diff --git a/debian/README.debian b/debian/README.debian
index 0c5378852d039baadcf912056466c649c3a1891b..e20cf4a2e20530225e2a4a56b2e150609dbcc5ca 100644 (file)
--- a/debian/README.debian
+++ b/debian/README.debian
README.Debian for GOsa 2.5
--------------------------
+* Migrating from earlier Versions
+
+There was a schema change somewhere before 2.5. If you have goServer objects
+inside of your LDAP, you need to export your LDAP contents and add a
+
+objectClass: GOhard
+
+to every entry containing the goServer objectclass.
+
+
+* Configure GOsa
+
+By default you can point your favorite browser to the GOsa setup by
+using this URL:
+
+http://you.server.address/gosa
+
+Follow the instructions on the screen.
+
+
* Generic informations
Getting GOsa running itself is not very complicated. Problems normally
passwords after adding samba accounts.
-* A note to PHP5 errors and smarty
+* Smarty PHP errors
+
+There might pop up messages about "Only variables should be passed by
+reference" when using PHP5. I can't do anything about them - these are
+cause by smarty. To get rid of them set your "error_reporting" in the
+php.ini to "E_ALL ^ E_NOTICE". This is a workaround only, wait for the
+debian smarty package to support PHP5 in a propper way.
+
+
+* Local configuration - security issues
+
+You should be aware, that GOsa reads its configuration files which store
+an important LDAP password as the www-data user. If you allow other
+people to have i.e. public html directories, they will be able to read
+this configuration as well - if you don't take steps against it.
+
+As a simple solution, you can pass a master password via request headers.
+This can be achieved by running:
-When using PHP5 and the debian packaged version of smarty, you
-may get a set of error messages about call by reference for non
-variables. This is no GOsa problem. Please modify your php.ini
-to have error reporting set to this:
+# a2enmod headers
+# gosa-encrypt-passwords
+# Remove the comment for /etc/gosa/gosa.secrets in /etc/gosa/apache.conf
+# /etc/init.d/apache2 reload
-error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
----