Jitsi auth with LDAPS

Recently I installed jitsi. It’s running “out of the box” without any problems.
Than I tried to configure authentication with LDAP using: https://github.com/jitsi/jitsi-meet/wiki/LDAP-Authentication but with no luck.
I tried to do this with LDAPS instead of LDAP - is it possible?
When I did configuration similiar to this one in link I can see connection to port 386 but it wont work because I use LDAPS on port 636. Another problem is that I use self signed certificate on that LDAP server.
Is there any example how to configure LDAPS?

I have similar issue.When trying to switch to LDAPS (TCP port 636) the authetization stops working with error
*mod_bosh error Traceback[bosh]: usr/lib/prosody/modules/ldap.lib.lua:171: Can’t contact LDAP server *
This happens with the ldap setting:
hostname = ‘openldapservername:636’,
no matters if use_tls is true or not set.
Setting hostname = ‘openldapservername:389’, with use_tls = true, works. It also works with avoided port number.

There is a note from 2013 *LuaLdap doesn’t support ldaps. use_tls enables StartTLS (upgrade to
TLS), not ldaps (TLS first, then LDAP over that). *
https://groups.google.com/d/msg/prosody-dev/ZwGQjeTdUu4/lDpPT49XywEJ

Hi
I am experiencing the same problem.
Is there any solution?
When I configure port 636 I get the following error:

Aug 04 20:40:03 mod_bosh error Traceback[bosh]: /usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local ‘ld’ (a nil value)
stack traceback:
/usr/lib/prosody/modules/ldap.lib.lua:217: in function ‘singlematch’
/usr/lib/prosody/modules/ldap.lib.lua:187: in function </usr/lib/prosody/modules/ldap.lib.lua:179>
(tail call): ?
…ib/prosody/modules/mod_auth_ldap2/mod_auth_ldap2.lua:54: in function ‘plain_test’
/usr/lib/prosody/util/sasl/plain.lua:74: in function </usr/lib/prosody/util/sasl/plain.lua:38>
(tail call): ?
/usr/lib/prosody/modules/mod_saslauth.lua:77: in function </usr/lib/prosody/modules/mod_saslauth.lua:66>
(tail call): ?
/usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
(tail call): ?

/usr/lib/prosody/net/http/server.lua:112: in function ‘process_next’
/usr/lib/prosody/net/http/server.lua:128: in function ‘success_cb’
/usr/lib/prosody/net/http/parser.lua:177: in function ‘feed’
/usr/lib/prosody/net/http/server.lua:159: in function </usr/lib/prosody/net/http/server.lua:158>
(tail call): ?
/usr/lib/prosody/net/server_select.lua:879: in function </usr/lib/prosody/net/server_select.lua:861>
[C]: in function ‘xpcall’
/usr/bin/prosody:400: in function ‘loop’
/usr/bin/prosody:431: in main chunk
[C]: ?

Hi guys:

for LDAP2 and TLS

  1. use_tls: true on config
  2. make the LDAP certificate as chain and save it .pem
  3. Place it under /etc/ssl/certs
  4. Update-ca-certificates

Hello,

I have also installed an Jitsi-Meet Server with LDAP authentification.

But i don`t understand how to implement LDAPS or LDAP over TLS.
I have already tried what @PetrK did.

Is there any tutorial, how this works?

Tobi

Try my steps.
İt works

Hi,

  1. I set use_tls: true
  2. I converted my certificate from an .cer to an .pem by using keytool (But i dont really know what you mean by “as a chain”)
  3. I placed the certificate under /etc/ssl/certs
  4. I updated the certificates with “sudo update-ca-certificates” afterwards I restarted my Server

Does the .pem file need a special naming or do i have to link the source of the certificate in any config-file?

Add the certificate in chain format under /usr/local/share/ca-certificates.
Then update-ca-certificate.

it means that the file must include the full path to the root certificate, so must include the intermediary certificate(s) of the certificate authority, because usually the software doing the verification includes the root certificates but not the intermediary that are actually used to sign your certificate.
You build such a file by concatenating the certificates files like that
cat file1.pem file2.pem >chain.pem

It is running now.
Thank you very much.

1 Like