Cool Solution - Install Ilias and setup ldap authentication
From Univention Wiki
Ilias is an E-Learning system, mostly used at universities.
The version of Ilias used in this article is Ilias 5.0.8.
To successfully deploy and use Ilias, the following packages must be installed:
univention-install mysql-client mysql-server php5-gd php5-mysql php5-xsl openjdk-7-jdk
For LDAP authentication the following package is required:
There are also some optional packages for additional functionality:
- htmldoc for PDF/HTML conversion
- ffmpeg for audio/video conversion
To install htmldoc/ffmpeg one has to activate the UCS unmaintained repository:
ucr set repository/online/unmaintained='yes'
Install needed packages afterwards.
univention-install htmldoc univention-install ffmpeg
Download the current version of Ilias. This article has been written to fit for version 5.0.8, so we will offer the link to that version.
To download another version go to Ilias' page and click on the right-hand green Download button.
After the download is finished, extract the archive to the webserver directory.
tar -xzf v5.0.8.tar.gz -C /var/www/
It is advised to change the name of the extracted folder in /var/www from "ILIAS-5.0.8" to something else. You can create an alias for ilias with the command at the end of this tutorial, but it's just easier to have a simple lowercase folder name.
mv /var/www/ILIAS-5.0.8 /var/www/<desired name>
Hint: Change <desired name> to the name you want to give the folder.
Make the webserver's user the owner of Ilias' folder
chown -R www-data:www-data /var/www/<Ilias folder>
Ilias also needs a data directory outside the webspace. Create a directory
And make the webserver's user the owner.
chown www-data:www-data /opt/iliasdata
Ilias needs a database and MySQL user. Start a MySQL shell:
mysql -uroot -p$(cat /etc/mysql.secret)
type in the following commands and press enter after each line:
CREATE USER '<user>'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE <database-name>;
GRANT ALL PRIVILEGES ON <database-name>.* TO '<user>'@'localhost' IDENTIFIED BY '<password>';
Hint: change "<user>" and "<password>" to your desired values.
Before we begin with the actual Ilias setup, a few modifications to php.ini have to be applied. Open php.ini
and apply the following changes. Search for the different keys by pressing / in vim and typing in the key's name.
; you may choose higher values for max_execution_time and memory_limit max_execution_time = 600 memory_limit = 200M ; you may set display_errors = Off if the system runs in a production environment error_reporting = E_ALL & ~E_NOTICE ; up to PHP 5.2.x error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED ; PHP 5.3.0 and higher error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT ; PHP 5.4.0 and higher display_errors = On ; or any higher values for post_max_size and upload_max_filesize post_max_size = 60M upload_max_filesize = 40M ; choose a non-zero value for session.gc_probability, otherwise old session data will not be deleted session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 3600 session.hash_function = 0 ; for chat server since ILIAS 4.2 allow_url_fopen = 1 ; How many GET/POST/COOKIE input variables may be accepted max_input_vars = 10000
After the changes have been applied, restart Apache.
service apache2 restart
Now the actual Ilias setup is in order. Go to <SERVER IP>/<FOLDER CONTAINING ILIAS>/setup/setup.php in your web browser.
On the first page Preliminaries all points should be verified by a green "OK". If so, click Installation. On the following Basic settings page, type in the following values:Data Directory outside Webspace:
/opt/iliasdataPath to Log File:
Change the Time Zone at "Server Settings".
At the very bottom of the page, set a master password, which is used to protect configuration data from unauthorized access.
If you did not install the required packages in some other place than the default values on purpose, nothing else has to be changed. Click Save and Next.
Now a client has to be created. Click on Create new client and choose to create a MySQL 5.0.x or higher (InnoDB engine) database. Give the new client a name and provide Ilias with the database and user information you created before. Click on Save and Next. On the following page, check the box beneath Create Database and click on Install Database. The database creation might take some time, so wait patiently until the next page loads. It shows you the details of the database, that was just created. Click on Next. On the following page Languages you can choose which languages shall be installed and which language shall be default. Tick the desired languages and options, click on Save and Next. The next page asks for contact information for the administrator, type in your details and click Save and Next. The following page asks you for a proxy. If you have configured a webproxy in UCS, specify it here.
|Host||<Your proxy's host>|
|Port||<The proxy's port>|
Now you have to specify how passwords shall be stored. If you are going to setup an LDAP authentication, this is of minor priority, still at least the Encoder should be changed from MD5 to bcrypt due to MD5 being basically broken for years. The next page asks you to register your Ilias installation, this is entirely optional. By clicking on Finish setup' on the last page, you have completed setting up Ilias! You can login with user root and password homer now.
To set up an LDAP authentication login to Ilias and go to Administration -> Authentication and Registration -> LDAP
Check the box Enable LDAP Support
and provide the module with the following details:
|Name of LDAP Configuration||Use whatever name you want but keep in mind, that is is going to be displayed to anyone on the login page!|
|LDAP Server URL||ldap://localhost:7389|
|LDAP protokoll version||3|
|BaseDN||<Your LDAP's Base DN>|
|Referrals||(tick this box)|
|Use LDAP TLS||(tick this box)|
|Binding||Bind as User|
|User DN||uid=Administrator,cn=users,<BASE DN>|
|Password||<Password of the "Administrator" user>|
|Authentication Settings: Search Scope||Sub|
|Attribute for Login name||uid|
|Group membership restrictions Search Scope||Sub|
|Attribute for group||cn|
|Group membership is optional||(tick this box)|
|Type of Synchronization||On login|
|Ilias role assignment||<Choose which role new users logging in with LDAP credentials should have, choose "User" if unsure>|
Execute the following command if you do not know your Base DN.
ucr get ldap/base
Click on "Save". You can set LDAP authentication as default by switching to Administration -> Authentication and Registration -> Authentication and checking the radio button for LDAP Auth. To go full LDAP in regards of user management, you can also disable registrations via regular Ilias auth by clicking on the Ilias Auth tab in Authentication and Registration and checking the box No registration possible. It is impossible to disable Ilias Auth entirely to keep the possibility of logging in via your initially created admin account in case of problems with other authentication methods.
Add Ilias to web services
To add Ilias to the web services on the UCS overview page, execute this:
ucr set \ ucs/web/overview/entries/service/ilias/description="ILIAS E-Learning" \ ucs/web/overview/entries/service/ilias/icon="/<FOLDER CONTAINING ILIAS>/templates/default/images/logo/ilias_logo_72x72-precomposed.png" \ ucs/web/overview/entries/service/ilias/label/de="Ilias" \ ucs/web/overview/entries/service/ilias/label="Ilias" \ ucs/web/overview/entries/service/ilias/link="/<FOLDER CONTAINING ILIAS>"
Hint: Change "<FOLDER CONTAINING ILIAS>" to the folder that contains Ilias in /var/www.
Further information about additional functionality and various optional features can be obtained from Ilias page.