Authentication support?
-
Package version 0.2.0 now has LDAP integration. This allows authentication of users but also enables the guest mode as outlined in https://jitsi.github.io/handbook/docs/devops-guide/secure-domain#enable-anonymous-login-for-guests
-
@nebulon
I just installed the update but now the app is stuck starting. Log excerpt:Mar 02 22:57:04 => Ensure directories Mar 02 22:57:04 => Create configs Mar 02 22:57:04 ==> Configuring static assets Mar 02 22:57:04 ==> Configuring SASLauthd for LDAP Mar 02 22:57:04 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable Mar 02 22:57:05 => Ensure directories Mar 02 22:57:05 => Create configs Mar 02 22:57:05 ==> Configuring static assets Mar 02 22:57:05 ==> Configuring SASLauthd for LDAP Mar 02 22:57:05 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable Mar 02 22:57:06 => Ensure directories Mar 02 22:57:06 => Create configs Mar 02 22:57:06 ==> Configuring static assets Mar 02 22:57:06 ==> Configuring SASLauthd for LDAP Mar 02 22:57:06 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable Mar 02 22:57:07 => Ensure directories Mar 02 22:57:07 => Create configs Mar 02 22:57:07 ==> Configuring static assets Mar 02 22:57:07 ==> Configuring SASLauthd for LDAP Mar 02 22:57:07 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable Mar 02 22:57:09 => Ensure directories Mar 02 22:57:09 => Create configs Mar 02 22:57:09 ==> Configuring static assets Mar 02 22:57:09 ==> Configuring SASLauthd for LDAP Mar 02 22:57:09 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable Mar 02 22:57:11 => Ensure directories Mar 02 22:57:11 => Create configs Mar 02 22:57:11 ==> Configuring static assets Mar 02 22:57:11 ==> Configuring SASLauthd for LDAP Mar 02 22:57:11 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variableRunning Cloudron v7.1.2 on Ubuntu 20.04.3 LTS. Reverted to Jitsi package v0.1.0 for now.
-
@hakunamatata Same here
-
As this is still an app marked as unstable, update issues are to be expected. Since the current package relies on LDAP and does not yet support
optionalSso, existing instances have to be reintsalled. Since jitsi is mostly stateless though, this shouldn't be an issue. Sorry for not mentioning this upfront. -
@nebulon My expected behavior is: starting a new conference/meeting brings a pop-up ("if you are the moderator, please sign in"). But this does not work with the new package (yes, fresh install) at first. It feels like the public jitsi from the first package. Am I missing any configuration?
-
@nebulon I just installed a fresh install to see/ test LDAP support but when installing it just talks about "Dahboard visibility" not "User management" like other LDAP enabled apps:
-
@nebulon and when going to https://meet.uniteddiversity.coop/ any anonymous user can still create a room and be granted moderator rights on the room they create. Looks like something isn't quite right.
I'm still on Cloudron 7.0.4 is LDAP Jitsi only available on 7.1 or something?
-
@jdaviescoates you are right, the jitsi app package version 0.2.0 is only available for Cloudrons running 7.1.2
-
-
@luckow that seems to be a filemanager client side bug. Thanks for reporting.
Regardless of that, I do wonder if that folder needs to be there in the first place. There is nothing which should be changed or touched by the admin without risking breaking, so I think I will move most of that, if not all to
/run -
@jdaviescoates How did you get the "Dashboard visibility" option? I just tried a fresh install on 7.1.2 but am presented with the default "user management" option. If I continue with the Jitsi install, the app does not require a login.
-
To be clear for everyone: Since jitsi app package version 0.1.0 did not have any sso/ldap integration, everyone was seeing the dashboard visibility. Once on v0.2.0 this changes, since it is integrated. App package version 0.2.0 is only available for Cloudron v7.1.2 though, which is only available as a pre-release so far. So if you want to try jitsi v0.2.0, you have to manually update your Cloudron first.
-
@hakunamatata said in Authentication support?:
@jdaviescoates How did you get the "Dashboard visibility" option? I just tried a fresh install on 7.1.2 but am presented with the default "user management" option. If I continue with the Jitsi install, the app does not require a login.
I'm still on 7.0.4 so I'm also still on the 0.1.0 version of the app package, that's why.
-
There is some confusion about the guest mode in jitsi and it interferes with the ldap auth. I am not sure yet why and what the behavior should be, but I published a new package v0.3.0 which is ldap always on now. Given, that this will not allow guests to join a conference, this is not the final intended status.
-
@nebulon I just installed 0.3.0 and it seems that now only internal meetings between registered users of my cloudron are possible. How can I invite external guests so that they can join the meeting without being a cloudron user? If I had to choose between an open jitsi where everybody can start a meeting and a closed one only for registered cloudron users I'd like to have the open version like 0.1.0 back please
-
@jan-reinhardt As I understand it, there are several options that are not compatible with each other:
- public (open to all / without authentication).
- internal (only ldap users)
- internal/public (only ldap users can initiate a conference, then guests are allowed)
- jwt (token based authentication for e.g. nextcloud, rocket.chat ...).
From my point of view, we should start with internal/public. Then from there we see what is possible with some kind of "switch" in an env file.
In the end: if we need different jitsi settings to satisfy different use cases, we need to install them separately. By the way: the same is true for Greenlight (the BigBlueButton frontend).
