stelisYeah, it looks OK12:31
stelisThat reminds me...12:31
stelisWindows doesn't expose any Kerberos or LDAP terminology in the default admin interface12:32
Burgworkno, no it doesn't12:32
stelisI'm unsure whether or not this is a good thing12:33
stelisPart-time admins on small networks probably don't know what a DN is12:34
stelisMaybe they don't need to know12:34
stelisNot sure here12:34
stelisInteresting reading: http://primates.ximian.com/~federico/docs/gnome-deployments-2006/index.html12:50
=== stelis [n=se@82-71-4-26.dsl.in-addr.zen.co.uk] has left #ubuntu-directory []
ajmitchthat's interesting01:58
ajmitchI was able to set n-a as a release goal, I thought only ubuntu-drivers could01:59
Burgworkthere is a bug about that01:59
BurgworkI noticed it01:59
ajmitchdoesn't surprise me01:59
ajmitchprobably that anyone in core-dev can02:00
Burgworkno, anybody can02:00
ajmitchthat's worrying02:00
Burgworkhmm, maybe you are right02:00
FujitsuNo, only core-dev can.02:01
BurgworkSorry, you don't have permission to access this page.02:01
ajmitchok, I see it02:01
ajmitchUbuntu Core Development Team02:01
ajmitchit used to be Ubuntu Drivers02:01
Burgworkso anybody in core-dev02:01
FujitsuYes, that's what I was going to point out.02:01
FujitsuYeah, which is OK.02:01
Burgworknot really02:01
Fujitsucore-dev should be trusted enough, shouldn't they?02:02
Burgworkoh wait, I think it was somethignelse02:02
ajmitchFujitsu: they should be trustable, but it still shows up as "propose as a goal"02:02
FujitsuMilestone-targetting specs, Burgwork?02:02
FujitsuAha, I was right.02:03
ajmitchFujitsu: yes, that's a historic problem02:03
Burgworkmilestone != distro02:03
Burgworkwhich is crack02:03
ajmitchthere was a little discussion about that in #launchpad that I saw02:03
FujitsuBurgwork: It's LP, and LP !!= crack.02:04
Burgworkclosed source crack at that02:04
ajmitchthe best kind02:04
FujitsuClosed source often implies crack, but this is particularly potent crack for a closed-source project.02:04
FujitsuA level of crack which even Beryl fails to exceed.02:05
ajmitchnow that's stretching it02:06
FujitsuBeryl and LP must be two of the more crackful projects around, and they're both (going to be) integral parts of Ubuntu :S02:07
BurgworkI think we can win the former fight02:08
=== lophyte [n=dsulliva@ubuntu/member/lophyte] has joined #ubuntu-directory
=== Burgwork [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
=== bmonty [n=bmontgom@ubuntu/member/bmonty] has joined #ubuntu-directory
lophyteBurgwork: ping03:27
Burgworklophyte: pong03:28
lophyteBurgwork: hey.. what should I say to mvo regarding nwu/uus?03:28
Burgworkcan you look over our new spec for sanity?03:28
bmontyajmitch: are you going to link your authtool branch in to the directory team?03:28
lophytethe uus spec?03:28
Burgworkyes, the uus one03:28
ajmitchbmonty: no, it's an open team, i don't feel like having the main branch being commited to by anyone03:29
lophyteI didn't finish the uus spec, I wanted to talk to mvo first before I put any more into it03:29
ajmitchanyone can make their own branch if they choose03:29
ajmitchany one of you could push the code there as well03:29
ajmitchand I'm quickly running out of time to do a pre-UDS cleanup03:30
ajmitchwork is taking most of my time03:30
bmontyI feel your pain :)03:41
ajmitchyeah, deadline was friday :)03:44
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
wasabiYeah. I'm probably going to put the finishing touches on my docs on the plane flight, I suspect.04:31
wasabiI'm booked at work until friday04:31
Burgundaviawasabi: cool04:32
Burgundaviayou should poke at the edubuntu-auth-server spec04:33
=== beazer [n=beazer@203-97-50-115.dsl.clear.net.nz] has joined #ubuntu-directory
beazerHi, I am having trouble with samba 3.0.22 and AD - I seem to be able to join a domain, but a net ads testjoin04:43
beazergives "invalid credentials" and wbinfo -u and wbinfo -g don't return any users or groups04:43
beazerI am now very stuck, so any pointers would be much appreciated04:44
=== nkassi_ [n=nkassi@WK20-156.LEWISWEB.NET] has joined #ubuntu-directory
nkassi_Hey y'all05:56
nkassi_where can I find the logs for this channel ?05:56
Burgundaviankassi_: people.ubuntu.com/~fabbione/irclogs/05:57
nkassi_Burgundavia: Thanks a lot.05:58
Burgundaviano worries05:58
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
=== stelis [n=se@82-71-4-26.dsl.in-addr.zen.co.uk] has joined #ubuntu-directory
stelisnkassi: I saw your comment on the EasyLDAPServer spec09:42
=== MagnusR [n=magru@c83-250-59-127.bredband.comhem.se] has joined #ubuntu-directory
=== fernando [n=fernando@unaffiliated/musb] has joined #ubuntu-directory
=== SimonAnibal [n=sruiz@] has joined #ubuntu-directory
^robertjthat was the other shoe dropping02:17
=== ^robertj rereads Mark's latest blog
stelis^robertj: his post on packaging?02:27
=== wasabi [n=wasabi@ubuntu/member/wasabi] has joined #ubuntu-directory
stelisI've been hoping that something might happen since I saw the dpkg2 spec and the announcement that RPM development has stalled02:35
^robertjstelis: well if Fedora goes along I think something could happen02:36
^robertjstelis: although Redha02:36
^robertjerr Redhat probably wouldn't be happy02:36
stelisThey want to keep the yum/apt layer closely integrated with their tools02:37
stelisNot sure whether they feel strongly about the package format02:37
stelisThey went with yum over smartpm because of the desire for tight integration02:38
wasabiOkay. So I have done a 180 on my NA/CLient plans.02:49
steliswasabi: RichEd and co were just talking about the different auth specs on #ubuntu-meeting02:52
^robertjwasabi: so abortions for some, novelty flags for others?02:56
tepsipakkistelis: where was that announcement regarding RPM?03:04
stelistepsipakki: http://lwn.net/Articles/196523/#Comments03:10
stelisComment from skvidal03:11
stelis(the lead yum developer)03:11
tepsipakkistelis: thanks!03:14
tepsipakkihey, is anyone here using kerberized NFS?03:15
stelisThat was August, though, and I don't follow yum/RPM development anymore03:15
=== SimonAnibal [n=sruiz@] has joined #ubuntu-directory
nkassiStelis: Hey04:31
^robertjwasabi: so winbind is now the one true way ;)04:53
=== SimonAnibal [n=sruiz@] has joined #ubuntu-directory
nkassistelis: Still around ?05:03
^robertjwasabi_: morning05:06
^robertjI see I'm not the only one collecting ^  _'s and __^'s05:07
wasabi_Yeah. So. I'm changing my attack on the client side.05:07
wasabi_Screw NSS, and screw PAM.05:07
wasabi_Going to use winbind.05:08
nkassiCause it works!! (tm)05:18
wasabi_Nope, hold on.05:22
wasabi_Okay, first off, it is the long term desired architecture. Second off, yes, it works now, but only for AD>05:26
wasabi_NSS suffers from some design problems which are going to prevent us from using it into the future... no async API, no realms, no queries, etc.05:27
wasabi_No caching of any sort. Sucky caching where it is.05:27
nkassiSo, SSL is totatly out of the question on the linux side ?05:27
wasabi_The proper long term arch would be a daemon, with arbitrary backends (replacing NSS service modules), with a rich API for querying users/groups, async, etc.05:27
wasabi_What? SSL? Huh? Where'd that come from?05:27
wasabi_Winbind right now is the closest to that.05:28
nkassisorry, I meant LDAP+SSL05:28
wasabi_Take winbind, rename it to something else, split the AD pieces into a backend, and it can formt he basis for a good NSS replacement.05:28
nkassino kerberos05:28
wasabi_What's SSL have to do with anything?05:28
nkassibetween OpenLDAP and Linux client05:28
wasabi_I still have no idea what that has to do with this conversation heh05:29
nkassiForget me, I'm doing calculus right now. I guess I wasn't following.05:29
stelisnkassi: I'm back now...05:31
nkassistelis: you were asking about the piece I put at the end of the easyldapserver spec ?05:32
stelisI was going to suggest that we had a brief discussion here or on the mailing list and then post the results to the Wiki page05:33
stelisRather than appending lots of comments to the spec05:34
stelisMy point of reference for printing is Windows and Active Directory, and I know very little about printing on other systems05:35
nkassiWell, I think that first off there needs to be a blurb about the wizard tool05:35
nkassithat part. Well there are some schema that allow printer information to be stored in the ldap database and I believe, correct me if I'm wrong, the cups can use ldap to query information05:36
stelisThe wizard was a good point - somebody had a Kerberos problem the other day because they forgot to install an NTP service to keep the clocks in sync05:36
stelisThere are too many moving parts for most folks to configure it all by hand05:38
nkassiexactly, if for example, someone would run the wizard and ask for a Domain Controller to be setup then all those things would automagically be installed05:38
stelisLike Windows :)05:38
nkassiI don't really like the AD wizard but a nicer ubuntu style one would be cool05:38
nkassiIn the end the idea is the same.05:39
nkassiIt has too be flexible enough to setup different types of server with a master ldap server somewhere05:39
nkassiSuch that I can run it once on my ldap server, once on my print server, once on my ...05:40
nkassiI could simply be a script that calls apt- to install the required packages and then feeds configuration parameters to debconf or what ever05:40
stelisThat sounds a tidy way of doing it05:41
stelisIt would work from the CLI05:42
nkassiIt could, I always like to have both cli and gui05:42
stelisYes. I think that debconf can run with a GTK graphical interface05:43
nkassiBut since installing a gui on a server is often useless, a cli is required05:43
stelisSince Ubuntu Server doesn't install a GUI by default it would probably have to work as either a Web interface or command-line tool05:44
nkassior the script could feed debconf db with the config parameters before the installation starts05:44
nkassithat might have to change to appeal to the Windows admins. They lover there buttons05:45
nkassinot there ;-)05:45
stelisYes, some people seem a little frightened of CLI05:45
nkassia quote from our resident MCSE: "I can't remember the commands"05:46
SimonAnibalthat's rather sad05:46
SimonAnibalI find that I'd rather type in a command in windows than swim through all the damned GUIs05:46
nkassiis just finding excuses05:46
nkassitrue but they feel exactly the oposite.05:47
SimonAnibalWin+R "iexplore mailhub" instead of "Open up Internet Explorer, click on this link, that link, the other, and you're at your Outlook Web Access login"05:47
stelisI point out that if you can figure out the commands once you can write a script for it, and then not have to do the work yourself :)05:47
nkassiHe laugh at me when I fire up emacs and edit configs. Then I return the favor when he can't figure out what 0x0000223 errors occur.05:47
nkassior mean.05:48
SimonAnibalI'm constantly using Win+R in XP05:48
SimonAnibal(just like Alt+F2 in Ubuntu)05:48
nkassi(the funny thing is that he remembers win commands to restart the update gpos and stuff ;0) )05:49
stelisWe have two guys who complain about Linux and then SSH into Cisco boxes to run IOS05:51
nkassiwoah! I make no sense05:51
stelisBut the junior techs just avoid anything CLI05:51
nkassiWell, they haven't been introduced to it in any courses.05:52
stelisI think that it must come down to familiarity and brand names05:53
stelisCisco is "safe", and Linux somehow isn't05:53
nkassicisco is what management wants and there isn't many options except IOS.05:54
nkassiLinux, well they believe that Windows is easier to maintain because they (manager) can see something on screen.05:54
stelisThey liked Webmin05:55
nkassiOh well they will like a gui wizard05:56
stelisI think configuring the LDAP server itself might doable with a fairly simple tool05:57
stelisMay even simple enough that I could write it05:57
stelisI'm not sure about configuring other services to use a remote DC.05:58
nkassihehe I think a python script could be done in few days05:58
stelisThat's about my level05:58
nkassigenerating a simple slapd.conf file shouldn't be too harsh05:59
stelisBut attaching other services to LDAP may mean rewriting their config files06:00
stelisThat's why I figure it might need a different approach to do that06:01
nkassiwell the first step is configuring slapd and adding one user. Debconf does this already. Needs to be wrapped into a gui06:01
stelisOK I'll make a note to look into GTK for debconf06:01
nkassisecond, a set of default schema should be choosen06:02
nkassi(more can be added later.)06:02
nkassiI guess that at first adding a people, group ou could be done automatically06:02
stelisI think that's on the "outstanding issues".06:03
stelisThere has to be a "manager" account to login to LDAP06:04
nkassiadmin is added by debconf06:04
stelisAnd that probably ought to go into a "Roles" OU06:04
nkassihum, well the acl are in the slapd.conf generated by debconf06:04
stelisI think that the default name for the account in OpenLDAP is manager06:04
stelisYes, that's one thing about OpenLDAP that sucks06:05
nkassiyeah, normally that is set with the rootdn, rootpasswd in the config but debian adds an admin user to the db and adds acl to allow it to do all that stuff (I believe that is what should be done)06:05
stelisFedora Directory Server stores ACLs inside the directory06:06
nkassiOh, nice. Didn't know that06:06
nkassiI love this channel. I learn so much.06:06
stelisIt's very cool to talk to other *NIX admins06:07
stelisA couple of us seem to like FDS, but making it run on Debian/Ubuntu would be a bit of work06:08
nkassiyeah, and openldap is already there. OpenLDAP leave us more freedom too.06:09
nkassiIn terms of interface. (I guess that not really true)06:09
stelisIt's all LDAP commands via whatever library the programming language uses06:10
nkassidoesn't FDS come with a lot of extra stuff ? Could the ldap db part be installed independently ?06:11
stelis(Apart from the text config file bits)06:11
stelisIt comes with a (Perl?) setup script and a bunch of graphical Java appss06:12
stelisFedora are big on GCJ, so presumably those apps will have to work without the Sun JVM.06:13
stelisI don't know whether they do yet.06:13
nkassiI don't think so. I remeber seeing something about the fact that it requires sun java06:14
stelisUbuntu-specific tools probably ought to be written anyway, I guess06:15
nkassiThat would fit better into the GUI style of ubuntu in my mind06:16
stelisI'm also thinking that the standard tools probably ought to avoid the technical terms06:17
stelise.g. say "login as user" rather than  "bind as DN"06:17
stelisBut it's up to whoever actually does the work06:19
nkassiyeah. Maybe it should be in the spec to not use language that is overly complex.06:21
nkassiThink about the folks who will use this with edubuntu06:21
stelisedubuntu may have a different setup - the lead developer was thinking about reusing an existing system called smbldap06:22
nkassithey don't really need to know what dc, dn, cn ... is06:22
nkassiOh really ?06:22
nkassiWell they still need openldap06:23
nkassiand I why would they use samba ? Windows clients ?06:23
stelisI guess so - I hadn't heard of this software before06:24
nkassiit's is used to store the samba user info inside of a ldap directory. Smbldap is what samba uses to query the ldap server I believe.06:25
nkassiUDS will probably use it in the end. Or at least the samba.schema06:25
nkassi(My personal opinion)06:25
stelisWe definitely need the schema06:26
stelisI've never seen a network without Windows on it somewhere06:26
nkassiI seen one,  I didn't provide any support for windows users. It was a research lab. If they ran windows they were on there own06:27
stelisParadise :)06:27
nkassiNow I support windows full time ;0)06:27
stelisIt pays the bills...06:28
nkassiWHY DID I LEAVE06:28
stelisI want your old job06:28
nkassihehe true. Plus I switched school (1500 miles apart)06:28
stelisThat would have made commuting difficult I guess :)06:29
Burgworksmbldap is, afaics, not an LDAP server06:30
nkassino I hope that's not what I said06:31
nkassiNever know, calculus blurs my brain.06:31
=== gottreu [n=gottreu@martok.cc.LaTech.edu] has joined #ubuntu-directory
nkassiso do you have enough to remove my comments and put them into the main spec ? I don't like doing that I feel I'm stepping on someone (who is more knowledgable) toes06:33
stelisI *am* an MCSE06:33
nkassiSorry, I am obligated to quit speaking to you. (just kidding)06:34
stelisI don't feel knowledgeable enough to edit my own spec :)06:34
stelisI admin Linux boxes as well, but as part of Windows domains06:36
stelisSo you probably know far more than me about how auth systems ought to work for UNIX systems06:37
nkassiBurgwork: What is the correct procedure to edit a spec? Can I just put in my change ?06:40
Burgworkthe wiki or the LP one?06:40
Burgworkthe wiki, just edit06:40
nkassioh thanks06:41
nkassi* A graphical Wizard to setup each of the services. Would collect information from user and feed them to debconf. (should support setting up specific services to split up the different components)06:43
nkassiSounds good ?06:43
stelis"supported services" ?06:44
stelisIt may not be possible to make all of them work with LDAP for the first release06:44
nkassiah ok06:45
stelisThere's a long list on the spec, and I don't think that it's complete06:45
stelisBasically all the network services ought to talk Kerberos06:45
stelisEven if they don't store data in the LDAP tree06:46
nkassiI will add cups but that requires some research to make sure it can work06:46
stelisCUPS 1.4 has Kerberos support, but I don't know about storing it's data in LDAP06:47
nkassiwait MikaelOlenfalk added some details about that.06:48
nkassiThis file include a printer.schema06:53
nkassiwhich implements rfc 371206:53
stelisAnd an OpenSSH one as well!06:55
stelisI'd love to have SSH tied into this06:55
nkassicheck out the series of article by the guy. There is tons of good info.06:59
nkassithere 4 parts I believe.06:59
=== nkassi going to Calc 3 class. W00000T!
stelisIt's great to see that somebody still loves maths :)07:00
nkassiI'm about to be a Math Major (+ CS of course) ok I'm really out.07:01
=== nkassi_calc3 [n=nkassi@yoda.tcc.fl.edu] has joined #ubuntu-directory
nkassi_calc3Hey folks07:28
fernandothe easy-ldap-server looks like a distributed directory feature, and a replication service?07:45
nkassi_calc3the easyLDAPserver spec should be renamed UbuntuDirectoryServer07:48
nkassi_calc3cause that is what it's shaping to be07:48
nkassi_calc3darn it, everytime I speak I kill the discussion ;-)07:52
stelisSorry, I was editing the spec and stopped looking at IRC07:55
stelisfernando: it looks like it07:55
stelisAs soon as you have multiple services on multiple systems you need something like this07:56
stelisEven Edubuntu does07:57
stelis1x server per classroom07:57
stelisSay 5 classrooms to a school, plus an Intranet07:57
stelisAnd a proxy server...07:57
stelisAnd so on07:58
stelisFedora Directory Server has the technical capabilities07:58
stelisAnd so does OpenLDAP I guess07:59
fernandoI'm confused. It works with replication, then i have 1 (or more) ldap master and many ldap slaves?07:59
stelisFDS also supports multiple masters I think07:59
stelisMy mistake - I didn't mention master-slave, because I just assumed it.08:01
=== fernando don't like FDS
stelisWe need to pick one or the other I think08:02
Burgworkfds does multimaster08:02
stelisI mostly use AD08:02
stelisSo I'm not qualified to make the call08:02
Burgworkfds is probably the most advanced08:02
Burgworkit has some nasty bits that will need to be worked on08:03
nkassi_calc3We don't have to pick. We can have a server independent system (except for initial config of couse)08:06
Burgworkno, we need to choose a server08:08
Burgworkubuntu has done very well choosing technology until now08:08
fernandothe idea is to use a x.500/LDAP?08:08
Burgworkone specific ldap server08:09
Burgworklikely FDS08:09
Burgworkthat is part of what the easy ldap spec is about08:09
nkassi_calc3I guess.08:09
nkassi_calc3It would have the most management tools08:10
nkassi_calc3Is any one actively porting FDS ?08:10
fernandohttp://www.ietf.org/rfc/rfc2251.txt, section 3.308:10
Burgworkexcept the real world needs multimaster08:11
stelisI've amended the spec to make multiple services explicit08:15
nkassi_calc3http://directory.fedora.redhat.com/wiki/Howto:DebianUbuntu is this any good ?08:16
stelisI guess that means that the core service can be repackaged.08:17
stelisoops, too late08:17
stelisBut I think that Burgwork wasn't happy with some the library dependencies08:18
Burgworkfds is going to be split for the next release08:18
Burgworkthe deps for the server are icky, but for the management console (sun or ibm java),such08:19
stelisI increasingly feel that most management tools are slightly wrong08:19
stelisThey either ought to treat the LDAP directory as LDAP and use the correct terms etc.08:20
stelisOr offer simple management facilities without using any of the terms08:20
stelisWhich probably means that I'm going to have to learn how to write Python Web apps at some point :)08:21
Burgworkyes, yes you are08:21
ajmitchhi Burgwork08:24
nkassiI'm back class ended08:40
gottreucan I ask about LDAP clients in here?08:41
nkassiTurboGears!!! (over kill I know ;-) )08:41
^robertjstelis: why web apps?08:43
stelisHeterogenous networks08:43
fernandogottreu: gq08:43
stelise.g. even if you have a Linux server you may have Windows clients08:44
stelisPossibly even for the majority of desktops08:45
stelisAlso Ubuntu Server has no graphical interface08:45
Burgworkhey ajmitch08:45
fernandoweb apps (python-ldap) ?08:45
stelisfernando: for management08:46
stelisI've updated the spec again08:46
Burgworkthere are a number of client apps08:47
Burgworkgq has issues with its UI08:47
Burgworkit is also not really actively developed08:47
gottreugq is what i'm using now, what does not actively developed mean?08:48
nkassiluma is nice if you don't mind the Qt stuff08:48
gottreuhow can I determine the versions of apps available in drake, eft, etc?08:49
gottreuand possibly backported ones08:49
gottreustelis: thank you08:50
whiprushwasabi_: I really like your NetAuth client spec08:50
stelisI guess that I've thinking about this from two separate angles: generic LDAP service, and specific AD replacement for small networks08:51
stelisIn the first case you want to directly see the DNs and schema08:51
wasabi_whiprush: Glad somebody does. Burg thinks it's too wordy.08:51
wasabi_whiprush: My explicite goal being to SELL Mark, I think it's fine.08:51
whiprushI figured that08:52
nkassistelis: in that case they can easily use tools like gq to hack it up.08:52
wasabi_Obviously none of this is happening unless he puts somebody paid on it.08:52
whiprushplus, there's no real way to do this stuff without being wordy08:52
wasabi_I don't have time to do it, you don't. Nobody here has C, etc.08:52
whiprushI am going to blog about the lists and stuff in a minute.08:52
stelisnkassi: Yes an existing tool would probably be OK08:52
wasabi_Did you notice my amendment about winbind?08:52
whiprushWANTED: Underappreciated C developers.08:52
wasabi_I am radically altering my approach to the problem.08:52
whiprushno I'm only half way through08:53
whiprushgimme 1008:53
stelisIn the second case you want to help people accomplish tasks like "add a printer"08:53
whiprushah that brings up a point08:53
whiprushhave we even talked about printers yet?08:53
nkassiwasabi_: Why is a long term dependence on winbind undesirable ?08:53
whiprushbecause that's going to suck08:53
wasabi_nkassi, doesn't work for anything other than AD.08:53
steliswhiprush: Started to08:53
wasabi_nkassi, part 2 of our mission is our own directory server, using LDAP and Kerberos.08:53
stelisThe EasyLDAPServer specs has comments08:53
whiprushWe should remember to not forget to talk about printers in mv.08:53
wasabi_I'm very disinterested in focusing on printers, actually.08:54
whiprushbecause we should have the cups guy there when we talk printers08:54
nkassiwasabi_: So you want one solution for everything right ?08:54
steliswhiprush: I guess you've already seen this: http://primates.ximian.com/~federico/docs/gnome-deployments-2006/index.html08:54
wasabi_nkassi, cross over would be beneficial.08:54
wasabi_nkassi, since both AD and our thing will be LDAP+Kerberos08:54
whiprushwasabi_: yeah but there's only 2 chances a year where you can sit down with a printers guy, we might as well spec it08:54
stelisI was surprised to see printer management flagged as an issue08:54
whiprushstelis: yeah, I'm in it. :D08:55
nkassiwasabi_ True. Sounds smart ;0)08:55
whiprushstelis: I bitched about printers.08:55
whiprushactually, alot of the longer comments in that survey are mine.08:55
wasabi_An explicite goal of step #1 is to log onto AD though... winbind is the shortest path.08:55
wasabi_And It is a step on the way to a replacement for NSS.08:55
whiprushI gave lots of feedback, took me like 2 days to do it08:55
stelisReplacing NSS?08:55
wasabi_High and mighty goal, eh?08:55
stelisThat sounds radical08:55
wasabi_Completely is.08:55
wasabi_What we need is a robust, async, queryable, user/group base.08:56
wasabi_With support for the concepts of realms.08:56
stelisThat's like replacing the whole init system or something :)08:56
wasabi_Caching built in.08:56
wasabi_Smart fall back.08:56
wasabi_Robost configuration and runtime operation.08:56
stelisStop, I'm drooling08:56
wasabi_Basically that comes down to replacing NSS with a daemon.08:56
wasabi_And proving a local socket interface to it.08:56
nkassiIf the NSS replacement has the benefits of upstart it will be awesome08:57
wasabi_And what is Winbind anyways, except that?08:57
nkassior impact I mean08:57
wasabi_NSS will still exist, obviously, just like a sysvinit init framework will exist with upstart.08:57
wasabi_Just like nss_winbind exists.08:57
wasabi_But a whole new set of rich APIs for querying users will be added.08:57
wasabi_That just doesn't fit into NSS at all.08:57
steliswasabi_: how does mDNS etc. fit in?08:58
wasabi_It doesn't.08:58
stelisI think that Avahi plug into NSS?08:58
wasabi_Such a daemon would be only for user/groups. Not hosts.08:58
wasabi_NSS again, will still exist, and gethostbyname, will still work.08:58
stelisOK, I see08:59
wasabi_All existing programs will not be radically changed to use !NSS.08:59
wasabi_Upstream would have a fit, dropping POSIX basically.08:59
wasabi_But a new set of APIS can be used where it makes sense: GnomeVFS for async resolution of owner info, Nautilus for a better permissions tab.09:00
stelisPOSIX seems a pretty dead standard to me09:00
wasabi_It still holds large importance politically.09:00
^robertjwasabi_: I propose the new system be officially named bangnss09:01
wasabi_Also, it's a reality that gnome targets !Linux.09:01
wasabi_And POSIX is a bridge to that.09:01
wasabi_I suspect there will be a big #ifdef NEW_NSS_THING in Nautilus, with a coorresponding if (able to contact new nss thing) { new way} else { old way; }09:02
stelisTrue, it's just not an area that I have much experience in personally09:02
stelisIt's either Linux or Windows for us09:02
stelisDon't see Sun or AIX coming back on to our network09:02
wasabi_Well, I'd like to reallyk think hard about whatever new User/Group API we come up with. I defintatly want the Samba guys to be involved big time.09:03
steliswasabi_: Have you looked at OLPC at all?09:06
stelisWhat was at the back of my mind when I asked about mDNS was adhoc workgroups09:06
wasabi_What's that mean?09:07
gottreuwhat was that earlier about C developers wanted?09:07
stelisLike a conference or meeting, where the users turn up and share resources09:07
fernandohave you talked with samba4 team?09:07
wasabi_Briefly with jelmer this morning.09:08
fernandodo you have informations about samba4 ldap builtin?09:11
wasabi_Yeah. I have an okay understanding of it now.09:11
wasabi_It's an interesting problem.09:11
^robertjhrmmm, has anyone looked at LAT?09:14
^robertjgtk# directory util?09:14
wasabi_Yeah. I like it.09:14
^robertjI mean it's not python but other than that it looks ok ;)09:15
wasabi_I've got this crazy idea that this new auth server deal will return a uri with each user/group record.09:15
wasabi_where that uri may be a ldap://domain/?(query)09:16
wasabi_And so, you should be able to click on the user from any location, and it would open in the user editor.09:16
^robertjeh, couldn't hurt09:18
stelisI guess that in an ideal world you should be able to type a name in Beagle or whatever and get back the person's contact details09:19
fernandobye all09:19
wasabi_I'm thinking that wouldn't be that hard.09:19
=== ^robertj notes that doesn't work on OS X
wasabi_You've got this name service... you've got a galago feed that pulls from it.09:19
^robertjwhen it says Beagle searches your address book, it means "Beagle searches your local address book file"09:20
^robertjerr not Beagle, Spotlight09:20
wasabi_You've got Beagle which searches Galago.09:20
wasabi_You click on it in Beagle, Galago opens it by opening the handler for ldap:///09:20
wasabi_And up pops the record.09:20
^robertjwasabi: when you sell Mark, try to sell him on a team :)09:24
^robertjbecause err...this is realy an appropriate size project for a small army09:24
wasabi_Yeah. I agree.09:24
stelis^robertj: We seem to getting more than one new sign-up a day on Launchpad09:24
^robertjstelis: I'd say that's next to meaningless09:25
stelisI don't know how many will contribute09:25
^robertjI mean _i'm_ signed up on launchpad09:25
stelisI guess it surprised me, because I didn't think that DS was a cool topic09:26
wasabi_It's not.09:26
stelisBut there is at least a lot of casual interest09:26
wasabi_That's hte problem. Hackers at home don't have a need to work on it.09:26
wasabi_People running huge networks do.09:27
wasabi_And those tend to be corps who pay for commercial ones. ;)09:27
stelisThat's actually something I was thinking about when I wrote the server spec09:27
stelisAnybody who has multiple systems in a small network can use bit of this stuff09:27
stelisBut it's perceived as corporate-only because the UNIX versions are complex09:28
stelisMac OS X and Microsoft Small Business Server are run by IT pros at home09:28
stelisAnd in small businesses where no one knows a thing about Kerberos09:29
ajmitch^robertj: true, it doesn't just need to be wasabi_'s crusade to get hired :) (or mine)09:29
wasabi_Yes, but it is. ;)09:29
ajmitchwasabi_: doesn't always make for the best group environment :)09:30
stelisI work with people who have been pressganged into managing small networks09:30
stelisSo I just wish that it sucked less for them09:31
SimonAnibalHey, I need a quick fact check, and this is the only active ubuntu channel I'm in: Is Ubuntu the most widely installed Linux distro? I seem to remember hearing that, but I don't know where or if it's accurate09:33
stelisSimonAnibal: I don't know how that could be measured09:33
stelisIt's been top on DistroWatch for ages09:33
SimonAnibalMe neither, which is why I'm suspicious09:33
^robertjwell most people probably never change their mirrors09:34
SimonAnibalYeah, I've got that (even more impressive considering it's competing with it's own derivatives on that list, and Kubuntu is number 12 right now)09:34
^robertjso that's probably a pretty good indicator of the networked install base09:34
SimonAnibalHmm, I suppose I should scratch the "largest install base" stuff from my presentation tonight09:35
stelisMost talked about?09:36
SimonAnibalI'll just mention it being at the top of the distrowatch list09:37
stelisThe DistroWatch stats reflect /interest/09:37
stelisOh and there's that Google Trends thing with the pretty graphics09:38
SimonAnibalwhich is to say: what makes a distro go up on that list09:38
stelisPeople visiting the DistroWatch page that talks about that distribution09:39
stelisTwice as many look at the Ubuntu page as the 2nd most popular09:39
SimonAnibalOk, and to someone who's never heard of Distro Watch, why is it important that it's ranked number one on that page?09:40
stelisI'm looking for that Google graph...09:41
stelisThat shows searches against distributions09:41
stelisIt was on Slashdot or something09:41
SimonAnibalGoogle would certainly be a more familiar name as far as dropping statistics09:41
stelisWRT DistroWatch: it's the proportions that are interesting09:43
stelisUbuntu has double the interest that Fedora Core does, and is consistently no. 1 whilst the other distros go up and down rankings depending on whether they've just put out a release09:43
SimonAnibalCool, well, thanks for being helpful! I've got to go before I give my fiancee reason to hurt me!09:45
stelisPlay with it if you have time09:46
SimonAnibalI don't, but oooh09:47
nkassiUbuntu beats Mac OSX on trends ;-)09:47
nkassistelis: People actually use WIN2k3 small bussiness ?09:48
stelisLoads of them09:48
nkassistelis: I heard it suck really really bad09:48
SimonAnibalis that trends of searches performed on the Operating system09:49
nkassistelis: since it misses a lot of the ad tools that EEhas09:49
SimonAnibalor searches performed with any OS usinig that name?09:49
stelisIt had some nasty issues I beleive, but there is a specific scenario:09:49
stelisSimonAnibal: I believe that can compare any five terms09:49
SimonAnibalahh, so it's search terms09:49
stelisIt looks pretty, which all you can ask of stats :)09:50
stelisnkassi: WRT SBS what happens is that a small business hires a consultant09:50
stelisThey only want one server to do file, print, email and calandaring09:51
stelisPlus may be run CRM and payroll apps09:51
stelisSo he clicks the wizards in SBS09:51
nkassistelis: I guess I can see the niche for it09:51
stelisAnd somebody in the business may add and remove ussr accounts etc.09:52
stelisThere's a lot of similarity with small school environments I guess09:52
nkassistelis: I can see the killer market for ubuntu09:52
stelisThe catch is that need LDAP, groupware, and Web application platforms09:53
stelisPlus make it easy for consultants and ISVs to sell it09:53
stelisBecause they won't promote stuff that they can't use09:54
stelisOr make a profit on09:54
stelisMS already developed all this tech for enterprises09:54
stelisSo SBS is nearly pure profit...09:55
=== lophyt1 [n=dsulliva@bas5-toronto63-1096729125.dsl.bell.ca] has joined #ubuntu-directory
nkassistelis: I don't see how free licenses would not allow them to make pure profit. I can see a consultant walking in installing Ubuntu SBE and making 10K for a month of work10:07
nkassistelis: Plus the fact that these setups rarely need more than a few hours of attention.10:08
=== lophyt1 is now known as lophyte
stelisnkassi: Sure, but there's perception that "Free Software" and no license fees means that nobody get paid10:09
stelisThe "Free Software people all live in their parent's basements" BS10:10
nkassistelis: From whom the client or consultant ?10:10
stelisThe consultants often know very little about Linux or OSS10:10
abartletalso, the consultant doesn't bear the risk10:11
abartletif it goes wrong, they get paid to fix it again10:11
stelisabartlet: Absolutely10:11
nkassistelis: oh well, in terms they will see the benefit. If not it's more money for people like us10:11
stelisThe expectations are so low10:11
stelisPeople don't expect their IT to work right :(10:11
nkassithats a good thing cause it never does10:12
stelisIt can10:12
nkassiI agree but currently, even Linux Mac or WIndows don't have anything flawless.10:13
stelisI've just been looking at OpenBSD for small servers...10:13
nkassistelis: Flawless=No job ;-)10:13
nkassiyikes, that would require lots of setup time would it not ?10:14
stelisI've been suprised10:14
stelisIt ships a bunch of standard services in the install10:15
stelisThe installer is really simple10:15
stelisThough the partition editor makes no sense10:15
stelisUntil you read the instructions, really, really carefully10:15
nkassihehe, I got burned on that one once10:16
stelisI love VMware10:16
stelisI've been playing with it in that, and just trashing the VMs10:16
nkassiI agree10:17
stelisI like OpenBSD a lot, but the main software update system is source based10:17
stelisSo I'm not sure whether I'll persist with it, or go back to stripping down Debian installs10:18
nkassiWell I can't live without dpkg&apt anymore10:20
^robertjI'd like to say that I have no interest in working for someone where they are going to complain about the cost of AD10:20
nkassiwhat do you mean ?10:20
nkassiWhere they won't buy Win2K310:21
^robertjnkassi: if you chose not to buy Win2K3 just because you are scared of the initial cost outlay you can't afford to pay someone worth their salt to keep up your directory server10:21
^robertjexcept for CALS there isn't a whole lot of money to be saved from the _software_ cost of Microsoft's server products10:22
stelis^robertj: That's very true10:22
nkassiI guess it's true10:22
stelisIt's the maintenance costs10:22
nkassiBut I guess I wouldn't turn down the savings10:23
^robertjnkassi: but like I said, theres probably not alot of savings to be had in most cases10:24
nkassiWell, the terminal server licenses can bite.10:24
^robertjnkassi: the real advantage gets to be when you have 5000 seats and have to automate all the day-to-day stuff10:24
stelisnkassi: When I said pure profit I meant for MS10:26
stelisThey spent a huge amount developing AD and Exchange10:26
nkassistelis: oh, yeah.10:26
stelisAnd stick new GUIs on it for small business10:26
nkassisadly you had to bring up exchange10:26
stelisI'm very hopeful about Hula10:27
^robertjI'm not10:27
stelisHow so?10:27
nkassiwhat about ZImbra ?10:27
stelisThe search and /backup/ require the proprietary versions10:28
nkassionly the outlook part10:28
nkassioh really ?10:28
stelisI think so, unless it's changed10:28
^robertjPlanet should be covered up with screenshots of Evolution & Hula and rc debs, but it's not10:28
^robertjit's got dork buzz but no street-cred10:29
stelisTrue, but there's been no release for mainstream IT to go potty over10:29
^robertjthus the point about there not being an rc10:30
stelisI spoke to a Hula guy last week10:30
^robertjand also, Samba4 quite simply has to work10:31
stelisHe was very aware that they need to do more to show that the project is alive10:31
stelisVMware machines etc.10:31
stelisUnfortunately they are the depths of a rewrite10:31
^robertjstelis: but there is going to be an incredible drive to get Samba4 really, really spick-and-span10:31
stelisTrue. I guess that's the same issue: the devs need to blog and go to conferences and give presentations and all that stuff10:32
stelisTo get other people interested in testing10:32
nkassistelis:I wish there was a Samba4 dev blog10:33
ajmitchstelis: the same thing needs to happen with ubuntu stuff10:33
^robertjstelis: but if Hula goes away, people will whine. If Samba4 goes away, Redhat will pay to have it nursed back to life.10:33
stelisI was thinking that somebody ought to do a weekly thing on Ubuntu and admin related stuff10:33
stelisGet some buzz going10:33
^robertjstelis: and they need to be a bastard10:33
^robertjstelis: so it can stay short and on-topic and interesting10:34
nkassiI got a 2 ubuntu-administration domain ? I'll be glad to let someone use them10:34
nkassi.org and .com10:35
stelisnkassi: That sounds *very* useful10:35
nkassithey point to opensource parking right now10:35
stelisSee macenterprise.org10:35
stelisAnd afp54810:35
stelisMac admin comminities10:35
nkassiYou know, I didn't want to split the community by creating another site but if there is a need for a Enterprise/Admin only site Iwould be glad to work on it10:37
stelisI would10:37
^robertjnkassi: why not just keep it on the DL10:37
^robertjput up a wikipage for DirectoryIntegrationNews10:37
^robertjor EnterpriseIntegrationHappenings10:37
nkassiSounds good too.10:38
nkassiyeah... DL ?10:38
stelisMy mind is going10:38
stelisA section in Ubuntu Weekly News would one way to do it I guess10:39
stelisThat infrastructure is already there10:39
nkassiI was imagining ubuntu-administration.org to be like debian-administration.org just a bunch of how-to10:39
nkassithen I realised that is what the WIki is for10:40
stelisI was thinking about news10:40
stelisThere's lot of cool stuff going on around GNOME, Ubuntu, Fedora, etc.10:41
nkassiThat could be done easily with wordpress10:41
^robertjI feel like I'm over-newsed as it is though10:41
^robertjmost of the real happenings "X considers Y"10:41
^robertjand then the minute they go up on a web page, they get dugg, and 200 replies10:41
stelisWell I have too many feeds, which is the only reason I know about half the stuff10:41
nkassiDigg has gone down a bit lately.10:42
stelisI can't help but feel that the ifolder and hula lists ought to be buzzing10:42
nkassiv3's new algorithm hasn't really helped10:42
^robertjI've unsubscribed from Digg10:43
^robertjit's now far worse than /. ever was10:43
stelisArsTechnica is now my main tech news source10:43
stelisThe articles are usually intelligent, and the comments as well10:44
stelisplus a zillion feeds10:44
nkassiwhy do people have to post every single 1995 unix tutorial they see ???10:44
stelison digg?10:45
^robertjunix docs are'nt fun to read until you go at least back into the 80s10:45
stelisI love the old UNIX books10:45
nkassiWell, those aren't actually online much.10:45
stelisI took one look at the digg comments and never went back to the site10:46
nkassiBut I have the first oreilly emacs book. That is what I learned emacs with. Haven't read the new stuff10:46
^robertjthen you get all the fun stuff about first boot proccesses where you start by typing ASM, then you recompile the kernel if you are using a hard drive10:46
nkassiAt least Lion10:46
nkassi's is online ;-)10:46
^robertjstelis: I swear, it really makes me want a "turn off comments from south america, france, and the middle east" option in Digg10:47
stelisI still occasionally visit slashdot.org as a guilty pleasure though10:48
nkassiOh well, I still read and I love the read x ;-)10:48
stelisZealotry is *fun* darn it10:49
nkassi10 minutes ....10:49
nkassi(work ends here I mean)10:49
stelis^robertj: WRT Samba4, is there anything Ubuntu-related that could be done to drive interest?10:53
^robertjstelis: well Samba4 is going to happen without any additional interest10:54
^robertjthe question is will Ubuntu be matching pace with it or playing catch up when it does come out10:54
stelisI was thinking about VMware machines with TPs on, I guess10:54
stelisI don't understand the schedule for Samba4 ATM10:55
^robertjstelis: they need real life grinding10:55
nkassiHow long do you think it will take for Samba4 to come out ? (I know it's going to be some christmas (perl 6 reference))10:55
Burgworkno idea10:55
Burgworkthey have not set a date10:55
ajmitchit's far from ready for general release10:56
nkassiWhat is sort of level would TP be ? Beta ? Alpha ?10:56
Burgworkalpha, I think10:57
nkassioh thanks,10:58
^robertjfeature-incomplete pre-alpha10:58
ajmitchpretty much11:06
ajmitcheg I asked about winbindd, and apparantly it's in a few pieces to get the AD integration that samba3 has now11:07
ajmitchso they all need stitched together11:07
ajmitch17:24 <@abartlet> so, we need to work on Samba4's winbindd11:07
ajmitch17:25 <@abartlet> we have the peices, and even a winbindd, but not as much of the actual deamon11:07
^robertjajmitch: are there any core contributors that remain unhired yet ;)11:08
ajmitchcore contributors to..?11:08
ajmitchyeah, there are some11:09
abartletyeah, we have folks who would be very glad to be paid11:12
=== ajmitch wouldn't mind getting paid for something either, but that's probably far in the future :)
nkassi_all this talk about money make me want to buy something11:22
ajmitchI would if I could afford it11:23
nkassi_well, I love student loans ;-)11:24
nkassi_Got a new laptop :-)11:24
nkassi_I won't like them later I guess11:24
ajmitchI'm trying to find some way to pay off mine11:25
nkassi_yeah, I decided I would be a career student that way I will never have to pay them (I dream in 4-dimensions)11:26
ajmitchyou'll find that money is useful at times11:29
nkassi_I'm just kidding.11:30
nkassi_stelis: are you still interested in developing a news site ?11:33
stelisI think that ^robertj is right about starting small11:34
nkassi_I just feel that I wasted 16 bucks11:34
nkassi_At least it's supporting somehting. Opensourceparking.com11:35
stelisI think that it's worth keeping that domain :)11:35
nkassi_they are paid for for a while in any case11:35
stelisIf directory-services keeps moving forwards I'll ask about having a section about admin stuff in UWN11:35
nkassi_just if you think of something don't hesitate in asking.11:36
=== fernando [n=fernando@unaffiliated/musb] has joined #ubuntu-directory
abartlet'morning all11:55
ajmitchhi :)11:55
abartletso, those who are coming to the thing in mountain view, are invited to hook up with RedHat while you are in town11:55
fernandohi abartlet11:56
abartlet(just got off my weekly con-call with my team in MTV)11:56
ajmitchabartlet: wonderful11:57
=== Fujitsu [n=Fujitsu@ubuntu/member/fujitsu] has joined #ubuntu-directory
Burgworkstelis: what do you need from the UWN?11:58
=== nkinder [i=nkinder@nat/redhat/x-98ef55fa4947573e] has joined #ubuntu-directory
abartlethi nkinder11:59
=== rowley [i=rowley@nat/redhat/x-c9898a87b91ca3a2] has joined #ubuntu-directory
nkinderHey abartlet12:00
abartletwasabi: wasabi_: are you around?12:00

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!