Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Jellyfin
  3. ldap authentication not working

ldap authentication not working

Scheduled Pinned Locked Moved Solved Jellyfin
ldap
17 Posts 3 Posters 3.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chymianC Offline
      chymianC Offline
      chymian
      wrote on last edited by girish
      #1

      authentication against ldap not working.
      there is one ldap-group allowed to access jellyfin (and other apps).

      when trying to log in on jellyfin, this error is thrown

      Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin: Found no users matching itsme in LDAP search.
      Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Server.Implementations.Users.UserManager: Error authenticating with provider LDAP-Authentication
      Aug 24 13:03:18 MediaBrowser.Controller.Authentication.AuthenticationException: Found no LDAP users matching provided username.
      Aug 24 13:03:18 at Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin.LocateLdapUser(String username)
      Aug 24 13:03:18 at Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin.Authenticate(String username, String password)
      Aug 24 13:03:18 at Jellyfin.Server.Implementations.Users.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)
      Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Server.Implementations.Users.UserManager: Error authenticating with provider Default
      Aug 24 13:03:18 MediaBrowser.Controller.Authentication.AuthenticationException: Specified user does not exist.
      Aug 24 13:03:18 at Jellyfin.Server.Implementations.Users.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser)
      Aug 24 13:03:18 at Jellyfin.Server.Implementations.Users.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)
      Aug 24 13:03:18 [11:03:18] [INF] [91] Jellyfin.Server.Implementations.Users.UserManager: Authentication request for itsme has been denied (IP: 63.250.xx.xxx).
      Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Server.Middleware.ExceptionMiddleware: Error processing request: Invalid username or password entered. URL POST /Users/authenticatebyname.
      Aug 24 13:03:18 [11:03:18] [WRN] [91] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from https://jelly.domain.org/Users/authenticatebyname to 63.250.xx.xxx in 0:00:00.5045031 with Status Code 401
      
      nebulonN 1 Reply Last reply
      0
      • chymianC chymian

        authentication against ldap not working.
        there is one ldap-group allowed to access jellyfin (and other apps).

        when trying to log in on jellyfin, this error is thrown

        Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin: Found no users matching itsme in LDAP search.
        Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Server.Implementations.Users.UserManager: Error authenticating with provider LDAP-Authentication
        Aug 24 13:03:18 MediaBrowser.Controller.Authentication.AuthenticationException: Found no LDAP users matching provided username.
        Aug 24 13:03:18 at Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin.LocateLdapUser(String username)
        Aug 24 13:03:18 at Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin.Authenticate(String username, String password)
        Aug 24 13:03:18 at Jellyfin.Server.Implementations.Users.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)
        Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Server.Implementations.Users.UserManager: Error authenticating with provider Default
        Aug 24 13:03:18 MediaBrowser.Controller.Authentication.AuthenticationException: Specified user does not exist.
        Aug 24 13:03:18 at Jellyfin.Server.Implementations.Users.DefaultAuthenticationProvider.Authenticate(String username, String password, User resolvedUser)
        Aug 24 13:03:18 at Jellyfin.Server.Implementations.Users.UserManager.AuthenticateWithProvider(IAuthenticationProvider provider, String username, String password, User resolvedUser)
        Aug 24 13:03:18 [11:03:18] [INF] [91] Jellyfin.Server.Implementations.Users.UserManager: Authentication request for itsme has been denied (IP: 63.250.xx.xxx).
        Aug 24 13:03:18 [11:03:18] [ERR] [91] Jellyfin.Server.Middleware.ExceptionMiddleware: Error processing request: Invalid username or password entered. URL POST /Users/authenticatebyname.
        Aug 24 13:03:18 [11:03:18] [WRN] [91] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from https://jelly.domain.org/Users/authenticatebyname to 63.250.xx.xxx in 0:00:00.5045031 with Status Code 401
        
        nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        @chymian I just did a fresh installation of jellyfin here and LDAP login is working as expected. Can you double check that the user you are trying with has access to the app as configured through the Cloudron dashboard?

        chymianC 1 Reply Last reply
        0
        • mehdiM Offline
          mehdiM Offline
          mehdi
          App Dev
          wrote on last edited by
          #3

          @chymian also, maybe you are trying to login with email instead of username? Did you change anything at all to the default config?

          1 Reply Last reply
          0
          • nebulonN nebulon

            @chymian I just did a fresh installation of jellyfin here and LDAP login is working as expected. Can you double check that the user you are trying with has access to the app as configured through the Cloudron dashboard?

            chymianC Offline
            chymianC Offline
            chymian
            wrote on last edited by chymian
            #4

            @nebulon it is as I described and not working for any of the users in that group. all other apps used with this group are working fine.
            from the history: I had an empty jellyfin install a couple of month ago, deleted it (unused) because at that time I dropped the idea around the initial usecase. now, a new usecase came up and I installed it new.
            with the second fresh install I have these pbls.

            @mehdi, look at the log & you see that there is a username used, not a email. (and shouldn't it work with both?)

            the only thing I changed, after it was not working, was the servername in the general-settings, from an UUID to the fqdn, in the hope it would be better. that's all.

            nebulonN 1 Reply Last reply
            0
            • chymianC chymian

              @nebulon it is as I described and not working for any of the users in that group. all other apps used with this group are working fine.
              from the history: I had an empty jellyfin install a couple of month ago, deleted it (unused) because at that time I dropped the idea around the initial usecase. now, a new usecase came up and I installed it new.
              with the second fresh install I have these pbls.

              @mehdi, look at the log & you see that there is a username used, not a email. (and shouldn't it work with both?)

              the only thing I changed, after it was not working, was the servername in the general-settings, from an UUID to the fqdn, in the hope it would be better. that's all.

              nebulonN Offline
              nebulonN Offline
              nebulon
              Staff
              wrote on last edited by
              #5

              @chymian does that username you tried contain any special characters which might fail here? Also can you install a fresh instance, letting all Cloudron users have access and then try with that username again? Just trying to narrow this down here, since I cannot reproduce the failure.

              chymianC 1 Reply Last reply
              0
              • nebulonN nebulon

                @chymian does that username you tried contain any special characters which might fail here? Also can you install a fresh instance, letting all Cloudron users have access and then try with that username again? Just trying to narrow this down here, since I cannot reproduce the failure.

                chymianC Offline
                chymianC Offline
                chymian
                wrote on last edited by
                #6

                @nebulon

                1. the test-userame is all eng. ascii-letters, as you can see in the log: "itsme"
                2. opened up the existing install to all users, no change

                since the tar-backup to a minio S3 running @ hetzner-VM to a cifs-connected storage-box is veeeery slow (~1MBps), we have to wait for that to finish…

                1. to see the result of a new instance installed, diff. domain with all users allowed:

                2. meanwhile, is there a ldap query/cat which I can use from inside the container to check the connectivity?

                nebulonN chymianC 2 Replies Last reply
                0
                • chymianC chymian

                  @nebulon

                  1. the test-userame is all eng. ascii-letters, as you can see in the log: "itsme"
                  2. opened up the existing install to all users, no change

                  since the tar-backup to a minio S3 running @ hetzner-VM to a cifs-connected storage-box is veeeery slow (~1MBps), we have to wait for that to finish…

                  1. to see the result of a new instance installed, diff. domain with all users allowed:

                  2. meanwhile, is there a ldap query/cat which I can use from inside the container to check the connectivity?

                  nebulonN Offline
                  nebulonN Offline
                  nebulon
                  Staff
                  wrote on last edited by
                  #7

                  @chymian I guess you can use the following command in the webterminal to check how many users are returned for that app through LDAP to test connection:

                  ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD}
                  
                  chymianC 1 Reply Last reply
                  0
                  • nebulonN nebulon

                    @chymian I guess you can use the following command in the webterminal to check how many users are returned for that app through LDAP to test connection:

                    ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD}
                    
                    chymianC Offline
                    chymianC Offline
                    chymian
                    wrote on last edited by
                    #8

                    @nebulon said in ldap authentication not working:

                    ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD}

                    root@44432c3c-9b9d-4a24-96d7-1cc2130f3ec2:/# ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD}
                    # extended LDIF
                    #
                    # LDAPv3
                    # base <> (default) with scope subtree
                    # filter: (objectclass=*)
                    # requesting: ALL
                    #
                    
                    # search result
                    search: 2
                    result: 32 No such object
                    text: No tree found for: 
                    
                    # numResponses: 1
                    
                    nebulonN 1 Reply Last reply
                    0
                    • chymianC chymian

                      @nebulon said in ldap authentication not working:

                      ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD}

                      root@44432c3c-9b9d-4a24-96d7-1cc2130f3ec2:/# ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD}
                      # extended LDIF
                      #
                      # LDAPv3
                      # base <> (default) with scope subtree
                      # filter: (objectclass=*)
                      # requesting: ALL
                      #
                      
                      # search result
                      search: 2
                      result: 32 No such object
                      text: No tree found for: 
                      
                      # numResponses: 1
                      
                      nebulonN Offline
                      nebulonN Offline
                      nebulon
                      Staff
                      wrote on last edited by
                      #9

                      @chymian oh sorry my snippet was somehow missing the last argument, it should be:

                      ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD} -b ${CLOUDRON_LDAP_USERS_BASE_DN}
                      
                      chymianC 1 Reply Last reply
                      0
                      • nebulonN nebulon

                        @chymian oh sorry my snippet was somehow missing the last argument, it should be:

                        ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD} -b ${CLOUDRON_LDAP_USERS_BASE_DN}
                        
                        chymianC Offline
                        chymianC Offline
                        chymian
                        wrote on last edited by
                        #10

                        @nebulon said in ldap authentication not working:

                        @chymian oh sorry my snippet was somehow missing the last argument, it should be:

                        ldapsearch -H ${CLOUDRON_LDAP_URL} -D ${CLOUDRON_LDAP_BIND_DN} -w ${CLOUDRON_LDAP_BIND_PASSWORD} -b ${CLOUDRON_LDAP_USERS_BASE_DN}
                        

                        that works, shows all users in that group.

                        1 Reply Last reply
                        0
                        • chymianC Offline
                          chymianC Offline
                          chymian
                          wrote on last edited by
                          #11

                          if I chose another group, the results change accordingly.
                          so on that level, LDAP User/Group query seems to work.

                          mehdiM 1 Reply Last reply
                          0
                          • chymianC chymian

                            if I chose another group, the results change accordingly.
                            so on that level, LDAP User/Group query seems to work.

                            mehdiM Offline
                            mehdiM Offline
                            mehdi
                            App Dev
                            wrote on last edited by
                            #12

                            @chymian Did it not work as soon as you installed the app ? Or did it use to work then stopped sometime ? Maybe after an app update or something ?

                            chymianC 1 Reply Last reply
                            0
                            • mehdiM mehdi

                              @chymian Did it not work as soon as you installed the app ? Or did it use to work then stopped sometime ? Maybe after an app update or something ?

                              chymianC Offline
                              chymianC Offline
                              chymian
                              wrote on last edited by
                              #13

                              @mehdi said in ldap authentication not working:

                              @chymian Did it not work as soon as you installed the app ? Or did it use to work then stopped sometime ? Maybe after an app update or something ?

                              for the first install, I cannot say.
                              for the second - actual - install, it didn't work from the beginning.

                              mehdiM 1 Reply Last reply
                              0
                              • chymianC chymian

                                @mehdi said in ldap authentication not working:

                                @chymian Did it not work as soon as you installed the app ? Or did it use to work then stopped sometime ? Maybe after an app update or something ?

                                for the first install, I cannot say.
                                for the second - actual - install, it didn't work from the beginning.

                                mehdiM Offline
                                mehdiM Offline
                                mehdi
                                App Dev
                                wrote on last edited by
                                #14

                                @chymian At this point, the only thing left to try would be another instance of the app.

                                1 Reply Last reply
                                0
                                • chymianC chymian

                                  @nebulon

                                  1. the test-userame is all eng. ascii-letters, as you can see in the log: "itsme"
                                  2. opened up the existing install to all users, no change

                                  since the tar-backup to a minio S3 running @ hetzner-VM to a cifs-connected storage-box is veeeery slow (~1MBps), we have to wait for that to finish…

                                  1. to see the result of a new instance installed, diff. domain with all users allowed:

                                  2. meanwhile, is there a ldap query/cat which I can use from inside the container to check the connectivity?

                                  chymianC Offline
                                  chymianC Offline
                                  chymian
                                  wrote on last edited by
                                  #15

                                  @nebulon, @mehdi

                                  since the tar-backup to a minio S3 running @ hetzner-VM to a cifs-connected storage-box is veeeery slow (~1MBps), we have to wait for that to finish…

                                  to see the result of a new instance installed, diff. domain with all users allowed:

                                  the new instance on a diff. domain, works as expected:

                                  • all users: ok
                                  • group only: ok

                                  since all data (>300G) are on external (S3) volumes, which are fstab-mounted onto the system with the fabulous goofys and provided to the app via volumes, I reinstalled the primary instance, same fqdn, same LDAP-group: every seems to work now.

                                  the culprit is left unidentified!
                                  thx for your time & support, guys

                                  nebulonN 1 Reply Last reply
                                  1
                                  • chymianC chymian

                                    @nebulon, @mehdi

                                    since the tar-backup to a minio S3 running @ hetzner-VM to a cifs-connected storage-box is veeeery slow (~1MBps), we have to wait for that to finish…

                                    to see the result of a new instance installed, diff. domain with all users allowed:

                                    the new instance on a diff. domain, works as expected:

                                    • all users: ok
                                    • group only: ok

                                    since all data (>300G) are on external (S3) volumes, which are fstab-mounted onto the system with the fabulous goofys and provided to the app via volumes, I reinstalled the primary instance, same fqdn, same LDAP-group: every seems to work now.

                                    the culprit is left unidentified!
                                    thx for your time & support, guys

                                    nebulonN Offline
                                    nebulonN Offline
                                    nebulon
                                    Staff
                                    wrote on last edited by
                                    #16

                                    @chymian any chance you may have tweaked some configs or so on the other instance, which may have caused an issue?

                                    chymianC 1 Reply Last reply
                                    0
                                    • nebulonN nebulon

                                      @chymian any chance you may have tweaked some configs or so on the other instance, which may have caused an issue?

                                      chymianC Offline
                                      chymianC Offline
                                      chymian
                                      wrote on last edited by
                                      #17

                                      @nebulon

                                      the only thing I changed, after it was not working, was the servername in the general-settings, from an UUID to the fqdn, in the hope it would be better. that's all.

                                      sorry, I double thought of that also, but no, I haven't. I remember that after creating the instance I did set up my usual admin account & then had to add my personal user-account manually, I assumed there was no LDAP-connection (like wallabag), but did'nt check on it due to timely-restrictions. (means also NO time to fiddle with the setup)
                                      only after I added more users to it I checked for an LDAP-plugin and saw it is existent, but was not working. also - due to timely-restirctions - not investigating why it didn't work out of the box.
                                      since I had some time now, I started investigating, especially, since I had to create more and more user-accounts all way long, as the provided media gained on interests.

                                      after 35 years of systemadministration, I know, sometimes unexplainable things happen – it's just not always straight forward as it everyone would suspect.

                                      hab's gut derweil
                                      cheers
                                      günter

                                      1 Reply Last reply
                                      0
                                      Reply
                                      • Reply as topic
                                      Log in to reply
                                      • Oldest to Newest
                                      • Newest to Oldest
                                      • Most Votes


                                        • Login

                                        • Don't have an account? Register

                                        • Login or register to search.
                                        • First post
                                          Last post
                                        0
                                        • Categories
                                        • Recent
                                        • Tags
                                        • Popular
                                        • Bookmarks
                                        • Search