Closed ClaudioSousa14 closed 4 years ago
Have you wiped the config volume before creating the containers again?
Have you wiped the config volume before creating the containers again?
Everytime I change the .env file I do:
# sudo rm -rf /root/.jitsi-meet-cfg
# sudo /usr/local/bin/docker-compose up -d
Maybe your config ldap is wrong for somehow. Here is my example config for ldap base on your information. LDAP_URL=ldap://diva.intranet.digitalsign.pt:389 LDAP_BASE=DC=intranet,DC=digitalsign,DC=pt LDAP_BINDDN=CN=jitsi,DC=intranet,DC=digitalsign,DC=pt LDAP_BINDPW=Bu6jhgvLK LDAP_FILTER=(sAMAccountName=%u) LDAP_AUTH_METHOD=bind LDAP_VERSION=3
Maybe your config ldap is wrong for somehow. Here is my example config for ldap base on your information. LDAP_URL=ldap://diva.intranet.digitalsign.pt:389 LDAP_BASE=DC=intranet,DC=digitalsign,DC=pt LDAP_BINDDN=CN=jitsi,DC=intranet,DC=digitalsign,DC=pt LDAP_BINDPW=Bu6jhgvLK LDAP_FILTER=(sAMAccountName=%u) LDAP_AUTH_METHOD=bind LDAP_VERSION=3
Thank you for the reply. I tested with that configurations and is the same. What I think that is stranger is that whatever configurations I put I don't see any traffic bettween my docker host and LDAP server.
I allready had some little advances. When I configured the ladp before, all pages where grey at all, with no options. Now I fixed it. So the problem is that if I change bettwen "internal" to "ladp" the page stay grey. To solve that I need to:
#ENABLE_AUTH=1
2. Delete the folder ".jitsi-meet-cfg";
3. Compose docker;
4. Change the .env file and discomment the previous lines;
5. Delete the folder ".jitsi-meet-cfg";
6. Compose docker;
Now the page works and asks for authentication.
If I insert the user "jitsi" and the password I get the error "Incorrect username or password".
If I insert the user "intranet\jitsi" and the password I get the error "Incorrect username or password".
If I insert the user "jitsi@intranet.digitalsign.pt" and the password keep saying "Connecting" forever.
In all the cases explained I cannot see any traffic between my docker-host and my LDAP server.
Anybody know where I can see any logs?
Thank you all.
I think this commit https://github.com/jitsi/docker-jitsi-meet/commit/7aa2d8114c0da8ab0a2a8c5ec07e576eb4d887d7 helped, now the replacement is getting done
I think this commit 7aa2d81 helped, now the replacement is getting done
Sorry but what that should do different? It is all the same.
@ClaudioSousa14
LDAP_FILTER
for using different.@ClaudioSousa14
- Try to debug this config with username like "jitsi". Later need changes in
LDAP_FILTER
for using different.- If you ldap url set properly, traffic to ldap server must be. If not, try to debug you network connection with netcat from inside the prosody container.
- You can switch prosody log to debug level for get more info inside the contsiner.
So I allready can see traffic between the docker host and the LDAP server. So my .env file is:
LDAP_URL=ldap://diva.intranet.digitalsign.pt/
LDAP_BASE=DC=intranet,DC=digitalsign,DC=pt
LDAP_BINDDN=CN=jitsi,DC=intranet,DC=digitalsign,DC=pt
LDAP_BINDPW=Bu8DpLK
LDAP_FILTER=(sAMAccountName=%u)
LDAP_AUTH_METHOD=bind
LDAP_VERSION=3
LDAP_USE_TLS=1
LDAP_TLS_CIPHERS=SECURE256:SECURE128
LDAP_TLS_CHECK_PEER=1
LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
LDAP_TLS_CACERT_DIR=/etc/ssl/certs
LDAP_START_TLS=0
All the times I received the message "Incorrect username or password". I allready tried with different filters. Any idea? Really thank you.
First of all look at LDAP_URL=ldap://
it needs ldaps scheme if you have LDAP_USE_TLS=1
Did you try to read a log file of prosody? Command like docker-compose logs -f --tail=100 prosody
usualy shows where the problem. Also, try to stay LDAP_TLS_*
parameters by default fo debug.
First of all look at
LDAP_URL=ldap://
it needs ldaps scheme if you haveLDAP_USE_TLS=1
Did you try to read a log file of prosody? Command likedocker-compose logs -f --tail=100 prosody
usualy shows where the problem. Also, try to stayLDAP_TLS_*
parameters by default fo debug.
So I changed what you suggested:
LDAP_URL=ldaps://diva.intranet.digitalsign.pt/
LDAP_USE_TLS=1
LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
LDAP_START_TLS=1
And I checked the logs but unfortunately with any luck:
prosody_1 | boshaecd6803-e4e3-49b7-b9c8-39176bcc4780 info Authenticated as 7_98ftimw0ejpvpp@guest.meet.jitsi
prosody_1 | mod_bosh info New BOSH session, assigned it sid '50d3189e-5b98-458f-a1e3-6e595e4de4fc'
prosody_1 | saslauthd[270] :released accept lock
prosody_1 | saslauthd[273] :acquired accept lock
prosody_1 | saslauthd[270] :attempting a read lock on slot: 632
prosody_1 | saslauthd[270] :[login=jitsi] [service=xmpp] [realm=meet.jitsi]: not found, update pending
prosody_1 | saslauthd[270] :attempting to release lock on slot: 632
prosody_1 | saslauthd[270] :auth failure: [user=jitsi] [service=xmpp] [realm=meet.jitsi] [mech=ldap] [reason=Unknown]
prosody_1 | saslauthd[270] :response: NO
Any ideas? Really thank you for the help @netaskd
The first guessing LDAP_START_TLS=1
-> LDAP_START_TLS=0
rm -rf your-path-to-config-dir/prosody
testsaslauthd -u your-ldap-user -p your-ldap-password
So I changed the LDAP_START_TLS=0
And the log:
prosody_1 | mod_bosh info New BOSH session, assigned it sid '3e8b69dc-6820-47b8-8346-27379c7ad357'
prosody_1 | saslauthd[273] :released accept lock
prosody_1 | saslauthd[276] :acquired accept lock
prosody_1 | saslauthd[273] :attempting a read lock on slot: 632
prosody_1 | saslauthd[273] :[login=jitsi] [service=xmpp] [realm=meet.jitsi]: not found, update pending
prosody_1 | saslauthd[273] :attempting to release lock on slot: 632
prosody_1 | saslauthd[273] :auth failure: [user=jitsi] [service=xmpp] [realm=meet.jitsi] [mech=ldap] [reason=Unknown]
prosody_1 | saslauthd[273] :response: NO
prosody_1 | mod_bosh info New BOSH session, assigned it sid '2ad63114-d5d6-4b09-87ec-f1c01aa3319f'
prosody_1 | saslauthd[276] :released accept lock
prosody_1 | saslauthd[273] :acquired accept lock
prosody_1 | saslauthd[276] :attempting a read lock on slot: 235
prosody_1 | saslauthd[276] :[login=intranet\jitsi] [service=xmpp] [realm=meet.jitsi]: not found, update pending
prosody_1 | saslauthd[276] :attempting to release lock on slot: 235
prosody_1 | saslauthd[276] :auth failure: [user=intranet\jitsi] [service=xmpp] [realm=meet.jitsi] [mech=ldap] [reason=Unknown]
prosody_1 | saslauthd[276] :response: NO
On the prosody container:
[csousa@docker jitsi-meet]$ sudo /usr/local/bin/docker-compose exec prosody /bin/bash
[sudo] password for csousa:
root@22320e63fe13:/# testsaslauthd -u jitsi -p Bu8DpLK
0: NO "authentication failed"
root@22320e63fe13:/# testsaslauthd -u jitsi@intranet.digitalsign.pt -p Bu8DpLK
0: NO "authentication failed"
root@22320e63fe13:/# testsaslauthd -u "intranet\jitsi" -p Bu8DpLK
0: NO "authentication failed"
root@22320e63fe13:/# testsaslauthd -u "intranet/jitsi" -p Bu8DpLK
0: NO "authentication failed"
root@22320e63fe13:/# testsaslauthd -u "intranet.digitalsign.pt\jitsi" -p Bu8DpLK
0: NO "authentication failed"
How can I increase the log level?
try to run strace testsaslauthd -u jitsi -p Bu8DpLK
Sorry but it seems that the command does not exist on the container:
[csousa@docker jitsi-meet]$ sudo /usr/local/bin/docker-compose exec prosody /bin/bash
root@1171a9b4fd6f:/# strace testsaslauthd -u jitsi -p Bu8DpLK
bash: strace: command not found
just install it and try again
Hi @ClaudioSousa14 , you use OpenLDAP, right?. Have you fixed this issue?
just install it and try again
Sorry for the delay but the work was an worry in the last days. I already run the strace but unfortunately I cannot see any relevant information.
Hi @ClaudioSousa14 , you use OpenLDAP, right?. Have you fixed this issue?
@phuocnguyenit96 No, I have a Windows Server, with the domain-controller running LDAP. And unfortunately I haven't fixed this issue yet.
Hi @ClaudioSousa14 , you use OpenLDAP, right?. Have you fixed this issue?
@phuocnguyenit96 No, I have a Windows Server, with the domain-controller running LDAP. And unfortunately I haven't fixed this issue yet.
the first installation, i have the same issue after i have resolved it but i'm using "OpenLdap". This's my config: ENABLE_AUTH=1 ENABLE_GUESTS=0 AUTH_TYPE=ldap LDAP_URL=ldaps://ip-ldap:636 LDAP_BINDDN=uid=yourldapuser,OU=People,DC=yourDC,DC=yourDC LDAP_BINDPW= LDAP_FILTER=(uid=%u) LDAP_AUTH_METHOD=bind LDAP_USE_TLS=1 I hope it helps you
Hi @ClaudioSousa14 , you use OpenLDAP, right?. Have you fixed this issue?
@phuocnguyenit96 No, I have a Windows Server, with the domain-controller running LDAP. And unfortunately I haven't fixed this issue yet.
the first installation, i have the same issue after i have resolved it but i'm using "OpenLdap". This's my config: ENABLE_AUTH=1 ENABLE_GUESTS=0 AUTH_TYPE=ldap LDAP_URL=ldaps://ip-ldap:636 LDAP_BINDDN=uid=yourldapuser,OU=People,DC=yourDC,DC=yourDC LDAP_BINDPW= LDAP_FILTER=(uid=%u) LDAP_AUTH_METHOD=bind LDAP_USE_TLS=1 I hope it helps you
This worked for me. I was doing a similar thing, and the only difference between my config and this one is the ldaps and USE_TLS=1. But the interesting thing is that my LDAP server still shows the request coming through on port 389, so it seems there's a misconfiguration in the prosody module.
Hi guys,
Really thank you @phuocnguyenit96 and @Doc-Saintly
Now I can finally put this working. The only differences on my configuration:
LDAP_BASE=DC=intranet,DC=digitalsign,DC=pt
LDAP_BINDDN=CN=jitsi,CN=Users,DC=intranet,DC=digitalsign,DC=pt
LDAP_FILTER=(sAMAccountName=%u)
Hello @ClaudioSousa14 @phuocnguyenit96 @Doc-Saintly , I need some help. Somehow the above thing doesn't work for me. Can you guys help me with this ?
For my LDAP, I am referring this setup : https://github.com/osixia/docker-openldap
Commands that I run
docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.4.0
docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
OUTPUT:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example
# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9c3RKaFZOVHlTNjhrb1FxVTN2QTltY25pRzlTRndnSEU=
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
my .env for LDAP looks something like this
ENABLE_AUTH=1
ENABLE_GUESTS=1
AUTH_TYPE=ldap
LDAP_URL=ldap://<system-ip>:389/
LDAP_BASE=dc=example,dc=org
LDAP_BINDDN=cn=admin,dc=example,dc=org
LDAP_BINDPW=e1NTSEF9c3RKaFZOVHlTNjhrb1FxVTN2QTltY25pRzlTRndnSEU=
LDAP_FILTER=(sAMAccountName=%u)
LDAP_AUTH_METHOD=bind
LDAP_VERSION=3
LDAP_USE_TLS=1
Please help me!!!
[ UPDATE ]
hi @tusharsonawanes , I'm using docker-compose to install jitsi. Have you tried my config? and what's error log?
@phuocnguyenit96 thank you soo much for the quick reply
ENABLE_GUEST=0
LDAP_URL=ldaps://192.168.1.11:636
LDAP_FILTER=(cn=%u)
I deleted that .jitsi-meet-config folder and did docker-compose up again.
Still the same error exists.
Can you guide me on which containers logs should I check ?
@phuocnguyenit96 thank you soo much for the quick reply
- So I changed these in my previous configuration file that is .env file after referring your config
ENABLE_GUEST=0 LDAP_URL=ldaps://192.168.1.11:636 LDAP_FILTER=(cn=%u)
- I deleted that .jitsi-meet-config folder and did docker-compose up again.
- Still the same error exists.
- Can you guide me on which containers logs should I check ?
Sorry Bro, I reply late. My suggests:
And show to me the results (screenshot docker logs if you can ^^).
@phuocnguyenit96 thank you soo much for the quick reply
- So I changed these in my previous configuration file that is .env file after referring your config
ENABLE_GUEST=0 LDAP_URL=ldaps://192.168.1.11:636 LDAP_FILTER=(cn=%u)
- I deleted that .jitsi-meet-config folder and did docker-compose up again.
- Still the same error exists.
- Can you guide me on which containers logs should I check ?
Hi @phuocnguyenit96 ,
Haven't you fix the problem yeat? The only way I could figered out my problem was using Wireshark to check what was sent to LDAP server and can see the response from the LDAP server.
So use LDAP comunication instead of LDAPS and use Wireshark to analise the trafic at port 389. You will see that the errors will be very clear.
Hope it helps.
@phuocnguyenit96 thank you soo much for the quick reply
- So I changed these in my previous configuration file that is .env file after referring your config
ENABLE_GUEST=0 LDAP_URL=ldaps://192.168.1.11:636 LDAP_FILTER=(cn=%u)
- I deleted that .jitsi-meet-config folder and did docker-compose up again.
- Still the same error exists.
- Can you guide me on which containers logs should I check ?
@phuocnguyenit96 thank you soo much for the quick reply
- So I changed these in my previous configuration file that is .env file after referring your config
ENABLE_GUEST=0 LDAP_URL=ldaps://192.168.1.11:636 LDAP_FILTER=(cn=%u)
- I deleted that .jitsi-meet-config folder and did docker-compose up again.
- Still the same error exists.
- Can you guide me on which containers logs should I check ?
Sorry Bro, I reply late. My suggests:
- Monitoring LDAP logs
- Minitoring docker logs: docker logs -f my-openldap-container
- Try this config: LDAP_BINDDN=uid=yourldapuser,OU=People,DC=yourDC,DC=yourDC LDAP_FILTER=(uid=%u)
And show to me the results (screenshot docker logs if you can ^^).
Have you resolved your issue? @tusharsonawanes
@phuocnguyenit96 not really. Need to work on this
Thanks to all the comments above! I have a Windows AD domain which is on function level "2008 R2". And this is the working .env configuration for me: ENABLE_AUTH=1 ENABLE_GUESTS=0 AUTH_TYPE=ldap LDAP_URL=ldap://192.168.6.10:389 LDAP_BASE=DC=company,DC=com LDAP_BINDDN=CN=jitsimeetuser,OU=devices,DC=company,DC=com LDAP_BINDPW=password-for-jitsimeetuser LDAP_FILTER=(sAMAccountName=%u) LDAP_AUTH_METHOD=bind LDAP_VERSION=3 LDAP_USE_TLS=0
Hi guys,
I had jitsi running with no problems. Then I activated internal authentication and worked great.
But now I'm trying to configure LDAP with no sucess at all. I allready tested everything.
So I cannot see any traffic bettwen my docker machine and my LDAP server. How can I see any logs? I allready searched for them with no sucess.
There it is my .env file. All the coments where allready commented and discomented and no difference at all:
Thank you all.