Jump to content


Photo

LDAP Configuration


  • Please log in to reply
6 replies to this topic

#1 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 09:08 AM

Posted 10 July 2019 - 07:07 AM

Hi, I don't want to 'spam' the existing topic for the LDAP Plugin with my current issue, since I think, the existing Topic is already hard to follow...

 

I have setup an Samba4 Server and configured the LDAP Plugin for the User-Login accordingly.

5d25c4e38a2ff_2019071012_57_58Plugins.pn

The whole User-Search Filter is:

(&(sAMAccountName={0})(&(objectCategory=user)(!(userAccountControl=514))(memberof=cn=emby-users,OU=Groups,OU=Home,DC=home,DC=caina,DC=de)))

 

All of this is working fine - My AD Structure is like this:

5d25c574646b8_2019071012_59_53ActiveDire
5d25c5816be8c_2019071013_00_38ActiveDire

Nearly everything is working as expected - Users, that are in the Group "Emby-Users" will have access to Emby, users, which are not in that Group do not have access to Emby.

Except of one thing:

Users of the Group "Emby-Users" have only access to Emby, if they are also within the default Group of "Domain Users" and if "Domain Users" is set as their Primary Group.
As soon as I remove the User from the "Domain Users" Group, they do not have access to Emby anymore...

But, this is a requirement, since some users are "external" users and should not be part of the Domain Users Group like some others.

 

Sure, this isn't an issue from Emby - but maybe, someone will have an Idea where I could / should have a look - to get this kind of configuration work...??

 

The Emby Log is showing "user not found" when I try to login a user that is not part of the Domain Users default group

 

Thanks and with best regards,
Christoph


Edited by CChris, 10 July 2019 - 07:34 AM.


#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 157225 posts
  • Local time: 03:08 AM

Posted 10 July 2019 - 01:05 PM

Hi, given that this plugin targets a niche audience, unfortunately spamming that thread might be the best way to get the attention of knowledgeable users who can help with this. You could just link to here instead of re-posting the entire thing though. Thanks.



#3 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 09:08 AM

Posted 11 July 2019 - 06:10 AM

Hi all,

Just a short update:
 

I have setup another service which does also authenticate users against my LDAP.
There, the above setup is nearly the same - and does work like expected:

 

5d270abbd77dd_2019071112_07_25Check_MKLo
 



#4 Elegant OFFLINE  

Elegant

    Advanced Member

  • Members
  • 37 posts
  • Local time: 02:08 AM

Posted 11 July 2019 - 11:53 AM

Receiving the below error when using a SSL certificate, is there an issue with how the checksum works? I am attempting to authenticate with the administrator account for testing purposes. Thanks!

019-07-11 11:47:59.498 Error UserManager: Error authenticating with provider LDAP
	*** Error Report ***
	Version: 4.1.1.0
	Command line: /system/EmbyServer.dll -programdata /config -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
	Operating system: Unix 5.0.10.300
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: True
	Runtime: file:///system/System.Private.CoreLib.dll
	Processor count: 2
	Program data path: /config
	Application directory: /system
	System.Security.Authentication.AuthenticationException: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
	   at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap(Task task, Int32 timeout)
	   at Novell.Directory.Ldap.Connection.Connect(String host, Int32 port, Int32 semaphoreId)
	   at Novell.Directory.Ldap.LdapConnection.Connect(String host, Int32 port)
	   at LDAP.AuthenticationProvider.Authenticate(String username, String password)
	   at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)
	Source: LDAP
	TargetSite: Void WaitAndUnwrap(System.Threading.Tasks.Task, Int32)

5d275b89685f2_EmbyLDAP.png


Edited by Elegant, 11 July 2019 - 11:55 AM.


#5 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 157225 posts
  • Local time: 03:08 AM

Posted 11 July 2019 - 01:55 PM

How did you determine the certificate hash?



#6 Elegant OFFLINE  

Elegant

    Advanced Member

  • Members
  • 37 posts
  • Local time: 02:08 AM

Posted 12 July 2019 - 09:23 AM

The wrong way apparently. I thought that it was meant to be the certificate hash of the CA not the certificate hash of the server certificate. All good now. Thanks!


Edited by Elegant, 12 July 2019 - 11:16 AM.


#7 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 157225 posts
  • Local time: 03:08 AM

Posted 12 July 2019 - 11:13 AM

Thanks for the feedback.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users