[GH-ISSUE #134] Jellyfin LDAP plugin guide #56

New issue

Closed

opened 2026-02-27 08:14:59 +03:00 by kerem · 5 comments

kerem commented 2026-02-27 08:14:59 +03:00

Owner

Copy link

Originally created by @strazto on GitHub (Apr 9, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/134

In order to use jellyfin with lldap, you'll want to do the following:

LDAP Bind User:

cn=admin,ou=people,dc=example,dc=com

LDAP Base DN for searches:

ou=people,dc=example,dc=com

User Filter:

(memberof=cn=media,ou=groups,dc=example,dc=com)

Admin Filter:

(memberof=cn=media_admin,ou=groups,dc=example,dc=com)

Originally created by @strazto on GitHub (Apr 9, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/134 In order to use jellyfin with lldap, you'll want to do the following: LDAP Bind User: ``` cn=admin,ou=people,dc=example,dc=com ``` LDAP Base DN for searches: ``` ou=people,dc=example,dc=com ``` User Filter: ``` (memberof=cn=media,ou=groups,dc=example,dc=com) ``` Admin Filter: ``` (memberof=cn=media_admin,ou=groups,dc=example,dc=com) ```

kerem closed this issue 2026-02-27 08:15:00 +03:00

kerem commented 2026-02-27 08:15:00 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Apr 17, 2022):

Thanks!

<!-- gh-comment-id:1100951387 --> @nitnelave commented on GitHub (Apr 17, 2022): Thanks!

kerem commented 2026-02-27 08:15:00 +03:00

Author

Owner

Copy link

@h-2 commented on GitHub (Jan 15, 2026):

Giving the admin user as bind-user means giving the Jellyfin-instance admin access to LLDAP.

Can I create a user account with fewer privileges for this purpose?

<!-- gh-comment-id:3756296247 --> @h-2 commented on GitHub (Jan 15, 2026): Giving the admin user as bind-user means giving the Jellyfin-instance admin access to LLDAP. Can I create a user account with fewer privileges for this purpose?

kerem commented 2026-02-27 08:15:00 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Jan 15, 2026):

Of course! You can create any user and add it to the lldap_strict_readonly group, and that should be enough. If you want to be able to reset passwords through Jellyfin (I believe it supports that) then you'll need the lldap_password_manager group instead.

<!-- gh-comment-id:3756972630 --> @nitnelave commented on GitHub (Jan 15, 2026): Of course! You can create any user and add it to the lldap_strict_readonly group, and that should be enough. If you want to be able to reset passwords through Jellyfin (I believe it supports that) then you'll need the lldap_password_manager group instead.

kerem commented 2026-02-27 08:15:00 +03:00

Author

Owner

Copy link

@h-2 commented on GitHub (Jan 15, 2026):

Great, thanks for the quick reply! Might be worth adding to the tutorial for other newbies like me?

<!-- gh-comment-id:3757274459 --> @h-2 commented on GitHub (Jan 15, 2026): Great, thanks for the quick reply! Might be worth adding to the tutorial for other newbies like me?

kerem commented 2026-02-27 08:15:00 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Jan 15, 2026):

Which tutorial are you talking about? The Jellyfin one? Sure, you can make a PR for that.

Note that these roles and their use are described in the readme, in the "client configuration > general configuration guide" section.

<!-- gh-comment-id:3757318655 --> @nitnelave commented on GitHub (Jan 15, 2026): Which tutorial are you talking about? The Jellyfin one? Sure, you can make a PR for that. Note that these roles and their use are described in the readme, in the "client configuration > general configuration guide" section.

kerem referenced this issue 2026-02-27 08:17:49 +03:00

[PR #56] [MERGED] README: Add more details and a screenshot #515

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#56

No description provided.