starred/lldap-lldap

Fork 0

mirror of https://github.com/lldap/lldap.git synced 2026-04-26 00:36:01 +03:00

[GH-ISSUE #620] Jellyfin LDAP Plugin Change Password Fails #226

New issue

Closed

opened 2026-02-27 08:15:59 +03:00 by kerem · 10 comments

kerem commented

2026-02-27 08:15:59 +03:00

Owner

Originally created by @speatzle on GitHub (Jul 7, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/620

When trying to Change my password of a lldap user via Jellyfin i get this error in the webui:

This error is misleading and appears to be always show when the server responds with a 500 http error code.

Looking at the Jellyfin Server Logs i can see this error:

LdapException: Unwilling To Perform (53) Unwilling To Perform
LdapException: Server Message: Unsupported operation: ModifyRequest(
    LdapModifyRequest {
        dn: "uid=testuser,ou=people,dc=example,dc=com",
        changes: [
            LdapModify {
                operation: Replace,
                modification: LdapPartialAttribute {
                    atype: "userPassword",
                    vals: [
                        "*******",
                    ],
                },
            },
        ],
    },
)

I have tried password and userPassword as the Password LDAP Attribute in Jellyfin:

Password Change is enabled in Jellyfin.

Originally created by @speatzle on GitHub (Jul 7, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/620 When trying to Change my password of a lldap user via Jellyfin i get this error in the webui: ![image](https://github.com/lldap/lldap/assets/12772447/5793c388-efbd-4304-aedb-4828e76ea038) This error is misleading and appears to be always show when the server responds with a 500 http error code. Looking at the Jellyfin Server Logs i can see this error: ``` LdapException: Unwilling To Perform (53) Unwilling To Perform LdapException: Server Message: Unsupported operation: ModifyRequest( LdapModifyRequest { dn: "uid=testuser,ou=people,dc=example,dc=com", changes: [ LdapModify { operation: Replace, modification: LdapPartialAttribute { atype: "userPassword", vals: [ "*******", ], }, }, ], }, ) ``` I have tried password and userPassword as the Password LDAP Attribute in Jellyfin: ![image](https://github.com/lldap/lldap/assets/12772447/0606fbb1-1507-4362-8d67-5ea16c52f090) Password Change is enabled in Jellyfin.

kerem

2026-02-27 08:15:59 +03:00

closed this issue
added the
enhancement

good first issue

backend

ldap
labels

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 7, 2023):

It looks like Jellyfin doesn't support the advanced LDAP password modification request. I guess we could add support for password reset through a regular modification operation.

@nitnelave commented on GitHub (Jul 7, 2023): It looks like Jellyfin doesn't support the advanced LDAP password modification request. I guess we could add support for password reset through a regular modification operation.

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 29, 2023):

@speatzle can you try changing a password through jellyfin after pulling the latest image?

@nitnelave commented on GitHub (Jul 29, 2023): @speatzle can you try changing a password through jellyfin after pulling the latest image?

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@speatzle commented on GitHub (Jul 29, 2023):

@nitnelave I pulled Master and recompiled, it works if you set the Password attribute to userPassword.

But if the bind user only has the group lldap_password_manager it gets a insufficient permissions error. I had to also add the bind user to the lldap_admin group for it to work. Is that intentional?

@speatzle commented on GitHub (Jul 29, 2023): @nitnelave I pulled Master and recompiled, it works if you set the Password attribute to userPassword. But if the bind user only has the group lldap_password_manager it gets a insufficient permissions error. I had to also add the bind user to the lldap_admin group for it to work. Is that intentional?

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 30, 2023):

Did you try to change the admin password? That's not allowed with a password manager permission. You can change any other password, but not admin (to prevent privilege escalations)

@nitnelave commented on GitHub (Jul 30, 2023): Did you try to change the admin password? That's not allowed with a password manager permission. You can change any other password, but not admin (to prevent privilege escalations)

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@speatzle commented on GitHub (Jul 30, 2023):

Did you try to change the admin password? That's not allowed with a password manager permission.

Yes i did, that explains it, Thank you for your help.

@speatzle commented on GitHub (Jul 30, 2023): > Did you try to change the admin password? That's not allowed with a password manager permission. Yes i did, that explains it, Thank you for your help.

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@nitnelave commented on GitHub (Jul 30, 2023):

Great! Glad to hear that worked :)
Do you think you could update the jellyfin config example to include the password modification configuration?

@nitnelave commented on GitHub (Jul 30, 2023): Great! Glad to hear that worked :) Do you think you could update the jellyfin config example to include the password modification configuration?

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@speatzle commented on GitHub (Jul 31, 2023):

I'll make a PR for that after work

@speatzle commented on GitHub (Jul 31, 2023): I'll make a PR for that after work

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@taiwan-king commented on GitHub (Mar 11, 2025):

@speatzle
Sorry,
I expected that when the user changes the password, the account password in LLDAP would also be changed.
However, I found that even if the user changes the password, it only updates the password in the Jellyfin local database, not the LLDAP database.
If SSO is enabled, the same user can log in in two ways: one with the Jellyfin local password and the other with the SSO password.

I'm not sure if this is the result you were expecting.
If it is, please feel free to close the case again.
Thank you!

@taiwan-king commented on GitHub (Mar 11, 2025): @speatzle Sorry, I expected that when the user changes the password, the account password in LLDAP would also be changed. However, I found that even if the user changes the password, it only updates the password in the Jellyfin local database, not the LLDAP database. If SSO is enabled, the same user can log in in two ways: one with the Jellyfin local password and the other with the SSO password. I'm not sure if this is the result you were expecting. If it is, please feel free to close the case again. Thank you!

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@speatzle commented on GitHub (Mar 13, 2025):

Are you sure? Please check if the Password Reset Provider is set Correctly for the User:

@speatzle commented on GitHub (Mar 13, 2025): Are you sure? Please check if the Password Reset Provider is set Correctly for the User: ![Image](https://github.com/user-attachments/assets/6ec5e57c-1cbf-46ed-87a1-d0b4b19a3c2c)

kerem commented

2026-02-27 08:16:00 +03:00

Author

Owner

@taiwan-king commented on GitHub (Mar 13, 2025):

你確定嗎？請檢查是否為使用者正確設定了密碼重設提供者：

Sorry,
I already solved it.
ty

@taiwan-king commented on GitHub (Mar 13, 2025): > 你確定嗎？請檢查是否為使用者正確設定了密碼重設提供者： > > ![Image](https://github.com/user-attachments/assets/6ec5e57c-1cbf-46ed-87a1-d0b4b19a3c2c) Sorry, I already solved it. ty

kerem referenced this issue

2026-02-27 08:18:15 +03:00

[PR #226] [MERGED] release: Release version 0.3.0 #632