[12:47] <edneymatias> bye!
[01:08] <TrioTorus> guys and gals, I want to install phpldapadmin but it depends on apache1 and php4. Does somebody have it running with apache2 and php5 or is that too adventurous? Just trying this on a home network for now.
[01:09] <ajmitch> TrioTorus: you should be able to install it with apache2 & php5
[01:10] <TrioTorus> any doc/pointers on this?
[01:11] <ajmitch> just install the package :)
[01:11] <TrioTorus> how do I overwrite dependency check?
[01:11] <ajmitch> apt-get install phpldapadmin libapache2-mod-php5
[01:11] <ajmitch> you don't need to
[01:12] <TrioTorus> ah ok
[01:13] <TrioTorus> I started editing the ldapserver wiki page, but it lacks a lot of info right now. I'll try to update it with my findings soon. Anyone wants to cross-check?
[01:15] <lionelp> TrioTorus: I ma the original author of the page, so yes, I am volonteer to cross-check :)
[01:15] <TrioTorus> lionelp: ah ok, thanks, lovely to meet you
[01:16] <lionelp> :)
[01:17] <lionelp> What kind of info was missing for you (just for my personal info to write beter doc next time :-))
[01:17] <TrioTorus> lionelp: I would like a wiki guide that helps to set up a basic but very usable ldap server for somebody who has never set up such a thing before
[01:17] <TrioTorus> lionelp: like what gui are u using for it?
[01:18] <lionelp> Maybe that can be the topic of a second page
[01:18] <lionelp> more directive
[01:18] <TrioTorus> lionelp: I agree
[01:18] <lionelp> "LDAPServerForDummies"
[01:18] <lionelp> A page where we propose a basic configuration without to many explanations for those who are in a hurry
[01:19] <TrioTorus> lionelp: like that would contain me to be honest
[01:19] <TrioTorus> lionelp: yes
[01:19] <lionelp> TrioTorus: I am using gq and a lot a command line
[01:19] <TrioTorus> lionelp: but gq is just a ldap browser, right?
[01:20] <lionelp> yes, it can edit entries too
[01:20] <lionelp> You wantes a GUi for setting the LDAP directory ?
[01:21] <TrioTorus> lionelp: "how to set up ldap, user admin, group admin, bookmarks, adressbook, dnsldap for dummies" something like that.
[01:22] <TrioTorus> lionelp: well, there is a directive for edgy eft to include network authentication over ldap in an easy manner. I would just like to make a start.
[01:22] <lionelp> the problem is to find the good granularity
[01:22] <lionelp> yes
[01:22] <lionelp> ajmitch will do it for us :)
[01:23] <TrioTorus> well, now that I know you guys hang around in here, I'll report back.
[01:23] <TrioTorus> Like for a start, wouldn't you agree that phpldapadmin is a good tool for administering?
[01:23] <lionelp> You're welcome
[01:24] <lionelp> It a tool, like another :)
[01:24] <lionelp> I had problem with it last time i tried it (not on a dapper)
[01:24] <lionelp> but yest, that is a good option
[01:24] <TrioTorus> lionelp: it is, but I want the ldap-noob tool
[01:24] <lionelp> you can give it a try
[01:25] <TrioTorus> ok
[01:42] <edney_brasil> morning all!
[02:11] <TrioTorus> phpldapadmin still depends on libapache-mod-php4 even when installing libapache2-mod-php5 with it. See http://paste.ubuntu-nl.org/15651
[02:11] <TrioTorus> how can I make it not install the php4 module?
[02:40] <lionelp> TrioTorus: apt-get install php5-ldap phpldapadmin
[02:41] <TrioTorus> lionelp: great, thanks, that worked.
[02:42] <TrioTorus> lionelp: how did you figure this out? Can I see dependancy tree easily with apt-get (gentoo convert)
[02:43] <lionelp> Check package Depends information with apt-cache show phpldapadmin
[02:43] <lionelp> You can see the tree with apt-cache depends phpldapadmin
[05:45] <TrioTorus> lionelp: would it be wise to only include users with uid>1000 ubuntu LDAP server?
[05:47] <lionelp> yes !
[05:48] <TrioTorus> so, for ubuntu non-system users and non-system-groups > 1000? I was reading somewhere that some distro's consider everything >100 as non-system
[05:50] <lionelp> Debian policy say that non system users are users > 1000
[05:50] <lionelp> (same for group)
[05:52] <TrioTorus> k, what about if you authenticate against LDAP, but you need to be a member of the video group (gid: 44), will I be able to assign gid 44 to that user, even though this group will not have an entry in the LDAP tree?
[05:53] <lionelp> sure
[05:57] <TrioTorus> the reason I'm asking is: I also want to use the ldap server with a mac client, the system groups might all have different numbers.
[05:58] <lionelp> TrioTorus: ok, that's not a problem
[05:58] <lionelp> for example, my user on my workstation is on my company LDAP
[05:59] <lionelp> but I ma the member of some local groups (audio, video, etc.)
[06:00] <TrioTorus> but that means on the ldap server, those gid's are assigned to you, right? Or is there a more dynamic system?
[06:00] <lionelp> no, I added my LDAP user to local group
[06:00] <lionelp> in /etc/group file
[06:00] <lionelp> my LDAP server ignore all of my local groups
[06:01] <TrioTorus> but that means you have to maintain your /etc/group file on every client.
[06:02] <TrioTorus> which surpassed the aim of setting up an ldap server.
[06:05] <lionelp> Depends on how your clients are the same
[06:05] <lionelp> In the case they are all the same, you can move group in LDAP
[06:05] <lionelp> or change groups for acceding audio/video
[06:06] <lionelp> On another network I administer, audio and video devices are associated to the group of which all users are member of
[06:06] <lionelp> So, everybody can access it
[06:09] <TrioTorus> that's what I would be aiming for. Say you name the audio group 'audio' with gid '1010' this would mean I have to change the gid on the client machine to 1010 for all files that need to acces 1010. This seems like at least the same amount of work. I'm just fishing for a more elegant technique here, but i might be way off.
[06:10] <lionelp> There is not really one way to do that
[06:11] <lionelp> (now I understand what you wanted in howto)
[06:11] <TrioTorus> :-) yeah, these are the questions a noob would want to see huh?
[06:12] <lionelp> :)
[06:12] <TrioTorus> but I'm glad to be able to chat about it
[06:12] <TrioTorus> so, what would you say the choice for a beginner should be: just use id's > 1000 and keep maintaining your /etc/groups file?
[06:14] <lionelp> I personnaly find this is the easier way to acheive
[06:15] <lionelp> You will have to modify all clients (or by hand,  or a framework) for LDAP configuration
[06:15] <lionelp> so...
[06:15] <lionelp> That's only one more line to add
[06:15] <lionelp> On your network, does all your users have to connect to all the workstations ?
[06:15] <lionelp> do you have numerous users ?
[06:16] <TrioTorus> good point, no, I only have a 5 users, but they should be able to acces all machines. And I'm only setting this up as proof of concept.
[06:17] <lionelp> Ok
[06:17] <lionelp> I will add a wiki page with some notes I have on another wiki about configuration on workstations
[06:18] <TrioTorus> wonderfull
[06:21] <TrioTorus> Let me maybe paint the bigger picture: I'm leading a small special fx company that uses linux for the creation of 3D graphics. Unfortunately, for compositing and editing, the mac is unbeatable on this field for now. So transparancy between os x and linux would be wonderfull (it's so close already). This is specific to my shop, but I'm sure others would vastly benefit from transparent os x and linux accounts.
[06:22] <lionelp> It can be integrated
[06:22] <lionelp> but I do not owned a Mac myself
[06:39] <thefish> TrioTorus: have a look here, i think thats everything you need: http://times.usefulinc.com/2005/09/25-ldap
[06:41] <TrioTorus> lionelp: thanks for the link. I'll read it. I just thought of this though: a solution would be to make group a member of a group then I could have in /etc/group this for example: audio:x:29:ldapusers where ldapusers is a group in itself
[06:46] <thefish> TrioTorus: why not just keep the groups in ldap as well
[06:48] <TrioTorus> thefish: because I was reading a directive on debian wiki to only include non-system uid and gid's. Moreover, if I combine with local groups on a completely different system (like os x in my case), the results are unpredictable.
[06:48] <TrioTorus> thefish: mind you, this is a thinking exercise
[06:49] <thefish> kay
[06:49] <thefish> i am guessing you want groups for file access permissions?
[06:49] <thefish> if so, you could make custom groups for those
[06:50] <TrioTorus> thefish: on os x, some local groups involve: admin, lpadmin,mail, dialer and so on, and they map to other gid's.
[06:50] <thefish> ye
[06:50] <thefish> so you could make a group called fileaccess in ldap
[06:50] <TrioTorus> thefish: yes I could, but that means on I have to change groups on the client machine to the new gid.
[06:50] <thefish> why?
[06:51] <thefish> if its an ldap group, just change permissions on the files
[06:51] <thefish> those groups will come from ldap, not from local machines
[06:52] <TrioTorus> thefish: that's right, but isn't that a dangerous thing to do? All files that have plugdev need changing to the plugdev_ldap group.
[06:53] <TrioTorus> What if I plug in a usb device? Will it automatically have plugdev_ldap assigned?
[06:53] <thefish> or you could use acls, and just add the groups as well as whatever existing groups
[06:56] <lionelp> thefish: it is more complicated than just changing files permissions
[06:57] <lionelp> you have to change udev permissions in dynamic devices creation
[06:57] <thefish> i see for usb disks etc ye
[06:57] <lionelp> change some groupe of some executables that are setuid
[06:57] <lionelp> thefish: absolutely
[06:57] <thefish> but for nfs or samba it would be fine
[06:57] <lionelp> yes
[06:57] <thefish> ive never tried with usb stuff, sounds fun
[06:57] <lionelp> but the original question of TrioTorus concern audio & video group
[06:58] <lionelp> For 5 users, that's why I advised him to alter local group
[06:58] <TrioTorus> well, as I said, I was thinking out loud.
[06:58] <lionelp> That was to my mind the easiest quand quickest solution to setup
[06:58] <TrioTorus> I want to set it up so that as many people can benefit from this easy setup.
[06:59] <TrioTorus> lionelp: yes, so id>1000 only for now then :-)
[06:59] <lionelp> I'll start writing a more complete page on the wiki later this night
[07:00] <TrioTorus> lionelp: ok, that is already nice. I'll be here tomorrow too.
[07:01] <TrioTorus> one last thought: there should be a mechanism to map gid to other gid and save that in ldap
[07:02] <TrioTorus> If openldap wants to be this big overall authentication tool, man that would be wonderfull
[07:03] <TrioTorus> (if the machine that is connecting is os x, then use this mapping)
[07:46] <edney_ToTheHEXA> see ya!
[08:34] <dwight> need help getting amavis to scan emails
[08:36] <usual> neuralis: I think I figured out my problem witht he HP DL140G2 server. If you remember. I had a problem with the broadcom nic's
[08:37] <usual> neuralis: I havn't tried it yet because the driver download from broadcom is down, but it seems due to GPL violations the tg3 driver in debian is not complete. I have to use their driver. I hope it works
[08:38] <usual> neuralis: I don't know if ubuntu shares that issue or not
[08:47] <usual> I'm going to build the non-free driver with module assistant
[08:51] <dwight> Can anyonr tell me why amavisd no longer use the amavis.conf file? Yes the conf.d directory is easier to work with, but it does not work. WTF?