Cool Solution - Install Ilias and setup ldap authentication

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.1
Produktlogo UCS@School Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

Ilias is an E-Learning system, mostly used at universities.

The version of Ilias used in this article is Ilias 5.0.8.

Prerequisites

To successfully deploy and use Ilias, the following packages must be installed:

  • mysql-client
  • mysql-server
  • php5-gd
  • php5-mysql
  • php5-xsl
  • openjdk-7-jdk
univention-install mysql-client mysql-server php5-gd php5-mysql php5-xsl openjdk-7-jdk

For LDAP authentication the following package is required:

  • php5-ldap
univention-install php5-ldap

There are also some optional packages for additional functionality:

  • htmldoc for PDF/HTML conversion
  • ffmpeg for audio/video conversion

To install htmldoc/ffmpeg one has to activate the UCS unmaintained repository:

ucr set repository/online/unmaintained='yes'

Install needed packages afterwards.

univention-install htmldoc
univention-install ffmpeg

Download the current version of Ilias. This article has been written to fit for version 5.0.8, so we will offer the link to that version.

wget https://github.com/ILIAS-eLearning/ILIAS/archive/v5.0.8.tar.gz

To download another version go to Ilias' page and click on the right-hand green Download button.

After the download is finished, extract the archive to the webserver directory.

tar -xzf v5.0.8.tar.gz -C /var/www/

It is advised to change the name of the extracted folder in /var/www from "ILIAS-5.0.8" to something else. You can create an alias for ilias with the command at the end of this tutorial, but it's just easier to have a simple lowercase folder name.

mv /var/www/ILIAS-5.0.8 /var/www/<desired name>

Hint: Change <desired name> to the name you want to give the folder.

Make the webserver's user the owner of Ilias' folder

chown -R www-data:www-data /var/www/<Ilias folder>

Ilias also needs a data directory outside the webspace. Create a directory

mkdir /opt/iliasdata

And make the webserver's user the owner.

chown www-data:www-data /opt/iliasdata


Ilias needs a database and MySQL user. Start a MySQL shell:

mysql -uroot -p$(cat /etc/mysql.secret)

type in the following commands and press enter after each line:

CREATE USER '<user>'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE <database-name>;
GRANT ALL PRIVILEGES ON <database-name>.* TO '<user>'@'localhost' IDENTIFIED BY '<password>';
quit

Hint: change "<user>" and "<password>" to your desired values.

Before we begin with the actual Ilias setup, a few modifications to php.ini have to be applied. Open php.ini

vim /etc/php5/apache2/php.ini

and apply the following changes. Search for the different keys by pressing / in vim and typing in the key's name.

; you may choose higher values for max_execution_time and memory_limit
max_execution_time = 600
memory_limit = 200M
 
; you may set display_errors = Off if the system runs in a production environment
error_reporting = E_ALL & ~E_NOTICE ; up to PHP 5.2.x
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED ; PHP 5.3.0 and higher
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT ; PHP 5.4.0 and higher
display_errors = On
 
; or any higher values for post_max_size and upload_max_filesize
post_max_size = 60M
upload_max_filesize = 40M

; choose a non-zero value for session.gc_probability, otherwise old session data will not be deleted
session.gc_probability = 1
session.gc_divisor = 100
session.gc_maxlifetime = 3600
session.hash_function = 0
 
; for chat server since ILIAS 4.2
allow_url_fopen = 1

; How many GET/POST/COOKIE input variables may be accepted
max_input_vars = 10000

After the changes have been applied, restart Apache.

service apache2 restart

Installation

Now the actual Ilias setup is in order. Go to <SERVER IP>/<FOLDER CONTAINING ILIAS>/setup/setup.php in your web browser.

On the first page Preliminaries all points should be verified by a green "OK". If so, click Installation. On the following Basic settings page, type in the following values:

Data Directory outside Webspace:
/opt/iliasdata
Path to Log File:
 /opt/iliasdata/ilias.log

Change the Time Zone at "Server Settings".

At the very bottom of the page, set a master password, which is used to protect configuration data from unauthorized access.

If you did not install the required packages in some other place than the default values on purpose, nothing else has to be changed. Click Save and Next.

Now a client has to be created. Click on Create new client and choose to create a MySQL 5.0.x or higher (InnoDB engine) database. Give the new client a name and provide Ilias with the database and user information you created before. Click on Save and Next. On the following page, check the box beneath Create Database and click on Install Database. The database creation might take some time, so wait patiently until the next page loads. It shows you the details of the database, that was just created. Click on Next. On the following page Languages you can choose which languages shall be installed and which language shall be default. Tick the desired languages and options, click on Save and Next. The next page asks for contact information for the administrator, type in your details and click Save and Next. The following page asks you for a proxy. If you have configured a webproxy in UCS, specify it here.

Option Value
Host <Your proxy's host>
Port <The proxy's port>

Now you have to specify how passwords shall be stored. If you are going to setup an LDAP authentication, this is of minor priority, still at least the Encoder should be changed from MD5 to bcrypt due to MD5 being basically broken for years. The next page asks you to register your Ilias installation, this is entirely optional. By clicking on Finish setup' on the last page, you have completed setting up Ilias! You can login with user root and password homer now.

LDAP authentication

To set up an LDAP authentication login to Ilias and go to Administration -> Authentication and Registration -> LDAP

Check the box Enable LDAP Support

and provide the module with the following details:


Option Value
Name of LDAP Configuration Use whatever name you want but keep in mind, that is is going to be displayed to anyone on the login page!
LDAP Server URL ldap://localhost:7389
LDAP protokoll version 3
BaseDN <Your LDAP's Base DN>
Referrals (tick this box)
Use LDAP TLS (tick this box)
Binding Bind as User
User DN uid=Administrator,cn=users,<BASE DN>
Password <Password of the "Administrator" user>
Authentication Settings: Search Scope Sub
Attribute for Login name uid
Group membership restrictions Search Scope Sub
Attribute for group cn
Group membership is optional (tick this box)
Type of Synchronization On login
Ilias role assignment <Choose which role new users logging in with LDAP credentials should have, choose "User" if unsure>

Execute the following command if you do not know your Base DN.

ucr get ldap/base


Click on "Save". You can set LDAP authentication as default by switching to Administration -> Authentication and Registration -> Authentication and checking the radio button for LDAP Auth. To go full LDAP in regards of user management, you can also disable registrations via regular Ilias auth by clicking on the Ilias Auth tab in Authentication and Registration and checking the box No registration possible. It is impossible to disable Ilias Auth entirely to keep the possibility of logging in via your initially created admin account in case of problems with other authentication methods.

Add Ilias to web services

To add Ilias to the web services on the UCS overview page, execute this:

ucr set \
ucs/web/overview/entries/service/ilias/description="ILIAS E-Learning" \
ucs/web/overview/entries/service/ilias/icon="/<FOLDER CONTAINING ILIAS>/templates/default/images/logo/ilias_logo_72x72-precomposed.png" \
ucs/web/overview/entries/service/ilias/label/de="Ilias" \
ucs/web/overview/entries/service/ilias/label="Ilias" \
ucs/web/overview/entries/service/ilias/link="/<FOLDER CONTAINING ILIAS>"

Hint: Change "<FOLDER CONTAINING ILIAS>" to the folder that contains Ilias in /var/www.

Further information

Further information about additional functionality and various optional features can be obtained from Ilias page.

Personal tools