Provided by: gosa_2.6.10-2_all bug

NAME

       gosa.conf - GOsa configuration file

DESCRIPTION

       The  gosa.conf  file  contains  configuration  information  for GOsa, a
       powerful GPL'ed framework for managing accounts  and  systems  in  LDAP
       databases.

       The  gosa.conf  file is a XML style configuration file. It is parsed by
       the GOsa web application during log in.  The  file  may  contain  extra
       tabs  and  newlines  for formatting purposes.  Tag keywords in the file
       are case-insensitive. Comments should be placed outside of XML tags and
       should be encapsulated inside of <!-- --> tags.

       The  gosa.conf  file  can  be  used  to  configure  the  look and feel,
       behaviour and access control of the GOsa webinterface.

Configuration layout

       The configuration has to be specified inside of  the  <conf>  tags.  It
       basically  consists of three main parts: menu definition, definition of
       subdialogs (tabbed dialogs) and  the  main  configuration  -  including
       information about several locations.

       Layout example:

         <?xml version="1.0"?>

         <conf configVersion="...." >
           <!-- Menu definition -->
           <menu>
           ...
           </menu>

           <!-- Tabbed dialog definitions -->
           ...

           <!-- Global setup -->
           <main>

              <!-- Location specific setups -->
              <location name="">
                ...
              </location>

           </main>

         </conf>

Menu definition

       This  tag defines the side and icon menu inside the interface. Defining
       an entry here is no guarantie to get it  shown,  though.  Only  entries
       with matching ACL's get shown.

       There are two types of entries inside of the menu: section and plugin

       Defining a section

       Open  a  <section> tag including a name attribute. This will show up in
       the menu as a new section later on.  Own entries are  not  handled  via
       I18N   by   default.   Close  the  </section>  tag  after  your  plugin
       definitions.

       Defining a plugin

       Open a <plugin> tag including a class attribute. The  class  should  be
       present  inside  your  GOsa  setup - the entry will be ignored if it is
       not.

       Plugins should have an acl entry, that allows GOsa to decide  wether  a
       user is allowed to see a plugin or not.  The acl string matches with an
       ACL definition done inside of GOsa.

       You can override an icon by specifying the icon attribute.

       For every plugin, you can  provide  at  least  four  additional  hooks:
       postcreate,  postremove,  postmodify  and  check.  These can be used to
       perform special actions when a plugins gets a create, delete, modify or
       check  request.  As  a  parameter, these keywords get a shell script or
       program to the task.

       The create / delete / modify keywords

       These keywords take a full executable path of a script. You can provide
       certain  parameters  in  form  of LDAP attributes. '%uid' will pass the
       current user id, '%dn' the current object dn, etc.

       The script gets executed after create, delete or modify tasks.

       The check keyword

       This keyword takes a  full  executable  path  of  a  script.  Check  is
       triggered  after  you  press  the  -I  "Apply"  or  -I "OK" button. The
       complete LDAP entry as it will be written to the LDAP is passed to your
       script.  If  parts of the entry do not match some logic of your script,
       just print an error message to STDOUT. GOsa will show this message  and
       abort the current process of saving the entry to the LDAP.

       Example menu definition:

         <menu>
           <section name="My account">
             <plugin acl="users/user:self" class="user" check="/usr/local/bin/test_user.sh" />
             <plugin acl="users/samba:self" class="sambaAccount" postcreate="/usr/local/bin/create_share '%uid'" />
           </section>
         </menu>

Tabbed dialog definitions

       Tab  definitions  define the sub plugins which get included for certain
       tabbed dialogs. If you change something  here,  never  (!)  remove  the
       primary  (the  first)  "tab"  tag which is defined. Most tabbed dialogs
       need a primary plugin.

       *tab should be looked for by a defined plugin. This one will take every
       tab  defined  class and will show it inside of a tabbed dialog with the
       header defined in name .

       Example tabbed dialog definition:

         <grouptabs>
           <tab class="group" name="Generic" />
           <tab class="environment" name="Environment" />
           <tab class="appgroup" name="Applications" />
           <tab class="mailgroup" name="Mail" />
         </grouptabs>

Main section

       The main section defines global settings, which might be overridden  by
       each location definition inside of this global definition.

       Example layout:

         <main default="Example Net"
               listSummary="false"
               ... >

               <location name="Example Net"
                         hash="md5"
                         accountPrimaryAttribute="cn"
                         ...

                         <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
                                   admin="cn=gosa-admin,dc=example,dc=net"
                                   password="secret" />

               </location>

         </main>

       Generic options

       forceGlobals bool

       The  forceGlobals  statement  enables  PHP  security  checks  to  force
       register_global settings to be switched off.

       forceSSL bool

       The forceSSL statement enables PHP security checks to  force  encrypted
       access  to the web interface. GOsa will try to redirect to the same URL
       - just with https://.

       warnSSL bool

       The warnSSL  statement  enables  PHP  security  checks  to  detect  non
       encrypted  access  to the web interface. GOsa will display a warning in
       this case.

       modificationDetectionAttribute string

       The modificationDetectionAttribute statement enables GOsa to check if a
       entry  currently  being  edited  has  been  modified  from someone else
       outside GOsa in the meantime. It will  display  an  informative  dialog
       then.  It  can  be  set  to  entryCSN  for  OpenLDAP  based  systems or
       contextCSN for Sun DS based systems.

       logging string

       The logging statement enables event logging on GOsa side. Setting it to
       true, GOsa will log every action a user performs via syslog. If you use
       rsyslog and configure it to mysql logging, you can  browse  all  events
       within GOsa.

       GOsa  will  not  log  anything, if the logging value is empty or set to
       false.

       loginAttribute string

       The loginAttribute statement tells GOsa which LDAP attribute is used as
       the login name during login. It can be set to uid, mail or both.

       copyPaste bool

       The copyPaste statement enables copy and paste for LDAP entries managed
       with GOsa.

       snapshots bool

       The snapshots statement enables  a  snapshot  mechaism  in  GOsa.  This
       enables  you  to  save certain states of entries and restore them later
       on.

       snapshotBase dn

       The snapshotBase statement defines the base where snapshots  should  be
       stored inside of the LDAP.

       snapshotURI uri

       The  snapshotURI  variable defines the LDAP URI for the server which is
       used to do object snapshots.

       snapshotAdminDn dn

       The  snapshotAdminDn  variable  defines  the  user  which  is  used  to
       authenticate when connecting to snapshotURI.

       snapshotAdminPassword string

       The  snapshotAdminPassword  variable  defines the credentials which are
       used in combination with snapshotAdminDn and snapshotURI  in  order  to
       authenticate.

       config dn

       The   config  statement  defines  the  LDAP  base,  where  GOsa  stores
       management  information,  such  as   site   wide   locking   and   user
       notifications.

       templateCompileDirectory path

       The templateCompileDirectory statements defines the path, where the PHP
       templating engins smarty should store its compiled GOsa  templates  for
       improved  speed.  This  path  needs  to  be  writeable by the user your
       webserver is running with.

       timezone string

       The timezone statements defines the timezone used  inside  of  GOsa  to
       handle date related tasks, such as password expiery, vacation messages,
       etc.  The timezone value should be a unix conform timezone  value  like
       in /etc/timezone.

       honourIvbbAttributes bool

       The  honourIvbbAttributes  statement  enables  the  IVBB mode inside of
       GOsa. You need the ivbb.schema file from used by german authorities.

       strictNamingRules bool

       The strictNamingRules statement enables strict  checking  of  uids  and
       group  names.  If  you  need  characters  like  .  or  - inside of your
       accounts, set this to false.

       honourUnitTags bool

       The honourUnitTags statement enables  checking  of  unitTag  attributes
       when  using  administrative units. If this is set to true GOsa can only
       see objects inside the administrative unit a user is logged into.

       rfc2307bis bool

       The rfc2307bis statement enables rfc2307bis style groups in  GOsa.  You
       can use member attributes instead of memberUid in this case. To make it
       work on unix systems, you've to adjust your NSS  configuration  to  use
       rfc2307bis style groups, too.

       ppdPath path

       The  ppdPath  variable  defines  where  to store PPD files for the GOto
       environment plugins.

       resolutions path

       The resolutions variable defines  a  plain  text  file  which  contains
       additional  resolutions  to  be  shown  in  the  environment and system
       plugins.

       htaccessAuthentication bool

       The htaccessAuthentication variable tells GOsa to use  either  htaccess
       authentication  or LDAP authentication. This can be used if you want to
       use i.e. kerberos to authenticate the users.

       gosaSupportURI URI

       The gosaSupportURI defines  the  major  gosa-si  server  host  and  the
       password  for  GOsa  to  connect to it.  can be used if you want to use
       i.e. kerberos to authenticate the users.

       The format is:

       credentials@host:port

       Browser and display options

       listSummary true/false

       The listSummary statement determines whether a status bar will be shown
       on  the  bottom  of GOsa generated lists, displaying a short summary of
       type and number of elements in the list.

       iconsize size value

       The iconsize statement sets the icon size in the main menu.  Its  value
       should be something like 48x48.

       sendCompressedOutput true/false

       The  sendCompressedOutput  statement determines whether PHP should send
       compressed HTML pages to browsers or not. This may increase or decrease
       the performance, depending on your network.

       storeFilterSettings true/false

       The  storeFilterSettings statement determines whether GOsa should store
       filter and plugin settings inside of a cookie.

       language string

       The language statement defines  the  default  language  used  by  GOsa.
       Normally  GOsa  autodetects  the language from the browser settings. If
       this is not working or you want to force the  language,  just  add  the
       language code (i.e. de for german) here.

       theme string

       The  theme  statement defines what theme is used to display GOsa pages.
       You can install  some  corporate  identity  like  theme  and/or  modify
       certain  templates  to fit your needs within themes. Take a look at the
       GOsa FAQ for more information.

       sessionLifetime int

       The sessionLifetime  value  defines  when  a  session  will  expire  in
       seconds.  For  Debian  systems, this will not work because the sessions
       will be removed by a cron job instead. Please modify the  value  inside
       of your php.ini instead.

       primaryGroupFilter bool

       The primaryGroupFilter variable enables or disables the group filter to
       show primary user groups. It is time consuming to evaluate which groups
       are  primary  and  which  are not. So you may want to set it to true if
       your group plugin is slow.

       iePngWorkaround bool

       The iePngWorkaround variable enables or disables a workaround for IE  <
       7 in order to display transparent PNG files correctly. This drastically
       slows down browsing. Please use Firefox or Opera instead.

       Password options

       passwordMinLength integer

       The passwordMinLength statement  determines  whether  a  newly  entered
       password has to be of a minimum length.

       passwordMinDiffer integer

       The  passwordMinDiffer  statement  determines  whether  a newly entered
       password has to be checked to have at least n different characters.

       passwordHook path

       The passwordHook can specify an  external  script  to  handle  password
       settings  at  some  other  location besides the LDAP. It will be called
       this way:

       /path/to/your/script "username" "oldpassword" "newpassword"

       handleExpiredAccounts bool

       The handleExpiredAccounts  statement  enables  shadow  attribute  tests
       during  the login to the GOsa web interface and forces password renewal
       or account lockout.

       useSaslForKerberos bool

       The useSaslForKerberos statement defines the way the kerberos realm  is
       stored  in  the  userPassword attribute. Set it to true in order to get
       {sasl}user@REALM.NET, or to false to get {kerberos}user@REALM.NET.  The
       latter is outdated, but may be needed from time to time.

       LDAP options

       ldapMaxQueryTime integer

       The ldapMaxQueryTime statement tells GOsa to stop LDAP actions if there
       is no answer within the specified number of seconds.

       schemaCheck bool

       The schemaCheck statement enables or disables  schema  checking  during
       login.  It is recommended to switch this on in order to let GOsa handle
       object creation more efficient.

       ldapTLS bool

       The ldapTLS  statement  enables  or  disables  TLS  operating  on  LDAP
       connections.

       accountPrimaryAttribute cn/uid

       The  accountPrimaryAttribute  option  tells  GOsa  how  to  create  new
       accounts. Possible values are uid and  cn.   In  the  first  case  GOsa
       creates uid style DN entries:
       uid=superuser,ou=staff,dc=example,dc=net
       In the second case, GOsa creates cn style DN entries:
       cn=Foo Bar,ou=staff,dc=example,dc=net
       If  you  choose  "cn" to be your accountPrimaryAttribute you can decide
       whether  to  include  the  personal  title  in  your  dn  by  selecting
       personalTitleInDN.

       accountRDN pattern

       The  accountRDN  option  tells  GOsa  to  use a placeholder pattern for
       generating account RDNs. A pattern can include attribute names prefaced
       by a % and normal text:
       accountRDN="cn=%sn %givenName"
       This  will generate a RDN consisting of cn=.... filled with surname and
       given name of the edited account.  This  option  disables  the  use  of
       accountPrimaryAttribute  and  personalTitleInDn  in  your  config.  The
       latter attributes are maintained for compatibility.

       personalTitleInDN bool

       The personalTitleInDN option tells GOsa to include the  personal  title
       in user DNs when accountPrimaryAttribute is set to "cn".

       userRDN string

       The  userRDN  statement defines the location where new accounts will be
       created inside of defined departments. The default is ou=people.

       groupsRDN string

       The groupsRDN statement defines the location where new groups  will  be
       created inside of defined departments. The default is ou=groups.

       sudoRDN string

       The  sudoRDN  statement  defines  the location where new groups will be
       created inside of defined departments. The default is ou=groups.

       sambaMachineAccountRDN string

       This statement defines the location where  GOsa  looks  for  new  samba
       workstations.

       ogroupRDN string

       This  statement  defines  the  location  where  GOsa creates new object
       groups inside of defined departments. Default is ou=groups.

       serverRDN string

       This statement defines the location  where  GOsa  creates  new  servers
       inside of defined departments. Default is ou=servers.

       terminalRDN string

       This  statement  defines  the location where GOsa creates new terminals
       inside of defined departments. Default is ou=terminals.

       workstationRDN string

       This statement defines the location where GOsa creates new workstations
       inside of defined departments. Default is ou=workstations.

       printerRDN string

       This  statement  defines  the  location where GOsa creates new printers
       inside of defined departments. Default is ou=printers.

       componentRDN string

       This statement defines the location  where  GOsa  creates  new  network
       components inside of defined departments. Default is ou=components.

       phoneRDN string

       This  statement  defines  the  location  where  GOsa creates new phones
       inside of defined departments. Default is ou=phones.

       phoneConferenceRDN string

       This statement defines  the  location  where  GOsa  creates  new  phone
       conferences inside of defined departments. Default is ou=conferences.

       faxBlocklistRDN string

       This  statement  defines  the  location  where  GOsa  creates  new  fax
       blocklists inside of defined departments. Default is ou=blocklists.

       systemIncomingRDN string

       This statement defines the location where GOsa looks for new systems to
       be joined to the LDAP.  Default is ou=incoming.

       systemRDN string

       This  statement  defines  the  base location for servers, workstations,
       terminals, phones and components. Default is ou=systems.

       ogroupRDN string

       This statement defines the location where GOsa looks for object groups.
       Default is ou=groups.

       aclRoleRDN string

       This  statement  defines  the  location  where  GOsa  stores  ACL  role
       definitions.  Default is ou=aclroles.

       phoneMacroRDN string

       This statement defines the location where GOsa stores phone macros  for
       use     with     the     Asterisk    phone    server.     Default    is
       ou=macros,ou=asterisk,ou=configs,ou=systems.

       faiBaseRDN string

       This statement defines the location where GOsa looks for FAI  settings.
       Default is ou=fai,ou=configs,ou=systems.

       faiScriptRDN,      faiHookRDN,      faiTemplateRDN,     faiVariableRDN,
       faiProfileRDN, faiPackageRDN, faiPartitionRDN string

       These statement define the location where GOsa stores FAI classes.  The
       complete  base for the corresponding class is an additive of faiBaseRDN
       an and this value.

       deviceRDN string

       This statement defines the  location  where  GOsa  looks  for  devices.
       Default is ou=devices.

       mimetypeRDN string

       This  statement  defines  the  location  where  GOsa  stores  mime type
       definitions.  Default is ou=mimetypes.

       applicationRDN string

       This statement defines  the  location  where  GOsa  stores  application
       definitions.  Default is ou=apps.

       ldapFilterNestingLimit integer

       The  ldapFilterNestingLimit  statement  can  be  used to speed up group
       handling for groups with several  hundreds  of  members.   The  default
       behaviour  is, that GOsa will resolv the memberUid values in a group to
       real names.  To achieve this, it writes a  single  filter  to  minimize
       searches.  Some  LDAP  servers  (namely  Sun  DS) simply crash when the
       filter gets too big. You can set a member limit, where GOsa  will  stop
       to do these lookups.

       ldapSizelimit integer

       The  ldapSizelimit  statement  tells  GOsa  to  retrieve  the specified
       maximum number of results. The user will get a warning,  that  not  all
       entries were shown.

       ldapFollowReferrals bool

       The  ldapFollowReferrals statement tells GOsa to follow LDAP referrals.

       Account creation options

       uidNumberBase integer

       The uidNumberBase statement defines where to start looking  for  a  new
       free  user  id.  This  should be synced with your adduser.conf to avoid
       overlapping uidNumber values between local and LDAP based lookups.  The
       uidNumberBase  can  even  be  dynamic.  Take  a  look at the baseIdHook
       definition below.

       gidNumberBase integer

       The gidNumberBase statement defines where to start looking  for  a  new
       free  group  id.  This should be synced with your adduser.conf to avoid
       overlapping gidNumber values between local and LDAP based lookups.  The
       gidNumberBase  can  even  be  dynamic.  Take  a  look at the nextIdHook
       definition below.

       idAllocationMethod traditional/pool

       The idAllocationMethod statement defines  how  GOsa  generates  numeric
       user  and  group  id  values.  If it is set to traditional GOsa will do
       create a lock and perform a search for the next free ID. The lock  will
       be   removed   after  the  procedure  completes.   pool  will  use  the
       sambaUnixIdPool objectclass settings inside  your  LDAP.  This  one  is
       unsafe,  because  it  does  not  check  for  concurrent LDAP access and
       already used IDs in this range.  On the other hand it is much faster.

       minId integer

       The minId statement defines the minimum assignable user or group id  to
       avoid  security  leaks  with  uid  0  accounts.  This  is  used for the
       traditional method

       uidNumberPoolMin/gidNumberPoolMin integer

       The uidNumberPoolMin/gidNumberPoolMin  statement  defines  the  minimum
       assignable user/group id for use with the pool method.

       uidNumberPoolMax/gidNumberPoolMax integer

       The  uidNumberPoolMin/gidNumberPoolMin  statement  defines  the highest
       assignable user/group id for use with the pool method.

       nextIdHook path

       The nextIdHook statement defines a script to be called for finding  the
       next  free  id  for  users or groups externaly. It gets called with the
       current entry "dn" and the attribute to be ID'd. It  should  return  an
       integer value.

       hash string

       The  hash statement defines the default password hash to choose for new
       accounts.   Valid    values    are    crypt/standard-des,    crypt/md5,
       crypt/enhanced-des,  crypt/blowfish,  md5,  sha,  ssha, smd5, clear and
       sasl.  These values will be overridden when using templates.

       idGenerator string

       The idGenerator statement describes an automatic way  to  generate  new
       user  ids.  There  are  two  basic  functions  supported - which can be
       combined:

        a) using attributes

           You can specify LDAP attributes (currently only sn  and  givenName)
       in
           braces {} and add a percent sign befor it. Optionally you can strip
       it
           down to a number of characters, specified in []. I.e.

             idGenerator="{%sn}-{%givenName[2-4]}"

           will generate an ID using the full surename,  adding  a  dash,  and
       adding at
           least  the  first  two characters of givenName. If this ID is used,
       it'll
           use up to four characters. If no automatic generation is  possible,
       a
           input box is shown.

        b) using automatic id's

           I.e. specifying

             idGenerator="acct{id:3}"

           will  generate  a three digits id with the next free entry appended
       to
           "acct".

             idGenerator="acct{id!1}"

           will generate a one digit id with the next free entry appended to
           "acct" - if needed.

             idGenerator="ext{id#3}"

           will generate a three digits random number appended to "ext".

       Samba options

       sambaSID string

       The sambaSID statement defines a samba SID if not available  inside  of
       the LDAP. You can retrieve the current sid by net getlocalsid.

       sambaRidBase integer

       The  sambaRidBase  statement defines the base id to add to ordinary sid
       calculations - if not available inside of the LDAP.

       sambaHashHook path

       The sambaHashHook statement contains an executable  to  generate  samba
       hash  values.  This  is  required for password synchronization, but not
       required if you apply gosa-si services.  If you don't  have  mkntpasswd
       from the samba distribution installed, you can use perl to generate the
       hash:

       perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;"

       sambaidmapping
       bool

       The
       sambaidmapping
       statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your
       setup this can drastically improve the windows login performance.

       Asterisk options

       ctiHook
       path

       The
       ctiHook
       statement defines a script to be executed if someone clicks on a phone number
       inside of the addressbook plugin. It gets called with two parameters:

       ctiHook $source_number $destination_number

       This script can be used to do automatted dialing from the  addressbook.

       Mail options

       mailMethod Cyrus/SendmailCyrus/Kolab/Kolab22

       The  mailMethod statement tells GOsa which mail method the setup should
       use to communicate with a possible mail server. Leave this undefined if
       your mail method does not match the predefined ones.

       Cyrus   maintains   accounts   and  sieve  scripts  in  cyrus  servers.
       Kolab/Kolab22 is like cyrus, but lets the  kolab  daemon  maintain  the
       accounts.  SendmailCyrus is based on sendmail LDAP attributes.

       cyrusUseSlashes bool

       The  cyrusUseSlashes  statement determines if GOsa should use "foo/bar"
       or "foo.bar" namespaces in IMAP. Unix style is with slashes.

       cyrusDeleteMailbox bool

       The cyrusDeleteMailbox statement determines if GOsa should  remove  the
       mailbox  from  your IMAP server or keep it after the account is deleted
       in LDAP.

       cyrusAutocreateFolders string

       The cyrusAutocreateFolders statement contains a comma separated list of
       personal  IMAP  folders  that  should  be created along initial account
       creation.

       postfixRestrictionFilters path

       The postfixRestrictionFilters statement defines a file to  include  for
       the  postfix  module  in  order  to  display  user  defined restriction
       filters.

       postfixProtocols path

       The postfixProtocols statement  defines  a  file  to  include  for  the
       postfix module in order to display user defined protocols.

       mailAttribute mail/uid

       The mailAttribute statement determines which attribute GOsa will use to
       create accounts.  Valid values are mail and uid.

       imapTimeout Integer (default 10)

       The imapTimeout statement sets the connection timeout for imap actions.

       mailFolderCreation  Every  mail  method  has its own way to create mail
       accounts like share/development or shared.development@example.com which
       is used to identify the accounts, set quotas or add acls.

       To  override  the  methods default account creation syntax, you can set
       the mailFolderCreation option.

       Examples

        mailFolderCreation="%prefix%%cn%"              => "shared.development"
        mailFolderCreation="my-prefix.%cn%%domain%"    => "my-prefix.development@example.com">

       Placeholders

        %prefix%    The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
        %cn%        The groups/users cn.
        %uid%       The users uid.
        %mail%      The objects mail attribute.
        %domain%    The domain part of the objects mail attribute.
        %mailpart%  The user address part of the mail address.
        %uattrib%   Depends on mailAttribute="uid/mail".

       mailUserCreation This attribute allows to  override  the  user  account
       creation  syntax,  see  the  mailFolderCreation  description  for  more
       details.

       Examples

        mailUserCreation="%prefix%%uid%"           => "user.foobar"
        mailUserCreation=my-prefix.%uid%%domain%"  => "my-prefix.foobar@example.com"

       vacationTemplateDirectory path

       The vacationTemplateDirectory statement sets the path where  GOsa  will
       look for vacation message templates. Default is /etc/gosa/vacation.

       Example template /etc/gosa/vacation/business.txt:

          DESC:Away from desk
          Hi, I'm currently away from my desk. You can contact me on
          my cell phone via %mobile.

          Greetings,
          %givenName %sn

       Debug options

       displayerrors bool

       The  displayerrors statement tells GOsa to show PHP errors in the upper
       part of the screen. This should be disabled in productive  deployments,
       because there might be some important passwords arround.

       ldapstats bool

       The  ldapstats  statement tells GOsa to track LDAP timing statistics to
       the syslog. This may help to  find  indexing  problems  or  bad  search
       filters.

       ignoreAcl dn

       The  ignoreAcl  value  tells  GOsa  to ignore complete ACL sets for the
       given DN. Add your DN here and you'll be  able  to  restore  accidently
       dropped ACLs.

       debuglevel integer

       The  debuglevel value tells GOsa to display certain information on each
       page load. Value is an AND combination of the following byte values:

       DEBUG_TRACE   = 1

       DEBUG_LDAP    = 2

       DEBUG_MYSQL   = 4

       DEBUG_SHELL   = 8

       DEBUG_POST    = 16

       DEBUG_SESSION = 32

       DEBUG_CONFIG  = 64

       DEBUG_ACL     = 128

       DEBUG_SI      = 256

       DEBUG_MAIL    = 512

LDAP resource definition

       For every location you define inside your gosa.conf, you need at  least
       one  entry  of  the type referral.  These entries define the way how to
       connect to some directory service.

       Example:

         <referral uri="ldap://ldap.example.net/dc=example,dc=net"
                   admin="cn=gosa-admin,dc=example,dc=net"
                   password="secret" />

       uri is a  valid  LDAP  uri  extendet  by  the  base  this  referral  is
       responsible  for.   admin  is  the DN which has the permission to write
       LDAP entries. And password is the corresponding password for this DN.

       You can define a set of referrals if you have several server to connect
       to.

Settings for the environment plugin

       In  order  to  make full use of the environment plugin, you may want to
       define the location where kiosk profiles will be stored on the  servers
       harddisk.

       This  is  done  by the kioskPath keyword defined within the environment
       class definition inside your gosa.conf.

       Example:

         <plugin acl="users/environment"
                 class="environment"
                 kioskPath="/var/spool/kiosk"/>

       Make sure, that this path is writeable by GOsa.

Settings for the FAI plugin

       The FAI plugin can be used in a  way  that  it  generates  branched  or
       freezed  releases inside your repository. Specifying the postcreate and
       postmodify  keywords  in  the  servrepository  definition,  calls   the
       provided script as a hook when adding or removing branches. This script
       should do the rest inside of your repository.

       Example:

         <tab class="servrepository"
                 repositoryBranchHook="/opt/dak/bin/get_extra_repos"
                 postcreate="/opt/dak/bin/handle_repository '%lock_dn' '%lock_name' '%lock_type' />

       %lock_dn keeps the base DN of the source branch, %lock_name the name of
       the new branch and %lock_type is either "freeze" or "branch".

       The  repositoryBranchHook  outputs  additional  releases,  that are not
       retrieveable with the standard GOsa/FAI methods.

       If you have only one release, or want to define a default release to be
       shown             by             GOsa,            define            the
       defaultFaiRelease="ou=sarge,ou=fai,ou=configs,ou=syst..."   within  the
       faiManagement class definition

Settings for the addressbook plugin

       The  addressbook plugin can be configured to store the addressbook data
       on a special location. Use the  addressbookBaseDN  keyword  within  the
       addressbook  class  definition  inside your gosa.conf to configure this
       location.

       Default: ou=addressbook.

Settings for system plugins

       For the workstationStartup and terminalStartup classes, you can  define
       the  systemKernelsHook keyword. It can load additional kernels that are
       not retrieveable by standard GOsa/FAI mechanisms.

       In order to make use of SNMP information, you can set the snmpCommunity
       in the terminfo class definition.

       To enable the burn CD image function, you can specify the systemIsoHook
       in the workgeneric class. You will get a CD symbol in the systems  list
       - which calls the hook if pressed.

AUTHOR

       gosa.conf(5)  was  written  by  Cajus  Pollmeier for the GOsa project (
       http://www.gosa-project.org ).