Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP Admin Group Not Working As Intended? #57

Closed
EchoApeiron opened this issue Oct 20, 2020 · 2 comments · Fixed by #82
Closed

LDAP Admin Group Not Working As Intended? #57

EchoApeiron opened this issue Oct 20, 2020 · 2 comments · Fixed by #82

Comments

@EchoApeiron
Copy link

EchoApeiron commented Oct 20, 2020
edited
Loading

Sadly due to the limited documentation I'm not sure what depth this issue has. I got the LDAP plugin configured correctly. If a user was part of a group in my LdapSearchFilter they able to login with no issues and the account is created.

However, I had a user that was only part of the admin group that was defined in the LdapAdminFilter parameter. This user was unable to login. Only until I added them into my User Group were they able to log in. Then even when they did log in and their account was created it wasn't created as an administrative account.

Below are my current configurations and screen shots to help provide evidence to the issue:

<?xml version="1.0"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <LdapServer>server.domain.xyz</LdapServer>
  <LdapBaseDn>DC=domain,DC=xyz</LdapBaseDn>
  <LdapPort>389</LdapPort>
  <LdapSearchAttributes>SamAccountName</LdapSearchAttributes>
  <LdapUsernameAttribute>SamAccountName</LdapUsernameAttribute>
  <LdapSearchFilter>(memberOf=CN=Jellyfin-Users,OU=O-Groups,DC=domain,DC=xyz)</LdapSearchFilter>
  <LdapAdminFilter>(memberOf=CN=Jellyfin-Admins,OU=O-Groups,DC=domain,DC=xyz)</LdapAdminFilter>
  <LdapBindUser>CN=Jellyfin LDAP,OU=Service-Accounts,OU=O-Users,DC=domain,DC=xyz</LdapBindUser>
  <LdapBindPassword>mysupersecurepassword</LdapBindPassword>
  <CreateUsersFromLdap>true</CreateUsersFromLdap>
  <UseSsl>false</UseSsl>
  <UseStartTls>false</UseStartTls>
  <SkipSslVerify>false</SkipSslVerify>
</PluginConfiguration>

Jellyfin Plugins Menu

When I was finally able to login with the user I had to manually promote them to admin.
@arantes555
Copy link

Seems linked to #55

@NolanWelser
Copy link

NolanWelser commented Mar 22, 2021
edited
Loading

I'm unsure about the other issue link here, but for your described problem I believe jellyfin expects your users to ALL be "users" and some users to be "users" and "admins". I solved the problem by putting the following in my LDAP User Filer setting (and keeping the same admin filter as you have)

(|(memberOf=CN=JellyfinUser,OU=groups,DC=domain,DC=com)(memberOf=CN=JellyfinAdmin,OU=groups,DC=domain,DC=com))

So if you're marked as a user OR admin you can login, but only actual admins will be given admin rights. Hope this helps!

@Bobonium Bobonium mentioned this issue Jun 27, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix admin lookup condition Bobonium/jellyfin-plugin-ldapauth
3 participants
@arantes555 @NolanWelser @EchoApeiron