Provided by: gosa_2.7.2-1_all bug

NAME

       gosa.conf - GOsa configuration file

DESCRIPTION

       The  gosa.conf  file  contains  configuration  information  for GOsa, a
       powerful GPL'ed framework for managing accounts  and  systems  in  LDAP
       databases.

       The  gosa.conf  file is a XML style configuration file. It is parsed by
       the GOsa web application during log in.  The  file  may  contain  extra
       tabs  and  newlines  for formatting purposes.  Tag keywords in the file
       are case-insensitive. Comments should be placed outside of XML tags and
       should be encapsulated inside of <!-- --> tags.

       The  gosa.conf  file  can  be  used  to  configure  the  look and feel,
       behaviour and access control of the GOsa webinterface.

Configuration layout

       The configuration has to be specified inside of  the  <conf>  tags.  It
       basically  consists of three main parts: menu definition, definition of
       subdialogs (tabbed dialogs) and  the  main  configuration  -  including
       information about several locations.

       Layout example:

         <?xml version="1.0"?>

         <conf configVersion="...." >
           <!-- Menu definition -->
           <menu>
           ...
           </menu>

           <!-- Tabbed dialog definitions -->
           ...

           <!-- Global setup -->
           <main>

              <!-- Location specific setups -->
              <location name="">
                ...
              </location>

           </main>

         </conf>

Menu definition

       This  tag defines the side and icon menu inside the interface. Defining
       an entry here is no guarantie to get it  shown,  though.  Only  entries
       with matching ACL's get shown.

       There are two types of entries inside of the menu: section and plugin

       Defining a section

       Open  a  <section> tag including a name attribute. This will show up in
       the menu as a new section later on.  Own entries are  not  handled  via
       I18N   by   default.   Close  the  </section>  tag  after  your  plugin
       definitions.

       Defining a plugin

       Open a <plugin> tag including a class attribute. The  class  should  be
       present  inside  your  GOsa  setup - the entry will be ignored if it is
       not.

       Plugins should have an acl entry, that allows GOsa to decide  wether  a
       user is allowed to see a plugin or not.  The acl string matches with an
       ACL definition done inside of GOsa.

       You can override an icon by specifying the icon attribute.

       For every plugin, you can provide  at  least  seven  additional  hooks:
       precreate,  preremove, premodify postcreate, postremove, postmodify and
       check.  These can be used to perform special  actions  when  a  plugins
       gets  a  create, delete, modify or check request. As a parameter, these
       keywords get a shell script or program to the task.

       The create / delete / modify keywords

       These keywords take a full executable path of a script. You can provide
       certain  parameters  in  form  of LDAP attributes. '%uid' will pass the
       current user id, '%dn' the current object dn, etc.

       The script gets executed before(pre) and after(post) create, delete  or
       modify tasks.

       The check keyword

       This  keyword  takes  a  full  executable  path  of  a script. Check is
       triggered after you press  the  -I  "Apply"  or  -I  "OK"  button.  The
       complete LDAP entry as it will be written to the LDAP is passed to your
       script. If parts of the entry do not match some logic of  your  script,
       just  print an error message to STDOUT. GOsa will show this message and
       abort the current process of saving the entry to the LDAP.

       Example menu definition:

         <menu>
           <section name="My account">
             <plugin acl="users/user:self" class="user" check="/usr/local/bin/test_user.sh" />
             <plugin acl="users/samba:self" class="sambaAccount" postcreate="/usr/local/bin/create_share '%uid'" />
           </section>
         </menu>

Tabbed dialog definitions

       Tab definitions define the sub plugins which get included  for  certain
       tabbed  dialogs.  If  you  change  something here, never (!) remove the
       primary (the first) "tab" tag which is  defined.  Most  tabbed  dialogs
       need a primary plugin.

       *tab should be looked for by a defined plugin. This one will take every
       tab defined class and will show it inside of a tabbed dialog  with  the
       header defined in name .

       Example tabbed dialog definition:

         <grouptabs>
           <tab class="group" name="Generic" />
           <tab class="environment" name="Environment" />
           <tab class="appgroup" name="Applications" />
           <tab class="mailgroup" name="Mail" />
         </grouptabs>

Main section

       The  main section defines global settings, which might be overridden by
       each location definition inside of this global definition.

       Example layout:

         <main default="Example Net"
               listSummary="false"
               ... >

               <location name="Example Net"
                         hash="md5"
                         accountPrimaryAttribute="cn"
                         ...

                         <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
                                   admin="cn=gosa-admin,dc=example,dc=net"
                                   password="secret" />

               </location>

         </main>

       Generic options

       forceGlobals bool

       The  forceGlobals  statement  enables  PHP  security  checks  to  force
       register_global settings to be switched off.

       forceSSL bool

       The  forceSSL  statement enables PHP security checks to force encrypted
       access to the web interface. GOsa will try to redirect to the same  URL
       - just with https://.

       warnSSL bool

       The  warnSSL  statement  enables  PHP  security  checks  to  detect non
       encrypted access to the web interface. GOsa will display a  warning  in
       this case.

       modificationDetectionAttribute string

       The modificationDetectionAttribute statement enables GOsa to check if a
       entry currently being  edited  has  been  modified  from  someone  else
       outside  GOsa  in  the  meantime. It will display an informative dialog
       then. It  can  be  set  to  entryCSN  for  OpenLDAP  based  systems  or
       contextCSN for Sun DS based systems.

       logging string

       The logging statement enables event logging on GOsa side. Setting it to
       true, GOsa will log every action a user performs via syslog. If you use
       rsyslog  and  configure  it to mysql logging, you can browse all events
       within GOsa.

       GOsa will not log anything, if the logging value is  empty  or  set  to
       false.

       loginAttribute string

       The loginAttribute statement tells GOsa which LDAP attribute is used as
       the login name during login. It can be set to uid, mail or both.

       copyPaste bool

       The copyPaste statement enables copy and paste for LDAP entries managed
       with GOsa.

       enableSnapshots bool

       The enableSnapshots statement enables a snapshot mechaism in GOsa. This
       enables you to save certain states of entries and  restore  them  later
       on.

       snapshotBase dn

       The  snapshotBase  statement defines the base where snapshots should be
       stored inside of the LDAP.

       snapshotURI uri

       The snapshotURI variable defines the LDAP URI for the server  which  is
       used to do object snapshots.

       snapshotAdminDn dn

       The  snapshotAdminDn  variable  defines  the  user  which  is  used  to
       authenticate when connecting to snapshotURI.

       snapshotAdminPassword string

       The snapshotAdminPassword variable defines the  credentials  which  are
       used  in  combination  with snapshotAdminDn and snapshotURI in order to
       authenticate.

       config dn

       The  config  statement  defines  the  LDAP  base,  where  GOsa   stores
       management   information,   such   as   site   wide  locking  and  user
       notifications.

       templateCompileDirectory path

       The templateCompileDirectory statements defines the path, where the PHP
       templating  engins  smarty should store its compiled GOsa templates for
       improved speed. This path needs  to  be  writeable  by  the  user  your
       webserver is running with.

       timezone string

       The  timezone  statements  defines  the timezone used inside of GOsa to
       handle date related tasks, such as password expiery, vacation messages,
       etc.   The  timezone value should be a unix conform timezone value like
       in /etc/timezone.

       honourIvbbAttributes bool

       The honourIvbbAttributes statement enables  the  IVBB  mode  inside  of
       GOsa. You need the ivbb.schema file from used by german authorities.

       strictNamingRules bool

       The  strictNamingRules  statement  enables  strict checking of uids and
       group names. If you  need  characters  like  .  or  -  inside  of  your
       accounts, set this to false.

       allowUidProposalModification bool

       The  allowUidProposalModification  statement  enables  the  abilitiy to
       modify uid proposals when creating a new user from a template.

       honourUnitTags bool

       The honourUnitTags statement enables  checking  of  unitTag  attributes
       when  using  administrative units. If this is set to true GOsa can only
       see objects inside the administrative unit a user is logged into.

       rfc2307bis bool

       The rfc2307bis statement enables rfc2307bis style groups in  GOsa.  You
       can use member attributes instead of memberUid in this case. To make it
       work on unix systems, you've to adjust your NSS  configuration  to  use
       rfc2307bis style groups, too.

       ppdPath path

       The  ppdPath  variable  defines  where  to store PPD files for the GOto
       environment plugins.

       ppdGzip bool

       The ppdGzip variable enables PPD file compression.

       resolutions path

       The resolutions variable defines  a  plain  text  file  which  contains
       additional  resolutions  to  be  shown  in  the  environment and system
       plugins.

       htaccessAuthentication bool

       The htaccessAuthentication variable tells GOsa to use  either  htaccess
       authentication  or LDAP authentication. This can be used if you want to
       use i.e. kerberos to authenticate the users.

       gosaSupportURI URI

       The gosaSupportURI defines  the  major  gosa-si  server  host  and  the
       password  for  GOsa  to  connect to it.  can be used if you want to use
       i.e. kerberos to authenticate the users.

       The format is:

       credentials@host:port

       gosaSupportTimeout integer

       The gosaSupportTimeout  sets  a  connection  timeout  for  all  gosa-si
       actions. See gosaSupportURI for details.

       Browser and display options

       listSummary true/false

       The listSummary statement determines whether a status bar will be shown
       on the bottom of GOsa generated lists, displaying a  short  summary  of
       type and number of elements in the list.

       sendCompressedOutput true/false

       The  sendCompressedOutput  statement determines whether PHP should send
       compressed HTML pages to browsers or not. This may increase or decrease
       the performance, depending on your network.

       storeFilterSettings true/false

       The  storeFilterSettings statement determines whether GOsa should store
       filter and plugin settings inside of a cookie.

       language string

       The language statement defines  the  default  language  used  by  GOsa.
       Normally  GOsa  autodetects  the language from the browser settings. If
       this is not working or you want to force the  language,  just  add  the
       language code (i.e. de for german) here.

       theme string

       The  theme  statement defines what theme is used to display GOsa pages.
       You can install  some  corporate  identity  like  theme  and/or  modify
       certain  templates  to fit your needs within themes. Take a look at the
       GOsa FAQ for more information.

       sessionLifetime int

       The sessionLifetime  value  defines  when  a  session  will  expire  in
       seconds.  For  Debian  systems, this will not work because the sessions
       will be removed by a cron job instead. Please modify the  value  inside
       of your php.ini instead.

       Password options

       passwordMinLength integer

       The  passwordMinLength  statement  determines  whether  a newly entered
       password has to be of a minimum length.

       passwordMinDiffer integer

       The passwordMinDiffer statement  determines  whether  a  newly  entered
       password has to be checked to have at least n different characters.

       passwordProposalHook command

       The  passwordProposalHook  can  be  used  to let GOsa generate password
       proposals for you.  Whenever you change a password, you can then decide
       whether to use the proposal or to manually specify a password.

       /usr/bin/apg -n1

       strictPasswordRules bool

       The strictPasswordRules tells GOsa to check for UTF-8 characters in the
       supplied  password.  These  Characters  can   lead   to   non   working
       authentications  if UTF-8 and none UTF-8 systems locales get mixed. The
       default is "true".

       handleExpiredAccounts bool

       The handleExpiredAccounts  statement  enables  shadow  attribute  tests
       during  the login to the GOsa web interface and forces password renewal
       or account lockout.

       useSaslForKerberos bool

       The useSaslForKerberos statement defines the way the kerberos realm  is
       stored  in  the  userPassword attribute. Set it to true in order to get
       {sasl}user@REALM.NET, or to false to get {kerberos}user@REALM.NET.  The
       latter is outdated, but may be needed from time to time.

       LDAP options

       ldapMaxQueryTime integer

       The ldapMaxQueryTime statement tells GOsa to stop LDAP actions if there
       is no answer within the specified number of seconds.

       schemaCheck bool

       The schemaCheck statement enables or disables  schema  checking  during
       login.  It is recommended to switch this on in order to let GOsa handle
       object creation more efficient.

       ldapTLS bool

       The ldapTLS  statement  enables  or  disables  TLS  operating  on  LDAP
       connections.

       accountPrimaryAttribute cn/uid

       The  accountPrimaryAttribute  option  tells  GOsa  how  to  create  new
       accounts. Possible values are uid and  cn.   In  the  first  case  GOsa
       creates uid style DN entries:
       uid=superuser,ou=staff,dc=example,dc=net
       In the second case, GOsa creates cn style DN entries:
       cn=Foo Bar,ou=staff,dc=example,dc=net
       If  you  choose  "cn" to be your accountPrimaryAttribute you can decide
       whether  to  include  the  personal  title  in  your  dn  by  selecting
       personalTitleInDN.

       accountRDN pattern

       The  accountRDN  option  tells  GOsa  to  use a placeholder pattern for
       generating account RDNs. A pattern can include attribute names prefaced
       by a % and normal text:
       accountRDN="cn=%sn %givenName"
       This  will generate a RDN consisting of cn=.... filled with surname and
       given name of the edited account.  This  option  disables  the  use  of
       accountPrimaryAttribute  and  personalTitleInDn  in  your  config.  The
       latter attributes are maintained for compatibility.

       personalTitleInDN bool

       The personalTitleInDN option tells GOsa to include the  personal  title
       in user DNs when accountPrimaryAttribute is set to "cn".

       userRDN string

       The  userRDN  statement defines the location where new accounts will be
       created inside of defined departments. The default is ou=people.

       groupsRDN string

       The groupsRDN statement defines the location where new groups  will  be
       created inside of defined departments. The default is ou=groups.

       sudoRDN string

       The  sudoRDN  statement  defines  the location where new groups will be
       created inside of defined departments. The default is ou=groups.

       sambaMachineAccountRDN string

       This statement defines the location where  GOsa  looks  for  new  samba
       workstations.

       ogroupRDN string

       This  statement  defines  the  location  where  GOsa creates new object
       groups inside of defined departments. Default is ou=groups.

       serverRDN string

       This statement defines the location  where  GOsa  creates  new  servers
       inside of defined departments. Default is ou=servers.

       terminalRDN string

       This  statement  defines  the location where GOsa creates new terminals
       inside of defined departments. Default is ou=terminals.

       workstationRDN string

       This statement defines the location where GOsa creates new workstations
       inside of defined departments. Default is ou=workstations.

       printerRDN string

       This  statement  defines  the  location where GOsa creates new printers
       inside of defined departments. Default is ou=printers.

       componentRDN string

       This statement defines the location  where  GOsa  creates  new  network
       components inside of defined departments. Default is ou=components.

       phoneRDN string

       This  statement  defines  the  location  where  GOsa creates new phones
       inside of defined departments. Default is ou=phones.

       phoneConferenceRDN string

       This statement defines  the  location  where  GOsa  creates  new  phone
       conferences inside of defined departments. Default is ou=conferences.

       faxBlocklistRDN string

       This  statement  defines  the  location  where  GOsa  creates  new  fax
       blocklists inside of defined departments. Default is ou=blocklists.

       systemIncomingRDN string

       This statement defines the location where GOsa looks for new systems to
       be joined to the LDAP.  Default is ou=incoming.

       systemRDN string

       This  statement  defines  the  base location for servers, workstations,
       terminals, phones and components. Default is ou=systems.

       ogroupRDN string

       This statement defines the location where GOsa looks for object groups.
       Default is ou=groups.

       aclRoleRDN string

       This  statement  defines  the  location  where  GOsa  stores  ACL  role
       definitions.  Default is ou=aclroles.

       phoneMacroRDN string

       This statement defines the location where GOsa stores phone macros  for
       use     with     the     Asterisk    phone    server.     Default    is
       ou=macros,ou=asterisk,ou=configs,ou=systems.

       faiBaseRDN string

       This statement defines the location where GOsa looks for FAI  settings.
       Default is ou=fai,ou=configs,ou=systems.

       faiScriptRDN,      faiHookRDN,      faiTemplateRDN,     faiVariableRDN,
       faiProfileRDN, faiPackageRDN, faiPartitionRDN string

       These statement define the location where GOsa stores FAI classes.  The
       complete  base for the corresponding class is an additive of faiBaseRDN
       an and this value.

       deviceRDN string

       This statement defines the  location  where  GOsa  looks  for  devices.
       Default is ou=devices.

       mimetypeRDN string

       This  statement  defines  the  location  where  GOsa  stores  mime type
       definitions.  Default is ou=mimetypes.

       applicationRDN string

       This statement defines  the  location  where  GOsa  stores  application
       definitions.  Default is ou=apps.

       ldapFilterNestingLimit integer

       The  ldapFilterNestingLimit  statement  can  be  used to speed up group
       handling for groups with several  hundreds  of  members.   The  default
       behaviour  is, that GOsa will resolv the memberUid values in a group to
       real names.  To achieve this, it writes a  single  filter  to  minimize
       searches.  Some  LDAP  servers  (namely  Sun  DS) simply crash when the
       filter gets too big. You can set a member limit, where GOsa  will  stop
       to do these lookups.

       ldapSizelimit integer

       The  ldapSizelimit  statement  tells  GOsa  to  retrieve  the specified
       maximum number of results. The user will get a warning,  that  not  all
       entries were shown.

       ldapFollowReferrals bool

       The ldapFollowReferrals statement tells GOsa to follow LDAP referrals.

       Account creation options

       uidNumberBase integer

       The  uidNumberBase  statement  defines where to start looking for a new
       free user id. This should be synced with  your  adduser.conf  to  avoid
       overlapping  uidNumber values between local and LDAP based lookups. The
       uidNumberBase can even be  dynamic.  Take  a  look  at  the  baseIdHook
       definition below.

       gidNumberBase integer

       The  gidNumberBase  statement  defines where to start looking for a new
       free group id. This should be synced with your  adduser.conf  to  avoid
       overlapping  gidNumber values between local and LDAP based lookups. The
       gidNumberBase can even be  dynamic.  Take  a  look  at  the  nextIdHook
       definition below.

       idAllocationMethod traditional/pool

       The  idAllocationMethod  statement  defines  how GOsa generates numeric
       user and group id values. If it is set  to  traditional  GOsa  will  do
       create  a lock and perform a search for the next free ID. The lock will
       be  removed  after  the  procedure  completes.   pool  will   use   the
       sambaUnixIdPool  objectclass  settings  inside  your  LDAP. This one is
       unsafe, because it does  not  check  for  concurrent  LDAP  access  and
       already used IDs in this range.  On the other hand it is much faster.

       minId integer

       The  minId statement defines the minimum assignable user or group id to
       avoid security leaks  with  uid  0  accounts.  This  is  used  for  the
       traditional method

       uidNumberPoolMin/gidNumberPoolMin integer

       The  uidNumberPoolMin/gidNumberPoolMin  statement  defines  the minimum
       assignable user/group id for use with the pool method.

       uidNumberPoolMax/gidNumberPoolMax integer

       The uidNumberPoolMax/gidNumberPoolMax  statement  defines  the  highest
       assignable user/group id for use with the pool method.

       nextIdHook path

       The  nextIdHook statement defines a script to be called for finding the
       next free id for users or groups externaly. It  gets  called  with  the
       current  entry  "dn"  and the attribute to be ID'd. It should return an
       integer value.

       passwordDefaultHash string

       The passwordDefaultHash statement defines the default password hash  to
       choose   for   new   accounts.  Valid  values  are  crypt/standard-des,
       crypt/md5, crypt/enhanced-des, crypt/blowfish, md5,  sha,  ssha,  smd5,
       clear and sasl.  These values will be overridden when using templates.

       idGenerator string

       The  idGenerator  statement  describes an automatic way to generate new
       user ids. There are two  basic  functions  supported  -  which  can  be
       combined:

        a) using attributes

           You  can  specify LDAP attributes (currently only sn and givenName)
       in
           braces {} and add a percent sign befor it. Optionally you can strip
       it
           down to a number of characters, specified in []. I.e.

             idGenerator="{%sn}-{%givenName[2-4]}"

           will  generate  an  ID  using  the full surname, adding a dash, and
       adding at
           least the first two characters of givenName. If this  ID  is  used,
       it'll
           use  up to four characters. If no automatic generation is possible,
       a
           input box is shown.

        b) using automatic id's

           I.e. specifying

             idGenerator="acct{id:3}"

           will generate a three digits id with the next free  entry  appended
       to
           "acct".

             idGenerator="acct{id!1}"

           will generate a one digit id with the next free entry appended to
           "acct" - if needed.

             idGenerator="ext{id#3}"

           will generate a three digits random number appended to "ext".

       Samba options

       sambaSID string

       The  sambaSID  statement defines a samba SID if not available inside of
       the LDAP. You can retrieve the current sid by net getlocalsid.

       sambaRidBase integer

       The sambaRidBase statement defines the base id to add to  ordinary  sid
       calculations - if not available inside of the LDAP.

       sambaHashHook path

       The  sambaHashHook  statement  contains an executable to generate samba
       hash values. This is required for  password  synchronization,  but  not
       required  if  you apply gosa-si services.  If you don't have mkntpasswd
       from the samba distribution installed, you can use perl to generate the
       hash:

       perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;"

       sambaIdmapping
       bool

       The
       sambaIdMapping
       statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your
       setup this can drastically improve the windows login performance.

       Asterisk options

       ctiHook
       path

       The
       ctiHook
       statement defines a script to be executed if someone clicks on a phone number
       inside of the addressbook plugin. It gets called with two parameters:

       ctiHook $source_number $destination_number

       This script can be used to do automatted dialing from the addressbook.

       Mail options

       mailMethod Cyrus/SendmailCyrus/Kolab/Kolab22

       The  mailMethod statement tells GOsa which mail method the setup should
       use to communicate with a possible mail server. Leave this undefined if
       your mail method does not match the predefined ones.

       Cyrus   maintains   accounts   and  sieve  scripts  in  cyrus  servers.
       Kolab/Kolab22 is like cyrus, but lets the  kolab  daemon  maintain  the
       accounts.  SendmailCyrus is based on sendmail LDAP attributes.

       cyrusUseSlashes bool

       The  cyrusUseSlashes  statement determines if GOsa should use "foo/bar"
       or "foo.bar" namespaces in IMAP. Unix style is with slashes.

       cyrusDeleteMailbox bool

       The cyrusDeleteMailbox statement determines if GOsa should  remove  the
       mailbox  from  your IMAP server or keep it after the account is deleted
       in LDAP.

       cyrusAutocreateFolders string

       The cyrusAutocreateFolders statement contains a comma seperated list of
       personal  IMAP  folders  that  should  be created along initial account
       creation.

       postfixRestrictionFilters path

       The postfixRestrictionFilters statement defines a file to  include  for
       the  postfix  module  in  order  to  display  user  defined restriction
       filters.

       postfixProtocols path

       The postfixProtocols statement  defines  a  file  to  include  for  the
       postfix module in order to display user defined protocols.

       mailAttribute mail/uid

       The mailAttribute statement determines which attribute GOsa will use to
       create accounts.  Valid values are mail and uid.

       imapTimeout Integer (default 10)

       The imapTimeout statement sets the connection timeout for imap actions.

       mailFolderCreation Every mail method has its own  way  to  create  mail
       accounts like share/development or shared.development@example.com which
       is used to identify the accounts, set quotas or add acls.

       To override the methods default account creation syntax,  you  can  set
       the mailFolderCreation option.

       Examples

        mailFolderCreation="%prefix%%cn%"              => "shared.development"
        mailFolderCreation="my-prefix.%cn%%domain%"    => "my-prefix.development@example.com">

       Placeholders

        %prefix%    The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
        %cn%        The groups/users cn.
        %uid%       The users uid.
        %mail%      The objects mail attribute.
        %domain%    The domain part of the objects mail attribute.
        %mailpart%  The user address part of the mail address.
        %uattrib%   Depends on mailAttribute="uid/mail".

       mailUserCreation  This  attribute  allows  to override the user account
       creation  syntax,  see  the  mailFolderCreation  description  for  more
       details.

       Examples

        mailUserCreation="%prefix%%uid%"           => "user.foobar"
        mailUserCreation=my-prefix.%uid%%domain%"  => "my-prefix.foobar@example.com"

       vacationTemplateDirectory path

       The  vacationTemplateDirectory  statement sets the path where GOsa will
       look for vacation message templates. Default is /etc/gosa/vacation.

       Example template /etc/gosa/vacation/business.txt:

          DESC:Away from desk
          Hi, I'm currently away from my desk. You can contact me on
          my cell phone via %mobile.

          Greetings,
          %givenName %sn

       Debug options

       displayErrors bool

       The displayErrors statement tells GOsa to show PHP errors in the  upper
       part  of the screen. This should be disabled in productive deployments,
       because there might be some important passwords arround.

       ldapstats bool

       The ldapstats statement tells GOsa to track LDAP timing  statistics  to
       the  syslog.  This  may  help  to  find indexing problems or bad search
       filters.

       ignoreAcl dn

       The ignoreAcl value tells GOsa to ignore  complete  ACL  sets  for  the
       given  DN.  Add  your  DN here and you'll be able to restore accidently
       dropped ACLs.

       debugLevel integer

       The debugLevel value tells GOsa to display certain information on  each
       page load. Value is an AND combination of the following byte values:

       DEBUG_TRACE   = 1

       DEBUG_LDAP    = 2

       DEBUG_MYSQL   = 4

       DEBUG_SHELL   = 8

       DEBUG_POST    = 16

       DEBUG_SESSION = 32

       DEBUG_CONFIG  = 64

       DEBUG_ACL     = 128

       DEBUG_SI      = 256

       DEBUG_MAIL    = 512

LDAP resource definition

       For  every location you define inside your gosa.conf, you need at least
       one entry of the type referral.  These entries define the  way  how  to
       connect to some directory service.

       Example:

         <referral uri="ldap://ldap.example.net/dc=example,dc=net"
                   admin="cn=gosa-admin,dc=example,dc=net"
                   password="secret" />

       uri  is  a  valid  LDAP  uri  extendet  by  the  base  this referral is
       responsible for.  admin is the DN which has  the  permission  to  write
       LDAP entries. And password is the corresponding password for this DN.

       You can define a set of referrals if you have several server to connect
       to.

Settings for the environment plugin

       In order to make full use of the environment plugin, you  may  want  to
       define  the location where kiosk profiles will be stored on the servers
       harddisk.

       This is done by the kioskPath keyword defined  within  the  environment
       class definition inside your gosa.conf.

       Example:

         <plugin acl="users/environment"
                 class="environment"
                 kioskPath="/var/spool/kiosk"/>

       Make sure, that this path is writeable by GOsa.

Settings for the FAI plugin

       The  FAI  plugin  can  be  used  in a way that it generates branched or
       freezed releases inside your repository. Specifying the postcreate  and
       postmodify   keywords  in  the  servrepository  definition,  calls  the
       provided script as a hook when adding or removing branches. This script
       should do the rest inside of your repository.

       Example:

         <tab class="servrepository"
                 repositoryBranchHook="/opt/dak/bin/get_extra_repos"
                 postcreate="/opt/dak/bin/handle_repository '%lock_dn' '%lock_name' '%lock_type' />

       %lock_dn keeps the base DN of the source branch, %lock_name the name of
       the new branch and %lock_type is either "freeze" or "branch".

       The repositoryBranchHook outputs  additional  releases,  that  are  not
       retrieveable with the standard GOsa/FAI methods.

       If you have only one release, or want to define a default release to be
       shown            by            GOsa,             define             the
       defaultFaiRelease="ou=sarge,ou=fai,ou=configs,ou=syst..."   within  the
       faiManagement class definition

Settings for the addressbook plugin

       The addressbook plugin can be configured to store the addressbook  data
       on  a  special  location.  Use the addressbookBaseDN keyword within the
       addressbook class definition inside your gosa.conf  to  configure  this
       location.

       Default: ou=addressbook.

Settings for system plugins

       For  the workstationStartup and terminalStartup classes, you can define
       the systemKernelsHook keyword. It can load additional kernels that  are
       not retrieveable by standard GOsa/FAI mechanisms.

       In order to make use of SNMP information, you can set the snmpCommunity
       in the terminfo class definition.

       To enable the burn CD image function, you can specify the systemIsoHook
       in  the workgeneric class. You will get a CD symbol in the systems list
       - which calls the hook if pressed.

AUTHOR

       gosa.conf(5) was written by Cajus Pollmeier  for  the  GOsa  project  (
       http://www.gosa-project.org ).