#ubuntu-directory 2006-11-06
<wasabi_> I have no idea.
<wasabi_> Ya'll are trying to convince us to choose winbind, for very valid reasons.
<wasabi_> But of course, it's called 'WINbind' for a very valid reason.
<abartlet> I'll assert that for sensible values of 'something else', that samba is very likely to be involved anyway
<wasabi_> Sure, any any networking involving any windows machine, Samba will be present.
<abartlet> so, is it worth the effort to design the perfect system, for the network that does not exist?
<wasabi_> So, what I'm thinking of, is the pure Unix situation... Unix workstation authing against unix server.
<wasabi_> Also a good question.
<abartlet> do such networks exist, in a scale worth considering these days?  Isn't there always one windows desktop, to put a fly in the ointment?
<wasabi_> I want to know how far of a stretch is it to think that winbind could be extended to have a AD backend, and a plain kerberos-ldap backend.
<wasabi_> And form a real replacement for NSS
<abartlet> perhaps this is a more interesting line of enquiry:
<abartlet> design a replacement for the ticket management components of winbindd
<abartlet> sort of like kcm, I think
<wasabi_> I guess my vision is apps would talk to *bind directly.
<wasabi_> Avoiding the NSS layer.
<abartlet> that would be a very poor solution
<wasabi_> Why?
<abartlet> you need the plugin layer, and nss is the best we have
<abartlet> I liked your idea of extending nss
<wasabi_> I think politically that would fall flat on it's face.
<abartlet> why?
<wasabi_> Might be a POSIX issue out there... if we add a 'realm' table.
<wasabi_> Or all those new query APIs we would need.
<wasabi_> People would choose not to use them, for compatilbity to !linux
<abartlet> the number of applications that need to use the new API?
<wasabi_> The async APIs, I'd hope everything.
<wasabi_> UI anyways.
<abartlet> sure, now you have cut things down *a lot*
<abartlet> only UI, and I suspect only GUI applications will want/need to use the new API
<abartlet> in particular, ACL editors are the major case
<wasabi_> Yeah, well, I'd hope a "drop down of user lists" changes to a box similar to what's in windows, everywhere it's present.
<wasabi_> Which lets you search specific realms, etc.
<wasabi_> so you can type somebody's NAME, not just their username.
<abartlet> it's not present in many places, and is a common GUI element in windows
<abartlet> for good reason
<wasabi_> Sure. They'd be a single shared widget for it.
<wasabi_> I dunno. Do you think it'd be easier to build all the cool stuff into NSS, or build out winbind to have backend modules.
<wasabi_> And continue to use nss_winbind, just like now.
<tmh_> that's destroying the whole idea of NSS. NSS is supposed to be the thing with backends.
<ajforgue> Is winbind only around to support Linux if the AD admin can't or won't extend the schema to support POSIX fields (SFU, ad4unix)?
<abartlet> no, it does far more than that
<wasabi_> Other things than schema apply.
<wasabi_> password changing, host kerberos maintence, etc.
<abartlet> and it does a far better job than just running nss_ldap on a client node
<wasabi_> creating the computer object on join, caching, etc
<abartlet> we take advantage of the extra feilds, if present
<wasabi_> it does site locality stuff now too right?
<abartlet> yep
<ajforgue> got it, never used winbind before, I've always extended the schema
<wasabi_> It's a large base of logic which we really want, for non-AD, too.
<Burgundavia> ajmitch: you around?
<ajmitch> Burgundavia: just back now
<Burgundavia> ajmitch: put n-a up for disucssion, but I wonder if we can merge n-a and that eudubuntu spec
<nkassi> Anyone here is an AD expert ?
<nkassi> or knows AD a bit ?
<Burgundavia> some, but knowledge is rusty and old
<Burgundavia> but my, rather
<ajmitch> Burgundavia: n-a covers more than just the edubuntu stuff though - there's quite a bit of overlap, but n-a covers the pam/winbind/nss stuff as well
<ajmitch> putting n-a up for discussion may not be useful for the spec scheduler
<nkassi> Ok, so OpenLDAP has .schema files but AD seems to have schema definitions stored within the directory is that correct ?
<Burgundavia> ajmitch: you can pulli t off disuccsion then
<wasabi_> who's here?
<SimonAnibal> I am
* ajmitch is here
<fernando> let'me see... yes, I'm here
<robertj> I be here
#ubuntu-directory 2006-11-07
<Burgwork> ajmitch: ping
<nkassi> hello folks.
<fernando> hi nkassi
<nkassi> So what happened to the server ? IRC I mean ?
<ajforgue> ajmitch, I got lost getting back too :D
<ajforgue> wasabi, ^^
<tepsipakki> ajmitch: way to go! :) (raised the priority on net-auth spec)
<tepsipakki> s/on/of/
<ajmitch> tepsipakki: well that's just so we can hope to get it scheduled
<ajmitch> I'll check it with mdz before the scheduler is run tomorrow
<tepsipakki> oh ok
<tepsipakki> I got the impression that the spec isn't endorsed when mdz set it as low priority :=
<tepsipakki> duh, :)
<ajmitch> it's not
<ajmitch> I'll ask him what to do with the others it depends on
<tepsipakki> there are reviews where people complain about the lack of easy integration as a net-auth client.. and then they find that SuSE/RHEL do it
<tepsipakki> but you knew that
<ajmitch> yes, I'm well aware of that :)
<tmh_> ajmitch: any ideas why canonical doesn't think integration to enterprise AD/Novell network isn't a focus? are ubuntus really supposed to be run just on stand-alone workstations?
<nkinder> wasabi: you around?
<ajmitch> tmh_: who knows?
<cliebow> =+-
<ajforgue> -+=
<robertj> =-+
<cliebow>  dang:gave out my pw again
<ajforgue> heh
<cliebow> any of you at mtv?
<ajforgue> yeees
<cliebow> if you come across my ltsp compadres say ello for me
<ajforgue> sure
<ajforgue> I see mcquillan now
<cliebow> gotta give him grief..he inverted a couple letters in my first name and i had to fight to get thru security 8~)
<cliebow> flying home
<ajforgue> enjoy
#ubuntu-directory 2006-11-08
<fernando> moin all
<robertj> wow, it _does_ look like the linux-xp folks actually are making some progress in a sane direction
<robertj> Linux Integration Service is a commercial project with full/part-time
<robertj> development team involved. Thank you for interesting.
<ajmitch> hi
<fernando> hi ajmitch
<ajmitch> robertj: how much of that is actually there..?
<robertj> dunno, just read the website & shot off a one-liner mail to them to ask if it was FOSS or commercial
<nkassi__> Hey
<robertj_> howdy
<nkassi__> So how is UDS going ? Any cool happenings.
<nkassi__> Is there any specs for DHCP+Dynamic Updates ?
<nkassi__> Would that be of any interest ?
<Burgwork> dynamic updates?
<nkassi__> Dynamic SRV I mena
<nkassi__> mean
<Burgwork> ah, no idea
<nkassi__> oh well, I was just thinking. How could would it be to plug a new machine and it to get dhcp and dns setup. Also, I remeber seeing some talks about using PXE boot to image machines. That would be nice too. I guess this is really off topic
<Burgwork> pxe boot is what LTSP already does
<nkassi__> but I was thinking of Thick client.
<nkassi__> You could set a machine to be image on next boot from the management gui somewhere
<nkassi__> Does that make any sense ?
<nkassi__> https://wiki.ubuntu.com/NetbootManagement?highlight=%28CategorySpec%29
<nkassi__> That is what I'm talking about
<nkassi__> I'm not crazy. Woooohooo!
<Burgwork> yes, that would rock
<nkassi__> I could see this fit in with the Directory project. At least the user interface
<nkassi__> That should also be spec I guess. How should the Server administration tool look like and where should they go.
<nkassi__> a uniform set of tools would be nice
<nkassi__> Burgwork: Nice blog post. I was wondering if there was any LDAP schema's available for gconf.
<Burgwork> I think that stuff is non-free, but we coudl probably create a schema
<Burgwork> the next issue is hocking it up to an ldap server
<nkassi__> Well I saw some code online but it seems outdated. At least that is what ajmitch told me the other day
<nkassi__> It really is a must have
<nkassi__> How does Edubuntu lock down their desktops ?
<Burgwork> they don't, currently
<Burgwork> they are working with pessulus and scp
<nkassi__> http://cvs.gnome.org/viewcvs/evolution-gconf-ldap-backend/
<nkassi__> oh ok
<nkassi__> Oh well, that code only seems to care for evolution
#ubuntu-directory 2006-11-10
<Burgundavia> http://richmegginson.livejournal.com/4768.html
<Burgundavia> life is good
<nkassi_> What does he mean by discrete packaging ? They broke it up in pieces finally ?
<Burgundavia> nkassi__: seperation of the non-free java stuff from the actual server
<nkassi> Interesting. Can it function without it ? How does that work out ?
<Burgundavia> yes
<Burgundavia> the java stuff is just a web admin panel
<nkassi> ah nice
<SimonAnibal> Wow
<SimonAnibal> http://www.tangent.com/news/hecc2006/ <- A conference I'm going to
<whiprush> Burgwork: around?
<Burgwork> whiprush: nevetr
<whiprush> heh
<whiprush> hey, so what would be a feasable way to do this:
<whiprush> move the current easyldapserver to something like easyldapserverlongterm or something
<ajmitch> hello Burgwork
<whiprush> and then do easyldapfeisty
<whiprush> Burgwork: just wanted to run that by you to see what you think
<ajmitch> (wiki changes)
<whiprush> because the current spec is huge
<whiprush> and we want to narrow focus for feisty
<Burgwork> whiprush: why just make an easyldapserverfeisty spec
<whiprush> why not you mean right?
<Burgwork> make the current spec informational
* whiprush nods.
<Burgwork> ie: it is information about what we want, not an implementation plan
<pixelpapst> so if we manage to go with slapd 2.3, could the "-F slapd-config-directory" be turned on by default ?
<pixelpapst> then we can play with the dynamic updating stuff whenever it comes up
<pixelpapst> plus, as bonus: just drop packaged schema files into /etc/ldap/slapd.d/cn=config/cn=schema and they are picked up autumatically :-)
<whiprush> https://wiki.ubuntu.com/EasyLDAPServerFeisty
<whiprush> ok
<whiprush> here are the gobby notes
* mode/#ubuntu-directory [+o ajmitch]  by ChanServ
* mode/#ubuntu-directory [+o whiprush]  by ChanServ
<pixelpapst> not sure if somebody's still listening
<pixelpapst> just now i tested the upgrade path from pre-2.3 slapd again
<pixelpapst> with a moderately complex config file
<pixelpapst> basic upgrade path to go from config-file to config-dir:
<pixelpapst>   # sanity checks (config file present, dir not)
<pixelpapst>     mkdir /etc/ldap/slapd.d/
<pixelpapst>   slapcat -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ -b cn=config > /dev/null || die with error
<pixelpapst>   mv /etc/ldap/slapd.conf /etc/ldap/slapd.oldconf
<pixelpapst>   # replace converted standard schema files with canonical copy
<pixelpapst>   # (optional)
<Burgwork> whiprush: packaging for fds will get a lot easier with 1.1
<whiprush> yeah aj was telling me
<whiprush> Burgwork: I still have no idea how all this works, but I'm glad everyone else does
<whiprush> heh
<Burgwork> but if Sun opensources their Java under a good license
<Burgwork> the issues go away, to a certain extent
<Burgwork> still good to split the packages
<pixelpapst> Burgwork: can you make an educated guess on when 1.1 will be released ?
<pixelpapst> (too late for feisty, i know) :)
<Burgwork> no idea
<Burgwork> 1.0.4 just came about yesterday
<Burgwork> likely too late for Feisty
<pixelpapst> yeah, i saw
<pixelpapst> talking about sun and java - appearantly they also want to have their own opensource directory server
<pixelpapst> but not based on their old code, but a complete rewrite in java
<Burgwork> who does?
<pixelpapst> sun
<Burgwork> that is crack, but meh
<pixelpapst> ack
<pixelpapst> vapourcrack :-)
<Burgwork> anybody else here advertised on DW?
<pixelpapst> DW ?
<nkinder> pixelpapst, Burgwork:  We're hoping to get a fds 1.1 beta out by the end of the year.
<Burgwork> distrowatch
<Burgwork> nkinder: ok, you guys rock. Don't know if that will make Feisty though
<nkinder> understood.
<nkinder> How difficult would it to make an Ubuntu native package (it's a .deb, right?) of fds assuming the build-system and dependencies aren't a problem?
<nkinder> We would definitely be interested in someone helping to do that.
<pixelpapst> nkinder: if the build system really does play nice, not very
<pixelpapst> but usually it doesn't (nowhere, not trying to bash you guys :-) )
<nkinder> It should play nice (./configure; make install)
<nkinder> I wrote a new build system.
<pixelpapst> automake-based ?
<nkinder> autoconf, automake, autoheader.
<pixelpapst> yeah, i hate the whole lot of them :-)
<nkinder> It's already checked in, but we're working on instance creation and a few layout things still.
<pixelpapst> but thanks for putting work into that :-)
<nkinder> Yeah, but they're better than our old system.
<Burgwork> nkinder: the person who has done our packaging is ajmitch
<Burgwork> both whiprush and myself are nothing more than admins
<nkinder> ok.  When we finish polishing it, I'll talk with him.
<Burgwork> the sooner you can get that working, the sooner it works for us
<Burgwork> and the less work we have to put into openldap
<pixelpapst> nkinder: ack, it's horrible on the developer and mostly nice on the packager :)
<pixelpapst> Burgwork: damn, just as i start pushing my favourite openldap hacks ;-)
<nkinder> Burgwork:  We hope to have it working by the end of next week.
<nkinder> This is for the core directory only.  No admin server or java console.
<pixelpapst> nkinder: you FDS guys ever been in contact with the Hula crowd ?
<nkinder> We've been separating those into different optional packages.
<nkinder> pixelpapst: Nope.
<nkinder> I heard a rumor that Hula hasn't been getting much attention as of late.
<Burgwork> nkinder: core is whwat re really care about
<Burgwork> and your Hula rumour is somewhat correct
<pixelpapst> as of late == in the last year or in the last month ?
<nkinder> I haven't followed it,  That's just what I heard.
<pixelpapst> the last year was quiet, because all the kewl stuff is happening on a branch
<pixelpapst> which has AFAIK only been packaged for deb/ubuntu
<pixelpapst> but there, the LDAP support now kicks ass
<pixelpapst> alss a bit experimental, but still very pretty
<pixelpapst> only i think they are concentrating pretty heavyly on openldap - even eDirectory gets less attention :)
<pixelpapst> so i hope they get into bed with FDS soon ;-)
<pixelpapst> btw its lunchbreak now in mountain view, right ?
<nkinder> pixelpapst: nope.  I's 1:15 in MV.
<pixelpapst> ack, just looked like that to me from the schedule
<pixelpapst> anyhow, it's 6:18 am here
<pixelpapst> so i'll head for bed
<pixelpapst> even though i'm really in the mood to play with ldap some more :-)
<pixelpapst> oki, appended a bit of info to the gobby document
<pixelpapst> just the last 8 lines
<pixelpapst> feel free to paste this into the wiki, otherwise i'll do so later
<pixelpapst> gotta get some sleep first though :)
<pixelpapst> later, and please enjoy the rest of the conf :)
<ajmitch> nkinder: hi
* mode/#ubuntu-directory [-o ajmitch]  by ajmitch
<nkinder> hey ajmitch
<ajmitch> nkinder: I've been looking at FDS in cvs, I'm very glad to hear you'll have a beta out so soon
* ajmitch is more than happy to work together on getting it packaged
<nkinder> ajmitch: great!  I'd like for us to test the new build-system a bit more and polish a few things with regards to our packaging layout.
#ubuntu-directory 2006-11-12
<zach_> Hi
<Burgundavia> hey zach_
<zach_> Short question: How can I help in the ubuntu-directory team?
<Burgundavia> what kind of skills do you have?
<zach_> my english is ATM a bit poor, first :)
<zach_> I am familar with LDAP and a little with kerberos
<Burgundavia> cool
<Burgundavia> have you done much coding or packaging?
<zach_> I wrote/startet the winbind howto in the wiki
<Burgundavia> ah, excellent
<zach_> my language of choice is python
<Burgundavia> you fit right in
<zach_> no packaging
<zach_> little python and php coding
<zach_> ATM I am not very integrated in the ubuntu community
<Burgundavia> well, welcome
<zach_> my Karma is 4853 :)
<Burgundavia> mine is somewhere north of 1 million
<zach_> ok, where start?
<Burgundavia> well, I am not a major programmer
<zach_> oh and now I have quite a lot spare time
<Burgundavia> I would check in with ajmitch, as is leading the network-auth client effort
<zach_> ok
<zach_> I'll come back in a few minutes
<zch> back (Zach_ => zch)
<zch> is there already code for network-auth available?
<Burgundavia> yes, ajmitch has done some
<zch> already public?
<Burgundavia> yep
<Burgundavia> bzr branch
<zch> where could I find it?
<Burgundavia> https://launchpad.net/people/ajmitch/+branches
<zch> Burgundavia: thanks
<Burgundavia> no worries
<zch> bye
