Jitsi meet cant conect to AD with LDAP

@vieri can you please share the process for others to follow?

The problem I had was because I misplaced the consider_bosh_secure directive.

In my case I needed to place it between c2s_require_encryption and s2s_secure_auth (as in the default config file).

The steps are all in the previous posts.

I have no idea about ldap. So first, I will create account on any of the ldap services which are running open ldap and then follow the instructions. right?

Is this the post you are talkiiing about? Jitsi-meet LDAP Active Directory authentication - how to get log info

hello Vieri, I have followed the steps described, but “connecting” appears, can you help me?

cat ldap.cfg.lua
authentication = ‘ldap2’

ldap = {
hostname = ‘172.16.110.192:389’,
bind_dn = ‘cn=usrldap,ou=xxxx,ou=xxx,dc=xxx,dc=xx’,
bind_password = ‘xxxx’,
– use_tls = true,
user = {
basedn = ‘ou=xxx,dc=xxx,dc=cl’,
– filter = ‘(objectClass=User)’,
usernamefield = ‘sAMAccountName’,
namefield = ‘cn’,
},
}

cat meet.xxx.cl.cfg.lua
plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “meet.xxxx.cl”;

turncredentials_secret = “xxxx”;

turncredentials = {
{ type = “stun”, host = “meet.xxx.cl”, port = “4446” },
{ type = “turn”, host = “meet.xxx.cl”, port = “4446”, transport = “udp” },
{ type = “turns”, host = “meet.xxx.cl”, port = “443”, transport = “tcp” }
};

cross_domain_bosh = false;

VirtualHost “meet.xxx.cl”
– enabled = false – Remove this line to enable this host
authentication = “ldap2”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/meet.xxx.cl.key”;
certificate = “/etc/prosody/certs/meet.xxx.cl.crt”;
}
speakerstats_component = “speakerstats.meet.xxxx.cl”
conference_duration_component = “conferenceduration.meet.xxxx.cl”
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
– “auth_ldap2”;
}

c2s_require_encryption = false
Component “conference.meet.xxx.cl” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
– “token_verification”;
}
admins = { “focus@auth.meet.xxx.cl” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.meet.xxxx.cl” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.meet.xxx.cl”, “jvb@auth.meet.xxx.cl” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.meet.xxx.cl”
ssl = {
key = “/etc/prosody/certs/auth.meet.xxx.cl.key”;
certificate = “/etc/prosody/certs/auth.meet.xxx.cl.crt”;
}
authentication = “internal_plain”

Component “focus.meet.xxx.cl”
component_secret = “xxxxxx”

Component “speakerstats.meet.xxxx.cl” “speakerstats_component”
muc_component = “conference.meet.xxxx.cl”

Component “conferenceduration.meet.xxx.cl” “conference_duration_component”
muc_component = “conference.meet.xxx.cl”

cat prosody.cfg.lua
admins = { }
modules_enabled = {
– Generally required
“roster”; – Allow users to have a roster. Recommended :wink:
“saslauth”; – Authentication for clients and servers. Recommended if you want to log in.
“tls”; – Add support for secure TLS on c2s/s2s connections
“dialback”; – s2s dialback support
“disco”; – Service discovery
– Not essential, but recommended
“private”; – Private XML storage (for room bookmarks, etc.)
“vcard”; – Allow users to set vCards

    -- These are commented by default as they have a performance impact
            --"privacy"; -- Support privacy lists
            --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
    -- Nice to have
            "version"; -- Replies to server version requests
            "uptime"; -- Report how long server has been running
            "time"; -- Let others know the time here on this server
            "ping"; -- Replies to XMPP pings with pongs
            "pep"; -- Enables users to publish their mood, activity, playing music and more
            "register"; -- Allow users to register on this server using a client and change passwords
    -- Admin interfaces
            "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
            --"admin_telnet"; -- Opens telnet console interface on localhost port 5582

    -- HTTP modules
            --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
            --"http_files"; -- Serve static files from a directory over HTTP
    -- Other specific functionality
            "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
            --"groups"; -- Shared roster support
            --"announce"; -- Send announcement to all online users
            --"welcome"; -- Welcome users who register accounts
            --"watchregistrations"; -- Alert admins of registrations
            --"motd"; -- Send a message to users when they log in
            --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.

};
modules_disabled = {
– “offline”; – Store offline messages
– “c2s”; – Handle client connections
– “s2s”; – Handle server-to-server connections
};
allow_registration = false;
daemonize = true;
pidfile = “/var/run/prosody/prosody.pid”;
ssl = {
key = “/etc/prosody/certs/localhost.key”;
certificate = “/etc/prosody/certs/localhost.crt”;
}
c2s_require_encryption = false
consider_bosh_secure = true
s2s_secure_auth = false
authentication = “internal_plain”
log = {
– Log files (change ‘info’ to ‘debug’ for debug logs):
–info = “/var/log/prosody/prosody.log”;
debug = “/var/log/prosody/prosody.log”;
error = “/var/log/prosody/prosody.err”;
– Syslog:
{ levels = { “error” }; to = “syslog”; };
}
VirtualHost “example.com
enabled = false – Remove this line to enable this host
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/example.com.key”;
certificate = “/etc/prosody/certs/example.com.crt”;
}
Include “conf.d/*.cfg.lua”

thank you

I have performed the suggested steps, but I have the same problem.

Logger.js:154 2020-07-03T15:40:21.909Z [modules/xmpp/strophe.util.js] <Object.r.Strophe.log>: Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.

What login details are you using for this setup? I’m not sure what credentials it is asking for or how to set my own to ‘root’ with password ‘12345’.

Any ideas?