Help in Configuring Jellyfin LDAP Settings

Currently reading
Help in Configuring Jellyfin LDAP Settings

Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
Hi all,

I recently installed Authelia with thanks from @Rusty guide and have it in front of my Jellyfin web server (which is installed as host on my machine). I recently found out that jellyfin has an LDAP plugin so I'm hoping that by leveraging that, the LDAP plugin will pull from user info in Synology's LDAP server so I don't need to login twice. So the goal would be to just log in via 2FA to Authelia and then once that's entered in correctly, the user authenticated for Authelia then auto logs into the corresponding Jellyfin user without needing to login separately to Jellyfin.

I just need a bit of help understanding what the correct LDAP server settings should be entered into in the Jellyfin LDAP plugin. I've taken a picture below to show you what I mean. I think the issue may be related to the LDAP User and LDAP admin filters. I saw the Bind User and User Password already in the Synology LDAP Server settings. Also, Synology's LDAP server isn't using SSL is it?

Note: I have replaced my subdomain with the "subdomain" text so that's why its there but that is different on my side. Just looking to see what I may have overlooked in the LDAP settings.

LDAP Server: <NAS IP Address or hostname of LDAP server >
Secure LDAP: If using LDAP with SSL
Skip SSL/TLS Verification:
LDAP Base DN for searches:
LDAP port: 389
LDAP Attributes: uid
LDAP Name Attribute: uid
LDAP User Filter: (memberOf=cn=JellyfinUsers,dc=subdomain,dc=synology,dc=me)
LDAP Admin Filter: (memberOf=cn=JellyAdmin,cn=groups,dc=subdomain,dc=synology,dc=me)
LDAP Bind User: uid=root,cn=users,dc=subdomain,dc=synology,dc=me
LDAP Bind User Password: <bind-user-password>

The LDAP Bind User is the user account used to perform the ldap lookups. Any account will do, preferably one with the least amount of privilges (hint: especialy not root!).

Ldap itself is "just" an identity provider. Unless JellyFin has a SSO Authelia integration, single sign on won't happen. I haven't check Authelia, since I run keycloak and use oidc for SSO - many apps provide an integration, but not every application does. Some provide SAMLv2 integration (which keycloak would provide as well), but the most applications don't even provide any sort of SSO integration.

Thus said, I am afraid JellyFin has no integration for any of the wide spread SSO protocols like saml, oauth or oidc.
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Looks like I triggered you somehow with my post: it was not my intention. I have no idea whether bash or...

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!