Skip to content

LDAP Auth #601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 82 commits into
base: master
Choose a base branch
from
Open

LDAP Auth #601

wants to merge 82 commits into from

Conversation

@yaemiku
Copy link

@yaemiku yaemiku commented Sep 21, 2025

I have come across PR #346 while looking for a way to have a music server that integrates with LDAP. I managed to get it working for me. I have

  • Fixed the LDAP authentication logic. Auth is performed solely against the LDAP database. Users who pass the user filter are automatically registered when trying to log in for the first time. Users who pass the admin filter are assigned admin privileges
  • While testing, I noticed that the "Tempo" subsonic client sends the password parameter hex-encrypted (in the form of "p=enc:HEXHERE"). Added support for that as well

BetaPictoris and others added 30 commits August 5, 2023 15:19
Added LDAP link
cf3f666
Added LDAP config template
c5b35a6
Added LDAP route
ae9f95a
Made TLS checkbox work.
13bb999 
TODO: Make the styles match the rest of the page and move them out of inline.
Fixed typo
830ab09
Added saving of LDAP settings
98be763
Added TODO
1fab192
Addd default value for LDAP config page
23e797e
Removed eURL file
6b2f853
Added a way of disabling LDAP auth
6602495
Added go-ldap dep
6c8f5fa
Added LDAP auth if there is a user
fdb2ec6
Added LDAP user creation
d833859
Fixed ineffassign to
79b28ef
Fixed for LDAP connection
9c56bf6
Fix else if (gocritic)
1fd8c9b
Fixed r param revive
23d23c7
Added c.DB.SetSetting (errcheck)
80f5fac
Fixed filter labels
e5f815c
Fixed SetSetting err checking
a558947
@betapictoris
Merge branch 'sentriz:master' into ldap_auth
c317046
@betapictoris
Merge branch 'sentriz:master' into ldap_auth
fc08e0a
@betapictoris
Check errors in ldap do handler
46dac6d
@betapictoris
Fixed variable defs
94027dc
@betapictoris
Fixed bug where two requests got merged
e7d6fda
@betapictoris
Fixed use of newLDAPUser
7de6cf1
@betapictoris
Fixed newLDAPUser def
238856a
@betapictoris
Fixed newLDAPUser being reset
9e5b8d4
@betapictoris
Update username error message to match Subsonic API
d6d51ed
@betapictoris
Only try to login if there is exactly 1 user, otherwise return an error.
38ea72b
betapictoris and others added 22 commits April 1, 2024 10:40
@betapictoris
Removed LDAP web UI
dc3682d
@betapictoris
Reverted home template
8ba05ef
@betapictoris
Removed LDAP config from admin templates
6bf39cc
@betapictoris
Merge branch 'master' into ldap_auth
6d7c605
@betapictoris
Made withUser return a middleware and take dbc
6eddc2a
@betapictoris
Readded gofeed dep
995c566
@betapictoris
Have LDAP read from config
b36f26e
@betapictoris
Only allow use of subsonic API with one auth method
6ca68b2
@betapictoris
Added LDAP admin filter
5638ef5
@betapictoris
Added LDAP password cache
fccf016
@betapictoris
Fix password check for local users
f5195f1
@betapictoris
Fixed filter params
0f7e24b
@betapictoris
Do session change on failed LDAP check
e2415e9
@betapictoris
Merge branch 'sentriz:master' into ldap_auth
dc98b6a
@betapictoris
Merge branch 'master' into ldap_auth
f812c15
@betapictoris
fix: Fixed conf music path check
7159e1c
@betapictoris
go mod tidy
4c5c015
@betapictoris
lint: Fixed ineffassign on Add
758c4c7
@betapictoris
style: Made invalid auth chain less chain-y
21b562b
@betapictoris
Merge branch 'master' into ldap_auth
d9facdc
@yaemiku
Merge branch 'master' into ldap_auth
e5c192c
@yaemiku
ldap login logic, subsonic api hex encrypted password
6fba25c
@betapictoris
Copy link
Contributor

betapictoris commented Nov 1, 2025

Heya! Thanks a bunch for picking this up, I meant to fix that linting error but life got in the way. I've done a very informal glance over the code and everything looked pretty good, but I just had two questions/comments. The first is on:

+ //nolint:gochecknoglobals
  var ldapStore = make(LDAPStore)

This line is the reason that #346 wasn't getting merged, ldap.LDAPStore needs to be refactored out of ldap/ldap.go and into cmd/gonic/gonic.go to match the style of the rest of the code. I did the work to get ldap.Config into there, but never got a chance to do that with ldap.LDAPStore. In hindsight a very easy solution to this would be to create a structure within ldap/ldap.go, say ldap.State, that has fields for both the configuration and authentication cache.

- if doesLDAPUserExist(username, config, l) && !isAdmin {
+ if !doesLDAPUserExist(username, config, l) {

Does this work if someone wants to configure two different filters for admin and user accounts? I know it seems like an edge case, but given how different each LDAP server is configured it didn't seem like that bad of an idea when I was originally writing that code.

Just out of curiosity, how has it been working for you over the past couple of weeks?

@sentriz sentriz force-pushed the master branch 5 times, most recently from 7decea6 to 971d22d Compare November 11, 2025 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yaemiku @betapictoris