X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fcontrib%2Fgosa.conf.5;h=c78026873bacea11b8da2dde5cd0809182c9b759;hb=8577a677f489db15bbd22fe5609ca3394f29135d;hp=6e0fb2da225f8bf9288ca7fe959f3c8820fab069;hpb=07e3fef6d8486276130c0ad8d603aad189244587;p=gosa.git diff --git a/gosa-core/contrib/gosa.conf.5 b/gosa-core/contrib/gosa.conf.5 index 6e0fb2da2..c78026873 100644 --- a/gosa-core/contrib/gosa.conf.5 +++ b/gosa-core/contrib/gosa.conf.5 @@ -1,4 +1,4 @@ -.TH gosa.conf 5 +.TH gosa.conf 5 "2008-04-07" "GOsa v2.6" "Debian" .SH NAME gosa.conf - GOsa configuration file .SH DESCRIPTION @@ -27,7 +27,7 @@ information about several locations. .nf - + ... @@ -89,9 +89,12 @@ You can override an icon by specifying the .I "icon" attribute. -For every plugin, you can provide at least four additional hooks: +For every plugin, you can provide at least seven additional hooks: +.I precreate, +.I preremove, +.I premodify .I postcreate, -.I postdelete, +.I postremove, .I postmodify and .I check. @@ -107,7 +110,7 @@ These keywords take a full executable path of a script. You can provide certain parameters in form of LDAP attributes. '%uid' will pass the current user id, '%dn' the current object dn, etc. -The script gets executed after create, delete or modify tasks. +The script gets executed before(pre) and after(post) create, delete or modify tasks. .I The .B check @@ -172,15 +175,15 @@ each location definition inside of this global definition. .nf
@@ -194,38 +197,38 @@ each location definition inside of this global definition. .B Generic options .PP -.B forceglobals +.B forceGlobals .I bool .PP The -.I forceglobals +.I forceGlobals statement enables PHP security checks to force register_global settings to be switched off. .PP -.B forcessl +.B forceSSL .I bool .PP The -.I forceglobals +.I forceSSL statement enables PHP security checks to force encrypted access to the web interface. GOsa will try to redirect to the same URL - just with https://. .PP -.B warnssl +.B warnSSL .I bool .PP The -.I warnssl +.I warnSSL statement enables PHP security checks to detect non encrypted access to the web interface. GOsa will display a warning in this case. .PP -.B uniq_identifier +.B modificationDetectionAttribute .I string .PP The -.I uniq_identifier +.I modificationDetectionAttribute statement enables GOsa to check if a entry currently being edited has been modified from someone else outside GOsa in the meantime. It will display an informative dialog then. It can be set to @@ -241,21 +244,20 @@ for Sun DS based systems. The .I logging statement enables event logging on GOsa side. Setting it to -.I syslog, -GOsa will log every action a user performs via syslog. Setting it to -.I mysql, -GOsa will log every action to a mysql server, defined in the -GOsa systems plugin. Both values can be combined as a comma seperated -list. +.I true, +GOsa will log every action a user performs via syslog. If you use +rsyslog and configure it to mysql logging, you can browse all events +within GOsa. -GOsa will not log anything, if the logging value is empty. +GOsa will not log anything, if the logging value is empty or set to +false. .PP -.B login_attribute +.B loginAttribute .I string .PP The -.I login_attribute +.I loginAttribute statement tells GOsa which LDAP attribute is used as the login name during login. It can be set to .I uid, mail @@ -263,60 +265,60 @@ or .I both. .PP -.B enableCopyPaste +.B copyPaste .I bool .PP The -.I enableCopyPaste +.I copyPaste statement enables copy and paste for LDAP entries managed with GOsa. .PP -.B enable_snapshot +.B enableSnapshots .I bool .PP The -.I enable_snapshot +.I enableSnapshots statement enables a snapshot mechaism in GOsa. This enables you to save certain states of entries and restore them later on. .PP -.B snapshot_base +.B snapshotBase .I dn .PP The -.I snapshot_base +.I snapshotBase statement defines the base where snapshots should be stored inside of the LDAP. .PP -.B snapshot_server -.I url +.B snapshotURI +.I uri .PP The -.I snapshot_server -variable defines the LDAP URL for the server which is used to do object +.I snapshotURI +variable defines the LDAP URI for the server which is used to do object snapshots. .PP -.B snapshot_user +.B snapshotAdminDn .I dn .PP The -.I snapshot_user +.I snapshotAdminDn variable defines the user which is used to authenticate when connecting to -.I snapshot_server. +.I snapshotURI. .PP -.B snapshot_password +.B snapshotAdminPassword .I string .PP The -.I snapshot_password +.I snapshotAdminPassword variable defines the credentials which are used in combination with -.I snapshot_user +.I snapshotAdminDn and -.I snapshot_server +.I snapshotURI in order to authenticate. .PP @@ -329,11 +331,11 @@ statement defines the LDAP base, where GOsa stores management information, such as site wide locking and user notifications. .PP -.B compile +.B templateCompileDirectory .I path .PP The -.I compile +.I templateCompileDirectory statements defines the path, where the PHP templating engins .I smarty should store its compiled GOsa templates for improved speed. This path @@ -352,30 +354,30 @@ The value should be a unix conform timezone value like in /etc/timezone. .PP -.B governmentmode +.B honourIvbbAttributes .I bool .PP The -.I governmentmode +.I honourIvbbAttributes statement enables the IVBB mode inside of GOsa. You need the ivbb.schema file from used by german authorities. .PP -.B strict +.B strictNamingRules .I bool .PP The -.I strict +.I strictNamingRules statement enables strict checking of uids and group names. If you need characters like . or - inside of your accounts, set this to .I false. .PP -.B strict_units +.B honourUnitTags .I bool .PP The -.I strict_units +.I honourUnitTags statement enables checking of .I unitTag attributes when using administrative units. If this is set to @@ -396,52 +398,101 @@ on unix systems, you've to adjust your NSS configuration to use rfc2307bis style groups, too. .PP -.B ppd_path +.B ppdPath .I path .PP The -.I ppd_path +.I ppdPath variable defines where to store PPD files for the GOto environment plugins. .PP + +.B ppdGzip +.I bool +.PP +The +.I ppdGzip +variable enables PPD file compression. +.PP + +.B resolutions +.I path +.PP +The +.I resolutions +variable defines a plain text file which contains additional resolutions +to be shown in the environment and system plugins. +.PP + +.B htaccessAuthentication +.I bool +.PP +The +.I htaccessAuthentication +variable tells GOsa to use either htaccess authentication or LDAP authentication. This +can be used if you want to use i.e. kerberos to authenticate the users. .PP +.B gosaSupportURI +.I URI +.PP +The +.I gosaSupportURI +defines the major gosa-si server host and the password for GOsa to connect to it. +can be used if you want to use i.e. kerberos to authenticate the users. + +The format is: + +.nf +credentials@host:port +.fi +.PP + +.B gosaSupportTimeout +.I integer +.PP +The +.I gosaSupportTimeout +sets a connection timeout for all gosa-si actions. See +.I gosaSupportURI +for details. +.PP .B Browser and display options -.B list_summary +.B listSummary .I true/false .PP The -.I list_summary +.I listSummary statement determines whether a status bar will be shown on the bottom of GOsa generated lists, displaying a short summary of type and number of elements in the list. .PP -.B compressed +.B sendCompressedOutput .I true/false .PP The -.I compressed +.I sendCompressedOutput statement determines whether PHP should send compressed HTML pages to browsers or not. This may increase or decrease the performance, depending on your network. .PP -.B save_filter +.B storeFilterSettings .I true/false .PP The -.I save_filter +.I storeFilterSettings statement determines whether GOsa should store filter and plugin settings inside of a cookie. .PP -.B lang +.B language .I string .PP The -.I lang +.I language statement defines the default language used by GOsa. Normally GOsa autodetects the language from the browser settings. If this is not working or you want to force the language, just add the language code (i.e. de for german) here. @@ -459,86 +510,71 @@ within themes. Take a look at the GOsa for more information. .PP -.B session_lifetime +.B sessionLifetime .I int .PP The -.I session_lifetime +.I sessionLifetime value defines when a session will expire in seconds. For Debian systems, this will not work because the sessions will be removed by a cron job instead. Please modify the value inside of your php.ini instead. .PP -.B noprimarygroup -.I bool -.PP -The -.I noprimarygroup -variable enables or disables the group filter to show primary user groups. It is -time consuming to evaluate which groups are primary and which are not. So you may -want to set it to -.I true -if your group plugin is slow. -.PP - -.B ie_png_workaround -.I bool -.PP -The -.I ie_png_workaround -variable enables or disables a workaround for IE < 7 in order to display transparent -PNG files correctly. This drastically slows down browsing. Please use Firefox or Opera -instead. -.PP -.PP - - .B Password options .PP -.B pwminlen +.B passwordMinLength .I integer .PP The -.I pwminlen +.I passwordMinLength statement determines whether a newly entered password has to be of a minimum length. .PP -.B pwdiffer +.B passwordMinDiffer .I integer .PP The -.I pwdiffer +.I passwordMinDiffer statement determines whether a newly entered password has to be checked to have at least n different characters. .PP -.B externalpwdhook -.I path +.B passwordProposalHook +.I command .PP The -.I externalpwdhook -can specify an external script to handle password settings at some other -location besides the LDAP. It will be called this way: +.I passwordProposalHook +can be used to let GOsa generate password proposals for you. +Whenever you change a password, you can then decide whether to use the proposal or to manually specify a password. .nf -/path/to/your/script "username" "oldpassword" "newpassword" +/usr/bin/apg -n1 .fi -.B account_expiration +.B strictPasswordRules +.I bool +.PP +The +.I strictPasswordRules +tells GOsa to check for UTF-8 characters in the supplied password. These +Characters can lead to non working authentications if UTF-8 and none +UTF-8 systems locales get mixed. The default is "true". + +.B handleExpiredAccounts .I bool .PP The -.I account_expiration +.I handleExpiredAccounts statement enables shadow attribute tests during the login to the GOsa web interface and forces password renewal or account lockout. .PP -.B krbsasl +.B useSaslForKerberos .I bool .PP The -.I krbsasl +.I useSaslForKerberos statement defines the way the kerberos realm is stored in the .I userPassword attribute. Set it to @@ -553,37 +589,37 @@ needed from time to time. .B LDAP options .PP -.B max_ldap_query_time +.B ldapMaxQueryTime .I integer .PP The -.I max_ldap_query_time +.I ldapMaxQueryTime statement tells GOsa to stop LDAP actions if there is no answer within the specified number of seconds. .PP -.B schema_check +.B schemaCheck .I bool .PP The -.I schema_check +.I schemaCheck statement enables or disables schema checking during login. It is recommended to switch this on in order to let GOsa handle object creation more efficient. .PP -.B tls +.B ldapTLS .I bool .PP The -.I tls +.I ldapTLS statement enables or disables TLS operating on LDAP connections. .PP -.B dnmode +.B accountPrimaryAttribute .I cn/uid .PP The -.I dnmode +.I accountPrimaryAttribute option tells GOsa how to create new accounts. Possible values are .I uid and @@ -597,58 +633,77 @@ In the second case, GOsa creates cn style DN entries: cn=Foo Bar,ou=staff,dc=example,dc=net .fi If you choose "cn" to be your -.I dnmode +.I accountPrimaryAttribute you can decide whether to include the personal title in your dn by selecting -.I include_personal_title. +.I personalTitleInDN. .PP -.B include_personal_title +.B accountRDN +.I pattern +.PP +The +.I accountRDN +option tells GOsa to use a placeholder pattern for generating account +RDNs. A pattern can include attribute names prefaced by a % and normal +text: +.nf +accountRDN="cn=%sn %givenName" +.fi +This will generate a RDN consisting of cn=.... filled with surname and +given name of the edited account. This option disables the use of +.I accountPrimaryAttribute +and +.I personalTitleInDn +in your config. The latter attributes are maintained for compatibility. + + +.B personalTitleInDN .I bool .PP The -.I include_personal_title +.I personalTitleInDN option tells GOsa to include the personal title in user DNs when -.I dnmode +.I accountPrimaryAttribute is set to "cn". -.B people +.B userRDN .I string .PP The -.I people +.I userRDN statement defines the location where new accounts will be created inside of defined departments. The default is .I ou=people. .PP -.B groups +.B groupsRDN .I string .PP The -.I groups +.I groupsRDN statement defines the location where new groups will be created inside of defined departments. The default is .I ou=groups. .PP -.B sudoou +.B sudoRDN .I string .PP The -.I sudoou +.I sudoRDN statement defines the location where new groups will be created inside of defined departments. The default is .I ou=groups. .PP -.B winstations +.B sambaMachineAccountRDN .I string .PP This statement defines the location where GOsa looks for new samba workstations. .PP -.B ogroupou +.B ogroupRDN .I string .PP This statement defines the location where GOsa creates new object groups inside of defined @@ -656,7 +711,7 @@ departments. Default is .I ou=groups. .PP -.B serverou +.B serverRDN .I string .PP This statement defines the location where GOsa creates new servers inside of defined @@ -664,7 +719,7 @@ departments. Default is .I ou=servers. .PP -.B terminalou +.B terminalRDN .I string .PP This statement defines the location where GOsa creates new terminals inside of defined @@ -672,7 +727,7 @@ departments. Default is .I ou=terminals. .PP -.B workstationou +.B workstationRDN .I string .PP This statement defines the location where GOsa creates new workstations inside of defined @@ -680,7 +735,7 @@ departments. Default is .I ou=workstations. .PP -.B printerou +.B printerRDN .I string .PP This statement defines the location where GOsa creates new printers inside of defined @@ -688,7 +743,7 @@ departments. Default is .I ou=printers. .PP -.B componentou +.B componentRDN .I string .PP This statement defines the location where GOsa creates new network components inside of defined @@ -696,7 +751,7 @@ departments. Default is .I ou=components. .PP -.B phoneou +.B phoneRDN .I string .PP This statement defines the location where GOsa creates new phones inside of defined @@ -704,7 +759,7 @@ departments. Default is .I ou=phones. .PP -.B conferenceou +.B phoneConferenceRDN .I string .PP This statement defines the location where GOsa creates new phone conferences inside of defined @@ -712,7 +767,7 @@ departments. Default is .I ou=conferences. .PP -.B blocklistou +.B faxBlocklistRDN .I string .PP This statement defines the location where GOsa creates new fax blocklists inside of defined @@ -720,7 +775,7 @@ departments. Default is .I ou=blocklists. .PP -.B incomingou +.B systemIncomingRDN .I string .PP This statement defines the location where GOsa looks for new systems to be joined to the LDAP. @@ -728,7 +783,7 @@ Default is .I ou=incoming. .PP -.B systemsou +.B systemRDN .I string .PP This statement defines the base location for servers, workstations, terminals, phones and @@ -736,11 +791,77 @@ components. Default is .I ou=systems. .PP -.B ldap_filter_nesting_limit +.B ogroupRDN +.I string +.PP +This statement defines the location where GOsa looks for object groups. +Default is +.I ou=groups. +.PP + +.B aclRoleRDN +.I string +.PP +This statement defines the location where GOsa stores ACL role definitions. +Default is +.I ou=aclroles. +.PP + +.B phoneMacroRDN +.I string +.PP +This statement defines the location where GOsa stores phone macros for use with the Asterisk +phone server. +Default is +.I ou=macros,ou=asterisk,ou=configs,ou=systems. +.PP + +.B faiBaseRDN +.I string +.PP +This statement defines the location where GOsa looks for FAI settings. +Default is +.I ou=fai,ou=configs,ou=systems. +.PP + +.B faiScriptRDN, faiHookRDN, faiTemplateRDN, faiVariableRDN, faiProfileRDN, faiPackageRDN, faiPartitionRDN +.I string +.PP +These statement define the location where GOsa stores FAI classes. The complete base for the +corresponding class is an additive of +.B faiBaseRDN +an and this value. +.PP + +.B deviceRDN +.I string +.PP +This statement defines the location where GOsa looks for devices. +Default is +.I ou=devices. +.PP + +.B mimetypeRDN +.I string +.PP +This statement defines the location where GOsa stores mime type definitions. +Default is +.I ou=mimetypes. +.PP + +.B applicationRDN +.I string +.PP +This statement defines the location where GOsa stores application definitions. +Default is +.I ou=apps. +.PP + +.B ldapFilterNestingLimit .I integer .PP The -.I ldap_filter_nesting_limit +.I ldapFilterNestingLimit statement can be used to speed up group handling for groups with several hundreds of members. The default behaviour is, that GOsa will resolv the memberUid values in a group to real names. To achieve this, it writes a single filter to minimize searches. Some LDAP servers (namely @@ -748,20 +869,20 @@ Sun DS) simply crash when the filter gets too big. You can set a member limit, w stop to do these lookups. .PP -.B sizelimit +.B ldapSizelimit .I integer .PP The -.I sizelimit +.I ldapSizelimit statement tells GOsa to retrieve the specified maximum number of results. The user will get a warning, that not all entries were shown. .PP -.B recursive +.B ldapFollowReferrals .I bool .PP The -.I recursive +.I ldapFollowReferrals statement tells GOsa to follow LDAP referrals. .PP .PP @@ -769,58 +890,95 @@ statement tells GOsa to follow LDAP referrals. .B Account creation options .PP -.B uidbase +.B uidNumberBase .I integer .PP The -.I uidbase +.I uidNumberBase statement defines where to start looking for a new free user id. This should be synced with your .I adduser.conf -to avoid overlapping uidNumber values between local and LDAP based lookups. The uidbase +to avoid overlapping uidNumber values between local and LDAP based lookups. The uidNumberBase can even be dynamic. Take a look at the -.I base_hook +.I baseIdHook definition below. .PP -.B gidbase +.B gidNumberBase .I integer .PP The -.I gidbase +.I gidNumberBase statement defines where to start looking for a new free group id. This should be synced with your .I adduser.conf -to avoid overlapping gidNumber values between local and LDAP based lookups. The gidbase +to avoid overlapping gidNumber values between local and LDAP based lookups. The gidNumberBase can even be dynamic. Take a look at the -.I base_hook +.I nextIdHook definition below. .PP -.B minid +.B idAllocationMethod +.I traditional/pool +.PP +The +.I idAllocationMethod +statement defines how GOsa generates numeric user and group id values. If it is set to +.I traditional +GOsa will do create a lock and perform a search for the next free ID. The lock will be +removed after the procedure completes. +.I pool +will use the sambaUnixIdPool objectclass settings inside your LDAP. This one is unsafe, +because it does not check for concurrent LDAP access and already used IDs in this range. +On the other hand it is much faster. +.PP + +.B minId .I integer .PP The -.I minid +.I minId statement defines the minimum assignable user or group id to avoid security leaks with -uid 0 accounts. +uid 0 accounts. This is used for the +.I traditional +method .PP -.B base_hook +.B uidNumberPoolMin/gidNumberPoolMin +.I integer +.PP +The +.I uidNumberPoolMin/gidNumberPoolMin +statement defines the minimum assignable user/group id for use with the +.I pool +method. +.PP + +.B uidNumberPoolMax/gidNumberPoolMax +.I integer +.PP +The +.I uidNumberPoolMax/gidNumberPoolMax +statement defines the highest assignable user/group id for use with the +.I pool +method. +.PP + +.B nextIdHook .I path .PP The -.I base_hook +.I nextIdHook statement defines a script to be called for finding the next free id for users or groups externaly. It gets called with the current entry "dn" and the attribute to be ID'd. It should return an integer value. .PP -.B hash +.B passwordDefaultHash .I string .PP The -.I hash +.I passwordDefaultHash statement defines the default password hash to choose for new accounts. Valid values are .I crypt/standard-des, crypt/md5, crypt/enhanced-des, crypt/blowfish, md5, sha, ssha, smd5, clear and @@ -828,40 +986,49 @@ and These values will be overridden when using templates. .PP -.B idgen +.B idGenerator .I string .PP The -.I idgen +.I idGenerator statement describes an automatic way to generate new user ids. There are two basic functions supported - which can be combined: a) using attributes + You can specify LDAP attributes (currently only sn and givenName) in braces {} and add a percent sign befor it. Optionally you can strip it down to a number of characters, specified in []. I.e. .nf - idgen="{%sn}-{%givenName[2-4]}" + idGenerator="{%sn}-{%givenName[2-4]}" .fi - will generate an ID using the full surename, adding a dash, and adding at + will generate an ID using the full surname, adding a dash, and adding at least the first two characters of givenName. If this ID is used, it'll use up to four characters. If no automatic generation is possible, a input box is shown. b) using automatic id's + I.e. specifying .nf - idgen="acct{id:3}" + idGenerator="acct{id:3}" .fi will generate a three digits id with the next free entry appended to "acct". .nf - idgen="ext{id#3}" + idGenerator="acct{id!1}" +.fi + + will generate a one digit id with the next free entry appended to + "acct" - if needed. + +.nf + idGenerator="ext{id#3}" .fi will generate a three digits random number appended to "ext". @@ -871,58 +1038,391 @@ functions supported - which can be combined: .B Samba options .PP -.B sid +.B sambaSID .I string .PP The -.I sid +.I sambaSID statement defines a samba SID if not available inside of the LDAP. You can retrieve the current sid by .I net getlocalsid. .PP -.B ridbase +.B sambaRidBase .I integer .PP The -.I ridbase +.I sambaRidBase statement defines the base id to add to ordinary sid calculations - if not available inside of the LDAP. .PP -.B sambaversion -.I 2/3 -.PP -The -.I sambaversion -statement defines the version of samba you want to write LDAP entries for. Be sure -to include the correct schema in this case. Valid values are 2 and 3. -.PP - -.B smbhash +.B sambaHashHook .I path .PP The -.I smbhash +.I sambaHashHook statement contains an executable to generate samba hash values. This is required for password synchronization, but not required if you apply gosa-si services. If you don't have mkntpasswd from the samba distribution installed, you can use perl to generate the hash: .nf -perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;" +perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \\$ARGV[0]), $/;" .if .PP -.B sambaidmapping +.B sambaIdmapping .I bool .PP The -.I sambaidmapping +.I sambaIdMapping statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your setup this can drastically improve the windows login performance. +.PP +.PP +.B Asterisk options +.PP +.B ctiHook +.I path +.PP +The +.I ctiHook +statement defines a script to be executed if someone clicks on a phone number +inside of the addressbook plugin. It gets called with two parameters: +.nf +ctiHook $source_number $destination_number +.fi + +This script can be used to do automatted dialing from the addressbook. +.PP +.PP + +.B Mail options +.PP +.B mailMethod +.I Cyrus/SendmailCyrus/Kolab/Kolab22 +.PP +The +.I mailMethod +statement tells GOsa which mail method the setup should use to communicate +with a possible mail server. Leave this undefined if your mail method does +not match the predefined ones. + +.I Cyrus +maintains accounts and sieve scripts in cyrus servers. +.I Kolab/Kolab22 +is like cyrus, but lets the kolab daemon maintain the accounts. +.I SendmailCyrus is based on sendmail LDAP attributes. +.PP + +.B cyrusUseSlashes +.I bool +.PP +The +.I cyrusUseSlashes +statement determines if GOsa should use "foo/bar" or "foo.bar" namespaces +in IMAP. Unix style is with slashes. + +.B cyrusDeleteMailbox +.I bool +.PP +The +.I cyrusDeleteMailbox +statement determines if GOsa should remove the mailbox from your IMAP +server or keep it after the account is deleted in LDAP. + +.B cyrusAutocreateFolders +.I string +.PP +The +.I cyrusAutocreateFolders +statement contains a comma seperated list of personal IMAP folders that +should be created along initial account creation. + +.B postfixRestrictionFilters +.I path +.PP +The +.I postfixRestrictionFilters +statement defines a file to include for the postfix module in order +to display user defined restriction filters. + +.B postfixProtocols +.I path +.PP +The +.I postfixProtocols +statement defines a file to include for the postfix module in order +to display user defined protocols. + +.B mailAttribute +.I mail/uid +.PP +The +.I mailAttribute +statement determines which attribute GOsa will use to create accounts. +Valid values are +.I mail +and +.I uid. + +.B imapTimeout +.I Integer (default 10) +.PP +The +.I imapTimeout +statement sets the connection timeout for imap actions. + +.B mailFolderCreation +Every mail method has its own way to create mail accounts like +.I share/development +or +.I shared.development@example.com +which is used to identify the accounts, set quotas or add acls. + +To override the methods default account creation syntax, you can set the +.I mailFolderCreation +option. + +.I Examples + +.nf + mailFolderCreation="%prefix%%cn%" => "shared.development" + mailFolderCreation="my-prefix.%cn%%domain%" => "my-prefix.development@example.com"> +.fi + +.I Placeholders + +.nf + %prefix% The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE) + %cn% The groups/users cn. + %uid% The users uid. + %mail% The objects mail attribute. + %domain% The domain part of the objects mail attribute. + %mailpart% The user address part of the mail address. + %uattrib% Depends on mailAttribute="uid/mail". +.fi + + +.B mailUserCreation +This attribute allows to override the user account creation syntax, see +the +.I mailFolderCreation +description for more details. + +.I Examples + +.nf + mailUserCreation="%prefix%%uid%" => "user.foobar" + mailUserCreation=my-prefix.%uid%%domain%" => "my-prefix.foobar@example.com" +.fi + + +.B vacationTemplateDirectory +.I path +.PP +The +.I vacationTemplateDirectory +statement sets the path where GOsa will look for vacation message +templates. Default is /etc/gosa/vacation. + +Example template /etc/gosa/vacation/business.txt: + +.nf + DESC:Away from desk + Hi, I'm currently away from my desk. You can contact me on + my cell phone via %mobile. + + Greetings, + %givenName %sn +.fi +.PP + + +.B Debug options +.PP +.B displayErrors +.I bool +.PP +The +.I displayErrors +statement tells GOsa to show PHP errors in the upper part of the screen. This +should be disabled in productive deployments, because there might be some +important passwords arround. +.PP + +.B ldapstats +.I bool +.PP +The +.I ldapstats +statement tells GOsa to track LDAP timing statistics to the syslog. This may +help to find indexing problems or bad search filters. +.PP + +.B ignoreAcl +.I dn +.PP +The +.I ignoreAcl +value tells GOsa to ignore complete ACL sets for the given DN. Add your +DN here and you'll be able to restore accidently dropped ACLs. +.PP + +.B debugLevel +.I integer +.PP +The +.I debugLevel +value tells GOsa to display certain information on each page load. Value +is an AND combination of the following byte values: + +DEBUG_TRACE = 1 + +DEBUG_LDAP = 2 + +DEBUG_MYSQL = 4 + +DEBUG_SHELL = 8 + +DEBUG_POST = 16 + +DEBUG_SESSION = 32 + +DEBUG_CONFIG = 64 + +DEBUG_ACL = 128 + +DEBUG_SI = 256 + +DEBUG_MAIL = 512 +.PP + + +.SH LDAP resource definition + +For every location you define inside your gosa.conf, you need at least +one entry of the type +.I referral. +These entries define the way how to connect to some directory service. + +.B Example: + +.nf + +.fi + +.I uri +is a valid LDAP uri extendet by the base this referral is responsible for. +.I admin +is the DN which has the permission to write LDAP entries. And +.I password +is the corresponding password for this DN. + +You can define a set of referrals if you have several server to +connect to. + +.SH Settings for the environment plugin + +In order to make full use of the environment plugin, you may want +to define the location where kiosk profiles will be stored on the +servers harddisk. + +This is done by the +.I kioskPath +keyword defined within the +.I environment +class definition inside your gosa.conf. + +.B Example: + +.nf + +.fi + +Make sure, that this path is writeable by GOsa. + +.SH Settings for the FAI plugin + +The FAI plugin can be used in a way that it generates branched or +freezed releases inside your repository. Specifying the +.I postcreate +and +.I postmodify +keywords in the +.I servrepository +definition, calls the provided script as a hook when adding or +removing branches. This script should do the rest inside of your +repository. + +.B Example: + +.nf +