![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 GOsa2.1 QUICK INSTALL
2 =====================
4 * Installing GOsa
6 Unpack the GOsa tarball and move the main gosa directory to
7 a place your webserver is configured to find it. The default
8 location will be /usr/share/gosa. For later reference, I assume
9 that you've choosen this path, too.
11 Create the directory /var/spool/gosa for the smarty compile directory.
12 Make it read/write for the webserver (additional chmod 770). You may
13 want to move it elsewhere, configure it in gosa.conf.
15 Create the configuration directory /etc/gosa and make sure
16 that your webserver can read it.
18 As a summmary, you now have these directories for GOsa:
20 /etc/gosa
21 /var/spool/gosa
22 /usr/share/gosa
24 After this has been done, include settings for GOsa in your apache
25 config:
27 # Set alias to gosa
28 Alias /gosa /usr/share/gosa/html
30 Assumed you've installed PHP >= 4.1.0, restart your apache webserver
31 and do your first GOsa dry run without configuration:
33 http[s]://your-server/gosa/setup.php
35 GOsa setup will perform some basic system checks about general
36 prerequisites. The setup asks some questions and provides a
37 basic gosa.conf to save in /etc/gosa. Follow the instructions
38 until you're able to log in.
40 As a final step - which is not done automatically yet, you've to
41 create a group which members will be GOsa administrators. Here's
42 an example ldif which creates a user named "admin" with the password
43 "tester" and a group where this user is in:
45 dn: cn=admin,ou=people,dc=example,dc=net
46 objectClass: person
47 objectClass: organizationalPerson
48 objectClass: inetOrgPerson
49 objectClass: gosaAccount
50 uid: admin
51 cn: admin
52 givenName: admin
53 sn: GOsa main administrator
54 lmPassword: 10974C6EFC0AEE1917306D272A9441BB
55 ntPassword: 38F3951141D0F71A039CFA9D1EC06378
56 userPassword:: dGVzdGVy
58 dn: cn=administrators,ou=groups,dc=example,dc=net
59 objectClass: gosaObject
60 objectClass: posixGroup
61 gosaSubtreeACL: :all
62 cn: administrators
63 gidNumber: 999
64 memberUid: admin
66 After adding these entries, you should be able to use GOsa. Log in as
67 admin and try experiment with the GUI.
70 * Migrating an existing tree
72 To migrate an existing LDAP tree, you've to do all steps from above,
73 plus some modifications:
75 - GOsa only shows users that have the objectClass gosaAccount
76 This one has been introduced for several reasons. First, there are
77 cases you want to hide special accounts from regular admins (i.e.
78 a samba admin account which is used to log windows machines into
79 their domain, where chaning a password by accident has bad consequences).
80 Secondly the gosaAccount keeps the lm/nt password hashes and the
81 attributes for the last password change - with the consequence that
82 adding a samba account "later" will not require the user to reset
83 the password.
85 - GOsa only recognizes subtrees (or departments in GOsa's view of things)
86 that have the objectClass gosaDepartment. You can hide subtrees from GOsa
87 by not putting this objectClass inside.
89 - You need at least one group with objectClass gosaObject and attribute
90 gosaSubtreeACL set to :all in the base of your tree. All members of this
91 group are able to change everything in GOsa. Look at the cn=administrators
92 from above.
94 That should be all. Entries should be visible in GOsa now. Be aware that if
95 your naming policy of user cn's differs from the way GOsa handles it, the
96 entries get rewritten to a GOsa style dn.
99 * More informations
101 To improve this piece of software, please report all kind of errors.
102 Looking for a mailing list? Go to
104 https://oss.gonicus.de/cgi-bin/mailman/listinfo/gosa/
106 Thanks
108 ---
109 Cajus Pollmeier <pollmeier@gonicus.de>