How to install Gibbon on NethServer

education
v7
(Markus Neuberger) #1

I got interrested in Gibbon in Building the Education Team and installed it on NethServer, here is what I did:

EDIT 10.9.2018:

  • Update to version 16.0.01
# Install php5.6 and mysql 
yum -y install http://mirror.de-labrusse.fr/NethServer/7/x86_64/nethserver-stephdl-1.0.6-1.ns7.sdl.noarch.rpm
yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum -y install unzip nethserver-mysql nethserver-php-scl

# Get Gibbon, move it to html folder and set rights
wget https://github.com/GibbonEdu/core/archive/v16.0.01.zip
unzip v16.0.01.zip
mv core-16.0.01 /var/www/html/gibbon
chown apache:apache -R /var/www/html/gibbon

# Create database and user
mysql
create database gibbon character set utf8 collate utf8_bin;
grant all privileges on gibbon.* to gibbon@localhost identified by 'SECRET';
exit;

Change php version to at least 7.1 (thanks to @robb and @stephdl) in ā€œphp settingsā€ in web UI and browse to https://YOURNETHSERVER/gibbon

Enter localhost, gibbon, gibbon and the password defined earlier: ā€œSECRETā€

grafik
grafik.png768x410 17.3 KB

Follow the installation procedure, create your user and start testing gibbonā€¦

grafik
grafik.jpg1175x882 287 KB

Education applications wishlist
Mysql authentication with AD users
So, what are you working on? 10 Dec 2018
(Rob Bosch) #2

Great effort. Am I correct that the NethServer http module is a dependency too?
Now step 2: hack gibbon to get users from NS account providerā€¦

On the other side, we might want to wonder how a school would enter new students. Unless there is a ā€˜mass erolmentā€™ option I think most schools will prepare a CVS and import those into DAD/Samba4/LDAP.

Do we have any school sysadmins in our community? @FMFREAK, care to comment on this?

@mrmarkuz: There is a module to generate and store secrets in /var/lib/nethserver/secrets. It might be a good idea to use that to create the mysql database with.

(Markus Neuberger) #3

Gibbon seems to have a simple user table, so syncing with a cron script and passwords should also be no problem, Iā€™ll give it a try.

UPDATE gibbonPerson SET password=md5(ā€˜newPasswordā€™), passwordStrong=ā€™ā€™, passwordStrongSalt=ā€™ā€™ WHERE gibbonPersonID=1;

Source:

EDIT:

I donā€™t think we can get out the passwords for the AD users.

(Markus Neuberger) #4

Yes but I think itā€™s too much to use it in the howtos. Iā€™ll use it when building a package.

(Rob Bosch) #5

You know I love cherrypicking from other sources: How are SavaPage and Moodle syncing users from AD/Samba4/LDAP? Could this be reused for Gibbon?

(Markus Neuberger) #6

As httpd is already installed it should not be needed as we use scl php but now I am not sure anymoreā€¦ :smiley:

Moodle may be helpful as it uses mysql too.
I just donā€™t know how to get the password of the samba user. Importing it to gibbon db should be easy.

Maybe Gibbon has an export function so we may use the export file, change it to our needs (users etc.) and import it back to Gibbon.

(Rob Bosch) #7

I have asked the Gibbon devs before of AD/LDAP support could be added. They tried but have cancelled the feature request: not enough expertise with AD/LDAP
row 26:

In the meantime, filtering the Gibbon website for user export featureā€¦ :smiley:

Protip: watch the videoā€™s on Gibbon Supprt Youtube channel: https://www.youtube.com/channel/UCff1byXVvT5QJMiLcteUr8w

In the first video (Gibbon training day session2) at timestamp 38m05sec there is a question about AD/LDAP and why they didnā€™t manage to get it running.

(Markus Neuberger) #8

I found an import function so at least we are able to import csv files, which will help on migrating scenarios and maybe we can use it in combination with the export script /etc/e-smith/events/actions/nethserver-sssd-export-accounts. It creates users.tsv which may be converted to a CSV easily with something like this:

The result may be imported to Gibbon with a default password which has to be changed at first login.

[root@server ~]# ./tsv2csv.pl < /var/lib/nethserver/backup/users.tsv
admin,"NethServer Administrator",blablabla
markus,"Markus Neuberger",blablabla
administrator,Administrator,blablabla
...

The convert operation would also be possible with libreoffice or similar tools.

Screenshot of CSV import of Gibbon:

grafik
grafik.png1114x673 125 KB

(Rob Bosch) #9

I spent quite some time watching the Gibbon support videoā€™s on youtubeā€¦ They are enlightening! It gives quite some ideas to get users from NS accountprovider to Gibbbon.

I understood the CSV import option is always a complete set of users. You can not add a delta of new users. You always need to import the complete set of users and the import will ignore the already existing users.
I also saw that the format is very basic. Although there are many options you can add, it is nothing more than a preconfigured CSV.
Besides that Gibbon has plenty of opportunities to create custom fields through the webinterface. I am getting quite excited about this application!

(Markus Neuberger) #10

Itā€™s also for adding some new users as far as I understand.

I watched the video part about why not implementing AD/LDAP. He complains about too much different implementations. There are 3 (LDAP, AD, Apple Open Directory) and if you do a google search youā€™ll easily find code snippets how to implement those in PHP. I am not a PHP dev and maybe itā€™s really complex but it seems itā€™s just not their goal.

To ā€œhackā€ it, we would have to change the login procedure into asking some directory server instead of its mysql database. Horde or roundcube are written in PHP too, maybe we can do some copy/pasteā€¦

Maybe for the education server we use gibbon as user base (because it saves much more info about a user) and sync to Nethserver? Just an ideaā€¦or a hook in Nethserver when creating a user to sync to gibbon immediatelyā€¦

(Rob Bosch) #11

Thenā€¦ if it it turns out doable, we could do a PR so it gets adopted in Gibbon. It would be a LOT better to read from LDAP/AD natively then create some work around exporting users and importing them in Gibbonā€¦ (although several applications DO exactly that to fill the local database with LDAP /AD users.)

What I also was think about is using RADIUSā€¦ The application (in this case, Gibbon) just asks if a user X with password Y exists in the user source and if that user is allowed to do Zā€¦ The only thing RADIUS does is say yes or noā€¦ (after checking with the user source)

(Markus Neuberger) #12

Iā€™ll try the AD/LDAP way and report.

(Jochem Van Den Anker) #13

@robb
On our Secondary school in the Netherlands we have Magister. Because there is no connection possible between Magister and our Active Directory we have to use a CSV. We put that in a program called ADManager.

The problem to make international OSS for schools, is that every country has its own laws. But maybe Gibbon is a good starting point to make a country based School program.

(Rob Bosch) #14

@FMFREAK can you elaborate a bit on ā€œADManagerā€? Is it Windows only? Are there any Opensource alternatives? Would it work on Samba4 domains too?

(Markus Neuberger) #15

I updated the howto to gibbon version 16.0.01 and adapted the LDAP user export script to create a gibbon importable csv /var/lib/nethserver/backup/gibbon.csv. Itā€™s just a starting point and has to be improvedā€¦

create_gibbon_csv.pl 
#!/usr/bin/perl

use strict;
use warnings;

use JSON;
use NethServer::Password;

my $users = decode_json(`/usr/libexec/nethserver/list-users`) or die("Can't read user list");
my $generator = NethServer::Password->new('', {length => 8});
my $base_dir = '/var/lib/nethserver/backup/';
my $out_users = $base_dir . 'gibbon.csv';

if ( ! -d $base_dir ) {
    mkdir $base_dir;
}

open(my $fh, '>:utf8', $out_users) or die "Could not open file '$out_users': $!";
foreach (keys(%$users)) {
    my $password = $generator->generate();
    my $key = $_;
    $key =~ s/(@.*)//; # strip domain
    print $fh "'','surname','".$key."','".$key."','".$users->{$_}->{'gecos'}."','','F','".$key."','','','','Student'\n";
}
close $fh;

But in gibbon there are families, staff and users which can be Teacher, Support Staff, Student or Parent. None of these mappings are prefilled in Nethserver AD/LDAP. Maybe we can use Nethserver groups like Staff, Students and Parents.
Gibbon user import is now able to sync or do a complete import from CSV.

(Alessio Fattorini) #16

Happy to see another howto picked from the Education wishlist. Thanks @robb and @mrmarkuz
I appreciate the effort!

(Rob Bosch) #17

THANK YOU @mrmarkuz
I will give it a go soon. I am in the process of getting Linuxschools Karoshi server migrated to NethServer. As soon the NethServer instance is up and running I will install Gibbon and try the user import/export script. It would be HUGE to have this available.

(Markus Neuberger) #18

Looking forward to this!

Itā€™s just an example script now, one has to change delimiter to ' and set a default password for all users in the Gibbon web UI. In general it would be interesting how to do a smart mapping of nethserver accounts to gibbon staff, member, students and so on.

(Rob Bosch) #19

I have 2 remarks on this install.

  • php5.6 will be deprecated as of Januari 1st 2019 http://php.net/supported-versions.php
    I suggest to use at least 7.1. I tested an install of Gibbon with php7.1-scl and that works fine.

  • I tried to install Gibbon in a vhost. Since vhosts are available in NS, and intended as default for webapps, I think it would be a good idea to have gibbon installed there. BUTā€¦ It is probably my lack of knowledge, but I fail to end up at a webinterface when gibbon is extracted in the assigned vhost (at /var/lib/nethserver/vhost/gibbon/)

Maybe this needs a separate topic, but it would be great to get some explanation how vhosts work and how to get them to work.

(StƩphane de Labrusse) #20

php56 is still available but reached its end of life, you should use php71 (probably next LTS) or php72