![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/FAQ b/gosa-core/FAQ
index 4b1a1ed086624c71047d307e211fb6db5d8e6a17..cd9dff8641bfdbabc4bd20ea766d9cf2478a02da 100644 (file)
--- a/gosa-core/FAQ
+++ b/gosa-core/FAQ
This is the textual form of the GOsa FAQ. Online information with
-comments is set up at Wiki: http://oss.gonicus.de/gosa/.
+comments is set up at Wiki: https://oss.gonicus.de/labs/gosa/wiki/documentation
Q: When creating many users for one department, I need to fill some
fields again and again. Is there a shortcut for that?
Q: Can GOsa execute commands after creating/editing/removing users,
departments, etc.
-A: Yes. Edit /etc/gosa/gosa.conf's menu section. Each plugin may have
+A: Yes. Edit /etc/gosa/gosa.conf's menu section. Each plugin may has
an entry "postremove", "postmodify" and "postcreate". You can use
ldap attributes as command line options.
i.E. postcreate="/usr/bin/sudo /usr/local/sbin/ftp.setperms %uid '%givenName'"
* login.tpl -> login screen
* framework.tpl -> page contents
* style.css -> stylesheets used by GOsa
-
- In fact, the rest of the UI is not converted to smarty, yet. Please be
- patient.
-
+
Q: How can I let a person do administrative tasks under a specific department?
-A: Create a group inside this department. Put all administrative people inside,
- go to the "ACL" tab and check all fields these users should be able to adminstrate.
-
+A: Gosa 2.5.x
+ * Create a group inside this department.
+ * Put all administrative people inside
+ * go to the "ACL" tab and check all fields these users should be able to adminstrate.
+
+ GOsa 2.6 implements a more flexible but complex ACL management, please have a look at
+ the following wiki page: https://oss.gonicus.de/labs/gosa/wiki/DocumentationWritingACLs2.6
+ If you have still questions, please use the mailing list or the forum.
+
Q: How can I permit users to change some of their own attributes?
-A: Same like the point above, but this rule only works for users own attributes
- by checking the box on the acl page.
+A: Same like described above, but additionally you have to check the option
+ 'Apply this acl only for users own entries'.
+ (For versions 2.6.x, see the wiki pages)
Q: What about applications?
Q: I can't select any mailservers. What's wrong?
-A: LDAP stores information about all your servers. The server plugin is not ready
- yet, so you've to adjust/add these entries using your favorite ldap tool.
+A: It seems that a mail server is missing in your configuration.
+ Create a new server, go to the services tab and add the imap service.
+ For more details, please have a look at the FAQ and wiki pages.
+ (This may differ in older GOsa versions)
Q: GOsa is not in my native language, can I translate it to my language?
You may need to restart apache, depending on your setup. On Debian, be sure
to have your locale generated (dpkg-reconfigure locales) before.
+
Q: The online help doesn't exist in my language, can i translate it to my language?
A: Yes. Just go to the doc/guide/user/en directory and copy the lyx-source directory
to a new directory in doc/guide/user/<your language>. You have to use the lyx
program create the online help in your language. When you have finish just run
./gen_online_help from the gosa root directory to generate the online docs.
+
Q: Can I specify some kind of password policies?
@@ -125,15 +133,17 @@ A: Create a directory to keep a set of vacation messages which are readable by t
first line followed by the normal vacation text. You can use all attributes from
the generic tab. I.e.:
- /etc/gosa/vacation/business.txt ------------------------------------------------->8
- DESC:Away from desk
- Hi, I'm currently away from my desk. You can contact me on
- my cell phone via %mobile.
-
- Greetings,
- %givenName %sn
- -----------------------------------------------------------------------------------
-
+ /etc/gosa/vacation/business.txt
+
+ |-->
+ DESC:Away from desk
+ Hi, I'm currently away from my desk. You can contact me on
+ my cell phone via %mobile.
+
+ Greetings,
+ %givenName %sn
+ |<--
+
Place the config option vacationTemplateDirectory="/etc/gosa/vacation" in the location found in
gosa.conf and a template box is show in the vacation mail tab.
You can specify LDAP attributes (currently only sn and givenName) in braces {}
and add a percent sign befor it. Optionally you can strip it down to a number
of characters, specified in []. I.e.
-
- idGenerator="{%sn}-{%givenName[2-4]}"
-
+
+ |-->
+ idGenerator="{%sn}-{%givenName[2-4]}"
+ |<--
+
will generate an ID using the full surename, adding a dash, and adding at least
the first two characters of givenName. If this ID is used, it'll use up to four
characters. If no automatic generation is possible, a input box is shown.
b) using automatic id's
I.e. specifying
-
- idGenerator="acct{id:3}"
+
+ |-->
+ idGenerator="acct{id:3}"
+ |<--
will generate a three digits id with the next free entry appended to "acct".
-
- idGenerator="ext{id#3}"
+
+ |-->
+ idGenerator="ext{id#3}"
+ |<--
will generate a three digits random number appended to "ext".
@@ -178,8 +194,10 @@ Q: I'd like to place my users under ou=staff, not under ou=people. Can I change
A: Yes. You can change the people and group locations by adding the following
statements to your location sections:
+ |-->
userRDN="ou=staff"
groupRDN="ou=crowds"
+ |<--
After logging in again, people and groups are created in the configured places.
As a side note, you can leave these strings blank for flat structures, too.
@@ -207,10 +225,12 @@ A: You've configured GOsa to use samba3, but your LDAP has no samba domain objec
inside. Either log into samba for the first time to let it create that object,
or supply the sid and ridbase for your domain in your gosa.conf's location, i.e.:
+ |-->
<location name=...>
...
sambaRidBase="1000"
sambaSID="0-815-4711" \>
+ |<--
Remember to fill in your real domain sid which is retrievable by the command
"net getlocalsid".
A: This is a known issue. We're working around this by putting
+ |-->
<location name=...>
- ...
- sambaidmapping="true"
- ... \>
+ ...
+ sambaIdMapping="true"
+ ... \>
+ |<--
into the configuration. GOsa will write the additional objectClass sambaIdmapEntry
to the group and user objects.
@@ -234,18 +256,19 @@ Q: I get 'The value specified as GID/UID number is too small' when forcing IDs.
A: This is an additional security feature, so that no one can fall back to uid 0. The
default minimum ID is 100. You can set it to every value you like by specifying
+ |-->
<location name=...>
- ...
- minId="40"
- ... \>
+ ...
+ minId="40"
+ ... \>
+ |<--
in your configuration. In this example 40 will be the smallest ID you can enter.
Q: Aahhrg. I've updated to a new version and my gosa.conf seems to be broken.
-A: Some parameters have changed. Please call the fix_config.sh script which is in
- the contrib directory.
+A: Some parameters may have changed. Please move your gosa.conf away and re-run the setup.
Q: I've saved my windows workstations in other locations like GOsa is doing it
@@ -253,10 +276,12 @@ Q: I've saved my windows workstations in other locations like GOsa is doing it
A: Yes. Use the winstation parameter in your location section:
+ |-->
<location name=...>
- ...
- sambaMachineAccountRDN="ou=machineaccounts"
- ... \>
+ ...
+ sambaMachineAccountRDN="ou=machineaccounts"
+ ... \>
+ |<--
Q: GOsa doesn't seem to follow my referrals. What can I do?
@@ -269,25 +294,66 @@ Q: I'd like to have TLS based LDAP connections from within GOsa. Is this possibl
A: Yes, add
+ |-->
<location ...>
...
ldapTLS="true"
... \>
+ |<--
to the location section of GOsa. This switch affects LDAP connections for a single location only.
-
+
Q: Cyrus folder get created in the style user.username. I prefer the unix hirachy
style user/username. Is it possible to change this?
A: Yes, add
- <main ...>
- ...
- cyrusUseSlashes="true"
- ... \>
+ |-->
+ <location
+ ...
+ cyrusUseSlashes="true"
+ |<--
+
+ to the location or main section of GOsa and the folders are created in unix style.
+
+
+Q: I've a cyrus installation with customized user and folder prefixes.
+ How can I tell GOsa to use the prefixes I prefer?
+
+A: Simply set the following attributes in the location tag of your gosa.conf:
+
+ |-->
+ <location
+ ...
+ mailUserCreation="myprefix/%mail%"
+ mailFolderCreation="myfolder\\.%cn%@%domain%"
+ |<--
+
+ The dot in the above example is escaped to prevent it from replacing with '/' if
+ cyrusUseSlashes is set to true.
+
+ You can use the following replacements:
+ |-->
+ %cn% - The groups cn.
+ %uid% - The users uid.
+ %prefix% - The default prefix used by the mailmethod.
+ %uattrib% - The configured mailAttribute="" (gosa.conf).
+ %domain% - The domain part of the given mail address. (user@domain.com = domain.com)
+ %mailpart% - The user part of the mail address. (user@domain.com = user)
+ %mail% - The complete mail address.
+ |<--
- to the main section of GOsa and the folders are created in unix style.
+
+Q: I want to use cyrus for multiple mail domains, but GOsa uses the 'uid' attribute for account namens, how do I change this to 'mail'?
+
+A: Just add/modify the following line to/in your gosa.conf:
+
+ |-->
+ <location
+ ...
+ mailAttribute="mail"
+ |<--
Q: I'd like to do special checks for several plugin parameters. How can I modify
@@ -296,12 +362,14 @@ Q: I'd like to do special checks for several plugin parameters. How can I modify
A: No need to modify anything. Just add a hook the the plugin you'd like to
check:
- check="/your/command/binary"
+ |-->
+ check="/your/command/binary"
+ |<--
This binary will get an ldif to STDIN for analysis and may write an error message
to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due
to technical reasons.
-
+
Q: Is there a way to use ACL independet filtering when using administrative units?
present in your imap.conf
+Q: I have a SIEVE problem - "Can't log into SIEVE server. Server says //. -
+
+A: Probably something is wrong with the authentification which is used by timesieved.
+ - Check if you can login with "sieveshell" on this host.
+ - Also check "telnet localhost 2000" - Is there any output about "Plain Login"?
+
+ Please verify the ldap imap attributes, like goImapSieveServer and goImapSievePort.
+ These value can be modified using the server->services tab in GOsa 2.6 and in
+ GOsa 2.5 you can find these options under server->databases.
+
+ Here is an older, but maybe helpful solution for Cyrus-Imapd 2.1.5 on SuSE 9.0:
+ - Install the "cyrus-sasl-plain" rpm from the distro-cd (This packet contains "sasl2/libplain" library).
+ - Modify your /etc/imap.conf:
+
+ |-->
+ sasl_pwcheck_method: saslauthd
+ sasl_mech_list: plain login
+ |<--
+
+ - Modify your /etc/sysconfig/saslauthd:
+
+ |-->
+ SASLAUTHD_AUTHMECH=pam
+ |<--
+
+
Q: Slapd does not start with kolab2.schema included. It claims that the
definition of calFBURL is missing. What can I do?
@@ -341,15 +435,18 @@ A: You can set "useSaslForKerberos" to "true" in your gosa.conf's main section.
Q: Is there a way to add the personalTitle attribute the the users dn?
A: Just add this line into the location section of your gosa.conf.
- <location name=...
+
+ |-->
+ <location
+ ...
personalTitleInDN="true"
- ...>
+ |<--
Q: I'd like to assign different uid bases for certain user/group objects.
How can this be achieved?
-A: Use the 'nextIdHook' in your gosa.conf's location section to specify a script
+A: Use the 'baseIdHook' in your gosa.conf's location section to specify a script
which handles the ID generation externaly. It get's called with the "dn"
and the attribute to be ID'd. It should return an integer value.
A: Yes. Set "sessionLifetime" to the number of seconds of inactivity. 7200
(60x60x2) would be for two hours. Place this option inside the main
section of your gosa.conf.
-
+
Q: Microsoft Internet Explorer <=6 seems paints strange blocks around
images.
A: Yes. Browse to "password.php". You can preset a couple of things i.e.:
- http://your.admin.server/password.php?uid=cajus&method=md5&directory=GONICUS+GmbH
+ |-->
+ http://your.admin.server/password.php?uid=cajus&method=md5&directory=GONICUS+GmbH
+ |<--
Q: GOsa only shows 300 entries at a time. Is this normal?
A: You can set a nesting limit which ensures that the user names will not be
resolved if the amount of members reaches this limit.
- <location
- ...
- ldapFilterNestingLimit="100"
- ... />
- </location>
+
+ |-->
+ <location
+ ...
+ ldapFilterNestingLimit="100"
+ |<--
Q: I want to disable the "Is the configuration file up to date?" check when logging in.
How can I disable this check?
A: Just set the configVersion attribute to an empty value:
- <conf configVersion="" >
+
+ |-->
+ <conf configVersion="" >
+ |<--
Q: I've shredded my access control and am not able to do anything from now on. Is there
@@ -424,5 +527,64 @@ Q: I've shredded my access control and am not able to do anything from now on. I
A: Yes. Insert the following statement in the location section of your gosa.conf:
- ignoreAcl="your user's dn"
+ |-->
+ ignoreAcl="your user's dn"
+ |<--
+
+
+Q: I can't logon as Administration, what is wrong?
+
+A: It looks like you are missing an administrativ account.
+ In newer versions of GOsa you can simply re-run the setup and create
+ an admin account on the migration page.
+
+ Additionally you can set ignoreACL in GOsa 2.6, just search the FAQ.
+
+
+Q: The Unix's user's shell list is empty (unconfigured)
+
+A: Just copy or link your /etc/shell in /etc/gosa.
+
+
+Q: After upgrading GOsa, the setup.php doesn't work or looks broken.
+
+A: You should delete all files in /var/spool/gosa
+
+ |-->
+ # cd /var/spool/gosa
+ # rm -rf *
+ |<--
+
+
+Q: After installing GOsa using an existing LDAP tree, my user accounts are not listed.
+
+A: You need to add the following objectClasses to your accounts:
+
+ |-->
+ objectClass: person
+ objectClass: organizationalPerson
+ |<--
+
+ The setup will automatically migrate those accounts, see migration step in GOsa setup!
+
+
+Q: Is it possible to login with the users mail address too?
+
+A: Yes, just add the following line to your gosa.conf:
+
+ |-->
+ <location
+ ...
+ loginAttribute="mail"
+ |<--
+
+ or for both, uid and mail:
+
+ |-->
+ <location
+ ...
+ loginAttribute="uid,mail"
+ |<--
+
+