Jitsi-meet LDAP Active Directory authentication - how to get log info

I have no experience using ldap, but there are number of people using that successfully, have you searched in the forum for their posts and configurations?

Take a look at this, maybe it can help: https://github.com/jitsi/docker-jitsi-meet/pull/75

Hi,

Try to remove filter, I don’t think it’s necessary. I got some errors when I tried with that.

Otherwise, can you send me your “domain.com.cfg.lua” file ?

damencho, of course I’ve searched the forum, and found useful information from helpful users.

saghul, thanks for the link, but I think my issue is a lot simpler. I don’t need sasl/ldap. I only require jitsi-meet (the web UI) to actually ask the user his/her credentials. In fact, instead of mod_auth_ldap2 I could very well use another module such as auth_external.

Yann, I don’t think the filter has anything to do with it because the exact same config works just fine if I connect with eg. Jitsi Desktop (add XMPP account, jabber ID myLDAPname@meet.mydomain.org, myLDAPpassword). The main problem is that the jitsi-meet web UI does NOT give me the chance to input username + password when auntentication is either ldap2 or external.

Anyway, here’s my full cfg file:

# cat /etc/prosody/conf.d/meet.mydomain.org.cfg.lua
VirtualHost "meet.mydomain.org"
        authentication = "ldap2"
--     authentication = "external"
--     external_auth_command = "/etc/prosody/conf.d/my_auth.sh"
        ssl = {
                key = "/etc/prosody/certs/meet.mydomain.org.key";
                certificate = "/etc/prosody/certs/meet.mydomain.org.crt";
        }
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping";
        }

        c2s_require_encryption = false

Component "conference.meet.mydomain.org" "muc"
    storage = "null"
    --modules_enabled = { "token_verification" }
admins = { "focus@auth.meet.mydomain.org" }

Component "jitsi-videobridge.meet.mydomain.org"
    component_secret = "czzEeVRH"

VirtualHost "auth.meet.mydomain.org"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.mydomain.org.key";
        certificate = "/etc/prosody/certs/auth.meet.mydomain.org.crt";
    }
    authentication = "internal_plain"

Component "focus.meet.mydomain.org"
    component_secret = "lqrfPXSD"

By the way, it’s the first time I’m installing jitsi-meet, and I’m using the Debian packages. I don’t understand why the debian config put in the “auth.meet.mydomain.org” virtual host when it’s not configured in apache (I’m using apache). Only “meet.mydomain.org” is defined in apache. Anyway, this is probably not relevant here.

Thanks

I’d also like to add this other config file in case it’s of any use to solve this issue:

# cat /etc/jitsi/meet/meet.mydomain.org-config.js
var config = {
    hosts: {
        domain: 'meet.mydomain.org',
        muc: 'conference.meet.mydomain.org'
    },

    bosh: '//meet.mydomain.org/http-bind',

    clientNode: 'http://jitsi.org/jitsimeet',

    testing: {
        enableFirefoxSimulcast: false,

        p2pTestMode: false
    },

    disableSuspendVideo: true,

    desktopSharingChromeExtId: null,

    desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
    desktopSharingChromeMinExtVersion: '0.1',

    channelLastN: -1,

    enableWelcomePage: true,

    enableUserRolesBasedOnToken: false,

    p2p: {
        enabled: true,

        stunServers: [
            { urls: 'stun:stun.l.google.com:19302' },
            { urls: 'stun:stun1.l.google.com:19302' },
            { urls: 'stun:stun2.l.google.com:19302' }
        ],

        preferH264: true
    },

    analytics: {
    },

    deploymentInfo: {
    }

};

You need authentication enabled in prosody. This is the idea, where the web tries to connect anonymously and the server responds with an error that authentication is required.
https://prosody.im/doc/authentication
If prosody fails to load it or something it may not return the error code that will deny anonymous connect. Check your prosody logs when restarting, do you see everything loaded normally.

These are xmpp virtual hosts and has nothing to do with web virtual hosts, it is just that the name of the main xmpp one is the same as the web virtual host. Those hosts are internal for the system and do not require DNS record or anything.

I’m uploading a screenshot of a Firefox client trying to connect to my jitsi-meet installation with authentication = ldap2, if it’s of any use. User credentials are not asked for, the room “opens”, but I also notice that both camera and audio fail. Also, once I’m inside the room I can’t “hang up”. Clicking the red button does not do anything at all.

I think you forgot to enable guest domain in “conf.d/domain.cfg.lua” then in hosts configuration.

VirtualHost “guest.domain.com
authenticaton = “anonymous”

Did you check those? Are there any errors?

damencho,

# cat /var/log/prosody/prosody.err

# cat /var/log/prosody/prosody.log

May 15 10:40:21 general info    Hello and welcome to Prosody version 0.9.12
May 15 10:40:21 general info    Prosody is using the select backend for connection handling
May 15 10:40:21 hostmanager     debug   Activated host: focus.meet.mydomain.org
May 15 10:40:21 portmanager     debug   No active service for component, activating...
May 15 10:40:21 socket  debug   server.lua: new server listener on '[127.0.0.1]:5347'
May 15 10:40:21 portmanager     debug   Added listening service component to [127.0.0.1]:5347
May 15 10:40:21 socket  debug   server.lua: new server listener on '[::1]:5347'
May 15 10:40:21 portmanager     debug   Added listening service component to [::1]:5347
May 15 10:40:21 portmanager     info    Activated service 'component' on [127.0.0.1]:5347, [::1]:5347
May 15 10:40:21 portmanager     debug   No active service for s2s, activating...
May 15 10:40:21 socket  debug   server.lua: new server listener on '[::]:5269'
May 15 10:40:21 portmanager     debug   Added listening service s2s to [::]:5269
May 15 10:40:21 socket  debug   server.lua: new server listener on '[*]:5269'
May 15 10:40:21 portmanager     debug   Added listening service s2s to [*]:5269
May 15 10:40:21 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269
May 15 10:40:21 hostmanager     debug   Activated host: meet.mydomain.org
May 15 10:40:21 usermanager     debug   host 'meet.mydomain.org' now set to use user provider 'ldap2'
May 15 10:40:21 portmanager     debug   No active service for http, activating...
May 15 10:40:21 socket  debug   server.lua: new server listener on '[::]:5280'
May 15 10:40:21 portmanager     debug   Added listening service http to [::]:5280
May 15 10:40:21 socket  debug   server.lua: new server listener on '[*]:5280'
May 15 10:40:21 portmanager     debug   Added listening service http to [*]:5280
May 15 10:40:21 portmanager     info    Activated service 'http' on [::]:5280, [*]:5280
May 15 10:40:21 portmanager     debug   No active service for https, activating...
May 15 10:40:21 socket  debug   server.lua: new ssl server listener on '[::]:5281'
May 15 10:40:21 portmanager     debug   Added listening service https to [::]:5281
May 15 10:40:21 socket  debug   server.lua: new ssl server listener on '[*]:5281'
May 15 10:40:21 portmanager     debug   Added listening service https to [*]:5281
May 15 10:40:21 portmanager     info    Activated service 'https' on [::]:5281, [*]:5281
May 15 10:40:21 meet.mydomain.org:http   debug   Serving 'bosh' at https://meet.mydomain.org:5281/http-bind
May 15 10:40:21 portmanager     debug   No active service for c2s, activating...
May 15 10:40:21 socket  debug   server.lua: new server listener on '[::]:5222'
May 15 10:40:21 portmanager     debug   Added listening service c2s to [::]:5222
May 15 10:40:21 socket  debug   server.lua: new server listener on '[*]:5222'
May 15 10:40:21 portmanager     debug   Added listening service c2s to [*]:5222
May 15 10:40:21 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222
May 15 10:40:21 portmanager     debug   No active service for legacy_ssl, activating...
May 15 10:40:21 portmanager     info    Activated service 'legacy_ssl' on no ports
May 15 10:40:21 modulemanager   debug   auth_ldap2 is already loaded for meet.mydomain.org, so not loading again
May 15 10:40:21 mod_posix       info    Prosody is about to detach from the console, disabling further console output
May 15 10:40:21 mod_posix       info    Successfully daemonized to PID 2475
May 15 10:40:21 hostmanager     debug   Activated host: auth.meet.mydomain.org
May 15 10:40:21 auth.meet.mydomain.org:auth_internal_plain       debug   initializing internal_plain authentication provider for host 'auth.meet.mydomain.org'
May 15 10:40:21 usermanager     debug   host 'auth.meet.mydomain.org' now set to use user provider 'internal_plain'
May 15 10:40:21 hostmanager     debug   Activated host: conference.meet.mydomain.org
May 15 10:40:21 hostmanager     debug   Activated host: jitsi-videobridge.meet.mydomain.org
May 15 10:40:21 hostmanager     debug   Activated host: localhost
May 15 10:40:21 usermanager     debug   host 'localhost' now set to use user provider 'ldap2'
May 15 10:40:23 socket  debug   server.lua: accepted new client connection from 127.0.0.1:36556 to 5347
May 15 10:40:23 jcp18587a0      info    Incoming Jabber component connection
May 15 10:40:23 jcp18587a0      debug   Received[component_unauthed]: <handshake xmlns='jabber:component:accept'>
May 15 10:40:23 jitsi-videobridge.meet.mydomain.org:component    info    External component successfully authenticated
May 15 10:40:24 socket  debug   server.lua: accepted new client connection from 127.0.0.1:35154 to 5222
May 15 10:40:24 c2s18600d8      info    Client connected
May 15 10:40:24 c2s18600d8      debug   Client sent opening <stream:stream> to auth.meet.mydomain.org
May 15 10:40:24 c2s18600d8      debug   Sent reply <stream:stream> to client
May 15 10:40:24 c2s18600d8      debug   Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
May 15 10:40:24 socket  debug   server.lua: we need to do tls, but delaying until send buffer empty
May 15 10:40:24 c2s18600d8      debug   TLS negotiation started for c2s_unauthed...
May 15 10:40:24 socket  debug   server.lua: attempting to start tls on tcp{client}: 0x185d2ec
May 15 10:40:24 socket  debug   server.lua: ssl handshake done
May 15 10:40:24 c2s18600d8      debug   Client sent opening <stream:stream> to auth.meet.mydomain.org
May 15 10:40:24 c2s18600d8      debug   Sent reply <stream:stream> to client
May 15 10:40:24 c2s18600d8      debug   Received[c2s_unauthed]: <auth mechanism='SCRAM-SHA-1' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
May 15 10:40:24 auth.meet.mydomain.org:auth_internal_plain       debug   get_password for username 'focus' at host 'auth.meet.mydomain.org'
May 15 10:40:24 auth.meet.mydomain.org:saslauth  debug   sasl reply: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1rJTViTCtON2pOaCU8MCUlRV5rOS4wfCpDOTZbJjRQQ2Y4NjdhY2UxLTMwMDYtNGI1MS04NzI0LTNjYjYzMjFhNzY0YixzPVkySTBaV1U0WTJFdFlUa3lZUzAwTVRReUxUbGxZVE10TnpKak1ETXhaREZsTURRNSxpPTQwOTY=</challenge>
May 15 10:40:24 c2s18600d8      debug   Received[c2s_unauthed]: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
May 15 10:40:24 c2s18600d8      info    Authenticated as focus@auth.meet.mydomain.org
May 15 10:40:24 auth.meet.mydomain.org:saslauth  debug   sasl reply: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1HRU4xWEZEVnJoRktxQy84NW9tekF0MnRlWFE9</success>
May 15 10:40:24 c2s18600d8      debug   Client sent opening <stream:stream> to auth.meet.mydomain.org
May 15 10:40:24 c2s18600d8      debug   Sent reply <stream:stream> to client
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56674' type='set'>
May 15 10:40:24 rostermanager   debug   load_roster: asked for: focus@auth.meet.mydomain.org
May 15 10:40:24 rostermanager   debug   load_roster: loading for new user: focus@auth.meet.mydomain.org
May 15 10:40:24 datamanager     debug   Assuming empty roster storage ('cannot open /var/lib/prosody/auth%2emeet%2emydomain%2eorg/roster/focus.dat: No such file or directory') for user: focus@auth.meet.mydomain.org
May 15 10:40:24 c2s18600d8      debug   Resource bound: focus@auth.meet.mydomain.org/focus38254570681
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56676' type='get'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56677' type='get' to='meet.mydomain.org'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56680' type='get' to='focus.meet.mydomain.org'>
May 15 10:40:24 focus.meet.mydomain.org:component        warn    Component not connected, bouncing error for: <iq id='6pjFf-56680' type='get' to='focus.meet.mydomain.org' from='focus@auth.meet.mydomain.org/focus38254570681'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56682' type='get' to='auth.meet.mydomain.org'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56684' type='get' to='auth.meet.mydomain.org'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56687' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:24 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56687' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56689' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:24 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56689' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56692' type='get' to='conference.meet.mydomain.org'>
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <presence id='6pjFf-56694'>
May 15 10:40:24 datamanager     debug   Assuming empty offline storage ('cannot open /var/lib/prosody/auth%2emeet%2emydomain%2eorg/offline/focus.list: No such file or directory') for user: focus@auth.meet.mydomain.org
May 15 10:40:24 c2s18600d8      debug   Received[c2s]: <iq id='disco' type='result' to='focus@auth.meet.mydomain.org'>
May 15 10:40:24 stanzarouter    debug   Discarding iq from c2s of type: result
May 15 10:40:25 socket  debug   server.lua: accepted new client connection from 127.0.0.1:36562 to 5347
May 15 10:40:25 jcp188ed98      info    Incoming Jabber component connection
May 15 10:40:25 jcp188ed98      debug   Received[component_unauthed]: <handshake xmlns='jabber:component:accept'>
May 15 10:40:25 focus.meet.mydomain.org:component        info    External component successfully authenticated
May 15 10:40:25 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56698' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:40:30 socket  debug   server.lua: accepted new client connection from ::1:42028 to 5280
May 15 10:40:30 http.server     debug   Firing event: POST meet.mydomain.org/http-bind/
May 15 10:40:30 mod_bosh        debug   Handling new request table: 0x1898ea0: <body rid='4283048738' xmlns='http://jabber.org/protocol/httpbind' to='meet.mydomain.org' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>
----------
May 15 10:40:30 mod_bosh        debug   BOSH body open (sid: <none>)
May 15 10:40:30 bosh5604133b-f648-440b-9014-e6ff3faed1ec        debug   BOSH session created for request from ::1
May 15 10:40:30 mod_bosh        info    New BOSH session, assigned it sid '5604133b-f648-440b-9014-e6ff3faed1ec'
May 15 10:40:30 mod_bosh        debug   We have an open request, so sending on that
May 15 10:40:30 mod_bosh        debug   Request destroyed: table: 0x1899228
May 15 10:40:30 bosh5604133b-f648-440b-9014-e6ff3faed1ec        debug   BOSH session marked as inactive (for 60s)
May 15 10:40:30 mod_bosh        debug   Session 5604133b-f648-440b-9014-e6ff3faed1ec has 0 out of 1 requests open
May 15 10:40:30 mod_bosh        debug   and there are 0 things in the send_buffer:
May 15 10:40:30 http.server     debug   Firing event: POST meet.mydomain.org/http-bind/
May 15 10:40:30 mod_bosh        debug   Handling new request table: 0x189f6f0: <body rid='4283048739' xmlns='http://jabber.org/protocol/httpbind' sid='5604133b-f648-440b-9014-e6ff3faed1ec'/>
----------
May 15 10:40:30 mod_bosh        debug   BOSH body open (sid: 5604133b-f648-440b-9014-e6ff3faed1ec)
May 15 10:40:30 mod_bosh        debug   Session 5604133b-f648-440b-9014-e6ff3faed1ec has 1 out of 1 requests open
May 15 10:40:30 mod_bosh        debug   and there are 0 things in the send_buffer:
May 15 10:40:30 mod_bosh        debug   Have nothing to say, so leaving request unanswered for now
May 15 10:40:33 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30849' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:34 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56699' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:34 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56699' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:34 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56701' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:34 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56701' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:35 socket  debug   server.lua: accepted new client connection from ::1:42032 to 5280
May 15 10:40:35 http.server     debug   Firing event: POST meet.mydomain.org/http-bind/
May 15 10:40:35 mod_bosh        debug   Handling new request table: 0x18ac730: <body rid='4283048740' xmlns='http://jabber.org/protocol/httpbind' sid='5604133b-f648-440b-9014-e6ff3faed1ec' type='terminate'/>
----------
May 15 10:40:35 mod_bosh        debug   BOSH body open (sid: 5604133b-f648-440b-9014-e6ff3faed1ec)
May 15 10:40:35 mod_bosh        debug   Session 5604133b-f648-440b-9014-e6ff3faed1ec has 2 out of 1 requests open
May 15 10:40:35 mod_bosh        debug   and there are 0 things in the send_buffer:
May 15 10:40:35 mod_bosh        debug   We are holding too many requests, so...
May 15 10:40:35 mod_bosh        debug   ...sending an empty response
May 15 10:40:35 mod_bosh        debug   We have an open request, so sending on that
May 15 10:40:35 mod_bosh        debug   Request destroyed: table: 0x189fae0
May 15 10:40:35 mod_bosh        debug   Have nothing to say, so leaving request unanswered for now
May 15 10:40:35 bosh5604133b-f648-440b-9014-e6ff3faed1ec        debug   Closing session with 1 requests open
May 15 10:40:35 bosh5604133b-f648-440b-9014-e6ff3faed1ec        info    BOSH client disconnected
May 15 10:40:35 mod_bosh        debug   Request destroyed: table: 0x18acb50
May 15 10:40:35 bosh5604133b-f648-440b-9014-e6ff3faed1ec        debug   BOSH session marked as inactive (for 60s)
May 15 10:40:35 bosh5604133b-f648-440b-9014-e6ff3faed1ec        debug   Destroying session for (unknown) ((unknown)@meet.mydomain.org)
May 15 10:40:35 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56703' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:40:35 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56704' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:40:43 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30853' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:44 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56705' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:44 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56705' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:40:45 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56707' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:40:45 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56708' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>

And here’s the log when I use Jitsi Desktop with XMPP jabber ID myLDAPuser@meet.mydomain.org (just so you can see the difference):

# cat /var/log/prosody/prosody.err

# cat /var/log/prosody/prosody.log

May 15 10:44:03 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30933' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:04 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56855' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:04 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56855' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:05 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56857' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:05 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56858' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:13 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30937' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:14 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56859' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:14 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56859' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:15 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56861' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:15 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56862' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:23 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30941' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56863' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:24 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56863' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56865' type='get' to='meet.mydomain.org'>
May 15 10:44:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56867' type='get' to='focus.meet.mydomain.org'>
May 15 10:44:24 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56867' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='focus.meet.mydomain.org'>
May 15 10:44:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56869' type='get' to='auth.meet.mydomain.org'>
May 15 10:44:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56871' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:24 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56871' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:24 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56873' type='get' to='conference.meet.mydomain.org'>
May 15 10:44:25 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56875' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:25 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56876' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:33 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30945' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:34 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56877' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:34 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56877' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:34 socket  debug   server.lua: accepted new client connection from 10.215.144.48:52583 to 5222
May 15 10:44:34 c2s172b690      info    Client connected
May 15 10:44:34 c2s172b690      debug   Client sent opening <stream:stream> to meet.mydomain.org
May 15 10:44:34 c2s172b690      debug   Sent reply <stream:stream> to client
May 15 10:44:34 c2s172b690      debug   Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
May 15 10:44:34 socket  debug   server.lua: we need to do tls, but delaying until send buffer empty
May 15 10:44:34 c2s172b690      debug   TLS negotiation started for c2s_unauthed...
May 15 10:44:34 socket  debug   server.lua: attempting to start tls on tcp{client}: 0x173b9e4
May 15 10:44:35 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56879' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:35 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56880' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:39 socket  debug   server.lua: ssl handshake done
May 15 10:44:39 c2s172b690      debug   Client sent opening <stream:stream> to meet.mydomain.org
May 15 10:44:39 c2s172b690      debug   Sent reply <stream:stream> to client
May 15 10:44:39 c2s172b690      debug   Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
May 15 10:44:40 meet.mydomain.org:auth_ldap2     debug   _M.bind - who: CN=VDP,CN=Users,DC=mydomain,DC=org
May 15 10:44:40 c2s172b690      info    Authenticated as VDP@meet.mydomain.org
May 15 10:44:40 meet.mydomain.org:saslauth       debug   sasl reply: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></success>
May 15 10:44:40 c2s172b690      debug   Client sent opening <stream:stream> to meet.mydomain.org
May 15 10:44:40 c2s172b690      debug   Sent reply <stream:stream> to client
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-1' type='set'>
May 15 10:44:40 rostermanager   debug   load_roster: asked for: VDP@meet.mydomain.org
May 15 10:44:40 rostermanager   debug   load_roster: loading for new user: VDP@meet.mydomain.org
May 15 10:44:40 datamanager     debug   Assuming empty roster storage ('cannot open /var/lib/prosody/meet%2emydomain%2eorg/roster/VDP.dat: No such file or directory') for user: VDP@meet.mydomain.org
May 15 10:44:40 c2s172b690      debug   Resource bound: VDP@meet.mydomain.org/jitsi-23p7g2m
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-2' type='set'>
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-3' type='get'>
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-4' type='get' from='VDP@meet.mydomain.org/jitsi-23p7g2m'>
May 15 10:44:40 datamanager     debug   Assuming empty vcard storage ('cannot open /var/lib/prosody/meet%2emydomain%2eorg/vcard/VDP.dat: No such file or directory') for user: VDP@meet.mydomain.org
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <presence id='3I60R-5'>
May 15 10:44:40 datamanager     debug   Assuming empty offline storage ('cannot open /var/lib/prosody/meet%2emydomain%2eorg/offline/VDP.list: No such file or directory') for user: VDP@meet.mydomain.org
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='disco' type='result' to='VDP@meet.mydomain.org'>
May 15 10:44:40 stanzarouter    debug   Discarding iq from c2s of type: result
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-6' type='get' to='meet.mydomain.org'>
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-7' type='get' to='meet.mydomain.org'>
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-8' type='get' to='jitsi-videobridge.meet.mydomain.org' from='VDP@meet.mydomain.org/jitsi-23p7g2m'>
May 15 10:44:40 jcp18587a0      debug   Received[component]: <iq id='3I60R-8' type='error' to='VDP@meet.mydomain.org/jitsi-23p7g2m' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <presence id='3I60R-9'>
May 15 10:44:40 c2s172b690      debug   Received[c2s]: <iq id='3I60R-10' type='get' to='VDP@meet.mydomain.org'>
May 15 10:44:40 datamanager     debug   Assuming empty vcard storage ('cannot open /var/lib/prosody/meet%2emydomain%2eorg/vcard/VDP.dat: No such file or directory') for user: VDP@meet.mydomain.org
May 15 10:44:43 jcp18587a0      debug   Received[component]: <iq id='eSJeg-30949' type='get' to='meet.mydomain.org' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:44 c2s18600d8      debug   Received[c2s]: <iq id='6pjFf-56881' type='get' to='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:44 jcp18587a0      debug   Received[component]: <iq id='6pjFf-56881' type='result' to='focus@auth.meet.mydomain.org/focus38254570681' from='jitsi-videobridge.meet.mydomain.org'>
May 15 10:44:45 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56883' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>
May 15 10:44:45 jcp188ed98      debug   Received[component]: <iq id='6pjFf-56884' type='get' to='meet.mydomain.org' from='focus.meet.mydomain.org'>

So I guess Prosody is loading ldap2 just fine.

Yann,

why would I need to enable the guest domain? Could you please elaborate?
My current goal is to enable LDAP for everyone. I will be configuring the guest domain later as described in https://github.com/jitsi/jicofo (Secure domain). However, the “auth domain” will need to be an ldap-accessed domain (I do not wish to use “prosodyctl register” as in the README).

By the way, I tried different browsers, and I get the same behavior (FF, Chrome).

Oh okay, I didn’t see that.

VirtualHost "auth.meet.mydomain.org"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.mydomain.org.key";
        certificate = "/etc/prosody/certs/auth.meet.mydomain.org.crt";
    }
    authentication = "internal_plain"

So why are you using “internal_plain” in authentication, is it for testing ?

Yann,

I did not configure auth.meet.mydomain.org. It “came” with my debian installation (stable builds). I did not try the nightlies yet.

Anyway, even if I change internal_plain to ldap2 in auth.meet… I still get the same behavior.

Don’t touch auth.meet.mydomain.org as your jicofo will stop connecting and making your deployment unusable.

I think you got authenticated and everything works. Isn’t this your meet attempt in the logs? Can you try the same from incognito window?

Sorry, I’m not able to help you. I succeeded to limit the room creation only to authenticated participants. But I don’t remember how to completely limit authentication in every cases (creating conference, joining conference).

damencho,

I’m not sure I understand your reply. Just to be on the safe side, I’ll clarify a bit.
The message “Authenticated as VDP@meet.mydomain.org” appears ONLY when I try to connect from the Jitsi Desktop application DIRECTLY to Prosody (jitsi-meet is out of the equation here). I could have used any other jabber client for that matter. I just posted that log to demonstrate that a jabber client CAN connect to Prosody with the ldap2 module. No issues there.

This log is in contrast with the other log where I am using Firefox or Chrome as a client connecting to Jitsi-Meet. That’s when there is NO way to get an LDAP-authenticated user because the jitsi-meet web UI doesn’t even give me the chance to post/send a username/password. So in the first log regarding jitsi-meet alone, there is no “Authenticated as VDP@meet.mydomain.org”.

So that’s the whole deal. How come jitsi-meet’s web interface loaded in Firefox does NOT ask the user for his/her credentials when authentication = ldap2 whereas any jabber client connecting to the same prosody service can properly authenticate via LDAP usiong the same ldap2 module?

BTW, I don’t know what you mean by “incognito window”.

[EDIT] I guess incognito window is the same as “private browsing” in Firefox. I tried that already, but had the same results.

How did you do that, and was it with ldap?
Could you please share your full cfgs?
And please let me know if you’re using the stable builds or the nightlies?

Solved here: