Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.
This article will cover the preparation and installation of Limesurvey on a single UCS server, as well as the users authentication with the LDAP. In this guide Limesurvey 3.5.4 were used.
Prerequisites
Get Limesurvey from https://www.limesurvey.org/downloads/category/25-latest-stable-release
Installation
To install necessary packages, execute the following commands:
ucr set repository/online/unmaintained='yes'
univention-install univention-mysql php5-ldap php5-mysql php5-imap php5-gd php5-curl
ucr set mysql/config/mysqld/bind_address='127.0.0.1' && service mysql restart
Now we can configure MySQL and setup the Limesurvey database. When asked to change the password choose no (n) an provide the actual mysql root password which you can display by: more /etc/mysql.secret Answer all other questions with yes (y).
mysql_secure_installation
Now setup the database for Limesurvey with the following instructions:
mysql -uroot -p$(cat /etc/mysql.secret)
CREATE DATABASE limesurveydb;
CREATE USER 'lime_dbuser' IDENTIFIED BY '<SECRET PASSWORD>';
GRANT ALL ON limesurveydb.* TO 'lime_dbuser';
FLUSH PRIVILEGES;
quit
Extract the downloaded Limesurvey archive to /var/www/limesurvey and set file permissions:
cd /var/www/
tar xzf <limesurveyDownload.tar.gz>
chown -R www-data:www-data /var/www/limesurvey
Installation and configuration is done, you may have to restart your Apache2: systemctl restart apache2.service
Limesurvey Web Configuration
Now you can access Limesurvey by https://<your-server>/limesurvey/ The initial setup process let you choose the setup language and licence agreements. In the third step the setup process gives you an overview regarding the fundamental setup of Limesurvey like needed packages and file permissions. If you followed the previous instructions all checks should be fine. In the fourth step you have to provide Limesurveys database information analog to the former creation of your database. The last step let you choose Limesurveys standard language and prompts you to change the standard administrative credentials, which are: User = admin; Password = password
Limesurvey LDAP Search
A simple authentication account is recommended, which can be used for an authenticated LDAP bind. You may like to create such a user as described in the following link: [1].
Limesurvey AuthLDAP Plugin Configuration
Login to your Limesurvey installation https://<your-server>/limesurvey/admin and in the top bar navigate to: configuration – Plugin Manager. Here you have to „Configure“ LDAP authentication as follows. Options which are not mentioned can be configured as you prefer:
| Key | Value |
|---|---|
| Settings for plugin: AuthLDAP | |
| LDAP server | ldap://<server’s FQDN> or ldaps://<server’s FQDN> |
| Port number | 7389 for ldap or 7636 for ldaps |
| LDAP Version | LDAPv3 |
| Select true if referrals must be followed… | use false for ActiveDirectory |
| Enable Start-TLS | On |
| Select how to perform authentication | Search and bind |
| Attribute to compare to the given login… | uid |
| Base DN for the user search operation | output of ucr get ldap/base
|
| Optional DN of the LDAP account used to search… | corresponds with the output of: univention-ldapsearch uid=<your ldap bind user> | grep dn:
|
| LDAP attribute of email address | |
| LDAP attribute of full name | gecos |
| Automatically create user if it exists in LDAP server | check |
| Optional filter for group restriction | E.g: (&(cn=limeusers)(memberUid=$username))
|
When you provided all information click Save and close
In the Plugin Manager overview you finally have to activate the LDAP Plugin.
Now you can logout and login with an appropriate LDAP User.