diff --git a/gosa-core/FAQ b/gosa-core/FAQ
index 94fade525929693bbc23ff4ea1d16a0de6e7e0df..2b316b5068c5e27cde46e95d71b33acf94be2dfd 100644 (file)
--- a/gosa-core/FAQ
+++ b/gosa-core/FAQ
This is the textual form of the GOsa FAQ. Online information with
-comments is set up at Wiki: http://oss.gonicus.de/gosa/.
+comments is set up at Wiki: https://oss.gonicus.de/labs/gosa/wiki/documentation
-Q: When creating many users for one department, I need to fill some
- fields again and again. Is there a shortcut for that?
-A: Just create a user template and pre-fill all values you need. You
- can use dynamic content, too: uid, sn and givenName will be replaced.
- i.E. an entry '/home/%uid' in homeDirectory will be replaced by the
- real uid of the user you're creating, %sn.%givenName@yourdomain.com
- creates proper email addresses, etc. Templates include group membership.
+Q: When creating many users for one department, I need to fill
+ somefields again and again. Is there a shortcut for that?
+A: Just create a user template and pre-fill all values you need. You
+ can use dynamic content, too: uid, sn and givenName will be replaced.
+ i.E. an entry '/home/{%uid}' in homeDirectory will be replaced by the
+ real uid of the user you're creating, {%sn[0-4]}.{%givenName}@yourdomain.com
+ creates proper email addresses, etc. Templates include group membership.
-Q: Can GOsa execute commands after creating/editing/removing users,
- departments, etc.
+ For more details visit:
+ https://oss.gonicus.de/labs/gosa/wiki/PluginInstallationUserTemplates
-A: Yes. Edit /etc/gosa/gosa.conf's menu section. Each plugin may have
- an entry "postremove", "postmodify" and "postcreate". You can use
- ldap attributes as command line options.
- i.E. postcreate="/usr/bin/sudo /usr/local/sbin/ftp.setperms %uid '%givenName'"
+Q: I can see passwords in my logs and in my process list while executing
+ commands, such as postcreate/passwordHook/aso.
-Q: I'd like to modify the look of GOsa to fit our CI. How can I create an
- own theme?
+A: The best way to execute scripts with sensitive data is to use envrionmental
+ variables in your scripts, like shown here:
-A: Themes are splitted into two parts. ihtml/ contains templates which
- generate the ui, html/ contains all parts that must be readable from
- clients. GOsa first looks for predefined files in the directory indirectly
- defined via the "theme" parameter in /etc/gosa/gosa.conf. If it can't
- find them here, it'll use the default one.
+ An example snippet from the gosa.conf
+
+ ---
+ <plugin name='User password' class='password'
+ postmodify="NEWPASSWORD=%new_password /usr/bin/sudo /scripts/myScript.sh"
+ ---
+
+ Another example for the password check hook (The passwordHook is deprecated in GOsa 2.7):
+ ---
+ <location
+ passwordHook="CURRENTPWD=%current_password NEWPWD=%new_password /usr/bin/sudo /scripts/myScript.sh"
+ ---
- So start over by copying html/themes/default to html/themes/yourtheme
- and ihtml/themes/default to ihtml/themes/yourtheme. Change gosa.conf to
- contain theme="yourtheme" in section main. Here are some files to edit:
+ You can then use the variables like this:
+ ---
+ #!/bin/sh
+ echo $CURRENTPWD
+ echo $NEWPWD
+ ---
- * login.tpl -> login screen
- * framework.tpl -> page contents
- * style.css -> stylesheets used by GOsa
- In fact, the rest of the UI is not converted to smarty, yet. Please be
- patient.
+Q: Can GOsa execute commands 'BEFORE' creating/editing/removing users,departments, etc.
+A: Yes. Edit /etc/gosa/gosa.conf's menu section.
+ Each plugin may has an entry "preremove", "premodify" and "precreate".
+ You can use ldap attributes as command line options.
-Q: How can I let a person do administrative tasks under a specific department?
+ i.E.
+ ---
+ precreate="/usr/bin/sudo /usr/local/sbin/ftp.setperms %uid %givenName"
+ ---
-A: Create a group inside this department. Put all administrative people inside,
- go to the "ACL" tab and check all fields these users should be able to adminstrate.
+Q: Can GOsa execute commands 'AFTER' creating/editing/removing users,departments, etc.
-Q: How can I permit users to change some of their own attributes?
+A: Yes. Edit /etc/gosa/gosa.conf's menu section.
+ Each plugin may has an entry "postremove", "postmodify" and "postcreate".
+ You can use ldap attributes as command line options.
-A: Same like the point above, but this rule only works for users own attributes
- by checking the box on the acl page.
+ i.E.
+ ---
+ postcreate="/usr/bin/sudo /usr/local/sbin/ftp.setperms %uid %givenName"
+ ---
-Q: What about applications?
+Q: I'd like to modify the look of GOsa to fit our CI. How can I create anown theme?
-A: GOsa can manage desktop applications in ldap. Create a group and put all users
- in there, which have common desktop settings. Go to the "Application" tab and
- add all applications common to this group. Applications can be created from the
- application plugin.
- The idea behind this feature is a script running on the terminal-servers/
- workstation which check for applications on login (or on a regular basis using
- timestamps). This one will create the corresponding icons on your KDE or GNOME
- desktop.
+A: Themes are splitted into two parts. ihtml/ contains templates which
+ generate the ui, html/ contains all parts that must be readable from
+ clients. GOsa first looks for predefined files in the directory indirectly
+ defined via the "theme" parameter in /etc/gosa/gosa.conf. If it can't
+ find them here, it'll use the default one.
+ So start over by copying html/themes/default to html/themes/yourtheme
+ and ihtml/themes/default to ihtml/themes/yourtheme. Change gosa.conf to
+ contain theme="yourtheme" in section main. Here are some files to edit:
-Q: What's this terminal stuff?
+ * login.tpl -> login screen
+ * framework.tpl -> page contents
+ * style.css -> stylesheets used by GOsa
-A: GOto is - similar to LTSP - a ldap based diskless client system. It is available
- from our projects page.
+Q: How can I let a person do administrative tasks under a specific department?
-Q: I can't select any mailservers. What's wrong?
+A: GOsa 2.6 implements a flexible but complex ACL management, please have a look at
+ the following wiki page: https://oss.gonicus.de/labs/gosa/wiki/DocumentationWritingACLs2.6
+ If you have still questions, please use the mailing list or the forum.
-A: LDAP stores information about all your servers. The server plugin is not ready
- yet, so you've to adjust/add these entries using your favorite ldap tool.
+Q: What about applications?
-Q: GOsa is not in my native language, can I translate it to my language?
+A: GOsa can manage desktop applications in ldap. Create a group and put all users
+ in there, which have common desktop settings. Go to the "Application" tab and
+ add all applications common to this group. Applications can be created from the
+ application plugin.
+ The idea behind this feature is a script running on the terminal-servers/
+ workstation which check for applications on login (or on a regular basis using
+ timestamps). This one will create the corresponding icons on your KDE or GNOME
+ desktop.
-A: Yes. Just go to the locale directory and copy the messages.po file somewhere
- else. Edit the copy and put your translations into the msgstr lines. To be
- included in next GOsa releases, you may want to send it to the GOsa maintainer.
- Finally you need to create a directory with your language code. (i.e. de for
- german) containing the LC_MESSAGES directory. Move your messages.po file there
- and run 'msgfmt messages.po' in that directory. That's it.
- You may need to restart apache, depending on your setup. On Debian, be sure
- to have your locale generated (dpkg-reconfigure locales) before.
+Q: What's this terminal stuff?
-Q: The online help doesn't exist in my language, can i translate it to my language?
+A: GOto is - similar to LTSP - a ldap based diskless client system. It is available
+ from our projects page.
-A: Yes. Just go to the doc/guide/user/en directory and copy the lyx-source directory
- to a new directory in doc/guide/user/<your language>. You have to use the lyx
- program create the online help in your language. When you have finish just run
- ./gen_online_help from the gosa root directory to generate the online docs.
-
-Q: Can I specify some kind of password policies?
-A: You can place the keywords "pwminlen" and "pwdiffer" in the main section of your
- gosa.conf. "pwminlen" specifies how many characters a password must have to be
- accepted. "pwdiffer" contains the number of characters that must be different
- from the previous password.
+Q: I can't select any mailservers. What's wrong?
- Note that these only affect passwords that are set by the user, not by the admins.
+A: It seems that a mail server is missing in your configuration.
+ Create a new server, go to the services tab and add a mailserver
+ service and/or the imap service.
+ For more details, please have a look at the FAQ and
+ https://oss.gonicus.de/labs/gosa/wiki/PluginInstallationMailMethods.
-Q: I've to update passwords on external windows PDCs. Can I add a command to let
- synchronize these for me?
-A: There's the possibility to add a password hook in gosa.conf's main section using
- the keyword "externalpwdhook". The specified command will be executed with
- three parameters: /path/to/your/script username oldpassword newpassword
+Q: Can I specify some kind of password policies?
- So you can call i.e. smbpasswd to handle your password change on the PDC.
+A: You can place the keywords "passwordMinLength" and "passwordMinDiffer" in the main
+ section of your gosa.conf. "passwordMinLength" specifies how many characters a
+ password must have to be accepted. "passwordMinDiffer" contains the number of
+ characters that must be different from the previous password.
+ Note that these only affect passwords that are set by the user, not by the admins.
-Q: What about templates for vacation messages?
-A: Create a directory to keep a set of vacation messages which are readable by the
- user that runs your apache. In this example I'll use /etc/gosa/vacation for that.
- Put your vacation files in there containing a "DESC:some descriptive text" as the
- first line followed by the normal vacation text. You can use all attributes from
- the generic tab. I.e.:
+Q: I've to update passwords on external windows PDCs. Can I
+ add a command to letsynchronize these for me?
- /etc/gosa/vacation/business.txt ------------------------------------------------->8
- DESC:Away from desk
- Hi, I'm currently away from my desk. You can contact me on
- my cell phone via %mobile.
-
- Greetings,
- %givenName %sn
- -----------------------------------------------------------------------------------
+A: There's the possibility to add a hooks in gosa.conf's plugin tags
+ using the "premodify/postmodify" keywords. The specified command
+ will be executed with these additional parameters:
+ * current_password
+ * new_password
+ * userPassword
- Place the config option vacationdir="/etc/gosa/vacation" in the location found in
- gosa.conf and a template box is show in the vacation mail tab.
+ ---
+ <plugin acl="users/password:self" class="password"
+ premodify="/scripts/prepareForPasswordChange %current_password %new_password %uid"
+ check="/scripts/checkPasswordHash %userPassword %dn"
+ postmodify="/scripts/changePassword %dn %uid %userPassword %current_password %new_password %userPassword"
+ >
+ ---
+ For further information about pre- and post hooks search for the premodify and postmodify statements.
-Q: How can I generate automatic ID's for user templates?
+ So you can call i.e. smbpasswd to handle your password change on the PDC.
-A: Add an entry describing your id policy in gosa.conf, location section:
- a) using attributes
- You can specify LDAP attributes (currently only sn and givenName) in braces {}
- and add a percent sign befor it. Optionally you can strip it down to a number
- of characters, specified in []. I.e.
-
- idgen="{%sn}-{%givenName[2-4]}"
-
- will generate an ID using the full surename, adding a dash, and adding at least
- the first two characters of givenName. If this ID is used, it'll use up to four
- characters. If no automatic generation is possible, a input box is shown.
- b) using automatic id's
- I.e. specifying
-
- idgen="acct{id:3}"
+Q: What about templates for vacation messages?
- will generate a three digits id with the next free entry appended to "acct".
-
- idgen="ext{id#3}"
+A: Create a directory to keep a set of vacation messages which are readable by the
+ user that runs your apache. In this example I'll use /etc/gosa/vacation for that.
- will generate a three digits random number appended to "ext".
+ Put your vacation files in there containing a "DESC:some descriptive text" as the
+ first line followed by the normal vacation text. You can use all attributes from
+ the generic tab. I.e.:
+ /etc/gosa/vacation/business.txt
+ ---
+ DESC:Away from desk
+ Hi, I'm currently away from my desk. You can contact me on
+ my cell phone via %mobile.
-Q: I'm migrating from the current LDAP, now GOsa does not allow uid's and group
- with upper/lower case and spaces. What can I do?
+
+ Greetings,
+ %givenName %sn
+ ---
+
+ Place the config option vacationTemplateDirectory="/etc/gosa/vacation" in the location found in
+ gosa.conf and a template box is show in the vacation mail tab.
-A: Include the strict="no" keyword in your gosa.conf's location section.
- WARNING: using strict="no" will cause problems with cyrus/postfix!!
-Q: I'd like to place my users under ou=staff, not under ou=people. Can I change
- this?
+Q: How can I generate automatic ID's for user templates?
-A: Yes. You can change the people and group locations by adding the following
- statements to your location sections:
+A: Add an entry describing your id policy in gosa.conf, location section:
- people="ou=staff"
- groups="ou=crowds"
- After logging in again, people and groups are created in the configured places.
- As a side note, you can leave these strings blank for flat structures, too.
+ 1) Using attributes
+ You can specify LDAP attributes (currently only sn and givenName) in braces {}
+ and add a percent sign befor it. Optionally you can strip it down to a number
+ of characters, specified in []. I.e.
+ ---
+ idGenerator="{%sn}-{%givenName[2-4]}"
+ ---
-Q: I've problems with many objectClass violations/undefined attributes. Can GOsa
- check what's missing?
+ will generate an ID using the full surename, adding a dash, and adding at least
+ the first two characters of givenName. If this ID is used, it'll use up to four
+ characters. If no automatic generation is possible, a input box is shown.
-A: Yes. Move away your gosa.conf and go to the GOsa setup. Follow the steps till
- you can download the config. If you get up to this point, your schema is ok...
+ 2) using automatic id's
+ I.e. specifying
+ ---
+ idGenerator="acct{id:3}"
+ ---
-Q: I really don't want dn's containing the CN for user accounts because I don't
- want to support anonymous binds for uid resolution. Is it possible to have dn's
- containing the uid instead?
+ will generate a three digits id with the next free entry appended to "acct".
-A: Yes. Placing the dnmode="uid" keyword in your gosa.conf's location section will
- solve your problem.
+ ---
+ idGenerator="ext{id#3}"
+ ---
+ will generate a three digits random number appended to "ext".
-Q: Hey, I've installed GOsa, but it claims something about "SID and / or RIDBASE
- are missing in your configuration". What's wrong?
-A: You've configured GOsa to use samba3, but your LDAP has no samba domain object
- inside. Either log into samba for the first time to let it create that object,
- or supply the sid and ridbase for your domain in your gosa.conf's location, i.e.:
- <location name=...>
- ...
- ridbase="1000"
- sid="0-815-4711" \>
- Remember to fill in your real domain sid which is retrievable by the command
- "net getlocalsid".
+Q: I'm migrating from the current LDAP, now GOsa does not allow uid's
+ and groupwith upper/lower case and spaces. What can I do?
+A: Include the strictNamingRules="no" keyword in your gosa.conf's location section.
+
+ WARNING: using strictNamingRules="no" will cause problems with cyrus/postfix!!
-Q: We have massive performance problems with using samba as a member server.
-A: This is a known issue. We're working around this by putting
- <location name=...>
- ...
- sambaidmapping="true"
- ... \>
+Q: I'd like to place my users under ou=staff, not under ou=people. Can I changethis?
+
+ Yes. You can change the people and group locations by adding the following
+ statements to your location sections:
+
+ ---
+ userRDN="ou=staff"
+ groupRDN="ou=crowds"
+ ---
+
+ After logging in again, people and groups are created in the configured places.
+ As a side note, you can leave these strings blank for flat structures, too.
+
+
+
+
+Q: I really don't want dn's containing the CN for user accounts because I don't
+ want to support anonymous binds for uid resolution.
+ Is it possible to have dn'scontaining the uid instead?
+
+A: Yes. Placing the accountPrimaryAttribute="uid" keyword in your gosa.conf's location
+ section will solve your problem.
+
+
+
+
+Q: Hey, I've installed GOsa, but it claims something about "SID and / or RIDBASE
+ are missing in your configuration". What's wrong?
+
+A: You've configured GOsa to use samba3, but your LDAP has no samba domain object
+ inside. Either log into samba for the first time to let it create that object,
+ or supply the sid and ridbase for your domain in your gosa.conf's location, i.e.:
+
+ ---
+ <location name=...>
+ ...
+ sambaRidBase="1000"
+ sambaSID="0-815-4711" \>
+ ---
+
+ Remember to fill in your real domain sid which is retrievable by the command
+ "net getlocalsid".
+
+
+
+Q: We have massive performance problems with using samba as a member server.
+
+A: This is a known issue. We're working around this by putting
+
+ ---
+ <location name=...>
+ ...
+ sambaIdMapping="true"
+ ... \>
+ ---
into the configuration. GOsa will write the additional objectClass sambaIdmapEntry
to the group and user objects.
-Q: I get 'The value specified as GID/UID number is too small' when forcing IDs. Why?
-A: This is an additional security feature, so that no one can fall back to uid 0. The
- default minimum ID is 100. You can set it to every value you like by specifying
+Q: I get 'The value specified as GID/UID number is too small' when forcing IDs. Why?
+
+A: This is an additional security feature, so that no one can fall back to uid 0. The
+ default minimum ID is 100. You can set it to every value you like by specifying
+
+ ---
+ <location name=...>
+ ...
+ minId="40"
+ ... \>
+ ---
+
+ in your configuration. In this example 40 will be the smallest ID you can enter.
+
+
+
+Q: Aahhrg. I've updated to a new version and my gosa.conf seems to be broken.
+
+A: Some parameters may have changed. Please move your gosa.conf away and re-run the setup.
+
+
+
+
+Q: I've saved my windows workstations in other locations like GOsa is doing it
+ for decades. Is there a way to change this?
+
+A: Yes. Use the sambaMachineAccountRDN parameter in your location section:
+
+ ---
+ <location name=...>
+ ...
+ sambaMachineAccountRDN="ou=machineaccounts"
+ ... \>
+ ---
+
+
+
+Q: I'd like to have TLS based LDAP connections from within GOsa. Is this possible?
+
+A: Yes, add
+
+ ---
+ <location ...>
+ ...
+ ldapTLS="true"
+ ... \>
+ ---
+
+ to the location section of GOsa. This switch affects LDAP connections for a single location only.
+
+
+
+Q: Cyrus folder get created in the style user.username. I prefer the unix
+ hirachystyle user/username. Is it possible to change this?
+
+A: Yes, add
+
+
+ ---
+ <location
+ cyrusUseSlashes="true"
+ ---
+
+ to the location or main section of GOsa and the folders are created in unix style.
+
+
+
+Q: I've a cyrus installation with customized user and folder prefixes.
+ How can I tell GOsa to use the prefixes I prefer?
+
+A: Simply set the following attributes in the location tag of your gosa.conf:
+
+ ---
+ <location
+ mailUserCreation="myprefix/%mail%"
+ mailFolderCreation="myfolder\\.%cn%@%domain%"
+ ---
+
+
+ The dot in the above example is escaped to prevent it from replacing with '/' if
+ cyrusUseSlashes is set to true.
+
+
+ You can use the following replacements:
+ ---
+ %cn% - The groups cn.
+ %uid% - The users uid.
+ %prefix% - The default prefix used by the mailmethod.
+ %uattrib% - The configured mailAttribute="" (gosa.conf).
+ %domain% - The domain part of the given mail address. (user@domain.com = domain.com)
+ %mailpart% - The user part of the mail address. (user@domain.com = user)
+ %mail% - The complete mail address.
+ ---
+
+
+
+Q: I want to use cyrus for multiple mail domains, but GOsa uses the 'uid' attribute
+ for account namens, how do I change this to 'mail'?
+
+A: Just add/modify the following line to/in your gosa.conf:
+
+ ---
+ <location
+ ...
+ mailAttribute="mail"
+ ---
+
+
+
+Q: I'd like to do special checks for several plugin parameters. How can I modify
+ GOsa to take care of these checks?
+
+A: No need to modify anything. Just add a hook the the plugin you'd like to
+ check:
+
+ ---
+ check="/your/command/binary"
+ ---
+
+ This binary will get an ldif to STDIN for analysis and may write an error message
+ to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due
+ to technical reasons.
+
+
+
+Q: Is there a way to use ACL independet filtering when using administrative units?
+
+A: Yes. Set "honourUnitTags" to "true" in your gosa.conf's location section.
+
+
+
+Q: How can i active the account expiration code for the gosa interface?
+
+A: Yes. Just set "handleExpiredAccounts" to "true" in your gosa.conf's main section.
+
+
+
+Q: What is the correct connection string for a Kolab server in GOsa?
+
+A: Try {localhost:143/novalidate-cert}.
+
+
+
+Q: Sieve is not working from GOsa - there are authentication problems
+ with this service, IMAP/POP is working. What's wrong?
+
+A: Verify that the paramater sasl_auto_transition: no is not present in your imap.conf
+
+
+
+Q: I have a SIEVE problem - "Can't log into SIEVE server. Server says //. -
+
+A: Probably something is wrong with the authentification which is used by timesieved.
+ * Check if you can login with "sieveshell" on this host.
+ * Also check "telnet localhost 2000" - Is there any output about "Plain Login"?
+
+ Please verify the ldap imap attributes, like goImapSieveServer and goImapSievePort.
+ These value can be modified using the server->services tab in GOsa 2.6.
+
+ Here is an older, but maybe helpful solution for Cyrus-Imapd 2.1.5 on SuSE 9.0:
+ * Install the "cyrus-sasl-plain" rpm from the distro-cd (This packet contains "sasl2/libplain" library).
+ * Modify your /etc/imap.conf:
+
+ ---
+ sasl_pwcheck_method: saslauthd
+ sasl_mech_list: plain login
+ ---
+
+ * Modify your /etc/sysconfig/saslauthd:
+
+ ---
+ SASLAUTHD_AUTHMECH=pam
+ ---
+
+
+Q: Slapd does not start after adding or changing schema files to the slapd config. What can I do?
+
+A: Check the order of how slapd loads the schema files.
+ Order of schema loading matters, because some schemas depend on other
+ schemas being already loaded. For a working order of the schema files
+ look here: https://oss.gonicus.de/labs/gosa/wiki/InstallingLdap
+
+
+
+Q: Slapd does not start with kolab2.schema included. It claims that thedefinition of
+ calFBURL is missing. What can I do?
+
+A: For Kolab to work correctly you have to include the rfc2739.schema
+ in your slapd.conf. Insert it before the kolab2.schema
+
+
+
+Q: New implementations of OpenLDAP seem to require {sasl} instead of {kerberos}
+ in password hashes. GOsa writes the wrong string. What can I do?
+
+A: You can set "useSaslForKerberos" to "true" in your gosa.conf's main section.
+
+
+
+Q: Is there a way to add the personalTitle attribute the the users dn?
+
+A: Just add this line into the location section of your gosa.conf.
- <location name=...>
- ...
- minid="40"
- ... \>
- in your configuration. In this example 40 will be the smallest ID you can enter.
+ ---
+ <location
+ ...
+ personalTitleInDN="true"
+ ---
-Q: Aahhrg. I've updated to a new version and my gosa.conf seems to be broken.
-A: Some parameters have changed. Please call the fix_config.sh script which is in
- the contrib directory.
+Q: I'd like to assign different uid bases for certain user/group objects.How can this be achieved?
+A: Use the 'baseIdHook' in your gosa.conf's location section to specify a script
+ which handles the ID generation externaly. It get's called with the "dn"
+ and the attribute to be ID'd. It should return an integer value.
-Q: I've saved my windows workstations in other locations like GOsa is doing it
- for decades. Is there a way to change this?
-A: Yes. Use the winstation parameter in your location section:
- <location name=...>
- ...
- winstations="ou=machineaccounts"
- ... \>
+Q: I'd like to use rfc2307bis compliant groups. Is this possible?
+A: Yes - place the rfc2307bis="true" inside of the location section of
+ your gosa.conf. Remember, that you can't create empty groups in this mode.
-Q: GOsa doesn't seem to follow my referrals. What can I do?
-A: Place the option 'recursive = "true"' inside your locations definition
- and you should be fine.
+Q: GOsa sessions expire too quick. Is there a way to change this?
-Q: I'd like to have TLS based LDAP connections from within GOsa. Is this possible?
+A: Yes. Set "sessionLifetime" to the number of seconds of inactivity. 7200
+ (60x60x2) would be for two hours. Place this option inside the main
+ section of your gosa.conf.
-A: Yes, add
- <location ...>
- ...
- tls="true"
- ... \>
- to the location section of GOsa. This switch affects LDAP connections for a single location only.
-
+Q: Is there a way to let users change passwords without logging into GOsa?
-Q: Cyrus folder get created in the style user.username. I prefer the unix hirachy
- style user/username. Is it possible to change this?
+A: Yes. Browse to "password.php". You can preset a couple of things i.e.:
-A: Yes, add
+ ---
+ http://your.admin.server/password.php?uid=cajus&method=md5&directory=GONICUS+GmbH
+ ---
- <main ...>
- ...
- cyrusunixstyle="true"
- ... \>
- to the main section of GOsa and the folders are created in unix style.
+Q: GOsa only shows 300 entries at a time. Is this normal?
-Q: I'd like to do special checks for several plugin parameters. How can I modify
- GOsa to take care of these checks?
+A: There's a default sizelimit. You can set the "ldapSizelimit" option in your
+ gosa.conf's location section to a higher value to get rid of it.
-A: No need to modify anything. Just add a hook the the plugin you'd like to
- check:
- check="/your/command/binary"
- This binary will get an ldif to STDIN for analysis and may write an error message
- to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due
- to technical reasons.
-
+Q: I have problems with my ldap server when I open groups with a
+ huge amount of members, what can I do?
-Q: Is there a way to use ACL independet filtering when using administrative units?
+A: You can set a nesting limit which ensures that the user names will not be
+ resolved if the amount of members reaches this limit.
-A: Yes. Set STRICT_UNITS to "true" in your gosa.conf's location section.
+ ---
+ <location
+ ...
+ ldapFilterNestingLimit="100"
+ ---
-Q: How can i active the account expiration code for the gosa interface?
+Q: I want to disable the "Is the configuration file up to date?" check when logging in.
+ How can I disable this check?
-A: Yes. Just set "account_expiration" to "true" in your gosa.conf's main section.
+A: Just set the configVersion attribute to an empty value:
+ ---
+ <conf configVersion="" >
+ ---
-Q: What is the correct connection string for a Kolab server in GOsa?
-A: Try {localhost:143/novalidate-cert}.
+Q: I've shredded my access control and am not able to do anything from now on.
+ Is there a way to override the ACL?
-Q: Sieve is not working from GOsa - there are authentication problems
- with this service, IMAP/POP is working. What's wrong?
+A: Yes. Insert the following statement in the location section of your gosa.conf:
-A: Verify that the paramater sasl_auto_transition: no is not
- present in your imap.conf
+ ---
+ ignoreAcl="your user's dn"
+ ---
-Q: Slapd does not start with kolab2.schema included. It claims that the
- definition of calFBURL is missing. What can I do?
+Q: I can't logon as Administration, what is wrong?
-A: For Kolab to work correctly you have to include the rfc2739.schema
- in your slapd.conf. Insert it before the kolab2.schema
+A: It looks like you are missing an administrativ account.
+ In newer versions of GOsa you can simply re-run the setup and create
+ an admin account on the migration page.
+ Additionally you can set ignoreACL in GOsa 2.6, just search the FAQ.
-Q: New implementations of OpenLDAP seem to require {sasl} instead of {kerberos}
- in password hashes. GOsa writes the wrong string. What can I do?
-A: You can set "krbsasl" to "true" in your gosa.conf's main section.
+Q: The Unix's user's shell list is empty (unconfigured)
-Q: Is there a way to add the personalTitle attribute the the users dn?
+A: Just copy or link your /etc/shell in /etc/gosa.
-A: Just add this line into the location section of your gosa.conf.
- <location name=...
- include_personal_title="true"
- ...>
-Q: I'd like to assign different uid bases for certain user/group objects.
- How can this be achieved?
+Q: After upgrading GOsa, the setup.php doesn't work or looks broken.
-A: Use the base_hook in your gosa.conf's location section to specify a script
- which handles the ID generation externaly. It get's called with the "dn"
- and the attribute to be ID'd. It should return an integer value.
+A: You should delete all files in /var/spool/gosa
+ ---
+ # cd /var/spool/gosa
+ # rm -rf *
+ ---
-Q: I'd like to use rfc2307bis compliant groups. Is this possible?
-A: Yes - place the rfc2307bis="true" inside of the location section of
- your gosa.conf. Remember, that you can't create empty groups in this mode.
+Q: After installing GOsa using an existing LDAP tree, my user accounts are not listed.
-Q: Can GOsa show some vendor information for given MAC addresses?
+A: You need to add the following objectClasses to your accounts:
-A: Yes. Download http://standards.ieee.org/regauth/oui/oui.txt and place
- it in /etc/gosa/oui.txt.
+ ---
+ objectClass: person
+ objectClass: organizationalPerson
+ ---
+ The setup will automatically migrate those accounts, see migration step in GOsa setup!
-Q: GOsa sessions expire too quick. Is there a way to change this?
-A: Yes. Set "session_lifetime" to the number of seconds of inactivity. 7200
- (60x60x2) would be for two hours. Place this option inside the main
- section of your gosa.conf.
-
+Q: Is it possible to login with the users mail address too?
-Q: Microsoft Internet Explorer <=6 seems paints strange blocks around
- images.
+A: Yes, just add the following line to your gosa.conf:
-A: Use Firefox, Konqueror, Safari, Opera, IE >= 7, etc. IE is broken and
- I don't want to waste my time with working around this old crap. There's
- a quick hack, if you just put "ie_png_workaround='true'" inside the main
- section of your gosa.conf. This is a JavaScript based workaround and I've
- to place a WARNING here, that it is damn slow if you've large lists to
- display.
+ ---
+ <location
+ ...
+ loginAttribute="mail"
+ ---
- If you have much time, you can provide a seamless integration with MS
- filter css extension.
+ or for both, uid and mail:
+ ---
+ <location
+ ...
+ loginAttribute="uid,mail"
+ ---
-Q: Is there a way to let users change passwords without logging into GOsa?
-A: Yes. Browse to "password.php". You can preset a couple of things i.e.:
+Q: GOsa doesn't seem to follow my referrals. What can I do?
- http://your.admin.server/password.php?uid=cajus&method=md5&directory=GONICUS+GmbH
+A: Place the option 'ldapFollowReferrals = "true"' inside your locations definition
+ and you should be fine.
-Q: GOsa only shows 300 entries at a time. Is this normal?
+Q: GOsa is not in my native language, can I translate it to my language?
-A: There's a default sizelimit. You can set the "sizelimit" option in your
- gosa.conf's location section to a higher value to get rid of it.
+ Yes. Just go to the locale directory and copy the messages.po file somewhere
+ else. (Translation is splitted into core and plugin translation files).
+ Edit the copy and put your translations into the msgstr lines. To be
+ included in next GOsa releases, you may want to send it to the GOsa maintainer.
+ Finally you need to create a directory with your language code. (i.e. de for
+ german) containing the LC_MESSAGES directory. Move your messages.po file there
+ and run 'msgfmt messages.po' in that directory. That's it.
+ You may need to restart apache, depending on your setup. On Debian, be sure
+ to have your locale generated (dpkg-reconfigure locales) before.