[GH-ISSUE #214] Unable to authenticate emby users with LLDAP (but other services work) #76

New issue

Closed

opened 2026-02-27 08:15:06 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:15:06 +03:00

Owner

Originally created by @JaidenW on GitHub (Jul 2, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/214

Originally assigned to: @nitnelave on GitHub.

As per our discord conversation, here is the information requested.

dump of the DB

PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE IF NOT EXISTS "users" ( "user_id" text(255) NOT NULL PRIMARY KEY, "email" text(255) NOT NULL, "display_name" text(255) NOT NULL, "first_name" text(255) NOT NULL, "last_name" text(255) NOT NULL, "avatar" blob, "creation_date" text NOT NULL, "password_hash" blob, "totp_secret" text(64), "mfa_type" text(64), "uuid" text(36) NOT NULL );
INSERT INTO users VALUES('admin','','Administrator','','',NULL,'2022-07-02 21:09:53.411367648',X'c0dcc0b044b1c1fb9652ed7a90af737c4f94bc9dfa81e6cd3435a2614108633ad07613882d257321e76539b9db63ab4657eb8793b3f1ed12f9fbad04e28567dd2c16cf7811c5d8a6577cb1398e5eb511262db8fc9a3fb964413f7bc8185d3b0ce74842b83678885d41a705799be1233aeac404eab4f719f7dcbe50937f51afb534d7c4069092e78314e4a270c3047ecf37615fccb84612ab3c3ca3c9f066641594a8a965dfac7d909e8c2887b2ca9f4b04591bfb93e642b27a523c866efac0fa',NULL,NULL,'7a10965f-ae7a-3684-b87b-3c5a0e73e38d');
INSERT INTO users VALUES('testacct','testacct@testacct.com','TestAcct','','',NULL,'2022-07-02 21:10:19.722181603',X'3239895d32c62c4166920c3b1de410d23156c06a14638b7b381ae92a49322c5af02faa060a9a5b2173cf38883ca244a047bec40cf617ab35bc7ac4dcf5820e6175814e1066be8e36d5c55f4c54ef24f3d671042186377666419a470ee062f91ed2f36229abb23ad9d5c9e07bdb4828dee28f7cd8750ec2feb98d46f3d4c5dc9c1f751b81976032a513d1f7cce111e3b592fa32d050c332fdea2222d87e1cea31e9ef4ba2acb2c0d124cb326cc811b796ff7627a5e8748a57c1c7ca6e9925fad1',NULL,NULL,'b8283c6d-bde8-3d81-8ab1-acb2bf5bdb6c');
CREATE TABLE IF NOT EXISTS "groups" ( "group_id" integer NOT NULL PRIMARY KEY, "display_name" text(255) UNIQUE NOT NULL, "creation_date" text NOT NULL, "uuid" text(36) NOT NULL );
INSERT INTO groups VALUES(1,'lldap_admin','2022-07-02 21:09:53.553923276','dce3b311-a30f-3aa6-b50c-58b129feedff');
INSERT INTO groups VALUES(2,'lldap_readonly','2022-07-02 21:09:53.559946244','92fc4240-c741-313a-9dc4-fd31ab715926');
CREATE TABLE IF NOT EXISTS "memberships" ( "user_id" text(255) NOT NULL, "group_id" integer NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE, FOREIGN KEY ("group_id") REFERENCES "groups" ("group_id") ON DELETE CASCADE ON UPDATE CASCADE );
INSERT INTO memberships VALUES('admin',1);
CREATE TABLE IF NOT EXISTS "jwt_refresh_storage" ( "refresh_token_hash" integer NOT NULL PRIMARY KEY, "user_id" text(255) NOT NULL, "expiry_date" text NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE );
CREATE TABLE IF NOT EXISTS "jwt_storage" ( "jwt_hash" integer NOT NULL PRIMARY KEY, "user_id" text(255) NOT NULL, "expiry_date" text NOT NULL, "blacklisted" integer DEFAULT FALSE NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE );
CREATE TABLE IF NOT EXISTS "password_reset_tokens" ( "token" text(255) NOT NULL PRIMARY KEY, "user_id" text(255) NOT NULL, "expiry_date" text NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE );
COMMIT;

the logs from emby

*** Error Report ***
Version: 4.7.5.0
Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
Operating system: Linux version 5.10.0-0.bpo.12-amd64 (debian-kernel@lists.debian.org) (gcc-8 (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP De
Framework: .NET 6.0.2
OS/Process: x64/x64
Runtime: system/System.Private.CoreLib.dll
Processor count: 12
Data path: /config
Application path: /system
Novell.Directory.Ldap.InterThreadException: LdapException: Connection lost waiting for results from 192.168.0.92:25628 (91) Connect Error
System.IO.EndOfStreamException: BERDecoder: decode: EOF in Identifier
at Novell.Directory.Ldap.Asn1.Asn1Identifier.Reset(Stream inRenamed)
at Novell.Directory.Ldap.Connection.ReaderThread.Run()
Source: LDAP
TargetSite: Void ChkResultCode()
InnerException: System.IO.EndOfStreamException: BERDecoder: decode: EOF in Identifier
Source: LDAP
TargetSite: Void Reset(System.IO.Stream)
at Novell.Directory.Ldap.Asn1.Asn1Identifier.Reset(Stream inRenamed)
at Novell.Directory.Ldap.Connection.ReaderThread.Run()
2022-07-02 22:22:05.390 Error UserManager: Error authenticating with provider Default

*** Error Report ***
Version: 4.7.5.0
Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
Operating system: Linux version 5.10.0-0.bpo.12-amd64 (debian-kernel@lists.debian.org) (gcc-8 (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP De
Framework: .NET 6.0.2
OS/Process: x64/x64
Runtime: system/System.Private.CoreLib.dll
Processor count: 12
Data path: /config
Application path: /system
System.Exception: System.Exception: Invalid username or password.
at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser)
at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken)
Source: Emby.Server.Implementations
TargetSite: System.Threading.Tasks.Task1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User)
2022-07-02 22:22:05.390 Info HttpClient: POST https://connect.emby.media/service/user/authenticate

LLDAP logs with the panic

thread 'actix-rt|system:0|arbiter:0' panicked at 'called `Result::unwrap()` on an `Err` value: ColumnDecode { index: "\"group_creation_date\"", source: "invalid datetime: " }', /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/sqlx-core-0.5.11/src/row.rs:73:37
stack backtrace:
   0: rust_begin_unwind
             at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/std/src/panicking.rs:584:5
   1: core::panicking::panic_fmt
             at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/panicking.rs:143:14
   2: core::result::unwrap_failed
             at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/result.rs:1785:5
   3: core::iter::adapters::map::map_try_fold::{{closure}}
   4: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::try_fold
   5: <alloc::vec::Vec<T> as alloc::vec::spec_from_iter::SpecFromIter<T,I>>::from_iter
   6: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
   7: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
   8: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
   9: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  10: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  11: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  12: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  13: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  14: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  15: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  16: tokio::runtime::task::core::CoreStage<T>::poll
  17: tokio::runtime::task::harness::Harness<T,S>::poll
  18: std::thread::local::LocalKey<T>::with
  19: tokio::task::local::LocalSet::tick
  20: tokio::macros::scoped_tls::ScopedKey<T>::set
  21: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll
  22: std::thread::local::LocalKey<T>::with
  23: tokio::runtime::basic_scheduler::Context::enter
  24: tokio::macros::scoped_tls::ScopedKey<T>::set
  25: tokio::runtime::basic_scheduler::BasicScheduler::block_on
  26: tokio::runtime::Runtime::block_on
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
2022-07-02T22:04:44.732995717+00:00 INFO     LDAP session [ 174ms | 0.07% / 100.00% ]
2022-07-02T22:04:44.741325913+00:00 INFO     ┝━ LDAP request [ 154ms | 0.05% / 88.52% ]
2022-07-02T22:04:44.741347524+00:00 DEBUG    │  ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 4, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=example,dc=com", cred: Simple("********") }), ctrl: [] }
2022-07-02T22:04:44.741352213+00:00 DEBUG    │  ┝━ do_bind [ 154ms | 0.02% / 88.47% ]
2022-07-02T22:04:44.741357032+00:00 DEBUG    │  │  ┝━ 🐛 [debug]: DN: uid=admin,ou=people,dc=example,dc=com
2022-07-02T22:04:44.741368113+00:00 DEBUG    │  │  ┝━ bind [ 154ms | 0.06% / 88.38% ]
2022-07-02T22:04:44.741592305+00:00 DEBUG    │  │  │  ┕━ passwords_match [ 154ms | 88.33% ]
2022-07-02T22:04:44.895482872+00:00 DEBUG    │  │  ┝━ get_user_groups [ 120µs | 0.07% ]
2022-07-02T22:04:44.895489685+00:00 DEBUG    │  │  │  ┝━ 🐛 [debug]:  | user_id: UserId("admin")
2022-07-02T22:04:44.895514943+00:00 DEBUG    │  │  │  ┝━ 🐛 [debug]:  | query: SELECT "groups"."group_id", "display_name", "creation_date", "uuid" FROM "groups" INNER JOIN "memberships" ON "groups"."group_id" = "memberships"."group_id" WHERE "user_id" = ?
2022-07-02T22:04:44.895828613+00:00 DEBUG    │  │  │  ┕━ 🐛 [debug]:  | return: {GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2022-07-02T21:09:53.553923276Z, uuid: Uuid("dce3b311-a30f-3aa6-b50c-58b129feedff") }}
2022-07-02T22:04:44.895832230+00:00 DEBUG    │  │  ┕━ 🐛 [debug]: Success!
2022-07-02T22:04:44.895838562+00:00 DEBUG    │  ┕━ 🐛 [debug]:  | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None })
2022-07-02T22:04:44.898326317+00:00 INFO     ┕━ LDAP request [ 19.9ms | 0.01% / 11.41% ]
2022-07-02T22:04:44.898334312+00:00 DEBUG       ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 5, op: SearchRequest(LdapSearchRequest { base: "ou=people,dc=example,dc=com", scope: Subtree, aliases: Never, sizelimit: 1000, timelimit: 0, typesonly: false, filter: Equality("uid", "testacct"), attrs: ["memberOf", "displayName", "sAMAccountName"] }), ctrl: [] }
2022-07-02T22:04:44.898336165+00:00 DEBUG       ┕━ do_search [ 19.9ms | 0.01% / 11.40% ]
2022-07-02T22:04:44.898342637+00:00 DEBUG          ┝━ 🐛 [debug]:  | request.base: "ou=people,dc=example,dc=com" | scope: Users
2022-07-02T22:04:44.898343740+00:00 DEBUG          ┕━ get_user_list [ 19.8ms | 0.01% / 11.39% ]
2022-07-02T22:04:44.898345343+00:00 DEBUG             ┝━ 🐛 [debug]:  | ldap_filter: Equality("uid", "testacct")
2022-07-02T22:04:44.898348849+00:00 DEBUG             ┝━ 🐛 [debug]:  | parsed_filters: UserId(UserId("testacct"))
2022-07-02T22:04:44.898349691+00:00 DEBUG             ┝━ expand_attribute_wildcards [ 6.83µs | 0.00% ]
2022-07-02T22:04:44.898355812+00:00 DEBUG             │  ┕━ 🐛 [debug]:  | ldap_attributes: ["memberOf", "displayName", "sAMAccountName"] | resolved_attributes: ["memberOf", "displayName", "sAMAccountName"]
2022-07-02T22:04:44.898358978+00:00 DEBUG             ┕━ list_users [ 19.8ms | 11.37% ]
2022-07-02T22:04:44.898361463+00:00 DEBUG                ┝━ 🐛 [debug]:  | filters: Some(UserId(UserId("testacct"))) | get_groups: true
2022-07-02T22:04:44.898405907+00:00 DEBUG                ┕━ 🐛 [debug]:  | query: SELECT "users"."user_id", "email", "users"."display_name", "first_name", "last_name", "avatar", "users"."creation_date", "users"."uuid", "groups"."group_id", "groups"."display_name" AS "group_display_name", "groups"."creation_date" AS "group_creation_date", "groups"."uuid" AS "group_uuid" FROM "users" LEFT JOIN "memberships" ON "users"."user_id" = "memberships"."user_id" LEFT JOIN "groups" ON "memberships"."group_id" = "groups"."group_id" WHERE "users"."user_id" = ? ORDER BY "users"."user_id" ASC, "group_display_name" ASC

LLDAP config

(kept causing formatting issues, so i pasted it externally [LLDAP Config](https://controlc.com/5d428363) ![Config](https://i.imgur.com/FAd4AnK.png)

Originally created by @JaidenW on GitHub (Jul 2, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/214 Originally assigned to: @nitnelave on GitHub. As per our discord conversation, here is the information requested. <details> <summary>dump of the DB</summary> ``` PRAGMA foreign_keys=OFF; BEGIN TRANSACTION; CREATE TABLE IF NOT EXISTS "users" ( "user_id" text(255) NOT NULL PRIMARY KEY, "email" text(255) NOT NULL, "display_name" text(255) NOT NULL, "first_name" text(255) NOT NULL, "last_name" text(255) NOT NULL, "avatar" blob, "creation_date" text NOT NULL, "password_hash" blob, "totp_secret" text(64), "mfa_type" text(64), "uuid" text(36) NOT NULL ); INSERT INTO users VALUES('admin','','Administrator','','',NULL,'2022-07-02 21:09:53.411367648',X'c0dcc0b044b1c1fb9652ed7a90af737c4f94bc9dfa81e6cd3435a2614108633ad07613882d257321e76539b9db63ab4657eb8793b3f1ed12f9fbad04e28567dd2c16cf7811c5d8a6577cb1398e5eb511262db8fc9a3fb964413f7bc8185d3b0ce74842b83678885d41a705799be1233aeac404eab4f719f7dcbe50937f51afb534d7c4069092e78314e4a270c3047ecf37615fccb84612ab3c3ca3c9f066641594a8a965dfac7d909e8c2887b2ca9f4b04591bfb93e642b27a523c866efac0fa',NULL,NULL,'7a10965f-ae7a-3684-b87b-3c5a0e73e38d'); INSERT INTO users VALUES('testacct','testacct@testacct.com','TestAcct','','',NULL,'2022-07-02 21:10:19.722181603',X'3239895d32c62c4166920c3b1de410d23156c06a14638b7b381ae92a49322c5af02faa060a9a5b2173cf38883ca244a047bec40cf617ab35bc7ac4dcf5820e6175814e1066be8e36d5c55f4c54ef24f3d671042186377666419a470ee062f91ed2f36229abb23ad9d5c9e07bdb4828dee28f7cd8750ec2feb98d46f3d4c5dc9c1f751b81976032a513d1f7cce111e3b592fa32d050c332fdea2222d87e1cea31e9ef4ba2acb2c0d124cb326cc811b796ff7627a5e8748a57c1c7ca6e9925fad1',NULL,NULL,'b8283c6d-bde8-3d81-8ab1-acb2bf5bdb6c'); CREATE TABLE IF NOT EXISTS "groups" ( "group_id" integer NOT NULL PRIMARY KEY, "display_name" text(255) UNIQUE NOT NULL, "creation_date" text NOT NULL, "uuid" text(36) NOT NULL ); INSERT INTO groups VALUES(1,'lldap_admin','2022-07-02 21:09:53.553923276','dce3b311-a30f-3aa6-b50c-58b129feedff'); INSERT INTO groups VALUES(2,'lldap_readonly','2022-07-02 21:09:53.559946244','92fc4240-c741-313a-9dc4-fd31ab715926'); CREATE TABLE IF NOT EXISTS "memberships" ( "user_id" text(255) NOT NULL, "group_id" integer NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE, FOREIGN KEY ("group_id") REFERENCES "groups" ("group_id") ON DELETE CASCADE ON UPDATE CASCADE ); INSERT INTO memberships VALUES('admin',1); CREATE TABLE IF NOT EXISTS "jwt_refresh_storage" ( "refresh_token_hash" integer NOT NULL PRIMARY KEY, "user_id" text(255) NOT NULL, "expiry_date" text NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE ); CREATE TABLE IF NOT EXISTS "jwt_storage" ( "jwt_hash" integer NOT NULL PRIMARY KEY, "user_id" text(255) NOT NULL, "expiry_date" text NOT NULL, "blacklisted" integer DEFAULT FALSE NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE ); CREATE TABLE IF NOT EXISTS "password_reset_tokens" ( "token" text(255) NOT NULL PRIMARY KEY, "user_id" text(255) NOT NULL, "expiry_date" text NOT NULL, FOREIGN KEY ("user_id") REFERENCES "users" ("user_id") ON DELETE CASCADE ON UPDATE CASCADE ); COMMIT; ``` </details> <details> <summary>the logs from emby</summary> ``` *** Error Report *** Version: 4.7.5.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Linux version 5.10.0-0.bpo.12-amd64 (debian-kernel@lists.debian.org) (gcc-8 (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP De Framework: .NET 6.0.2 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 12 Data path: /config Application path: /system Novell.Directory.Ldap.InterThreadException: LdapException: Connection lost waiting for results from 192.168.0.92:25628 (91) Connect Error System.IO.EndOfStreamException: BERDecoder: decode: EOF in Identifier at Novell.Directory.Ldap.Asn1.Asn1Identifier.Reset(Stream inRenamed) at Novell.Directory.Ldap.Connection.ReaderThread.Run() Source: LDAP TargetSite: Void ChkResultCode() InnerException: System.IO.EndOfStreamException: BERDecoder: decode: EOF in Identifier Source: LDAP TargetSite: Void Reset(System.IO.Stream) at Novell.Directory.Ldap.Asn1.Asn1Identifier.Reset(Stream inRenamed) at Novell.Directory.Ldap.Connection.ReaderThread.Run() 2022-07-02 22:22:05.390 Error UserManager: Error authenticating with provider Default ``` ``` *** Error Report *** Version: 4.7.5.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Linux version 5.10.0-0.bpo.12-amd64 (debian-kernel@lists.debian.org) (gcc-8 (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP De Framework: .NET 6.0.2 OS/Process: x64/x64 Runtime: system/System.Private.CoreLib.dll Processor count: 12 Data path: /config Application path: /system System.Exception: System.Exception: Invalid username or password. at Emby.Server.Implementations.Library.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser) at Emby.Server.Implementations.Library.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: System.Threading.Tasks.Task1[MediaBrowser.Controller.Authentication.ProviderAuthenticationResult] Authenticate(System.String, System.String, MediaBrowser.Controller.Entities.User) 2022-07-02 22:22:05.390 Info HttpClient: POST https://connect.emby.media/service/user/authenticate ``` </details> <details> <summary>LLDAP logs with the panic</summary> ``` thread 'actix-rt|system:0|arbiter:0' panicked at 'called `Result::unwrap()` on an `Err` value: ColumnDecode { index: "\"group_creation_date\"", source: "invalid datetime: " }', /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/sqlx-core-0.5.11/src/row.rs:73:37 stack backtrace: 0: rust_begin_unwind at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/std/src/panicking.rs:584:5 1: core::panicking::panic_fmt at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/panicking.rs:143:14 2: core::result::unwrap_failed at /rustc/fe5b13d681f25ee6474be29d748c65adcd91f69e/library/core/src/result.rs:1785:5 3: core::iter::adapters::map::map_try_fold::{{closure}} 4: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::try_fold 5: <alloc::vec::Vec<T> as alloc::vec::spec_from_iter::SpecFromIter<T,I>>::from_iter 6: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 7: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 8: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 9: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 10: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 11: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 12: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 13: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 14: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 15: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 16: tokio::runtime::task::core::CoreStage<T>::poll 17: tokio::runtime::task::harness::Harness<T,S>::poll 18: std::thread::local::LocalKey<T>::with 19: tokio::task::local::LocalSet::tick 20: tokio::macros::scoped_tls::ScopedKey<T>::set 21: <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll 22: std::thread::local::LocalKey<T>::with 23: tokio::runtime::basic_scheduler::Context::enter 24: tokio::macros::scoped_tls::ScopedKey<T>::set 25: tokio::runtime::basic_scheduler::BasicScheduler::block_on 26: tokio::runtime::Runtime::block_on note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace. 2022-07-02T22:04:44.732995717+00:00 INFO LDAP session [ 174ms | 0.07% / 100.00% ] 2022-07-02T22:04:44.741325913+00:00 INFO ┝━ LDAP request [ 154ms | 0.05% / 88.52% ] 2022-07-02T22:04:44.741347524+00:00 DEBUG │ ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 4, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=example,dc=com", cred: Simple("********") }), ctrl: [] } 2022-07-02T22:04:44.741352213+00:00 DEBUG │ ┝━ do_bind [ 154ms | 0.02% / 88.47% ] 2022-07-02T22:04:44.741357032+00:00 DEBUG │ │ ┝━ 🐛 [debug]: DN: uid=admin,ou=people,dc=example,dc=com 2022-07-02T22:04:44.741368113+00:00 DEBUG │ │ ┝━ bind [ 154ms | 0.06% / 88.38% ] 2022-07-02T22:04:44.741592305+00:00 DEBUG │ │ │ ┕━ passwords_match [ 154ms | 88.33% ] 2022-07-02T22:04:44.895482872+00:00 DEBUG │ │ ┝━ get_user_groups [ 120µs | 0.07% ] 2022-07-02T22:04:44.895489685+00:00 DEBUG │ │ │ ┝━ 🐛 [debug]: | user_id: UserId("admin") 2022-07-02T22:04:44.895514943+00:00 DEBUG │ │ │ ┝━ 🐛 [debug]: | query: SELECT "groups"."group_id", "display_name", "creation_date", "uuid" FROM "groups" INNER JOIN "memberships" ON "groups"."group_id" = "memberships"."group_id" WHERE "user_id" = ? 2022-07-02T22:04:44.895828613+00:00 DEBUG │ │ │ ┕━ 🐛 [debug]: | return: {GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2022-07-02T21:09:53.553923276Z, uuid: Uuid("dce3b311-a30f-3aa6-b50c-58b129feedff") }} 2022-07-02T22:04:44.895832230+00:00 DEBUG │ │ ┕━ 🐛 [debug]: Success! 2022-07-02T22:04:44.895838562+00:00 DEBUG │ ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None }) 2022-07-02T22:04:44.898326317+00:00 INFO ┕━ LDAP request [ 19.9ms | 0.01% / 11.41% ] 2022-07-02T22:04:44.898334312+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 5, op: SearchRequest(LdapSearchRequest { base: "ou=people,dc=example,dc=com", scope: Subtree, aliases: Never, sizelimit: 1000, timelimit: 0, typesonly: false, filter: Equality("uid", "testacct"), attrs: ["memberOf", "displayName", "sAMAccountName"] }), ctrl: [] } 2022-07-02T22:04:44.898336165+00:00 DEBUG ┕━ do_search [ 19.9ms | 0.01% / 11.40% ] 2022-07-02T22:04:44.898342637+00:00 DEBUG ┝━ 🐛 [debug]: | request.base: "ou=people,dc=example,dc=com" | scope: Users 2022-07-02T22:04:44.898343740+00:00 DEBUG ┕━ get_user_list [ 19.8ms | 0.01% / 11.39% ] 2022-07-02T22:04:44.898345343+00:00 DEBUG ┝━ 🐛 [debug]: | ldap_filter: Equality("uid", "testacct") 2022-07-02T22:04:44.898348849+00:00 DEBUG ┝━ 🐛 [debug]: | parsed_filters: UserId(UserId("testacct")) 2022-07-02T22:04:44.898349691+00:00 DEBUG ┝━ expand_attribute_wildcards [ 6.83µs | 0.00% ] 2022-07-02T22:04:44.898355812+00:00 DEBUG │ ┕━ 🐛 [debug]: | ldap_attributes: ["memberOf", "displayName", "sAMAccountName"] | resolved_attributes: ["memberOf", "displayName", "sAMAccountName"] 2022-07-02T22:04:44.898358978+00:00 DEBUG ┕━ list_users [ 19.8ms | 11.37% ] 2022-07-02T22:04:44.898361463+00:00 DEBUG ┝━ 🐛 [debug]: | filters: Some(UserId(UserId("testacct"))) | get_groups: true 2022-07-02T22:04:44.898405907+00:00 DEBUG ┕━ 🐛 [debug]: | query: SELECT "users"."user_id", "email", "users"."display_name", "first_name", "last_name", "avatar", "users"."creation_date", "users"."uuid", "groups"."group_id", "groups"."display_name" AS "group_display_name", "groups"."creation_date" AS "group_creation_date", "groups"."uuid" AS "group_uuid" FROM "users" LEFT JOIN "memberships" ON "users"."user_id" = "memberships"."user_id" LEFT JOIN "groups" ON "memberships"."group_id" = "groups"."group_id" WHERE "users"."user_id" = ? ORDER BY "users"."user_id" ASC, "group_display_name" ASC ``` </details> <details> <summary>LLDAP config</summary> (kept causing formatting issues, so i pasted it externally [LLDAP Config](https://controlc.com/5d428363) ![Config](https://i.imgur.com/FAd4AnK.png) </details>

kerem

2026-02-27 08:15:06 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-27 08:15:07 +03:00

Author

Owner

@martadinata666 commented on GitHub (Jul 3, 2022):

Can you also please attach your compose and screenshoot of emby config thanks.

attached yours

@martadinata666 commented on GitHub (Jul 3, 2022): Can you also please attach your compose and screenshoot of emby config thanks. attached yours ![Config](https://i.imgur.com/FAd4AnK.png)

kerem commented

2026-02-27 08:15:07 +03:00

Author

Owner

@JaidenW commented on GitHub (Jul 3, 2022):

Docker-compose.yml

version: "3"
volumes:
lldap_data:

 driver: local

services:
lldap:
  image: nitnelave/lldap:stable
  # Change this to the user:group you want.
  user: "33:33"
  ports:
    # For LDAP
    - "25628:3890"
    # For the web front-end
    - "25629:17170"
  volumes:
    # - "lldap_data:/data"
    # Alternatively, you can mount a local folder
    - "/opt/lldap:/data"
  environment:
    - LLDAP_JWT_SECRET=Password
    - LLDAP_LDAP_USER_PASS=Password
    - LLDAP_LDAP_BASE_DN=cn=admin,ou=people,dc=example,dc=com

( Base DN was changed after the fact to dc=example,dc=com )

Emby LDAP config

LDAP config XML from emby

<?xml version="1.0"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SearchBase>ou=people,dc=example,dc=com</SearchBase>
<SearchFilter>(uid={0})</SearchFilter>
<Url>192.168.0.92</Url>
<Port>25628</Port>
<BindDn>uid=admin,ou=people,dc=example,dc=com</BindDn>
<BindCredentials>REMOVED</BindCredentials>
<EnableSsl>false</EnableSsl>
<CertHash />
<NewUserPolicy>
  <IsAdministrator>false</IsAdministrator>
  <IsHidden>true</IsHidden>
  <IsHiddenRemotely>true</IsHiddenRemotely>
  <IsHiddenFromUnusedDevices>false</IsHiddenFromUnusedDevices>
  <IsDisabled>false</IsDisabled>
  <MaxParentalRating xsi:nil="true" />
  <BlockedTags />
  <IsTagBlockingModeInclusive>false</IsTagBlockingModeInclusive>
  <IncludeTags />
  <EnableUserPreferenceAccess>true</EnableUserPreferenceAccess>
  <AccessSchedules />
  <BlockUnratedItems />
  <EnableRemoteControlOfOtherUsers>false</EnableRemoteControlOfOtherUsers>
  <EnableSharedDeviceControl>true</EnableSharedDeviceControl>
  <EnableRemoteAccess>true</EnableRemoteAccess>
  <EnableLiveTvManagement>true</EnableLiveTvManagement>
  <EnableLiveTvAccess>true</EnableLiveTvAccess>
  <EnableMediaPlayback>true</EnableMediaPlayback>
  <EnableAudioPlaybackTranscoding>true</EnableAudioPlaybackTranscoding>
  <EnableVideoPlaybackTranscoding>true</EnableVideoPlaybackTranscoding>
  <EnablePlaybackRemuxing>true</EnablePlaybackRemuxing>
  <EnableContentDeletion>false</EnableContentDeletion>
  <EnableContentDeletionFromFolders />
  <EnableContentDownloading>true</EnableContentDownloading>
  <EnableSubtitleDownloading>false</EnableSubtitleDownloading>
  <EnableSubtitleManagement>false</EnableSubtitleManagement>
  <EnableSyncTranscoding>true</EnableSyncTranscoding>
  <EnableMediaConversion>true</EnableMediaConversion>
  <EnabledChannels />
  <EnableAllChannels>true</EnableAllChannels>
  <EnabledFolders />
  <EnableAllFolders>true</EnableAllFolders>
  <InvalidLoginAttemptCount>0</InvalidLoginAttemptCount>
  <EnablePublicSharing>true</EnablePublicSharing>
  <RemoteClientBitrateLimit>0</RemoteClientBitrateLimit>
  <ExcludedSubFolders />
  <SimultaneousStreamLimit>0</SimultaneousStreamLimit>
  <EnabledDevices />
  <EnableAllDevices>true</EnableAllDevices>
</NewUserPolicy>
</PluginConfiguration>

@JaidenW commented on GitHub (Jul 3, 2022): <details> <summary>Docker-compose.yml</summary> ``` version: "3" volumes: lldap_data: driver: local services: lldap: image: nitnelave/lldap:stable # Change this to the user:group you want. user: "33:33" ports: # For LDAP - "25628:3890" # For the web front-end - "25629:17170" volumes: # - "lldap_data:/data" # Alternatively, you can mount a local folder - "/opt/lldap:/data" environment: - LLDAP_JWT_SECRET=Password - LLDAP_LDAP_USER_PASS=Password - LLDAP_LDAP_BASE_DN=cn=admin,ou=people,dc=example,dc=com ``` </details> ( Base DN was changed after the fact to dc=example,dc=com ) <details> <summary>Emby LDAP config</summary> ![LDAP Config](https://i.imgur.com/IbKVq1u.png) </details> <details> <summary>LDAP config XML from emby</summary> ``` <?xml version="1.0"?> <PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SearchBase>ou=people,dc=example,dc=com</SearchBase> <SearchFilter>(uid={0})</SearchFilter> <Url>192.168.0.92</Url> <Port>25628</Port> <BindDn>uid=admin,ou=people,dc=example,dc=com</BindDn> <BindCredentials>REMOVED</BindCredentials> <EnableSsl>false</EnableSsl> <CertHash /> <NewUserPolicy> <IsAdministrator>false</IsAdministrator> <IsHidden>true</IsHidden> <IsHiddenRemotely>true</IsHiddenRemotely> <IsHiddenFromUnusedDevices>false</IsHiddenFromUnusedDevices> <IsDisabled>false</IsDisabled> <MaxParentalRating xsi:nil="true" /> <BlockedTags /> <IsTagBlockingModeInclusive>false</IsTagBlockingModeInclusive> <IncludeTags /> <EnableUserPreferenceAccess>true</EnableUserPreferenceAccess> <AccessSchedules /> <BlockUnratedItems /> <EnableRemoteControlOfOtherUsers>false</EnableRemoteControlOfOtherUsers> <EnableSharedDeviceControl>true</EnableSharedDeviceControl> <EnableRemoteAccess>true</EnableRemoteAccess> <EnableLiveTvManagement>true</EnableLiveTvManagement> <EnableLiveTvAccess>true</EnableLiveTvAccess> <EnableMediaPlayback>true</EnableMediaPlayback> <EnableAudioPlaybackTranscoding>true</EnableAudioPlaybackTranscoding> <EnableVideoPlaybackTranscoding>true</EnableVideoPlaybackTranscoding> <EnablePlaybackRemuxing>true</EnablePlaybackRemuxing> <EnableContentDeletion>false</EnableContentDeletion> <EnableContentDeletionFromFolders /> <EnableContentDownloading>true</EnableContentDownloading> <EnableSubtitleDownloading>false</EnableSubtitleDownloading> <EnableSubtitleManagement>false</EnableSubtitleManagement> <EnableSyncTranscoding>true</EnableSyncTranscoding> <EnableMediaConversion>true</EnableMediaConversion> <EnabledChannels /> <EnableAllChannels>true</EnableAllChannels> <EnabledFolders /> <EnableAllFolders>true</EnableAllFolders> <InvalidLoginAttemptCount>0</InvalidLoginAttemptCount> <EnablePublicSharing>true</EnablePublicSharing> <RemoteClientBitrateLimit>0</RemoteClientBitrateLimit> <ExcludedSubFolders /> <SimultaneousStreamLimit>0</SimultaneousStreamLimit> <EnabledDevices /> <EnableAllDevices>true</EnableAllDevices> </NewUserPolicy> </PluginConfiguration> ``` </details>

kerem referenced this issue

2026-02-27 08:17:53 +03:00

[PR #76] [MERGED] ldap: Add support for createTimestamp and modifyTimestamp #529