Error LDAP Windows server 2016

[leyenda97]

Hi, I have problems using this plugin. My domain controller is a Windows Server 2016. The error it gives me in the logs is as follows. Jellyfin is exposed through a reverse proxy. I do not know if that would have something to do with it? I have a very similar configuration in nextcloud and it works.
It is also possible that I have something wrong configured.
Very thanks.
[2019-05-27 10:51:44.636 +00:00] [INF] ExecuteQueuedTasks [2019-05-27 10:52:26.054 +00:00] [ERR] Error authenticating with provider "LDAP-Authentication" LdapReferralException: Search result reference received, and referral following is off (10) Referral LdapReferralException: Referral: ldap://ForestDnsZones.castejon.lo/DC=ForestDnsZones,DC=castejon,DC=lo [2019-05-27 10:52:26.059 +00:00] [ERR] Error authenticating with provider "Default" System.Exception: Invalid username or password at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser) at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser) [2019-05-27 10:52:26.063 +00:00] [ERR] Invalid username or password entered.

[kutyla-philipp]

Can confirm, same for me.

[LogicalPhallacy]

So I found some info on your error here: https://stackoverflow.com/questions/46052873/a-list-of-all-users-ldap-referral-error-ldapreferralexception

I've implemented the proposed fix, can someone test with a build from my repo:
https://github.com/LogicalPhallacy/jellyfin-plugin-ldapauth

[joshuaboniface]

@LogicalPhallacy It looks like this breaks the existing OpenSSL compat, at least with my settings:

Aug 27 18:26:07 jf1.i.net jellyfin[30262]: [18:26:07] [ERR] Failed to Connect or Bind to server
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Protocol Error (2) Protocol Error
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Server Message: unsupported extended operation
Aug 27 18:26:07 jf1.i.net jellyfin[30262]: LdapException: Matched DN:

[HudsonProdigy]

Was this ever resolved? I am having same issue configuring ldap plugin with windows server 2016 AD

[BenLangers]

I have the same issue.
Oddly, I have been able to log in with my own AD user account, and a new user I just created, but no other users seem to be able to log on. They get the "Connection Failure" pop-up.
Another strange thing, the log looks like this:

[ERR] Error processing request. URL: "http://media.atticstudios.be/Users/authenticatebyname"
LdapReferralException: Search result reference received, and referral following is off (10) Referral
LdapReferralException: Referral: ldap://###.atticstudios.be/DC=###,DC=atticstudios,DC=be
"###" being a subdomain of atticstudios.be. The tested user account or groups used to filter the logins are not in this subdomain. Not sure why this would be referred to? It is not mentioned in the plugin configuration anywhere (but is a part of AD of course).
The new user account that is able to log on is identical to some of the other ones that do not word. Same OU, same groups. There are no non-alphanumeric characters in the user names.
Anything else I can try or test?

[shanehughes1990]

For anyone who came across this issue while setting jellyfin LDAP with AD
Docker host - ubuntu 20 server
Jellyfin docker container - hotio/jellyfin
Jellyfin version - 10.6.2
Ldap plugin version - 9.0.0.0
Windows server 2019
Active directory 2016 forest level

I Have an OU called groups that houses all my security groups
All users are placed in the default CN users
(The jellyfin admin chunk doesn't appear to work I can live with that)
This is my working config with sensative information redacted

<?xml version="1.0"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <LdapServer>192.168.0.254</LdapServer> # This is the AD IP (I have no docker DNS to forward AD DNS to docker containers)
  <LdapBaseDn>dc=contoso,dc=com</LdapBaseDn>
  <LdapPort>389</LdapPort>
  <LdapSearchAttributes>sAMAccountName, userPrincipalName, mail, displayName</LdapSearchAttributes>
  <LdapUsernameAttribute>displayName</LdapUsernameAttribute>
  <LdapSearchFilter>(memberOf=CN=JellyfinUsers,OU=Groups,DC=contoso,DC=com)</LdapSearchFilter>
  <LdapAdminFilter>(memberOf=CN=JellyfinAdmins,OU=Groups,DC=contoso,DC=com)</LdapAdminFilter>
  <LdapBindUser>CN=bind,CN=Users,DC=contoso,DC=com</LdapBindUser>
  <LdapBindPassword>YOURBINDACCOUNTPASSWORD</LdapBindPassword>
  <CreateUsersFromLdap>true</CreateUsersFromLdap>
  <UseSsl>false</UseSsl>
  <UseStartTls>false</UseStartTls>
  <SkipSslVerify>false</SkipSslVerify>
</PluginConfiguration>