[jitsi-users] LDAP + Guest access


#1

After having helped walk someone through the process of getting LDAP
authentication working, I appear to have broken my guest user access
when authenticating against LDAP.

The most obvious thing I notice is that people going to a new room are
no longer asked if they were the host. That used passed them through to
the username and password dialog box that authenticated them against
our LDAP server. Guests were able to go straight into an existing
room.

It was working with the jitsi-meet package 1.0.1108-1 but is failing
with the 1.0.1217-1 on our test server. I'm comparing configs with our
UAT server 1.0.1108-1), and things seem sane and reasonable.

## Installed the latest from the jitsi meet repository.
## Set it up as per normal, checked that it worked .. yes
## Configured LDAP authentication, checked that it worked .. yes
## Tried to configure the guest access ..

Uncomment and adjust the line that is for the anonymous users in Jitsi
Meet ..

/etc/jitsi/meet/server.domain-config.js
...
anonymousdomain: 'guest.server.domain',
...

Configure a new Virtual Host in Prosody for the guest by creating a new
config file ..

/etc/prosody/conf.d/guest.server.domain.cfg.lua
VirtualHost "guest.server.domain"
authentication = "anonymous"

Tell the Jitsi Conference Focus about the authenticated domain ..

/etc/jitsi/jicofo/sip-communicator.properties
org.jitsi.jicofo.auth.URL=XMPP:server.domain

Restart everything.

If I comment out the anonymousdomain in the
/etc/jitsi/meet/server.domain-config.js I have to login
Iif it is there, I just drop straight into the meeting room.

Has anyone come across this recently?

Cheers,
Ian


#2

@Ian, I came across that on the latest stable. I end up resorting back to
the below stable version and it works fine on Ubuntu 14.x and 16.x
jicofo 1.0-273-1
jitsi-meet 1.0.1108-1
jitsi-meet-prosody 1.0.1108-1
jitsi-videobridge 757-1

···

On Wed, Sep 14, 2016 at 10:00 PM, Ian Beardslee <ian@catalyst.net.nz> wrote:

After having helped walk someone through the process of getting LDAP
authentication working, I appear to have broken my guest user access
when authenticating against LDAP.

The most obvious thing I notice is that people going to a new room are
no longer asked if they were the host. That used passed them through to
the username and password dialog box that authenticated them against
our LDAP server. Guests were able to go straight into an existing
room.

It was working with the jitsi-meet package 1.0.1108-1 but is failing
with the 1.0.1217-1 on our test server. I'm comparing configs with our
UAT server 1.0.1108-1), and things seem sane and reasonable.

## Installed the latest from the jitsi meet repository.
## Set it up as per normal, checked that it worked .. yes
## Configured LDAP authentication, checked that it worked .. yes
## Tried to configure the guest access ..

Uncomment and adjust the line that is for the anonymous users in Jitsi
Meet ..

/etc/jitsi/meet/server.domain-config.js
...
    anonymousdomain: 'guest.server.domain',
...

Configure a new Virtual Host in Prosody for the guest by creating a new
config file ..

/etc/prosody/conf.d/guest.server.domain.cfg.lua
VirtualHost "guest.server.domain"
    authentication = "anonymous"

Tell the Jitsi Conference Focus about the authenticated domain ..

/etc/jitsi/jicofo/sip-communicator.properties
org.jitsi.jicofo.auth.URL=XMPP:server.domain

Restart everything.

If I comment out the anonymousdomain in the
/etc/jitsi/meet/server.domain-config.js I have to login
Iif it is there, I just drop straight into the meeting room.

Has anyone come across this recently?

Cheers,
Ian

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
-john-


#3

Excellent, thanks for that John. I was fighting to workout how to get
the latest stable working, trying to avoid downgrading.

But in the end that is what was needed, I've now double checked that
our UAT and Prod environments have the repository commented out by
default so I can better manage the upgrade/testing process.

Cheers.

···

On Wed, 2016-09-14 at 22:35 -0700, John Finding wrote:

@Ian, I came across that on the latest stable. I end up resorting
back to
the below stable version and it works fine on Ubuntu 14.x and 16.x
jicofo 1.0-273-1
jitsi-meet 1.0.1108-1
jitsi-meet-prosody 1.0.1108-1
jitsi-videobridge 757-1

On Wed, Sep 14, 2016 at 10:00 PM, Ian Beardslee <ian@catalyst.net.nz> > wrote:

>
> After having helped walk someone through the process of getting
> LDAP
> authentication working, I appear to have broken my guest user
> access
> when authenticating against LDAP.
>
> The most obvious thing I notice is that people going to a new room
> are
> no longer asked if they were the host. That used passed them
> through to
> the username and password dialog box that authenticated them
> against
> our LDAP server. Guests were able to go straight into an existing
> room.
>
> It was working with the jitsi-meet package 1.0.1108-1 but is
> failing
> with the 1.0.1217-1 on our test server. I'm comparing configs with
> our
> UAT server 1.0.1108-1), and things seem sane and reasonable.
>
> ## Installed the latest from the jitsi meet repository.
> ## Set it up as per normal, checked that it worked .. yes
> ## Configured LDAP authentication, checked that it worked .. yes
> ## Tried to configure the guest access ..
>
> Uncomment and adjust the line that is for the anonymous users in
> Jitsi
> Meet ..
>
> /etc/jitsi/meet/server.domain-config.js
> ...
> anonymousdomain: 'guest.server.domain',
> ...
>
> Configure a new Virtual Host in Prosody for the guest by creating a
> new
> config file ..
>
> /etc/prosody/conf.d/guest.server.domain.cfg.lua
> VirtualHost "guest.server.domain"
> authentication = "anonymous"
>
> Tell the Jitsi Conference Focus about the authenticated domain ..
>
> /etc/jitsi/jicofo/sip-communicator.properties
> org.jitsi.jicofo.auth.URL=XMPP:server.domain
>
> Restart everything.
>
> If I comment out the anonymousdomain in the
> /etc/jitsi/meet/server.domain-config.js I have to login
> Iif it is there, I just drop straight into the meeting room.
>
> Has anyone come across this recently?
>
> Cheers,
> Ian
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users