Description
I'm trying to get my self-hosted jitsi-installation to allow authenticating users from 2 subdomains using LDAP. In Prosody, this works:
VirtualHost "subdomain1.example.com"
authentication = "ldap";
ldap_server = "ldap.subdomain1.example.com:389";
ldap_base = "dc=example,dc=com";
ldap_filter = "(uid=$user)";
[...]
VirtualHost "subdomain2.example.com"
authentication = "ldap";
ldap_server = "ldap.subdomain2.example.com:389";
[...]
Everything is handled correctly here, I see the ldap query ending up on the right ldap server.
But it becomes a problem as soon as jicofo enters the picture:
If it is configured as
jicofo {
authentication {
enabled = true
type = XMPP
login-url = "subdomain1.example.com"
allowed-domains = [
"subdomain1.example.com",
"subdomain2.example.com"
]
[...]
it works for users from subdomain1.example.com, but not users from subdomain2.example.com (who are authenticated correctly, but then rejected as "not authorized user domain".
If I change login-url to "subdomain2.example.com", it works for users from subdomain2.example.com, but not users from subdomain1.example.com.
It would be extremely useful if jicofo had a setting to allow picking the right one - either a login-url = "${domain}" (the domain is obviously known at that time...), or a method to specify multiple options (login-url = [ "subdomain1.example.com", "subdomain2.example.com" ]).
Current behavior
Prosody accepts the multiple subdomain configuration, but jicofo can (apparently) handle only one.
Expected Behavior
Multiple subdomain configuration works across all components
Possible Solution
Probably the best option would be to expand variables in the jicofo { authentication { login-url } } setting.
Steps to reproduce
Create a setup with multiple subdomains as given in the example in the description, try to log in with users from both subdomains
Environment details
jitsi/prosody:stable-9646 and jitsi/jicofo:stable-9646 docker containers
Description
I'm trying to get my self-hosted jitsi-installation to allow authenticating users from 2 subdomains using LDAP. In Prosody, this works:
Everything is handled correctly here, I see the ldap query ending up on the right ldap server.
But it becomes a problem as soon as jicofo enters the picture:
If it is configured as
it works for users from subdomain1.example.com, but not users from subdomain2.example.com (who are authenticated correctly, but then rejected as "not authorized user domain".
If I change
login-urlto "subdomain2.example.com", it works for users from subdomain2.example.com, but not users from subdomain1.example.com.It would be extremely useful if jicofo had a setting to allow picking the right one - either a
login-url = "${domain}"(the domain is obviously known at that time...), or a method to specify multiple options (login-url = [ "subdomain1.example.com", "subdomain2.example.com" ]).Current behavior
Prosody accepts the multiple subdomain configuration, but jicofo can (apparently) handle only one.
Expected Behavior
Multiple subdomain configuration works across all components
Possible Solution
Probably the best option would be to expand variables in the
jicofo { authentication { login-url } }setting.Steps to reproduce
Create a setup with multiple subdomains as given in the example in the description, try to log in with users from both subdomains
Environment details
jitsi/prosody:stable-9646andjitsi/jicofo:stable-9646docker containers