User Tools

Site Tools


hannibal:gosa2

Gosa

Prerequisites

The Gosa framework is an PHP-application so we need a webserver that supports PHP. Although most data will be stored in a LDAP-database, some data for Gosa plugins will be stored in a MySQL-database.

For several reasons we usually configure the server on which we install Gosa as a LDAP-client. We also install the smbldap CLI-tools on the Gosa-server.

Documentation on howto deploy the Smbldap-tools is available in the Hannibal fileserver section.

Install these packages to satisfy the Gosa software dependencies and requirements.

  apt-get install apache2 apache2-utils libapache2-mod-php5 \
                  php5-recode php5 php5-cli php5-gd php5-imagick php5-imap \
                  php5-ldap php5-memcache php5-mhash php5-mysql php5-snmp \
                  libgd2-xpm smarty smarty-gettext fping libcrypt-smbhash-perl \
                  wwwconfig-common
  apt-get install mysql-server-5.0 mysql-client-5.0 libdbd-mysql-perl 

And in case you haven't already done so as described in the Hannibal operating system base section:

apt-get install sudo postfix

The Gosa-documentation on installation of PHP is available at https://oss.gonicus.de/labs/gosa/wiki/InstallingPHP

Installation

Binary packages for Debian Sarge are available for download at http://oss.gonicus.de/pub/gosa/debian/ These packages also install on Debian Etch. Download the software and install the packages:

dpkg -i gosa_2.5.15-1sarge1_all.deb
dpkg -i gosa-help-nl_2.5.15-1sarge1_all.deb

These debs install in /usr/share/gosa.

Configuration

PHP configuration

Edit these entries in /etc/php5/apache2/php.ini

...
register_globals = off
session.gc_maxlifetime >= 86400
session.auto_start = off
memory_limit >= 64M
implicit_flush = off
max_execution_time >= 30
expose_php = off
magic_quotes_gpc = on
zend.ze1_compatibility_mode = off
...

Gosa.conf

Edit /etc/gosa/gosa.conf

<?xml version="1.0"?>
<conf>
        <menu>
                <section name="My account">
                        <plugin acl="default" class="user" icon="personal.png"
                                path="plugins/personal/generic" />
                        <plugin acl="default" class="posixAccount" icon="posix.png"
                                postcreate="/usr/bin/sudo /usr/local/bin/gosa_create_homedir.sh %uid" path="plugins/personal/posix" />
<!--                    <plugin acl="default" class="environment" icon="env.png"
                                kioskpath="/var/spool/kiosk"
                                path="plugins/personal/environment" /> -->
                        <plugin acl="default" class="mailAccount" icon="email.png"
                                path="plugins/personal/mail" />
                        <plugin acl="default" class="sambaAccount" icon="samba.png"
                                path="plugins/personal/samba" />
<!--                    <plugin acl="default" class="connectivity" icon="proxy.png"
                                path="plugins/personal/connectivity" /> -->
<!--                    <plugin acl="default" class="gofaxAccount" icon="fax.png"
                                path="plugins/gofax/faxaccount" /> -->
<!--                    <plugin acl="default" class="phoneAccount" icon="phone.png"
                                path="plugins/gofon/phoneaccount" /> -->
<!--                        <plugin acl="default" class="nagiosAccount" icon="monitoring.png"
                                path="plugins/personal/nagios" /> -->
                        <plugin acl="default" class="password" icon="password.png"
                                path="plugins/personal/password" />
                </section>
 
                <section name="Administration">
                        <plugin acl="user" class="userManagement" icon="user.png"
                                path="plugins/admin/users" />
                        <plugin acl="group" class="groupManagement" icon="group.png"
                                path="plugins/admin/groups" />
                        <plugin acl="ogroup" class="ogroupManagement" icon="ogroup.png"
                                path="plugins/admin/ogroups" />
                        <plugin acl="department" class="departmentManagement" icon="department.png"
                                path="plugins/admin/departments" />
                        <plugin acl="application" class="applicationManagement"
                                icon="application.png" path="plugins/admin/applications" />
                        <plugin acl="systems" class="systems" icon="system.png"
                                path="plugins/admin/systems" />
 
                        <!-- Use 'lock_dn'      for dn
                     'lock_name'    for name
                     'lock_type'    for branch/freeze -->
<!--                    <plugin acl="FAIclass" class="faiManagement" icon="fai.png" 
                                postcreate="" 
                postremove="" 
                                path="plugins/admin/fai" /> -->
<!--                    <plugin acl="blocklists" class="blocklist" icon="blocklists.png"
                                path="plugins/gofax/blocklists" /> -->
<!--                    <plugin acl="goFonMacro" class="gofonMacro" icon="macros.png"
                                path="plugins/gofon/macro" /> -->
<!--                    <plugin acl="conference" class="phoneConferenceManagment" icon="conference.png"
                                path="plugins/gofon/conference" /> -->
                </section>
 
                <section name="Addons">
                        <plugin acl="addressbook" class="addressbook" icon="addressbook.png"
                                path="plugins/addons/addressbook" />
<!--                    <plugin acl="faxreport" class="faxreport" icon="reports.png"
                                path="plugins/gofax/faxreports" /> -->
<!--                    <plugin acl="fonreport" class="fonreport" icon="phonereport.png"
                                path="plugins/gofon/fonreports" /> -->
<!--                    <plugin acl="logview" class="logview" icon="logview.png"
                                path="plugins/addons/logview" /> -->
<!--                    <plugin acl="mailqueue" class="mailqueue" icon="mailqueue.png"
                                path="plugins/addons/mailqueue" / -->
                        <plugin acl="ldapmanager" class="ldif" icon="ldif.png"
                                path="plugins/addons/ldapmanager" />
                </section>
        </menu>
 
        <usertabs>
                <tab class="user" name="Generic" />
                <tab class="posixAccount" name="Unix" />
<!--            <tab class="environment" name="Environment" /> -->
                <tab class="mailAccount" name="Mail" />
                <tab class="sambaAccount" name="Samba" />
<!--            <tab class="connectivity" name="Connectivity" /> -->
<!--            <tab class="gofaxAccount" name="Fax" /> -->
<!--            <tab class="phoneAccount" name="Phone" /> -->
<!--            <tab class="nagiosAccount" name="Nagios" /> -->
                <tab class="reference" name="References" />
        </usertabs>
 
        <grouptabs>
                <tab class="group" name="Generic" />
<!--            <tab class="environment" name="Environment" /> -->
<!--            <tab class="appgroup" name="Applications" /> -->
                <tab class="mailgroup" name="Mail" />
                <tab class="acl" name="ACL" />
                <tab class="reference" name="References" />
        </grouptabs>
 
        <appstabs>
                <tab class="application" name="Generic" />
                <tab class="applicationParameters" name="Options" />
                <tab class="reference" name="References" />
        </appstabs>
 
        <conferencetabs>
                <tab class="conference" name="Generic" />
                <tab class="reference" name="References" />
        </conferencetabs>
 
        <macrotabs>
                <tab class="macro" name="Generic" />
                <tab class="macroParameter" name="Parameter" />
                <tab class="reference" name="References" />
        </macrotabs>
 
        <termtabs>
                <tab class="termgeneric" name="Generic" />
                <tab class="termstartup" name="Startup" />
                <tab class="termservice" name="Devices" />
                <tab class="printgeneric" name="Printer" />
                <tab class="terminfo" name="Information" />
                <tab class="reference" name="References" />
        </termtabs>
 
        <servtabs>
                <tab class="servgeneric" name="Generic" />
                <tab class="workstartup" name="Startup" />
                <tab class="servdb" name="Databases" />
                <tab class="servservice" name="Services" />
 
                <!-- external_hook should return something like that 
                         DisplayName:ServerName -->
<!--            <tab class="servrepository" name="Repository"
                        external_hook="/bin/echo ''" />
                <tab class="servrepository" name="Repository" />
                <tab class="faiSummaryTab" name="FAI summary" /> -->
{if $cv.generic_settings.enableDNS}
                <tab class="servdns" name="DNS" />
{else}
                <!--   <tab class="servdns" name="DNS" /> -->
{/if}
{if $cv.generic_settings.enableDHCP}
                <tab class="servdhcp" name="DHCP" />
{else}
<!--   <tab class="servdhcp" name="DHCP" /> -->
{/if}
                <tab class="terminfo" name="Information"
                        snmpcommunity="{$cv.optional.snmpcommunity}" />
                <tab class="glpiAccount" name="Inventory" />
                <tab class="reference" name="References" />
        </servtabs>
 
        <worktabs>
                <tab class="workgeneric" name="Generic" />
                <tab class="workstartup" name="Startup" />
                <tab class="workservice" name="Devices" />
                <tab class="printgeneric" name="Printer" />
                <tab class="terminfo" name="Information" />
                <tab class="faiSummaryTab" name="FAI summary" />
                <tab class="reference" name="References" />
        </worktabs>
 
        <printtabs>
                <tab class="printgeneric" name="Generic" />
                <tab class="reference" name="References" />
        </printtabs>
 
    <phonetabs>
        <tab class="phonegeneric" name="Generic" />
        <tab class="reference" name="References" />
    </phonetabs>
 
    <componenttabs>
        <tab class="componentgeneric" name="Generic" />
        <tab class="reference" name="References" />
    </componenttabs>
 
        <wintabs>
                <tab class="wingeneric" name="Generic" />
                <tab class="reference" name="References" />
        </wintabs>
 
        <deptabs>
                <tab class="department" name="Generic" />
                <tab class="reference" name="References" />
        </deptabs>
 
        <ogrouptabs>
                <tab class="ogroup" name="Generic" />
                <tab class="reference" name="References" />
        </ogrouptabs>
 
        <connectivity>
                <tab class="proxyAccount" />
                <tab class="webdavAccount" />
<!--            <tab class="phpgwAccount" /> -->
                <tab class="intranetAccount" />
<!--            <tab class="opengwAccount" 
            username="OGo"
            password=""
            database="OGo"
            datahost="localhost"
            />  -->
 
<!--            <tab class="pptpAccount" /> -->
<!--            <tab class="phpscheduleitAccount" /> -->
<!--            <tab class="glpiAccount" /> -->
        </connectivity>
 
        <ldiftab>
                <tab class="ldifexport" name="Export" />
                <tab class="xlsexport" name="Excel Export" />
                <tab class="ldifimport" name="Import" />
                <tab class="csvimport" name="CSV Import" />
        </ldiftab>
 
        <faipartitiontabs>
                        <tab class="faiPartitionTable" name="Partitions" />
        </faipartitiontabs>
 
        <faiscripttabs>
                        <tab class="faiScript" name="Script" />
        </faiscripttabs>
 
        <faihooktabs>
                        <tab class="faiHook" name="Hooks" />
        </faihooktabs>
 
        <faivariabletabs>
                        <tab class="faiVariable" name="Variables" />
        </faivariabletabs>
 
        <faitemplatetabs>
                        <tab class="faiTemplate" name="Templates" />
        </faitemplatetabs>
 
        <faiprofiletabs>
                <tab class="faiProfile" name="Profiles" />
                <tab class="faiSummaryTab" name="Summary" />
        </faiprofiletabs>
 
        <faipackagetabs>
                        <tab class="faiPackage" name="Packages" />
        </faipackagetabs>
 
        <main default="Hannibal"
                mailQueueScriptPath="/usr/bin/sudo /usr/local/sbin/mailqueue %action %id %server" 
                enableCopyPaste="false" 
                ppd_path="/var/spool/ppd/" 
                kde_applications_menu="" 
                compile="/var/spool/gosa"
                lang=""
                theme="default"
                debuglevel="0"
                forcessl="false"
                warnssl="false"
                iconsize="48x48"
                pwminlen="6"
                forceglobals="false"
                smbhash='/usr/bin/mkntpasswd'
                session_lifetime="7200"
                schema_check="true"
                max_ldap_query_time="5.0"
                displayerros="false">
 
                <location name="Hannibal"
                        uidbase="1000"
                        governmentmode="false"
                        sambaversion="3"
                        sid="S-1-5-21-1012042874-3742478256-932064966"
                        ridbase="1000"
                        mailMethod="cyrus"
                        hash="md5"
                        dnmode="uid"
                        server="ldap://xenfds:389"
                        login_attribute="uid"
                        tls="true"
                        config="ou=gosa,ou=configs,ou=systems,dc=intra,dc=example,dc=com">
 
                        <referral url="ldap://ldap1.intra.example.com:389/dc=intra,dc=example,dc=com"
                                admin="cn=Directory Manager"
                                password="hannibal" />
                </location>
 
                <language name="German" tag="de_DE" />
                <language name="Russian" tag="ru_RU" />
                <language name="Spanish" tag="es_ES" />
                <language name="French" tag="fr_FR" />
                <language name="Dutch" tag="nl_NL" />
                <language name="English" tag="en_EN" />
                <language name="Italian" tag="it_IT" />
                <language name="Polish" tag="pl_PL" />
 
                <faxformat type="pdf" />
                <faxformat type="ps" />
                <faxformat type="png" />
                <faxformat type="mtiff" />
                <faxformat type="tiff" />
        </main>
</conf>

In the xml file replace in the section main the parameters:

  • default= with your site name
  • sid= with the sid of your samba-server
  • server= with the uri tot your primary or slave ldap-server
  • config= with your ldap-connection string
  • referral url= with the uri tot your primary ldap-server
  • password=

Custom scripts

As described in the Gosa FAQ each Gosa plugin in gosa.conf may have an entry “postremove”, “postmodify” and “postcreate”. You can use ldap attributes as command line options. For instance we wanted Gosa to automagically create a homedir for a user when a user is created so we added a postcreate option to the postxAccount-class in gosa.conf:

...
postcreate="/usr/bin/sudo /usr/local/bin/gosa_create_homedir.sh %uid"
...

Then create the script /usr/local/bin/gosa_create_homedir.sh

#!/bin/bash

# 2008, Hannibal devel-team

# This script is to be called by a 'postcreate' action from within
# the Hannibal Gosa webinterface. An example follows:
#
# postcreate="/usr/bin/sudo /usr/local/bin/gosa_create_homedir.sh %uid"
#
# The user running the webserver (usually www-data) will execute the
# script wrapped by sudo. So you need to grant the www-user sudo
# permissions to  run this script.

# The script takes one argument which should be the username.

mkdir -p /home/$1

sleep 2

chown -R $1 /home/$1

Set proper permissions on the script.

chmod 744 /usr/local/bin/gosa_create_homedir.sh

Then grant the www-data user sudo permissions to execute the script. Run 'visudo' and add lines like so:

...
Cmnd_Alias GOSA = /usr/local/bin/gosa_create_homedir.sh
...
www-data ALL = (ALL) NOPASSWD: GOSA
...

Action

Now point youw webbrowser to http://xenweb01.example.local/gosa and login in with username gosadmin and password xxxxx.

hannibal/gosa2.txt · Last modified: 2008/06/26 07:42 by Olivier Brugman