“UofA” Installation

This section will walk through the installation of OASIS at an un-named university.

Need to know

  • The URL the site will run on
  • The e-mail address of the person providing desktop support for OASIS
  • The e-mail address of the systems administrator responsible for OASIS
  • The address of an SMTP server OASIS can use to send email
  • How to link our web server to the existing university systems for authentication.
  • How to retrieve account details and enrolment information from the university systems.
In this case for the site we’ll use the URL:
and email:

our local SMTP server is at: smtp.oasisqe.com

In this example our external system allows user details to be looked up by an LDAP server. Password authentication is managed by the Kerberos service, which is supported by the Apache web server. Group memberships come from a

We will need to install the extra packages for Python LDAP support for the OASIS LDAP scripts:

apt-get install python-ldap

The university already has a PostgreSQL database server, so we’ll make use of that instead of installing our own one.

Install and Configure

On the web application server we will need to change some things in the OASIS configuration file:

nano /etc/oasisqe.ini

First, the web interface. We need to tell OASIS our URL:

url: https://www.oasisqe.com/uofa
statichost: https://www.oasisqe.com
staticpath: uofa

And the contact e-mail address to display on the web interface:

email: uofa@oasisqe.com

Don’t allow new people to sign themselves up and create accounts:

open_registration: False

Instead, we want to use the web server’s authentication. This will not present a login page, but will instead request authentication information from the web server:

default: webauth

Information about the application comes next:


homedir: /opt/oasisqe/3.9/src
logfile: /var/log/oasisqe/main.log

The secretkey is an important security measure. It protects users from being able to log in as each other, among other things. We must change it to something random and secret (use your own):

secretkey: t9Yptn0YjnSSmRafe0KF5F8Cyz3bUw

Since there’s just one administrator, when the system generates serious errors, the email address to send them to will be the same as above:

email_admins: uofa@oasisqe.com

Tell OASIS to send email via the organization’s mail server:

smtp_server: mail.oasisqe.com

We need to use external “feeds” to link to the enrolment system:

#  location for scripts that handle feeds (eg. enrolment)
feed_path: /var/lib/oasisqe/feeds

Fill in the credentials and host information for our PostgreSQL database:


host: dbserver.oasisqe.com
dbname: oasisdb
uname: oasisdb
pass: SECRET
port: 5432

As will the cache settings:


cachedir: /var/cache/oasisqe/v3.9
memcache_enable: True

Any time we make changes to this configuration file, we must tell Apache to restart OASIS:


When users log in to OASIS we want our web server to authenticate them, not OASIS itself. We can do this by configuring the web server, in this case Apache, to pass the credentials to OASIS:


In this case our system already has Kerberos configured, we just need to tell Apache when to apply it:

nano /etc/apache2/sites-available/oasisqe

Our Apache is already configured to connect to our Kerberos service for authentication:

KrbAuthoritative on
KrbMethodK5Passwd On
KrbMethodNegotiate off
KrbVerifyKDC off
KrbDelegateBasic Off

(If you also need to set up Apache for Kerberos support, we use http://modauthkerb.sourceforge.net/ , but there may be other methods, eg. if you’re using IIS it can probably use the AD equivalent)

Add a section to tell Apache that it is to perform authentication for OASIS:

<Directory /oasis/login/webauth/submit>
          AllowOverride All
          Order allow,deny
          allow from all
          AuthType Kerberos
          AuthName "Netaccount Login"
          require valid-user

Now when the user goes to OASIS, if it doesn’t know who they are, it will redirect them to /oasis/login/webauth. Apache will then prompt them for username and password and, if correct, will provide the username to OASIS. When OASIS encounters a username it has not seen before, it will fill in some default details (mostly blank) and then see if it can look them up using a User Feed script.

Any time you change the OASIS or Apache configuration files, restart Apache:

service apache2 restart

Check it Works

Now we can log in to OASIS and verify that it all works:

We open a web browser and go to the URL: https://www.oasisqe.com/uofa (obviously, using our own URL here). Log in using your credentials from the central system.

Create a Course