X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fcontrib%2Fgosa.conf.5;h=c78026873bacea11b8da2dde5cd0809182c9b759;hb=8577a677f489db15bbd22fe5609ca3394f29135d;hp=43b8644441fec9a96e1b559731c3edaf6ec71636;hpb=d8bb6b08489d7ded1368b838cd034a1feddc7606;p=gosa.git
diff --git a/gosa-core/contrib/gosa.conf.5 b/gosa-core/contrib/gosa.conf.5
index 43b864444..c78026873 100644
--- a/gosa-core/contrib/gosa.conf.5
+++ b/gosa-core/contrib/gosa.conf.5
@@ -89,9 +89,12 @@ You can override an icon by specifying the
.I "icon"
attribute.
-For every plugin, you can provide at least four additional hooks:
+For every plugin, you can provide at least seven additional hooks:
+.I precreate,
+.I preremove,
+.I premodify
.I postcreate,
-.I postdelete,
+.I postremove,
.I postmodify
and
.I check.
@@ -107,7 +110,7 @@ These keywords take a full executable path of a script. You can
provide certain parameters in form of LDAP attributes. '%uid'
will pass the current user id, '%dn' the current object dn, etc.
-The script gets executed after create, delete or modify tasks.
+The script gets executed before(pre) and after(post) create, delete or modify tasks.
.I The
.B check
@@ -180,7 +183,7 @@ each location definition inside of this global definition.
accountPrimaryAttribute="cn"
...
-
@@ -194,29 +197,29 @@ each location definition inside of this global definition.
.B Generic options
.PP
-.B forceglobals
+.B forceGlobals
.I bool
.PP
The
-.I forceglobals
+.I forceGlobals
statement enables PHP security checks to force register_global settings to
be switched off.
.PP
-.B forcessl
+.B forceSSL
.I bool
.PP
The
-.I forceglobals
+.I forceSSL
statement enables PHP security checks to force encrypted access to the web
interface. GOsa will try to redirect to the same URL - just with https://.
.PP
-.B warnssl
+.B warnSSL
.I bool
.PP
The
-.I warnssl
+.I warnSSL
statement enables PHP security checks to detect non encrypted access to
the web interface. GOsa will display a warning in this case.
.PP
@@ -241,14 +244,13 @@ for Sun DS based systems.
The
.I logging
statement enables event logging on GOsa side. Setting it to
-.I syslog,
-GOsa will log every action a user performs via syslog. Setting it to
-.I mysql,
-GOsa will log every action to a mysql server, defined in the
-GOsa systems plugin. Both values can be combined as a comma seperated
-list.
+.I true,
+GOsa will log every action a user performs via syslog. If you use
+rsyslog and configure it to mysql logging, you can browse all events
+within GOsa.
-GOsa will not log anything, if the logging value is empty.
+GOsa will not log anything, if the logging value is empty or set to
+false.
.PP
.B loginAttribute
@@ -271,52 +273,52 @@ The
statement enables copy and paste for LDAP entries managed with GOsa.
.PP
-.B enable_snapshot
+.B enableSnapshots
.I bool
.PP
The
-.I enable_snapshot
+.I enableSnapshots
statement enables a snapshot mechaism in GOsa. This enables you to save
certain states of entries and restore them later on.
.PP
-.B snapshot_base
+.B snapshotBase
.I dn
.PP
The
-.I snapshot_base
+.I snapshotBase
statement defines the base where snapshots should be stored inside of
the LDAP.
.PP
-.B snapshot_server
-.I url
+.B snapshotURI
+.I uri
.PP
The
-.I snapshot_server
-variable defines the LDAP URL for the server which is used to do object
+.I snapshotURI
+variable defines the LDAP URI for the server which is used to do object
snapshots.
.PP
-.B snapshot_user
+.B snapshotAdminDn
.I dn
.PP
The
-.I snapshot_user
+.I snapshotAdminDn
variable defines the user which is used to authenticate when connecting
to
-.I snapshot_server.
+.I snapshotURI.
.PP
-.B snapshot_password
+.B snapshotAdminPassword
.I string
.PP
The
-.I snapshot_password
+.I snapshotAdminPassword
variable defines the credentials which are used in combination with
-.I snapshot_user
+.I snapshotAdminDn
and
-.I snapshot_server
+.I snapshotURI
in order to authenticate.
.PP
@@ -404,6 +406,14 @@ The
variable defines where to store PPD files for the GOto environment plugins.
.PP
+.B ppdGzip
+.I bool
+.PP
+The
+.I ppdGzip
+variable enables PPD file compression.
+.PP
+
.B resolutions
.I path
.PP
@@ -413,20 +423,20 @@ variable defines a plain text file which contains additional resolutions
to be shown in the environment and system plugins.
.PP
-.B htaccess_auth
+.B htaccessAuthentication
.I bool
.PP
The
-.I htaccess_auth
+.I htaccessAuthentication
variable tells GOsa to use either htaccess authentication or LDAP authentication. This
can be used if you want to use i.e. kerberos to authenticate the users.
.PP
-.B gosa_si
+.B gosaSupportURI
.I URI
.PP
The
-.I gosa_si
+.I gosaSupportURI
defines the major gosa-si server host and the password for GOsa to connect to it.
can be used if you want to use i.e. kerberos to authenticate the users.
@@ -437,6 +447,15 @@ credentials@host:port
.fi
.PP
+.B gosaSupportTimeout
+.I integer
+.PP
+The
+.I gosaSupportTimeout
+sets a connection timeout for all gosa-si actions. See
+.I gosaSupportURI
+for details.
+.PP
.B Browser and display options
@@ -450,15 +469,6 @@ GOsa generated lists, displaying a short summary of type and number of
elements in the list.
.PP
-.B iconsize
-.I size value
-.PP
-The
-.I iconsize
-statement sets the icon size in the main menu. Its value should be something
-like 48x48.
-.PP
-
.B sendCompressedOutput
.I true/false
.PP
@@ -510,30 +520,6 @@ not work because the sessions will be removed by a cron job instead. Please modi
the value inside of your php.ini instead.
.PP
-.B primaryGroupFilter
-.I bool
-.PP
-The
-.I primaryGroupFilter
-variable enables or disables the group filter to show primary user groups. It is
-time consuming to evaluate which groups are primary and which are not. So you may
-want to set it to
-.I true
-if your group plugin is slow.
-.PP
-
-.B ie_png_workaround
-.I bool
-.PP
-The
-.I ie_png_workaround
-variable enables or disables a workaround for IE < 7 in order to display transparent
-PNG files correctly. This drastically slows down browsing. Please use Firefox or Opera
-instead.
-.PP
-.PP
-
-
.B Password options
.PP
.B passwordMinLength
@@ -554,18 +540,27 @@ statement determines whether a newly entered password has to be checked
to have at least n different characters.
.PP
-.B passwordHook
-.I path
+.B passwordProposalHook
+.I command
.PP
The
-.I passwordHook
-can specify an external script to handle password settings at some other
-location besides the LDAP. It will be called this way:
+.I passwordProposalHook
+can be used to let GOsa generate password proposals for you.
+Whenever you change a password, you can then decide whether to use the proposal or to manually specify a password.
.nf
-/path/to/your/script "username" "oldpassword" "newpassword"
+/usr/bin/apg -n1
.fi
+.B strictPasswordRules
+.I bool
+.PP
+The
+.I strictPasswordRules
+tells GOsa to check for UTF-8 characters in the supplied password. These
+Characters can lead to non working authentications if UTF-8 and none
+UTF-8 systems locales get mixed. The default is "true".
+
.B handleExpiredAccounts
.I bool
.PP
@@ -644,6 +639,25 @@ selecting
.I personalTitleInDN.
.PP
+.B accountRDN
+.I pattern
+.PP
+The
+.I accountRDN
+option tells GOsa to use a placeholder pattern for generating account
+RDNs. A pattern can include attribute names prefaced by a % and normal
+text:
+.nf
+accountRDN="cn=%sn %givenName"
+.fi
+This will generate a RDN consisting of cn=.... filled with surname and
+given name of the edited account. This option disables the use of
+.I accountPrimaryAttribute
+and
+.I personalTitleInDn
+in your config. The latter attributes are maintained for compatibility.
+
+
.B personalTitleInDN
.I bool
.PP
@@ -683,13 +697,13 @@ defined departments. The default is
.I ou=groups.
.PP
-.B winstations
+.B sambaMachineAccountRDN
.I string
.PP
This statement defines the location where GOsa looks for new samba workstations.
.PP
-.B ogroupou
+.B ogroupRDN
.I string
.PP
This statement defines the location where GOsa creates new object groups inside of defined
@@ -697,7 +711,7 @@ departments. Default is
.I ou=groups.
.PP
-.B serverou
+.B serverRDN
.I string
.PP
This statement defines the location where GOsa creates new servers inside of defined
@@ -705,7 +719,7 @@ departments. Default is
.I ou=servers.
.PP
-.B terminalou
+.B terminalRDN
.I string
.PP
This statement defines the location where GOsa creates new terminals inside of defined
@@ -713,7 +727,7 @@ departments. Default is
.I ou=terminals.
.PP
-.B workstationou
+.B workstationRDN
.I string
.PP
This statement defines the location where GOsa creates new workstations inside of defined
@@ -721,7 +735,7 @@ departments. Default is
.I ou=workstations.
.PP
-.B printerou
+.B printerRDN
.I string
.PP
This statement defines the location where GOsa creates new printers inside of defined
@@ -729,7 +743,7 @@ departments. Default is
.I ou=printers.
.PP
-.B componentou
+.B componentRDN
.I string
.PP
This statement defines the location where GOsa creates new network components inside of defined
@@ -737,7 +751,7 @@ departments. Default is
.I ou=components.
.PP
-.B phoneou
+.B phoneRDN
.I string
.PP
This statement defines the location where GOsa creates new phones inside of defined
@@ -745,7 +759,7 @@ departments. Default is
.I ou=phones.
.PP
-.B conferenceou
+.B phoneConferenceRDN
.I string
.PP
This statement defines the location where GOsa creates new phone conferences inside of defined
@@ -753,7 +767,7 @@ departments. Default is
.I ou=conferences.
.PP
-.B blocklistou
+.B faxBlocklistRDN
.I string
.PP
This statement defines the location where GOsa creates new fax blocklists inside of defined
@@ -761,7 +775,7 @@ departments. Default is
.I ou=blocklists.
.PP
-.B incomingou
+.B systemIncomingRDN
.I string
.PP
This statement defines the location where GOsa looks for new systems to be joined to the LDAP.
@@ -769,7 +783,7 @@ Default is
.I ou=incoming.
.PP
-.B systemsou
+.B systemRDN
.I string
.PP
This statement defines the base location for servers, workstations, terminals, phones and
@@ -777,11 +791,77 @@ components. Default is
.I ou=systems.
.PP
-.B ldap_filter_nesting_limit
+.B ogroupRDN
+.I string
+.PP
+This statement defines the location where GOsa looks for object groups.
+Default is
+.I ou=groups.
+.PP
+
+.B aclRoleRDN
+.I string
+.PP
+This statement defines the location where GOsa stores ACL role definitions.
+Default is
+.I ou=aclroles.
+.PP
+
+.B phoneMacroRDN
+.I string
+.PP
+This statement defines the location where GOsa stores phone macros for use with the Asterisk
+phone server.
+Default is
+.I ou=macros,ou=asterisk,ou=configs,ou=systems.
+.PP
+
+.B faiBaseRDN
+.I string
+.PP
+This statement defines the location where GOsa looks for FAI settings.
+Default is
+.I ou=fai,ou=configs,ou=systems.
+.PP
+
+.B faiScriptRDN, faiHookRDN, faiTemplateRDN, faiVariableRDN, faiProfileRDN, faiPackageRDN, faiPartitionRDN
+.I string
+.PP
+These statement define the location where GOsa stores FAI classes. The complete base for the
+corresponding class is an additive of
+.B faiBaseRDN
+an and this value.
+.PP
+
+.B deviceRDN
+.I string
+.PP
+This statement defines the location where GOsa looks for devices.
+Default is
+.I ou=devices.
+.PP
+
+.B mimetypeRDN
+.I string
+.PP
+This statement defines the location where GOsa stores mime type definitions.
+Default is
+.I ou=mimetypes.
+.PP
+
+.B applicationRDN
+.I string
+.PP
+This statement defines the location where GOsa stores application definitions.
+Default is
+.I ou=apps.
+.PP
+
+.B ldapFilterNestingLimit
.I integer
.PP
The
-.I ldap_filter_nesting_limit
+.I ldapFilterNestingLimit
statement can be used to speed up group handling for groups with several hundreds of members.
The default behaviour is, that GOsa will resolv the memberUid values in a group to real names.
To achieve this, it writes a single filter to minimize searches. Some LDAP servers (namely
@@ -789,20 +869,20 @@ Sun DS) simply crash when the filter gets too big. You can set a member limit, w
stop to do these lookups.
.PP
-.B sizelimit
+.B ldapSizelimit
.I integer
.PP
The
-.I sizelimit
+.I ldapSizelimit
statement tells GOsa to retrieve the specified maximum number of results. The user will get
a warning, that not all entries were shown.
.PP
-.B recursive
+.B ldapFollowReferrals
.I bool
.PP
The
-.I recursive
+.I ldapFollowReferrals
statement tells GOsa to follow LDAP referrals.
.PP
.PP
@@ -820,7 +900,7 @@ with your
.I adduser.conf
to avoid overlapping uidNumber values between local and LDAP based lookups. The uidNumberBase
can even be dynamic. Take a look at the
-.I nextIdHook
+.I baseIdHook
definition below.
.PP
@@ -838,13 +918,50 @@ can even be dynamic. Take a look at the
definition below.
.PP
+.B idAllocationMethod
+.I traditional/pool
+.PP
+The
+.I idAllocationMethod
+statement defines how GOsa generates numeric user and group id values. If it is set to
+.I traditional
+GOsa will do create a lock and perform a search for the next free ID. The lock will be
+removed after the procedure completes.
+.I pool
+will use the sambaUnixIdPool objectclass settings inside your LDAP. This one is unsafe,
+because it does not check for concurrent LDAP access and already used IDs in this range.
+On the other hand it is much faster.
+.PP
+
.B minId
.I integer
.PP
The
.I minId
statement defines the minimum assignable user or group id to avoid security leaks with
-uid 0 accounts.
+uid 0 accounts. This is used for the
+.I traditional
+method
+.PP
+
+.B uidNumberPoolMin/gidNumberPoolMin
+.I integer
+.PP
+The
+.I uidNumberPoolMin/gidNumberPoolMin
+statement defines the minimum assignable user/group id for use with the
+.I pool
+method.
+.PP
+
+.B uidNumberPoolMax/gidNumberPoolMax
+.I integer
+.PP
+The
+.I uidNumberPoolMax/gidNumberPoolMax
+statement defines the highest assignable user/group id for use with the
+.I pool
+method.
.PP
.B nextIdHook
@@ -857,11 +974,11 @@ externaly. It gets called with the current entry "dn" and the attribute to be ID
should return an integer value.
.PP
-.B hash
+.B passwordDefaultHash
.I string
.PP
The
-.I hash
+.I passwordDefaultHash
statement defines the default password hash to choose for new accounts. Valid values are
.I crypt/standard-des, crypt/md5, crypt/enhanced-des, crypt/blowfish, md5, sha, ssha, smd5, clear
and
@@ -887,7 +1004,7 @@ functions supported - which can be combined:
idGenerator="{%sn}-{%givenName[2-4]}"
.fi
- will generate an ID using the full surename, adding a dash, and adding at
+ will generate an ID using the full surname, adding a dash, and adding at
least the first two characters of givenName. If this ID is used, it'll
use up to four characters. If no automatic generation is possible, a
input box is shown.
@@ -903,6 +1020,13 @@ functions supported - which can be combined:
will generate a three digits id with the next free entry appended to
"acct".
+.nf
+ idGenerator="acct{id!1}"
+.fi
+
+ will generate a one digit id with the next free entry appended to
+ "acct" - if needed.
+
.nf
idGenerator="ext{id#3}"
.fi
@@ -933,15 +1057,6 @@ statement defines the base id to add to ordinary sid calculations - if not avail
inside of the LDAP.
.PP
-.B sambaversion
-.I 2/3
-.PP
-The
-.I sambaversion
-statement defines the version of samba you want to write LDAP entries for. Be sure
-to include the correct schema in this case. Valid values are 2 and 3.
-.PP
-
.B sambaHashHook
.I path
.PP
@@ -957,11 +1072,11 @@ perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \\$ARGV[0]), $/;"
.if
.PP
-.B sambaidmapping
+.B sambaIdmapping
.I bool
.PP
The
-.I sambaidmapping
+.I sambaIdMapping
statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your
setup this can drastically improve the windows login performance.
.PP
@@ -969,16 +1084,16 @@ setup this can drastically improve the windows login performance.
.B Asterisk options
.PP
-.B ctihook
+.B ctiHook
.I path
.PP
The
-.I ctihook
+.I ctiHook
statement defines a script to be executed if someone clicks on a phone number
inside of the addressbook plugin. It gets called with two parameters:
.nf
-ctihook $source_number $destination_number
+ctiHook $source_number $destination_number
.fi
This script can be used to do automatted dialing from the addressbook.
@@ -988,7 +1103,7 @@ This script can be used to do automatted dialing from the addressbook.
.B Mail options
.PP
.B mailMethod
-.I cyrus/kolab/golab/sendmail
+.I Cyrus/SendmailCyrus/Kolab/Kolab22
.PP
The
.I mailMethod
@@ -996,12 +1111,11 @@ statement tells GOsa which mail method the setup should use to communicate
with a possible mail server. Leave this undefined if your mail method does
not match the predefined ones.
-.I cyrus
+.I Cyrus
maintains accounts and sieve scripts in cyrus servers.
-.I kolab
+.I Kolab/Kolab22
is like cyrus, but lets the kolab daemon maintain the accounts.
-.I golab is like cyrus - just with kolab attributes.
-.I sendmail just disables everything which is IMAP dependent.
+.I SendmailCyrus is based on sendmail LDAP attributes.
.PP
.B cyrusUseSlashes
@@ -1012,19 +1126,35 @@ The
statement determines if GOsa should use "foo/bar" or "foo.bar" namespaces
in IMAP. Unix style is with slashes.
-.B additionalrestrictionfilters
+.B cyrusDeleteMailbox
+.I bool
+.PP
+The
+.I cyrusDeleteMailbox
+statement determines if GOsa should remove the mailbox from your IMAP
+server or keep it after the account is deleted in LDAP.
+
+.B cyrusAutocreateFolders
+.I string
+.PP
+The
+.I cyrusAutocreateFolders
+statement contains a comma seperated list of personal IMAP folders that
+should be created along initial account creation.
+
+.B postfixRestrictionFilters
.I path
.PP
The
-.I additionalrestrictionfilters
+.I postfixRestrictionFilters
statement defines a file to include for the postfix module in order
to display user defined restriction filters.
-.B additionalprotocols
+.B postfixProtocols
.I path
.PP
The
-.I additionalprotocols
+.I postfixProtocols
statement defines a file to include for the postfix module in order
to display user defined protocols.
@@ -1039,6 +1169,58 @@ Valid values are
and
.I uid.
+.B imapTimeout
+.I Integer (default 10)
+.PP
+The
+.I imapTimeout
+statement sets the connection timeout for imap actions.
+
+.B mailFolderCreation
+Every mail method has its own way to create mail accounts like
+.I share/development
+or
+.I shared.development@example.com
+which is used to identify the accounts, set quotas or add acls.
+
+To override the methods default account creation syntax, you can set the
+.I mailFolderCreation
+option.
+
+.I Examples
+
+.nf
+ mailFolderCreation="%prefix%%cn%" => "shared.development"
+ mailFolderCreation="my-prefix.%cn%%domain%" => "my-prefix.development@example.com">
+.fi
+
+.I Placeholders
+
+.nf
+ %prefix% The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
+ %cn% The groups/users cn.
+ %uid% The users uid.
+ %mail% The objects mail attribute.
+ %domain% The domain part of the objects mail attribute.
+ %mailpart% The user address part of the mail address.
+ %uattrib% Depends on mailAttribute="uid/mail".
+.fi
+
+
+.B mailUserCreation
+This attribute allows to override the user account creation syntax, see
+the
+.I mailFolderCreation
+description for more details.
+
+.I Examples
+
+.nf
+ mailUserCreation="%prefix%%uid%" => "user.foobar"
+ mailUserCreation=my-prefix.%uid%%domain%" => "my-prefix.foobar@example.com"
+.fi
+
+
.B vacationTemplateDirectory
.I path
.PP
@@ -1062,11 +1244,11 @@ Example template /etc/gosa/vacation/business.txt:
.B Debug options
.PP
-.B displayerrors
+.B displayErrors
.I bool
.PP
The
-.I displayerrors
+.I displayErrors
statement tells GOsa to show PHP errors in the upper part of the screen. This
should be disabled in productive deployments, because there might be some
important passwords arround.
@@ -1081,20 +1263,20 @@ statement tells GOsa to track LDAP timing statistics to the syslog. This may
help to find indexing problems or bad search filters.
.PP
-.B ignore_acl
+.B ignoreAcl
.I dn
.PP
The
-.I ignore_acl
+.I ignoreAcl
value tells GOsa to ignore complete ACL sets for the given DN. Add your
DN here and you'll be able to restore accidently dropped ACLs.
.PP
-.B debuglevel
+.B debugLevel
.I integer
.PP
The
-.I debuglevel
+.I debugLevel
value tells GOsa to display certain information on each page load. Value
is an AND combination of the following byte values:
@@ -1113,6 +1295,10 @@ DEBUG_SESSION = 32
DEBUG_CONFIG = 64
DEBUG_ACL = 128
+
+DEBUG_SI = 256
+
+DEBUG_MAIL = 512
.PP
@@ -1126,13 +1312,13 @@ These entries define the way how to connect to some directory service.
.B Example:
.nf
-
.fi
-.I url
-is a valid LDAP url extendet by the base this referral is responsible for.
+.I uri
+is a valid LDAP uri extendet by the base this referral is responsible for.
.I admin
is the DN which has the permission to write LDAP entries. And
.I password
@@ -1141,6 +1327,103 @@ is the corresponding password for this DN.
You can define a set of referrals if you have several server to
connect to.
+.SH Settings for the environment plugin
+
+In order to make full use of the environment plugin, you may want
+to define the location where kiosk profiles will be stored on the
+servers harddisk.
+
+This is done by the
+.I kioskPath
+keyword defined within the
+.I environment
+class definition inside your gosa.conf.
+
+.B Example:
+
+.nf
+
+.fi
+
+Make sure, that this path is writeable by GOsa.
+
+.SH Settings for the FAI plugin
+
+The FAI plugin can be used in a way that it generates branched or
+freezed releases inside your repository. Specifying the
+.I postcreate
+and
+.I postmodify
+keywords in the
+.I servrepository
+definition, calls the provided script as a hook when adding or
+removing branches. This script should do the rest inside of your
+repository.
+
+.B Example:
+
+.nf
+