Ombi icon indicating copy to clipboard operation
Ombi copied to clipboard

Published 20 hours ago verified publisher icon Ombi-app

WIP LDAP authentication

Open dpraul opened this issue 4 years ago • 5 comments

Never written any C# before this, so please bear with me here.

Included here is:

  • A settings page for LDAP configuration
  • LDAP authentication provided by Novell.Directory.Ldap.NETStandard, based loosely on jellyfin-plugin-ldapauth
  • An LDAP bulk importer
  • The ability to create LDAP users on-the-fly at login (uses default roles from the user management settings)
    • Had to tweak the token creation a bit for this, but IMO it's a bit easier to follow now.

Potential TODO:

  • [ ] Better documentation on settings page
  • [ ] Don't return the bind password on the settings page
  • [ ] Move ldap attribute mappings - ideally, to retrieve email, alias, etc. from directory
    • [ ] Updating the user attributes on-login when this happens (similar to in emby login)
  • [ ] LDAP filter mappings to Ombi roles
    • [ ] Would also need update on-login

This is current running and functional in my setup - going to test it out for a bit and see if it needs any changes. Others are welcome to test, just know that YMMV. I pushed a docker image for this based on the Linuxserver image, which I'm currently running in my environment. It should be a drop-in replacement for linuxserver/ombi:v4-preview. You can find it at theactualdylan/ombi-tests:ldap-1

dpraul avatar Oct 10 '20 21:10 dpraul

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Dec 11 '20 07:12 stale[bot]

Whewps guess I should return to this PR soon!

dpraul avatar Dec 11 '20 14:12 dpraul

I'm interested in testing this out too, so I'll give some feedback on how well it works with OpenLDAP and in comparison to Jellyfin-"proxied" imports over the next week or so. I did a bunch of work on the LDAP Jellyfin plugin so I can hopefully catch some things. One comment: the UserType of 5 is a conflict with my Jellyfin PR #3924; I don't mind changing one or the other, if you want to lay claim to it ;-)

joshuaboniface avatar Dec 13 '20 07:12 joshuaboniface

Gonna try to actually return to this PR soon!

To that extent, I've since nuked my C# setup - which was no loss since I'm a baby C# developer and had no clue what I was doing. Is there any documentation I missed on setting up the development workspace for this repo? I had a messy time before swapping between vscode/WebStorm for the TypeScript portions and Visual Studio for the C# portions.

I'm interested in testing this out too, so I'll give some feedback on how well it works with OpenLDAP and in comparison to Jellyfin-"proxied" imports over the next week or so. I did a bunch of work on the LDAP Jellyfin plugin so I can hopefully catch some things. One comment: the UserType of 5 is a conflict with my Jellyfin PR #3924; I don't mind changing one or the other, if you want to lay claim to it ;-)

Did you ever do any testing? I've had this running pretty much since I created this PR with no issues using OpenLDAP, but I have very few users, so would love more UATing. Also - needless to say at this point, but you got UserType 5 in before I did, so I will update this.

dpraul avatar Jan 11 '21 23:01 dpraul

Hi All! If there is still any interest in this PR, I would love to be a tester!

BurninTurtles avatar Oct 04 '21 23:10 BurninTurtles