How to disable LDAP?

[tio-trom]

Hardware: VPS bought online YunoHost version: 4.3.6.2 (stable). I have access to my server: Through SSH | through the webadmin | direct access via keyboard / screen | ... Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no

I would like to have Jitsi open for anyone. So how can I disable LDAP? Thanks!

EDIT: Is it the file /etc/prosody/conf.avail/call.trom.tf.cfg.lua ?

[yalh76]

You need to revert: https://github.com/YunoHost-Apps/jitsi_ynh/commit/7962e1d49fc9d5d5da48fd4fdfbbd2590d1d7ad2

[tio-trom]

Thanks. Ok. May I ask why the decision to make Jitsi only work for the registered users? The default Jitsi Meet is open for everyone. It is a very handy tool to use and maybe there should either be open as default, or make it easy to remove the LDAP limitation.

[yalh76]

Thanks. Ok. May I ask why the decision to make Jitsi only work for the registered users? The default Jitsi Meet is open for everyone. It is a very handy tool to use and maybe there should either be open as default, or make it easy to remove the LDAP limitation.

I though that most jitsi installed on yunohost will be for personal use, not to make a public jitsi.

As you can see, there are various files to modify to enable or disable ldap authentication, not that simple. But feel free to make a pull request to make that change easily.

[tio-trom]

Ah I see. I truly wanted to provide a free Jitsi Meet instance for our trom.tf services so that anyone can use it. I can try do those changes manually but I see even scripts/install need to be modified. Does that mean I have to fork this and do the changes then install in order for it to work?

Also would you reconsider making it public and not LDAP based?

And thanks a lot for your work on this package!

[tio-trom]

Also, is this the correct folder to edit /etc/yunohost/apps/jitsi/conf ? I see all of the edited files there.

[tio-trom]

So I have done all of the changes to the files in /etc/yunohost/apps/jitsi/conf. Restarted all Jitsi services + Prosody + Nginx. I see no difference. Weird.

[Tagadda]

This is not where the actual conf are, only templates used during install. You'll need to edit the config at the final location. Probably somewhere in /etc/jitsi and /etc/prosody/ according to https://github.com/YunoHost-Apps/jitsi_ynh/blob/master/scripts/install#L163-L235

[tio-trom]

I think I've done it. Here's how (replace domain-name with your domain name where jitsi is installed):

Disable LDAP

1. Edit the file

/etc/jitsi/jicofo/jicofo.conf

And remove:

authentication: {

    enabled: true

    type: XMPP

    login-url: __DOMAIN__

 }

2. Edit the file:

/etc/jitsi/meet/domain-name-config.js

And replace:

anonymousdomain: 'guest.__DOMAIN__',

with

// anonymousdomain: 'guest.example.com',

3. Edit the file:

/etc/prosody/conf.avail/domain-name.cfg.lua

And replace:

  authentication = "ldap"

    ldap_server = "localhost"

    ldap_filter = "(uid=$user)"

    ldap_scope = "subtree"

    ldap_base = "ou=users,dc=yunohost,dc=org"

    ldap_mode = "bind"

With:

authentication = "anonymous"

Plus delete:

VirtualHost "guest.__DOMAIN__"

    authentication = "anonymous"

    c2s_require_encryption = fa

So I could probably close this issue now. It is a little work but seems doable. If any of you can confirm that the above are ok and there is nothing else to do more for it to properly work.

[yalh76]

yes it's what has to be done. PS: at next upgrade of jitsi, the changes you made manually will be overwrite and you will have to redo then

[tio-trom]

Yes I know I will have to do the changes again. It is ok. Thanks for the help!

[tio-trom]

The method does not really work. It tries to reconnect. I will reopen this issue for now and see if I or others can come up with a better solution to then be integrated into the main ynh package. I think it can be really great to easily provide this as a public service like we do via trom.tf for many other services. But for now this Jitsi package is unreliable when trying to disable the LDAP integration.