After a long time of trying, I got the LDAP plugin to work with my Active Directory.
My set up is Windows Server 2019 with AD DC on server 1.
Emby server on server 1.
Exchange on server 2.
But one thing I'm seeing is that there is no option to deny users from converting media.
I don't want anyone to have convert rights.
Is this something that can be fixed or added to the plugin?
I just want them to be able to change bitrates as usual and watch what is on the server.
Converting is something that should be administrator level only.
Glad this works, now I can have users using one account for PC, emby, exchange.
Thanks for the great work.
Edit: I also see that while in Emby the user can't change their password, getting "Sign In Error Invalid username or password. Please try again"
Edit2: I got a PM for my config
LDAP Server url: (must be fully qualified domain name)
LDAP Server Port number:
SSL cert hash:
Havent tried yet
use ADSI edit to find the correct DN, this save me allot because before I was doing things clearly wrong.
So what ever user you created(doesn't have to be admin just a random user) find it with ADSI and use the string for it.
What ever password you used for the Bind DN user
User search base: (this is where I had the most issues, just keep it simple!!)
User search filter:(as mentioned by others but to my use case)
embysrv is a Group I made so that any users in that group have access to emby.
Copy what I have but use ADSI to find the proper name path for your group.
Thats it, the problem I was having is User search base going too deep. Just keep that simple to your domain name and have the filter look into the group for permissions.
Edited by zer0ish, 23 January 2020 - 07:01 PM.