debian/README.debian

   1 README.Debian for GOsa 2.5
   2 --------------------------
   3
   4 * Migrating from earlier Versions
   5
   6 There was a schema change somewhere before 2.5. If you have goServer objects
   7 inside of your LDAP, you need to export your LDAP contents and add a
   8
   9 objectClass: GOhard
  10
  11 to every entry containing the goServer objectclass.
  12
  13
  14 * Configure GOsa
  15
  16 By default you can point your favorite browser to the GOsa setup by
  17 using this URL:
  18
  19 http://you.server.address/gosa
  20
  21 Follow the instructions on the screen.
  22
  23
  24 * Generic informations
  25
  26 Getting GOsa running itself is not very complicated. Problems normally
  27 arise when integrating it in various services.
  28
  29 To play nice with your LDAP, you need to include the gosa schema files
  30 into your LDAP configuration. For Debian, you should install the
  31 gosa-schema package and add at least the following lines to your
  32 LDAP-servers slapd.conf:
  33
  34 Samba 2:
  35 include         /etc/ldap/schema/samba.schema
  36 include         /etc/ldap/schema/trust.schema
  37 include         /etc/ldap/schema/gosystem.schema
  38 include         /etc/ldap/schema/gofon.schema
  39 include         /etc/ldap/schema/goto.schema
  40 include         /etc/ldap/schema/gosa.schema
  41 include         /etc/ldap/schema/gofax.schema
  42 include         /etc/ldap/schema/goserver.schema
  43 include         /etc/ldap/schema/goto-mime.schema
  44
  45 Samba 3:
  46 include         /etc/ldap/schema/samba3.schema
  47 include         /etc/ldap/schema/trust.schema
  48 include         /etc/ldap/schema/gosystem.schema
  49 include         /etc/ldap/schema/gofon.schema
  50 include         /etc/ldap/schema/goto.schema
  51 include         /etc/ldap/schema/gosa+samba3.schema
  52 include         /etc/ldap/schema/gofax.schema
  53 include         /etc/ldap/schema/goserver.schema
  54 include         /etc/ldap/schema/goto-mime.schema
  55
  56 Schema files for samba and trust accounts are not part of the
  57 gosa-schema package, but are included in:
  58
  59 /usr/share/doc/gosa/contrib/openldap
  60
  61 There's no need to have samba services up and running, GOsa only
  62 uses the NT/LM attributes to pre-generate samba password hashes -
  63 to allow easy switching of account properties without asking for
  64 passwords after adding samba accounts.
  65
  66
  67 * Smarty PHP errors
  68
  69 There might pop up messages about "Only variables should be passed by
  70 reference" when using PHP5. I can't do anything about them - these are
  71 cause by smarty. To get rid of them set your "error_reporting" in the
  72 php.ini to "E_ALL ^ E_NOTICE". This is a workaround only, wait for the
  73 debian smarty package to support PHP5 in a propper way.
  74
  75
  76 * Local configuration - security issues
  77
  78 You should be aware, that GOsa reads its configuration files which store
  79 an important LDAP password as the www-data user. If you allow other
  80 people to have i.e. public html directories, they will be able to read
  81 this configuration as well - if you don't take steps against it.
  82
  83 As a simple solution, you can pass a master password via request headers.
  84 This can be achieved by running:
  85
  86 # a2enmod headers
  87 # gosa-encrypt-passwords
  88 # Remove the comment for /etc/gosa/gosa.secrets in /etc/gosa/apache.conf
  89 # /etc/init.d/apache2 reload
  90
  91
  92
  93 ----
  94 Cajus Pollmeier <cajus@debian.org>  Fri 02 Jun 2006 16:23:50 +0200