documentation:1.1:applications:limesurvey

LimeSurvey

LimeSurvey is a web survey software written in PHP. LimeSurvey has a webserver authentication mode that allows to integrate it directly into LemonLDAP::NG.

To have a stronger integration, we will configure LiemSurvey to autocreate unknown users and use HTTP headers to fill name, mail and roles. For example, we will use 3 roles:

  • User: can answer to surveys
  • Admin: can create surveys
  • Superadmin: no one can stop him!
We suppose that LimeSurvey is installed in /var/www/html/limesurvey

The configuration is done in config.php:

vi /var/www/html/limesurvey/config.php
//==================================
// WebSSO
//==================================
 
$useWebserverAuth = true;
$WebserverAuth_autocreateUser = true;
$WebserverAuth_autouserprofile = Array(
 'full_name' => $_SERVER['HTTP_AUTH_CN'],
 'email' => $_SERVER['HTTP_AUTH_MAIL'],
 'lang' => 'en',
 'htmleditormode' => 'inline',
 'templatelist' => 'default,basic,MyOrgTemplate',
 'create_survey' => $_SERVER['HTTP_AUTH_ADMIN'] || $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'create_user' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'delete_user' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'superadmin' => $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'configurator' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'manage_template' =>  $_SERVER['HTTP_AUTH_SUPERADMIN'],
 'manage_label' =>  $_SERVER['HTTP_AUTH_SUPERADMIN']
);
We directly use HTTP headers to fill default user profile.

Configure LimeSurvey virtual host like other protected virtual host.

<VirtualHost *:80>
       ServerName limesurvey.example.com
 
       PerlHeaderParserHandler My::Package
 
      SetEnvIfNoCase Auth-User "(.*)" PHP_AUTH_USER=$1
 
      Alias /limesurvey /var/www/html/limesurvey
      DocumentRoot /var/www/html/limesurvey
 
</VirtualHost>
You need to set the PHP_AUTH_USER variable to have the Webserver authentication mode working.

Go to the Manager and create a new virtual host for LimeSurvey.

Headers

Header name Description
Auth-User user login
Auth-Cn user full name
Auth-Mail user email
Auth-Admin 1 if user is admin
Auth-SuperAdmin 1 if user is superadmin
You can manage roles with the RBAC model or by using groups.

Rules

Rule name Expression Description
Logout action=logout$ Logout rule (for example logout_app_sso)
Admin ^/limesurvey/admin/ Allow only admin and superadmin roles
Default default Allow only users with a LimeSurvey role
You can set the default access to:
  • accept: all authenticated users will access surveys
  • unprotect: no authentication will be asked to access surveys