diff --git a/gosa-core/FAQ b/gosa-core/FAQ
index 41d4254ffb2795494fbeee21c30480b91bd49823..1b2958c6964b07f8aaefa62900095d1dea94b680 100644 (file)
--- a/gosa-core/FAQ
+++ b/gosa-core/FAQ
@@ -98,10 +98,10 @@ A: Yes. Just go to the doc/guide/user/en directory and copy the lyx-source direc
Q: Can I specify some kind of password policies?
-A: You can place the keywords "pwminlen" and "pwdiffer" in the main section of your
- gosa.conf. "pwminlen" specifies how many characters a password must have to be
- accepted. "pwdiffer" contains the number of characters that must be different
- from the previous password.
+A: You can place the keywords "passwordMinLength" and "passwordMinDiffer" in the main
+ section of your gosa.conf. "passwordMinLength" specifies how many characters a
+ password must have to be accepted. "passwordMinDiffer" contains the number of
+ characters that must be different from the previous password.
Note that these only affect passwords that are set by the user, not by the admins.
@@ -110,7 +110,7 @@ Q: I've to update passwords on external windows PDCs. Can I add a command to let
synchronize these for me?
A: There's the possibility to add a password hook in gosa.conf's main section using
- the keyword "externalpwdhook". The specified command will be executed with
+ the keyword "passwordHook". The specified command will be executed with
three parameters: /path/to/your/script username oldpassword newpassword
So you can call i.e. smbpasswd to handle your password change on the PDC.
@@ -134,7 +134,7 @@ A: Create a directory to keep a set of vacation messages which are readable by t
%givenName %sn
-----------------------------------------------------------------------------------
- Place the config option vacationdir="/etc/gosa/vacation" in the location found in
+ Place the config option vacationTemplateDirectory="/etc/gosa/vacation" in the location found in
gosa.conf and a template box is show in the vacation mail tab.
and add a percent sign befor it. Optionally you can strip it down to a number
of characters, specified in []. I.e.
- idgen="{%sn}-{%givenName[2-4]}"
+ idGenerator="{%sn}-{%givenName[2-4]}"
will generate an ID using the full surename, adding a dash, and adding at least
the first two characters of givenName. If this ID is used, it'll use up to four
b) using automatic id's
I.e. specifying
- idgen="acct{id:3}"
+ idGenerator="acct{id:3}"
will generate a three digits id with the next free entry appended to "acct".
- idgen="ext{id#3}"
+ idGenerator="ext{id#3}"
will generate a three digits random number appended to "ext".
Q: I'm migrating from the current LDAP, now GOsa does not allow uid's and group
with upper/lower case and spaces. What can I do?
-A: Include the strict="no" keyword in your gosa.conf's location section.
- WARNING: using strict="no" will cause problems with cyrus/postfix!!
+A: Include the strictNamingRules="no" keyword in your gosa.conf's location section.
+ WARNING: using strictNamingRules="no" will cause problems with cyrus/postfix!!
Q: I'd like to place my users under ou=staff, not under ou=people. Can I change
A: Yes. You can change the people and group locations by adding the following
statements to your location sections:
- people="ou=staff"
- groups="ou=crowds"
+ userRDN="ou=staff"
+ groupRDN="ou=crowds"
After logging in again, people and groups are created in the configured places.
As a side note, you can leave these strings blank for flat structures, too.
want to support anonymous binds for uid resolution. Is it possible to have dn's
containing the uid instead?
-A: Yes. Placing the dnmode="uid" keyword in your gosa.conf's location section will
- solve your problem.
+A: Yes. Placing the accountPrimaryAttribute="uid" keyword in your gosa.conf's location
+ section will solve your problem.
Q: Hey, I've installed GOsa, but it claims something about "SID and / or RIDBASE
@@ -209,8 +209,8 @@ A: You've configured GOsa to use samba3, but your LDAP has no samba domain objec
<location name=...>
...
- ridbase="1000"
- sid="0-815-4711" \>
+ sambaRidBase="1000"
+ sambaSID="0-815-4711" \>
Remember to fill in your real domain sid which is retrievable by the command
"net getlocalsid".
@@ -236,7 +236,7 @@ A: This is an additional security feature, so that no one can fall back to uid 0
<location name=...>
...
- minid="40"
+ minId="40"
... \>
in your configuration. In this example 40 will be the smallest ID you can enter.
<location name=...>
...
- winstations="ou=machineaccounts"
+ sambaMachineAccountRDN="ou=machineaccounts"
... \>
Q: GOsa doesn't seem to follow my referrals. What can I do?
-A: Place the option 'recursive = "true"' inside your locations definition
+A: Place the option 'ldapFollowReferrals = "true"' inside your locations definition
and you should be fine.
<location ...>
...
- tls="true"
+ ldapTLS="true"
... \>
to the location section of GOsa. This switch affects LDAP connections for a single location only.
<main ...>
...
- cyrusunixstyle="true"
+ cyrusUseSlashes="true"
... \>
to the main section of GOsa and the folders are created in unix style.
Q: Is there a way to use ACL independet filtering when using administrative units?
-A: Yes. Set STRICT_UNITS to "true" in your gosa.conf's location section.
+A: Yes. Set "honourUnitTags" to "true" in your gosa.conf's location section.
Q: How can i active the account expiration code for the gosa interface?
-A: Yes. Just set "account_expiration" to "true" in your gosa.conf's main section.
+A: Yes. Just set "handleExpiredAccounts" to "true" in your gosa.conf's main section.
Q: What is the correct connection string for a Kolab server in GOsa?
Q: New implementations of OpenLDAP seem to require {sasl} instead of {kerberos}
in password hashes. GOsa writes the wrong string. What can I do?
-A: You can set "krbsasl" to "true" in your gosa.conf's main section.
+A: You can set "useSaslForKerberos" to "true" in your gosa.conf's main section.
Q: Is there a way to add the personalTitle attribute the the users dn?
A: Just add this line into the location section of your gosa.conf.
<location name=...
- include_personal_title="true"
+ personalTitleInDN="true"
...>
Q: I'd like to assign different uid bases for certain user/group objects.
How can this be achieved?
-A: Use the base_hook in your gosa.conf's location section to specify a script
+A: Use the 'baseIdHook' in your gosa.conf's location section to specify a script
which handles the ID generation externaly. It get's called with the "dn"
and the attribute to be ID'd. It should return an integer value.
Q: GOsa sessions expire too quick. Is there a way to change this?
-A: Yes. Set "session_lifetime" to the number of seconds of inactivity. 7200
+A: Yes. Set "sessionLifetime" to the number of seconds of inactivity. 7200
(60x60x2) would be for two hours. Place this option inside the main
section of your gosa.conf.
A: Use Firefox, Konqueror, Safari, Opera, IE >= 7, etc. IE is broken and
I don't want to waste my time with working around this old crap. There's
- a quick hack, if you just put "ie_png_workaround='true'" inside the main
+ a quick hack, if you just put "iePngWorkaround='true'" inside the main
section of your gosa.conf. This is a JavaScript based workaround and I've
to place a WARNING here, that it is damn slow if you've large lists to
display.
Q: GOsa only shows 300 entries at a time. Is this normal?
-A: There's a default sizelimit. You can set the "sizelimit" option in your
+A: There's a default sizelimit. You can set the "ldapSizelimit" option in your
gosa.conf's location section to a higher value to get rid of it.
+
+
+Q: I have problems with my ldap server when I open groups with
+ a huge amount of members, what can I do?
+
+A: You can set a nesting limit which ensures that the user names will not be
+ resolved if the amount of members reaches this limit.
+ <location
+ ...
+ ldapFilterNestingLimit="100"
+ ... />
+ </location>
+
+
+Q: I want to disable the "Is the configuration file up to date?" check when logging in.
+ How can I disable this check?
+
+A: Just set the configVersion attribute to an empty value:
+ <conf configVersion="" >
+
+
+Q: I've shredded my access control and am not able to do anything from now on. Is there
+ a way to override the ACL?
+
+A: Yes. Insert the following statement in the location section of your gosa.conf:
+
+ ignoreAcl="your user's dn"
+