its simple and only one authentication method. Regardless kodos for making this happen! I saw in the main thread SAML2 connector Is that still something that is being considered? I would really like having that functionality to integrate Okta authentication as a means of logging in. Just curious. Thanks! I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks !
metalcated 32 Posted August 30, 2019 Posted August 30, 2019 I guess first we need to understand the demand for that compared to just having LDAP. Can you open a feature request topic for this? That will allow us to better measure it. Thanks ! https://emby.media/community/index.php?/topic/77083-saml2oauth-login-method-ie-okta/ Thanks!
nt-it-team 5 Posted February 5, 2020 Posted February 5, 2020 Hello, Will the LDAP integration continue to work after the changes due in March regarding LDAP signing? ref: https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows https://www.pkisolutions.com/reminder-ldap-signing-requirements-in-march-2020/
Luke 40063 Posted February 5, 2020 Posted February 5, 2020 Thanks for the info. I guess we'll find out as soon as we can test it. If it doesn't then we'll update the plugin.
andrew0404 13 Posted January 12, 2022 Posted January 12, 2022 I don't see a separate FR for SSO, did that not ever get created? 4 1
ryderjj89 33 Posted October 21, 2024 Posted October 21, 2024 On 6/15/2018 at 11:38 AM, doug.dimick said: On another note, I generally permit ldap users to log in using either their uid/username or their email address. Emby treats those as two separate accounts, though. It would be nice if I could tell Emby to use a specific ldap field for the Emby-side account name. The below string works for authentication the way I want, I just wind up with both "doug" and "doug@my.org" as Emby accounts if I log in both ways. User search filter: (&(|(uid={0})(|(mailPrimaryAddress={0})(mail={0})))(memberof=cn=embyusers,cn=groups,cn=accounts,dc=my,dc=org)) Just wanted to add that I tried using this but it also creates an account separately. The same user will have an account with their email and one with their username. Just had one of my users trying to login using his email but it kept failing, even though his account exists with his username. Was hoping after 6 years that would have been fixed.
Luke 40063 Posted November 8, 2024 Posted November 8, 2024 On 10/21/2024 at 8:10 AM, ryderjj89 said: Just wanted to add that I tried using this but it also creates an account separately. The same user will have an account with their email and one with their username. Just had one of my users trying to login using his email but it kept failing, even though his account exists with his username. Was hoping after 6 years that would have been fixed. Hi, we'll take a look at it. Thanks for reporting.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now