first of all, you have to configure the secure domain part as described in these documentation:
In the 2nd step you can configure your ldap settings:
the saslauthd daemon does the authentication for jitsi, jitsi itself doesn’t have an ldap connector.
However, you have to configure the following parameters in the /etc/saslauthd.conf
ldap_servers → insert your AD / LDAP Server Adress starting with the protocol type, ldaps:// or ldap://; depending on your ldap configuration you may have to add an port additionally like :389 …
ldap_bind_dn → insert an ldap bind user, so saslauthd can login to your ldap an browse for objects inside the ldap directory; the syntax depends on your LDAP system (ad/openldap etc…)
→ in the control panel of “AD Users and Computers” you can get the dn in user options > Attribute Editor > Distinguished Name (maybe you can also use the principal name firstname.lastname@example.org ; but I have not tested yet)
ldap_bind_pw → insert the password for the ldap bind user
ldap_search_base → that’s the entrypoint for ldap searches, e.g. cn=Users,dc=foo,dc=bar will allow login on jitsi for all users in this subscope (recursively).
ldap_filter: (sAMAccountName=%u) → %u is the variable for the login input of jitsi; if you use samaccountname as login attribute, the user have to insert the samaccountname + password in the login fields.
I recommend to do a ldapsearch to check your configuration:
ldapsearch -x -D “cn=[ldap-bind-user],cn=users,dc=example,dc=com” -w [bind-user-password] -H ldap://[YOUR-LDAP-OR-AD-HOST]:389 -b “cn=Users,dc=example,dc=com” “(sAMAccountName=[userloginname])” sAMAccountName
Note: depending to your operating system, you may have to install the ldap-utils package (e.g. apt install ldap-utils | dnf install openldap-clients)
If you get an response like below, the ldap bind was successfull and your userloginname is existent.
# extended LDIF
# base <cn=users,dc=example,dc=com> with scope subtree
# filter: (sAMAccountName=testuser)
# requesting: sAMAccountName
Note: That part of configuration in saslauthd is regardless to Jitsi. Jitsi (more precise: prosody) is using the saslauthd as authentication provider.
If this steps are successfully done, you can go ahead with the prosody and jitsi configuration described here: LDAP authentication | Jitsi Meet
Hope it helps!