Provided by: gosa_2.8~git20230203.10abe45+dfsg-1_all bug

NAME

       gosa.conf - GOsa configuration file

DESCRIPTION

       The  gosa.conf  file  contains  configuration  information  for  GOsa,  a  powerful GPL'ed
       framework for managing accounts and systems in LDAP databases.

       The gosa.conf file is a XML style configuration  file.  It  is  parsed  by  the  GOsa  web
       application  during  log  in.  The file may contain extra tabs and newlines for formatting
       purposes.  Tag keywords in the  file  are  case-insensitive.  Comments  should  be  placed
       outside of XML tags and should be encapsulated inside of <!-- --> tags.

       The  gosa.conf  file  can  be  used  to  configure the look and feel, behaviour and access
       control of the GOsa webinterface.

Configuration layout

       The configuration has to be specified inside of the <conf> tags. It basically consists  of
       three  main parts: menu definition, definition of subdialogs (tabbed dialogs) and the main
       configuration - including information about several locations.

       Layout example:

         <?xml version="1.0"?>

         <conf configVersion="...." >
           <!-- Menu definition -->
           <menu>
           ...
           </menu>

           <!-- Tabbed dialog definitions -->
           ...

           <!-- Global setup -->
           <main>

              <!-- Location specific setups -->
              <location name="">
                ...
              </location>

           </main>

         </conf>

Menu definition

       This tag defines the side and icon menu inside the interface. Defining an entry here is no
       guarantie to get it shown, though. Only entries with matching ACL's get shown.

       There are two types of entries inside of the menu: section and plugin

       Defining a section

       Open  a  <section>  tag including a name attribute. This will show up in the menu as a new
       section later on.  Own entries are not handled via I18N by default. Close  the  </section>
       tag after your plugin definitions.

       Defining a plugin

       Open  a  <plugin> tag including a class attribute. The class should be present inside your
       GOsa setup - the entry will be ignored if it is not.

       Plugins should have an acl entry, that allows GOsa to decide whether a user is allowed  to
       see a plugin or not.  The acl string matches with an ACL definition done inside of GOsa.

       You can override an icon by specifying the icon attribute.

       For  every  plugin, you can provide at least seven additional hooks: precreate, preremove,
       premodify postcreate, postremove, postmodify and check.

       These can be used to perform special actions when a plugins gets a create, delete,  modify
       or  check  request.  As  a  parameter, these keywords get a shell script or program to the
       task.

       NOTE: Any hook call using data input from users (ie: passwords) should  take  measures  to
       prevent  shell injection attacks that could lead to RCE. Specifically with Passwords, Gosa
       has been updated to base64 encode new_password and  current_password  used  for  all  hook
       calls to mitigate this risk. All other values get escapeShellArg() escaped only, which can
       be exploited in certain conditions. Any hook using a password value needs to base64 decode
       the value before using it.

       Example  password  hook:  to  run a single command, like gam, to update passwords, in User
       Password premodify:

              /usr/local/bin/gam update user %uid password $(echo %new_password|base64 -d)

       The create / delete / modify keywords

       These keywords take a full executable path of a script. You can provide certain parameters
       in form of LDAP attributes. '%uid' will pass the current user id, '%dn' the current object
       dn, etc.

       The script gets executed before(pre) and after(post) create, delete or modify tasks.

       The check keyword

       This keyword takes a full executable path of a script. Check is triggered after you  press
       the  -I  "Apply"  or  -I "OK" button. The complete LDAP entry as it will be written to the
       LDAP is passed to your script. If parts of the entry do  not  match  some  logic  of  your
       script,  just  print an error message to STDOUT. GOsa will show this message and abort the
       current process of saving the entry to the LDAP.

       Example menu definition:

         <menu>
           <section name="My account">
             <plugin acl="users/user:self" class="user" check="/usr/local/bin/test_user.sh" />
             <plugin acl="users/samba:self" class="sambaAccount" postcreate="/usr/local/bin/create_share '%uid'" />
           </section>
         </menu>

Tabbed dialog definitions

       Tab definitions define the sub plugins which get included for certain tabbed  dialogs.  If
       you  change  something  here,  never (!) remove the primary (the first) "tab" tag which is
       defined. Most tabbed dialogs need a primary plugin.

       *tab should be looked for by a defined plugin. This one will take every tab defined  class
       and will show it inside of a tabbed dialog with the header defined in name .

       Example tabbed dialog definition:

         <grouptabs>
           <tab class="group" name="Generic" />
           <tab class="environment" name="Environment" />
           <tab class="appgroup" name="Applications" />
           <tab class="mailgroup" name="Mail" />
         </grouptabs>

Main section

       The  main  section  defines  global  settings,  which might be overridden by each location
       definition inside of this global definition.

       Example layout:

         <main default="Example Net"
               listSummary="false"
               ... >

               <location name="Example Net"
                         hash="md5"
                         accountPrimaryAttribute="cn"
                         ...

                         <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
                                   admin="cn=gosa-admin,dc=example,dc=net"
                                   password="secret" />

               </location>

         </main>

       Generic options

       forceGlobals bool

       The forceGlobals statement enables PHP security checks to force  register_global  settings
       to be switched off.

       forceSSL bool

       The  forceSSL  statement  enables PHP security checks to force encrypted access to the web
       interface. GOsa will try to redirect to the same URL - just with https://.

       warnSSL bool

       The warnSSL statement enables PHP security checks to detect non encrypted  access  to  the
       web interface. GOsa will display a warning in this case.

       modificationDetectionAttribute string

       The  modificationDetectionAttribute  statement  enables GOsa to check if a entry currently
       being edited has been modified from someone else outside GOsa in  the  meantime.  It  will
       display  an  informative dialog then. It can be set to entryCSN for OpenLDAP based systems
       or contextCSN for Sun DS based systems.

       logging string

       The logging statement enables event logging on GOsa side. Setting it to  true,  GOsa  will
       log  every action a user performs via syslog. If you use rsyslog and configure it to mysql
       logging, you can browse all events within GOsa.

       GOsa will not log anything, if the logging value is empty or set to false.

       loginAttribute string

       The loginAttribute statement tells GOsa which LDAP attribute is used  as  the  login  name
       during login. It can be set to uid, mail or both.

       copyPaste bool

       The copyPaste statement enables copy and paste for LDAP entries managed with GOsa.

       enableSnapshots bool

       The  enableSnapshots  statement  enables  a snapshot mechaism in GOsa. This enables you to
       save certain states of entries and restore them later on.

       snapshotBase dn

       The snapshotBase statement defines the base where snapshots should be stored inside of the
       LDAP.

       snapshotURI uri

       The  snapshotURI  variable  defines the LDAP URI for the server which is used to do object
       snapshots.

       snapshotAdminDn dn

       The snapshotAdminDn  variable  defines  the  user  which  is  used  to  authenticate  when
       connecting to snapshotURI.

       snapshotAdminPassword string

       The  snapshotAdminPassword  variable defines the credentials which are used in combination
       with snapshotAdminDn and snapshotURI in order to authenticate.

       config dn

       The config statement defines the LDAP base, where GOsa stores management information, such
       as site wide locking and user notifications.

       templateCompileDirectory path

       The  templateCompileDirectory statements defines the path, where the PHP templating engins
       smarty should store its compiled GOsa templates for improved speed. This path needs to  be
       writeable by the user your webserver is running with.

       timezone string

       The  timezone  statements  defines the timezone used inside of GOsa to handle date related
       tasks, such as password expiery, vacation messages, etc.  The timezone value should  be  a
       unix conform timezone value like in /etc/timezone.

       honourIvbbAttributes bool

       The  honourIvbbAttributes  statement  enables  the  IVBB mode inside of GOsa. You need the
       ivbb.schema file from used by german authorities.

       strictNamingRules bool

       The strictNamingRules statement enables strict checking of uids and group  names.  If  you
       need characters like . or - inside of your accounts, set this to false.

       allowUidProposalModification bool

       The  allowUidProposalModification  statement  enables the abilitiy to modify uid proposals
       when creating a new user from a template.

       honourUnitTags bool

       The  honourUnitTags  statement  enables  checking  of  unitTag   attributes   when   using
       administrative  units.  If  this  is  set  to  true  GOsa  can only see objects inside the
       administrative unit a user is logged into.

       rfc2307bis bool

       The rfc2307bis statement enables rfc2307bis style groups  in  GOsa.  You  can  use  member
       attributes  instead  of memberUid in this case. To make it work on unix systems, you've to
       adjust your NSS configuration to use rfc2307bis style groups, too.

       ppdPath path

       The ppdPath variable defines where to store PPD files for the GOto environment plugins.

       ppdGzip bool

       The ppdGzip variable enables PPD file compression.

       resolutions path

       The resolutions variable defines a plain text file which contains  additional  resolutions
       to be shown in the environment and system plugins.

       htaccessAuthentication bool

       The  htaccessAuthentication  variable  tells GOsa to use either htaccess authentication or
       LDAP authentication. This can be used if you want to use i.e. kerberos to authenticate the
       users.

       gosaSupportURI URI

       The  gosaSupportURI  defines  the  major  gosa-si server host and the password for GOsa to
       connect to it.  can be used if you want to use i.e. kerberos to authenticate the users.

       The format is:

       credentials@host:port

       gosaSupportTimeout integer

       The  gosaSupportTimeout  sets  a  connection  timeout  for  all   gosa-si   actions.   See
       gosaSupportURI for details.

       Browser and display options

       listSummary true/false

       The  listSummary  statement determines whether a status bar will be shown on the bottom of
       GOsa generated lists, displaying a short summary of type and number  of  elements  in  the
       list.

       sendCompressedOutput true/false

       The  sendCompressedOutput  statement  determines  whether  PHP should send compressed HTML
       pages to browsers or not. This may increase or decrease the performance, depending on your
       network.

       storeFilterSettings true/false

       The  storeFilterSettings  statement determines whether GOsa should store filter and plugin
       settings inside of a cookie.

       language string

       The  language  statement  defines  the  default  language  used  by  GOsa.  Normally  GOsa
       autodetects  the language from the browser settings. If this is not working or you want to
       force the language, just add the language code (i.e. de for german) here.

       theme string

       The theme statement defines what theme is used to display GOsa pages. You can install some
       corporate  identity  like  theme  and/or modify certain templates to fit your needs within
       themes. Take a look at the GOsa FAQ for more information.

       sessionLifetime int

       The sessionLifetime value defines when a  session  will  expire  in  seconds.  For  Debian
       systems,  this  will  not work because the sessions will be removed by a cron job instead.
       Please modify the value inside of your php.ini instead.

       Password options

       passwordMinLength integer

       The passwordMinLength statement determines whether a newly entered password has to be of a
       minimum length.

       passwordMinDiffer integer

       The  passwordMinDiffer  statement  determines  whether  a newly entered password has to be
       checked to have at least n different characters.

       passwordProposalHook command

       The passwordProposalHook can be used to let GOsa  generate  password  proposals  for  you.
       Whenever  you  change  a  password,  you can then decide whether to use the proposal or to
       manually specify a password.

       /usr/bin/apg -n1

       strictPasswordRules bool

       The strictPasswordRules tells GOsa to check for UTF-8 characters in the supplied password.
       These  Characters  can lead to non working authentications if UTF-8 and none UTF-8 systems
       locales get mixed. The default is "true".

       handleExpiredAccounts bool

       The handleExpiredAccounts statement enables shadow attribute tests during the login to the
       GOsa web interface and forces password renewal or account lockout.

       useSaslForKerberos bool

       The  useSaslForKerberos  statement  defines  the  way  the kerberos realm is stored in the
       userPassword attribute. Set it to true in order to get {sasl}user@REALM.NET, or  to  false
       to  get  {kerberos}user@REALM.NET.  The latter is outdated, but may be needed from time to
       time.

       LDAP options

       ldapMaxQueryTime integer

       The ldapMaxQueryTime statement tells GOsa to stop LDAP  actions  if  there  is  no  answer
       within the specified number of seconds.

       schemaCheck bool

       The  schemaCheck  statement  enables  or  disables  schema  checking  during  login. It is
       recommended to switch this on in order to let GOsa handle object creation more efficient.

       ldapTLS bool

       The ldapTLS statement enables or disables TLS operating on LDAP connections.

       accountPrimaryAttribute cn/uid

       The accountPrimaryAttribute option tells GOsa how to create new accounts. Possible  values
       are uid and cn.  In the first case GOsa creates uid style DN entries:
       uid=superuser,ou=staff,dc=example,dc=net
       In the second case, GOsa creates cn style DN entries:
       cn=Foo Bar,ou=staff,dc=example,dc=net
       If  you  choose  "cn" to be your accountPrimaryAttribute you can decide whether to include
       the personal title in your dn by selecting personalTitleInDN.

       accountRDN pattern

       The accountRDN option tells GOsa to use a placeholder pattern for generating account RDNs.
       A pattern can include attribute names prefaced by a % and normal text:
       accountRDN="cn=%sn %givenName"
       This  will  generate a RDN consisting of cn=.... filled with surname and given name of the
       edited  account.  This  option   disables   the   use   of   accountPrimaryAttribute   and
       personalTitleInDn in your config. The latter attributes are maintained for compatibility.

       personalTitleInDN bool

       The  personalTitleInDN  option  tells  GOsa to include the personal title in user DNs when
       accountPrimaryAttribute is set to "cn".

       userRDN string

       The userRDN statement defines the location where new accounts will be  created  inside  of
       defined departments. The default is ou=people.

       groupsRDN string

       The  groupsRDN  statement  defines the location where new groups will be created inside of
       defined departments. The default is ou=groups.

       sudoRDN string

       The sudoRDN statement defines the location where new groups  will  be  created  inside  of
       defined departments. The default is ou=groups.

       sambaMachineAccountRDN string

       This statement defines the location where GOsa looks for new samba workstations.

       ogroupRDN string

       This statement defines the location where GOsa creates new object groups inside of defined
       departments. Default is ou=groups.

       serverRDN string

       This statement defines the location where GOsa  creates  new  servers  inside  of  defined
       departments. Default is ou=servers.

       terminalRDN string

       This  statement  defines  the  location where GOsa creates new terminals inside of defined
       departments. Default is ou=terminals.

       workstationRDN string

       This statement defines the location where GOsa creates new workstations inside of  defined
       departments. Default is ou=workstations.

       printerRDN string

       This  statement  defines  the  location  where GOsa creates new printers inside of defined
       departments. Default is ou=printers.

       componentRDN string

       This statement defines the location where GOsa creates new network  components  inside  of
       defined departments. Default is ou=components.

       phoneRDN string

       This  statement  defines  the  location  where  GOsa  creates new phones inside of defined
       departments. Default is ou=phones.

       phoneConferenceRDN string

       This statement defines the location where GOsa creates new  phone  conferences  inside  of
       defined departments. Default is ou=conferences.

       faxBlocklistRDN string

       This  statement  defines  the  location  where  GOsa  creates new fax blocklists inside of
       defined departments. Default is ou=blocklists.

       systemIncomingRDN string

       This statement defines the location where GOsa looks for new systems to be joined  to  the
       LDAP.  Default is ou=incoming.

       systemRDN string

       This  statement defines the base location for servers, workstations, terminals, phones and
       components. Default is ou=systems.

       ogroupRDN string

       This statement defines the location where  GOsa  looks  for  object  groups.   Default  is
       ou=groups.

       aclRoleRDN string

       This  statement  defines  the location where GOsa stores ACL role definitions.  Default is
       ou=aclroles.

       phoneMacroRDN string

       This statement defines the location where GOsa  stores  phone  macros  for  use  with  the
       Asterisk phone server.  Default is ou=macros,ou=asterisk,ou=configs,ou=systems.

       faiBaseRDN string

       This  statement  defines  the  location  where  GOsa  looks  for FAI settings.  Default is
       ou=fai,ou=configs,ou=systems.

       faiScriptRDN, faiHookRDN, faiTemplateRDN,  faiVariableRDN,  faiProfileRDN,  faiPackageRDN,
       faiPartitionRDN string

       These  statement  define the location where GOsa stores FAI classes. The complete base for
       the corresponding class is an additive of faiBaseRDN an and this value.

       deviceRDN string

       This statement defines the location where GOsa looks for devices.  Default is ou=devices.

       mimetypeRDN string

       This statement defines the location where GOsa stores mime type definitions.   Default  is
       ou=mimetypes.

       applicationRDN string

       This statement defines the location where GOsa stores application definitions.  Default is
       ou=apps.

       ldapFilterNestingLimit integer

       The ldapFilterNestingLimit statement can be used to speed up  group  handling  for  groups
       with  several  hundreds  of  members.  The default behaviour is, that GOsa will resolv the
       memberUid values in a group to real names.  To achieve this, it writes a single filter  to
       minimize searches. Some LDAP servers (namely Sun DS) simply crash when the filter gets too
       big. You can set a member limit, where GOsa will stop to do these lookups.

       ldapSizelimit integer

       The ldapSizelimit statement tells  GOsa  to  retrieve  the  specified  maximum  number  of
       results. The user will get a warning, that not all entries were shown.

       ldapFollowReferrals bool

       The ldapFollowReferrals statement tells GOsa to follow LDAP referrals.

       Account creation options

       uidNumberBase integer

       The  uidNumberBase  statement  defines where to start looking for a new free user id. This
       should be synced with your adduser.conf to  avoid  overlapping  uidNumber  values  between
       local  and  LDAP  based lookups. The uidNumberBase can even be dynamic. Take a look at the
       baseIdHook definition below.

       gidNumberBase integer

       The gidNumberBase statement defines where to start looking for a new free group  id.  This
       should  be  synced  with  your  adduser.conf to avoid overlapping gidNumber values between
       local and LDAP based lookups. The gidNumberBase can even be dynamic. Take a  look  at  the
       nextIdHook definition below.

       idAllocationMethod traditional/pool

       The  idAllocationMethod  statement  defines  how  GOsa generates numeric user and group id
       values. If it is set to traditional GOsa will do create a lock and perform  a  search  for
       the  next  free ID. The lock will be removed after the procedure completes.  pool will use
       the sambaUnixIdPool objectclass settings inside your LDAP. This one is unsafe, because  it
       does  not  check  for  concurrent  LDAP access and already used IDs in this range.  On the
       other hand it is much faster.

       minId integer

       The minId statement defines the minimum assignable user or  group  id  to  avoid  security
       leaks with uid 0 accounts. This is used for the traditional method

       uidNumberPoolMin/gidNumberPoolMin integer

       The  uidNumberPoolMin/gidNumberPoolMin statement defines the minimum assignable user/group
       id for use with the pool method.

       uidNumberPoolMax/gidNumberPoolMax integer

       The uidNumberPoolMax/gidNumberPoolMax statement defines the highest assignable  user/group
       id for use with the pool method.

       nextIdHook path

       The  nextIdHook  statement  defines a script to be called for finding the next free id for
       users or groups externaly. It gets called with the current entry "dn" and the attribute to
       be ID'd. It should return an integer value.

       useAutoComplete bool

       The  useAutoComplete  statement allows you to enable/disable the auto-completion mode when
       searching for LDAP objects in a given container. Enable it, if you encounter  long  typing
       delays in GOsa²'s search field.

       passwordDefaultHash string

       The  passwordDefaultHash  statement  defines  the  default password hash to choose for new
       accounts.   Valid   values   are   crypt/standard-des,   crypt/md5,    crypt/enhanced-des,
       crypt/blowfish,  crypt/sha256,  crypt/sha512,  md5,  sha, ssha, smd5, clear and sasl.  The
       complete list is displayed in  the  "Password  storage"  pull-down  menu  in  each  user's
       "Generic/Personal   Information"  view.   These  values  will  be  overridden  when  using
       templates.

       idGenerator string

       The idGenerator statement describes an automatic way to generate new user ids.  There  are
       two basic functions supported - which can be combined:

        a) using attributes

           You can specify LDAP attributes (currently only sn and givenName) in
           braces {} and add a percent sign before it. Optionally you can strip it
           down to a number of characters, specified in []. I.e.

             idGenerator="{%sn}-{%givenName[2-4]}"

           will generate an ID using the full surname, adding a dash, and adding at
           least the first two characters of givenName. If this ID is used, it'll
           use up to four characters. If no automatic generation is possible, a
           input box is shown.

        b) using automatic id's

           I.e. specifying

             idGenerator="acct{id:3}"

           will generate a three digits id with the next free entry appended to
           "acct".

             idGenerator="acct{id!1}"

           will generate a one digit id with the next free entry appended to
           "acct" - if needed.

             idGenerator="ext{id#3}"

           will generate a three digits random number appended to "ext".

       Samba options

       sambaSID string

       The  sambaSID  statement  defines a samba SID if not available inside of the LDAP. You can
       retrieve the current sid by net getlocalsid.

       sambaRidBase integer

       The sambaRidBase statement defines the base id to add to ordinary sid  calculations  -  if
       not available inside of the LDAP.

       sambaHashHook string

       The  sambaHashHook  Field, if blank, samba passwords are not generated or manipulated.  If
       not blank, Gosa will generate an NTLM hash  when  a  user's  password  is  set,  and  will
       lock/unlock this when the account is locked/unlocked using internal functions.  LM hashing
       is intentionally broken (sets the LM hash to a non-valid string) as the method is ancient,
       broken, and rainbow tables exist for all passwords to it. IFF it is needed, set this field
       to "NTLM+LM" and a valid LM hash will be set along side the NTLM one. Note that Gosa  does
       not  use this to specify an actual Hook command, it only cares if its empty, not empty, or
       contains "NTLM+LM".

       Safe default: "NTLM" or leave blank.

       sambaIdmapping bool

       The sambaIdMapping statement tells GOsa to maintain sambaIdmapEntry objects. Depending  on
       your setup this can drastically improve the windows login performance.

       Asterisk options

       ctiHook path

       The  ctiHook statement defines a script to be executed if someone clicks on a phone number
       inside of the addressbook plugin. It gets called with two parameters:

       ctiHook $source_number $destination_number

       This script can be used to do automatted dialing from the addressbook.

       Mail options

       mailMethod Cyrus/SendmailCyrus/Kolab/Kolab22

       The mailMethod statement tells GOsa which mail method the setup should use to  communicate
       with  a  possible mail server. Leave this undefined if your mail method does not match the
       predefined ones.

       Cyrus maintains accounts and sieve scripts in cyrus servers.  Kolab/Kolab22 is like cyrus,
       but  lets the kolab daemon maintain the accounts.  SendmailCyrus is based on sendmail LDAP
       attributes.

       cyrusUseSlashes bool

       The cyrusUseSlashes statement  determines  if  GOsa  should  use  "foo/bar"  or  "foo.bar"
       namespaces in IMAP. Unix style is with slashes.

       cyrusDeleteMailbox bool

       The  cyrusDeleteMailbox  statement  determines if GOsa should remove the mailbox from your
       IMAP server or keep it after the account is deleted in LDAP.

       cyrusAutocreateFolders string

       The cyrusAutocreateFolders statement contains a comma  separated  list  of  personal  IMAP
       folders that should be created along initial account creation.

       postfixRestrictionFilters path

       The  postfixRestrictionFilters  statement defines a file to include for the postfix module
       in order to display user defined restriction filters.

       postfixProtocols path

       The postfixProtocols statement defines a file to include for the postfix module  in  order
       to display user defined protocols.

       mailAttribute mail/uid

       The  mailAttribute  statement determines which attribute GOsa will use to create accounts.
       Valid values are mail and uid.

       imapTimeout Integer (default 10)

       The imapTimeout statement sets the connection timeout for imap actions.

       mailFolderCreation Every mail method  has  its  own  way  to  create  mail  accounts  like
       share/development   or  shared.development@example.com  which  is  used  to  identify  the
       accounts, set quotas or add acls.

       To  override  the  methods  default   account   creation   syntax,   you   can   set   the
       mailFolderCreation option.

       Examples

        mailFolderCreation="%prefix%%cn%"              => "shared.development"
        mailFolderCreation="my-prefix.%cn%%domain%"    => "my-prefix.development@example.com">

       Placeholders

        %prefix%    The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
        %cn%        The groups/users cn.
        %uid%       The users uid.
        %mail%      The objects mail attribute.
        %domain%    The domain part of the objects mail attribute.
        %mailpart%  The user address part of the mail address.
        %uattrib%   Depends on mailAttribute="uid/mail".

       mailUserCreation  This  attribute allows one to override the user account creation syntax,
       see the mailFolderCreation description for more details.

       Examples

        mailUserCreation="%prefix%%uid%"           => "user.foobar"
        mailUserCreation=my-prefix.%uid%%domain%"  => "my-prefix.foobar@example.com"

       vacationTemplateDirectory path

       The vacationTemplateDirectory statement sets the path where GOsa will  look  for  vacation
       message templates. Default is /etc/gosa/vacation.

       Example template /etc/gosa/vacation/business.txt:

          DESC:Away from desk
          Hi, I'm currently away from my desk. You can contact me on
          my cell phone via %mobile.

          Greetings,
          %givenName %sn

       Debug options

       displayErrors bool

       The displayErrors statement tells GOsa to show PHP errors in the upper part of the screen.
       This should be disabled in productive deployments, because there might be  some  important
       passwords around.

       ldapstats bool

       The ldapstats statement tells GOsa to track LDAP timing statistics to the syslog. This may
       help to find indexing problems or bad search filters.

       ignoreAcl dn

       The ignoreAcl value tells GOsa to ignore complete ACL sets for the given DN. Add  your  DN
       here and you'll be able to restore accidentally dropped ACLs.

       debugLevel integer

       The debugLevel value tells GOsa to display certain information on each page load. Value is
       an AND combination of the following byte values:

       DEBUG_TRACE   = 1

       DEBUG_LDAP    = 2

       DEBUG_MYSQL   = 4

       DEBUG_SHELL   = 8

       DEBUG_POST    = 16

       DEBUG_SESSION = 32

       DEBUG_CONFIG  = 64

       DEBUG_ACL     = 128

       DEBUG_SI      = 256

       DEBUG_MAIL    = 512

LDAP resource definition

       For every location you define inside your gosa.conf, you need at least one  entry  of  the
       type referral.  These entries define the way how to connect to some directory service.

       Example:

         <referral uri="ldap://ldap.example.net/dc=example,dc=net"
                   admin="cn=gosa-admin,dc=example,dc=net"
                   password="secret" />

       uri  is  a valid LDAP uri extendet by the base this referral is responsible for.  admin is
       the DN which has the permission to write LDAP entries. And password is  the  corresponding
       password for this DN.

       You can define a set of referrals if you have several server to connect to.

Settings for the environment plugin

       In  order  to make full use of the environment plugin, you may want to define the location
       where kiosk profiles will be stored on the servers harddisk.

       This is done by the kioskPath keyword defined  within  the  environment  class  definition
       inside your gosa.conf.

       Example:

         <plugin acl="users/environment"
                 class="environment"
                 kioskPath="/var/spool/kiosk"/>

       Make sure, that this path is writeable by GOsa.

Settings for the FAI plugin

       The  FAI plugin can be used in a way that it generates branched or freezed releases inside
       your repository. Specifying the postcreate and postmodify keywords in  the  servrepository
       definition,  calls  the  provided  script as a hook when adding or removing branches. This
       script should do the rest inside of your repository.

       Example:

         <tab class="servrepository"
                 repositoryBranchHook="/opt/dak/bin/get_extra_repos"
                 postcreate="/opt/dak/bin/handle_repository '%lock_dn' '%lock_name' '%lock_type' />

       %lock_dn keeps the base DN of the source branch, %lock_name the name of the new branch and
       %lock_type is either "freeze" or "branch".

       The  repositoryBranchHook  outputs additional releases, that are not retrieveable with the
       standard GOsa/FAI methods.

       If you have only one release, or want to define a default release to  be  shown  by  GOsa,
       define    the    defaultFaiRelease="ou=sarge,ou=fai,ou=configs,ou=syst..."    within   the
       faiManagement class definition

Settings for the addressbook plugin

       The addressbook plugin can be configured to  store  the  addressbook  data  on  a  special
       location. Use the addressbookBaseDN keyword within the addressbook class definition inside
       your gosa.conf to configure this location.

       Default: ou=addressbook.

Settings for system plugins

       For  the  workstationStartup   and   terminalStartup   classes,   you   can   define   the
       systemKernelsHook  keyword.  It  can  load additional kernels that are not retrieveable by
       standard GOsa/FAI mechanisms.

       In order to make use of SNMP information, you can set the snmpCommunity  in  the  terminfo
       class definition.

       To enable the burn CD image function, you can specify the systemIsoHook in the workgeneric
       class. You will get a CD symbol in the systems list - which calls the hook if pressed.

AUTHOR

       gosa.conf(5) was written by Cajus  Pollmeier  for  the  GOsa  project  (  http://www.gosa-
       project.org ).