![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/FAQ b/gosa-core/FAQ
index b93049df6e42d02f32ee41b4922db8785b978263..1b2958c6964b07f8aaefa62900095d1dea94b680 100644 (file)
--- a/gosa-core/FAQ
+++ b/gosa-core/FAQ
@@ -98,10 +98,10 @@ A: Yes. Just go to the doc/guide/user/en directory and copy the lyx-source direc
Q: Can I specify some kind of password policies?
Q: Can I specify some kind of password policies?
-A: You can place the keywords "pwminlen" and "pwdiffer" in the main section of your
- gosa.conf. "pwminlen" specifies how many characters a password must have to be
- accepted. "pwdiffer" contains the number of characters that must be different
- from the previous password.
+A: You can place the keywords "passwordMinLength" and "passwordMinDiffer" in the main
+ section of your gosa.conf. "passwordMinLength" specifies how many characters a
+ password must have to be accepted. "passwordMinDiffer" contains the number of
+ characters that must be different from the previous password.
Note that these only affect passwords that are set by the user, not by the admins.
Note that these only affect passwords that are set by the user, not by the admins.
@@ -110,7 +110,7 @@ Q: I've to update passwords on external windows PDCs. Can I add a command to let
synchronize these for me?
A: There's the possibility to add a password hook in gosa.conf's main section using
synchronize these for me?
A: There's the possibility to add a password hook in gosa.conf's main section using
- the keyword "externalpwdhook". The specified command will be executed with
+ the keyword "passwordHook". The specified command will be executed with
three parameters: /path/to/your/script username oldpassword newpassword
So you can call i.e. smbpasswd to handle your password change on the PDC.
three parameters: /path/to/your/script username oldpassword newpassword
So you can call i.e. smbpasswd to handle your password change on the PDC.
@@ -134,7 +134,7 @@ A: Create a directory to keep a set of vacation messages which are readable by t
%givenName %sn
-----------------------------------------------------------------------------------
%givenName %sn
-----------------------------------------------------------------------------------
- Place the config option vacationdir="/etc/gosa/vacation" in the location found in
+ Place the config option vacationTemplateDirectory="/etc/gosa/vacation" in the location found in
gosa.conf and a template box is show in the vacation mail tab.
gosa.conf and a template box is show in the vacation mail tab.
and add a percent sign befor it. Optionally you can strip it down to a number
of characters, specified in []. I.e.
and add a percent sign befor it. Optionally you can strip it down to a number
of characters, specified in []. I.e.
- idgen="{%sn}-{%givenName[2-4]}"
+ idGenerator="{%sn}-{%givenName[2-4]}"
will generate an ID using the full surename, adding a dash, and adding at least
the first two characters of givenName. If this ID is used, it'll use up to four
will generate an ID using the full surename, adding a dash, and adding at least
the first two characters of givenName. If this ID is used, it'll use up to four
b) using automatic id's
I.e. specifying
b) using automatic id's
I.e. specifying
- idgen="acct{id:3}"
+ idGenerator="acct{id:3}"
will generate a three digits id with the next free entry appended to "acct".
will generate a three digits id with the next free entry appended to "acct".
- idgen="ext{id#3}"
+ idGenerator="ext{id#3}"
will generate a three digits random number appended to "ext".
will generate a three digits random number appended to "ext".
Q: I'm migrating from the current LDAP, now GOsa does not allow uid's and group
with upper/lower case and spaces. What can I do?
Q: I'm migrating from the current LDAP, now GOsa does not allow uid's and group
with upper/lower case and spaces. What can I do?
-A: Include the strict="no" keyword in your gosa.conf's location section.
- WARNING: using strict="no" will cause problems with cyrus/postfix!!
+A: Include the strictNamingRules="no" keyword in your gosa.conf's location section.
+ WARNING: using strictNamingRules="no" will cause problems with cyrus/postfix!!
Q: I'd like to place my users under ou=staff, not under ou=people. Can I change
Q: I'd like to place my users under ou=staff, not under ou=people. Can I change
A: Yes. You can change the people and group locations by adding the following
statements to your location sections:
A: Yes. You can change the people and group locations by adding the following
statements to your location sections:
- people="ou=staff"
- groups="ou=crowds"
+ userRDN="ou=staff"
+ groupRDN="ou=crowds"
After logging in again, people and groups are created in the configured places.
As a side note, you can leave these strings blank for flat structures, too.
After logging in again, people and groups are created in the configured places.
As a side note, you can leave these strings blank for flat structures, too.
want to support anonymous binds for uid resolution. Is it possible to have dn's
containing the uid instead?
want to support anonymous binds for uid resolution. Is it possible to have dn's
containing the uid instead?
-A: Yes. Placing the dnmode="uid" keyword in your gosa.conf's location section will
- solve your problem.
+A: Yes. Placing the accountPrimaryAttribute="uid" keyword in your gosa.conf's location
+ section will solve your problem.
Q: Hey, I've installed GOsa, but it claims something about "SID and / or RIDBASE
Q: Hey, I've installed GOsa, but it claims something about "SID and / or RIDBASE
@@ -209,8 +209,8 @@ A: You've configured GOsa to use samba3, but your LDAP has no samba domain objec
<location name=...>
...
<location name=...>
...
- ridbase="1000"
- sid="0-815-4711" \>
+ sambaRidBase="1000"
+ sambaSID="0-815-4711" \>
Remember to fill in your real domain sid which is retrievable by the command
"net getlocalsid".
Remember to fill in your real domain sid which is retrievable by the command
"net getlocalsid".
@@ -236,7 +236,7 @@ A: This is an additional security feature, so that no one can fall back to uid 0
<location name=...>
...
<location name=...>
...
- minid="40"
+ minId="40"
... \>
in your configuration. In this example 40 will be the smallest ID you can enter.
... \>
in your configuration. In this example 40 will be the smallest ID you can enter.
<location name=...>
...
<location name=...>
...
- winstations="ou=machineaccounts"
+ sambaMachineAccountRDN="ou=machineaccounts"
... \>
Q: GOsa doesn't seem to follow my referrals. What can I do?
... \>
Q: GOsa doesn't seem to follow my referrals. What can I do?
-A: Place the option 'recursive = "true"' inside your locations definition
+A: Place the option 'ldapFollowReferrals = "true"' inside your locations definition
and you should be fine.
and you should be fine.
<location ...>
...
<location ...>
...
- tls="true"
+ ldapTLS="true"
... \>
to the location section of GOsa. This switch affects LDAP connections for a single location only.
... \>
to the location section of GOsa. This switch affects LDAP connections for a single location only.
<main ...>
...
<main ...>
...
- cyrusunixstyle="true"
+ cyrusUseSlashes="true"
... \>
to the main section of GOsa and the folders are created in unix style.
... \>
to the main section of GOsa and the folders are created in unix style.
Q: Is there a way to use ACL independet filtering when using administrative units?
Q: Is there a way to use ACL independet filtering when using administrative units?
-A: Yes. Set STRICT_UNITS to "true" in your gosa.conf's location section.
+A: Yes. Set "honourUnitTags" to "true" in your gosa.conf's location section.
Q: How can i active the account expiration code for the gosa interface?
Q: How can i active the account expiration code for the gosa interface?
-A: Yes. Just set "account_expiration" to "true" in your gosa.conf's main section.
+A: Yes. Just set "handleExpiredAccounts" to "true" in your gosa.conf's main section.
Q: What is the correct connection string for a Kolab server in GOsa?
Q: What is the correct connection string for a Kolab server in GOsa?
Q: New implementations of OpenLDAP seem to require {sasl} instead of {kerberos}
in password hashes. GOsa writes the wrong string. What can I do?
Q: New implementations of OpenLDAP seem to require {sasl} instead of {kerberos}
in password hashes. GOsa writes the wrong string. What can I do?
-A: You can set "krbsasl" to "true" in your gosa.conf's main section.
+A: You can set "useSaslForKerberos" to "true" in your gosa.conf's main section.
Q: Is there a way to add the personalTitle attribute the the users dn?
A: Just add this line into the location section of your gosa.conf.
<location name=...
Q: Is there a way to add the personalTitle attribute the the users dn?
A: Just add this line into the location section of your gosa.conf.
<location name=...
- include_personal_title="true"
+ personalTitleInDN="true"
...>
Q: I'd like to assign different uid bases for certain user/group objects.
How can this be achieved?
...>
Q: I'd like to assign different uid bases for certain user/group objects.
How can this be achieved?
-A: Use the base_hook in your gosa.conf's location section to specify a script
+A: Use the 'baseIdHook' in your gosa.conf's location section to specify a script
which handles the ID generation externaly. It get's called with the "dn"
and the attribute to be ID'd. It should return an integer value.
which handles the ID generation externaly. It get's called with the "dn"
and the attribute to be ID'd. It should return an integer value.
Q: GOsa sessions expire too quick. Is there a way to change this?
Q: GOsa sessions expire too quick. Is there a way to change this?
-A: Yes. Set "session_lifetime" to the number of seconds of inactivity. 7200
+A: Yes. Set "sessionLifetime" to the number of seconds of inactivity. 7200
(60x60x2) would be for two hours. Place this option inside the main
section of your gosa.conf.
(60x60x2) would be for two hours. Place this option inside the main
section of your gosa.conf.
A: Use Firefox, Konqueror, Safari, Opera, IE >= 7, etc. IE is broken and
I don't want to waste my time with working around this old crap. There's
A: Use Firefox, Konqueror, Safari, Opera, IE >= 7, etc. IE is broken and
I don't want to waste my time with working around this old crap. There's
- a quick hack, if you just put "ie_png_workaround='true'" inside the main
+ a quick hack, if you just put "iePngWorkaround='true'" inside the main
section of your gosa.conf. This is a JavaScript based workaround and I've
to place a WARNING here, that it is damn slow if you've large lists to
display.
section of your gosa.conf. This is a JavaScript based workaround and I've
to place a WARNING here, that it is damn slow if you've large lists to
display.
Q: GOsa only shows 300 entries at a time. Is this normal?
Q: GOsa only shows 300 entries at a time. Is this normal?
-A: There's a default sizelimit. You can set the "sizelimit" option in your
+A: There's a default sizelimit. You can set the "ldapSizelimit" option in your
gosa.conf's location section to a higher value to get rid of it.
gosa.conf's location section to a higher value to get rid of it.
A: You can set a nesting limit which ensures that the user names will not be
resolved if the amount of members reaches this limit.
<location
A: You can set a nesting limit which ensures that the user names will not be
resolved if the amount of members reaches this limit.
<location
- LDAP_FILTER_NESTING_LIMIT="100"
+ ...
+ ldapFilterNestingLimit="100"
+ ... />
</location>
Q: I want to disable the "Is the configuration file up to date?" check when logging in.
How can I disable this check?
</location>
Q: I want to disable the "Is the configuration file up to date?" check when logging in.
How can I disable this check?
-A: Just set the config_version attribute to an empty value:
- <conf config_version="" >
+A: Just set the configVersion attribute to an empty value:
+ <conf configVersion="" >
-
+Q: I've shredded my access control and am not able to do anything from now on. Is there
+ a way to override the ACL?
-
+A: Yes. Insert the following statement in the location section of your gosa.conf:
+ ignoreAcl="your user's dn"