GOsa2.5 QUICK INSTALL ===================== * Installing GOsa Unpack the GOsa tarball and move the main gosa directory to a place your webserver is configured to find it. The default location will be /usr/share/gosa. For later reference, I assume that you've choosen this path, too. Create the directory /var/spool/gosa for the smarty compile directory. Make it read/write for the webserver (additional chmod 770). You may want to move it elsewhere, configure it in gosa.conf. Create the configuration directory /etc/gosa and make sure that your webserver can read it. As a summmary, you now have these directories for GOsa: /etc/gosa /var/spool/gosa /usr/share/gosa After this has been done, include settings for GOsa in your apache config: # Set alias to gosa Alias /gosa /usr/share/gosa/html Assumed you've installed PHP >= 4.3.10, restart your apache webserver and do your first GOsa dry run without configuration: http[s]://your-server/gosa/setup.php GOsa setup will perform some basic system checks about general prerequisites. The setup asks some questions and provides a basic gosa.conf to save in /etc/gosa. Follow the instructions until you're able to log in. * Migrating an existing tree To migrate an existing LDAP tree, you've to do all steps from above, plus some modifications: - GOsa only shows users that have the objectClass gosaAccount This one has been introduced for several reasons. First, there are cases you want to hide special accounts from regular admins (i.e. a samba admin account which is used to log windows machines into their domain, where chaning a password by accident has bad consequences). Secondly the gosaAccount keeps the lm/nt password hashes and the attributes for the last password change - with the consequence that adding a samba account "later" will not require the user to reset the password. - GOsa only recognizes subtrees (or departments in GOsa's view of things) that have the objectClass gosaDepartment. You can hide subtrees from GOsa by not putting this objectClass inside. - You need at least one group with objectClass gosaObject and attribute gosaSubtreeACL set to :all in the base of your tree. All members of this group are able to change everything in GOsa. Look at the cn=administrators from above. That should be all. Entries should be visible in GOsa now. Be aware that if your naming policy of user cn's differs from the way GOsa handles it, the entries get rewritten to a GOsa style dn. * More informations To improve this piece of software, please report all kind of errors. The bugtracker is situated at https://oss.gonicus.de/labs/gosa/ Look first at View ticket to see if your bug is not already reported, If not create a new bug report with New Ticket Looking for a mailing list? Go to https://oss.gonicus.de/mailman/listinfo/gosa/ Want to help localize it in your language subscribe to https://oss.gonicus.de/mailman/listinfo/gosai-18n/ Thanks --- Cajus Pollmeier