README.Debian for GOsa 2.5 -------------------------- * Migrating from earlier Versions There was a schema change somewhere before 2.5. If you have goServer objects inside of your LDAP, you need to export your LDAP contents and add a objectClass: GOhard to every entry containing the goServer objectclass. * Configure GOsa By default you can point your favorite browser to the GOsa setup by using this URL: http://you.server.address/gosa Follow the instructions on the screen. * Generic informations Getting GOsa running itself is not very complicated. Problems normally arise when integrating it in various services. To play nice with your LDAP, you need to include the gosa schema files into your LDAP configuration. For Debian, you should install the gosa-schema package and add at least the following lines to your LDAP-servers slapd.conf: Samba 2: include /etc/ldap/schema/samba.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema Samba 3: include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa+samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema Schema files for samba and trust accounts are not part of the gosa-schema package, but are included in: /usr/share/doc/gosa/contrib/openldap There's no need to have samba services up and running, GOsa only uses the NT/LM attributes to pre-generate samba password hashes - to allow easy switching of account properties without asking for passwords after adding samba accounts. * Smarty PHP errors There might pop up messages about "Only variables should be passed by reference" when using PHP5. I can't do anything about them - these are cause by smarty. To get rid of them set your "error_reporting" in the php.ini to "E_ALL ^ E_NOTICE". This is a workaround only, wait for the debian smarty package to support PHP5 in a propper way. * Local configuration - security issues You should be aware, that GOsa reads its configuration files which store an important LDAP password as the www-data user. If you allow other people to have i.e. public html directories, they will be able to read this configuration as well - if you don't take steps against it. As a simple solution, you can pass a master password via request headers. This can be achieved by running: # a2enmod headers # gosa-encrypt-passwords # Remove the comment for /etc/gosa/gosa.secrets in /etc/gosa/apache.conf # /etc/init.d/apache2 reload ---- Cajus Pollmeier Fri 02 Jun 2006 16:23:50 +0200