From 8c800ad0d368d507676393a85f436327dee6dc66 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Wed, 13 May 2026 01:56:45 +0200
Subject: [PATCH] Jellyfin LDAP

---
 modules/server/containers/apps/jellyfin.nix   |  6 ++++
 .../containers/data/jellyfin/LDAP-Auth.xml    | 29 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 modules/server/containers/data/jellyfin/LDAP-Auth.xml

diff --git a/modules/server/containers/apps/jellyfin.nix b/modules/server/containers/apps/jellyfin.nix
index 31112a3..39a6882 100644
--- a/modules/server/containers/apps/jellyfin.nix
+++ b/modules/server/containers/apps/jellyfin.nix
@@ -12,6 +12,12 @@ let
       ExposedPorts = { "8096/tcp" = { }; };
     };
   };
+  #LDAP_DC_DOMAIN = "dc=ldap,dc=helcel,dc=net"
+  #HOST=...
+  #LDAP_BIND_USER=ldap-sa
+  #LDAP_BIND_PASSWORD=...
+  #LDAP_GROUP=flix
+  #LDAP_ADMIN=admin
 in {
   paths = [
     {
diff --git a/modules/server/containers/data/jellyfin/LDAP-Auth.xml b/modules/server/containers/data/jellyfin/LDAP-Auth.xml
new file mode 100644
index 0000000..17146ce
--- /dev/null
+++ b/modules/server/containers/data/jellyfin/LDAP-Auth.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <LdapUsers />
+  <LdapServer>@HOST@</LdapServer>
+  <LdapPort>389</LdapPort>
+  <UseSsl>false</UseSsl>
+  <UseStartTls>false</UseStartTls>
+  <SkipSslVerify>true</SkipSslVerify>
+  <LdapBindUser>cn=@LDAP_BIND_USER@,ou=users,@LDAP_DC_DOMAIN@</LdapBindUser>
+  <LdapBindPassword>@LDAP_BIND_PASSWORD@</LdapBindPassword>
+  <LdapBaseDn>@LDAP_DC_DOMAIN@</LdapBaseDn>
+  <LdapSearchFilter>(memberOf=cn=@LDAP_GROUP@,ou=groups,@LDAP_DC_DOMAIN@)</LdapSearchFilter>
+  <LdapAdminBaseDn />
+  <LdapAdminFilter>(memberOf=cn=@LDAP_ADMIN@,ou=groups,@LDAP_DC_DOMAIN@)</LdapAdminFilter>
+  <EnableLdapAdminFilterMemberUid>false</EnableLdapAdminFilterMemberUid>
+  <LdapSearchAttributes>uid, cn, mail, displayName</LdapSearchAttributes>
+  <LdapClientCertPath />
+  <LdapClientKeyPath />
+  <LdapRootCaPath />
+  <CreateUsersFromLdap>true</CreateUsersFromLdap>
+  <AllowPassChange>false</AllowPassChange>
+  <LdapUidAttribute>uid</LdapUidAttribute>
+  <LdapUsernameAttribute>cn</LdapUsernameAttribute>
+  <LdapPasswordAttribute>userPassword</LdapPasswordAttribute>
+  <EnableLdapProfileImageSync>false</EnableLdapProfileImageSync>
+  <LdapProfileImageAttribute>jpegphoto</LdapProfileImageAttribute>
+  <EnableAllFolders>true</EnableAllFolders>
+  <EnabledFolders />
+  <PasswordResetUrl />
\ No newline at end of file