gianmarcomurru 2 Posted March 4, 2024 Posted March 4, 2024 Hello! I am trying to configure the LDAP Plugin to work without success. I have an Emby server and my LDAP server deployed as a docker container, they have access to the same docker network. I have ensured that the Emby container can reach the LDAP one successfully. These are my settings on the LDAP Plugin: If I run this from a docker container in the same network (I couldn’t install the required package openldap-clients on the Emby server container). As you see these settings are working here: These are the logs related to the login attempt 2024-03-04 14:59:37.467 Error UserManager: Error authenticating with provider LDAP *** Error Report *** Version: 4.8.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Linux version 6.1.64-Unraid (root@Develop-612) (gcc (GCC) 12.2.0, GNU ld version 2.40-slack151) #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023 Framework: .NET 6.0.25 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 4 Data path: /config Application path: /system Novell.Directory.Ldap.LdapException: LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Matched DN: Source: LDAP TargetSite: Void ChkResultCode() 2024-03-04 14:59:37.468 Error DefaultAuthenticationProvider: Invalid username or password. No user named alessandro exists 2024-03-04 14:59:37.469 Error UserManager: Error authenticating with provider Default *** Error Report *** Version: 4.8.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Linux version 6.1.64-Unraid (root@Develop-612) (gcc (GCC) 12.2.0, GNU ld version 2.40-slack151) #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023 Framework: .NET 6.0.25 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 4 Data path: /config Application path: /system System.Exception: System.Exception: Invalid username or password. at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser) at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: System.Threading.Tasks.Task`1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User) 2024-03-04 14:59:37.470 Warn Server: AUTH-ERROR: 162.154.134.188 - Invalid username or password entered. 2024-03-04 14:59:37.470 Error Server: Invalid username or password entered. Any suggestion? Thank you in advance
Luke 42077 Posted March 4, 2024 Posted March 4, 2024 Hi there, it looks like the ldap server is rejecting the login, no?
gianmarcomurru 2 Posted March 9, 2024 Author Posted March 9, 2024 (edited) On 04/03/2024 at 22:02, Luke said: Hi there, it looks like the ldap server is rejecting the login, no? Seems so but it’s quite hard to debug it. I logged in with the same credentials from a ldap client and I have the same setup on Jellyfin working fine. The LDAP server is reachable and the credentials are correct. Still throw that error, do you have perhaps suggestions on how debug it? Edited March 9, 2024 by gianmarcomurru
Luke 42077 Posted March 18, 2024 Posted March 18, 2024 Are you able to get any logging or debug info from the LDAP server? Also can you try this version of the LDAP plugin? We haven't updated the embedded ldap library in a while, so that's worth a shot: LDAP.zip Thanks.
gianmarcomurru 2 Posted March 20, 2024 Author Posted March 20, 2024 Hey! After debugging more, I found this issue which was the user search filter. Here's the step I ran: Run a container to test LDAP queries: docker run -it --rm ubuntu /bin/bash # add <--network your_ldap_docker_network> if using a custom network Run these to test your query: apt-get update && apt-get install -y ldap-utils ldapsearch \ -x \ -H ldap://authentik_ldap:3389 \ -p 3389 \ -w 'your_password' -D 'cn=bind_username,ou=users,DC=ldap,DC=goauthentik,DC=io' \ -b 'OU=users,DC=ldap,DC=goauthentik,DC=io' \ '(cn=username_of_user_you_are_looking_for)' If you are using Authentik, these are the settings I am using: @Lukethank you very much for your help and patience! 1 1
Haruko Ishikawa 1 Posted August 10, 2024 Posted August 10, 2024 Thanks this methods works great with authentik! Thanks a lot you are a savior xD! Working with LDAP is a pain for real!
Tur0k 148 Posted November 27, 2025 Posted November 27, 2025 (edited) Thanks for posting this. I am migrating all my home services from a mix of some M$ AD centralized account management with local accounts sprinkled in over to Authentik for centralized SSO and MFA enforcement and had a hell of a time troubleshooting the LDAP integration with Emby server. I recently migrated Emby to Docker and have been runing Emby server behind a reverse proxy (recently moved to Nginx Proxy Manager from Nginx. I am starting to play with Traefik for TLS handoff to some of my other internal services and am looking to move that way eventually). The Authentik instructions for Emby Server integration specifically are not great. Following the Authentik guide for creating the LDAP service (https://docs.goauthentik.io/add-secure-apps/providers/ldap/generic_setup/) was better as it goes over the flow configuration though the screenshots are more than a bit dated. This post helped me diagnose some of the weird behavior that was going on. restart the emby server whenever you make changes to the LDAP plugin. also one thing a friend of mine said he had to do was reset the password to something different after building his LDAP app, provider, outpost, and flows on authentik. I know it was weird but this literally made things work for me after confirming LDAP was accessible to the Docker host and within a separate ubuntu docker container. One thing I was sad about was that I was not able to get MFA integrated into the LDAP authentication process between Emby server and Authentik. It would be nice to get a more modern alternative SSO method like Oauth or something that does allow MFA built out for Emby server. Edited November 27, 2025 by Tur0k 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now