Jump to content


Photo

LDAP Plugin


  • Please log in to reply
278 replies to this topic

#201 MathewW_MNF OFFLINE  

MathewW_MNF

    Member

  • Members
  • 14 posts
  • Local time: 10:56 AM

Posted 21 January 2019 - 11:09 PM

No idea, we're using a 2016 level AD as well. Once I switched to samAccountName it all worked fine, a quick Google search tells me I should probably use userPrincipalName in modern systems instead.



#202 otispresley OFFLINE  

otispresley

    Advanced Member

  • Members
  • 156 posts
  • Local time: 06:56 PM
  • LocationApex, NC

Posted 21 January 2019 - 11:19 PM

No idea, we're using a 2016 level AD as well. Once I switched to samAccountName it all worked fine, a quick Google search tells me I should probably use userPrincipalName in modern systems instead.

 

I just tried, but userPrincipalName did not work for me. sAMAccountName works just the same as cn for me.


Edited by otispresley, 21 January 2019 - 11:19 PM.


#203 MathewW_MNF OFFLINE  

MathewW_MNF

    Member

  • Members
  • 14 posts
  • Local time: 10:56 AM

Posted 21 January 2019 - 11:20 PM

Interesting, and your full name and usernames aren't the same?



#204 otispresley OFFLINE  

otispresley

    Advanced Member

  • Members
  • 156 posts
  • Local time: 06:56 PM
  • LocationApex, NC

Posted 21 January 2019 - 11:24 PM

Interesting, and your full name and usernames aren't the same?

 

I have a mix. Some are the same and some aren't. My account that I use for testing is not the same.



#205 centuryx476 OFFLINE  

centuryx476

    Advanced Member

  • Members
  • 53 posts
  • Local time: 05:56 PM

Posted 21 January 2019 - 11:26 PM

I will try these out and get back to you

 

Thanks


  • MathewW_MNF likes this

#206 MathewW_MNF OFFLINE  

MathewW_MNF

    Member

  • Members
  • 14 posts
  • Local time: 10:56 AM

Posted 22 January 2019 - 12:25 AM

I have a mix. Some are the same and some aren't. My account that I use for testing is not the same.

Yeah weird, I've got no idea then, I thought I had it worked out :P

 

Mine works so I'm not touching it again :D



#207 otispresley OFFLINE  

otispresley

    Advanced Member

  • Members
  • 156 posts
  • Local time: 06:56 PM
  • LocationApex, NC

Posted 22 January 2019 - 08:47 AM

Yeah weird, I've got no idea then, I thought I had it worked out :P

 

Mine works so I'm not touching it again :D

 

I don't blame you at all. I did leave mine with sAMAccountName though.



#208 centuryx476 OFFLINE  

centuryx476

    Advanced Member

  • Members
  • 53 posts
  • Local time: 05:56 PM

Posted 22 January 2019 - 06:55 PM

Hello,

I was able to figure it out.

It was two issues that were happening.

 

First: My "Bind DN" was wrong, I was missing an "OU" variable in the string.

Second: The User search Base: I also had it wrong, I was searching in the wrong AD and I totally missed it in the string.

 

Edit 1: I noticed a small I guess you can call it a "bug"
When creating a new user and then selecting the type of "Authentication" I will select "LDAP" and then hit Save, but when I will go back to the user it will default back to the original Authentication method.

I had to change it again and hit save and then it Saved properly. Not sure if the error is between the keyboard and chair or a small bug, I dont know

 

Edit 2: I also noticed that the only way the sign in works is if I use the "Full Name" to sign in and not the "Logon Name",

Is their a way around this ?

 

 

Thank you All for your assistance.

The creator of this plugin, you are a saint as this is "EXACTLY" what I was looking for in a media player. Many other media players do not offer any type of LDAP support and never plan on giving support


Edited by centuryx476, 22 January 2019 - 07:10 PM.

  • cayars likes this

#209 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 156702 posts
  • Local time: 06:56 PM

Posted 22 January 2019 - 07:18 PM

Thanks for the feedback !



#210 MathewW_MNF OFFLINE  

MathewW_MNF

    Member

  • Members
  • 14 posts
  • Local time: 10:56 AM

Posted 22 January 2019 - 07:19 PM

Agreed that was the deciding factor for us to buy Emby over other media centres as well. LDAP support was critical for a company of 500.



#211 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 156702 posts
  • Local time: 06:56 PM

Posted 05 February 2019 - 02:14 AM

@Fug1, please try this version. There is an option on the config screen to specify the cert hash. Thanks.

Attached Files

  • Attached File  LDAP.zip   98.15KB   6 downloads


#212 Fug1 OFFLINE  

Fug1

    Newbie

  • Members
  • 7 posts
  • Local time: 05:56 PM

Posted 05 February 2019 - 06:08 PM

@Luke, I installed the plugin and see the option to add the certificate hash. I ran sha1sum on my LDAP certificate, put the result in that field and restarted emby-server. But I'm seeing the same thing with LDAP using SSL. Here's the emby log entry:

2019-02-05 17:05:05.297 Error UserManager: Error authenticating with provider LDAP
	*** Error Report ***
	Version: 4.0.1.0
	Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_amd64.deb
	Operating system: Unix 4.15.18.9
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: True
	Processor count: 16
	Program data path: /var/lib/emby
	Application directory: /opt/emby-server/system
	System.Security.Authentication.AuthenticationException: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
	   at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap(Task task, Int32 timeout)
	   at Novell.Directory.Ldap.Connection.Connect(String host, Int32 port, Int32 semaphoreId)
	   at Novell.Directory.Ldap.LdapConnection.Connect(String host, Int32 port)
	   at LDAP.AuthenticationProvider.Authenticate(String username, String password)
	   at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)
	Source: LDAP
	TargetSite: Void WaitAndUnwrap(System.Threading.Tasks.Task, Int32)
	   at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap(Task task, Int32 timeout)
	   at Novell.Directory.Ldap.Connection.Connect(String host, Int32 port, Int32 semaphoreId)
	   at Novell.Directory.Ldap.LdapConnection.Connect(String host, Int32 port)
	   at LDAP.AuthenticationProvider.Authenticate(String username, String password)
	   at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)

Edited by Fug1, 05 February 2019 - 06:10 PM.


#213 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 156702 posts
  • Local time: 06:56 PM

Posted 05 February 2019 - 06:52 PM

Can you please attach the complete log file? thanks.



#214 Fug1 OFFLINE  

Fug1

    Newbie

  • Members
  • 7 posts
  • Local time: 05:56 PM

Posted 05 February 2019 - 09:25 PM

@Luke, here you go. User1 is a local user (succeeds), User2 is an LDAP user (fails).

Attached Files



#215 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 12:56 AM

Posted 12 February 2019 - 02:59 PM

Hi, regarding my issue with the self-signed certificate running ActiveDirectoryServer and Emby locally on my NAS, I was just redirected to this topic... Thanks @Luke :)
I will give it a try with the mentioned LDAP.dll - but... can anyone tell me, how I can replace the existing file within the installation of my Synology? ^^

 

Haven't done those things until now... so sorry, if this question sounds kinda stupid :D



#216 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 12:56 AM

Posted 13 February 2019 - 08:09 AM

Hi all,

so - I have now installed the LDAP.dll on my NAS - but unfortunately, I am getting the same error again :-(

System.Security.Authentication.AuthenticationException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

Also, I have now switched my certificate from a self-signed one to a Let's encrypt... still getting the same error :-(


Edited by CChris, 13 February 2019 - 10:08 AM.


#217 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 12:56 AM

Posted 13 February 2019 - 01:23 PM

going small steps forward...

Since I am using my Emby locally on my Synology NAS, I've decided to do some trials with a local windows installation.
Therefore, I am just using the portable version and set up my LDAP there.

EDIT:
Finally, I've got my installation on the computer running correctly.
In fact, it was an issue with the other settings in my LDAP configuration.

Now, the only issue left is with my installation on synology... :-/


Edited by CChris, 13 February 2019 - 04:54 PM.


#218 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 12:56 AM

Posted 14 February 2019 - 10:07 AM

Probably an issue with mono.btls provider?

 

https://stackoverflo...nssl-internalce



#219 scyto OFFLINE  

scyto

    Newbie

  • Members
  • 7 posts
  • Local time: 02:56 PM

Posted 15 February 2019 - 09:55 PM

I just set this up on my Synology, I don’t get the SSL cert error at all. I am using windows server 2019 and a comodo wildcard cert on all my machines and emby.
When I enable SSL and change port to 636 I get the following error.

Novell.Directory.Ldap.LdapException: LdapException: Unable to connect to server 192.168.1.35:636 (91) Connect Error
System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer. ---> System.Net.Sockets.SocketException: Connection reset by peer
at System.Net.Sockets.Socket.EndReceive (System.IAsyncResult asyncResult) [0x00012] in <06b225350c3541b2a422a59539189a6b>:0
at System.Net.Sockets.NetworkStream.EndRead (System.IAsyncResult asyncResult) [0x00057] in <06b225350c3541b2a422a59539189a6b>:0
--- End of inner exception stack trace ---

Edited by scyto, 15 February 2019 - 10:28 PM.


#220 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 12:56 AM

Posted 16 February 2019 - 07:07 AM

I also got this error during my initial setup, but LDAP is running on my Synology - not on a Windows Server.

As far as I can remember, I got this error while using either port 636 without enabled "use SSL" checkbox, or using port 389 which enabled  "use SSL" checkbox...
And as far as I know, this error means, that the application could not establish a TLS secured connection to the LDAP Server before using the SSL secured connection.

TLS will be used in the first way - to request the certificate information - and then, the connection will be switched to SSL.

But - to be honest: I'm not as deep into this certificate and encryption details. So it might be, that I'm wrong :-/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users