Last year, I was trying to get Jellyfin‘s LDAP plug-in to work with Univention, but my attempt was not a success. I went back to Emby since the Emby implementation is easier. However, I really want to use Jellyfin because it is free and open-source software (FOSS) and I want to support and use the product that is FOSS. If you are not familiar with Jellyfin, it is a self-hosted media server that was an Emby forked. Think of Plex or Kodi.
I use Univention as my LDAP server. I always create a dedicated bind user to any of my self-hosted services and Jellyfin is no exception. I created a user account jellyfin_svc for this purpose.
In the Jellyfin settings make sure to install the LDAP-Auth plugin. Once the plug-in is installed, go to its settings. The settings below is what worked for me. I created an intranet group to group all my domain users. I am using LDAPS with this Jellyfin instance. Univention’s LDAP ports are 7389 for LDAP and 7636 for LDAPS.
The admin users are members of the built-in group Administrators. Since I am an admin, if I login with my user account, I am automatically have Jellyfin admin access and can modify the server settings.
- LDAP Server: <ip-address or hostname of the ldap server>
- Secure LDAP: If using LDAP with SSL, mark this; otherwise, leave uncheck
- Skip SSL/TLS Verification: mark this as well
- LDAP Base DN for searches: The base DN for your LDAP query
- LDAP Port: 7636
- LDAP Attributes: uid
- LDAP Name Attribute: uid
- LDAP User Filter: (memberof=cn=intranet,cn=groups,dc=networkshinobi,dc=intranet)
- LDAP Admin Filter: (memberof=cn=Administrators,cn=Builtin,dc=networkshinobi,dc=intranet)
- LDAP Bind User: uid=jellyfin_svc,cn=users,dc=networkshinobi,dc=intranet
- LDAP Bind User Password: <bind-user-passwd>
Once done, save the config and restart the jellyfin service.
systemctl restart jellyfin.service
That’s about it. Hope you’ll find this useful. Cheers!