authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

Jellyfin LDAP Bind User Permissions

Open betterthanever2 opened this issue 1 year ago • 3 comments

I'm trying to configure LDAP integration with Jellyfin, and can't get past setting the server settings - Connect (Success); Bind: Insufficient Access Rights.

The instruction (https://docs.goauthentik.io/integrations/services/jellyfin/) is pretty vague on this:

Ideally, this user doesn't have any permissions other than the ability to view other users. However, some functions do require an account with permissions.

What specific permissions must be set here? I tried setting "Can preview user data sent to providers", "Can view User", "Can view user source connection", "View applications the user has access to", as well as a bunch LDAP-related ones, but no effect.

betterthanever2 avatar May 19 '24 16:05 betterthanever2

You will need to configure the ldap provider to use a ldapsearch group and make the user you have configured for ldap bind a member of that group.

https://docs.goauthentik.io/docs/providers/ldap/generic_setup#create-ldap-provider

mdallaire avatar May 21 '24 16:05 mdallaire

I have done all of those things. I'm getting "Insufficient Access Rights" in the plugin setup UI, and ldap_bind: Insufficient access (50) with ldap-utils

betterthanever2 avatar May 21 '24 16:05 betterthanever2

Since 2024.8 the permissions work slightly differently, the bind user needs to have permission "Search full LDAP directory" on the LDAP provider (which is migrated automatically when upgrading), and then users that should be allowed to bind to the LDAP Provider must have permissions to the authentik application assigned to the LDAP provider

BeryJu avatar Sep 12 '24 16:09 BeryJu

Since 2024.8 the permissions work slightly differently, the bind user needs to have permission "Search full LDAP directory" on the LDAP provider (which is migrated automatically when upgrading), and then users that should be allowed to bind to the LDAP Provider must have permissions to the authentik application assigned to the LDAP provider

Is it possible for you to send screenshots? I have tried to make this setting but always get the error message “Connect (Success); Bind: Connect Error”.

PlanetDyna avatar Dec 31 '24 13:12 PlanetDyna

I'm new to Authentik and am trying to setup LDAP and am running to this problem as well. I go to the LDAP provider and try to assign the "Search full LDAP directory" to my ldap-sa user and I still get the Insufficient access (50) error.

image

usmcamp0811 avatar Jan 05 '25 02:01 usmcamp0811

This seems related to this https://github.com/goauthentik/authentik/issues/12447

mcamp-ata avatar Jan 05 '25 03:01 mcamp-ata