Difference between revisions of "Cool Solution - Install Moodle"

From Univention Wiki

Jump to: navigation, search
(Upgrade to UCS 4.3)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Version|UCS=4.3}}
+
This page has been moved to the Knowledge Base Cool Solutions in the Forum.
{{Version|school=4.3}}
 
{{Cool Solutions Disclaimer|Repository=no}}
 
{{#seo:
 
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}}
 
<!--|description=-->
 
}}
 
{{Review-Status}}
 
  
This article introduces you to the usage of Moodle. It covers the installation on a dedicated school server, as well as the users authentication with the LDAP. If further integration packages are needed, like loading classes from the LDAP or using the Microsoft Windows authentication for already logged in users, feel free to contact Univention for assistance.
+
[https://help.univention.com/t/cool-solution-install-moodle/12258 Cool Solution - Install Moodle]
 
 
== Prepare UCS ==
 
 
 
It's important that every user, that should use Moodle, must have an e-mail address. If currently no user has an e-mail address, install the '''Mailserver''' component from the App center to manage an e-mail domain and assign e-mail addresses to users.
 
 
 
=== Prerequisites ===
 
 
 
This section will cover the preparation and installation of Moodle on the system. Please make sure that every command is executed as root user.
 
 
 
To install necessary packages, execute the following command:
 
<pre>univention-install univention-mysql libapache2-mod-php php php-common php-json php-xml php-cli php-curl php-readline php-mbstring php-intl php-mysql php-ldap php-xmlrpc php-soap php-zip php-gd</pre>
 
 
 
To use Moodle effectively, it is recommended to raise the maximum size for uploads, e. g. 20 MB, to provide small programs to students. The changes must be done in the '''/etc/php/7.0/apache2/php.ini''' file:
 
<syntaxhighlight lang="bash">
 
post_max_size = 20M
 
upload_max_filesize = 20M
 
</syntaxhighlight>
 
 
 
For the changes to take effect, the Apache webserver must be reloaded:
 
<pre>
 
systemctl reload apache2.service
 
</pre>
 
 
 
Moodle furthermore needs three MySQL global variables set to provide full UTF-8 support. (Read more [https://docs.moodle.org/35/en/MySQL#Configure_full_UTF-8_support here] for details)
 
You can easily set the variables ''innodb_file_format'', ''innodb_file_per_table'' and ''innodb_large_prefix'' by using the following UCR command and afterwards restarting the MySQL Service:
 
<syntaxhighlight lang="bash">
 
ucr set \
 
mysql/config/mysqld/innodb_file_format="Barracuda" \
 
mysql/config/mysqld/innodb_file_per_table=1 \
 
mysql/config/mysqld/innodb_large_prefix=1
 
 
 
systemctl restart mysqld.service
 
</syntaxhighlight>
 
 
 
== Installing Moodle ==
 
 
 
This section handles the basic configuration and LDAP connection for Moodle and how to delete users in Moodle that are not in the LDAP anymore.
 
 
 
=== Create a database ===
 
 
 
''Hint'': '''It is recommended to create a Moodle user with appropriate privileges on the Moodle database.'''
 
 
 
Use the following commands to setup a MySQL User and Database with UTF8 default encoding. The Moodle MySQL User password will be saved in file ''/etc/mysql-moodle.secret'' and used later during the install.
 
<syntaxhighlight lang="bash">
 
# Generate your database password according to your machine password policy and save it in a secret file
 
eval "$(ucr --shell search machine/password/length machine/password/complexity)"
 
if [ -z "$machine_password_length" ]; then machine_password_length=20; fi
 
if [ -z "$machine_password_complexity" ]; then machine_password_complexity="scn"; fi
 
moodle_db_password="$(pwgen -1 -${machine_password_complexity} ${machine_password_length} | tee /etc/mysql-moodle.secret)"
 
 
 
# Create your moodle database and moodle database user
 
mysql -u root --password=$(cat /etc/mysql.secret) -e \
 
"CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO 'moodle'@'localhost' IDENTIFIED BY '$moodle_db_password';"
 
</syntaxhighlight>
 
 
 
=== Install Moodle code ===
 
 
 
The next step is, to download and extract Moodle. You can use the following script:
 
<syntaxhighlight lang="bash">
 
tmpdir=$(mktemp -d) # A temporary working directory
 
 
 
# Download Moodle and extract it
 
wget --show-progress -O $tmpdir/moodle-3.5.1.tgz https://download.moodle.org/download.php/direct/stable35/moodle-3.5.1.tgz
 
tar -xvzf $tmpdir/moodle-3.5.1.tgz -C /var/www/
 
 
 
# Set the correct folder and file permissions (This might take a few seconds)
 
chown -R root:root /var/www/moodle
 
find /var/www/moodle/ -type f -exec chmod 644 {} \;
 
find /var/www/moodle/ -type d -exec chmod 755 {} \;
 
 
 
# Create Moodle's data directory
 
mkdir /var/moodledata
 
chmod 0777 /var/moodledata
 
 
 
# Remove the temporary working directory again
 
rm -R $tmpdir
 
</syntaxhighlight>
 
 
 
 
 
Now the Moodle service can be reached by opening the web page in a webbrowser:
 
<pre>
 
http://<server>/moodle
 
</pre>
 
 
 
You can either install Moodle using the web configuration or by using the following script: <br>
 
(Note: Don't forget to set the variables on the script top first. You will be able to confirm all given values once more during installation)
 
<syntaxhighlight lang="bash">
 
# Please set the basic data of your moodle and admin here
 
moodle_name_full="<YOUR_SITE_NAME>"
 
moodle_name_short="<YOUR_SITE_NAME_SHORT>"
 
moodle_summary="<YOUR_FRONT_PAGE_SUMMARY>"
 
admin_username="Admin"
 
admin_password="<YOUR_ADMIN_PASSWORD>"
 
admin_email="<YOUR_ADMIN_MAIL_ADDRESS>"
 
 
 
# Install Moodle
 
php /var/www/moodle/admin/cli/install.php \
 
--chmod=0777 \
 
--lang="en" \
 
--wwwroot="http://$(hostname -f)/moodle" \
 
--dataroot="/var/moodledata" \
 
--dbtype="mariadb" \
 
--dbhost="localhost" \
 
--dbsocket=1 \
 
--dbname="moodle" \
 
--dbuser="moodle" \
 
--dbpass="$(cat /etc/mysql-moodle.secret)" \
 
--fullname="$moodle_name_full" \
 
--shortname="$moodle_name_short" \
 
--summary="$moodle_summary" \
 
--adminuser="$admin_username" \
 
--adminpass="$admin_password" \
 
--adminemail="$admin_email"
 
</syntaxhighlight>
 
 
 
Note that the generated Config-File will most likely have the wrong file permissions assigned. Use the following command, if the Moodle web page returns a HTTP 500 error code:
 
<syntaxhighlight lang="bash">
 
chmod 644 /var/www/moodle/config.php
 
</syntaxhighlight>
 
 
 
=== LDAP authentification ===
 
 
 
After the basic configuration is done, https should be activated in '''Site Administration''' -> '''Security''' -> '''HTTP security'''. Next, in '''Site Administration''' -> '''Plugins''' -> '''Authentication''' -> '''Manage authentication''' the option '''Email-based self-registration''' should be deactivated and '''LDAP server (pre installed Plugin)''' should be activated.
 
 
 
Next, a simple authentication account should be created using the UDM. This account can then be used for an authenticated bind. Follow the [https://wiki.univention.de/index.php/Cool_Solution_-_LDAP_search_user LDAP search user] Cool Solution to create one. To find the DN of the account issue the following command on the command line:
 
<pre>
 
udm users/ldap list --filter username=<NAME_OF_THE_ACCOUNT> | grep DN
 
</pre>
 
 
 
Now the LDAP connection can be configured. You can either use the webbrowser under  '''Site Administration''' -> '''Plugins''' -> '''Authentication''' -> '''Manage authentication''' -> '''LDAP Server''' -> '''Settings''' as described below, or use the following script:
 
<syntaxhighlight lang="bash">
 
# Please set the data of an simple authentication account here. Instructions how one is created can be found here: https://wiki.univention.de/index.php/Cool_Solution_-_LDAP_search_user
 
ldap_search_user="uid=moodle-search,cn=users,<YOUR_LDAP_BASE>"
 
ldap_search_password="<YOUR_LDAP_SEARCH_PASSWORD>"
 
ldap_contexts="cn=users,<YOUR_LDAP_BASE>;cn=users,ou=<school>,<YOUR_LDAP_BASE>" # Separated with semicolons (';')
 
 
 
# Obtain global domain configuration data
 
eval "$(ucr --shell search domainname \
 
ldap/base \
 
ldap/server/name \
 
ldap/server/addition
 
)"
 
 
 
ldap_server_name=$(echo "$ldap_server_name" | sed "s/'\|\"//g")
 
ldap_server_addition=$(echo "$ldap_server_addition" | sed "s/'\|\"//g")
 
ldap_hosts=$(echo "ldaps://$ldap_server_name:7636")
 
if [ -n "$ldap_server_addition" ]; then
 
    for host in $ldap_server_addition; do
 
        ldap_hosts="$ldap_hosts;ldaps://$host:7636"
 
    done
 
fi
 
 
 
# Configure the LDAP Plugin
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="host_url" --set="$ldap_hosts"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="ldap_version" --set="3"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="bind_dn" --set="$ldap_search_user"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="bind_pw" --set="$ldap_search_password"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="contexts" --set="$ldap_contexts"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="search_sub" --set="1"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="user_attribute" --set="uid"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="removeuser" --set="2"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_city" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_country" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_department" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_description" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_email" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_firstname" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_idnumber" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_institution" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_lastname" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_phone1" --set="locked"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_lock_phone2" --set="locked"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_city" --set="l"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_country" --set="c"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_department" --set="departmentNumber"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_description" --set="description"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_email" --set="mailPrimaryAddress"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_firstname" --set="givenName"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_idnumber" --set="uidNumber"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_institution" --set="o"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_lastname" --set="sn"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_phone1" --set="telephoneNumber"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_map_phone2" --set="mobile"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_city" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_country" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_department" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_descriptiont" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_email" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_firstname" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_idnumber" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_institution" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_lastname" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_phone1" --set="onlogin"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updatelocal_phone2" --set="onlogin"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_city" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_country" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_department" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_description" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_email" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_firstname" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_idnumber" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_institution" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_lastname" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_phone1" --set="0"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="field_updateremote_phone2" --set="0"
 
 
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="memberattribute" --set="memberof"
 
php /var/www/moodle/admin/cli/cfg.php --component="auth_ldap" --name="memberattribute_isdn" --set="1"
 
</syntaxhighlight>
 
 
 
You should now be able to login as any user below your set ''ldap_contexts'' containers. Note that some attributes like Email address are mandatory for moodle. Users without valid email addresses inside UCS won't be able to leave their profile settings page, so you should make sure that all moodle users own a valid email.
 
 
 
==== Alternative: LDAP configuration using the web browser ====
 
 
 
Change the following values under the web page '''Site Administration''' -> '''Plugins''' -> '''Authentication''' -> '''Manage authentication''' -> '''LDAP Server''' -> '''Settings''' to successfully configure the LDAP plugin:
 
 
 
{|class="wikitable"
 
!Key
 
!Value
 
|-
 
!colspan="2"| LDAP server settings
 
|-
 
| Host URL
 
| ldaps://<school server's FQDN>:7636
 
|-
 
| Version
 
| 3
 
|-
 
!colspan="2"| Bind settings
 
|-
 
| Distinguished Name
 
| <DN of the authentication account>
 
|-
 
| Password
 
| <Password of the authentication account>
 
|-
 
!colspan="2"| User lookup settings
 
|-
 
| Contexts
 
| cn=users,<YOUR_LDAP_BASE>;cn=users,ou=<school>,<YOUR_LDAP_BASE>
 
|-
 
| Search subcontexts
 
| Yes
 
|-
 
| User Attribute
 
| uid
 
|-
 
| Member Attribute
 
| memberof
 
|-
 
| Member attribute uses dn
 
| 1
 
|-
 
!colspan="2"| User account synchronisation
 
|-
 
| Removed ext user
 
| Full delete internal
 
|-
 
!colspan="2"| Data mapping (for all entries)
 
|-
 
| Update local
 
| On Every Login
 
|-
 
| Update external
 
| Never
 
|-
 
| Lock value
 
| Locked
 
|-
 
!colspan="2"| Data mapping attributes
 
|-
 
| First name
 
| givenName
 
|-
 
| Surname
 
| sn
 
|-
 
| Email address
 
| mailPrimaryAddress
 
|-
 
| City/town
 
| l
 
|-
 
| Country
 
| c
 
|-
 
| Description
 
| description
 
|-
 
| ID number
 
| uidNumber
 
|-
 
| Institution
 
| o
 
|-
 
| Department
 
| departmentNumber
 
|-
 
| Phone
 
| telephoneNumber
 
|-
 
| Mobile phone
 
| mobile
 
|}
 
 
 
''Hint:'' To obtain the LDAP basis, execute the following command on the school server:
 
<pre>
 
ucr get ldap/base
 
</pre>
 
 
 
''Hint:'' To obtain the system's FQDN, execute the following command on the relevant system:
 
<pre>
 
hostname -f
 
</pre>
 
 
 
You should now be able to login as any user below your set ''Contexts'' containers. Note that some attributes like Email address are mandatory for moodle. Users without valid email addresses inside UCS won't be able to leave their profile settings page, so you should make sure that all moodle users own a valid email.
 
 
 
==== Cronjob for deleting users ====
 
 
 
In order for Moodle to remove users from its database that are deleted in the LDAP, a cronjob must be defined in the UDM.
 
 
 
<syntaxhighlight lang="bash">
 
ucr set \
 
cron/moodle/command='wget -q -O /dev/null http://localhost/moodle/admin/cron.php' \
 
cron/moodle/time='*/10 * * * *'
 
</syntaxhighlight>
 
 
 
== Restrictions ==
 
 
 
#'''Class mapping''': This article does not handle mappings between UCS@School classes and Moodle groups. If you need assistance to create the respective mapping or would like to have the setup packaged, feel free to contact Univention for an offer to create either.
 
 
 
== References ==
 
 
 
* Moodle - https://moodle.org/
 
* Moodle LDAP - https://docs.moodle.org/35/en/LDAP_authentication
 
* Moodle LDAP Enrolment - https://docs.moodle.org/35/en/LDAP_enrolment
 
* Moodle 3.5 Documentation - https://docs.moodle.org/35/en/New_features
 
 
 
== Further links ==
 
 
 
* Moodle Installation - https://docs.moodle.org/28/en/Installing_Moodle_on_Debian_based_distributions
 
 
 
== Archive ==
 
 
 
* There is a version of this article for [https://wiki.univention.de/index.php?title=Cool_Solution_-_Install_Moodle_and_setup_ldap_authentication&oldid=13479 UCS 4.2].
 
  
 
[[Category:EN]]
 
[[Category:EN]]
 +
[[Category:Howtos]]

Latest revision as of 12:08, 4 September 2019

This page has been moved to the Knowledge Base Cool Solutions in the Forum.

Cool Solution - Install Moodle

Personal tools