search

jitsi / docker-jitsi-meet

Jitsi Meet on Docker
https://hub.docker.com/u/jitsi/
Apache License 2.0
3.04k stars 1.35k forks source link

docker: no ldap connection to openldap server #623

Open nobe80 opened 4 years ago

nobe80 commented 4 years ago

Hi!

using the latest docker version works fine with internal user auth but i´m unable to connect to an openldap server. The openldap server works 100% fine. The server is listen on port 389 and 636. When i use "ldapsearch" from the same server where jitsi meet is running then i get ldap responses on both protocols "ldap" and "ldaps". I can see the ldapsearch requests also in the openldap server logfile. But doesn´t matter what i set in the docker .env file for ldap setting (ldap/ldaps), there is always no connection to see in the openldap server logfile. finally ldap authentication doesn´t work

Any ideas what it could be the reason?

prayagsingh commented 4 years ago

Hello @nobe80 I'm able to use ldaps and ldap with START_TLS successfully. you can refer to this link. I'm using docker swarm and using openldap with docker-compose running on a separate VM instance. I just started learning about ldap because of jitsi-ldap integration only.

my prosody LDAP config please change the LDAP_BASE and LDAP_BINDDN as per you config

LDAP_URL: ldap://ldap.example.in:5050/ #ldaps://ldap.example.in:7946 #ldap://ldap.example.in:5050/
# -D "cn=admin,dc=meet,dc=example,dc=in" -w admin -b "ou=Users,dc=meet,dc=example,dc=in" '(uid=joe)'
# -D --> bindDN, -b --> baseDN
LDAP_BASE: "OU=Users,DC=meet,DC=example,DC=in" # -b
LDAP_BINDDN: "CN=admin,DC=meet,DC=example,DC=in" #CN=admin,OU=Users,DC=meet,DC=example,DC=in # -D
LDAP_BINDPW: admin
LDAP_FILTER: "(uid=%u)" #(sAMAccountName=%u)
LDAP_AUTH_METHOD: bind
LDAP_VERSION: 3
LDAP_USE_TLS: 1
LDAP_TLS_CIPHERS: SECURE256:SECURE128
LDAP_TLS_CHECK_PEER: 1
LDAP_TLS_CACERT_FILE: /etc/ssl/certs/main.pem #<--- this should be a chain certificate. won't work if its just a CA
LDAP_TLS_CACERT_DIR: /etc/ssl/certs
LDAP_START_TLS: 1

prosody logs

jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :attempting a read lock on slot: 31
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :[login=prayag] [service=xmpp] [realm=meet.example.in]: not found, update pending
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :attempting to release lock on slot: 31
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :attempting a write lock on slot: 31
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :lookup committed
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :attempting to release lock on slot: 31
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :auth success: [user=prayag] [service=xmpp] [realm=meet.example.in] [mech=ldap]
jitsi_prosody.1.utx4y6j01w2q@vs2    | saslauthd[278] :response: OK
tusharsonawanes commented 3 years ago

@prayagsingh is it working for you ? I copied the same thing, doesn't work for me

prayagsingh commented 3 years ago

yes it is.

tusharsonawanes commented 3 years ago

yes it is.

That's great. I'll re-deploy the whole thing. If I have any issue, I'll put it here.

Anyway, did you make any changes in prosody or jicofo for the same ?