Add LDAP Support

[mariof1]

Will it be possible to integrate Active Directory / LDAP authentication?

[deluan]

Thanks for trying Navidrome!

I may implement LDAP support, yes. But right now I'm focused on the features from the roadmap.

That being said, depending on the demand I may implement LDAP support before other features.

[helmut72]

LDAP support will be great. I have that many services running at home, it's even useful for private family installations.

[brianclemens]

(To help gauge demand) +1 for LDAP support!

[ericgaspar]

LDAP support for Navidrome installed with YunoHost will be a plus

[ghost-of-cerberus]

Looks like Sohalt made decent progress on #590 for adding LDAP. PR looks like it's set but @deluan, you were going to take another look. Just wanted to see if there had been any progress on this as it's not on the roadmap and it appears many of the roadmap items have been completed or are close to completion. Again, not rushing. Just curious as I am definitely interested in this feature. Thanks!

[timothysnave]

I also don't mean to rush, just wanted to voice my support for LDAP. I have a home setup like @helmut72 with a bunch of apps, and would love to have one user to rule them all.

[andrewzah]

+1 for LDAP support as well, but if SSO solutions like Keycloak (which can sync with ldap) are supported, those are preferable to plain LDAP for me.

[PoGo606]

+1 for LDAP support as well, but if SSO solutions like Keycloak (which can sync with ldap) are supported, those are preferable to plain LDAP for me.

I second this. LDAP and/or SSO support will be great. Don't hesitate to reach out if any beta testing is needed !

[rafaelmathieu]

+1 for LDAP to be supported. This is the only reason I am currently still using jellyfin for music.

[fockr]

I was about to suggest Navidrome as feature app for the Freedombox. LDAP is the only feature still needed to be compatible... Did I mention I :heart: this application? Thanks for your work, it's highly appreciated!

[zvercodebender]

+1 for LDAP support

[centuryx476]

+1 support for LDAP. This would be a killer feature...

[UserThre3]

+1 for LDAP support

[Wmartin417]

+1 for LDAP support

[rachalsolutions]

+1 for LDAP support

[Chel]

+1

[overflow-ITA]

+1

[khalimerot]

+1

[gbolton2008]

+1 for LDAP and ideally other SSO authentication methods such as OpenID Connect

[mlanies]

+1 LDAP

[tynorton]

+1 for LDAP

[ghost]

+1 for LDAP

[pogmommy]

Would also love to see ldap support!

[tbelway]

LDAP would be a killer feature to have and would make user management so much nicer. +1 LDAP

[fredmorais]

+1 for LDAP support. This would be really helpful!

[Comdriver]

Take my plus one for LDAP support from a weirdo running AD at home. Already have it for my video server, would be great to use LDAP for audio too.

[renekuehl]

+1 for LDAP/SSO. Running Samba 4 AD here, with some selfhosted apps using it for authentication. Navidrome would be welcome to do so ;)

[pimauchama]

+1 for LDAP support.

[Eschguy]

+1 for LDAP support

[FrancoisDeweulf]

+2 for LDAP support

[khalimerot]

I see a lot of people posting theses +1 for LDAP, and i think i was one of them. But even if navidrome does not support LDAP you can have an LDAP support with the help of an authentication proxy.

I personally use Authelia for this now, and it works well (at least for my usage)

I just leave this here so people wanting LDAP can search for a solution.

[helmut72]

But even if navidrome does not support LDAP you can have an LDAP support with the help of an authentication proxy.

I ask me the same and also use Authelia. The password in ND then became an API password for Apps and can be really long. But you need to exclude the /rest path from the auth proxy.

Also there is one real drawback: the first created user isn't an admin. First you need to connect to ND without any reverse proxy, create an admin user with the same name you want to have in your LDAP directory. Only then put a reverse proxy in front of ND.

Another topic is no logout URL...

Some notes from me here: https://github.com/navidrome/navidrome/issues/176#issuecomment-1120423438

and here: https://github.com/navidrome/navidrome/issues/1723

All at all implement LDAP is probably more time consuming than finetune the current header based auth in some way and place some config example for all popular reverse proxy...

[bfd69]

Hello first let me congratulate you for the great job your doing !, i tried many servers and yours is far ahead in all terms ! +1 for ldap, i'd love to use ldap in addition to header auth, i would use header auth for regular web access and openldap for subsonic api

for me there is just openldap support and artist art folder that is missing to fully migrate from ampache to navidrome. and just a littlte tip : it would be nice if you add a chown on the folders in your entrypoint if uid or gid <> 0 the service start would be more fluent.

again thanks a lot for the app and for hearing me best regards and happy new year !

[gmsotavio]

+1 for LDAP

[alvitali]

I'd love to see support for LDAP or alternative authentication methods like header auth or even OIDC

[renekuehl]

I'd love to see support for LDAP or alternative authentication methods like header auth or even OIDC

You can use Header Authentication (see https://www.navidrome.org/docs/usage/security/#reverse-proxy-authentication). I used it with Authelia and it worked...

[alvitali]

You can use Header Authentication (see https://www.navidrome.org/docs/usage/security/#reverse-proxy-authentication). I used it with Authelia and it worked...

Thanks for pointing this out, I'll definitely set this up.

As it stands right now though, that's only a minor convenience for myself and existing users, as I'd still have to create every new user by hand. What I'd love to see is the option to automatically add a new user upon login with LDAP or OIDC. Should have written my comment better!

[helmut72]

I'd still have to create every new user by hand.

No, it will created automatically: https://github.com/navidrome/navidrome/issues/1723

What I miss is a logout feature and at least the first created user should be an admin user, if no header with group information is supported.