enable LDAP authentication

YunoHost-Apps · Feb 10, 2022 · 7962e1d · 7962e1d
1 parent a73ec7c
commit 7962e1d
Show file tree

Hide file tree

Showing 9 changed files with 32 additions and 5 deletions.
diff --git a/conf/jitsi-jicofo-jicofo.conf b/conf/jitsi-jicofo-jicofo.conf
@@ -1,6 +1,11 @@
 # Jicofo HOCON configuration. See reference.conf in /usr/share/jicofo/jicofo.jar for
 #available options, syntax, and default values.
 jicofo {
+  authentication: {
+    enabled: true
+    type: XMPP
+    login-url: __DOMAIN__
+ }
   xmpp: {
     client: {
       client-proxy: focus.__DOMAIN__

diff --git a/conf/jitsi-meet-config.js b/conf/jitsi-meet-config.js
@@ -9,7 +9,7 @@ var config = {
         domain: '__DOMAIN__',
 
         // When using authentication, domain for guest users.
-        // anonymousdomain: 'guest.example.com',
+        anonymousdomain: 'guest.__DOMAIN__',
 
         // Domain for authenticated users. Defaults to <domain>.
         // authdomain: '__DOMAIN__',

diff --git a/conf/mod_auth_ldap.src b/conf/mod_auth_ldap.src
@@ -0,0 +1,7 @@
+SOURCE_URL=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
+SOURCE_SUM=49c67ec86ec75ac8de93803be2ac7f907d1e9d3d22cd4c88fd48aaeed7a411e3
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=lua
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=mod_auth_ldap.lua
+SOURCE_EXTRACT=false
diff --git a/conf/prosody.cfg.lua b/conf/prosody.cfg.lua
@@ -27,7 +27,12 @@ unlimited_jids = {
 
 VirtualHost "__DOMAIN__"
     -- enabled = false -- Remove this line to enable this host
-    authentication = "anonymous"
+    authentication = "ldap"
+    ldap_server = "localhost"
+    ldap_filter = "(uid=$user)"
+    ldap_scope = "subtree"
+    ldap_base = "ou=users,dc=yunohost,dc=org"
+    ldap_mode = "bind"
     -- Properties below are modified by jitsi-meet-tokens package config
     -- and authentication above is switched to "token"
     --app_id="example_app_id"
@@ -61,6 +66,10 @@ VirtualHost "__DOMAIN__"
     main_muc = "conference.__DOMAIN__"
     -- muc_lobby_whitelist = { "recorder.__DOMAIN__" } -- Here we can whitelist jibri to enter lobby enabled rooms
 
+VirtualHost "guest.__DOMAIN__"
+    authentication = "anonymous"
+    c2s_require_encryption = false
+
 Component "conference.__DOMAIN__" "muc"
     restrict_room_creation = true
     storage = "memory"

diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md
@@ -2,4 +2,5 @@
 
 1. **Jitsi** requires a dedicated **root domain**, eg. jitsi.domain.tld
 2. **Jitsi** requires the ports TCP/4443 and UDP/10000 to be forwarded to your YunoHost (The same way you forwarded 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
-3. **Jitsi** will stop and disable Metronome XMPP.
+3. **Jitsi** will stop and disable Metronome XMPP.
+4. LDAP authentication is activated, only authenticated users to create new conference rooms. Whenever a new room is about to be created, Jitsi Meet will prompt for a user name and password. After the room is created, others will be able to join from anonymous domain.
diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md
@@ -2,4 +2,5 @@
 
 1. **Jitsi** a besoin d'un **domaine racine** dédié, par exemple : jitsi.domain.tld
 2. **Jitsi** demande que les ports TCP/4443 et UDP/10000 soient routés vers votre YunoHost (De la même manière que le sont les ports 80 (HTTP), 443 (HTTPS), etc... https://yunohost.org/#/isp_box_config)
-3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
+3. **Jitsi** va arréter et désactiver le service XMPP Metronome.
+4. L'authentification LDAP est activée, seuls les utilisateurs authentifiés peuvent créer de nouvelles salles de conférence. Chaque fois qu'une nouvelle salle est sur le point d'être créée, Jitsi Meet vous demandera un nom d'utilisateur et un mot de passe. Une fois la salle créée, d'autres personnes pourront la rejoindre à partir d'un domaine anonyme. 
diff --git a/scripts/_common.sh b/scripts/_common.sh
@@ -5,7 +5,7 @@
 #=================================================
 
 # dependencies used by the app
-pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime"
+pkg_dependencies="openjdk-8-jre-headless|openjdk-11-jre-headless debconf|debconf-2.0 procps uuid-runtime lua-ldap"
 
 #=================================================
 # PERSONAL HELPERS

diff --git a/scripts/install b/scripts/install
@@ -143,6 +143,8 @@ do
 	ynh_secure_remove --file="$final_path/${package}_temp"
 done
 
+ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
+
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:$app "$final_path"

diff --git a/scripts/upgrade b/scripts/upgrade
@@ -114,6 +114,8 @@ then
 		mv "$final_path/${package}_temp/usr/share/${packages[$package]}/" "$final_path/${package}/"
 		ynh_secure_remove --file="$final_path/${package}_temp"
 	done
+
+	ynh_setup_source --dest_dir="$final_path/jitsi-meet-prosody" --source_id=mod_auth_ldap
 fi
 
 chmod 750 "$final_path"