Sametime 11 integration with Jitsi. An easy solution to use video-conferencing now
I have worked with my friend and fellow HCL Master Detlev Poettgen in setting up a solution to allow customers to use video-conferencing now, while we wait for Sametime Meetings to ship.
We have used Jitsi, the same technology used by Sametime meeting, and set up a raw integration. Is obviously not a fully integrated solution, but it works pretty well.
This is something useful for those customers who don’t want to use cloud services like Zoom or Webex or others, but prefer to have a completely on-premise solution, and I have more than one of this kind of customers.
To use this integration, change the preferences in the Sametime client and define an external meeting provider, using a room on the Jitsi server
The same for the web client
Installation and configuration of Jitsi
The first thing to do is to install Jitsi on Ubuntu server 18.04. You can find the instructions here
By default Jitsi does not use authentication, when you set up a Jitsi server, everyone who can access it can create a room or join an existing room.
There is the option to use LDAP for authentication, and I successfully set it up using Domino 11 as LDAP server.
I used the LDAP authentication for jitsi-meet via cyrus/saslauthd
At first, you need to install the following packages:
apt install sasl2-bin libsasl2-modules-ldap lua-cyrussasl
Then go in /etc/prosody/conf.avail, you will see a file with your hostname and the extension.lua, in my example the server is named meeting.eld.it
Edit it and change the authentication to cyrus and add the auth_cyrus to modules_enabled.
You also have to add the config options
cyrus_application_name = “xmpp”
allow_unencrypted_plain_auth = true`
as well.
The file should now be looking like this:
VirtualHost "meeting.eld.it"
-- enabled = false -- Remove this line to enable this host
authentication = "cyrus"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
--app_id="example_app_id"
--app_secret="example_app_secret"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/prosody/certs/meeting.eld.it.key";
certificate = "/etc/prosody/certs/meeting.eld.it.crt";
}
cyrus_application_name = "xmpp"
allow_unencrypted_plain_auth = true
speakerstats_component = "speakerstats.meeting.eld.it"
conference_duration_component = "conferenceduration.meeting.eld.it"
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
"auth_cyrus";
"speakerstats";
"turncredentials";
"conference_duration";
}
c2s_require_encryption = false
Configure saslauthd
Create the file /etc/sasl/xmpp.conf. If the folder sasl do not yet exist, create it.
Paste the follwoing inside the xmpp.conf:
pwcheck_method: saslauthd
mech_list: PLAIN
Now create /etc/saslauthd.conf and add the following. Replace the IP with yours, as well as the search base and the Bind user/password!
ldap_servers: ldap://192.168.1.24:389 ldaps://192.168.1.24:636
ldap_search_base: o=eld
ldap_bind_dn: cn=Roberto Boccadoro,o=eld
ldap_bind_pw: password
ldap_filter: (mail=%u*)
ldap_version: 3
ldap_auth_method: bind
Important note on ldap filter:
At the first try I used ldap_filter: (mail=%u) but it didn’t work
Use ldap_filter: (mail=%u*) note the * direct after the %u, and tell your users to enter the portion before the @ sign of their mail address.
Now edit the /etc/default/saslauthd file:
- Change START to yes
- Change MECHANISMS to ldap
- Change MECH_OPTIONS to /etc/saslauthd.conf
and restart the service with service saslauthd restart. You also have to restart prosody now with service prosody restart.
Add prosody to the sasl group by executing the command usermod -aG sasl prosody.
Once you do this configuration, the users accessing your jitsi server will be asked for authentication before joining or creating a room.