[GH-ISSUE #1125] [BUG]Jellyfin LDAP Plugin Change Password ISSUE #399

New issue

Closed

opened 2026-02-27 08:17:05 +03:00 by kerem · 18 comments

kerem commented 2026-02-27 08:17:05 +03:00

Owner

Copy link

Originally created by @taiwan-king on GitHub (Mar 11, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1125

#620

Sorry,
I expected that when the user changes the password, the account password in LLDAP would also be changed.
However, I found that even if the user changes the password, it only updates the password in the Jellyfin local database, not the LLDAP database.
If SSO is enabled, the same user can log in in two ways: one with the Jellyfin local password and the other with the SSO password.

I'm not sure if this is the result you were expecting.
If it is, please feel free to close the case again.
Thank you!

Originally created by @taiwan-king on GitHub (Mar 11, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1125 #620 Sorry, I expected that when the user changes the password, the account password in LLDAP would also be changed. However, I found that even if the user changes the password, it only updates the password in the Jellyfin local database, not the LLDAP database. If SSO is enabled, the same user can log in in two ways: one with the Jellyfin local password and the other with the SSO password. I'm not sure if this is the result you were expecting. If it is, please feel free to close the case again. Thank you!

kerem 2026-02-27 08:17:05 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 11, 2025):

Hi!

How did you configure jellyfin? Can you turn on verbose logging in LLDAP and post the logs?

<!-- gh-comment-id:2712992812 --> @nitnelave commented on GitHub (Mar 11, 2025): Hi! How did you configure jellyfin? Can you turn on verbose logging in LLDAP and post the logs?

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

你好！

您是如何配置 Jellyfin 的？您能否在 LLDAP 中打開詳細紀錄記錄併發布紀錄？

I am using Jellyfin's built-in LDAP authentication plugin.
Here are the related settings:

Additionally, I checked the author of the LDAP authentication plugin,
and it seems to be designed to only read LDAP settings without making modifications.
That's why there is a 'Password Reset URL' setting.

However, this setting doesn't seem to work now—there is no popup window or redirect.

The main issue is that your documentation mentions that changes can be made,
but following the settings, I found that it only changes the user password in Jellyfin's database,
not in the LLDAP database.

My user password provider is set to this LDAP plugin.

<!-- gh-comment-id:2713118724 --> @taiwan-king commented on GitHub (Mar 11, 2025): > 你好！ > > 您是如何配置 Jellyfin 的？您能否在 LLDAP 中打開詳細紀錄記錄併發布紀錄？ I am using Jellyfin's built-in LDAP authentication plugin. Here are the related settings:  Additionally, I checked the author of the LDAP authentication plugin, and it seems to be designed to only read LDAP settings without making modifications. That's why there is a 'Password Reset URL' setting. However, this setting doesn't seem to work now—there is no popup window or redirect. The main issue is that your documentation mentions that changes can be made, but following the settings, I found that it only changes the user password in Jellyfin's database, not in the LLDAP database. My user password provider is set to this LDAP plugin.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 11, 2025):

Thanks for the plugin configuration, it seems alright.

Can you provide the LLDAP verbose logs as well, during an attempt to change a password with jellyfin?

<!-- gh-comment-id:2713146801 --> @nitnelave commented on GitHub (Mar 11, 2025): Thanks for the plugin configuration, it seems alright. Can you provide the LLDAP verbose logs as well, during an attempt to change a password with jellyfin?

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

Thanks for the plugin configuration, it seems alright.

Can you provide the LLDAP verbose logs as well, during an attempt to change a password with jellyfin?

2025-03-11T08:33:47.125949668+00:00 WARN │ ┕━ 🚧 [warn]: Ignoring unknown user attribute "objectcategory" in filter.\n
To disable this warning, add it to "ignored_user_attributes" in the config

<!-- gh-comment-id:2713152314 --> @taiwan-king commented on GitHub (Mar 11, 2025): > Thanks for the plugin configuration, it seems alright. > > Can you provide the LLDAP verbose logs as well, during an attempt to change a password with jellyfin? 2025-03-11T08:33:47.125949668+00:00 WARN │ ┕━ 🚧 [warn]: Ignoring unknown user attribute "objectcategory" in filter.\n\ To disable this warning, add it to "ignored_user_attributes" in the config

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

Sorry, I think I understand now.

Since I’m using DuoAuthProxy, changing the password also requires 2FA.
But Duo has a free 10-user limit.

Therefore, I don’t provide 2FA to regular users,
which might be the reason why regular users can only change their local Jellyfin password.

<!-- gh-comment-id:2713178685 --> @taiwan-king commented on GitHub (Mar 11, 2025): Sorry, I think I understand now. Since I’m using DuoAuthProxy, changing the password also requires 2FA. But Duo has a free 10-user limit. Therefore, I don’t provide 2FA to regular users, which might be the reason why regular users can only change their local Jellyfin password.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 11, 2025):

Can you enable the verbose logging in LLDAP and post the full logs? It's more like pages of output, not a single line.

Where does duo proxy come in? Does it sit between jellyfin and LLDAP?

<!-- gh-comment-id:2713229802 --> @nitnelave commented on GitHub (Mar 11, 2025): Can you enable the verbose logging in LLDAP and post the full logs? It's more like pages of output, not a single line. Where does duo proxy come in? Does it sit between jellyfin and LLDAP?

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

您能否在 LLDAP 中啟用詳細紀錄記錄併發佈完整紀錄？它更像是輸出的頁面，而不是一行。

duo proxy 從哪裡來？它介於 jellyfin 和 LLDAP 之間嗎？

Yes.
DuoAuthProxy sends the authentication to Duo for 2FA, and then forwards it to LLDAP.
Since I’m using DOZZLE to view, I’m not very clear on how to post the logs,

2025-03-11T08:41:14.976733695+00:00 ERROR 🚨 [error]: [LDAP] Service Error: while handling incoming messages: while receiving LDAP op: Connection reset by peer (os error 104)

This log is likely where the authentication is sent to Duo, so it's getting stuck at 2FA.

so I only picked the ones I don’t understand.
So far, the functionality seems normal,
and I’m pretty sure the issue occurs in DuoAuthProxy.

<!-- gh-comment-id:2713260850 --> @taiwan-king commented on GitHub (Mar 11, 2025): > 您能否在 LLDAP 中啟用詳細紀錄記錄併發佈完整紀錄？它更像是輸出的頁面，而不是一行。 > > duo proxy 從哪裡來？它介於 jellyfin 和 LLDAP 之間嗎？ Yes. DuoAuthProxy sends the authentication to Duo for 2FA, and then forwards it to LLDAP. Since I’m using DOZZLE to view, I’m not very clear on how to post the logs, 2025-03-11T08:41:14.976733695+00:00 ERROR 🚨 [error]: [LDAP] Service Error: while handling incoming messages: while receiving LDAP op: Connection reset by peer (os error 104) This log is likely where the authentication is sent to Duo, so it's getting stuck at 2FA. so I only picked the ones I don’t understand. So far, the functionality seems normal, and I’m pretty sure the issue occurs in DuoAuthProxy.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

I can provide you with the documentation for integrating with DuoAuthProxy,
and you can decide whether to update the documentation.

However, I found it online, so it's not original.
If you want, I can email it to you.

<!-- gh-comment-id:2713333533 --> @taiwan-king commented on GitHub (Mar 11, 2025): I can provide you with the documentation for integrating with DuoAuthProxy, and you can decide whether to update the documentation. However, I found it online, so it's not original. If you want, I can email it to you.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 11, 2025):

Do you think you can make a PR adding an example config for duo auth proxy?

<!-- gh-comment-id:2713486613 --> @nitnelave commented on GitHub (Mar 11, 2025): Do you think you can make a PR adding an example config for duo auth proxy?

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

你覺得你能做一個 PR，添加一個 duo auth proxy 的示例配置嗎？

Haha Sorry, if you're willing to teach me how to create a PR, I'll paste the content again. Thanks!

<!-- gh-comment-id:2713614267 --> @taiwan-king commented on GitHub (Mar 11, 2025): > 你覺得你能做一個 PR，添加一個 duo auth proxy 的示例配置嗎？ Haha Sorry, if you're willing to teach me how to create a PR, I'll paste the content again. Thanks!

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Mar 11, 2025):

If you don't know git, the best way is probably this https://dev.to/lukegarrigan/the-simplest-way-to-make-a-pull-request-2h61

<!-- gh-comment-id:2713669904 --> @nitnelave commented on GitHub (Mar 11, 2025): If you don't know git, the best way is probably this https://dev.to/lukegarrigan/the-simplest-way-to-make-a-pull-request-2h61

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@martadinata666 commented on GitHub (Mar 11, 2025):

I can confirm that password changing working as Jellyfin+LLDAP only combo, so the third party "duo" in this case somehow interfere, either failed request to LLDAP, or some other reason.

Notice the line "Successfully reset password for ddyms" that request come from jellyfin change password request

lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.365094808+00:00  INFO     ｉ [info]: LDAP session start: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.366245773+00:00  INFO     LDAP request [ 82.8ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.366352441+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.460061007+00:00  INFO     LDAP request [ 163ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.623620394+00:00  INFO     ┕━ ｉ [info]: Successfully (re)set password for "ddyms"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.625075126+00:00  INFO     LDAP request [ 2.21µs | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.625092539+00:00  INFO     ｉ [info]: LDAP session end: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.333214859+00:00  INFO     ｉ [info]: OPAQUE login attempt for "ddyms"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.570846948+00:00  INFO     ｉ [info]: OPAQUE login successful for "ddyms"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.840763884+00:00  INFO     ｉ [info]: Unprivileged search, limiting results
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.840791243+00:00  INFO     ｉ [info]: Unprivileged search, limiting results
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.842249446+00:00  INFO     ｉ [info]: Unprivileged search, limiting results
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.842278746+00:00  INFO     ｉ [info]: Unprivileged search, limiting results

<!-- gh-comment-id:2713846760 --> @martadinata666 commented on GitHub (Mar 11, 2025): I can confirm that password changing working as Jellyfin+LLDAP only combo, so the third party "duo" in this case somehow interfere, either failed request to LLDAP, or some other reason. Notice the line "Successfully reset password for ddyms" that request come from jellyfin change password request ``` lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.365094808+00:00 INFO ｉ [info]: LDAP session start: 8730e193-70f4-4a2f-acd9-b39fb557d491 lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.366245773+00:00 INFO LDAP request [ 82.8ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491 lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.366352441+00:00 INFO ┕━ ｉ [info]: Login attempt for "admin" lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.460061007+00:00 INFO LDAP request [ 163ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491 lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.623620394+00:00 INFO ┕━ ｉ [info]: Successfully (re)set password for "ddyms" lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.625075126+00:00 INFO LDAP request [ 2.21µs | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491 lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.625092539+00:00 INFO ｉ [info]: LDAP session end: 8730e193-70f4-4a2f-acd9-b39fb557d491 lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.333214859+00:00 INFO ｉ [info]: OPAQUE login attempt for "ddyms" lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.570846948+00:00 INFO ｉ [info]: OPAQUE login successful for "ddyms" lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.840763884+00:00 INFO ｉ [info]: Unprivileged search, limiting results lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.840791243+00:00 INFO ｉ [info]: Unprivileged search, limiting results lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.842249446+00:00 INFO ｉ [info]: Unprivileged search, limiting results lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.842278746+00:00 INFO ｉ [info]: Unprivileged search, limiting results ```

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

如果你不知道 git，最好的方法可能是這個 https://dev.to/lukegarrigan/the-simplest-way-to-make-a-pull-request-2h61

finished.

<!-- gh-comment-id:2713855428 --> @taiwan-king commented on GitHub (Mar 11, 2025): > 如果你不知道 git，最好的方法可能是這個 https://dev.to/lukegarrigan/the-simplest-way-to-make-a-pull-request-2h61 finished.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

我可以確認，密碼更改僅在 Jellyfin+LLDAP 的組合下運作，因此在這種情況下，第三方 "duo" 以某種方式干擾，可能是對 LLDAP 的請求失敗，或是其他原因。

注意到「成功重置 ddyms 的密碼」這行，該請求來自 jellyfin 更改密碼請求。

lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.365094808+00:00  INFO     ｉ [info]: LDAP session start: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.366245773+00:00  INFO     LDAP request [ 82.8ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.366352441+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.460061007+00:00  INFO     LDAP request [ 163ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.623620394+00:00  INFO     ┕━ ｉ [info]: Successfully (re)set password for "ddyms"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.625075126+00:00  INFO     LDAP request [ 2.21µs | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:08.625092539+00:00  INFO     ｉ [info]: LDAP session end: 8730e193-70f4-4a2f-acd9-b39fb557d491
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.333214859+00:00  INFO     ｉ [info]: OPAQUE login attempt for "ddyms"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.570846948+00:00  INFO     ｉ [info]: OPAQUE login successful for "ddyms"
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.840763884+00:00  INFO     ｉ [info]: Unprivileged search, limiting results
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.840791243+00:00  INFO     ｉ [info]: Unprivileged search, limiting results
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.842249446+00:00  INFO     ｉ [info]: Unprivileged search, limiting results
lldap_app.1.3uiq9zn360t5@homelab    | 2025-03-11T11:41:53.842278746+00:00  INFO     ｉ [info]: Unprivileged search, limiting results

I have tested it, and changing the LLDAP user password works correctly through Duo 2FA. However, after thinking about it, it doesn’t really make a difference because the issue still exists in reverse—changing the password in LLDAP won’t sync to Jellyfin.

If integrated with Duo, changing passwords also requires 2FA. However, since Duo is a paid service, I haven’t created users for regular users in Duo, so they can't perform 2FA via their phones. DuoAuthProxy directs all traffic to Duo first, which means only users that exist in Duo can use 2FA to change passwords, while regular users cannot use 2FA for this process.

<!-- gh-comment-id:2713869394 --> @taiwan-king commented on GitHub (Mar 11, 2025): > 我可以確認，密碼更改僅在 Jellyfin+LLDAP 的組合下運作，因此在這種情況下，第三方 "duo" 以某種方式干擾，可能是對 LLDAP 的請求失敗，或是其他原因。 > > 注意到「成功重置 ddyms 的密碼」這行，該請求來自 jellyfin 更改密碼請求。 > > ``` > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.365094808+00:00 INFO ｉ [info]: LDAP session start: 8730e193-70f4-4a2f-acd9-b39fb557d491 > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.366245773+00:00 INFO LDAP request [ 82.8ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491 > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.366352441+00:00 INFO ┕━ ｉ [info]: Login attempt for "admin" > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.460061007+00:00 INFO LDAP request [ 163ms | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491 > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.623620394+00:00 INFO ┕━ ｉ [info]: Successfully (re)set password for "ddyms" > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.625075126+00:00 INFO LDAP request [ 2.21µs | 100.00% ] session_id: 8730e193-70f4-4a2f-acd9-b39fb557d491 > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:08.625092539+00:00 INFO ｉ [info]: LDAP session end: 8730e193-70f4-4a2f-acd9-b39fb557d491 > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.333214859+00:00 INFO ｉ [info]: OPAQUE login attempt for "ddyms" > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.570846948+00:00 INFO ｉ [info]: OPAQUE login successful for "ddyms" > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.840763884+00:00 INFO ｉ [info]: Unprivileged search, limiting results > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.840791243+00:00 INFO ｉ [info]: Unprivileged search, limiting results > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.842249446+00:00 INFO ｉ [info]: Unprivileged search, limiting results > lldap_app.1.3uiq9zn360t5@homelab | 2025-03-11T11:41:53.842278746+00:00 INFO ｉ [info]: Unprivileged search, limiting results > ``` I have tested it, and changing the LLDAP user password works correctly through Duo 2FA. However, after thinking about it, it doesn’t really make a difference because the issue still exists in reverse—changing the password in LLDAP won’t sync to Jellyfin. If integrated with Duo, changing passwords also requires 2FA. However, since Duo is a paid service, I haven’t created users for regular users in Duo, so they can't perform 2FA via their phones. DuoAuthProxy directs all traffic to Duo first, which means only users that exist in Duo can use 2FA to change passwords, while regular users cannot use 2FA for this process.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@martadinata666 commented on GitHub (Mar 11, 2025):

Changing password in LLDAP will "change" the password for jellyfin, "change" maybe not the correct term, "Jellyfin should read password from LLDAP.", the problem is why your jellyfin is somehow does not read password from LLDAP when in theory Duo(proxy-ing LLDAP) should read password from LLDAP.

<!-- gh-comment-id:2714094999 --> @martadinata666 commented on GitHub (Mar 11, 2025): Changing password in LLDAP will "change" the password for jellyfin, "change" maybe not the correct term, "Jellyfin should read password from LLDAP.", the problem is why your jellyfin is somehow does not read password from LLDAP when in theory Duo(proxy-ing LLDAP) should read password from LLDAP.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 11, 2025):

更改LLDAP中的密碼將“更改” Jellyfin的密碼，“更改”可能不是正確的術語，“ Jellyfin應該從LLDAP中讀取密碼。

Yes, I just tested it, and that's correct.
Sorry, my wording was problematic.

But this applies to users who can authenticate through Duo 2FA.
For users who cannot authenticate through Duo 2FA, password reads or modifications will not be synchronized.

<!-- gh-comment-id:2714122942 --> @taiwan-king commented on GitHub (Mar 11, 2025): > 更改LLDAP中的密碼將“更改” Jellyfin的密碼，“更改”可能不是正確的術語，“ Jellyfin應該從LLDAP中讀取密碼。 Yes, I just tested it, and that's correct. Sorry, my wording was problematic. But this applies to users who can authenticate through Duo 2FA. For users who cannot authenticate through Duo 2FA, password reads or modifications will not be synchronized.

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@martadinata666 commented on GitHub (Mar 11, 2025):

I'm rereading your first message. Yes, it's expected behaviour. As far as I can tell, usually, this is because the user was created before the LDAP setup it uses jellyfin-auth rather than LDAP connection.

You can check the user authentication method at jellyfin user management, users that connect will LDAP will use LDAP setting by default

<!-- gh-comment-id:2714783259 --> @martadinata666 commented on GitHub (Mar 11, 2025): I'm rereading your first message. Yes, it's expected behaviour. As far as I can tell, usually, this is because the user was created before the LDAP setup it uses jellyfin-auth rather than LDAP connection. You can check the user authentication method at jellyfin user management, users that connect will LDAP will use LDAP setting by default 

kerem commented 2026-02-27 08:17:06 +03:00

Author

Owner

Copy link

@taiwan-king commented on GitHub (Mar 12, 2025):

I'm rereading your first message. Yes, it's expected behaviour. As far as I can tell, usually, this is because the user was created before the LDAP setup it uses jellyfin-auth rather than LDAP connection.

You can check the user authentication method at jellyfin user management, users that connect will LDAP will use LDAP setting by default

Yes,
Thank you for your reminder.
I did not set up LDAP Auth for authentication;
I only set up LDAP Auth for the password.
This should be the issue.
Thank you for your assistance.

<!-- gh-comment-id:2716050112 --> @taiwan-king commented on GitHub (Mar 12, 2025): > I'm rereading your first message. Yes, it's expected behaviour. As far as I can tell, usually, this is because the user was created before the LDAP setup it uses jellyfin-auth rather than LDAP connection. > > You can check the user authentication method at jellyfin user management, users that connect will LDAP will use LDAP setting by default  Yes, Thank you for your reminder. I did not set up LDAP Auth for authentication; I only set up LDAP Auth for the password. This should be the issue. Thank you for your assistance.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#399

No description provided.