Cool Solution - Install Limesurvey and setup ldap authentication

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.2

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

Note: This article is not yet reviewed.


This article will cover the preparation and installation of Limesurvey on a single UCS server, as well as the users authentication with the LDAP. In this guide Limesurvey 3.5.4 were used.

Prerequisites

Get Limesurvey from https://www.limesurvey.org/downloads/category/25-latest-stable-release

Installation

To install necessary packages, execute the following commands:

ucr set repository/online/unmaintained='yes'
univention-install univention-mysql php5-ldap php5-mysql php5-imap php5-gd php5-curl
ucr set mysql/config/mysqld/bind_address='127.0.0.1' && service mysql restart 

Now we can configure MySQL and setup the Limesurvey database. When asked to change the password choose no (n) an provide the actual mysql root password which you can display by: more /etc/mysql.secret Answer all other questions with yes (y).

mysql_secure_installation

Now setup the database for Limesurvey with the following instructions:

mysql -uroot -p$(cat /etc/mysql.secret)

CREATE DATABASE limesurveydb;
CREATE USER 'lime_dbuser' IDENTIFIED BY '<SECRET PASSWORD>';
GRANT ALL ON limesurveydb.* TO 'lime_dbuser';
FLUSH PRIVILEGES;
quit

Extract the downloaded Limesurvey archive to /var/www/limesurvey and set file permissions:

cd /var/www/
tar xzf <limesurveyDownload.tar.gz>
chown -R www-data:www-data /var/www/limesurvey 

Installation and configuration is done, you may have to restart your Apache2: systemctl restart apache2.service

Limesurvey Web Configuration

Now you can access Limesurvey by https://<your-server>/limesurvey/ The initial setup process let you choose the setup language and licence agreements. In the third step the setup process gives you an overview regarding the fundamental setup of Limesurvey like needed packages and file permissions. If you followed the previous instructions all checks should be fine. In the fourth step you have to provide Limesurveys database information analog to the former creation of your database. The last step let you choose Limesurveys standard language and prompts you to change the standard administrative credentials, which are: User = admin; Password = password

Limesurvey LDAP Search

A simple authentication account is recommended, which can be used for an authenticated LDAP bind. You may like to create such a user as described in the following link: [1].

Limesurvey AuthLDAP Plugin Configuration

Login to your Limesurvey installation https://<your-server>/limesurvey/admin and in the top bar navigate to: configuration – Plugin Manager. Here you have to „Configure“ LDAP authentication as follows. Options which are not mentioned can be configured as you prefer:

Key Value
Settings for plugin: AuthLDAP
LDAP server ldap://<server's FQDN> or ldaps://<server's FQDN>
Port number 7389 for ldap or 7636 for ldaps
LDAP Version LDAPv3
Select true if referrals must be followed... use false for ActiveDirectory
Enable Start-TLS On
Select how to perform authentication Search and bind
Attribute to compare to the given login... uid
Base DN for the user search operation output of ucr get ldap/base
Optional DN of the LDAP account used to search... corresponds with the output of: univention-ldapsearch uid=<your ldap bind user> | grep dn:
LDAP attribute of email address mail
LDAP attribute of full name gecos
Automatically create user if it exists in LDAP server check
Optional filter for group restriction E.g: (&(cn=limeusers)(memberUid=$username))

When you provided all information click Save and close

In the Plugin Manager overview you finally have to activate the LDAP Plugin.

Now you can logout and login with an appropriate LDAP User.

Personal tools