Thanks for laying that out @wouter 
Tough, yep. Each Greenlight front-end can only see the rooms/recordings that it makes, which is tied into the index database of scalalite and the shared storage volume of the underyling BBB instances. I guess there would need to be some source code changes to allow for swapping out some of this stateful logic to allow for distributing rooms/recordings. It seem like the bbb-setup mailing list is the place to dig further…
I guess we’re leading towards a central LDAP server auth which Greenlight supports. Another option is that I see there is also functional but WIP (
) work for Greenlight supporting OpenID Connect. This could allow for something like a central Keycloak SSO which can be themed out of the box and administered through a web interface. I’ve also seen that Keycloak can plug-in existing LDAP providers for user federation.
EDIT: there was also talk of commonscloud / cc-onboarding · GitLab 