Provided by: gosa_2.7.1-1_all bug

NAME

       gosa.conf - GOsa configuration file

DESCRIPTION

       The  gosa.conf  file  contains  configuration  information  for GOsa, a
       powerful GPL'ed framework for managing accounts  and  systems  in  LDAP
       databases.

       The  gosa.conf  file is a XML style configuration file. It is parsed by
       the GOsa web application during log in.  The  file  may  contain  extra
       tabs  and  newlines  for formatting purposes.  Tag keywords in the file
       are case-insensitive. Comments should be placed outside of XML tags and
       should be encapsulated inside of <!-- --> tags.

       The  gosa.conf  file  can  be  used  to  configure  the  look and feel,
       behaviour and access control of the GOsa webinterface.

Configuration layout

       The configuration has to be specified inside of  the  <conf>  tags.  It
       basically  consists of three main parts: menu definition, definition of
       subdialogs (tabbed dialogs) and  the  main  configuration  -  including
       information about several locations.

       Layout example:

         <?xml version="1.0"?>

         <conf configVersion="...." >
           <!-- Menu definition -->
           <menu>
           ...
           </menu>

           <!-- Tabbed dialog definitions -->
           ...

           <!-- Global setup -->
           <main>

              <!-- Location specific setups -->
              <location name="">
                ...
              </location>

           </main>

         </conf>

Menu definition

       This  tag defines the side and icon menu inside the interface. Defining
       an entry here is no guarantie to get it  shown,  though.  Only  entries
       with matching ACL's get shown.

       There are two types of entries inside of the menu: section and plugin

       Defining a section

       Open  a  <section> tag including a name attribute. This will show up in
       the menu as a new section later on.  Own entries are  not  handled  via
       I18N   by   default.   Close  the  </section>  tag  after  your  plugin
       definitions.

       Defining a plugin

       Open a <plugin> tag including a class attribute. The  class  should  be
       present  inside  your  GOsa  setup - the entry will be ignored if it is
       not.

       Plugins should have an acl entry, that allows GOsa to decide  wether  a
       user is allowed to see a plugin or not.  The acl string matches with an
       ACL definition done inside of GOsa.

       You can override an icon by specifying the icon attribute.

       For every plugin, you can provide  at  least  seven  additional  hooks:
       precreate,  preremove, premodify postcreate, postremove, postmodify and
       check.  These can be used to perform special  actions  when  a  plugins
       gets  a  create, delete, modify or check request. As a parameter, these
       keywords get a shell script or program to the task.

       The create / delete / modify keywords

       These keywords take a full executable path of a script. You can provide
       certain  parameters  in  form  of LDAP attributes. '%uid' will pass the
       current user id, '%dn' the current object dn, etc.

       The script gets executed before(pre) and after(post) create, delete  or
       modify tasks.

       The check keyword

       This  keyword  takes  a  full  executable  path  of  a script. Check is
       triggered after you press  the  -I  "Apply"  or  -I  "OK"  button.  The
       complete LDAP entry as it will be written to the LDAP is passed to your
       script. If parts of the entry do not match some logic of  your  script,
       just  print an error message to STDOUT. GOsa will show this message and
       abort the current process of saving the entry to the LDAP.

       Example menu definition:

         <menu>
           <section name="My account">
             <plugin acl="users/user:self" class="user" check="/usr/local/bin/test_user.sh" />
             <plugin acl="users/samba:self" class="sambaAccount" postcreate="/usr/local/bin/create_share '%uid'" />
           </section>
         </menu>

Tabbed dialog definitions

       Tab definitions define the sub plugins which get included  for  certain
       tabbed  dialogs.  If  you  change  something here, never (!) remove the
       primary (the first) "tab" tag which is  defined.  Most  tabbed  dialogs
       need a primary plugin.

       *tab should be looked for by a defined plugin. This one will take every
       tab defined class and will show it inside of a tabbed dialog  with  the
       header defined in name .

       Example tabbed dialog definition:

         <grouptabs>
           <tab class="group" name="Generic" />
           <tab class="environment" name="Environment" />
           <tab class="appgroup" name="Applications" />
           <tab class="mailgroup" name="Mail" />
         </grouptabs>

Main section

       The  main section defines global settings, which might be overridden by
       each location definition inside of this global definition.

       Example layout:

         <main default="Example Net"
               listSummary="false"
               ... >

               <location name="Example Net"
                         hash="md5"
                         accountPrimaryAttribute="cn"
                         ...

                         <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
                                   admin="cn=gosa-admin,dc=example,dc=net"
                                   password="secret" />

               </location>

         </main>

       Generic options

       forceGlobals bool

       The  forceGlobals  statement  enables  PHP  security  checks  to  force
       register_global settings to be switched off.

       forceSSL bool

       The  forceSSL  statement enables PHP security checks to force encrypted
       access to the web interface. GOsa will try to redirect to the same  URL
       - just with https://.

       warnSSL bool

       The  warnSSL  statement  enables  PHP  security  checks  to  detect non
       encrypted access to the web interface. GOsa will display a  warning  in
       this case.

       modificationDetectionAttribute string

       The modificationDetectionAttribute statement enables GOsa to check if a
       entry currently being  edited  has  been  modified  from  someone  else
       outside  GOsa  in  the  meantime. It will display an informative dialog
       then. It  can  be  set  to  entryCSN  for  OpenLDAP  based  systems  or
       contextCSN for Sun DS based systems.

       logging string

       The logging statement enables event logging on GOsa side. Setting it to
       true, GOsa will log every action a user performs via syslog. If you use
       rsyslog  and  configure  it to mysql logging, you can browse all events
       within GOsa.

       GOsa will not log anything, if the logging value is  empty  or  set  to
       false.

       loginAttribute string

       The loginAttribute statement tells GOsa which LDAP attribute is used as
       the login name during login. It can be set to uid, mail or both.

       copyPaste bool

       The copyPaste statement enables copy and paste for LDAP entries managed
       with GOsa.

       enableSnapshots bool

       The enableSnapshots statement enables a snapshot mechaism in GOsa. This
       enables you to save certain states of entries and  restore  them  later
       on.

       snapshotBase dn

       The  snapshotBase  statement defines the base where snapshots should be
       stored inside of the LDAP.

       snapshotURI uri

       The snapshotURI variable defines the LDAP URI for the server  which  is
       used to do object snapshots.

       snapshotAdminDn dn

       The  snapshotAdminDn  variable  defines  the  user  which  is  used  to
       authenticate when connecting to snapshotURI.

       snapshotAdminPassword string

       The snapshotAdminPassword variable defines the  credentials  which  are
       used  in  combination  with snapshotAdminDn and snapshotURI in order to
       authenticate.

       config dn

       The  config  statement  defines  the  LDAP  base,  where  GOsa   stores
       management   information,   such   as   site   wide  locking  and  user
       notifications.

       templateCompileDirectory path

       The templateCompileDirectory statements defines the path, where the PHP
       templating  engins  smarty should store its compiled GOsa templates for
       improved speed. This path needs  to  be  writeable  by  the  user  your
       webserver is running with.

       timezone string

       The  timezone  statements  defines  the timezone used inside of GOsa to
       handle date related tasks, such as password expiery, vacation messages,
       etc.   The  timezone value should be a unix conform timezone value like
       in /etc/timezone.

       honourIvbbAttributes bool

       The honourIvbbAttributes statement enables  the  IVBB  mode  inside  of
       GOsa. You need the ivbb.schema file from used by german authorities.

       strictNamingRules bool

       The  strictNamingRules  statement  enables  strict checking of uids and
       group names. If you  need  characters  like  .  or  -  inside  of  your
       accounts, set this to false.

       honourUnitTags bool

       The  honourUnitTags  statement  enables  checking of unitTag attributes
       when using administrative units. If this is set to true GOsa  can  only
       see objects inside the administrative unit a user is logged into.

       rfc2307bis bool

       The  rfc2307bis  statement enables rfc2307bis style groups in GOsa. You
       can use member attributes instead of memberUid in this case. To make it
       work  on  unix  systems, you've to adjust your NSS configuration to use
       rfc2307bis style groups, too.

       ppdPath path

       The ppdPath variable defines where to store  PPD  files  for  the  GOto
       environment plugins.

       ppdGzip bool

       The ppdGzip variable enables PPD file compression.

       resolutions path

       The  resolutions  variable  defines  a  plain  text file which contains
       additional resolutions to  be  shown  in  the  environment  and  system
       plugins.

       htaccessAuthentication bool

       The  htaccessAuthentication  variable tells GOsa to use either htaccess
       authentication or LDAP authentication. This can be used if you want  to
       use i.e. kerberos to authenticate the users.

       gosaSupportURI URI

       The  gosaSupportURI  defines  the  major  gosa-si  server  host and the
       password for GOsa to connect to it.  can be used if  you  want  to  use
       i.e. kerberos to authenticate the users.

       The format is:

       credentials@host:port

       gosaSupportTimeout integer

       The  gosaSupportTimeout  sets  a  connection  timeout  for  all gosa-si
       actions. See gosaSupportURI for details.

       Browser and display options

       listSummary true/false

       The listSummary statement determines whether a status bar will be shown
       on  the  bottom  of GOsa generated lists, displaying a short summary of
       type and number of elements in the list.

       sendCompressedOutput true/false

       The sendCompressedOutput statement determines whether PHP  should  send
       compressed HTML pages to browsers or not. This may increase or decrease
       the performance, depending on your network.

       storeFilterSettings true/false

       The storeFilterSettings statement determines whether GOsa should  store
       filter and plugin settings inside of a cookie.

       language string

       The  language  statement  defines  the  default  language used by GOsa.
       Normally GOsa autodetects the language from the  browser  settings.  If
       this  is  not  working  or you want to force the language, just add the
       language code (i.e. de for german) here.

       theme string

       The theme statement defines what theme is used to display  GOsa  pages.
       You  can  install  some  corporate  identity  like  theme and/or modify
       certain templates to fit your needs within themes. Take a look  at  the
       GOsa FAQ for more information.

       sessionLifetime int

       The  sessionLifetime  value  defines  when  a  session  will  expire in
       seconds. For Debian systems, this will not work  because  the  sessions
       will  be  removed by a cron job instead. Please modify the value inside
       of your php.ini instead.

       Password options

       passwordMinLength integer

       The passwordMinLength statement  determines  whether  a  newly  entered
       password has to be of a minimum length.

       passwordMinDiffer integer

       The  passwordMinDiffer  statement  determines  whether  a newly entered
       password has to be checked to have at least n different characters.

       passwordProposalHook command

       The passwordProposalHook can be used  to  let  GOsa  generate  password
       proposals for you.  Whenever you change a password, you can then decide
       whether to use the proposal or to manually specify a password.

       /usr/bin/apg -n1

       strictPasswordRules bool

       The strictPasswordRules tells GOsa to check for UTF-8 characters in the
       supplied   password.   These   Characters   can  lead  to  non  working
       authentications if UTF-8 and none UTF-8 systems locales get mixed.  The
       default is "true".

       handleExpiredAccounts bool

       The  handleExpiredAccounts  statement  enables  shadow  attribute tests
       during the login to the GOsa web interface and forces password  renewal
       or account lockout.

       useSaslForKerberos bool

       The  useSaslForKerberos statement defines the way the kerberos realm is
       stored in the userPassword attribute. Set it to true in  order  to  get
       {sasl}user@REALM.NET,  or to false to get {kerberos}user@REALM.NET. The
       latter is outdated, but may be needed from time to time.

       LDAP options

       ldapMaxQueryTime integer

       The ldapMaxQueryTime statement tells GOsa to stop LDAP actions if there
       is no answer within the specified number of seconds.

       schemaCheck bool

       The  schemaCheck  statement  enables or disables schema checking during
       login. It is recommended to switch this on in order to let GOsa  handle
       object creation more efficient.

       ldapTLS bool

       The  ldapTLS  statement  enables  or  disables  TLS  operating  on LDAP
       connections.

       accountPrimaryAttribute cn/uid

       The  accountPrimaryAttribute  option  tells  GOsa  how  to  create  new
       accounts.  Possible  values  are  uid  and  cn.  In the first case GOsa
       creates uid style DN entries:
       uid=superuser,ou=staff,dc=example,dc=net
       In the second case, GOsa creates cn style DN entries:
       cn=Foo Bar,ou=staff,dc=example,dc=net
       If you choose "cn" to be your accountPrimaryAttribute  you  can  decide
       whether  to  include  the  personal  title  in  your  dn  by  selecting
       personalTitleInDN.

       accountRDN pattern

       The accountRDN option tells GOsa  to  use  a  placeholder  pattern  for
       generating account RDNs. A pattern can include attribute names prefaced
       by a % and normal text:
       accountRDN="cn=%sn %givenName"
       This will generate a RDN consisting of cn=.... filled with surname  and
       given  name  of  the  edited  account.  This option disables the use of
       accountPrimaryAttribute  and  personalTitleInDn  in  your  config.  The
       latter attributes are maintained for compatibility.

       personalTitleInDN bool

       The  personalTitleInDN  option tells GOsa to include the personal title
       in user DNs when accountPrimaryAttribute is set to "cn".

       userRDN string

       The userRDN statement defines the location where new accounts  will  be
       created inside of defined departments. The default is ou=people.

       groupsRDN string

       The  groupsRDN  statement defines the location where new groups will be
       created inside of defined departments. The default is ou=groups.

       sudoRDN string

       The sudoRDN statement defines the location where  new  groups  will  be
       created inside of defined departments. The default is ou=groups.

       sambaMachineAccountRDN string

       This  statement  defines  the  location  where GOsa looks for new samba
       workstations.

       ogroupRDN string

       This statement defines the  location  where  GOsa  creates  new  object
       groups inside of defined departments. Default is ou=groups.

       serverRDN string

       This  statement  defines  the  location  where GOsa creates new servers
       inside of defined departments. Default is ou=servers.

       terminalRDN string

       This statement defines the location where GOsa  creates  new  terminals
       inside of defined departments. Default is ou=terminals.

       workstationRDN string

       This statement defines the location where GOsa creates new workstations
       inside of defined departments. Default is ou=workstations.

       printerRDN string

       This statement defines the location where  GOsa  creates  new  printers
       inside of defined departments. Default is ou=printers.

       componentRDN string

       This  statement  defines  the  location  where GOsa creates new network
       components inside of defined departments. Default is ou=components.

       phoneRDN string

       This statement defines the  location  where  GOsa  creates  new  phones
       inside of defined departments. Default is ou=phones.

       phoneConferenceRDN string

       This  statement  defines  the  location  where  GOsa  creates new phone
       conferences inside of defined departments. Default is ou=conferences.

       faxBlocklistRDN string

       This  statement  defines  the  location  where  GOsa  creates  new  fax
       blocklists inside of defined departments. Default is ou=blocklists.

       systemIncomingRDN string

       This statement defines the location where GOsa looks for new systems to
       be joined to the LDAP.  Default is ou=incoming.

       systemRDN string

       This statement defines the base  location  for  servers,  workstations,
       terminals, phones and components. Default is ou=systems.

       ogroupRDN string

       This statement defines the location where GOsa looks for object groups.
       Default is ou=groups.

       aclRoleRDN string

       This  statement  defines  the  location  where  GOsa  stores  ACL  role
       definitions.  Default is ou=aclroles.

       phoneMacroRDN string

       This  statement defines the location where GOsa stores phone macros for
       use    with    the    Asterisk    phone     server.      Default     is
       ou=macros,ou=asterisk,ou=configs,ou=systems.

       faiBaseRDN string

       This  statement defines the location where GOsa looks for FAI settings.
       Default is ou=fai,ou=configs,ou=systems.

       faiScriptRDN,     faiHookRDN,      faiTemplateRDN,      faiVariableRDN,
       faiProfileRDN, faiPackageRDN, faiPartitionRDN string

       These  statement define the location where GOsa stores FAI classes. The
       complete base for the corresponding class is an additive of  faiBaseRDN
       an and this value.

       deviceRDN string

       This  statement  defines  the  location  where  GOsa looks for devices.
       Default is ou=devices.

       mimetypeRDN string

       This statement  defines  the  location  where  GOsa  stores  mime  type
       definitions.  Default is ou=mimetypes.

       applicationRDN string

       This  statement  defines  the  location  where  GOsa stores application
       definitions.  Default is ou=apps.

       ldapFilterNestingLimit integer

       The ldapFilterNestingLimit statement can be  used  to  speed  up  group
       handling  for  groups  with  several  hundreds of members.  The default
       behaviour is, that GOsa will resolv the memberUid values in a group  to
       real  names.   To  achieve  this, it writes a single filter to minimize
       searches. Some LDAP servers (namely  Sun  DS)  simply  crash  when  the
       filter  gets  too big. You can set a member limit, where GOsa will stop
       to do these lookups.

       ldapSizelimit integer

       The ldapSizelimit  statement  tells  GOsa  to  retrieve  the  specified
       maximum  number  of  results. The user will get a warning, that not all
       entries were shown.

       ldapFollowReferrals bool

       The ldapFollowReferrals statement tells GOsa to follow LDAP referrals.

       Account creation options

       uidNumberBase integer

       The uidNumberBase statement defines where to start looking  for  a  new
       free  user  id.  This  should be synced with your adduser.conf to avoid
       overlapping uidNumber values between local and LDAP based lookups.  The
       uidNumberBase  can  even  be  dynamic.  Take  a  look at the baseIdHook
       definition below.

       gidNumberBase integer

       The gidNumberBase statement defines where to start looking  for  a  new
       free  group  id.  This should be synced with your adduser.conf to avoid
       overlapping gidNumber values between local and LDAP based lookups.  The
       gidNumberBase  can  even  be  dynamic.  Take  a  look at the nextIdHook
       definition below.

       idAllocationMethod traditional/pool

       The idAllocationMethod statement defines  how  GOsa  generates  numeric
       user  and  group  id  values.  If it is set to traditional GOsa will do
       create a lock and perform a search for the next free ID. The lock  will
       be   removed   after  the  procedure  completes.   pool  will  use  the
       sambaUnixIdPool objectclass settings inside  your  LDAP.  This  one  is
       unsafe,  because  it  does  not  check  for  concurrent LDAP access and
       already used IDs in this range.  On the other hand it is much faster.

       minId integer

       The minId statement defines the minimum assignable user or group id  to
       avoid  security  leaks  with  uid  0  accounts.  This  is  used for the
       traditional method

       uidNumberPoolMin/gidNumberPoolMin integer

       The uidNumberPoolMin/gidNumberPoolMin  statement  defines  the  minimum
       assignable user/group id for use with the pool method.

       uidNumberPoolMax/gidNumberPoolMax integer

       The  uidNumberPoolMax/gidNumberPoolMax  statement  defines  the highest
       assignable user/group id for use with the pool method.

       nextIdHook path

       The nextIdHook statement defines a script to be called for finding  the
       next  free  id  for  users or groups externaly. It gets called with the
       current entry "dn" and the attribute to be ID'd. It  should  return  an
       integer value.

       passwordDefaultHash string

       The  passwordDefaultHash statement defines the default password hash to
       choose  for  new  accounts.  Valid   values   are   crypt/standard-des,
       crypt/md5,  crypt/enhanced-des,  crypt/blowfish,  md5, sha, ssha, smd5,
       clear and sasl.  These values will be overridden when using templates.

       idGenerator string

       The idGenerator statement describes an automatic way  to  generate  new
       user  ids.  There  are  two  basic  functions  supported - which can be
       combined:

        a) using attributes

           You can specify LDAP attributes (currently only sn  and  givenName)
       in
           braces {} and add a percent sign befor it. Optionally you can strip
       it
           down to a number of characters, specified in []. I.e.

             idGenerator="{%sn}-{%givenName[2-4]}"

           will generate an ID using the full  surname,  adding  a  dash,  and
       adding at
           least  the  first  two characters of givenName. If this ID is used,
       it'll
           use up to four characters. If no automatic generation is  possible,
       a
           input box is shown.

        b) using automatic id's

           I.e. specifying

             idGenerator="acct{id:3}"

           will  generate  a three digits id with the next free entry appended
       to
           "acct".

             idGenerator="acct{id!1}"

           will generate a one digit id with the next free entry appended to
           "acct" - if needed.

             idGenerator="ext{id#3}"

           will generate a three digits random number appended to "ext".

       Samba options

       sambaSID string

       The sambaSID statement defines a samba SID if not available  inside  of
       the LDAP. You can retrieve the current sid by net getlocalsid.

       sambaRidBase integer

       The  sambaRidBase  statement defines the base id to add to ordinary sid
       calculations - if not available inside of the LDAP.

       sambaHashHook path

       The sambaHashHook statement contains an executable  to  generate  samba
       hash  values.  This  is  required for password synchronization, but not
       required if you apply gosa-si services.  If you don't  have  mkntpasswd
       from the samba distribution installed, you can use perl to generate the
       hash:

       perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;"

       sambaIdmapping
       bool

       The
       sambaIdMapping
       statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your
       setup this can drastically improve the windows login performance.

       Asterisk options

       ctiHook
       path

       The
       ctiHook
       statement defines a script to be executed if someone clicks on a phone number
       inside of the addressbook plugin. It gets called with two parameters:

       ctiHook $source_number $destination_number

       This script can be used to do automatted dialing from the addressbook.

       Mail options

       mailMethod Cyrus/SendmailCyrus/Kolab/Kolab22

       The mailMethod statement tells GOsa which mail method the setup  should
       use to communicate with a possible mail server. Leave this undefined if
       your mail method does not match the predefined ones.

       Cyrus  maintains  accounts  and  sieve  scripts   in   cyrus   servers.
       Kolab/Kolab22  is  like  cyrus,  but lets the kolab daemon maintain the
       accounts.  SendmailCyrus is based on sendmail LDAP attributes.

       cyrusUseSlashes bool

       The cyrusUseSlashes statement determines if GOsa should  use  "foo/bar"
       or "foo.bar" namespaces in IMAP. Unix style is with slashes.

       cyrusDeleteMailbox bool

       The  cyrusDeleteMailbox  statement determines if GOsa should remove the
       mailbox from your IMAP server or keep it after the account  is  deleted
       in LDAP.

       cyrusAutocreateFolders string

       The cyrusAutocreateFolders statement contains a comma seperated list of
       personal IMAP folders that should  be  created  along  initial  account
       creation.

       postfixRestrictionFilters path

       The  postfixRestrictionFilters  statement defines a file to include for
       the postfix  module  in  order  to  display  user  defined  restriction
       filters.

       postfixProtocols path

       The  postfixProtocols  statement  defines  a  file  to  include for the
       postfix module in order to display user defined protocols.

       mailAttribute mail/uid

       The mailAttribute statement determines which attribute GOsa will use to
       create accounts.  Valid values are mail and uid.

       imapTimeout Integer (default 10)

       The imapTimeout statement sets the connection timeout for imap actions.

       mailFolderCreation  Every  mail  method  has its own way to create mail
       accounts like share/development or shared.development@example.com which
       is used to identify the accounts, set quotas or add acls.

       To  override  the  methods default account creation syntax, you can set
       the mailFolderCreation option.

       Examples

        mailFolderCreation="%prefix%%cn%"              => "shared.development"
        mailFolderCreation="my-prefix.%cn%%domain%"    => "my-prefix.development@example.com">

       Placeholders

        %prefix%    The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
        %cn%        The groups/users cn.
        %uid%       The users uid.
        %mail%      The objects mail attribute.
        %domain%    The domain part of the objects mail attribute.
        %mailpart%  The user address part of the mail address.
        %uattrib%   Depends on mailAttribute="uid/mail".

       mailUserCreation This attribute allows to  override  the  user  account
       creation  syntax,  see  the  mailFolderCreation  description  for  more
       details.

       Examples

        mailUserCreation="%prefix%%uid%"           => "user.foobar"
        mailUserCreation=my-prefix.%uid%%domain%"  => "my-prefix.foobar@example.com"

       vacationTemplateDirectory path

       The vacationTemplateDirectory statement sets the path where  GOsa  will
       look for vacation message templates. Default is /etc/gosa/vacation.

       Example template /etc/gosa/vacation/business.txt:

          DESC:Away from desk
          Hi, I'm currently away from my desk. You can contact me on
          my cell phone via %mobile.

          Greetings,
          %givenName %sn

       Debug options

       displayErrors bool

       The  displayErrors statement tells GOsa to show PHP errors in the upper
       part of the screen. This should be disabled in productive  deployments,
       because there might be some important passwords arround.

       ldapstats bool

       The  ldapstats  statement tells GOsa to track LDAP timing statistics to
       the syslog. This may help to  find  indexing  problems  or  bad  search
       filters.

       ignoreAcl dn

       The  ignoreAcl  value  tells  GOsa  to ignore complete ACL sets for the
       given DN. Add your DN here and you'll be  able  to  restore  accidently
       dropped ACLs.

       debugLevel integer

       The  debugLevel value tells GOsa to display certain information on each
       page load. Value is an AND combination of the following byte values:

       DEBUG_TRACE   = 1

       DEBUG_LDAP    = 2

       DEBUG_MYSQL   = 4

       DEBUG_SHELL   = 8

       DEBUG_POST    = 16

       DEBUG_SESSION = 32

       DEBUG_CONFIG  = 64

       DEBUG_ACL     = 128

       DEBUG_SI      = 256

       DEBUG_MAIL    = 512

LDAP resource definition

       For every location you define inside your gosa.conf, you need at  least
       one  entry  of  the type referral.  These entries define the way how to
       connect to some directory service.

       Example:

         <referral uri="ldap://ldap.example.net/dc=example,dc=net"
                   admin="cn=gosa-admin,dc=example,dc=net"
                   password="secret" />

       uri is a  valid  LDAP  uri  extendet  by  the  base  this  referral  is
       responsible  for.   admin  is  the DN which has the permission to write
       LDAP entries. And password is the corresponding password for this DN.

       You can define a set of referrals if you have several server to connect
       to.

Settings for the environment plugin

       In  order  to  make full use of the environment plugin, you may want to
       define the location where kiosk profiles will be stored on the  servers
       harddisk.

       This  is  done  by the kioskPath keyword defined within the environment
       class definition inside your gosa.conf.

       Example:

         <plugin acl="users/environment"
                 class="environment"
                 kioskPath="/var/spool/kiosk"/>

       Make sure, that this path is writeable by GOsa.

Settings for the FAI plugin

       The FAI plugin can be used in a  way  that  it  generates  branched  or
       freezed  releases inside your repository. Specifying the postcreate and
       postmodify  keywords  in  the  servrepository  definition,  calls   the
       provided script as a hook when adding or removing branches. This script
       should do the rest inside of your repository.

       Example:

         <tab class="servrepository"
                 repositoryBranchHook="/opt/dak/bin/get_extra_repos"
                 postcreate="/opt/dak/bin/handle_repository '%lock_dn' '%lock_name' '%lock_type' />

       %lock_dn keeps the base DN of the source branch, %lock_name the name of
       the new branch and %lock_type is either "freeze" or "branch".

       The  repositoryBranchHook  outputs  additional  releases,  that are not
       retrieveable with the standard GOsa/FAI methods.

       If you have only one release, or want to define a default release to be
       shown             by             GOsa,            define            the
       defaultFaiRelease="ou=sarge,ou=fai,ou=configs,ou=syst..."   within  the
       faiManagement class definition

Settings for the addressbook plugin

       The  addressbook plugin can be configured to store the addressbook data
       on a special location. Use the  addressbookBaseDN  keyword  within  the
       addressbook  class  definition  inside your gosa.conf to configure this
       location.

       Default: ou=addressbook.

Settings for system plugins

       For the workstationStartup and terminalStartup classes, you can  define
       the  systemKernelsHook keyword. It can load additional kernels that are
       not retrieveable by standard GOsa/FAI mechanisms.

       In order to make use of SNMP information, you can set the snmpCommunity
       in the terminfo class definition.

       To enable the burn CD image function, you can specify the systemIsoHook
       in the workgeneric class. You will get a CD symbol in the systems  list
       - which calls the hook if pressed.

AUTHOR

       gosa.conf(5)  was  written  by  Cajus  Pollmeier for the GOsa project (
       http://www.gosa-project.org ).