Re: [GOsa] configuring gosa during system installation
Am Samstag 08 Mai 2010, 14:42:48 schrieb Andreas B. Mundt:
> Hi,
>
> many thanks for all the answers and hints so far! I will reply to them
> soon, but first a technical question that just came up when I
> excitedly started to make a first draft implementation:
>
> To avoid having the user to click through the gosa builtin
> "configurator" after installing the system, it would be nice to
> prepare gosa already during system installation of our main-server.
>
> The idea is to prepare a gosa.ldif which contains all needed to start
> (dropped into ldap) in combination with the coresponding configuration
> gosa.config.
>
> In gosa.config, timezone and language have to be modified during
> install, as well as ldap and gosa-admin password(-hashes).
>
> For the ldap tree, I guess most parts are straight forward, but how
> can I create the gosaAclEntry? I suspect it has to correspond to the
> gosa-admin (called ldapadmin below). Below you find a draft
> ldif. $ROOTPW is replaced by the password hash during installation.
The ACL entry below keeps a comma separated list of base64 encoded dn's and
the final access rights that this one gets. If the dn never changes (i.e. it is
always a fixed user inside of your skolelinux tree, you never have to change
that.
We do it the same way with FAI based "initial" installs. All you need is a
working gosa.conf, slapd.conf, schema in the right place and a slapadd for the
minimalistic base ldif. You can go further and make the base configurable, too.
But this is a bit more complicated in case of unicode bases.
It would be a good idea to add some acl roles to this base ldif, so that users
don't have to bother with creating ACLs directly. They can just choose from a
predefined ACL set. This is shown in the ACL screencast of
https://oss.gonicus.de/labs/gosa.
I mean: students should be able to change their passwords, teachers may not be
able to do "too much" and superadmins are the most skilled teachers ;-)
Cheers,
Cajus
Reply to: