jellyfin-plugin-ldapauth icon indicating copy to clipboard operation
jellyfin-plugin-ldapauth copied to clipboard

Published 20 hours ago verified publisher icon jellyfin

RFC: Per 'Library Access' defaults for LDAP filters

Open jketreno opened this issue 3 years ago • 7 comments

I started implementing a POC to allow the admin to define default library access permissions grouped by LDAP filters.

Here is an initial screen shot. Before I plum in the backend, I wanted to get comments or feedback on:

  1. Is there interest in this in the upstream project?
  2. Does this UX look like it aligns with how the plugin should present itself?

image

When the user clicks 'Delete' on an item, it would prompt prior to deleting that filter group.

When the user clicks + it would pop up a dialog allowing them to define the filter and select which libraries are available.

When the user clicks 'Edit' it would pup up that same dialog, pre-filled with the current settings.

These settings would only be used during initial Jellyfin user creation.

These options are only available if 'Enable User Creation' is selected.

jketreno avatar Nov 04 '21 18:11 jketreno

Thanks for opening a RFC! This sounds like something that would be very useful to have. The UI seems easy to follow, so good work on that

crobibero avatar Nov 05 '21 22:11 crobibero

I'd be very interested in learning how to do this.

bloomfieldcollege avatar Nov 08 '21 15:11 bloomfieldcollege

This would be a very nice feature. I think I remember that I tried to set the default for new users to NO Library. But now I have the issue that my LDAP users are created by other systems and are allowed to access jellyfin too. The problem is now that as admin I cannot restrict access as they do not show up in jellyfin before the first log in.

twinkybot avatar Nov 09 '21 16:11 twinkybot

I'd like to say that I'm also very interested in having a system like this in place. Thanks for working on it!

So I'm clear, this form would be available on each library? Would there be a place for global default library access?

BDaddyG avatar Nov 17 '21 14:11 BDaddyG

@BDaddyG I hadn't considered mapping each Library to a unique LDAP filter... I had been thinking the reverse; you would add an LDAP filter and then select which Libraries are enabled for users that match that filter. I like your suggestion better -- the admin flow would be to show the list of Libraries, and for each one, let the admin assign an LDAP filter for users that would have access to that Library.

And as you suggest, also have a 'Default' LDAP filter that is used for any Library which does not have an explicit LDAP filter defined.

Hopefully I'll have some time this weekend to put together a different POC UX flow, and if it makes sense, I'll start on the implementation.

jketreno avatar Nov 17 '21 21:11 jketreno

@jketreno Has this effort been abandoned? I just started down the road of jellyfin ldap auth and was surprised by the lack of features regarding per library permissions. I am happy to test your implementation with either 10.7 or 10.8 and Synology Directory services.

kellcomnet2 avatar Apr 12 '22 15:04 kellcomnet2

Ya this would be an awesome feature to bring back

ritkit avatar Aug 26 '22 13:08 ritkit