How to Build a Private Moderated Jitsi Service with Active Directory

Introduction

Modern organizations need video meetings that are private, controlled, and secure. Public meeting links are convenient, but they are not always suitable for companies, universities, or internal teams.

If you want full control over who creates meetings and who joins them, the best solution is to Build a Private “Moderated” Jitsi Service integrated with Active Directory. This setup allows only authenticated users to become moderators while others join safely as participants.

Note: This tutorial is based on real deployment practices used by organizations running internal communication systems.

Why Build a Private “Moderated” Jitsi Service

Before jumping into setup, let’s understand why companies choose moderated Jitsi environments instead of open meeting servers. A standard Jitsi installation creates several risks:

• Unauthorized meeting creation
• Unknown moderators
• Security risks and lack of identity verification
• No centralized user control

Key Benefits

• Verified Access: Only verified users can start meetings.
• Role Control: Moderator rights are tied to AD login.
• Centralized Management: Active Directory manages all identities.
• Compliance: Meets internal data and privacy regulations.

Understanding How Moderated Jitsi Works

Jitsi moderation depends on authentication. Here is the simple logic:

1. Logged-in users $\rightarrow$ become moderators.
2. Guests $\rightarrow$ join as participants (wait for host).
3. Server $\rightarrow$ decides roles automatically based on the LDAP handshake.

Architecture Overview

The Connection Flow: Active Directory $\rightarrow$ LDAP $\rightarrow$ Prosody $\rightarrow$ Jitsi Meet $\rightarrow$ Moderator Access

Requirements Before You Start

Server Requirements

• OS: Ubuntu 22.04 or 24.04
• RAM: Minimum 4GB
• Domain: A valid FQDN (e.g., meet.company.com)
• Access: Root or Sudo privileges

Network & AD

• Ports: 80 (TCP), 443 (TCP), 10000 (UDP)
• AD: Domain Controller access and a dedicated Service Account.

Step 1: Install Jitsi Meet

Update your system and install the core package:

sudo apt update && sudo apt upgrade -y
sudo apt install jitsi-meet

How to Build a Private “Moderated” Jitsi Service with Active Directory

Modern organizations need video meetings that are private, controlled, and secure. Public meeting links are convenient, but they are not always suitable for companies, universities, or internal teams.

If you want full control over who creates meetings and who joins them, the best solution is to Build a Private “Moderated” Jitsi Service integrated with Active Directory. This setup allows only authenticated users to become moderators while others join safely as participants.

Note: This tutorial is based on real deployment practices used by organizations running internal communication systems.

Why Build a Private “Moderated” Jitsi Service

Before jumping into setup, let’s understand why companies choose moderated Jitsi environments instead of open meeting servers. A standard Jitsi installation creates several risks:

• Unauthorized meeting creation
• Unknown moderators
• Security risks and lack of identity verification
• No centralized user control

Key Benefits

• ✅ Verified Access: Only verified users can start meetings.
• ✅ Role Control: Moderator rights are tied to AD login.
• ✅ Centralized Management: Active Directory manages all identities.
• ✅ Compliance: Meets internal data and privacy regulations.

Understanding How Moderated Jitsi Works

Jitsi moderation depends on authentication. Here is the simple logic:

1. Logged-in users $\rightarrow$ become moderators.
2. Guests $\rightarrow$ join as participants (wait for host).
3. Server $\rightarrow$ decides roles automatically based on the LDAP handshake.

Architecture Overview

The Connection Flow: Active Directory $\rightarrow$ LDAP $\rightarrow$ Prosody $\rightarrow$ Jitsi Meet $\rightarrow$ Moderator Access

Requirements Before You Start

Server Requirements

• OS: Ubuntu 22.04 or 24.04
• RAM: Minimum 4GB
• Domain: A valid FQDN (e.g., meet.company.com)
• Access: Root or Sudo privileges

Network & AD

• Ports: 80 (TCP), 443 (TCP), 10000 (UDP)
• AD: Domain Controller access and a dedicated Service Account.

Step 1: Install Jitsi Meet

Update your system and install the core package:

sudo apt update && sudo apt upgrade -y
sudo apt install jitsi-meet

During the prompt, enter your domain and select the option to generate a self-signed certificate (we will upgrade this to Let’s Encrypt later).

Step 2: Enable Secure Domain (Moderation Mode)

Edit the Prosody configuration file for your domain:

sudo nano /etc/prosody/conf.avail/yourdomain.cfg.lua

1. Modify the main VirtualHost:

VirtualHost "yourdomain.com"
    authentication = "internal_hashed" -- We change this to ldap2 in Step 3

2. Add the Guest VirtualHost:

VirtualHost "guest.yourdomain.com"
    authentication = "anonymous"
    c2s_require_encryption = false
Restart services to apply:

sudo systemctl restart prosody jicofo

Step 3: Integrate Active Directory Using LDAP

Install the necessary Lua LDAP module:

sudo apt install lua-ldap
Update your Prosody config (/etc/prosody/conf.avail/yourdomain.cfg.lua) to point to your AD server:

-- Replace internal_hashed with ldap2
authentication = "ldap2"

ldap = {
    hostname = "ad.company.local",
    user = "CN=jitsi-bind,OU=Service Accounts,DC=company,DC=local",
    password = "YourSecurePassword",
    base = "DC=company,DC=local",
    filter = "(sAMAccountName=%u)",
}

Step 4: Configure Moderator Permissions

Tell Jicofo that it must wait for an authenticated user to start the bridge.

sudo nano /etc/jitsi/jicofo/jicofo.conf
Add or edit the following block:

Code snippet

jicofo {
  authentication {
    enabled = true
    type = XMPP
    login-url = "yourdomain.com"
  }
}

Step 5: Improve Security Settings

• SSL: sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
• SSL : Run the Let’s Encrypt script:

sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Step 6 — Testing the Moderated Setup

Test using two users.

Test Scenario

User 1 (AD account)

• Logs in
• Creates meeting
• Gets moderator role

User 2 (Guest)

• Opens link
• Waits in lobby

If working correctly:

• Only authenticated users host meetings
• Guests cannot control session

Common Problems and Easy Fixes

LDAP Login Fails

Check:

prosodyctl check config

Verify AD bind credentials.

Users Not Becoming Moderator

Restart Jicofo:

systemctl restart jicofo

When Should You Use This Setup

This configuration works best when:

• Internal company meetings
• School virtual classrooms
• Secure client discussions
• Compliance-required environments

If your meetings must stay private, moderation + AD integration is the safest approach.

Advantages Over Public Video Platforms

Conclusion

Building secure video communication does not require expensive enterprise platforms. When you Build a Private “Moderated” Jitsi Service, you gain full control over meetings, users, and data while keeping the flexibility of open-source software.

By integrating Active Directory, your organization can manage access using existing user accounts, reduce unauthorized meeting creation, and provide a professional communication environment.

Start small, test carefully, and expand your deployment as your team grows. Once configured properly, Jitsi becomes a powerful private collaboration platform.

Ready to Build Your Own Private, Moderated Jitsi Meeting Platform?

Take full control of your digital communications with a custom-built, white-labeled Jitsi platform. By deploying a private instance, you gain absolute data sovereignty and professional moderation tools, allowing you to host secure, branded video conferences on your own infrastructure without relying on third-party servers.