index cfb650690521ae13f4ae8103c60a79a58b863a52..1e439731644dc7ae0bfd630ae1b661f8b3189255 100644 (file)
that stores information somewhere around) to read the gosa.conf file, which
may contain vital information about your LDAP service.
-To make it harder to extract these passwords, they get passed by request
-headers by default.
+To make it harder to extract these passwords, they get encrypted by a
+master password only readable by the GOsa location.
+
+You can simply migrate old existing passwords by typing:
+
+# a2enmod headers
+# gosa-encrypt-passwords
+# /etc/init.d/apache2 reload
If this is not enough for you (exploitable PHP code may make it possible to
read the webservers memory), you can simply create another webserver instance
gosa-schema package and add at least the following lines to your
LDAP-servers slapd.conf:
-Samba 2:
-include /etc/ldap/schema/samba.schema
-include /etc/ldap/schema/trust.schema
-include /etc/ldap/schema/gosystem.schema
-include /etc/ldap/schema/gofon.schema
-include /etc/ldap/schema/goto.schema
-include /etc/ldap/schema/gosa.schema
-include /etc/ldap/schema/gofax.schema
-include /etc/ldap/schema/goserver.schema
-include /etc/ldap/schema/goto-mime.schema
-
Samba 3:
-include /etc/ldap/schema/samba3.schema
-include /etc/ldap/schema/trust.schema
-include /etc/ldap/schema/gosystem.schema
-include /etc/ldap/schema/gofon.schema
-include /etc/ldap/schema/goto.schema
-include /etc/ldap/schema/gosa+samba3.schema
-include /etc/ldap/schema/gofax.schema
-include /etc/ldap/schema/goserver.schema
-include /etc/ldap/schema/goto-mime.schema
-
-Schema files for samba and trust accounts are not part of the
-gosa-schema package, but are included in:
-
-/usr/share/doc/gosa/contrib/openldap
+include /etc/ldap/schema/gosa/samba3.schema
+include /etc/ldap/schema/gosa/trust.schema
+include /etc/ldap/schema/gosa/gosystem.schema
+include /etc/ldap/schema/gosa/gofon.schema
+include /etc/ldap/schema/gosa/goto.schema
+include /etc/ldap/schema/gosa/gosa-samba3.schema
+include /etc/ldap/schema/gosa/gofax.schema
+include /etc/ldap/schema/gosa/goserver.schema
+include /etc/ldap/schema/gosa/goto-mime.schema
There's no need to have samba services up and running, GOsa only
uses the NT/LM attributes to pre-generate samba password hashes -