mirror of
https://github.com/YunoHost-Apps/jitsi_ynh.git
synced 2024-09-03 19:35:57 +02:00
enable LDAP authentication
This commit is contained in:
parent
a73ec7c023
commit
7962e1d49f
9 changed files with 32 additions and 5 deletions
|
@ -1,6 +1,11 @@
|
|||
# Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for
|
||||
#available options, syntax, and default values.
|
||||
jicofo {
|
||||
authentication: {
|
||||
enabled: true
|
||||
type: XMPP
|
||||
login-url: __DOMAIN__
|
||||
}
|
||||
xmpp: {
|
||||
client: {
|
||||
client-proxy: focus.__DOMAIN__
|
||||
|
|
|
@ -9,7 +9,7 @@ var config = {
|
|||
domain: '__DOMAIN__',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
anonymousdomain: 'guest.__DOMAIN__',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: '__DOMAIN__',
|
||||
|
|
7
conf/mod_auth_ldap.src
Normal file
7
conf/mod_auth_ldap.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
|
||||
SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=lua
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=mod_auth_ldap.lua
|
||||
SOURCE_EXTRACT=false
|
|
@ -27,7 +27,12 @@ unlimited_jids = {
|
|||
|
||||
VirtualHost "__DOMAIN__"
|
||||
-- enabled = false -- Remove this line to enable this host
|
||||
authentication = "anonymous"
|
||||
authentication = "ldap"
|
||||
ldap_server = "localhost"
|
||||
ldap_filter = "(uid=$user)"
|
||||
ldap_scope = "subtree"
|
||||
ldap_base = "ou=users,dc=yunohost,dc=org"
|
||||
ldap_mode = "bind"
|
||||
-- Properties below are modified by jitsi-meet-tokens package config
|
||||
-- and authentication above is switched to "token"
|
||||
--app_id="example_app_id"
|
||||
|
@ -61,6 +66,10 @@ VirtualHost "__DOMAIN__"
|
|||
main_muc = "conference.__DOMAIN__"
|
||||
-- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||
|
||||
VirtualHost "guest.__DOMAIN__"
|
||||
authentication = "anonymous"
|
||||
c2s_require_encryption = false
|
||||
|
||||
Component "conference.__DOMAIN__" "muc"
|
||||
restrict_room_creation = true
|
||||
storage = "memory"
|
||||
|
|
|
@ -3,3 +3,4 @@
|
|||
1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld
|
||||
2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
|
||||
3. **Jitsi** will stop and disable Metronome XMPP.
|
||||
4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain.
|
||||
|
|
|
@ -3,3 +3,4 @@
|
|||
1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld
|
||||
2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
|
||||
3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
|
||||
4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme.
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
#=================================================
|
||||
|
||||
# dependencies used by the app
|
||||
pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime"
|
||||
pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap"
|
||||
|
||||
#=================================================
|
||||
# PERSONAL HELPERS
|
||||
|
|
|
@ -143,6 +143,8 @@ do
|
|||
ynh_secure_remove --file="$final_path/${package}_temp"
|
||||
done
|
||||
|
||||
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
|
|
@ -114,6 +114,8 @@ then
|
|||
mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/"
|
||||
ynh_secure_remove --file="$final_path/${package}_temp"
|
||||
done
|
||||
|
||||
ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
|
||||
fi
|
||||
|
||||
chmod 750 "$final_path"
|
||||
|
|
Loading…
Reference in a new issue