[GH-ISSUE #548] Emby difference to example emby.md #200

New issue

Closed

opened 2026-02-27 08:15:50 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 08:15:50 +03:00

Owner

Originally created by @nomandera on GitHub (Apr 12, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/548

Using the lldap guide as a template I could not make Emby users authenticate.

Whilst the guide recommends an admin user, since I do not need (or want) Emby to be able to create users, I went with a user called readonly which is a member of only lldap_strict_readonly and all Emby users defined in a group called emby.

e.g.

LDAP server address: lldap
LDAP server Port number: 389
Enable SSL: Disabled
SSL certificate thumbprint (SHA1): NA
Bind DN: uid=readonly,ou=people,dc=example,dc=com
Bind credentials: passwordforreadonlyuser
User search base: ou=people,dc=example,dc=com
User search filter: (&(uid={0})(memberof=cn=emby,ou=groups,dc=example,dc=com))

I do not know if the use of lldap_strict_readonly creates this issue but Emby gives very clear logging that a Bind DN should be in the form above via a log message like:

2023-04-10 09:54:22.352 Error UserManager: Error authenticating with provider LDAP
...
LdapException: Server Message: Unexpected DN format.  Got "cn=readonly,dc=example,dc=com", expected: "uid=id,ou=people,dc=example,dc=com"

and will not work at all until you make this change.

Originally created by @nomandera on GitHub (Apr 12, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/548 Using [the lldap guide](https://github.com/lldap/lldap/blob/main/example_configs/emby.md) as a template I could not make Emby users authenticate. Whilst the guide recommends an admin user, since I do not need (or want) Emby to be able to create users, I went with a user called `readonly` which is a member of only `lldap_strict_readonly` and all Emby users defined in a group called `emby`. e.g. ``` LDAP server address: lldap LDAP server Port number: 389 Enable SSL: Disabled SSL certificate thumbprint (SHA1): NA Bind DN: uid=readonly,ou=people,dc=example,dc=com Bind credentials: passwordforreadonlyuser User search base: ou=people,dc=example,dc=com User search filter: (&(uid={0})(memberof=cn=emby,ou=groups,dc=example,dc=com)) ``` I do not know if the use of `lldap_strict_readonly` creates this issue but Emby gives very clear logging that a Bind DN should be in the form above via a log message like: ``` 2023-04-10 09:54:22.352 Error UserManager: Error authenticating with provider LDAP ... LdapException: Server Message: Unexpected DN format. Got "cn=readonly,dc=example,dc=com", expected: "uid=id,ou=people,dc=example,dc=com" ``` and will not work at all until you make this change.

kerem

2026-02-27 08:15:50 +03:00

closed this issue
added the
question

integration
labels

kerem commented

2026-02-27 08:15:51 +03:00

Author

Owner

@nitnelave commented on GitHub (Apr 12, 2023):

I think the main issue is that you're missing ou=people in your bind DN. You have:
cn=readonly,dc=example,dc=com
instead of
cn=readonly,ou=people,dc=example,dc=com

Does that work for you?

@nitnelave commented on GitHub (Apr 12, 2023): I think the main issue is that you're missing `ou=people` in your bind DN. You have: `cn=readonly,dc=example,dc=com` instead of `cn=readonly,ou=people,dc=example,dc=com` Does that work for you?

kerem commented

2026-02-27 08:15:51 +03:00

Author

Owner

@nomandera commented on GitHub (Apr 12, 2023):

arg I am clearly blind. let me test this tonight and feedback asap

@nomandera commented on GitHub (Apr 12, 2023): arg I am clearly blind. let me test this tonight and feedback asap

kerem commented

2026-02-27 08:15:51 +03:00

Author

Owner

@nitnelave commented on GitHub (Apr 12, 2023):

Note: also switching from cn to uid is better for future compatibility.

@nitnelave commented on GitHub (Apr 12, 2023): Note: also switching from `cn` to `uid` is better for future compatibility.

kerem commented

2026-02-27 08:15:51 +03:00

Author

Owner

@nomandera commented on GitHub (Apr 12, 2023):

Just to confirm that as you expected fixing the typo and using the cn=readonly,ou=people,dc=example,dc=com form also works for me.

@nomandera commented on GitHub (Apr 12, 2023): Just to confirm that as you expected fixing the typo and using the ` cn=readonly,ou=people,dc=example,dc=com` form also works for me.

kerem referenced this issue

2026-02-27 08:18:11 +03:00

[PR #200] [MERGED] Multiarch Docker Image #609