Just got around to testing it and it works great for me (local LDAP server without SSL)! Auto-provisioning works great. I have some notes/things I tested:
1) Changing password in Emby doesn't work, as expected. However, it just says something like "authentication failed, wrong username/password". Not sure if the plugin architecture allows this, but it'd be great to instead either hide that dialog or to set the message to "Your account/authentication provider doesn't allow changing your password in Emby. Please contact your administrator."
2) I keep getting getting a message that I need to restart my server to finish the LDAP plugin installation. However, when I do so, the message remains and a new notification with the same message appears. Not sure if this is a separate issue, haven't yet tried installing a different plugin to see if it happens for the other one as well. Edit: happens *ONLY* to LDAP, so this seems to an LDAP plugin bug
3) It'd be great to add provisioning settings: e.g. an option to automatically hide users that were added via the LDAP plugin from the login page.
Edit: the lack of this leads to probably the most important bug I've found: any LDAP provisioned users have media delete permissions, as that is enabled by default!
4) Existing users with names the same as those existing in the LDAP directory are automatically authenticated via LDAP once the plugin is installed. This is fine and actually exactly what I want in my use case, but it should probably be noted in the plugin description. As a precaution that this does not have any bad side-effects, I also tested what happens when the LDAP server goes down: Both prior/upgraded accounts and ldap-provisioned accounts can no longer login with their ldap password, their previous password, or an empty password. Exactly the way it should be, security-wise.
Edit2 5) Bug: with the LDAP plugin enabled, authentication does not work from the Android app. The log contains a lot of "MediaBrowser.Controller.Net.SecurityException: Access token has expired." this was a configuration error on my part
All the LDAP accounts seem to have a blue background (the same as the LDAP plugin background). That's a great little feature for getting an overview
Thank you for your hard work!
(This came out of my student budget!)
Edited by mueslo, 10 March 2018 - 07:09 PM.