![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/branches/old/gosa-core/debian/README.Debian b/branches/old/gosa-core/debian/README.Debian
--- /dev/null
@@ -0,0 +1,89 @@
+GOsa 2.6 for debian
+-------------------
+
+* Configure GOsa
+
+By default you can point your favorite browser to the GOsa setup by
+using this URL:
+
+http://you.server.address/gosa
+
+Follow the instructions on the screen.
+
+
+* Security related information
+
+GOsa is running as the www-data user. This makes it possible for other
+web applications (well, this is the rule for allmost every web application
+that stores information somewhere around) to read the gosa.conf file, which
+may contain vital information about your LDAP service.
+
+To make it harder to extract these passwords, they get encrypted by a
+master password only readable by the GOsa location.
+
+You can simply migrate old existing passwords by typing:
+
+# a2enmod headers
+# gosa-encrypt-passwords
+# /etc/init.d/apache2 reload
+
+If this is not enough for you (exploitable PHP code may make it possible to
+read the webservers memory), you can simply create another webserver instance
+running as a different user on different port for GOsa exclusively. Or use
+apache2-mpm-itk and assign a different user to a virtual host.
+
+
+* Generic informations
+
+Getting GOsa running itself is not very complicated. Problems normally
+arise when integrating it in various services.
+
+To play nice with your LDAP, you need to include the gosa schema files
+into your LDAP configuration. For Debian, you should install the
+gosa-schema package and add at least the following lines to your
+LDAP-servers slapd.conf:
+
+Samba 2:
+include /etc/ldap/schema/samba.schema
+include /etc/ldap/schema/trust.schema
+include /etc/ldap/schema/gosystem.schema
+include /etc/ldap/schema/gofon.schema
+include /etc/ldap/schema/goto.schema
+include /etc/ldap/schema/gosa.schema
+include /etc/ldap/schema/gofax.schema
+include /etc/ldap/schema/goserver.schema
+include /etc/ldap/schema/goto-mime.schema
+
+Samba 3:
+include /etc/ldap/schema/samba3.schema
+include /etc/ldap/schema/trust.schema
+include /etc/ldap/schema/gosystem.schema
+include /etc/ldap/schema/gofon.schema
+include /etc/ldap/schema/goto.schema
+include /etc/ldap/schema/gosa+samba3.schema
+include /etc/ldap/schema/gofax.schema
+include /etc/ldap/schema/goserver.schema
+include /etc/ldap/schema/goto-mime.schema
+
+Schema files for samba and trust accounts are not part of the
+gosa-schema package, but are included in:
+
+/usr/share/doc/gosa/contrib/openldap
+
+There's no need to have samba services up and running, GOsa only
+uses the NT/LM attributes to pre-generate samba password hashes -
+to allow easy switching of account properties without asking for
+passwords after adding samba accounts.
+
+
+* Smarty PHP errors
+
+There might pop up messages about "Only variables should be passed by
+reference" when using PHP5. I can't do anything about them - these are
+cause by smarty. To get rid of them set your "error_reporting" in the
+php.ini to "E_ALL ^ E_NOTICE". This is a workaround only, wait for the
+debian smarty package to support PHP5 in a propper way.
+
+
+ -- Cajus Pollmeier <cajus@debian.org> Mon, 07 Apr 2008 11:18:53 +0200
+