Hehe, the result for me was even worse than with the mod_auth_ldap module,
prosody faults with
Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
/usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local 'ld' (a
nil value)
stack traceback:
/usr/lib/prosody/modules/ldap.lib.lua:217: in function 'singlematch'
/usr/lib/prosody/modules/ldap.lib.lua:187: in function
</usr/lib/prosody/modules/ldap.lib.lua:179>
(tail call): ?
/usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function 'plain_test'
/usr/lib/prosody/util/sasl/plain.lua:72: in function
</usr/lib/prosody/util/sasl/plain.lua:38>
(tail call): ?
/usr/lib/prosody/modules/mod_saslauth.lua:77: in function
</usr/lib/prosody/modules/mod_saslauth.lua:66>
(tail call): ?
/usr/lib/prosody/util/events.lua:67: in function 'fire_event'
/usr/lib/prosody/core/stanza_router.lua:149: in function
</usr/lib/prosody/core/stanza_router.lua:56>
...
[C]: in function 'parse'
/usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
/usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
/usr/lib/prosody/modules/mod_c2s.lua:252: in function
</usr/lib/prosody/modules/mod_c2s.lua:249>
(tail call): ?
/usr/lib/prosody/net/server_select.lua:854: in function
</usr/lib/prosody/net/server_select.lua:836>
[C]: in function 'xpcall'
/usr/bin/prosody:376: in function 'loop'
/usr/bin/prosody:407: in main chunk
[C]: ?
and I'm unable to connect to prosody using a XMPP client.
I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to use
'internal_plain' authentication and created a user
with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried to
login. That worked flawlessly.
This is how jicofo.log looks then:
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authentication session created for prosodytest@videokonf.domain.com
SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0 with
session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Created new focus for test@conference.videokonf.domain.com@
auth.videokonf.domain.com conferences count: 1 options:
channelLastN: -1
adaptiveLastN: false
simulcastMode: rewriting
adaptiveSimulcast: false
bridge: jitsi-videobridge.videokonf.domain.com
openSctp: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Joining the room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Auto owner feature enabled
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/focus joined.
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: false
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Grant owner to
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
SEVERE: Ping timeout for ID: GoY7U-731
LDAP connection works.
ldapsearch -D 'CN=Jitsi Servicekonto,OU=ServiceKonton,DC=domain,DC=com' l
-x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com' 'sAMAccountName=*'
returns users so there is no problem with the LDAP-connection from the
server. Also I'm able to connect to prosody using an LDAP-account and for
example the Jitsi client or Empathy.
But when enabling ldap login in
/etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a jicofo.log
that looks like this:
Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
endlessly.
When trying to login with Empathy (with ldap enabled), my debug-enabled
prosody.log looks like this:
Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
get_user("osdmatfri")
Sep 27 15:10:31 c2s10d9750 info Authenticated as
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: asked for:
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: loading for new
user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Resource bound:
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound presence
probe from osdmatfri@videokonf.domain.com for persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound presence
probe from osdmatfri@videokonf.domain.com for persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 0 resources from persun0@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound presence
probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound presence
probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 1 resources from testmathias@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 datamanager debug Assuming empty offline storage
('cannot open
/var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No such
file or directory') for user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
type='result' to='osdmatfri@videokonf.domain.com' from='
osdmatfri@videokonf.domain.com/85fbfde6'>
Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
id='239825768460' type='result' to='osdmatfri@videokonf.domain.com/85fbfde6'
from='jitsi-videobridge.videokonf.domain.com'>
Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
id='240212768588' type='result' to='osdmatfri@videokonf.domain.com/85fbfde6'
from='focus.videokonf.domain.com'>
Clearly something is awry, but I don't know what... And I'm deeply sorry
for a rather messy post, but I'm becoming desperate. 
Kindest regards,
Mathias
···
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>
2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
First of all, you prosody version is pretty old, update to 0.9.8 if
possible. Secondly, what ldap module do you use? I think "ldap2"
should work better than "ldap", I don't have experience with AD, but
here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
hope this can help you
http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html
Best,
Stan
2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Thanks Stan,
>
> I got a little further. Now Jitsi-Meet says "Error: Authentication
failed"
> instead of "Connecting".
>
> prosody.log says:
> Sep 24 19:32:29 general info Hello and welcome to Prosody version
0.9.1
> Sep 24 19:32:29 general info Prosody is using the select backend for
> connection handling
> Sep 24 19:32:29 portmanager info Activated service 'component' on
> [127.0.0.1]:5347, [::1]:5347
> Sep 24 19:32:29 portmanager info Activated service 's2s' on
> [::]:5269, [*]:5269
> Sep 24 19:32:29 portmanager info Activated service 'c2s' on
> [::]:5222, [*]:5222
> Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl'
on no
> ports
> Sep 24 19:32:29 mod_posix info Prosody is about to detach from
the
> console, disabling further console output
> Sep 24 19:32:29 mod_posix info Successfully daemonized to PID
989
> Sep 24 19:32:29 portmanager info Activated service 'http' on
> [::]:5280, [*]:5280
> Sep 24 19:32:29 portmanager info Activated service 'https' on
> [::]:5281, [*]:5281
> Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
connection
> Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
info
> External component successfully authenticated
> Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
connection
> Sep 24 19:32:33 focus.videokonf.domain.com:component info External
> component successfully authenticated
> Sep 24 19:32:33 c2s145f1b0 info Client connected
> Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section
6.1,
> point 7).
> Sep 24 19:32:34 c2s145f1b0 info Authenticated as
> focus@auth.videokonf.domain.com
> Sep 24 19:32:35 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it sid
> '79f56519-4a1e-4bab-b156-86e71ff2efc2'
> Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
> Authenticated as
> 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
> Sep 24 19:32:37 c2s1212010 info Client connected
> Sep 24 19:32:38 c2s1212010 info Authenticated as
> testmathias@videokonf.domain.com
> Sep 24 19:32:55 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it sid
> '68b91a83-e0da-4945-894c-058c6aefab13'
> Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
> Authenticated as
> e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
> Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
BOSH
> client disconnected
> Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it sid
> '26758970-7004-4945-b5eb-e0e49dab4bb2'
> Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
> Authenticated as
> b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
> Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it sid
> 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>
> The "Authenticated as"-line is a XMPP-client connecting to Prosody and
not
> the Jitsi-Meet. I don't know which logfiles to include and what settings
are
> important for you all to see in order to help...
>
> The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>
> VirtualHost "videokonf.domain.com"
> authentication = "ldap"
> ldap_base="dc=domain,dc=local"
> ldap_server="10.1.1.170:3268"
> ldap_rootdn="Jitsi@domain.local"
> ldap_password="[redacted]"
> ldap_filter="sAMAccountName=$user"
> ldap_scope="subtree"
> ldap_tls="false"
> ldap_mode="bind"
> -- Assign this host a certificate for TLS, otherwise it would use
> the one
> -- set in the global section (if any).
> -- Note that old-style SSL on port 5223 only supports one
> certificate, and will always
> -- use the global one.
> ssl = {
> key = "/etc/prosody/certs/videokonf.domain.com.key";
> certificate =
"/etc/prosody/certs/videokonf.domain.com.crt";
> }
> -- we need bosh
> modules_enabled = {
> "bosh";
> "pubsub";
> "ping"; -- Enable mod_ping
> }
>
> Component "conference.videokonf.domain.com" "muc"
> admins = { "focus@auth.videokonf.domain.com" }
>
> Component "jitsi-videobridge.videokonf.domain.com"
> component_secret = "[redacted]"
>
> VirtualHost "auth.videokonf.domain.com"
> authentication = "internal_plain"
>
> VirtualHost "guest.videokonf.domain.com"
> authentication = "anonymous"
>
> Component "focus.videokonf.domain.com"
> component_secret = "[redacted]"
>
> ----
>
> Highest regards to you guys
> //Mathias
>
>
>
> 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>
>> Hi Mathias,
>>
>> try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
>> Make sure to use right username when logging in, it's
>> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>
>> Best,
>> Stan
>>
>> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>> > Hi,
>> >
>> > I now have configured Prosody in my in-house Jitsi-meet-server to
>> > authenticate via Active Directory. I have also enabled the secure
domain
>> > following this guide: https://github.com/jitsi/jicofo#secure-domain
>> >
>> > So when creating a new conference I get a message saying:
>> >
>> > "
>> > Waiting for the host...
>> > The conference chat has not yet started. If you are the host then
please
>> > authenticate. Otherwise, please wait for the host to arrive."
>> >
>> > Clicking on "I am the host" and logging in with wrong username I get
>> >
>> > "Error
>> > Connection failed: host-unknown"
>> >
>> > However when logging in with correct username and correct _or_
incorrect
>> > password i get
>> >
>> > "Connecting
>> > Connecting"
>> >
>> > The jvb.log does not tell me anything and jicofo.log keeps squirting
out
>> >
>> > "2015-08-23 19:22:28.708 INFO: [58]
>> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
>> > request
>> > for room: chat5@conference.10.1.3.16"
>> >
>> > endlessly. prosody.err doesn't tell me anything either, but
prosody.log
>> > says
>> > this:
>> >
>> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
BOSH
>> > client disconnected
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
>> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>> > Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>> >
>> > And after I try to login it says:
>> >
>> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
>> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>> >
>> > And then it just sits there...
>> >
>> > I don't have any DNS name assigned to the server, can that be the
>> > problem?
>> >
>> > Kindest regards,
>> > Mathias
>> >
>> >
>> > _______________________________________________
>> > users mailing list
>> > users@jitsi.org
>> > Unsubscribe instructions and other list options:
>> > http://lists.jitsi.org/mailman/listinfo/users
>>
>> _______________________________________________
>> users mailing list
>> users@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users
_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users
