you need to manage your user directory in a comfortable way just not to create/dig around with complex ldif styled files. To make your life a bit easier for such cases this short tutorial will guide you through the installation of GOsa web interface on top of our ldap service.
All steps will be done on a plain debian buster installation.
Just ssh into you machine and update your cache
$ sudo apt update
$ sudo apt install gosa gosa-schema gosa-plugin-ssh gosa-plugin-ssh-schema gosa-plugin-sudo gosa-plugin-sudo-schema gosa-plugin-systems gosa-plugin-rolemanagement gosa-plugin-ldapmanager gosa-plugin-mail
With listed above packages, Apache webserver and PHP packages are installed automatically as they are required to run GOsa.
Ensure that openLDAP and Apache services are up and running
ps ax | grep "[a]pache\|[s]lapd"
Next, copy /etc/gosa/gosa-apache.conf into /etc/apache2/sites-available/ as gosa.conf
sudo cp /etc/gosa/gosa-apache.conf /etc/apache2/sites-available/gosa.conf
Let's adjust gosa.conf so that it looks like that:
<IfModule mod_php7.c> <VirtualHost _default_:80> DocumentRoot /usr/share/gosa/html <Location /> php_admin_flag engine on php_admin_flag register_globals off php_admin_flag allow_call_time_pass_reference off php_admin_flag expose_php off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag register_long_arrays off php_admin_flag magic_quotes_gpc off php_admin_value upload_tmp_dir /var/spool/gosa/ php_admin_value session.cookie_lifetime 0 include /etc/gosa/gosa.secrets </Location> </VirtualHost> </IfModule>
After your editing you have two options:
sudo ln -s /etc/apache2/sites-available/gosa.conf /etc/apache2/sites-enabled/gosa.conf
and restart apache
sudo systemctl restart apache2
$ sudo a2ensite gosa $ sudo systemctl restart apache2
So, you are almost ready to go, just navigate to http://
<server-ip-address> in your browser and ensure that you see the setup welcome page of GOsa.
There, on the welcome page you will also see what to do next. Just follow the instructions on the screen.
echo -n l0ngstr1ngxxxxxxxxxxxx > /tmp/gosa.auth sudo service apache2 stop sudo sed -i 's/Tmp=true/Tmp=false/' /lib/systemd/system/apache2.service sudo systemctl daemon-reload sudo service apache2 start
After this actions click Next
revert the change made above, just to be on the secure side
sudo service apache2 stop sudo sed -i 's/Tmp=false/Tmp=true/' /lib/systemd/system/apache2.service sudo systemctl daemon-reload sudo service apache2 start
On the second step system ensures you have everything installed.
On the third step you need to accept the license otherwise you would not be able to finish the installation.
Fourth step. Here it comes to configuration of GOsa web interface, how it can communicate to the OpenLDAP server.
As we previously installed ldap service on the same server as gosa, we need to specify the same admin credentials, which we used while configuring ldap server. Click on the button "Check again" and ensure, that credentials are correct. You will see the green message in the bottom. Click
On the next step you will get the message about missing schema, which we need to install.
Install them by running:
for i in /etc/ldap/schema/gosa/*.ldif; do sudo ldapadd -Y EXTERNAL -H ldapi:/// -f $i; done
And recheck the configuration again by clicking on "Check again". You will get the success message.
On the next step you need to migrate the ldap database and create gosa admin.
After you created admin account the 7th step could be skipped, if you want.
Download the config file and put it under /etc/gosa/
Change the owner of that to root:www-data so that web server can read it and change the permissions to 0640
sudo chown :www-data /etc/gosa/gosa.conf sudo chmod 0640 /etc/gosa/gosa.conf
Return to browser and click
Check again, then
Navigate to http://
_<server-ip-address>_ and login with your gosa admin account and the password specified earlier.
That's it, gosa is configured and can be used to manage your user, groups and systems.