1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/jitsi_ynh.git synced 2024-09-03 19:35:57 +02:00

enable LDAP authentication

This commit is contained in:
yalh76 2022-02-11 00:47:00 +01:00
parent a73ec7c023
commit 7962e1d49f
9 changed files with 32 additions and 5 deletions

View file

@ -1,6 +1,11 @@
# Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for
#available options, syntax, and default values.
jicofo {
authentication: {
enabled: true
type: XMPP
login-url: __DOMAIN__
}
xmpp: {
client: {
client-proxy: focus.__DOMAIN__

View file

@ -9,7 +9,7 @@ var config = {
domain: '__DOMAIN__',
// When using authentication, domain for guest users.
// anonymousdomain: 'guest.example.com',
anonymousdomain: 'guest.__DOMAIN__',
// Domain for authenticated users. Defaults to <domain>.
// authdomain: '__DOMAIN__',

7
conf/mod_auth_ldap.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=lua
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=mod_auth_ldap.lua
SOURCE_EXTRACT=false

View file

@ -27,7 +27,12 @@ unlimited_jids = {
VirtualHost "__DOMAIN__"
-- enabled = false -- Remove this line to enable this host
authentication = "anonymous"
authentication = "ldap"
ldap_server = "localhost"
ldap_filter = "(uid=$user)"
ldap_scope = "subtree"
ldap_base = "ou=users,dc=yunohost,dc=org"
ldap_mode = "bind"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
--app_id="example_app_id"
@ -61,6 +66,10 @@ VirtualHost "__DOMAIN__"
main_muc = "conference.__DOMAIN__"
-- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms
VirtualHost "guest.__DOMAIN__"
authentication = "anonymous"
c2s_require_encryption = false
Component "conference.__DOMAIN__" "muc"
restrict_room_creation = true
storage = "memory"

View file

@ -3,3 +3,4 @@
1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld
2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** will stop and disable Metronome XMPP.
4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain.

View file

@ -3,3 +3,4 @@
1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld
2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme.

View file

@ -5,7 +5,7 @@
#=================================================
# dependencies used by the app
pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime"
pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap"
#=================================================
# PERSONAL HELPERS

View file

@ -143,6 +143,8 @@ do
ynh_secure_remove --file="$final_path/${package}_temp"
done
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"

View file

@ -114,6 +114,8 @@ then
mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/"
ynh_secure_remove --file="$final_path/${package}_temp"
done
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
fi
chmod 750 "$final_path"