asdfqwerasdf 0 Posted January 27, 2024 Posted January 27, 2024 I have a (plain, non-TLS) LDAP server with authentik in my docker compose. I know it works because when I type this in the console on the exact same container than emby runs I get the following: # ldapsearch -x -H ldap://ldap:3389 -D 'cn=internal-ldap-emby,ou=users,dc=redacted,dc=duckdns,dc=org' -w 'REDACTED' -b 'dc=redacted,dc=duckdns,dc=org' '(sAMAccountName=Cypress)' # extended LDIF # # LDAPv3 # base <dc=redacted,dc=duckdns,dc=org> with scope subtree # filter: (sAMAccountName=Cypress) # requesting: ALL # # Cypress, users, redacted.duckdns.org dn: cn=Cypress,ou=users,dc=redacted,dc=duckdns,dc=org gidNumber: 2011 homeDirectory: /home/Cypress ak-active: TRUE sAMAccountName: Cypress objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: user objectClass: posixAccount objectClass: goauthentik.io/ldap/user sn: Cypress ak-superuser: FALSE cn: Cypress mail: altrus1@gmail.com uid: 6ff48f51c160870ad336503f5ca74d4a6e16e50b3e476de1d585c1743fd18d09 displayName: Cypress name: Cypress uidNumber: 2011 # Cypress, virtual-groups, redacted.duckdns.org dn: cn=Cypress,ou=virtual-groups,dc=redacted,dc=duckdns,dc=org uid: 6ff48f51c160870ad336503f5ca74d4a6e16e50b3e476de1d585c1743fd18d09 sAMAccountName: Cypress gidNumber: 2011 ak-superuser: false objectClass: group objectClass: groupOfUniqueNames objectClass: groupOfNames objectClass: goauthentik.io/ldap/group objectClass: posixGroup objectClass: goauthentik.io/ldap/virtual-group member: cn=Cypress,ou=users,dc=redacted,dc=duckdns,dc=org cn: Cypress # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 # This will generate some logs on the Authentik LDAP outpost: ldap | {"bindDN":"cn=internal-ldap-emby,ou=users,dc=redacted,dc=duckdns,dc=org","event":"authenticated from session","level":"info","logger":"authentik.outpost.ldap.binder.session","timestamp":"2024-01-27T20:14:04Z"} ldap | {"bindDN":"cn=internal-ldap-emby,ou=users,dc=redacted,dc=duckdns,dc=org","client":"172.19.0.4","event":"Bind request","level":"info","requestId":"76e0f2e1-f89c-4ef6-87e9-9b6d20180704","timestamp":"2024-01-27T20:14:04Z","took-ms":0} ldap | {"attributes":[],"baseDN":"dc=redacted,dc=duckdns,dc=org","bindDN":"cn=internal-ldap-emby,ou=users,dc=redacted,dc=duckdns,dc=org","client":"172.19.0.4","event":"Search request","filter":"(sAMAccountName=Cypress)","level":"info","requestId":"b94f877b-8ad1-443e-9561-3537a1363b5d","scope":"Whole Subtree","timestamp":"2024-01-27T20:14:04Z","took-ms":0} However, when I set up emby to connect to that LDAP server: I'm unable to log in. The funny thing is that it does not result in a log line in autentik ldap, and from the Emby side all I get is this: at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: System.Threading.Tasks.Task`1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User) 2024-01-27 21:14:17.950 Info UserManager: Authentication request for Cypress has been denied. 2024-01-27 21:14:17.955 Warn Server: AUTH-ERROR: 86.127.234.199 - Invalid username or password entered. 2024-01-27 21:14:17.955 Error Server: Invalid username or password entered. 2024-01-27 21:14:17.959 Info Server: http/1.1 Response 401 to host2. Time: 15ms. http://host1:8920/emby/Users/authenticatebyname?X-Emby-Client=Emby%20Web&X-Emby-Device-Name=Microsoft%20Edge%20Windows&X-Emby-Device-Id=0e4798c8-aedb-43b4-9c41-25b1d60b3c18&X-Emby-Client-Version=4.7.14.0&X-Emby-Language=es 2024-01-27 21:17:07.077 Info SessionManager: Reissuing access token: 5bd2929dfe024907a066a991ab76027f 2024-01-27 21:17:07.389 Info Server: http/1.1 POST http://host1:8920/emby/Sync/Data?X-Emby-Client=Emby for Windows&X-Emby-Device-Name=NOTARIOR-PC&X-Emby-Device-Id=aAobBelIK7wPnqL0Qhl5mvMVAl9bIoBUhEF5dsp6B0&X-Emby-Client-Version=1.1.536.0&reqformat=json. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 2024-01-27 21:17:07.402 Info Server: http/1.1 Response 200 to host3. Time: 13ms. http://host1:8920/emby/Sync/Data?X-Emby-Client=Emby for Windows&X-Emby-Device-Name=NOTARIOR-PC&X-Emby-Device-Id=aAobBelIK7wPnqL0Qhl5mvMVAl9bIoBUhEF5dsp6B0&X-Emby-Client-Version=1.1.536.0&reqformat=json 2024-01-27 21:23:37.322 Info Server: http/1.1 POST http://host1:8920/emby/Users/authenticatebyname?X-Emby-Client=Emby%20Web&X-Emby-Device-Name=Microsoft%20Edge%20Windows&X-Emby-Device-Id=0e4798c8-aedb-43b4-9c41-25b1d60b3c18&X-Emby-Client-Version=4.7.14.0&X-Emby-Language=es. Accept=application/json, Host=vicflix.duckdns.org:8920, User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0, Accept-Encoding=gzip, deflate, br, Accept-Language=es, Content-Type=application/x-www-form-urlencoded; charset=UTF-8, Origin=https://vicflix.duckdns.org:8920, Referer=https://vicflix.duckdns.org:8920/web/index.html, Content-Length=35, DNT=1, Sec-Ch-Ua="Not A(Brand";v="99", "Microsoft Edge";v="121", "Chromium";v="121", Sec-Ch-Ua-Mobile=?0, Sec-Ch-Ua-Platform="Windows", Sec-Fetch-Dest=empty, Sec-Fetch-Mode=cors, Sec-Fetch-Site=same-origin, X-Forwarded-For=86.127.234.199, X-Forwarded-Host=vicflix.duckdns.org:8920, X-Forwarded-Port=8920, X-Forwarded-Proto=https, X-Forwarded-Server=d0d704108897, X-Real-Ip=86.127.234.199 2024-01-27 21:23:37.325 Error UserManager: Error authenticating with provider Default *** Error Report *** Version: 4.7.14.0 Command line: /app/emby/system/EmbyServer.dll -programdata /config -ffdetect /app/emby/bin/ffdetect -ffmpeg /app/emby/bin/ffmpeg -ffprobe /app/emby/bin/ffprobe -restartexitcode 3 Operating system: Linux version 6.5.0-14-generic (buildd@lcy02-amd64-031) (x86_64-linux-gnu-gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0, GNU ld (GNU Binutils for Ubuntu) 2.4 Framework: .NET 6.0.20 OS/Process: x64/x64 Runtime: app/emby/system/System.Private.CoreLib.dll Processor count: 2 Data path: /config Application path: /app/emby/system System.Exception: System.Exception: Invalid username or password.. at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser) at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: System.Threading.Tasks.Task`1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User) Which doesn't really sounds a lot like LDAP is being used at all. Is there any way to get better logs regarding auth and ldap? Any idea about what is going on? Thanks!
Abobader 3464 Posted January 27, 2024 Posted January 27, 2024 Hello asdfqwerasdf, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
asdfqwerasdf 0 Posted January 27, 2024 Author Posted January 27, 2024 Apologies, this was my mistake, please do not approve this post.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now