GOsa 2.6 for debian ------------------- * Configure GOsa By default you can point your favorite browser to the GOsa setup by using this URL: http://you.server.address/gosa Follow the instructions on the screen. * Security related information GOsa is running as the www-data user. This makes it possible for other web applications (well, this is the rule for allmost every web application that stores information somewhere around) to read the gosa.conf file, which may contain vital information about your LDAP service. To make it harder to extract these passwords, they get encrypted by a master password only readable by the GOsa location. You can simply migrate old existing passwords by typing: # a2enmod headers # gosa-encrypt-passwords # /etc/init.d/apache2 reload If this is not enough for you (exploitable PHP code may make it possible to read the webservers memory), you can simply create another webserver instance running as a different user on different port for GOsa exclusively. Or use apache2-mpm-itk and assign a different user to a virtual host. * Generic informations Getting GOsa running itself is not very complicated. Problems normally arise when integrating it in various services. To play nice with your LDAP, you need to include the gosa schema files into your LDAP configuration. For Debian, you should install the gosa-schema package and add at least the following lines to your LDAP-servers slapd.conf: Samba 2: include /etc/ldap/schema/gosa/samba.schema include /etc/ldap/schema/gosa/trust.schema include /etc/ldap/schema/gosa/gosystem.schema include /etc/ldap/schema/gosa/gofon.schema include /etc/ldap/schema/gosa/goto.schema include /etc/ldap/schema/gosa/gosa.schema include /etc/ldap/schema/gosa/gofax.schema include /etc/ldap/schema/gosa/goserver.schema include /etc/ldap/schema/gosa/goto-mime.schema Samba 3: include /etc/ldap/schema/gosa/samba3.schema include /etc/ldap/schema/gosa/trust.schema include /etc/ldap/schema/gosa/gosystem.schema include /etc/ldap/schema/gosa/gofon.schema include /etc/ldap/schema/gosa/goto.schema include /etc/ldap/schema/gosa/gosa-samba3.schema include /etc/ldap/schema/gosa/gofax.schema include /etc/ldap/schema/gosa/goserver.schema include /etc/ldap/schema/gosa/goto-mime.schema There's no need to have samba services up and running, GOsa only uses the NT/LM attributes to pre-generate samba password hashes - to allow easy switching of account properties without asking for passwords after adding samba accounts. * Smarty PHP errors There might pop up messages about "Only variables should be passed by reference" when using PHP5. I can't do anything about them - these are cause by smarty. To get rid of them set your "error_reporting" in the php.ini to "E_ALL ^ E_NOTICE". This is a workaround only, wait for the debian smarty package to support PHP5 in a propper way. -- Cajus Pollmeier Mon, 07 Apr 2008 11:18:53 +0200