diff --git a/conf/jitsi-jicofo-jicofo.conf b/conf/jitsi-jicofo-jicofo.conf index c1b7c15..9e91218 100644 --- a/conf/jitsi-jicofo-jicofo.conf +++ b/conf/jitsi-jicofo-jicofo.conf @@ -1,6 +1,11 @@ # Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for #available options, syntax, and default values. jicofo { + authentication: { + enabled: true + type: XMPP + login-url: __DOMAIN__ + } xmpp: { client: { client-proxy: focus.__DOMAIN__ diff --git a/conf/jitsi-meet-config.js b/conf/jitsi-meet-config.js index 011c458..a2276f7 100644 --- a/conf/jitsi-meet-config.js +++ b/conf/jitsi-meet-config.js @@ -9,7 +9,7 @@ var config = { domain: '__DOMAIN__', // When using authentication, domain for guest users. - // anonymousdomain: 'guest.example.com', + anonymousdomain: 'guest.__DOMAIN__', // Domain for authenticated users. Defaults to . // authdomain: '__DOMAIN__', diff --git a/conf/mod_auth_ldap.src b/conf/mod_auth_ldap.src new file mode 100644 index 0000000..6fed26c --- /dev/null +++ b/conf/mod_auth_ldap.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua +SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=lua +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=mod_auth_ldap.lua +SOURCE_EXTRACT=false diff --git a/conf/prosody.cfg.lua b/conf/prosody.cfg.lua index 0fb3f69..d13ff0a 100644 --- a/conf/prosody.cfg.lua +++ b/conf/prosody.cfg.lua @@ -27,7 +27,12 @@ unlimited_jids = { VirtualHost "__DOMAIN__" -- enabled = false -- Remove this line to enable this host - authentication = "anonymous" + authentication = "ldap" + ldap_server = "localhost" + ldap_filter = "(uid=$user)" + ldap_scope = "subtree" + ldap_base = "ou=users,dc=yunohost,dc=org" + ldap_mode = "bind" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" --app_id="example_app_id" @@ -61,6 +66,10 @@ VirtualHost "__DOMAIN__" main_muc = "conference.__DOMAIN__" -- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms +VirtualHost "guest.__DOMAIN__" + authentication = "anonymous" + c2s_require_encryption = false + Component "conference.__DOMAIN__" "muc" restrict_room_creation = true storage = "memory" diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index e718345..d069ebb 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -2,4 +2,5 @@ 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld 2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) -3. **Jitsi** will stop and disable Metronome XMPP. \ No newline at end of file +3. **Jitsi** will stop and disable Metronome XMPP. +4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index d778655..02abc34 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -2,4 +2,5 @@ 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld 2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config) -3. **Jitsi** va arréter et désactiver le service XMPP Metronome. \ No newline at end of file +3. **Jitsi** va arréter et désactiver le service XMPP Metronome. +4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme. diff --git a/scripts/_common.sh b/scripts/_common.sh index a6ea17a..45d1c9f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime" +pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index dfcabfd..f0b22b5 100644 --- a/scripts/install +++ b/scripts/install @@ -143,6 +143,8 @@ do ynh_secure_remove --file="$final_path/${package}_temp" done +ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap + chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" diff --git a/scripts/upgrade b/scripts/upgrade index 6d9ba0c..6765844 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -114,6 +114,8 @@ then mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/" ynh_secure_remove --file="$final_path/${package}_temp" done + + ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap fi chmod 750 "$final_path"