Multiple LDAP Authentication Contexts

StanObuX · February 26, 2022, 1:17am

Hello,

I am attempting to use multiple domains to access my jitsi install. All good there after following this thread: Same Jitsi-Meet instance with multiple domain names - #49 by probie and How to configure Multidomain support for Jitsi Meet Docker ? (Behind CDN)

I use LDAP authentication to validate logins via the prosody ldap2 module. In addition, I would like to create LDAP authentication contexts to enable users that log into the jitsi instance via domain-A or domain-B to not be allowed into rooms created by the other domain. Perhaps then I would require two jitsi instances?

I’ve been working on this idea for a couple of days and it appears to me that there are possible limitations in perhaps 2 places:

the prosody ldap2 authentication module, and
(I’m probably ignorant of things…) how jitsi handles any domain not the main domain as a $http_host “passthough” via nginx.

Perhaps it is possible to create an additional folder for a “separate” jisti instance on the same machine such that each VirtualHost can function separately? How would the prosody configuration look for this?

I appreciate any ideas, pointers, RTFM directions, or perhaps even the WAY to do this if someone has done so. It is not beyond me that I am misunderstanding the entire implementation!

Thanks in advance,
StanObuX stabbing in the dark

P.S. I hope my idea is clear, lol!

gpatel-fr · February 28, 2022, 7:57am

That is not totally clear, you are saying that users should be enabled to be disabled. Anyway, if you want a single system to manage 2 Jitsi instances, having 2 Prosody services may (if I understand correctly) allow you to have 2 separate Jitsi domains with separate rooms. I think (almost sure) that a JVB can serve 2 different Jitsi installs, but I think it’s not possible with Jicofo.
An vastly easier (almost immediate) way would be to have 2 containers each hosting a domain. This works. If you have only a single server, you can have one JVB listening on 10000, the other on 10001 (for example). Duplicating everything will cost you a bit of memory, but what’s the cost beside setting up and maintaining a very complicated setup with hacked services ?

StanObuX · February 28, 2022, 2:00pm

Thanks for the reply! I’ve gotten A LOT closer to what I want and it doesn’t require much hacking (! lol) but I am having issues with jicofo.

After dealing with this for a while I’ve decided that it is probably better to stand up two separate containers as well. In my spare time I may take a stab at messing with how jicofo behaves.

Again, thanks for your input gpatel-fr!