[jitsi-dev] Jisti-meet with ldap auth


#1

Hi

Now that I have a functional instance of Jisti-meet, I need to close it for
only my company.

So, I ask how is the better way that you suggest to do it? I think that is
possible to close using auth process in Nginx and I also saw a page [1]
that says to be possible add auth in Prosody.

[1]
http://booting-rpi.blogspot.com.br/2015/09/using-ldap-authentication-with-jitsi.html

Doing its steps, I did a room, passing through a login step, but when
arrive in the room, I can't see other peoples. To try it, I'm running the
jitsi-meet in my linux desktop and my notebook in the same network.

Suggestions?

Since now, thanks in advance.

Regards,
Claudio Ferreira


#2

Hi

I'm author of how-to you've linked, does jitsi-meet works without LDAP
in guest mode on your laptop? What do you mean by "I can't see other
peoples.", are they using the same URL, what prosody version do you
use?

best,
Stan


#3

That's what I used to start things rolling for myself.

But I discovered that using Xenial and installing the prosody-modules
package it 'just worked', without having to pull from mecurial
repositories.

I appear to have deleted my previous email to the list .. ahh the
thread is in the 'users' archive .. http://lists.jitsi.org/pipermail/us
ers/2016-September/011612.html .. have a dig through that thread to get
more info.

If you only want users from the company to use it, don't configure the
guest access.

Cheers,
ian

···

On Thu, 2016-10-13 at 09:58 -0300, Claudio Ferreia Filho wrote:

Hi

Now that I have a functional instance of Jisti-meet, I need to close
it for
only my company.

So, I ask how is the better way that you suggest to do it? I think
that is
possible to close using auth process in Nginx and I also saw a page
[1]
that says to be possible add auth in Prosody.

[1]
http://booting-rpi.blogspot.com.br/2015/09/using-ldap-authentication-
with-jitsi.html

Doing its steps, I did a room, passing through a login step, but when
arrive in the room, I can't see other peoples. To try it, I'm running
the
jitsi-meet in my linux desktop and my notebook in the same network.

Suggestions?

Since now, thanks in advance.

Regards,
Claudio Ferreira
_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#4

Hi

After a fight with my system, I discovered some internal problems, like
firewalls and other traps in my net.

Now, I have a env working fine without auth. I can enter with two computers
in the same room and I can see both images. After, I followed all steps in
this site[1]. Following the suggest of Ian, I also discovered the
prosody-modules, that makes more easy this process.

Now, I can logging in jitsi with my user/pass, but after this step, I can
see my self in the browser, but can see the "other person" (my other
computer in the same room). I restarted Jicofo and Prosody, tried to see
the logs, without errors. Some suggest or tip of what happens?

Regards,
Claudio

[1] http://booting-rpi.blogspot.com.br/2015/09/using-ldap-authentication-
with-jitsi.html

···

2016-10-13 16:27 GMT-03:00 Stanislav Kopp <staskopp@gmail.com>:

Hi

I'm author of how-to you've linked, does jitsi-meet works without LDAP
in guest mode on your laptop? What do you mean by "I can't see other
peoples.", are they using the same URL, what prosody version do you
use?

best,
Stan

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Hi

Now, I did other experiment. When I change my conf in
prosody/conf.d/myjitsi.domain.cfg.lua to use auth as anonymous, works fine.
When I return it to authentication = "ldap2", stop the video and audio. So,
I stopped all services (prosody, jicofo and jvb), deleted the logs files,
started the services, connected with two computers in the same room and
stopped again the services. In this case, with auth = ldap2.

Looking the logs, any errors, except in the jicofo. To get authentication
with ldap working, I need to add some aditional conf in jicofo?

Follow the log in attach.

Regards,
Claudio Ferreira

jicofo.log (29.2 KB)

···

2016-10-18 18:03 GMT-02:00 Claudio Ferreia Filho <filhocf@gmail.com>:

Hi

After a fight with my system, I discovered some internal problems, like
firewalls and other traps in my net.

Now, I have a env working fine without auth. I can enter with two
computers in the same room and I can see both images. After, I followed all
steps in this site[1]. Following the suggest of Ian, I also discovered the
prosody-modules, that makes more easy this process.

Now, I can logging in jitsi with my user/pass, but after this step, I can
see my self in the browser, but can see the "other person" (my other
computer in the same room). I restarted Jicofo and Prosody, tried to see
the logs, without errors. Some suggest or tip of what happens?

Regards,
Claudio

[1] http://booting-rpi.blogspot.com.br/2015/09/using-ldap-authentication-
with-jitsi.html

2016-10-13 16:27 GMT-03:00 Stanislav Kopp <staskopp@gmail.com>:

Hi

I'm author of how-to you've linked, does jitsi-meet works without LDAP
in guest mode on your laptop? What do you mean by "I can't see other
peoples.", are they using the same URL, what prosody version do you
use?

best,
Stan

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#6

Hi,

Do you have the jicofo user in your ldap, with the correct password?
Did you set in jicofo the property:
org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com, as said in
https://github.com/jitsi/jicofo#secure-domain

Regards
damencho

···

On Wed, Oct 19, 2016 at 7:52 AM, Claudio Ferreia Filho <filhocf@gmail.com> wrote:

Hi

Now, I did other experiment. When I change my conf in
prosody/conf.d/myjitsi.domain.cfg.lua to use auth as anonymous, works fine.
When I return it to authentication = "ldap2", stop the video and audio. So,
I stopped all services (prosody, jicofo and jvb), deleted the logs files,
started the services, connected with two computers in the same room and
stopped again the services. In this case, with auth = ldap2.

Looking the logs, any errors, except in the jicofo. To get authentication
with ldap working, I need to add some aditional conf in jicofo?

Follow the log in attach.

Regards,
Claudio Ferreira

2016-10-18 18:03 GMT-02:00 Claudio Ferreia Filho <filhocf@gmail.com>:

Hi

After a fight with my system, I discovered some internal problems, like
firewalls and other traps in my net.

Now, I have a env working fine without auth. I can enter with two
computers in the same room and I can see both images. After, I followed all
steps in this site[1]. Following the suggest of Ian, I also discovered the
prosody-modules, that makes more easy this process.

Now, I can logging in jitsi with my user/pass, but after this step, I can
see my self in the browser, but can see the "other person" (my other
computer in the same room). I restarted Jicofo and Prosody, tried to see the
logs, without errors. Some suggest or tip of what happens?

Regards,
Claudio

[1]
http://booting-rpi.blogspot.com.br/2015/09/using-ldap-authentication-with-jitsi.html

2016-10-13 16:27 GMT-03:00 Stanislav Kopp <staskopp@gmail.com>:

Hi

I'm author of how-to you've linked, does jitsi-meet works without LDAP
in guest mode on your laptop? What do you mean by "I can't see other
peoples.", are they using the same URL, what prosody version do you
use?

best,
Stan

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#7

Damian, I believe that need more info.

Do you have the jicofo user in your ldap, with the correct password?

I haven't a user "jicofo" in my ldap. Do I need add it there?

Did you set in jicofo the property:
org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com, as said in
https://github.com/jitsi/jicofo#secure-domain

If I understand correctly, how I'm using debian pkg, I need add this line
at /etc/jitsi/jicofo/sip-communicator.properties. Is correct this
interpretation?

Regards,
Claudio

···

2016-10-19 11:45 GMT-02:00 Damian Minkov <damencho@jitsi.org>:


#8

show your /etc/jitsi/meet/<your.domain>.js
what prosody version do you use?

···

2016-10-19 14:52 GMT+02:00 Claudio Ferreia Filho <filhocf@gmail.com>:

Hi

Now, I did other experiment. When I change my conf in
prosody/conf.d/myjitsi.domain.cfg.lua to use auth as anonymous, works fine.
When I return it to authentication = "ldap2", stop the video and audio. So,
I stopped all services (prosody, jicofo and jvb), deleted the logs files,
started the services, connected with two computers in the same room and
stopped again the services. In this case, with auth = ldap2.

Looking the logs, any errors, except in the jicofo. To get authentication
with ldap working, I need to add some aditional conf in jicofo?

Follow the log in attach.

Regards,
Claudio Ferreira

2016-10-18 18:03 GMT-02:00 Claudio Ferreia Filho <filhocf@gmail.com>:

Hi

After a fight with my system, I discovered some internal problems, like
firewalls and other traps in my net.

Now, I have a env working fine without auth. I can enter with two
computers in the same room and I can see both images. After, I followed all
steps in this site[1]. Following the suggest of Ian, I also discovered the
prosody-modules, that makes more easy this process.

Now, I can logging in jitsi with my user/pass, but after this step, I can
see my self in the browser, but can see the "other person" (my other
computer in the same room). I restarted Jicofo and Prosody, tried to see the
logs, without errors. Some suggest or tip of what happens?

Regards,
Claudio

[1]
http://booting-rpi.blogspot.com.br/2015/09/using-ldap-authentication-with-jitsi.html

2016-10-13 16:27 GMT-03:00 Stanislav Kopp <staskopp@gmail.com>:

Hi

I'm author of how-to you've linked, does jitsi-meet works without LDAP
in guest mode on your laptop? What do you mean by "I can't see other
peoples.", are they using the same URL, what prosody version do you
use?

best,
Stan

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

Yep, and you need jicofo user with correct password to be able to
login to your xmpp server.

···

On Wed, Oct 19, 2016 at 11:08 AM, Claudio Ferreia Filho <filhocf@gmail.com> wrote:

Damian, I believe that need more info.

2016-10-19 11:45 GMT-02:00 Damian Minkov <damencho@jitsi.org>:

Do you have the jicofo user in your ldap, with the correct password?

I haven't a user "jicofo" in my ldap. Do I need add it there?

Did you set in jicofo the property:
org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com, as said in
https://github.com/jitsi/jicofo#secure-domain

If I understand correctly, how I'm using debian pkg, I need add this line at
/etc/jitsi/jicofo/sip-communicator.properties. Is correct this
interpretation?

Regards,
Claudio

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#10

Jicofo user does not have to be in the ldap as long as it connects to
different domain(which is the case for the default config).

···

On Wed, Oct 19, 2016 at 11:39 AM, Damian Minkov <damencho@jitsi.org> wrote:

Yep, and you need jicofo user with correct password to be able to
login to your xmpp server.

On Wed, Oct 19, 2016 at 11:08 AM, Claudio Ferreia Filho > <filhocf@gmail.com> wrote:

Damian, I believe that need more info.

2016-10-19 11:45 GMT-02:00 Damian Minkov <damencho@jitsi.org>:

Do you have the jicofo user in your ldap, with the correct password?

I haven't a user "jicofo" in my ldap. Do I need add it there?


#11

Follow it:

# cat /etc/jitsi/meet/meet.example.com-config.js
/* jshint maxlen:false */

var config = { // eslint-disable-line no-unused-vars
// configLocation: './config.json', // see ./modules/HttpConfigFetch.js
   hosts: {
       domain: 'meet.example.com',
       //anonymousdomain: 'guest.example.com',
       //authdomain: 'meet.example.com', // defaults to <domain>
       muc: 'conference.meet.example.com', // FIXME: use XEP-0030
       //jirecon: 'jirecon.meet.example.com',
       //call_control: 'callcontrol.meet.example.com',
       //focus: 'focus.meet.example.com', // defaults to '
focus.meet.example.com'
   },
// getroomnode: function (path) { return 'someprefixpossiblybasedonpath';
},
// useStunTurn: true, // use XEP-0215 to fetch STUN and TURN server
// useIPv6: true, // ipv6 support. use at your own risk
   useNicks: false,
   bosh: '//meet.example.com/http-bind', // FIXME: use xep-0156 for that
   clientNode: 'http://jitsi.org/jitsimeet', // The name of client node
advertised in XEP-0115 'c' stanza
   //focusUserJid: 'focus@auth.meet.example.com', // The real JID of focus
participant - can be overridden here
   //defaultSipNumber: '', // Default SIP number

   // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to
disable.
   desktopSharingChromeMethod: 'ext',
   // The ID of the jidesha extension for Chrome.
   desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
   // The media sources to use when using screen sharing with the Chrome
   // extension.
   desktopSharingChromeSources: ['screen', 'window'],
   // Required version of Chrome extension
   desktopSharingChromeMinExtVersion: '0.1',

   // The ID of the jidesha extension for Firefox. If null, we assume that
no
   // extension is required.
   desktopSharingFirefoxExtId: null,
   // Whether desktop sharing should be disabled on Firefox.
   desktopSharingFirefoxDisabled: true,
   // The maximum version of Firefox which requires a jidesha extension.
   // Example: if set to 41, we will require the extension for Firefox
versions
   // up to and including 41. On Firefox 42 and higher, we will run without
the
   // extension.
   // If set to -1, an extension will be required for all versions of
Firefox.
   desktopSharingFirefoxMaxVersionExtRequired: -1,
   // The URL to the Firefox extension for desktop sharing.
   desktopSharingFirefoxExtensionURL: null,

   // Disables ICE/UDP by filtering out local and remote UDP candidates in
signalling.
   webrtcIceUdpDisable: false,
   // Disables ICE/TCP by filtering out local and remote TCP candidates in
signalling.
   webrtcIceTcpDisable: false,

   openSctp: true, // Toggle to enable/disable SCTP channels
   disableStats: false,
   disableAudioLevels: false,
   channelLastN: -1, // The default value of the channel attribute last-n.
   adaptiveLastN: false,
   //disableAdaptiveSimulcast: false,
   enableRecording: false,
   enableWelcomePage: true,
   //enableClosePage: false, // enabling the close page will ignore the
welcome
                             // page redirection when call is hangup
   disableSimulcast: false,
   logStats: false, // Enable logging of PeerConnection stats via the focus
// requireDisplayName: true, // Forces the participants that doesn't
have display name to enter it when they enter the room.
// startAudioMuted: 10, // every participant after the Nth will start
audio muted
// startVideoMuted: 10, // every participant after the Nth will start
video muted
// defaultLanguage: "en",
// To enable sending statistics to callstats.io you should provide
Applicaiton ID and Secret.
// callStatsID: "", // Application ID for callstats.io API
// callStatsSecret: "", // Secret for callstats.io API
   /*noticeMessage: 'Service update is scheduled for 16th March 2015. ' +
   'During that time service will not be available. ' +
   'Apologise for inconvenience.',*/
   disableThirdPartyRequests: false,
   minHDHeight: 540,
   // If true - all users without token will be considered guests and all
users
   // with token will be considered non-guests. Only guests will be allowed
to
   // edit their profile.
   enableUserRolesBasedOnToken: false
};


#12

Reviewing all steps:
1) Add prosody-modules package (to get ldap, storage, etc) as dependencies
to ldap authentication;

2) Creation new configuration for ldap auth (vim
/etc/prosody/conf.d/ldap.cfg.lua)

-- Authentication configuration --
authentication = 'ldap2' -- Indicate that we want to use LDAP for
authentication
ldap = {
    hostname = 'ldap.example.com', -- LDAP server location
    --use_tls = true,
    bind_dn = 'uid=jabberd,ou=people,dc=example,dc=com', -- Bind DN
for LDAP authentication (optional if anonymous bind is supported)
    bind_password = 'xxxxxxxxxxxxxxxxxxxx', -- Bind password (optional
if anonymous
bind is supported)
    user = {
      basedn = 'ou=people,dc=example,dc=com',
      filter = '(&(objectClass=User)(AccountActive=TRUE))',
      usernamefield = 'uid',
      namefield = 'cn',
    },
}

3) Enable "ldap2" auth for our "meet.example.com" vhost (vim
/etc/prosody/conf.d/meet.example.com.cfg.lua), changing the follow line:

        authentication = "anonymous"
to:
        authentication = "ldap2"

4) Add "consider_bosh_secure = true" in global section of prosody
configuration (vim /etc/prosody/prosody.cfg.lua)

5) Add "TLS_REQCERT never" in /etc/ldap/ldap.conf

6 (last step?) ) restart prosody and jicofo

With this steps, we have a popup asking user/pass. If user/pass are ok, you
get a blank page with your image.

Acording Damian, need add the "jicofo" user in ldap to works, but for some
people, they got authenticated jitsi instances working without this step.

For me, I added a user "jicofo" in my ldap, edited
/etc/jitsi/jicofo/config, changing this option:

# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=xxxxxxxxx

restarted jicofo and prosody, without success.


#13

Nope, apparently this is my mistake as Pawel already wrote. Your ldap
users are using different domain than the jicofo. So if you are
running fine without authentication so jicofo is configured correctly.
So jicofo uses: auth.jitmeet.example.com, while the users are using
jitmeet.example.com domain.

···

On Wed, Oct 19, 2016 at 12:35 PM, Claudio Ferreia Filho <filhocf@gmail.com> wrote:

Acording Damian, need add the "jicofo" user in ldap to works, but for some
people, they got authenticated jitsi instances working without this step.


#14

I don't think it's true, this is my config where LDAP is working

···

########
# Jitsi Conference Focus settings
JICOFO_HOST=localhost
JICOFO_HOSTNAME=meet.example.com
JICOFO_SECRET=yyyyyyy
JICOFO_PORT=5347
JICOFO_AUTH_DOMAIN=auth.meet.example.com
JICOFO_AUTH_USER=focus
JICOFO_AUTH_PASSWORD=xxxxxxx
JICOFO_OPTS=""

# adds java system props that are passed to jicofo (default are for
home and logging config file)
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi
-Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo
-Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi
-Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"
#####################

Best,
Stan

2016-10-19 18:39 GMT+02:00 Damian Minkov <damencho@jitsi.org>:

Yep, and you need jicofo user with correct password to be able to
login to your xmpp server.

On Wed, Oct 19, 2016 at 11:08 AM, Claudio Ferreia Filho > <filhocf@gmail.com> wrote:

Damian, I believe that need more info.

2016-10-19 11:45 GMT-02:00 Damian Minkov <damencho@jitsi.org>:

Do you have the jicofo user in your ldap, with the correct password?

I haven't a user "jicofo" in my ldap. Do I need add it there?

Did you set in jicofo the property:
org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com, as said in
https://github.com/jitsi/jicofo#secure-domain

If I understand correctly, how I'm using debian pkg, I need add this line at
/etc/jitsi/jicofo/sip-communicator.properties. Is correct this
interpretation?

Regards,
Claudio

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#15

you need activate guest domain, see "secure domain" section:
https://github.com/jitsi/jicofo

basically in jitsi meet config:

var config = {
    hosts: {
        domain: 'meet.example.com',
        anonymousdomain: 'guest.meet.example.com',
        muc: 'conference.meet.example.com', // FIXME: use XEP-0030
        bridge: 'jitsi-videobridge.meet.example.com', // FIXME: use XEP-0030
}

and then in prosody config add:

VirtualHost "guest.meet.native-instruments.de"
    authentication = "anonymous"

I've updated the HowTo you've used with new example configs.

Best,
Stan

···

2016-10-19 19:18 GMT+02:00 Claudio Ferreia Filho <filhocf@gmail.com>:

Follow it:

# cat /etc/jitsi/meet/meet.example.com-config.js
/* jshint maxlen:false */

var config = { // eslint-disable-line no-unused-vars
// configLocation: './config.json', // see ./modules/HttpConfigFetch.js
   hosts: {
       domain: 'meet.example.com',
       //anonymousdomain: 'guest.example.com',
       //authdomain: 'meet.example.com', // defaults to <domain>
       muc: 'conference.meet.example.com', // FIXME: use XEP-0030
       //jirecon: 'jirecon.meet.example.com',
       //call_control: 'callcontrol.meet.example.com',
       //focus: 'focus.meet.example.com', // defaults to
'focus.meet.example.com'
   },
// getroomnode: function (path) { return 'someprefixpossiblybasedonpath';
},
// useStunTurn: true, // use XEP-0215 to fetch STUN and TURN server
// useIPv6: true, // ipv6 support. use at your own risk
   useNicks: false,
   bosh: '//meet.example.com/http-bind', // FIXME: use xep-0156 for that
   clientNode: 'http://jitsi.org/jitsimeet', // The name of client node
advertised in XEP-0115 'c' stanza
   //focusUserJid: 'focus@auth.meet.example.com', // The real JID of focus
participant - can be overridden here
   //defaultSipNumber: '', // Default SIP number

   // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to
disable.
   desktopSharingChromeMethod: 'ext',
   // The ID of the jidesha extension for Chrome.
   desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
   // The media sources to use when using screen sharing with the Chrome
   // extension.
   desktopSharingChromeSources: ['screen', 'window'],
   // Required version of Chrome extension
   desktopSharingChromeMinExtVersion: '0.1',

   // The ID of the jidesha extension for Firefox. If null, we assume that
no
   // extension is required.
   desktopSharingFirefoxExtId: null,
   // Whether desktop sharing should be disabled on Firefox.
   desktopSharingFirefoxDisabled: true,
   // The maximum version of Firefox which requires a jidesha extension.
   // Example: if set to 41, we will require the extension for Firefox
versions
   // up to and including 41. On Firefox 42 and higher, we will run without
the
   // extension.
   // If set to -1, an extension will be required for all versions of
Firefox.
   desktopSharingFirefoxMaxVersionExtRequired: -1,
   // The URL to the Firefox extension for desktop sharing.
   desktopSharingFirefoxExtensionURL: null,

   // Disables ICE/UDP by filtering out local and remote UDP candidates in
signalling.
   webrtcIceUdpDisable: false,
   // Disables ICE/TCP by filtering out local and remote TCP candidates in
signalling.
   webrtcIceTcpDisable: false,

   openSctp: true, // Toggle to enable/disable SCTP channels
   disableStats: false,
   disableAudioLevels: false,
   channelLastN: -1, // The default value of the channel attribute last-n.
   adaptiveLastN: false,
   //disableAdaptiveSimulcast: false,
   enableRecording: false,
   enableWelcomePage: true,
   //enableClosePage: false, // enabling the close page will ignore the
welcome
                             // page redirection when call is hangup
   disableSimulcast: false,
   logStats: false, // Enable logging of PeerConnection stats via the focus
// requireDisplayName: true, // Forces the participants that doesn't have
display name to enter it when they enter the room.
// startAudioMuted: 10, // every participant after the Nth will start
audio muted
// startVideoMuted: 10, // every participant after the Nth will start
video muted
// defaultLanguage: "en",
// To enable sending statistics to callstats.io you should provide
Applicaiton ID and Secret.
// callStatsID: "", // Application ID for callstats.io API
// callStatsSecret: "", // Secret for callstats.io API
   /*noticeMessage: 'Service update is scheduled for 16th March 2015. ' +
   'During that time service will not be available. ' +
   'Apologise for inconvenience.',*/
   disableThirdPartyRequests: false,
   minHDHeight: 540,
   // If true - all users without token will be considered guests and all
users
   // with token will be considered non-guests. Only guests will be allowed
to
   // edit their profile.
   enableUserRolesBasedOnToken: false
};

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#16

Hi again

Definitively, I can't do it to work.

I reinstalled all packages, after purged all (including conf files and
dirs), and started all process to install jitsi in my host (again).

Following the Stan's page[1], I got a server that don't request password
(specifically when the line "anonymousdomain" in
/etc/jitsi/meet/meet.server-config.js exists), that permit someone connect
and open a new room. When I comment this line and restart all softwares
(prosody, jicofo and jvb), I got a page that ask by user/pass. Prosody
talks correctly with ldap, giving error when not find a correct user and/or
pass, and passing away when are ok both, but giving a page that can't see
one and other in the meet.

Other point is what @damencho told about security's jicofo, that isn't
clear if is necessary or not.

@Stan, do you tried again your tutorial with a recent release of jitsi?

Could be a good idea to do a page in the doc folder about the process to
add auth to jitsi-meet?

[1] http://booting-rpi.blogspot.com.br/2015/09/using-ldap-
authentication-with-jitsi.html
[2] https://github.com/jitsi/jicofo#secure-domain

Regards,
Claudio Ferreira


#17

Thank you, Stan.

Imho, you also can add the package way for prosody-modules. Installing this
package, install all aditional modules for prosody.

In other hand, when you edit /etc/prosody/conf.d/meet.example.com.cfg.lua,
isn't 'authentication "ldap2"' instead 'authentication "internal_plain"' ?

Regards,
Claudio

···

2016-10-19 16:30 GMT-02:00 Stanislav Kopp <staskopp@gmail.com>:

you need activate guest domain, see "secure domain" section:
https://github.com/jitsi/jicofo

basically in jitsi meet config:

var config = {
    hosts: {
        domain: 'meet.example.com',
        anonymousdomain: 'guest.meet.example.com',
        muc: 'conference.meet.example.com', // FIXME: use XEP-0030
        bridge: 'jitsi-videobridge.meet.example.com', // FIXME: use
XEP-0030
}

and then in prosody config add:

VirtualHost "guest.meet.native-instruments.de"
    authentication = "anonymous"

I've updated the HowTo you've used with new example configs.

Best,
Stan

2016-10-19 19:18 GMT+02:00 Claudio Ferreia Filho <filhocf@gmail.com>:
> Follow it:
>
> # cat /etc/jitsi/meet/meet.example.com-config.js
> /* jshint maxlen:false */
>
> var config = { // eslint-disable-line no-unused-vars
> // configLocation: './config.json', // see
./modules/HttpConfigFetch.js
> hosts: {
> domain: 'meet.example.com',
> //anonymousdomain: 'guest.example.com',
> //authdomain: 'meet.example.com', // defaults to <domain>
> muc: 'conference.meet.example.com', // FIXME: use XEP-0030
> //jirecon: 'jirecon.meet.example.com',
> //call_control: 'callcontrol.meet.example.com',
> //focus: 'focus.meet.example.com', // defaults to
> 'focus.meet.example.com'
> },
> // getroomnode: function (path) { return '
someprefixpossiblybasedonpath';
> },
> // useStunTurn: true, // use XEP-0215 to fetch STUN and TURN server
> // useIPv6: true, // ipv6 support. use at your own risk
> useNicks: false,
> bosh: '//meet.example.com/http-bind', // FIXME: use xep-0156 for that
> clientNode: 'http://jitsi.org/jitsimeet', // The name of client node
> advertised in XEP-0115 'c' stanza
> //focusUserJid: 'focus@auth.meet.example.com', // The real JID of
focus
> participant - can be overridden here
> //defaultSipNumber: '', // Default SIP number
>
> // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to
> disable.
> desktopSharingChromeMethod: 'ext',
> // The ID of the jidesha extension for Chrome.
> desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
> // The media sources to use when using screen sharing with the Chrome
> // extension.
> desktopSharingChromeSources: ['screen', 'window'],
> // Required version of Chrome extension
> desktopSharingChromeMinExtVersion: '0.1',
>
> // The ID of the jidesha extension for Firefox. If null, we assume
that
> no
> // extension is required.
> desktopSharingFirefoxExtId: null,
> // Whether desktop sharing should be disabled on Firefox.
> desktopSharingFirefoxDisabled: true,
> // The maximum version of Firefox which requires a jidesha extension.
> // Example: if set to 41, we will require the extension for Firefox
> versions
> // up to and including 41. On Firefox 42 and higher, we will run
without
> the
> // extension.
> // If set to -1, an extension will be required for all versions of
> Firefox.
> desktopSharingFirefoxMaxVersionExtRequired: -1,
> // The URL to the Firefox extension for desktop sharing.
> desktopSharingFirefoxExtensionURL: null,
>
> // Disables ICE/UDP by filtering out local and remote UDP candidates
in
> signalling.
> webrtcIceUdpDisable: false,
> // Disables ICE/TCP by filtering out local and remote TCP candidates
in
> signalling.
> webrtcIceTcpDisable: false,
>
> openSctp: true, // Toggle to enable/disable SCTP channels
> disableStats: false,
> disableAudioLevels: false,
> channelLastN: -1, // The default value of the channel attribute
last-n.
> adaptiveLastN: false,
> //disableAdaptiveSimulcast: false,
> enableRecording: false,
> enableWelcomePage: true,
> //enableClosePage: false, // enabling the close page will ignore the
> welcome
> // page redirection when call is hangup
> disableSimulcast: false,
> logStats: false, // Enable logging of PeerConnection stats via the
focus
> // requireDisplayName: true, // Forces the participants that doesn't
have
> display name to enter it when they enter the room.
> // startAudioMuted: 10, // every participant after the Nth will start
> audio muted
> // startVideoMuted: 10, // every participant after the Nth will start
> video muted
> // defaultLanguage: "en",
> // To enable sending statistics to callstats.io you should provide
> Applicaiton ID and Secret.
> // callStatsID: "", // Application ID for callstats.io API
> // callStatsSecret: "", // Secret for callstats.io API
> /*noticeMessage: 'Service update is scheduled for 16th March 2015. ' +
> 'During that time service will not be available. ' +
> 'Apologise for inconvenience.',*/
> disableThirdPartyRequests: false,
> minHDHeight: 540,
> // If true - all users without token will be considered guests and all
> users
> // with token will be considered non-guests. Only guests will be
allowed
> to
> // edit their profile.
> enableUserRolesBasedOnToken: false
> };
>
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#18

yeah, it was typo, thanks, fixed now.

best,
Stan

···

2016-10-19 20:47 GMT+02:00 Claudio Ferreia Filho <filhocf@gmail.com>:

Thank you, Stan.

Imho, you also can add the package way for prosody-modules. Installing this
package, install all aditional modules for prosody.

In other hand, when you edit /etc/prosody/conf.d/meet.example.com.cfg.lua,
isn't 'authentication "ldap2"' instead 'authentication "internal_plain"' ?

Regards,
Claudio

2016-10-19 16:30 GMT-02:00 Stanislav Kopp <staskopp@gmail.com>:

you need activate guest domain, see "secure domain" section:
https://github.com/jitsi/jicofo

basically in jitsi meet config:

var config = {
    hosts: {
        domain: 'meet.example.com',
        anonymousdomain: 'guest.meet.example.com',
        muc: 'conference.meet.example.com', // FIXME: use XEP-0030
        bridge: 'jitsi-videobridge.meet.example.com', // FIXME: use
XEP-0030
}

and then in prosody config add:

VirtualHost "guest.meet.native-instruments.de"
    authentication = "anonymous"

I've updated the HowTo you've used with new example configs.

Best,
Stan

2016-10-19 19:18 GMT+02:00 Claudio Ferreia Filho <filhocf@gmail.com>:
> Follow it:
>
> # cat /etc/jitsi/meet/meet.example.com-config.js
> /* jshint maxlen:false */
>
> var config = { // eslint-disable-line no-unused-vars
> // configLocation: './config.json', // see
> ./modules/HttpConfigFetch.js
> hosts: {
> domain: 'meet.example.com',
> //anonymousdomain: 'guest.example.com',
> //authdomain: 'meet.example.com', // defaults to <domain>
> muc: 'conference.meet.example.com', // FIXME: use XEP-0030
> //jirecon: 'jirecon.meet.example.com',
> //call_control: 'callcontrol.meet.example.com',
> //focus: 'focus.meet.example.com', // defaults to
> 'focus.meet.example.com'
> },
> // getroomnode: function (path) { return
> 'someprefixpossiblybasedonpath';
> },
> // useStunTurn: true, // use XEP-0215 to fetch STUN and TURN server
> // useIPv6: true, // ipv6 support. use at your own risk
> useNicks: false,
> bosh: '//meet.example.com/http-bind', // FIXME: use xep-0156 for that
> clientNode: 'http://jitsi.org/jitsimeet', // The name of client node
> advertised in XEP-0115 'c' stanza
> //focusUserJid: 'focus@auth.meet.example.com', // The real JID of
> focus
> participant - can be overridden here
> //defaultSipNumber: '', // Default SIP number
>
> // Desktop sharing method. Can be set to 'ext', 'webrtc' or false to
> disable.
> desktopSharingChromeMethod: 'ext',
> // The ID of the jidesha extension for Chrome.
> desktopSharingChromeExtId: 'diibjkoicjeejcmhdnailmkgecihlobk',
> // The media sources to use when using screen sharing with the Chrome
> // extension.
> desktopSharingChromeSources: ['screen', 'window'],
> // Required version of Chrome extension
> desktopSharingChromeMinExtVersion: '0.1',
>
> // The ID of the jidesha extension for Firefox. If null, we assume
> that
> no
> // extension is required.
> desktopSharingFirefoxExtId: null,
> // Whether desktop sharing should be disabled on Firefox.
> desktopSharingFirefoxDisabled: true,
> // The maximum version of Firefox which requires a jidesha extension.
> // Example: if set to 41, we will require the extension for Firefox
> versions
> // up to and including 41. On Firefox 42 and higher, we will run
> without
> the
> // extension.
> // If set to -1, an extension will be required for all versions of
> Firefox.
> desktopSharingFirefoxMaxVersionExtRequired: -1,
> // The URL to the Firefox extension for desktop sharing.
> desktopSharingFirefoxExtensionURL: null,
>
> // Disables ICE/UDP by filtering out local and remote UDP candidates
> in
> signalling.
> webrtcIceUdpDisable: false,
> // Disables ICE/TCP by filtering out local and remote TCP candidates
> in
> signalling.
> webrtcIceTcpDisable: false,
>
> openSctp: true, // Toggle to enable/disable SCTP channels
> disableStats: false,
> disableAudioLevels: false,
> channelLastN: -1, // The default value of the channel attribute
> last-n.
> adaptiveLastN: false,
> //disableAdaptiveSimulcast: false,
> enableRecording: false,
> enableWelcomePage: true,
> //enableClosePage: false, // enabling the close page will ignore the
> welcome
> // page redirection when call is hangup
> disableSimulcast: false,
> logStats: false, // Enable logging of PeerConnection stats via the
> focus
> // requireDisplayName: true, // Forces the participants that doesn't
> have
> display name to enter it when they enter the room.
> // startAudioMuted: 10, // every participant after the Nth will start
> audio muted
> // startVideoMuted: 10, // every participant after the Nth will start
> video muted
> // defaultLanguage: "en",
> // To enable sending statistics to callstats.io you should provide
> Applicaiton ID and Secret.
> // callStatsID: "", // Application ID for callstats.io API
> // callStatsSecret: "", // Secret for callstats.io API
> /*noticeMessage: 'Service update is scheduled for 16th March 2015. '
> +
> 'During that time service will not be available. ' +
> 'Apologise for inconvenience.',*/
> disableThirdPartyRequests: false,
> minHDHeight: 540,
> // If true - all users without token will be considered guests and
> all
> users
> // with token will be considered non-guests. Only guests will be
> allowed
> to
> // edit their profile.
> enableUserRolesBasedOnToken: false
> };
>
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#19

As I said this thing is not necessary, as Pawel pointed out. There
must be some bug in authentication code and Pawel will be working on
that, maybe you are affected from the same bug.

https://github.com/jitsi/jitsi-meet/issues/1053

I cannot remember the situation, so did jicofo finally login to
prosody without a problem? Or you had errors in the javascript
console?

Regards
damencho

···

On Fri, Oct 21, 2016 at 1:32 PM, Claudio Ferreia Filho <filhocf@gmail.com> wrote:

Other point is what @damencho told about security's jicofo, that isn't clear
if is necessary or not.


#20

Hi

As I said this thing is not necessary, as Pawel pointed out. There
must be some bug in authentication code and Pawel will be working on
that, maybe you are affected from the same bug.

https://github.com/jitsi/jitsi-meet/issues/1053

Is more or less this situation. In this issue, he don't put in jitsi-meet
config.js the anonymousdomain. Isn't the same config that Stan wrote.

I cannot remember the situation, so did jicofo finally login to
prosody without a problem? Or you had errors in the javascript
console?

Prosody (finally) authenticate against ldap, but the next step, that is the
interchange of audio/video, that not happen nothing.

Now that you told, yes, have some error in js's console.

···

2016-10-21 17:01 GMT-02:00 Damian Minkov <damencho@jitsi.org>:

==========
(this error is when ask by user/pass)
CONNECTION FAILED: connection.passwordRequired
Logger.js:89 [JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>:
UnhandledError: null Script: null Line: null Column: null StackTrace:
Error: Strophe: error: Cannot read property 'querySelector' of undefined(…)
r @ Logger.js:89
getGlobalOnErrorHandler @ JitsiMeetJS.js:334
window.onerror @ conference.js:484
callErrorHandler @ GlobalOnErrorHandler.js:65
Strophe.log @ strophe.util.js:29
fatal @ strophe.js:1571
run @ strophe.js:2028
(anonymous function) @ strophe.js:3110
forEachChild @ strophe.js:993
_dataRecv @ strophe.js:3098
_onRequestStateChange @ strophe.js:4729

(Since this part, auth is ok)
Logger.js:89 [modules/xmpp/strophe.util.js] <Object.Strophe.log>: Strophe:
error: Cannot read property 'querySelector' of undefined
TypeError: Cannot read property 'querySelector' of undefined
    at a.setDisplayName (
https://example.com/libs/app.bundle.min.js?v=1378:41:10914)
    at new a (https://example.com/libs/app.bundle.min.js?v=1378:41:4239)
    at Object.addParticipantContainer (
https://example.com/libs/app.bundle.min.js?v=1378:8:2689)
    at Object.X.addUser (
https://example.com/libs/app.bundle.min.js?v=1378:38:14116)
    at n.<anonymous> (
https://example.com/libs/app.bundle.min.js?v=1378:37:17972)
    at n.emit (https://example.com/libs/lib-jitsi-meet.min.js?v=1378:1:17809
)
    at o.onMemberJoined (
https://example.com/libs/lib-jitsi-meet.min.js?v=1378:22:27148)
    at n.emit (https://example.com/libs/lib-jitsi-meet.min.js?v=1378:1:17904
)
    at i.onPresence (
https://example.com/libs/lib-jitsi-meet.min.js?v=1378:26:5241)
    at t.value (
https://example.com/libs/lib-jitsi-meet.min.js?v=1378:28:11828)
    at Object.run (
https://example.com/libs/app.bundle.min.js?v=1378:46:18458)
    at https://example.com/libs/app.bundle.min.js?v=1378:46:26324
    at Object.forEachChild (
https://example.com/libs/app.bundle.min.js?v=1378:46:10923)
    at Object._dataRecv (
https://example.com/libs/app.bundle.min.js?v=1378:46:26157)
    at Object._onRequestStateChange (
https://example.com/libs/app.bundle.min.js?v=1378:47:12028)
r @ Logger.js:89
Strophe.log @ strophe.util.js:30
fatal @ strophe.js:1571
run @ strophe.js:2028
(anonymous function) @ strophe.js:3110
forEachChild @ strophe.js:993
_dataRecv @ strophe.js:3098
_onRequestStateChange @ strophe.js:4729

Logger.js:89 [JitsiConference.js] <o._reportAudioProblem>: Audio problem
detected. The audio is received but not played
Object {errMsg: "The audio is received but not played", ssrc: "1187496525",
jid: "claudio.filho-c69874", displayName: "Ferreira", MediaStream: Object…}