LDAP integration problems


#1

Hi today i tried to integrate LDAP with my jitsi’s server.
I have been following this tutorial but with out succes.
http://lists.jitsi.org/pipermail/dev/2016-October/029930.html

When i configure everything i don’t have any popup asking user/pass and no on can connect to a room.

This is my /etc/prosody/conf.d/ldap.cfg.lua configuration:

-- Authentication configuration --
authentication = 'ldap2' -- Indicate that we want to use LDAP for authentication
ldap = {
    hostname      = 'srv-crise.province-sud.prod', -- LDAP server location
    --use_tls     = true,
    bind_dn       = 'cn=test phil, OU=Users,OU=ADMINISTRATION-USERS,dc=province-sud,dc=prod', -- Bind DN for LDAP authentication (optional if anonymous bind is supported)
    bind_password = '@zerty01*', -- Bind password (optional if anonymous bind is supported)
    user = {
      basedn        = 'ou=DSI,ou=CAPS-I1256,ou=SITES,ou=PSUD,dc=province-sud,dc=prod',
      filter        = '(&(objectClass=User)(AccountActive=TRUE))',
      usernamefield = 'userPrincipalName',
      namefield     = 'cn',
    },
}

This is my /etc/prosody/conf.d/jitsi-test.province-sud.nc.cfg.lua :

-- Plugins path gets uncommented during jitsi-meet-tokens package install - that's where token plugin is located

--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/"}

VirtualHost "jitsi-test.province-sud.nc"

-- enabled = false -- Remove this line to enable this host

authentication = "ldap2"

-- Properties below are modified by jitsi-meet-tokens package config

-- and authentication above is switched to "token"

--app_id="example_app_id"

--app_secret="example_app_secret"

-- Assign this host a certificate for TLS, otherwise it would use the one

-- set in the global section (if any).

-- Note that old-style SSL on port 5223 only supports one certificate, and will always

-- use the global one.

ssl = {

key = "/etc/prosody/certs/jitsi-test.province-sud.nc.key";

certificate = "/etc/prosody/certs/jitsi-test.province-sud.nc.crt";

}

-- we need bosh

modules_enabled = {

"bosh";

"pubsub";

"ping"; -- Enable mod_ping

}

VirtualHost "guest.jitsi-test.province-sud.nc"

authentication = "anonymous"

c2s_require_encryption = false

Component "conference.jitsi-test.province-sud.nc""muc"

storage = "null"

--modules_enabled = { "token_verification" }

admins = { "[focus@auth.jitsi-test.province-sud.nc](mailto:focus@auth.jitsi-test.province-sud.nc)" }

Component "jitsi-videobridge.jitsi-test.province-sud.nc"

component_secret = "bgoHe4xF"

VirtualHost "auth.jitsi-test.province-sud.nc"

ssl = {

key = "/etc/prosody/certs/auth.jitsi-test.province-sud.nc.key";

certificate = "/etc/prosody/certs/auth.jitsi-test.province-sud.nc.crt";

}

authentication = "internal_plain"

Component "focus.jitsi-test.province-sud.nc"

component_secret = "6@aUnjS8"

This is what i modify on my prosody.cfg.lua :

----------- Virtual hosts -----------

-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.

-- Settings under each VirtualHost entry apply *only* to that host.

VirtualHost "jitsi-test.province-sud.nc"

-- enabled = false -- Remove this line to enable this host

authentication = "ldap2"

-- Assign this host a certificate for TLS, otherwise it would use the one

-- set in the global section (if any).

-- Note that old-style SSL on port 5223 only supports one certificate, and will always

-- use the global one.

VirtualHost "guest.jitsi-test.province-sud.nc"

authentication = "anonymous"

ssl = {

key = "/etc/prosody/certs/jitsi-test.province-sud.nc.key";

certificate = "/etc/prosody/certs/jitsi-test.province-sud.nc.crt";

}

------ Components ------

-- You can specify components to add hosts that provide special services,

-- like multi-user conferences, and transports.

-- For more information on components, see http://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.example.com:

--Component "conference.example.com" "muc"

-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:

--Component "proxy.example.com" "proxy65"

---Set up an external component (default component port is 5347)

--

-- External components allow adding various services, such as gateways/

-- transports to other networks like ICQ, MSN and Yahoo. For more info

-- see: http://prosody.im/doc/components#adding_an_external_component

--

--Component "gateway.example.com";

-- component_secret = "password";

------ Additional config files ------

-- For organizational purposes you may prefer to add VirtualHost and

-- Component definitions in their own config files. This line includes

-- all config files in /etc/prosody/conf.d/

Include "conf.d/*.cfg.lua"; 

And here’s my /etc/jitsi/meet/jitsi-test.province-sud.nc-config.js :

/* eslint-disable no-unused-vars, no-var */

var config = {
    // Configuration
    //

    // Alternative location for the configuration.
    // configLocation: './config.json',

    // Custom function which given the URL path should return a room name.
    // getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },


    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'jitsi-test.province-sud.nc',

        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
        muc: 'conference.jitsi-test.province-sud.nc'

        // When using authentication, domain for guest users.
        // anonymousdomain: 'guest.jitsi-test.province-sud.nc',

        // Domain for authenticated users. Defaults to <domain>.
        // authdomain: 'jitsi-test.province-sud.nc',

        // Jirecon recording component domain.
        // jirecon: 'jirecon.jitsi-test.province-sud.nc',

        // Call control component (Jigasi).
        // call_control: 'callcontrol.jitsi-test.province-sud.nc',

        // Focus component domain. Defaults to focus.<domain>.
        // focus: 'focus.jitsi-test.province-sud.nc',
    },

I don’t understand where’s the problem that’s probably a problem with my configiguration.

Ty for your time.


#2

I have no experience with ldap and cannot give you any advises, there are people in the community that were configuring this and using it, so they can give you more help.
What I can add is to check your prosody logs on restart/reload, check whether ldap is properly loaded.
What I see in your config is that you have double virtula host definition for guest.jitsi-test.province-sud.nc and jitsi-test.province-sud.nc, remove the unneeded defenitions from prosody.cfg.lua and try again.