The script "gosa-encrypt-passwords" modifies group ownerwhip of the gosa configuration file. It uses "www-data" as the apache group by default. In gentoo, the apache group should "apache".
Steps to Reproduce:
1. Delete file /etc/gosa.secrets
2. Run gosa-encrypt-passwords
In the output, you will see an error message saying that there is no "www-data"-group. The file /etc/gosa/gosa.conf is now only readable by user root and group root. It has to be readable by apache web server for gosa to work.
No error message in output of gosa-encrypt-passwords. The file /etc/gosa/gosa.conf is readable by apache to make the gosa website work.
Forgot to mention that gosa-encrypt-passwords is part of the package net-nds/gosa-core.