index 4f345f311950c59bbd1574a744f9c2f5de652b94..c78026873bacea11b8da2dde5cd0809182c9b759 100644 (file)
.I "icon"
attribute.
-For every plugin, you can provide at least four additional hooks:
+For every plugin, you can provide at least seven additional hooks:
+.I precreate,
+.I preremove,
+.I premodify
.I postcreate,
-.I postdelete,
+.I postremove,
.I postmodify
and
.I check.
provide certain parameters in form of LDAP attributes. '%uid'
will pass the current user id, '%dn' the current object dn, etc.
-The script gets executed after create, delete or modify tasks.
+The script gets executed before(pre) and after(post) create, delete or modify tasks.
.I The
.B check
The
.I logging
statement enables event logging on GOsa side. Setting it to
-.I syslog,
-GOsa will log every action a user performs via syslog. Setting it to
-.I mysql,
-GOsa will log every action to a mysql server, defined in the
-GOsa systems plugin. Both values can be combined as a comma seperated
-list.
+.I true,
+GOsa will log every action a user performs via syslog. If you use
+rsyslog and configure it to mysql logging, you can browse all events
+within GOsa.
-GOsa will not log anything, if the logging value is empty.
+GOsa will not log anything, if the logging value is empty or set to
+false.
.PP
.B loginAttribute
statement enables copy and paste for LDAP entries managed with GOsa.
.PP
-.B snapshots
+.B enableSnapshots
.I bool
.PP
The
-.I snapshots
+.I enableSnapshots
statement enables a snapshot mechaism in GOsa. This enables you to save
certain states of entries and restore them later on.
.PP
variable defines where to store PPD files for the GOto environment plugins.
.PP
+.B ppdGzip
+.I bool
+.PP
+The
+.I ppdGzip
+variable enables PPD file compression.
+.PP
+
.B resolutions
.I path
.PP
.fi
.PP
+.B gosaSupportTimeout
+.I integer
+.PP
+The
+.I gosaSupportTimeout
+sets a connection timeout for all gosa-si actions. See
+.I gosaSupportURI
+for details.
+.PP
.B Browser and display options
elements in the list.
.PP
-.B iconsize
-.I size value
-.PP
-The
-.I iconsize
-statement sets the icon size in the main menu. Its value should be something
-like 48x48.
-.PP
-
.B sendCompressedOutput
.I true/false
.PP
@@ -510,30 +520,6 @@ not work because the sessions will be removed by a cron job instead. Please modi
the value inside of your php.ini instead.
.PP
-.B primaryGroupFilter
-.I bool
-.PP
-The
-.I primaryGroupFilter
-variable enables or disables the group filter to show primary user groups. It is
-time consuming to evaluate which groups are primary and which are not. So you may
-want to set it to
-.I true
-if your group plugin is slow.
-.PP
-
-.B iePngWorkaround
-.I bool
-.PP
-The
-.I iePngWorkaround
-variable enables or disables a workaround for IE < 7 in order to display transparent
-PNG files correctly. This drastically slows down browsing. Please use Firefox or Opera
-instead.
-.PP
-.PP
-
-
.B Password options
.PP
.B passwordMinLength
to have at least n different characters.
.PP
-.B passwordHook
-.I path
+.B passwordProposalHook
+.I command
.PP
The
-.I passwordHook
-can specify an external script to handle password settings at some other
-location besides the LDAP. It will be called this way:
+.I passwordProposalHook
+can be used to let GOsa generate password proposals for you.
+Whenever you change a password, you can then decide whether to use the proposal or to manually specify a password.
.nf
-/path/to/your/script "username" "oldpassword" "newpassword"
+/usr/bin/apg -n1
.fi
+.B strictPasswordRules
+.I bool
+.PP
+The
+.I strictPasswordRules
+tells GOsa to check for UTF-8 characters in the supplied password. These
+Characters can lead to non working authentications if UTF-8 and none
+UTF-8 systems locales get mixed. The default is "true".
+
.B handleExpiredAccounts
.I bool
.PP
.I personalTitleInDN.
.PP
+.B accountRDN
+.I pattern
+.PP
+The
+.I accountRDN
+option tells GOsa to use a placeholder pattern for generating account
+RDNs. A pattern can include attribute names prefaced by a % and normal
+text:
+.nf
+accountRDN="cn=%sn %givenName"
+.fi
+This will generate a RDN consisting of cn=.... filled with surname and
+given name of the edited account. This option disables the use of
+.I accountPrimaryAttribute
+and
+.I personalTitleInDn
+in your config. The latter attributes are maintained for compatibility.
+
+
.B personalTitleInDN
.I bool
.PP
.I adduser.conf
to avoid overlapping uidNumber values between local and LDAP based lookups. The uidNumberBase
can even be dynamic. Take a look at the
-.I nextIdHook
+.I baseIdHook
definition below.
.PP
definition below.
.PP
+.B idAllocationMethod
+.I traditional/pool
+.PP
+The
+.I idAllocationMethod
+statement defines how GOsa generates numeric user and group id values. If it is set to
+.I traditional
+GOsa will do create a lock and perform a search for the next free ID. The lock will be
+removed after the procedure completes.
+.I pool
+will use the sambaUnixIdPool objectclass settings inside your LDAP. This one is unsafe,
+because it does not check for concurrent LDAP access and already used IDs in this range.
+On the other hand it is much faster.
+.PP
+
.B minId
.I integer
.PP
The
.I minId
statement defines the minimum assignable user or group id to avoid security leaks with
-uid 0 accounts.
+uid 0 accounts. This is used for the
+.I traditional
+method
+.PP
+
+.B uidNumberPoolMin/gidNumberPoolMin
+.I integer
+.PP
+The
+.I uidNumberPoolMin/gidNumberPoolMin
+statement defines the minimum assignable user/group id for use with the
+.I pool
+method.
+.PP
+
+.B uidNumberPoolMax/gidNumberPoolMax
+.I integer
+.PP
+The
+.I uidNumberPoolMax/gidNumberPoolMax
+statement defines the highest assignable user/group id for use with the
+.I pool
+method.
.PP
.B nextIdHook
@@ -923,11 +974,11 @@ externaly. It gets called with the current entry "dn" and the attribute to be ID
should return an integer value.
.PP
-.B hash
+.B passwordDefaultHash
.I string
.PP
The
-.I hash
+.I passwordDefaultHash
statement defines the default password hash to choose for new accounts. Valid values are
.I crypt/standard-des, crypt/md5, crypt/enhanced-des, crypt/blowfish, md5, sha, ssha, smd5, clear
and
idGenerator="{%sn}-{%givenName[2-4]}"
.fi
- will generate an ID using the full surename, adding a dash, and adding at
+ will generate an ID using the full surname, adding a dash, and adding at
least the first two characters of givenName. If this ID is used, it'll
use up to four characters. If no automatic generation is possible, a
input box is shown.
will generate a three digits id with the next free entry appended to
"acct".
+.nf
+ idGenerator="acct{id!1}"
+.fi
+
+ will generate a one digit id with the next free entry appended to
+ "acct" - if needed.
+
.nf
idGenerator="ext{id#3}"
.fi
@@ -999,15 +1057,6 @@ statement defines the base id to add to ordinary sid calculations - if not avail
inside of the LDAP.
.PP
-.B sambaversion
-.I 2/3
-.PP
-The
-.I sambaversion
-statement defines the version of samba you want to write LDAP entries for. Be sure
-to include the correct schema in this case. Valid values are 2 and 3.
-.PP
-
.B sambaHashHook
.I path
.PP
.if
.PP
-.B sambaidmapping
+.B sambaIdmapping
.I bool
.PP
The
-.I sambaidmapping
+.I sambaIdMapping
statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your
setup this can drastically improve the windows login performance.
.PP
.B Mail options
.PP
.B mailMethod
-.I cyrus/kolab/golab/sendmail
+.I Cyrus/SendmailCyrus/Kolab/Kolab22
.PP
The
.I mailMethod
with a possible mail server. Leave this undefined if your mail method does
not match the predefined ones.
-.I cyrus
+.I Cyrus
maintains accounts and sieve scripts in cyrus servers.
-.I kolab
+.I Kolab/Kolab22
is like cyrus, but lets the kolab daemon maintain the accounts.
-.I golab is like cyrus - just with kolab attributes.
-.I sendmail just disables everything which is IMAP dependent.
+.I SendmailCyrus is based on sendmail LDAP attributes.
.PP
.B cyrusUseSlashes
statement determines if GOsa should use "foo/bar" or "foo.bar" namespaces
in IMAP. Unix style is with slashes.
+.B cyrusDeleteMailbox
+.I bool
+.PP
+The
+.I cyrusDeleteMailbox
+statement determines if GOsa should remove the mailbox from your IMAP
+server or keep it after the account is deleted in LDAP.
+
+.B cyrusAutocreateFolders
+.I string
+.PP
+The
+.I cyrusAutocreateFolders
+statement contains a comma seperated list of personal IMAP folders that
+should be created along initial account creation.
+
.B postfixRestrictionFilters
.I path
.PP
and
.I uid.
+.B imapTimeout
+.I Integer (default 10)
+.PP
+The
+.I imapTimeout
+statement sets the connection timeout for imap actions.
+
+.B mailFolderCreation
+Every mail method has its own way to create mail accounts like
+.I share/development
+or
+.I shared.development@example.com
+which is used to identify the accounts, set quotas or add acls.
+
+To override the methods default account creation syntax, you can set the
+.I mailFolderCreation
+option.
+
+.I Examples
+
+.nf
+ mailFolderCreation="%prefix%%cn%" => "shared.development"
+ mailFolderCreation="my-prefix.%cn%%domain%" => "my-prefix.development@example.com">
+.fi
+
+.I Placeholders
+
+.nf
+ %prefix% The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
+ %cn% The groups/users cn.
+ %uid% The users uid.
+ %mail% The objects mail attribute.
+ %domain% The domain part of the objects mail attribute.
+ %mailpart% The user address part of the mail address.
+ %uattrib% Depends on mailAttribute="uid/mail".
+.fi
+
+
+.B mailUserCreation
+This attribute allows to override the user account creation syntax, see
+the
+.I mailFolderCreation
+description for more details.
+
+.I Examples
+
+.nf
+ mailUserCreation="%prefix%%uid%" => "user.foobar"
+ mailUserCreation=my-prefix.%uid%%domain%" => "my-prefix.foobar@example.com"
+.fi
+
+
.B vacationTemplateDirectory
.I path
.PP
.B Debug options
.PP
-.B displayerrors
+.B displayErrors
.I bool
.PP
The
-.I displayerrors
+.I displayErrors
statement tells GOsa to show PHP errors in the upper part of the screen. This
should be disabled in productive deployments, because there might be some
important passwords arround.
DN here and you'll be able to restore accidently dropped ACLs.
.PP
-.B debuglevel
+.B debugLevel
.I integer
.PP
The
-.I debuglevel
+.I debugLevel
value tells GOsa to display certain information on each page load. Value
is an AND combination of the following byte values:
DEBUG_CONFIG = 64
DEBUG_ACL = 128
+
+DEBUG_SI = 256
+
+DEBUG_MAIL = 512
.PP
If you have only one release, or want to define a default release to be shown
by GOsa, define the
-.I defaultFaiRelease
+.I defaultFaiRelease="ou=sarge,ou=fai,ou=configs,ou=syst..."
within the
.I faiManagement
class definition