Comments (12)
Hey,
Can you provide step by step instructions or link to some tutorial for basic config for working Prosody + LDAP ? This will make it easier to reproduce and fix.
from jicofo.
Sure, however, i don't think this problem is related to LDAP: if I set MECHANISMS="pam" in saslauthd.conf, I run into the same issue (and my XMPP client can open a session, so authentication is working).
It might be easier to reproduce using PAM, as it won't require an ldap server !
Prosody SASL LDAP Configuration
You have to install ldap bindings for SASL, and sasl bindings for lua. On Debian:
apt-get install lua-cyrussasl libsasl2-modules-ldap sasl2-bin
In the prosody vhost declaration, set
VirtualHost "jitsi.mydomain.com"
authentication = "cyrus"
cyrus_application_name = "xmpp"
modules_enabled = {
"bosh";
"pubsub";
}
-- These were added during Jistimeet installation
VirtualHost "guest.jitsi.mydomain.com"
authentication = "anonymous"
Component "conference.jitsi.mydomain.com" "muc"
Component "jitsi-videobridge.jitsi.mydomain.com"
component_secret = "verysecret"
VirtualHost "auth.jitsi.mydomain.com"
authentication = "internal_plain"
Component "focus.jitsi.mydomain.com"
component_secret = "moarsecret"
In /etc/sasl/xmpp.conf (i'm running Debian, so Cyrus SASL library configuration is in /etc/sasl):
pwcheck_method: saslauthd
mech_list: PLAIN
In /etc/default/saslauthd:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap
MECH_OPTIONS="/etc/saslauthd.conf"
OPTIONS="-c -m /var/run/saslauthd"
In /etc/saslauthd.conf:
ldap_servers: ldap://<your LDAP server>:389/
ldap_search_base: ou=People,dc=your,dc=basedn
(Our LDAP configuration is quite simple)
You need to add the user running prosody to the group owning /var/run/saslauthd, so, on Debian:
gpasswd -a prosody sasl
And then restart prosody and saslauthd:
service saslauthd restart
service prosody restart
You should now be able to test SASL authentication via the "testsaslauthd" command line tool:
root@jitsimeet ~ > testsaslauthd -u user -p password -s xmpp
0: OK "Success."
You should also be able to authenticate from an XMPP client.
from jicofo.
Hi! I would like to confirm @jbonachera's issue: Jitsi Meet works as advertised with authentication = "internal_plain"
, with authentication = "cyrus"
it is stuck on "Connecting" message box.
In jicofo.log
at that moment there are just repeating entries with
org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().382 Focus request xxx
without the usual
org.jitsi.jicofo.FocusManager.createConference().276 Created new focus
afterwards.
Also, recording and SIP connection stop working after setting authentication to internal_plain.
from jicofo.
The same happens also when using Prosody LDAP module: http://modules.prosody.im/mod_auth_ldap.html
from jicofo.
Hi,
it works for me with pretty much the same configuration mentioned above...
maybe the jicofo config is missing...
/etc/jitsi/jicofo/sip-communicator.properties
org.jitsi.jicofo.auth.URL=XMPP:jitsi.mydomain.com
from jicofo.
That line is there in my config too :)
org.jitsi.jicofo.auth.URL=XMPP:videokonf.domain.com
I tested to change my /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua
to use internal_plain
authentication. My file
VirtualHost "videokonf.domain.com"
authentication = "internal_plain"
ssl = {
key = "/etc/prosody/certs/videokonf.domain.com.key";
certificate = "/etc/prosody/certs/videokonf.domain.com.crt";
}
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
}
Component "conference.videokonf.domain.com" "muc"
admins = { "[email protected]" }
Component "jitsi-videobridge.videokonf.domain.com"
component_secret = "password"
VirtualHost "auth.videokonf.domain.com"
authentication = "internal_plain"
VirtualHost "guest.videokonf.domain.com"
authentication = "anonymous"
Component "focus.videokonf.domain.com"
component_secret = "password"
I then created a user with prosodyctl adduser [email protected]
and tried to login. That worked flawlessly.
This is how jicofo.log looks then:
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authentication session created for [email protected] SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid: [email protected]/b002db2e-e1d6-45cb-9b63-c07eedcba1d0 with session: AuthSession[[email protected], [email protected]/b002db2e-e1d6-45cb-9b63-c07eedcba1d0, SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040, MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, [email protected]]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid [email protected]/b002db2e-e1d6-45cb-9b63-c07eedcba1d0 authenticated as: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Created new focus for [email protected]@auth.videokonf.domain.com conferences count: 1 options:
channelLastN: -1
adaptiveLastN: false
simulcastMode: rewriting
adaptiveSimulcast: false
bridge: jitsi-videobridge.videokonf.domain.com
openSctp: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Joining the room: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Auto owner feature enabled
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16 member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member [email protected]/focus joined.
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: false
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid: [email protected]/42a789f2-5868-4cd4-99c3-435ce0252a27 with session: AuthSession[[email protected], JID=a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27, SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040, MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, [email protected]]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid [email protected]/42a789f2-5868-4cd4-99c3-435ce0252a27 authenticated as: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid: [email protected]/42a789f2-5868-4cd4-99c3-435ce0252a27 with session: AuthSession[[email protected], JID=a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27, SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040, MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, [email protected]]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid [email protected]/42a789f2-5868-4cd4-99c3-435ce0252a27 authenticated as: [email protected]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16 member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Grant owner to [email protected]/42a789f2-5868-4cd4-99c3-435ce0252a27
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member [email protected]/a6b934f3 joined.
Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
SEVERE: Ping timeout for ID: GoY7U-731
I then changed the videokonf.domain.com.cfg.lua to use LDAP for authentication. It looks like this:
VirtualHost "videokonf.domain.com"
authentication = "ldap"
ldap_base="dc=domain,dc=com"
ldap_server="10.1.1.170:3268"
ldap_rootdn="[email protected]" -- Also tried cn=jitsi,ou=blaha,dc=domain,dc=com and it does not work either.
ldap_password="password"
ldap_filter="sAMAccountName=$user"
ldap_scope="subtree"
ldap_tls="false"
ldap_mode="bind"
ssl = {
key = "/etc/prosody/certs/videokonf.domain.com.key";
certificate = "/etc/prosody/certs/videokonf.domain.com.crt";
}
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
}
Component "conference.videokonf.domain.com" "muc"
admins = { "[email protected]" }
Component "jitsi-videobridge.videokonf.domain.com"
component_secret = "password"
VirtualHost "auth.videokonf.domain.com"
authentication = "internal_plain"
VirtualHost "guest.videokonf.domain.com"
authentication = "anonymous"
Component "focus.videokonf.domain.com"
component_secret = "password"
The LDAP config works from the jitsi-meet server using ldapsearch -D '[email protected]' l -x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com' 'sAMAccountName=*'
The LDAP login works from Jitsi client, Empathy and Pidgin. When logging in with a XMPP client, the prosody log looks like this:
Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug get_user("osdmatfri")
Sep 27 15:10:31 c2s10d9750 info Authenticated as [email protected]
Sep 27 15:10:31 rostermanager debug load_roster: asked for: [email protected]
Sep 27 15:10:31 rostermanager debug load_roster: loading for new user: [email protected]
Sep 27 15:10:31 c2s10d9750 debug Resource bound: [email protected]/85fbfde6
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='232003757585' type='get' to='[email protected]'>
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound presence probe from [email protected] for [email protected]
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound presence probe from [email protected] for [email protected]
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted presence of 0 resources from [email protected] to [email protected]/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound presence probe from [email protected] for [email protected]
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound presence probe from [email protected] for [email protected]
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted presence of 1 resources from [email protected] to [email protected]/85fbfde6
Sep 27 15:10:31 datamanager debug Assuming empty offline storage ('cannot open /var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No such file or directory') for user: [email protected]
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='240204764539' type='get' to='[email protected]'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco' type='result' to='[email protected]' from='[email protected]/85fbfde6'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='237581766226' type='get' to='[email protected]'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='237650766294' type='get' to='[email protected]'>
Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq id='239825768460' type='result' to='[email protected]/85fbfde6' from='jitsi-videobridge.videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245780770067' type='get' to='[email protected]'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245785770078' type='get' to='[email protected]'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245786770086' type='get' to='[email protected]'>
Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq id='240212768588' type='result' to='[email protected]/85fbfde6' from='focus.videokonf.domain.com'>
When logging in from Jitsi-Meet, the prosody.log
looks like this:
Sep 28 10:24:37 mod_bosh info New BOSH session, assigned it sid '2b7e24c8-044c-4cff-8209-ddf04b6352dc'
Sep 28 10:24:37 bosh2b7e24c8-044c-4cff-8209-ddf04b6352dc info Authenticated as aef3bab9-6e82-4f1e-b58b-4f2f84a1aafb@guest.videokonf.ostersund.se
Sep 28 10:24:54 mod_bosh info New BOSH session, assigned it sid '9faf363a-e2e5-423e-9108-9d2a0c147ef2'
Debug log here: https://paste.debian.net/plain/313618
The jicofo.log looks like this:
Sep 28, 2015 10:03:29 AM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 28, 2015 10:03:29 AM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 28, 2015 10:03:30 AM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 28, 2015 10:03:31 AM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Sep 28, 2015 10:03:35 AM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: [email protected]
Endlessly.
My /etc/prosody/prosody.cfg.lua
looks like this:
-- Prosody Configuration File
admins = { }
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
};
allow_registration = false;
consider_bosh_secure = true
daemonize = true;
pidfile = "/var/run/prosody/prosody.pid";
ssl = {
key = "/etc/prosody/certs/localhost.key";
certificate = "/etc/prosody/certs/localhost.crt";
}
c2s_require_encryption = false
s2s_secure_auth = false
authentication = "internal_plain"
log = {
-- Log files (change 'info' to 'debug' for debug logs):
info = "/var/log/prosody/prosody.log";
error = "/var/log/prosody/prosody.err";
-- Syslog:
{ levels = { "error" }; to = "syslog"; };
}
VirtualHost "example.com"
enabled = false -- Remove this line to enable this host
ssl = {
key = "/etc/prosody/certs/example.com.key";
certificate = "/etc/prosody/certs/example.com.crt";
}
Include "conf.d/*.cfg.lua"
My /etc/jitsi/meet/videokonf.domain.com-config.js
looks like this:
/* jshint -W101 */
var config = {
// configLocation: './config.json', // see ./modules/HttpConfigFetch.js
hosts: {
domain: 'videokonf.domain.com',
anonymousdomain: 'guest.videokonf.domain.com',
muc: 'conference.videokonf.domain.com', // FIXME: use XEP-0030
bridge: 'jitsi-videobridge.videokonf.domain.com', // FIXME: use XEP-0030
//jirecon: 'jirecon.videokonf.domain.com',
//call_control: 'callcontrol.videokonf.domain.com',
//focus: 'focus.videokonf.domain.com' - defaults to 'focus.videokonf.domain.com'
},
// getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
// useStunTurn: true, // use XEP-0215 to fetch STUN and TURN server
// useIPv6: true, // ipv6 support. use at your own risk
useNicks: false,
bosh: '//videokonf.domain.com/http-bind', // FIXME: use xep-0156 for that
etherpad_base: 'https://videokonf.domain.com/etherpad/p/',
clientNode: 'http://jitsi.org/jitsimeet', // The name of client node advertised in XEP-0115 'c' stanza
//focusUserJid: '[email protected]', // The real JID of focus participant - can be overridden here
//defaultSipNumber: '', // Default SIP number
// Desktop sharing method. Can be set to 'ext', 'webrtc' or false to disable.
desktopSharingChromeMethod: 'ext',
// The ID of the jidesha extension for Chrome.
desktopSharingChromeExtId: 'jle[..]kfa',
// The media sources to use when using screen sharing with the Chrome
// extension.
desktopSharingChromeSources: ['screen', 'window'],
// Required version of Chrome extension
desktopSharingChromeMinExtVersion: '0.1',
// The ID of the jidesha extension for Firefox. If null, we assume that no
// extension is required.
desktopSharingFirefoxExtId: null,
// Whether desktop sharing should be disabled on Firefox.
desktopSharingFirefoxDisabled: true,
// The maximum version of Firefox which requires a jidesha extension.
// Example: if set to 41, we will require the extension for Firefox versions
// up to and including 41. On Firefox 42 and higher, we will run without the
// extension.
// If set to -1, an extension will be required for all versions of Firefox.
desktopSharingFirefoxMaxVersionExtRequired: -1,
// The URL to the Firefox extension for desktop sharing.
desktopSharingFirefoxExtensionURL: null,
openSctp: true, // Toggle to enable/disable SCTP channels
disableStats: false,
disableAudioLevels: false,
channelLastN: -1, // The default value of the channel attribute last-n.
adaptiveLastN: false,
adaptiveSimulcast: false,
enableRecording: false,
enableWelcomePage: true,
enableSimulcast: false, // blocks FF support
logStats: false, // Enable logging of PeerConnection stats via the focus
// requireDisplayName: true,//Forces the participants that doesn't have display name to enter it when they enter the room.
// startAudioMuted: 10, //every participant after the Nth will start audio muted
// startVideoMuted: 10, //every participant after the Nth will start video muted
// defaultLanguage: "en",
// To enable sending statistics to callstats.io you should provide Applicaiton ID and Secret.
// callStatsID: "",//Application ID for callstats.io API
// callStatsSecret: ""//Secret for callstats.io API
/*noticeMessage: 'Service update is scheduled for 16th March 2015. ' +
'During that time service will not be available. ' +
'Apologise for inconvenience.'*/
};
My /etc/jitsi/jicofo/sip-communicator.properties
looks like this:
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=192.168.0.15
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=xxx.xxx.xxx.xxx
org.jitsi.jicofo.auth.URL=XMPP:videokonf.domain.com
My /etc/jitsi/jicofo/config
file:
# Jitsi Conference Focus settings
# sets the host name of the XMPP server
JICOFO_HOST=localhost
# sets the XMPP domain (default: none)
JICOFO_HOSTNAME=videokonf.domain.com
# sets the secret used to authenticate as an XMPP component
JICOFO_SECRET=password
# sets the port to use for the XMPP component connection
JICOFO_PORT=5347
# sets the XMPP domain name to use for XMPP user logins
JICOFO_AUTH_DOMAIN=auth.videokonf.domain.com
# sets the username to use for XMPP user logins
JICOFO_AUTH_USER=focus
# sets the password to use for XMPP user logins
JICOFO_AUTH_PASSWORD=password
# extra options to pass to the jicofo daemon
JICOFO_OPTS=""
Somewhere the communication falters. So, the tl;dr summary:
- internal_plain authentication with Jitsi-Meet/jicofo works.
- LDAP-authentication using XMPP client works.
- LDAP-authentication with Jitsi-Meet/jicofo does not work.
from jicofo.
Chrome Developer Console gives me this when trying to login using internal_plain
:
This appears to be Chrome, ver: 44
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check http://xhr.spec.whatwg.org/.
Using Chrome extension for desktop sharing
Get media constraints Object {audio: Object, video: Object}
Strophe status changed to CONNECTING null
Extension version is: 0.1.5
Chrome extension installed: true updateRequired: false
onUserMediaSuccess
got MediaStream {} 1 1
'webkitURL' is deprecated. Please use 'URL' instead.
Peer video type changed: null camera
Strophe status changed to CONNECTED null
My Jabber ID: [email protected]/2d1b0fe6-7ca8-4c01-a386-4f80ac7f7e3b
Focus jid set to: undefined
Session ID: null machine UID: 35579784d57d6d0af862ae92c0d7f764
XMPP pings will be sent every 20000 ms
Unauthorized to start the conference <iq xmlns="jabber:client" type="error" to="403b2932-695e- [email protected]/2d1b0fe6-7ca8-4c01-a386-4f80ac7f7e3b" from="focus.videokonf.domain.com" id="2:sendIQ">…</iq>
[..]
Focus jid set to: undefined
Session ID: null machine UID: 35579784d57d6d0af862ae92c0d7f764
Unauthorized to start the conference <iq xmlns="jabber:client" type="error" to="403b2932-695e- [email protected]/2d1b0fe6-7ca8-4c01-a386-4f80ac7f7e3b" from="focus.videokonf.domain.com" id="8:sendIQ"><conference xmlns="http://jitsi.org/protocol/focus" room="[email protected]" machine-uid="35579784d57d6d0af862ae92c0d7f764">…</conference><error code="401" type="AUTH">…</error></iq>
Session ID: null machine UID: 35579784d57d6d0af862ae92c0d7f764
Received sessionId: 881599a0-8b13-4ccb-bb5e-0e4b44642ed4
Focus jid set to: undefined
Session ID: 881599a0-8b13-4ccb-bb5e-0e4b44642ed4 machine UID: 35579784d57d6d0af862ae92c0d7f764
Focus jid set to: [email protected]
Authentication enabled: true
External authentication enabled: false
Received sessionId: 881599a0-8b13-4ccb-bb5e-0e4b44642ed4
Sip gateway enabled: false
Joined MUC as [email protected]/403b2932
entered [email protected]/focus Object {show: "", status: "", affiliation: "owner", role: "moderator", jid: "[email protected]/focus11158088545"…}
Ignore focus: [email protected]/focus, real JID: [email protected]/focus11158088545
Peer video type changed: 403b2932 camera
My role changed, new role: participant
hover in 403b2932, video: LocalVideo {videoSpanId: "localVideoContainer", container: span#localVideoContainer.videocontainer, VideoLayout: Object, flipX: true, isLocal: true…}
selected endpoint changed: 403b2932
My role changed, new role: moderator
UI enable dominant speaker Mathias (<span data-i18n="me">me</span>) 403b2932 true
And it gives me this when trying Prosody authentication using the ldap
module:
This appears to be Chrome, ver: 44
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check http://xhr.spec.whatwg.org/.
Using Chrome extension for desktop sharing
Get media constraints Object
Strophe status changed to CONNECTING null
Extension version is: 0.1.5
Chrome extension installed: true updateRequired: false
Failed to get access to local media. Error NavigatorUserMediaError Object
failed to obtain audio/video stream - trying audio only NavigatorUserMediaError
Get media constraints Object
Failed to get access to local media. Error NavigatorUserMediaError Object
failed to obtain audio/video stream - stop NavigatorUserMediaError
'webkitURL' is deprecated. Please use 'URL' instead.
Peer video type changed: null camera
Strophe status changed to CONNECTED null
My Jabber ID: 95d97c48-4643-464f-8ad1-7f76c2b2e8ff@guest.videokonf.ostersund.se/1a9d03ac-4a41-4dc0-bd66-0aea3370d731
Focus jid set to: undefined
Session ID: null machine UID: 35579784d57d6d0af862ae92c0d7f764
XMPP pings will be sent every 20000 ms
Unauthorized to start the conference <iq xmlns="jabber:client" type="error" to="95d97c48-4643-464f-8ad1-7f76c2b2e8ff@guest.videokonf.ostersund.se/1a9d03ac-4a41-4dc0-bd66-0aea3370d731" from="focus.videokonf.ostersund.se" id="2:sendIQ">…</iq>
Focus jid set to: undefined
Session ID: null machine UID: 35579784d57d6d0af862ae92c0d7f764
Unauthorized to start the conference <iq xmlns="jabber:client" type="error" to="95d97c48-4643-464f-8ad1-7f76c2b2e8ff@guest.videokonf.ostersund.se/1a9d03ac-4a41-4dc0-bd66-0aea3370d731" from="focus.videokonf.ostersund.se" id="3:sendIQ">…</iq>
[..]
Focus jid set to: undefined
Session ID: null machine UID: 35579784d57d6d0af862ae92c0d7f764
Unauthorized to start the conference <iq xmlns="jabber:client" type="error" to="95d97c48-4643-464f-8ad1-7f76c2b2e8ff@guest.videokonf.ostersund.se/1a9d03ac-4a41-4dc0-bd66-0aea3370d731" from="focus.videokonf.ostersund.se" id="18:sendIQ">…</iq>
from jicofo.
I've found a possible problem in the /var/log/prosody/prosody.log
debug-log above:
Sep 28 10:03:46 boshed479f56-6a3b-420c-b330-00c1b4ea4bc6 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Sep 28 10:03:46 sasl debug Username or password violates SASLprep.
Sep 28 10:03:46 videokonf.domain.com:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid username or password.</text></failure>
This is when using LDAP in prosody. It seems that it has to do with encoding Unicode strings. For me Jitsi-Meet failed when I used a password containing the letter ö (that is & ouml; in html-speak).
Testing another LDAP-account with a less complex password, it worked.
from jicofo.
The underlying problem appears to be that strophe.js fails to base64-encode non-ASCII UTF8:
from jicofo.
I can confirm that this patch ( strophe/strophejs#136 ) allows Jitsi-Meet to authenticate with LDAP using SASL with a username or password that contain non-ASCII characters like (in my case) swedish åäö and/or ÅÄÖ, which was previously not possible.
For now, I've modified a local copy of strophe.js and renamed it to strophe.min.js which seems to do the trick for Jitsi-Meet, I don't have the knowledge yet to minify the js file.
from jicofo.
@mathiasfriman I saw you are/was using mod_auth_ldap. I've would like to write you a private message, not spamming around in here, got some questions, how to get in touch with you?
from jicofo.
Outdated
from jicofo.
Related Issues (20)
- Whole bridge terminates upon Unknown endpoint jvb error HOT 6
- Conference is not moved to another jvb when JVB's XMPP connection is broken HOT 1
- Not applayed some parametrs from jicofo.conf HOT 4
- Failed to start jicofo HOT 2
- Can't find certificate HOT 1
- README 1st paragraph is very confusing to anyone new HOT 3
- Jicofo stats - conference/participant = 1 when no conference is started HOT 4
- does not provide a MUC (XEP-45) service. HOT 3
- Failed to grant owner status: Bare JID expected, got full JID HOT 8
- Room remains open after destroy HOT 4
- Jicofo reinvite Jigasi transcriber on failure HOT 7
- Question about potential issue with Colibr2's transport update HOT 2
- Bridge stress level unaffected by RecentlyAddedEndpoints, participants assigned to single videobridge HOT 1
- Something wrong in new installation with secure domain , few Important changes are not clear/updated in documentation HOT 1
- java.lang.NullPointerException HOT 1
- Race condition on startup leads to NPEs and failed requests HOT 2
- jicofo 1.0-934-1 installs garbage into /etc/logrotate.d/ HOT 1
- Debian dpkg throws warnings trying to delete /etc/logrotate.d/jicofo HOT 2
- The participant counter will not updated when a meeting has ended HOT 1
- Jicofo stats do not clean up after update to jicofo 1.0-940-1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jicofo.