Howto install Xerte Online Toolkits

mrmarkuz · July 20, 2018, 5:42pm

This howto is about installing Xerte Online Toolkits.

Get the zip file from the xerte homepage - I couldn’t wget it, maybe someone has a hint for me…I downloaded it on a client and uploaded to Nethserver.

Installation

# Install prerequisites, maybe some php dependencies are missing here...
yum -y install unzip nethserver-mysql

# Extract and put xerte to right location
unzip xertetoolkits_3.6.zip -d xerte
mv xerte /usr/share/

# Set owner for xerte
chown -R apache:apache /usr/share/xerte

# Create database and db user, change SECRET to your desired password
mysql
create database toolkits_data character set utf8 collate utf8_bin;
grant all privileges on toolkits_data.* to xerte@localhost identified by 'SECRET';
exit;

# Create httpd conf file
cat << EOL > /etc/httpd/conf.d/xerte.conf
Alias /xerte /usr/share/xerte
<Directory /usr/share/xerte>
  Require all granted
</Directory>
EOL

# Create php ini file
cat << EOL >  /etc/php.d/xerte.ini
upload_tmp_dir = /tmp
EOL

# Apply settings
systemctl restart httpd

Browse to https://NETHSERVER/xerte and follow the setup assistant

When finished, delete the setup dir:

rm -Rf /usr/share/xerte/setup

Authentication

Local authentication works, remote LDAP didn’t work in first tests and remote AD is yet untested.

To make it work for Nethserver DC you need to disable strong auth or a valid certificate (untested with xerte).

Authentication settings:

In the site administration (https://NETHSERVER/xerte/management.php) under Site/Authentication settings you need to set “LDAP”.

Under LDAP settings you need to setup AD/LDAP.

You can get the necessary infos on your Nethservers Accounts provider page or on command line with account-provider-test dump.

The AD/ LDAP users are imported to the database after first login so don’t change the LDAP main filter after users have logged in otherwise you have doubled users.

LDAP settings for AD:

The ldap host is: ad.domain.local
The ldap port is: 389
The ldap password is: your ldapservice password
The ldap base is: dc=ad,dc=domain,dc=local
The ldap bind is: cn=ldapservice,cn=Users,dc=ad,dc=domain,dc=local
The LDAP main filter is: cn (to login as user without domain; use userPrincipalName to login as user@domain.local)
The LDAP second filter is: cn (seems not to be used, reserved?)

LDAP settings for OpenLDAP:

The ldap host is: localhost
The ldap port is: 389
The ldap password is: your ldapservice password
The ldap base is: dc=directory,dc=nh
The ldap bind is: cn=ldapservice,dc=directory,dc=nh
The LDAP main filter is: uid (to login as user without domain; use Email to login as user@domain.local)

Next steps:

add probably missing php deps
change howto to create vhost à la Nethserver
remote LDAP/AD
Testing

robb · July 20, 2018, 6:27pm

You have to be logged in with a useraccount on the xerte website to be able to download the zip. The only way to directly get the files is through github and git clone the files.

You can confiure Xerte through https://NETHSERVER/xerte/management.php
default user is admin
default password is admin (or at least it is with the implementation on Karoshi server, where I run Xerte on)

Change the default password ASAP (especially if your server is internet facing)

/edit: Question to @mrmarkuz Why install in /usr/share and not create a virtualhost and go from there? Then create the xerte vhost and unzip to /var/lib/nethserver/vhost/xerte

/edit2: Reading the notes in the install screen, the default dir for a xerte install is /usr/share… would have been nice though, if it could be installed the ‘nethserver’ way.

mrmarkuz · July 20, 2018, 7:05pm

Would be possible too and maybe a better approach for a howto. I didn’t think of a virtualhost in the first step. I put it to /usr/share/xerte like /usr/share/nextcloud. You could add the virtualhost config in the xerte.conf even if xerte is located in /usr/share/nextcloud.

robb · July 21, 2018, 7:40am

I tried to get Xerte to authenticate against Samba4 AD account provider, but it does not seem to work. Did you try this?
Looks like Ubuntu Server settings are different from CentOS, since the settings I posted above are from an Ubuntu based server. Biggest difference is that Samba4 is installed on the same server/IP address as where Xerte is running, so the domain is at localhost for that Ubuntu instance.

mrmarkuz · July 22, 2018, 1:45pm

I added it to the howto, it’s about the usual suspect: valid cert/samba ldap auth.

robb · October 7, 2019, 10:07am

It has been a while but there is great news from the Xerte project. Xerte 3.8 has been released.

I hope the howto can be adjusted to the new version. (ping to @mrmarkuz)

Release notes for Xerte online Toolkits 3.8:
https://xot.xerte.org.uk/play.php?template_id=81

robb · March 13, 2021, 3:38pm

Installed latest Xerte (3.9 LTS) on NethServer 7 in a vhost. So here comes an updated howto:
Xerte System requirements: https://xot.xerte.org.uk/play.php?template_id=81#systemrequirements
Download xerte from the xerte website. Since you need to be logged in to get the zip, an alternative to get the latest zip from their github repository Be aware this is the ‘develop’ version of xerte. I have no idea if it differs from the zip that is available from their website. It probably is different/newer.

Installation:
prerequisits and dependancies:
yum -y install unzip nethserver-mysql

Create DNS entry for the subdomain you want to run xerte in. A CNAME for the domain.tld is good if you have domain.tld on the same server.

Add the subdomain to the LE cert:
go to System / Certificates
click Lets Encrypt button
add the new subdomain to the certificate (only works if the subdomain already has been created in DNS)

Create vhost in servermanager:
In Servermanager go to applications and find webserver.
click ‘settings’ button
click ‘Virtual Hosts’
click ‘create a virtual host’
fill in the FQDN for the new vhost: sub.domain.tld
in description set a text for your own convenience. for instance: ‘xerte online content authoring tool’
click Advanced settings
check Require SSL encrypted connection
UNcheck Root directory file listings
select the certificate to use (make sure this is the LE certificate you updated with the new subdomain)
choose the php version. Xerte does NOT run correctly with php8 yet! I chose php7.3

Extract and put xerte to right location
copy the xerte zipfile to the directory of the new vhost. You can check the name of the directory at /var/lib/nethserver/vhost/ If you have multiple vhosts, doublecheck if you have the correct directtory!
Unzip the zipfile in the vhost: cd to directory /var/lib/nethserver/vhost/[vhostdirectory]
go 1 directory up and make the directory writable for httpd service:
chown -R apache:apache /var/lib/nethserver/vhost/[vhostdirectory]

Create database in mariadb (change SECRET to a password of your own choice:
mysql
create database toolkits_data character set utf8 collate utf8_bin; grant all privileges on toolkits_data.* to xerte@localhost identified by 'SECRET'; exit;

no httpd.conf or php.ini file needed since you use a vhost.

Apply settings:
systemctl restart httpd

Now browse to the new vhost in your browser: https://sub.domain.tld and follow the setup assistant
When finished delete the setup dir:
rm -Rf /var/lib/nethserver/vhost/[vhostdir]/setup

Authentication:
Guest access works. Good for testing, however, if Xerte runs in Guest mode and the server is directly connected to internet, anyone can create, edit and delete learning objects. So do change the authentication method asap.
Local Db authentication works
Local Samba4 AD authentication works. Strongly advice to use a valid certificate.

to be tested:
Local LDAP
Remote Samba 4 AD
Remote LDAP

Authentication settings:
In the site administration (https://sub.domain.tld/management.php) under Site/Authentication set to LDAP
Under LDAP settings configure AD/LDAP
Ldaphost is: ldaps://ad.domain.tld
port is: 636 (if using ldap instead of ldaps, then 389)
The ldap password is: [bindpassword] (see System / Users & Groups: Accountprovider details)
The ldap base is: dc=ad,dc=domain,dc=tld
The ldap bind is: cn=ldapservice,cn=Users,dc=ad,dc=domain,dc=tld
The ldap main filter is: cn (or alternatively userPrincipalName to login as user@domain.tld)
The ldap second filter is: cn )seems not to be used, reserved?)
Click SAVE (top left)
log out management.php
you will be reverted to the xerte login page
log in with a Samba4 AD user to check of config is correct.

LDAP settings for OpenLDAP
to be investigated, did not try how @mrmarkuz documented in the opening post.

Please test and add comments/options

robb · March 13, 2021, 4:55pm

I used a vhost since it has at least 2 major advantages:

no need to add the directory to your backup: it’s in the /var/lib/nethserver/ path so it gets backupped automaticaly
Choose the php version for the vhost.

For those interested: next week, March 17 and 18 2021 there is an online Xerte event.
https://xot.xerte.org.uk/play.php?template_id=238#welcome