Update index.md (#8056)

Signed-off-by: Bryan J. <132493975+chkpwd@users.noreply.github.com>
This commit is contained in:
Bryan J 2024-01-04 10:27:57 -05:00 committed by GitHub
parent 2064395434
commit a3ec4e7948
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 14 deletions

View File

@ -15,7 +15,7 @@ Jellyfin does not have any native external authentication support as of the writ
::: :::
:::note :::note
Currently there are two plugins for Jelyfin that provide external authenticaion, an OIDC plugin and an LDAP plugin. This guide focuses on the use of the LDAP plugin. Currently, there are two plugins for Jellyfin that provide external authentication, an OIDC plugin and an LDAP plugin. This guide focuses on the use of the LDAP plugin.
::: :::
:::caution :::caution
@ -34,49 +34,49 @@ The following placeholders will be used:
## Jellyfin configuration ## Jellyfin configuration
1. If you don't have one already create an LDAP bind user before starting these steps. 1. If you don't have one already, create an LDAP bind user before starting these steps.
- Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions. - Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions.
- This user must be part of the group that is specified in the "Search group" in the LDAP outpost. - This user must be part of the group that is specified in the "Search group" in the LDAP outpost.
2. Navigate to your Jellyfin installation and log in with the admin account or currently configured local admin. 2. Navigate to your Jellyfin installation and log in with the admin account or currently configured local admin.
3. Open the administrator dashboard and go to the "Plugins" section. 3. Open the administrator dashboard and go to the "Plugins" section.
4. Click "Catalog" at the top of the page, and locate the "LDAP Authentication Plugin" 4. Click "Catalog" at the top of the page, and locate the "LDAP Authentication Plugin"
5. Install the plugin. You may need to restart Jellyfin to finish installation. 5. Install the plugin. You may need to restart Jellyfin to finish installation.
6. Once finished navigate back to the plugins section of the admin dashboard, click the 3 dots on the "LDAP-Auth Plugin" card, and click settings. 6. Once finished, navigate back to the plugins section of the admin dashboard, click the 3 dots on the "LDAP-Auth Plugin" card, and click settings.
7. Configure the LDAP Settings as follows: 7. Configure the LDAP Settings as follows:
- `LDAP Server`: `ldap.company.com` - `LDAP Server`: `ldap.company.com`
- `LDAP Port`: 636 - `LDAP Port`: 636
- `Secure LDAP`: **Checked** - `Secure LDAP`: **Checked**
- `StartTLS`: Unchecked - `StartTLS`: Unchecked
- `Skip SSL/TLS Verification`: - `Skip SSL/TLS Verification`:
- If using a certificate issued by a certificate authority Jellyfin trusts, leave this unchecked. - If using a certificate issued by a certificate authority, Jellyfin trusts, leave this unchecked.
- If you're using a self signed certificate, check this box. - If you're using a self-signed certificate, check this box.
- `Allow password change`: Unchecked - `Allow password change`: Unchecked
- Since authentik already has a frontend for password resets, its not necessary to include this in Jellyfin, especially since it requires bind user to have privileges. - Since authentik already has a frontend for password resets, it's not necessary to include this in Jellyfin, especially since it requires bind user to have privileges.
- `Password Reset URL`: Empty - `Password Reset URL`: Empty
- `LDAP Bind User`: Set this to a the user you want to bind to in authentik. By default the path will be `ou=users,dc=company,dc=com` so the LDAP Bind user will be `cn=ldap_bind_user,ou=users,dc=company,dc=com`. - `LDAP Bind User`: Set this to a user you want to bind to in authentik. By default, the path will be `ou=users,dc=company,dc=com` so the LDAP Bind user will be `cn=ldap_bind_user,ou=users,dc=company,dc=com`.
- `LDAP Bind User Password`: The Password of the user. If using a Service account, this is the token. - `LDAP Bind User Password`: The Password of the user. If using a Service account, this is the token.
- `LDAP Base DN for Searches`: the base DN for LDAP queries. To query all users set this to `dc=company,dc=com`. - `LDAP Base DN for Searches`: the base DN for LDAP queries. To query all users, set this to `dc=company,dc=com`.
- You can specify an OU if you divide your users up into different OUs and only want to query a specific OU. - You can specify an OU if you divide your users up into different OUs and only want to query a specific OU.
At this point click `Save and Test LDAP Server Settings`. If the settings are correct you will see: At this point, click `Save and Test LDAP Server Settings`. If the settings are correct, you will see:
`Connect(Success); Bind(Success); Base Search (Found XY Entities)` `Connect(Success); Bind(Success); Base Search (Found XY Entities)`
- `LDAP User Filter`: This is used to a user filter on what users are allowed to login. **This must be set** - `LDAP User Filter`: This is used to a user filter on what users are allowed to login. **This must be set**
- To allow all users: `(objectClass=user)` - To allow all users: `(objectClass=user)`
- To only allow users in a specific group: `(memberOf=cn=jellyfin_users,ou=groups,dc=company,dc=com)` - To only allow users in a specific group: `(memberOf=cn=jellyfin_users,ou=groups,dc=company,dc=com)`
- Good Docs on LDAP Filters: [atlassian.com](https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html) - Good Docs on LDAP Filters: [atlassian.com](https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html)
- `LDAP Admin Base DN`: All of the users in this DN are automatically set as admins. - `LDAP Admin Base DN`: All the users in this DN are automatically set as admins.
- This can be left blank. Admins can be set manually outside of this filter - This can be left blank. Admins can be set manually outside this filter
- `LDAP Admin Filter`: Similar to the user filter, but every matched user is set as admin. - `LDAP Admin Filter`: Similar to the user filter, but every matched user is set as admin.
- This can be left blank. Admins can be set manually outside of this filter - This can be left blank. Admins can be set manually outside this filter
At this point click `Save and Test LDAP Filter Settings`. If the settings are correct you will see: At this point, click `Save and Test LDAP Filter Settings`. If the settings are correct, you will see:
`Found X user(s), Y admin(s)` `Found X user(s), Y admin(s)`
- `LDAP Attributes`: `uid, cn, mail, displayName` - `LDAP Attributes`: `uid, cn, mail, displayName`
- `Enable case Insensitive Username`: **Checked** - `Enable case Insensitive Username`: **Checked**
At this point, enter in a username and click "Save Search Attribute Settings and Query User". If the settings are correct you will see: At this point, enter a username and click "Save Search Attribute Settings and Query User". If the settings are correct, you will see:
`Found User: cn=test,ou=users,dc=company,dc=com` `Found User: cn=test,ou=users,dc=company,dc=com`
- `Enabled User Creation`: **Checked** - `Enabled User Creation`: **Checked**