Jitsi Meet is a powerful, open-source video conferencing platform, and securing access to your instance is critical—especially in self-hosted environments. One common enterprise-grade authentication solution is OpenLDAP. In this guide, you’ll learn how to integrate OpenLDAP with Jitsi Meet to control who can create or join meetings.

Prerequisites

Before you begin, you should have the following:

• A working Jitsi Meet installation (on Debian/Ubuntu)
• Access to your OpenLDAP server
• Administrator access to the Jitsi Meet server
• Basic familiarity with terminal and configuration files

Overview of Jitsi Meet Authentication Architecture

Jitsi Meet uses Prosody (a Lua-based XMPP server) to handle user authentication. To use LDAP, we’ll configure Prosody to delegate authentication to an LDAP backend via a plugin.

Install Required Packages

On your Jitsi Meet server, you need the LDAP authentication module for Prosody:

sudo apt-get update
sudo apt-get install lua-ldap

Make sure your Jitsi Meet stack is updated:

sudo apt-get update
sudo apt-get upgrade

Configure Prosody for LDAP

1.  Edit your Prosody configuration for Jitsi Meet:

sudo nano /etc/prosody/conf.avail/meet.yourdomain.com.cfg.lua

2. Replace meet.yourdomain.com with your actual domain name.

3. Find the VirtualHost block and update it:

VirtualHost "meet.yourdomain.com"
authentication = "ldap2"
ldap = {
hostname = 'ldap.yourdomain.com',
bind_dn = 'cn=admin,dc=yourdomain,dc=com',
bind_password = 'your_password',
use_tls = true,
user = {
basedn = 'ou=users,dc=yourdomain,dc=com',
filter = '(objectClass=person)',
usernamefield = 'uid',
namefield = 'cn',
},
}

Tip: You can test your credentials with ldapsearch first to ensure connectivity and binding work.

4. Restrict Room Creation (Optional but Recommended)

To require authentication for creating new meetings but allow guests to join:

a. Open the prosody config for the guest domain:

sudo nano /etc/prosody/conf.avail/guest.meet.yourdomain.com.cfg.lua

b. Ensure it has:

VirtualHost "guest.meet.yourdomain.com"
authentication = "anonymous"
c2s_require_encryption = false

c. Now in your main config (/etc/jitsi/meet/meet.yourdomain.com-config.js), set:

anonymousdomain: 'guest.meet.yourdomain.com',

5. Restart Services

Apply changes by restarting services:

sudo systemctl restart prosody
sudo systemctl restart jicofo
sudo systemctl restart jitsi-videobridge2

6. Test the Login Flow

a. Open your Jitsi Meet instance in the browser.

b. Try to create a new meeting.

c. You should be prompted for your LDAP username and password.

d. If valid, the room will be created and guests can join anonymously (if configured).

Troubleshooting Tips

• Check logs if authentication fails:
  – /var/log/prosody/prosody.log
  – /var/log/jitsi/jicofo.log
• Test LDAP binding and queries manually:

ldapsearch -x -H ldap://ldap.yourdomain.com -D "cn=admin,dc=yourdomain,dc=com" -W -b "ou=users,dc=yourdomain,dc=com"

• Ensure the lua-ldap module is installed and compatible with your Prosody version.

Summary

With OpenLDAP authentication configured, your Jitsi Meet instance is now secured for internal use. You can easily manage access through your existing LDAP directory, providing a seamless and centralized user management experience.

Next Steps

• Enable SSL/TLS (if not already set)
• Configure fail2ban or firewall rules
• Consider integrating with Active Directory if you’re using AD