LimeSurvey is a web survey software written in PHP. LimeSurvey has a webserver authentication mode that allows to integrate it directly into LemonLDAP::NG.
To have a stronger integration, we will configure LimeSurvey to autocreate unknown users and use HTTP headers to fill name, mail and roles. For example, we will use 3 roles:
The configuration is done in config.php:
vi /var/www/html/limesurvey/config.php
//================================== // WebSSO //================================== $useWebserverAuth = true; $WebserverAuth_autocreateUser = true; $WebserverAuth_autouserprofile = Array( 'full_name' => $_SERVER['HTTP_AUTH_CN'], 'email' => $_SERVER['HTTP_AUTH_MAIL'], 'lang' => 'en', 'htmleditormode' => 'inline', 'templatelist' => 'default,basic,MyOrgTemplate', 'create_survey' => $_SERVER['HTTP_AUTH_ADMIN'] || $_SERVER['HTTP_AUTH_SUPERADMIN'], 'create_user' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'delete_user' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'superadmin' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'configurator' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'manage_template' => $_SERVER['HTTP_AUTH_SUPERADMIN'], 'manage_label' => $_SERVER['HTTP_AUTH_SUPERADMIN'] );
Configure LimeSurvey virtual host like other protected virtual host.
<VirtualHost *:80> ServerName limesurvey.example.com PerlHeaderParserHandler Lemonldap::NG::Handler SetEnvIfNoCase Auth-User "(.*)" PHP_AUTH_USER=$1 Alias /limesurvey /var/www/html/limesurvey DocumentRoot /var/www/html/limesurvey </VirtualHost>
server {
listen 80;
server_name limesurvey.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}
Go to the Manager and create a new virtual host for LimeSurvey.
| Header name | Description |
|---|---|
| Auth-User | user login |
| Auth-Cn | user full name |
| Auth-Mail | user email |
| Auth-Admin | 1 if user is admin |
| Auth-SuperAdmin | 1 if user is superadmin |
| Rule name | Expression | Description |
|---|---|---|
| Logout | action=logout$ | Logout rule (for example logout_app_sso) |
| Admin | ^/limesurvey/admin/ | Allow only admin and superadmin roles |
| Default | default | Allow only users with a LimeSurvey role |