debian/README.debian

   1 README.Debian for GOsa 2.5
   2 --------------------------
   3
   4 * Configure GOsa
   5
   6 By default you can point your favorite browser to the GOsa setup by
   7 using this URL:
   8
   9 http://you.server.address/gosa
  10
  11 Follow the instructions on the screen.
  12
  13
  14 * Generic informations
  15
  16 Getting GOsa running itself is not very complicated. Problems normally
  17 arise when integrating it in various services.
  18
  19 To play nice with your LDAP, you need to include the gosa schema files
  20 into your LDAP configuration. For Debian, you should install the
  21 gosa-schema package and add at least the following lines to your
  22 LDAP-servers slapd.conf:
  23
  24 Samba 2:
  25 include         /etc/ldap/schema/samba.schema
  26 include         /etc/ldap/schema/trust.schema
  27 include         /etc/ldap/schema/gosystem.schema
  28 include         /etc/ldap/schema/gofon.schema
  29 include         /etc/ldap/schema/goto.schema
  30 include         /etc/ldap/schema/gosa.schema
  31 include         /etc/ldap/schema/gofax.schema
  32 include         /etc/ldap/schema/goserver.schema
  33 include         /etc/ldap/schema/goto-mime.schema
  34
  35 Samba 3:
  36 include         /etc/ldap/schema/samba3.schema
  37 include         /etc/ldap/schema/trust.schema
  38 include         /etc/ldap/schema/gosystem.schema
  39 include         /etc/ldap/schema/gofon.schema
  40 include         /etc/ldap/schema/goto.schema
  41 include         /etc/ldap/schema/gosa+samba3.schema
  42 include         /etc/ldap/schema/gofax.schema
  43 include         /etc/ldap/schema/goserver.schema
  44 include         /etc/ldap/schema/goto-mime.schema
  45
  46 Schema files for samba and trust accounts are not part of the
  47 gosa-schema package, but are included in:
  48
  49 /usr/share/doc/gosa/contrib/openldap
  50
  51 There's no need to have samba services up and running, GOsa only
  52 uses the NT/LM attributes to pre-generate samba password hashes -
  53 to allow easy switching of account properties without asking for
  54 passwords after adding samba accounts.
  55
  56
  57 * Smarty PHP errors
  58
  59 There might pop up messages about "Only variables should be passed by
  60 reference" when using PHP5. I can't do anything about them - these are
  61 cause by smarty. To get rid of them set your "error_reporting" in the
  62 php.ini to "E_ALL ^ E_NOTICE". This is a workaround only, wait for the
  63 debian smarty package to support PHP5 in a propper way.
  64
  65
  66 * Local configuration - security issues
  67
  68 You should be aware, that GOsa reads its configuration files which store
  69 an important LDAP password as the www-data user. If you allow other
  70 people to have i.e. public html directories, they will be able to read
  71 this configuration as well - if you don't take steps against it.
  72
  73 As a simple solution, you can pass a master password via request headers.
  74 This can be achieved by running:
  75
  76 # a2enmod headers
  77 # gosa-encrypt-passwords
  78 # Remove the comment for /etc/gosa/gosa.secrets in /etc/gosa/apache.conf
  79 # /etc/init.d/apache2 reload
  80
  81 ----
  82 Cajus Pollmeier <cajus@debian.org>  Fri 02 Jun 2006 16:23:50 +0200