GOsa2.1 QUICK INSTALL
=====================

* Installing GOsa

Unpack the GOsa tarball and move the main gosa directory to
a place your webserver is configured to find it. The default
location will be /usr/share/gosa. For later reference, I assume
that you've choosen this path, too.

Create the directory /var/spool/gosa for the smarty compile directory.
Make it read/write for the webserver (additional chmod 770). You may
want to move it elsewhere, configure it in gosa.conf.

Create the configuration directory /etc/gosa and make sure
that your webserver can read it.

As a summmary, you now have these directories for GOsa:

/etc/gosa
/var/spool/gosa
/usr/share/gosa

After this has been done, include settings for GOsa in your apache
config:

# Set alias to gosa
Alias /gosa /usr/share/gosa/html

Assumed you've installed PHP >= 4.1.0, restart your apache webserver
and do your first GOsa dry run without configuration:

http[s]://your-server/gosa/setup.php

GOsa setup will perform some basic system checks about general
prerequisites. The setup asks some questions and provides a
basic gosa.conf to save in /etc/gosa. Follow the instructions
until you're able to log in.

As a final step - which is not done automatically yet, you've to
create a group which members will be GOsa administrators. Here's
an example ldif which creates a user named "admin" with the password
"tester" and a group where this user is in:

dn: cn=admin,ou=people,dc=example,dc=net
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: gosaAccount
uid: admin
cn: admin
givenName: admin
sn: GOsa main administrator
lmPassword: 10974C6EFC0AEE1917306D272A9441BB
ntPassword: 38F3951141D0F71A039CFA9D1EC06378
userPassword:: dGVzdGVy

dn: cn=administrators,ou=groups,dc=example,dc=net
objectClass: gosaObject
objectClass: posixGroup
gosaSubtreeACL: :all
cn: administrators
gidNumber: 999
memberUid: admin

After adding these entries, you should be able to use GOsa. Log in as
admin and try experiment with the GUI.


* Migrating an existing tree

To migrate an existing LDAP tree, you've to do all steps from above,
plus some modifications:

- GOsa only shows users that have the objectClass gosaAccount
  This one has been introduced for several reasons. First, there are
  cases you want to hide special accounts from regular admins (i.e.
  a samba admin account which is used to log windows machines into
  their domain, where chaning a password by accident has bad consequences).
  Secondly the gosaAccount keeps the lm/nt password hashes and the
  attributes for the last password change - with the consequence that
  adding a samba account "later" will not require the user to reset
  the password.

- GOsa only recognizes subtrees (or departments in GOsa's view of things)
  that have the objectClass gosaDepartment. You can hide subtrees from GOsa
  by not putting this objectClass inside.

- You need at least one group with objectClass gosaObject and attribute
  gosaSubtreeACL set to :all in the base of your tree. All members of this
  group are able to change everything in GOsa. Look at the cn=administrators
  from above.

That should be all. Entries should be visible in GOsa now. Be aware that if
your naming policy of user cn's differs from the way GOsa handles it, the
entries get rewritten to a GOsa style dn.


* More informations

To improve this piece of software, please report all kind of errors.
Looking for a mailing list? Go to

https://oss.gonicus.de/cgi-bin/mailman/listinfo/gosa/

Thanks

---
Cajus Pollmeier <pollmeier@gonicus.de>
