How to install GOsa2 on RedHat / CentOS (rpm based)

1.0 About this

The goal of this article is to be a base for a complete installarion of GOsa2, it will be used by future articles on what maters with integrating with others services.

2.0 What GOsa2 means?

GOsa2 is the constrict form for GOnicus System Administration.
From author’s site gosa-project.org

A mighty System-/Config-management frontend using LDAP as a backend. It is able to manage POSIX, Samba, Mail, Kolab, FAX, Asterisk and many more services.

3.0 Prerequisites

• A minimal install of CentOS e RedHat 5.3 (This guide is in Portuguese only :( )
• Apache 2.2.x
• PHP 5.2
• OpenLDAP
• Repository yum EPEL

4.0 Instaling pre-requisites

As said before, I’m assuming that you already have an installation of CentOS or Red Hat, therefore, I’ll be covering the system requisites to get a functional GOsa2.

4.1 Installing the yum EPEL repository

1	rpm -ivh http://virtualxp.org/downloads/epel-release-5-3.noarch.rpm

4.2 Setting the repository for GOsa2

Go to /etc/yum.repos.d and create the file GOsa2.repo with your favorite text editor.
File: /etc/yum.repos.d/GOsa2.repo

1

[GOsa]

2	name=GOsa Repository

3	baseurl=ftp://oss.gonicus.de/pub/gosa/redhat

4

enabled=1

5	gpgcheck=0

4.3 Setting the repository for PHP 5.2

GOsa2 needs the PHP 5.2 to run, however, there’s no PHP 5.2 on official repository. With that said, we need to set up a third party repository.

For this article I’ll be using the repository from Utter Ramblings. It’s a nice and reliable repo, you can use it with no fear.

Go to /etc/yum.repos.d and with your favorite text editor create a file called utterramblings.repo.


File: /etc/yum.repos.d/utterramblings.repo

1	[utterramblings]

2	name=Jason's Utter Ramblings Repo

3	baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/

4

enabled=1

5	gpgcheck=1

6	gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

This repo already have a version of Apache 2.2.x (2.2.14 at this momment) that we’ll be using.

4.4 Installing OpenLDAP Server

We’ll use the offical version (which means the one into the repository or Media).
To accomplish this, execute the following command:

1	yum install openldap openldap-clients openldap-servers

5.0 Installing GOsa2 via yum

With the prerequisites satisfied, continue the installation of GOsa2

There are a couple of plugins availiable from GOsa2 respository, doing a search over it, it is possible to get an idea of which of them you really need to install. Install those that suit to your environment.

1	yum search gosa

WARNING: Avoid to install the package gosa-desktop, as it will install Gnome and X.org as dependence.
Below are the packs that we will use in this article. Feel free to alter it.

1

yum install gosa-schema.noarch gosa-plugin-systems.noarch gosa-plugin-sudo.noarch gosa-plugin-squid.noarch gosa-plugin-samba.noarch gosa-plugin-rolemanagement.noarch gosa-plugin-pureftpd.noarch gosa-plugin-mail.noarch gosa-plugin-log.noarch gosa-plugin-ldapmanager.noarch gosa-plugin-dns.noarch gosa-plugin-dhcp.noarch gosa-plugin-connectivity.noarch gosa-plugin-addressbook.noarch gosa-help-en.noarch gosa.noarch

5.1 Edit PHP (php.ini) params to suit GOsa2

To GOsa2 run happy, it’s necessary to alter 2 parameters in file /etc/php.ini. Edit it and save it.

Before:

• expose_php = On
• magic_quotes_gpc = Off

After:

• expose_php = Off
• magic_quotes_gpc = On

5.2 Making sure the services start at boot time

1	chkconfig --levels 35 ldap on

2	chkconfig --levels 35 httpd on

6.0 Setting OpenLDAP to suit GOsa2 needs

With all those work we have done so far, now it’s a critical time, but simple to do.
Will be necessary to suit OpenLDAP to talk to GOsa2, this means showing the right schemas to OpenLDAP.
Make a backup copy from the original slapd.conf file.

1	cd /etc/openldap

2	cp slapd.conf slapd.conf.orig

To generate the cn=Manager password hash.

1	slappasswd -h {SSHA}

2	New password:

3	Re-enter new password:

4	{SSHA}Nag4FWwXLoGO/WpdpFJUlMVCBYwB94wt

The result will be the hash from the entered password, this case I used “fogonacaixadagua”. Keep this hash, we will use it soon.

Now, make your /etc/openldap/slapd.conf look like the one below:


File: /etc/openldap/slapd.conf

01	include         /etc/openldap/schema/corba.schema

02	include         /etc/openldap/schema/core.schema

03	include         /etc/openldap/schema/cosine.schema

04	include         /etc/openldap/schema/dyngroup.schema

05	include         /etc/openldap/schema/inetorgperson.schema

06	include         /etc/openldap/schema/java.schema

07	include         /etc/openldap/schema/misc.schema

08	include         /etc/openldap/schema/nis.schema

09	include         /etc/openldap/schema/openldap.schema

10	include         /etc/openldap/schema/ppolicy.schema

11

12	include /etc/openldap/schema/gosa/samba3.schema

13	include /etc/openldap/schema/gosa/pureftpd.schema

14	include /etc/openldap/schema/gosa/gofon.schema

15	include /etc/openldap/schema/gosa/gosystem.schema

16	include /etc/openldap/schema/gosa/goto.schema

17	include /etc/openldap/schema/gosa/gosa-samba3.schema

18	include /etc/openldap/schema/gosa/gofax.schema

19	include /etc/openldap/schema/gosa/goserver.schema

20	include /etc/openldap/schema/gosa/goto-mime.schema

21	include /etc/openldap/schema/gosa/trust.schema

22	include /etc/openldap/schema/gosa/dnszone.schema

23	include /etc/openldap/schema/gosa/gosa_custom.schema

24

25	pidfile     /var/run/openldap/slapd.pid

26	argsfile    /var/run/openldap/slapd.args

27

28	database    bdb

29	suffix      "dc=FogoNaCaixadAgua"

30	rootdn      "cn=Manager,dc=FogoNaCaixadAgua"

31

32	# Senha gerada pelo comando slappasswd -h {SSHA}

33	rootpw      {SSHA}Nag4FWwXLoGO/WpdpFJUlMVCBYwB94wt

34

35	directory   /var/lib/ldap

36

37	index entryCSN,entryUUID eq

38	index uid,mail eq

39	index gosaMailAlternateAddress,gosaMailForwardingAddress eq

40	index cn,sn,givenName,ou pres,eq,sub

41	index objectClass pres,eq

42	index uidNumber,gidNumber,memberuid eq

43	index gosaSubtreeACL,gosaObject,gosaUser pres,eq

44	index sambaSID eq

45	index sambaPrimaryGroupSID eq

46	index sambaDomainName eq

47

48	cachesize 100000

To copy some schemas that aren’t on schemas’ dir:

1	cp /usr/share/gosa/plugins/pureftpd/contrib/pureftpd.schema /etc/openldap/schema/gosa

2	cp /usr/share/gosa/plugins/dns/contrib/dnszone.schema /etc/openldap/schema/gosa

Create the file /etc/openldap/schema/gosa_custom.schema with the following content:

File: /etc/openldap/schema/gosa_custom.schema

01	#$Id: authldap.schema,v 1.8 2005/03/20 19:10:30 mrsam Exp $

02

#

03	# OID prefix: 1.3.6.1.4.1.25981

04

#

05	# Attributes: 1.3.6.1.4.1.25981.1.1

06

#

07	# Depends on: gosa.schema and cosine.schema

08

09	attributetype ( 1.3.6.1.4.1.25981.1.1.1 NAME 'gosaMailHome'

10	DESC 'The absolute path to the mail message stor directory in a virtual mail setup.'

11	EQUALITY caseExactIA5Match

12	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

13

14

#

15	# Objects: 1.3.6.1.4.1.25981.1.2

16

#

17

18	objectclass ( 1.3.6.1.4.1.25981.1.2.1 NAME 'gosaVirtualMailAccount' SUP top AUXILIARY

19	DESC 'Objectclass to mark Virtual MailAccounts for GOsa (v2.4)'

20	MAY ( gosaMailHome ) )

7.0 Starting OpenLDP

With OpenLDAP server configured and the schemas on the right place, copy DB_CONFIG.example to LDAP’s dir:

1	cd /etc/openldap

2	cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Now, you can start OpenLDAP and you can verify if it’s gonna ok.

1	service ldap start

2	Checking configuration files for slapd:  config file testing succeeded

3

[  OK  ]

4	Starting slapd:                                            [  OK  ]

8.0 Starting Apache

Apache was installed with the GOsa2. The GOsa2 package created the config file to apache, this file can be found at /etc/httpd/conf.d/gosa-apache.conf

File: /etc/httpd/conf.d/gosa-apache.conf

01	# Include GOsa to your web service

02	Alias /gosa /usr/share/gosa/html

03

04

05

06	php_admin_flag engine on

07	php_admin_flag register_globals off

08	php_admin_flag allow_call_time_pass_reference off

09	php_admin_flag expose_php off

10	php_admin_flag zend.ze1_compatibility_mode off

11	php_admin_flag register_long_arrays off

12	php_admin_flag magic_quotes_gpc on

13	php_admin_value upload_tmp_dir /var/spool/gosa/

14	php_admin_value session.cookie_lifetime 0

15	include /etc/gosa/gosa.secrets

16

17

18

19

20	PHP_Fix_Pathinfo_Enable 1

21

22	Options +ExecCGI

23	AddHandler fcgid-script .php

24	FCGIWrapper /var/www/php-fcgi/php-fcgi-starter .php

25	include /etc/gosa/gosa.secrets

26

27

Isnt’ recommended to edit it, do it only if it’s really necessary.


Time to start Apache:

1	service httpd start

2	Starting httpd:                                            [  OK  ]

9.0 Setting GOsa2 through Web interface

After starting Apache, access through of server IP.

9.1 Initial screen of GOsa2 set up

http://192.168.11.13/gosa/

Note the highlighted part on image, it’s necessary to execute the above command to GOsa2 installer know that you have control over server.

1	echo -n 93esjraq6baopmpchl1qsksc84 > /tmp/gosa.auth

After you executed the command, click “Next”.

9.2 Language selection

Pick up the correct one and Click “Next”.

9.3 Environment checking

If you got any error here, get back to: 5.1 Edit PHP (php.ini) params to suit GOsa2.
After all field being marked with Ok, click “Next”.

License agreement

This screen you must accept the license.



After you check it, click “Next.

9.4 LDAP Connection

Here you set the connection between GOsa2 and OpenLDAP that we configured before.



The parts tha need to be changed are marked in 1 and 2:
1. Put the conext to Manager user: “cn=Manager,dc=FogoNaCaixadAgua”
2. Password hash, “fogonacaixadagua”
Click “Next”".

9.5 Schema validation

Yeah!



Click “Next”.

9.6 Setting GOsa2 1/3

Let the default ones and click “Next”.

9.7 Setting GOsa2 2/3

Some settings to GOsa2.

Below I’ll explain the changes done, based on the number into above picture, change them as show.
1. the context that will have the Workstations info from Windows Domain.
2. Timezone for GOsa2.
3. Enable Copy & Paster, it’s a nice function, very interesting when you change some entry into an Organizational Unit, for example.
4. Enable snapshots, they are useful to revert some bat change, for example
5. Put the Manager password, “fogonacaixadagua”.
Click “Next” after you finish it.

9.8 Setting GOsa2 3/3

Last part on setting GOsa2.

1. Enter your SNMP community, if you have one in your network, otherwise put ‘public’.
2. To enable the SUDO config from GOsa2 Interface
Click “Next”.

9.9 Inspecting OpenLDAP

In this screen will have a full check to verify if you have some tree in LDAP, as we started from scratch, it have nothing, because of this you see a lot of “Fails”.

Do not worry, soon it will be all Green ;)
To create a root object, click the button as highlighted on pic below:


After clicking “Try to create a root object” look that the things are starting to getting better :D


First click the button “Migrate”, in “Inspecting object classes in root object” then you will be redirected to the following page:

Click “Migrate”.
Getting back to LDAP Inspection page, click the unique button shown.



This time it’s to create a password for the user ‘admin’ that will log into GOsa2 interface. Enter a password, here is “fogonacaixadagua” then click “Apply”


All nice and green, as I promised you.


Time to go to the last part. Click “Next”.

9.10 Send a feedback

You are on your own.
Finnished, click “Next”.

9.11 Almost END

Download the config file to your computer and then copy it to /etc/gosa on server side, apply the permissions as shown by installer.

1	scp ~/temp/gosa.conf root@192.168.11.13:/etc/gosa

After, on GOsa2 server

1	chown root:apache /etc/gosa/gosa.conf

2	chmod 640 /etc/gosa/gosa.conf

Click “Next” on final step to confirm that the config file is there.

You will be awarded with the login screen, use the ‘admin’ user and the password defined in the install process to login.