1 GOsa2.1 QUICK INSTALL
2 =====================
4 * Installing GOsa
6 Unpack the GOsa tarball and move the main gosa directory to
7 a place your webserver is configured to find it. The default
8 location will be /usr/share/gosa. For later reference, I assume
9 that you've choosen this path, too.
11 Create the directory /var/spool/gosa for the smarty compile directory.
12 Make it read/write for the webserver (additional chmod 770). You may
13 want to move it elsewhere, configure it in gosa.conf.
15 Create the configuration directory /etc/gosa and make sure
16 that your webserver can read it.
18 As a summmary, you now have these directories for GOsa:
20 /etc/gosa
21 /var/spool/gosa
22 /usr/share/gosa
24 After this has been done, include settings for GOsa in your apache
25 config:
27 # Set alias to gosa
28 Alias /gosa /usr/share/gosa/html
30 Assumed you've installed PHP >= 4.1.0, restart your apache webserver
31 and do your first GOsa dry run without configuration:
33 http[s]://your-server/gosa/setup.php
35 GOsa setup will perform some basic system checks about general
36 prerequisites. The setup asks some questions and provides a
37 basic gosa.conf to save in /etc/gosa. Follow the instructions
38 until you're able to log in.
41 * Migrating an existing tree
43 To migrate an existing LDAP tree, you've to do all steps from above,
44 plus some modifications:
46 - GOsa only shows users that have the objectClass gosaAccount
47 This one has been introduced for several reasons. First, there are
48 cases you want to hide special accounts from regular admins (i.e.
49 a samba admin account which is used to log windows machines into
50 their domain, where chaning a password by accident has bad consequences).
51 Secondly the gosaAccount keeps the lm/nt password hashes and the
52 attributes for the last password change - with the consequence that
53 adding a samba account "later" will not require the user to reset
54 the password.
56 - GOsa only recognizes subtrees (or departments in GOsa's view of things)
57 that have the objectClass gosaDepartment. You can hide subtrees from GOsa
58 by not putting this objectClass inside.
60 - You need at least one group with objectClass gosaObject and attribute
61 gosaSubtreeACL set to :all in the base of your tree. All members of this
62 group are able to change everything in GOsa. Look at the cn=administrators
63 from above.
65 That should be all. Entries should be visible in GOsa now. Be aware that if
66 your naming policy of user cn's differs from the way GOsa handles it, the
67 entries get rewritten to a GOsa style dn.
70 * More informations
72 To improve this piece of software, please report all kind of errors.
73 Looking for a mailing list? Go to
75 https://oss.gonicus.de/cgi-bin/mailman/listinfo/gosa/
77 Thanks
79 ---
80 Cajus Pollmeier <pollmeier@gonicus.de>