LDAP authentification

michelandre · May 8, 2021, 5:55pm

From Jitsi, Authentication against local AD server not working.

Jitsi, Authentication against local AD server not working

Test LDAP connection

To make sure I can reach the AD server from the jitsi-prosody container I tested this using:
docker exec -ti docker-jitsi-meet_prosody_1 bash
apt-get update
apt-get install ldap-utils

ldapsearch -H ldaps://192.168.10.10:636 -x -D CN=ldapservice,CN=Users,DC=ad,DC=nethserver,DC=home -w bKlDbcv_ITSx2Qic -b CN=Users,DC=ad,DC=nethserver,DC=home 
This works without problems.

I have no AD but only plain LDAP,

From: Portainer → Containers → jitsi_prosody_1 → Console:

root@d6878aab57cb:/# apt-get update

root@d6878aab57cb:/# apt-get install ldap-utils

root@d6878aab57cb:/# ldapsearch -H ldaps://toto-dev.org:636  -x -D cn=ldapservice,dc=directory,dc=nh -w ABCDEF1234567890 -b dc=directory,dc=nh
...
# michelandre, People, directory.nh
dn: uid=michelandre,ou=People,dc=directory,dc=nh  
uidNumber: 1001
gidNumber: 1000
uid: michelandre
...
root@d6878aab57cb:/#

I modified /opt/jitsi/.env

ENABLE_GUESTS=0
ENABLE_AUTH=1
AUTH_TYPE=ldap
ENABLE_WELCOME_PAGE=1

AUTH_TYPE=ldap
LDAP_URL=ldaps://toto-dev.org:636
LDAP_BASE=dc=directory,dc=nh
LDAP_BINDDN=cn=ldapservice,dc=directory,dc=nh	
LDAP_BINDPW=ABCDEF1234567890
LDAP_FILTER=(uid=%u)
LDAP_AUTH_METHOD=bind
LDAP_USE_TLS=1

I then relaunched docker-compose:

# cd /opt/jitsi ; docker-compose down && rm -rf .jitsi-meet-cfg/ ; docker-compose up -d

THEN THE MIRACLE HAPPENS

https://meet.toto-dev.org:8443/.

Thank you so much for that tip on making aqua persistent and mainly for the one to install ldapsearch with apt-get install ldap-utils. The latter allowed me to confirm, unlike Portainer, that prosody could connect to LOCAL LDAP.

Two posts and two problems resolved, I put you on my list of The Greatests.

You didn’t make my day, but my full month…

Michel-André

P.S. I think that Portainer has a bug for testing the connection to LDAP ???