How to install Gibbon on NethServer

mrmarkuz · 2018-01-21 13:43:09 UTC

I got interrested in Gibbon in Building the Education Team and installed it on NethServer, here is what I did:

# Install php5.6 and mysql 
yum -y install http://mirror.de-labrusse.fr/NethServer/7/x86_64/nethserver-stephdl-1.0.6-1.ns7.sdl.noarch.rpm
yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum -y install unzip nethserver-mysql nethserver-php-scl

# Get Gibbon, move it to html folder and set rights
wget https://github.com/GibbonEdu/core/archive/v15.0.00.zip
mv core-15.0.00 /var/www/html/gibbon
chown apache:apache -R /var/www/html/gibbon

# Create database and user
mysql
create database gibbon character set utf8 collate utf8_bin;
grant all privileges on gibbon.* to gibbon@localhost identified by 'SECRET';
exit;

Change php version to 5.6 in “php settings” in web UI and browse to https://YOURNETHSERVER/gibbon

Enter localhost, gibbon, gibbon and the password defined earlier: “SECRET”

Follow the installation procedure, create your user and start testing gibbon…

robb · 2018-01-21 13:48:28 UTC

Great effort. Am I correct that the NethServer http module is a dependency too?
Now step 2: hack gibbon to get users from NS account provider…

On the other side, we might want to wonder how a school would enter new students. Unless there is a ‘mass erolment’ option I think most schools will prepare a CVS and import those into DAD/Samba4/LDAP.

Do we have any school sysadmins in our community? @FMFREAK, care to comment on this?

@mrmarkuz: There is a module to generate and store secrets in /var/lib/nethserver/secrets. It might be a good idea to use that to create the mysql database with.

mrmarkuz · 2018-01-21 13:52:22 UTC

Gibbon seems to have a simple user table, so syncing with a cron script and passwords should also be no problem, I’ll give it a try.

UPDATE gibbonPerson SET password=md5(‘newPassword’), passwordStrong=’’, passwordStrongSalt=’’ WHERE gibbonPersonID=1;

Source:

EDIT:

I don’t think we can get out the passwords for the AD users.

mrmarkuz · 2018-01-21 13:58:29 UTC

Yes but I think it’s too much to use it in the howtos. I’ll use it when building a package.

robb · 2018-01-21 14:01:07 UTC

You know I love cherrypicking from other sources: How are SavaPage and Moodle syncing users from AD/Samba4/LDAP? Could this be reused for Gibbon?

mrmarkuz · 2018-01-21 14:12:02 UTC

As httpd is already installed it should not be needed as we use scl php but now I am not sure anymore…

Moodle may be helpful as it uses mysql too.
I just don’t know how to get the password of the samba user. Importing it to gibbon db should be easy.

Maybe Gibbon has an export function so we may use the export file, change it to our needs (users etc.) and import it back to Gibbon.

robb · 2018-01-21 14:27:04 UTC

I have asked the Gibbon devs before of AD/LDAP support could be added. They tried but have cancelled the feature request: not enough expertise with AD/LDAP
row 26:

In the meantime, filtering the Gibbon website for user export feature…

Protip: watch the video’s on Gibbon Supprt Youtube channel: https://www.youtube.com/channel/UCff1byXVvT5QJMiLcteUr8w

In the first video (Gibbon training day session2) at timestamp 38m05sec there is a question about AD/LDAP and why they didn’t manage to get it running.

mrmarkuz · 2018-01-21 20:17:10 UTC

I found an import function so at least we are able to import csv files, which will help on migrating scenarios and maybe we can use it in combination with the export script /etc/e-smith/events/actions/nethserver-sssd-export-accounts. It creates users.tsv which may be converted to a CSV easily with something like this:

gist.github.com

https://gist.github.com/acg/5312238#file-tsv2csv

tsv2csv

#!/usr/bin/env perl

use Text::CSV;
use Getopt::Long   qw/ GetOptionsFromArray :config pass_through /;
use warnings;
use strict;

my $usage = "usage: $0 [-e] < file.tsv\n";

exit main( @ARGV );

This file has been truncated. show original

The result may be imported to Gibbon with a default password which has to be changed at first login.

[root@server ~]# ./tsv2csv.pl < /var/lib/nethserver/backup/users.tsv
admin,"NethServer Administrator",blablabla
markus,"Markus Neuberger",blablabla
administrator,Administrator,blablabla
...

The convert operation would also be possible with libreoffice or similar tools.

Screenshot of CSV import of Gibbon:

robb · 2018-01-21 22:11:46 UTC

I spent quite some time watching the Gibbon support video’s on youtube… They are enlightening! It gives quite some ideas to get users from NS accountprovider to Gibbbon.

I understood the CSV import option is always a complete set of users. You can not add a delta of new users. You always need to import the complete set of users and the import will ignore the already existing users.
I also saw that the format is very basic. Although there are many options you can add, it is nothing more than a preconfigured CSV.
Besides that Gibbon has plenty of opportunities to create custom fields through the webinterface. I am getting quite excited about this application!

mrmarkuz · 2018-01-21 22:31:33 UTC

It’s also for adding some new users as far as I understand.

I watched the video part about why not implementing AD/LDAP. He complains about too much different implementations. There are 3 (LDAP, AD, Apple Open Directory) and if you do a google search you’ll easily find code snippets how to implement those in PHP. I am not a PHP dev and maybe it’s really complex but it seems it’s just not their goal.

To “hack” it, we would have to change the login procedure into asking some directory server instead of its mysql database. Horde or roundcube are written in PHP too, maybe we can do some copy/paste…

Maybe for the education server we use gibbon as user base (because it saves much more info about a user) and sync to Nethserver? Just an idea…or a hook in Nethserver when creating a user to sync to gibbon immediately…

robb · 2018-01-22 20:18:58 UTC

Then… if it it turns out doable, we could do a PR so it gets adopted in Gibbon. It would be a LOT better to read from LDAP/AD natively then create some work around exporting users and importing them in Gibbon… (although several applications DO exactly that to fill the local database with LDAP /AD users.)

What I also was think about is using RADIUS… The application (in this case, Gibbon) just asks if a user X with password Y exists in the user source and if that user is allowed to do Z… The only thing RADIUS does is say yes or no… (after checking with the user source)

mrmarkuz · 2018-01-22 21:31:35 UTC

I’ll try the AD/LDAP way and report.

FMFREAK · 2018-01-23 08:19:47 UTC

@robb
On our Secondary school in the Netherlands we have Magister. Because there is no connection possible between Magister and our Active Directory we have to use a CSV. We put that in a program called ADManager.

The problem to make international OSS for schools, is that every country has its own laws. But maybe Gibbon is a good starting point to make a country based School program.

robb · 2018-01-23 13:22:40 UTC

@FMFREAK can you elaborate a bit on “ADManager”? Is it Windows only? Are there any Opensource alternatives? Would it work on Samba4 domains too?