LimeSurvey

Presentation

LimeSurvey is a web survey software written in PHP. LimeSurvey has a webserver authentication mode that allows to integrate it directly into LemonLDAP::NG.

To have a stronger integration, we will configure LimeSurvey to autocreate unknown users and use HTTP headers to fill name, mail and roles. For example, we will use 3 roles:

User: can answer to surveys
Admin: can create surveys
Superadmin: no one can stop him!

Configuration

We suppose that LimeSurvey is installed in /var/www/html/limesurvey

LimeSurvey configuration

The configuration is done in config.php:

vi /var/www/html/limesurvey/config.php

//==================================
// WebSSO
//==================================
 
$useWebserverAuth = true;
$WebserverAuth_autocreateUser = true;
$WebserverAuth_autouserprofile = Array(
 'full_name' => $_SERVER['HTTP_AUTH_CN'],
 'email' => $_SERVER['HTTP_AUTH_MAIL'],
 'lang' => 'en',
 'htmleditormode' => 'inline',
 'templatelist' => 'default,basic,MyOrgTemplate',
 'create_survey' => $_SERVER['HTTP_AUTH_ADMIN'] || $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'create_user' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'delete_user' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'superadmin' => $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'configurator' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'manage_template' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'manage_label' =>  $_SERVER['HTTP_AUTH_SUPERADMIN']
);

We directly use HTTP headers to fill default user profile.

LimeSurvey virtual host

Configure LimeSurvey virtual host like other protected virtual host.

For Apache:

<VirtualHost *:80>
       ServerName limesurvey.example.com
 
       PerlHeaderParserHandler Lemonldap::NG::Handler
 
       SetEnvIfNoCase Auth-User "(.*)" PHP_AUTH_USER=$1
 
       Alias /limesurvey /var/www/html/limesurvey
      DocumentRoot /var/www/html/limesurvey
 
</VirtualHost>

You need to set the PHP_AUTH_USER variable to have the Webserver authentication mode working.

For Nginx:

server {
  listen 80;
  server_name limesurvey.example.com;
  root /path/to/application;
  # Internal authentication request
  location = /lmauth {
    internal;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    # Drop post datas
    fastcgi_pass_request_body  off;
    fastcgi_param CONTENT_LENGTH "";
    # Keep original hostname
    fastcgi_param HOST $http_host;
    # Keep original request (LLNG server will received /llauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
  } 
 
  # Client requests
  location / {
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
    auth_request_set $lmlocation $upstream_http_location;
    error_page 401 $lmlocation;
    try_files $uri $uri/ =404;
 
    ...
 
    include /etc/lemonldap-ng/nginx-lua-headers.conf;
  }
  location / {
    try_files $uri $uri/ =404;
  }
}

LimeSurvey virtual host in Manager

Go to the Manager and create a new virtual host for LimeSurvey.

Headers

Header name	Description
Auth-User	user login
Auth-Cn	user full name
Auth-Mail	user email
Auth-Admin	1 if user is admin
Auth-SuperAdmin	1 if user is superadmin

You can manage roles with the RBAC model or by using groups.

Rules

Rule name	Expression	Description
Logout	action=logout$	Logout rule (for example logout_app_sso)
Admin	^/limesurvey/admin/	Allow only admin and superadmin roles
Default	default	Allow only users with a LimeSurvey role

You can set the default access to:

accept: all authenticated users will access surveys
unprotect: no authentication will be asked to access surveys

Table of Contents