Bug#1071096: gosa: default ldap setup requires schema whose installation is apparently non-trivial to figure out and broken

Josip Rodin joy at debbugs.entuzijast.net
Tue May 14 09:40:17 BST 2024 

Package: gosa
Version: 2.8~git20230203.10abe45+dfsg-1+deb12u2

Hi,

So I wanted something to replace phpldapadmin, this turned up in apt cache
search web ldap, and so I installed it, opened the /gosa URL on the website,
authorized it with the provided shell command, connected to the pre-existing
slapd, and then /gosa/setup.php said:

  LDAP schema check
  5 / 7
  Schema specific settings
  warning
  Attention
  Schema check failed The following object classes are missing:

      gosaObject
      gosaAccount
      gosaLockEntry
      gosaDepartment
      gosaCacheEntry
      gosaProperties
      gosaConfig

If this is not optional, it needs to be stated somewhere more prominently,
or it needs to be made optional. The package description says "Web Based
LDAP Administration Program", it does not say it only works with its own
LDAP schema.

/usr/share/doc/gosa/README.Debian says at the very bottom:

> * Generic information
> 
> Getting GOsa running itself is not very complicated. Problems normally
> arise when integrating it in various services.

This is apparently untrue. It would be better not to make such sweeping
statements at the start of the documentation.

> To play nice with your LDAP, you need to include the gosa schema files
> into your LDAP configuration.
> 
> For Debian, you should install the gosa-schema package and take a look at
> the sample slapd.conf provided in /usr/share/doc/gosa/contrib/openldap.

Installed the package, it does not ship any such directory:

% dpkg -L gosa-schema | grep /usr/share/doc/gosa/contrib/openldap
%

> The GOsa² schemas are located in /etc/ldap/schema/gosa.
> 
> Add these lines to slapd.conf for loading GOsa² schema files into slapd:
> 
> # These should be present for GOsa.
> include         /etc/ldap/schema/gosa/samba3.schema
> include         /etc/ldap/schema/gosa/gosystem.schema
> include         /etc/ldap/schema/gosa/gofon.schema
> include         /etc/ldap/schema/gosa/gofax.schema
> include         /etc/ldap/schema/gosa/goto.schema
> include         /etc/ldap/schema/gosa/goserver.schema
> include         /etc/ldap/schema/gosa/gosa-samba3.schema
> include         /etc/ldap/schema/gosa/trust.schema

slapd.conf does not exist on modern OpenLDAP slapd, hasn't for at least a
couple of Debian releases, so this is useless as is?

I noticed the same .schema files are accompanied by .ldif files, which could
be usable. However, trying that produced:

% sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/gosa/gosa-samba3.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapadd: invalid format (line 57) entry: "cn=gosa-samba3,cn=schema,cn=config"

So, yeah, all in all this is a very frustrating onboarding experience.

Please fix it. TIA.

-- 
Josip Rodin

More information about the Debian-edu-pkg-team mailing list