[12:30] http://edsadmin.sourceforge.net/Screenshots.html [12:31] Yeah, it looks OK [12:31] That reminds me... [12:32] Windows doesn't expose any Kerberos or LDAP terminology in the default admin interface [12:32] no, no it doesn't [12:33] I'm unsure whether or not this is a good thing [12:34] Part-time admins on small networks probably don't know what a DN is [12:34] Maybe they don't need to know [12:34] Not sure here [12:50] Interesting reading: http://primates.ximian.com/~federico/docs/gnome-deployments-2006/index.html [12:50] yep === stelis [n=se@82-71-4-26.dsl.in-addr.zen.co.uk] has left #ubuntu-directory [] [01:58] hm [01:58] that's interesting [01:58] https://features.launchpad.net/distros/ubuntu/feisty [01:59] I was able to set n-a as a release goal, I thought only ubuntu-drivers could [01:59] there is a bug about that [01:59] I noticed it [01:59] doesn't surprise me [02:00] probably that anyone in core-dev can [02:00] no, anybody can [02:00] afaik [02:00] that's worrying [02:00] hmm, maybe you are right [02:01] https://features.launchpad.net/distros/ubuntu/+spec/smartpm/+setrelease [02:01] No, only core-dev can. [02:01] Sorry, you don't have permission to access this page. [02:01] ok, I see it [02:01] Drivers: [02:01] Ubuntu Core Development Team [02:01] it used to be Ubuntu Drivers [02:01] so anybody in core-dev [02:01] Yes, that's what I was going to point out. [02:01] Yeah, which is OK. [02:01] not really [02:02] core-dev should be trusted enough, shouldn't they? [02:02] oh wait, I think it was somethignelse [02:02] Fujitsu: they should be trustable, but it still shows up as "propose as a goal" [02:02] Milestone-targetting specs, Burgwork? [02:02] https://launchpad.net/products/blueprint/+bug/62717 [02:03] Aha, I was right. [02:03] Fujitsu: yes, that's a historic problem [02:03] milestone != distro [02:03] which is crack [02:03] there was a little discussion about that in #launchpad that I saw [02:04] Burgwork: It's LP, and LP !!= crack. [02:04] indeed [02:04] closed source crack at that [02:04] the best kind [02:04] Closed source often implies crack, but this is particularly potent crack for a closed-source project. [02:05] http://uncyclopedia.org/wiki/Kitten_Huffing [02:05] A level of crack which even Beryl fails to exceed. [02:06] now that's stretching it [02:07] Beryl and LP must be two of the more crackful projects around, and they're both (going to be) integral parts of Ubuntu :S [02:08] I think we can win the former fight [02:08] Hopefully. === lophyte [n=dsulliva@ubuntu/member/lophyte] has joined #ubuntu-directory === Burgwork [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory === bmonty [n=bmontgom@ubuntu/member/bmonty] has joined #ubuntu-directory [03:27] Burgwork: ping [03:28] lophyte: pong [03:28] Burgwork: hey.. what should I say to mvo regarding nwu/uus? [03:28] can you look over our new spec for sanity? [03:28] ajmitch: are you going to link your authtool branch in to the directory team? [03:28] the uus spec? [03:28] yes, the uus one [03:29] bmonty: no, it's an open team, i don't feel like having the main branch being commited to by anyone [03:29] I didn't finish the uus spec, I wanted to talk to mvo first before I put any more into it [03:29] anyone can make their own branch if they choose [03:29] true [03:29] any one of you could push the code there as well [03:30] and I'm quickly running out of time to do a pre-UDS cleanup [03:30] work is taking most of my time [03:41] I feel your pain :) [03:44] yeah, deadline was friday :) === Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory [04:31] Yeah. I'm probably going to put the finishing touches on my docs on the plane flight, I suspect. [04:31] I'm booked at work until friday [04:32] wasabi: cool [04:33] you should poke at the edubuntu-auth-server spec === beazer [n=beazer@203-97-50-115.dsl.clear.net.nz] has joined #ubuntu-directory [04:43] Hi, I am having trouble with samba 3.0.22 and AD - I seem to be able to join a domain, but a net ads testjoin [04:43] gives "invalid credentials" and wbinfo -u and wbinfo -g don't return any users or groups [04:44] I am now very stuck, so any pointers would be much appreciated === nkassi_ [n=nkassi@WK20-156.LEWISWEB.NET] has joined #ubuntu-directory [05:56] Hey y'all [05:56] where can I find the logs for this channel ? [05:57] nkassi_: people.ubuntu.com/~fabbione/irclogs/ [05:58] Burgundavia: Thanks a lot. [05:58] no worries === Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory === stelis [n=se@82-71-4-26.dsl.in-addr.zen.co.uk] has joined #ubuntu-directory [09:42] nkassi: I saw your comment on the EasyLDAPServer spec === MagnusR [n=magru@c83-250-59-127.bredband.comhem.se] has joined #ubuntu-directory === fernando [n=fernando@unaffiliated/musb] has joined #ubuntu-directory === SimonAnibal [n=sruiz@66.244.123.100] has joined #ubuntu-directory [02:17] <^robertj> THUD! [02:17] <^robertj> that was the other shoe dropping === ^robertj rereads Mark's latest blog [02:27] ^robertj: his post on packaging? [02:34] <^robertj> yes [02:34] <^robertj> http://www.markshuttleworth.com/archives/66 === wasabi [n=wasabi@ubuntu/member/wasabi] has joined #ubuntu-directory [02:35] I've been hoping that something might happen since I saw the dpkg2 spec and the announcement that RPM development has stalled [02:36] <^robertj> stelis: well if Fedora goes along I think something could happen [02:36] <^robertj> stelis: although Redha [02:36] Politics... [02:36] <^robertj> err Redhat probably wouldn't be happy [02:37] They want to keep the yum/apt layer closely integrated with their tools [02:37] Not sure whether they feel strongly about the package format [02:38] They went with yum over smartpm because of the desire for tight integration [02:49] Okay. So I have done a 180 on my NA/CLient plans. [02:52] wasabi: RichEd and co were just talking about the different auth specs on #ubuntu-meeting [02:56] <^robertj> wasabi: so abortions for some, novelty flags for others? [03:04] stelis: where was that announcement regarding RPM? [03:10] tepsipakki: http://lwn.net/Articles/196523/#Comments [03:11] Comment from skvidal [03:11] (the lead yum developer) [03:14] stelis: thanks! [03:15] hey, is anyone here using kerberized NFS? [03:15] That was August, though, and I don't follow yum/RPM development anymore === SimonAnibal [n=sruiz@66.244.123.100] has joined #ubuntu-directory [04:31] Stelis: Hey [04:53] <^robertj> wasabi: so winbind is now the one true way ;) === SimonAnibal [n=sruiz@66.244.123.100] has joined #ubuntu-directory [05:03] stelis: Still around ? [05:06] morning [05:06] <^robertj> wasabi_: morning [05:07] <^robertj> I see I'm not the only one collecting ^ _'s and __^'s [05:07] <^robertj> :) [05:07] yeah. [05:07] Yeah. So. I'm changing my attack on the client side. [05:07] Screw NSS, and screw PAM. [05:08] Going to use winbind. [05:13] oh? [05:14] why? [05:18] Cause it works!! (tm) [05:22] Nope, hold on. [05:26] Okay, first off, it is the long term desired architecture. Second off, yes, it works now, but only for AD> [05:27] NSS suffers from some design problems which are going to prevent us from using it into the future... no async API, no realms, no queries, etc. [05:27] No caching of any sort. Sucky caching where it is. [05:27] So, SSL is totatly out of the question on the linux side ? [05:27] The proper long term arch would be a daemon, with arbitrary backends (replacing NSS service modules), with a rich API for querying users/groups, async, etc. [05:27] What? SSL? Huh? Where'd that come from? [05:28] Winbind right now is the closest to that. [05:28] sorry, I meant LDAP+SSL [05:28] Take winbind, rename it to something else, split the AD pieces into a backend, and it can formt he basis for a good NSS replacement. [05:28] no kerberos [05:28] What's SSL have to do with anything? [05:28] between OpenLDAP and Linux client [05:29] I still have no idea what that has to do with this conversation heh [05:29] Forget me, I'm doing calculus right now. I guess I wasn't following. [05:31] nkassi: I'm back now... [05:32] stelis: you were asking about the piece I put at the end of the easyldapserver spec ? [05:33] I was going to suggest that we had a brief discussion here or on the mailing list and then post the results to the Wiki page [05:34] oh. [05:34] Rather than appending lots of comments to the spec [05:35] My point of reference for printing is Windows and Active Directory, and I know very little about printing on other systems [05:35] Well, I think that first off there needs to be a blurb about the wizard tool [05:35] oh, [05:36] that part. Well there are some schema that allow printer information to be stored in the ldap database and I believe, correct me if I'm wrong, the cups can use ldap to query information [05:36] The wizard was a good point - somebody had a Kerberos problem the other day because they forgot to install an NTP service to keep the clocks in sync [05:38] There are too many moving parts for most folks to configure it all by hand [05:38] exactly, if for example, someone would run the wizard and ask for a Domain Controller to be setup then all those things would automagically be installed [05:38] Like Windows :) [05:38] I don't really like the AD wizard but a nicer ubuntu style one would be cool [05:39] In the end the idea is the same. [05:39] It has too be flexible enough to setup different types of server with a master ldap server somewhere [05:40] Such that I can run it once on my ldap server, once on my print server, once on my ... [05:40] I could simply be a script that calls apt- to install the required packages and then feeds configuration parameters to debconf or what ever [05:41] That sounds a tidy way of doing it [05:42] It would work from the CLI [05:42] It could, I always like to have both cli and gui [05:43] Yes. I think that debconf can run with a GTK graphical interface [05:43] But since installing a gui on a server is often useless, a cli is required [05:44] Since Ubuntu Server doesn't install a GUI by default it would probably have to work as either a Web interface or command-line tool [05:44] or the script could feed debconf db with the config parameters before the installation starts [05:45] that might have to change to appeal to the Windows admins. They lover there buttons [05:45] their [05:45] not there ;-) [05:45] :) [05:45] Yes, some people seem a little frightened of CLI [05:46] a quote from our resident MCSE: "I can't remember the commands" [05:46] wow [05:46] that's rather sad [05:46] I find that I'd rather type in a command in windows than swim through all the damned GUIs [05:46] is just finding excuses [05:47] true but they feel exactly the oposite. [05:47] Win+R "iexplore mailhub" instead of "Open up Internet Explorer, click on this link, that link, the other, and you're at your Outlook Web Access login" [05:47] I point out that if you can figure out the commands once you can write a script for it, and then not have to do the work yourself :) [05:47] He laugh at me when I fire up emacs and edit configs. Then I return the favor when he can't figure out what 0x0000223 errors occur. [05:48] or mean. [05:48] I'm constantly using Win+R in XP [05:48] (just like Alt+F2 in Ubuntu) [05:49] true [05:49] (the funny thing is that he remembers win commands to restart the update gpos and stuff ;0) ) [05:51] We have two guys who complain about Linux and then SSH into Cisco boxes to run IOS [05:51] woah! I make no sense [05:51] hehe [05:51] But the junior techs just avoid anything CLI [05:52] Well, they haven't been introduced to it in any courses. [05:53] I think that it must come down to familiarity and brand names [05:53] Cisco is "safe", and Linux somehow isn't [05:54] cisco is what management wants and there isn't many options except IOS. [05:54] commands [05:54] Linux, well they believe that Windows is easier to maintain because they (manager) can see something on screen. [05:55] True. [05:55] They liked Webmin [05:56] Oh well they will like a gui wizard [05:57] I think configuring the LDAP server itself might doable with a fairly simple tool [05:57] May even simple enough that I could write it [05:58] I'm not sure about configuring other services to use a remote DC. [05:58] hehe I think a python script could be done in few days [05:58] That's about my level [05:59] generating a simple slapd.conf file shouldn't be too harsh [05:59] Absolutely. [06:00] But attaching other services to LDAP may mean rewriting their config files [06:00] yeah. [06:01] That's why I figure it might need a different approach to do that [06:01] well the first step is configuring slapd and adding one user. Debconf does this already. Needs to be wrapped into a gui [06:01] OK I'll make a note to look into GTK for debconf [06:02] second, a set of default schema should be choosen [06:02] (more can be added later.) [06:02] Yes. [06:02] I guess that at first adding a people, group ou could be done automatically [06:03] I think that's on the "outstanding issues". [06:04] There has to be a "manager" account to login to LDAP [06:04] admin is added by debconf [06:04] And that probably ought to go into a "Roles" OU [06:04] OK [06:04] hum, well the acl are in the slapd.conf generated by debconf [06:04] I think that the default name for the account in OpenLDAP is manager [06:05] Yes, that's one thing about OpenLDAP that sucks [06:05] yeah, normally that is set with the rootdn, rootpasswd in the config but debian adds an admin user to the db and adds acl to allow it to do all that stuff (I believe that is what should be done) [06:06] Fedora Directory Server stores ACLs inside the directory [06:06] Oh, nice. Didn't know that [06:06] I love this channel. I learn so much. [06:07] It's very cool to talk to other *NIX admins [06:08] A couple of us seem to like FDS, but making it run on Debian/Ubuntu would be a bit of work [06:09] yeah, and openldap is already there. OpenLDAP leave us more freedom too. [06:09] In terms of interface. (I guess that not really true) [06:10] It's all LDAP commands via whatever library the programming language uses [06:11] doesn't FDS come with a lot of extra stuff ? Could the ldap db part be installed independently ? [06:11] (Apart from the text config file bits) [06:12] It comes with a (Perl?) setup script and a bunch of graphical Java appss [06:12] apps [06:12] ah. [06:13] Fedora are big on GCJ, so presumably those apps will have to work without the Sun JVM. [06:13] I don't know whether they do yet. [06:14] I don't think so. I remeber seeing something about the fact that it requires sun java [06:14] :( [06:15] Ubuntu-specific tools probably ought to be written anyway, I guess [06:16] That would fit better into the GUI style of ubuntu in my mind [06:16] Yes. [06:17] I'm also thinking that the standard tools probably ought to avoid the technical terms [06:17] e.g. say "login as user" rather than "bind as DN" [06:19] But it's up to whoever actually does the work [06:21] yeah. Maybe it should be in the spec to not use language that is overly complex. [06:21] Think about the folks who will use this with edubuntu [06:22] edubuntu may have a different setup - the lead developer was thinking about reusing an existing system called smbldap [06:22] they don't really need to know what dc, dn, cn ... is [06:22] Oh really ? [06:23] Well they still need openldap [06:23] and I why would they use samba ? Windows clients ? [06:24] I guess so - I hadn't heard of this software before [06:25] it's is used to store the samba user info inside of a ldap directory. Smbldap is what samba uses to query the ldap server I believe. [06:25] UDS will probably use it in the end. Or at least the samba.schema [06:25] (My personal opinion) [06:26] We definitely need the schema [06:26] I've never seen a network without Windows on it somewhere [06:27] I seen one, I didn't provide any support for windows users. It was a research lab. If they ran windows they were on there own [06:27] Paradise :) [06:27] Yeah. [06:27] Now I support windows full time ;0) [06:28] It pays the bills... [06:28] WHY DID I LEAVE [06:28] I want your old job [06:28] hehe true. Plus I switched school (1500 miles apart) [06:29] That would have made commuting difficult I guess :) [06:30] smbldap is, afaics, not an LDAP server [06:31] no I hope that's not what I said [06:31] Never know, calculus blurs my brain. === gottreu [n=gottreu@martok.cc.LaTech.edu] has joined #ubuntu-directory [06:33] so do you have enough to remove my comments and put them into the main spec ? I don't like doing that I feel I'm stepping on someone (who is more knowledgable) toes [06:33] :) [06:33] I *am* an MCSE [06:34] Sorry, I am obligated to quit speaking to you. (just kidding) [06:34] I don't feel knowledgeable enough to edit my own spec :) [06:35] hehe [06:36] I admin Linux boxes as well, but as part of Windows domains [06:37] So you probably know far more than me about how auth systems ought to work for UNIX systems [06:40] Burgwork: What is the correct procedure to edit a spec? Can I just put in my change ? [06:40] the wiki or the LP one? [06:40] the wiki, just edit [06:41] wiki [06:41] oh thanks [06:43] * A graphical Wizard to setup each of the services. Would collect information from user and feed them to debconf. (should support setting up specific services to split up the different components) [06:43] Sounds good ? [06:44] "supported services" ? [06:44] It may not be possible to make all of them work with LDAP for the first release [06:45] ah ok [06:45] There's a long list on the spec, and I don't think that it's complete [06:45] Basically all the network services ought to talk Kerberos [06:46] Even if they don't store data in the LDAP tree [06:46] I will add cups but that requires some research to make sure it can work [06:47] CUPS 1.4 has Kerberos support, but I don't know about storing it's data in LDAP [06:48] wait MikaelOlenfalk added some details about that. [06:52] ftp://ftp.ssc.com/pub/lj/listings/issue143/8377.tgz [06:53] This file include a printer.schema [06:53] which implements rfc 3712 [06:55] And an OpenSSH one as well! [06:55] I'd love to have SSH tied into this [06:59] check out the series of article by the guy. There is tons of good info. [06:59] there 4 parts I believe. === nkassi going to Calc 3 class. W00000T! [07:00] It's great to see that somebody still loves maths :) [07:01] I'm about to be a Math Major (+ CS of course) ok I'm really out. === nkassi_calc3 [n=nkassi@yoda.tcc.fl.edu] has joined #ubuntu-directory [07:28] Hey folks [07:36] Hi [07:45] the easy-ldap-server looks like a distributed directory feature, and a replication service? [07:48] the easyLDAPserver spec should be renamed UbuntuDirectoryServer [07:48] cause that is what it's shaping to be [07:52] darn it, everytime I speak I kill the discussion ;-) [07:55] Sorry, I was editing the spec and stopped looking at IRC [07:55] fernando: it looks like it [07:56] As soon as you have multiple services on multiple systems you need something like this [07:57] Even Edubuntu does [07:57] 1x server per classroom [07:57] Say 5 classrooms to a school, plus an Intranet [07:57] And a proxy server... [07:58] And so on [07:58] Fedora Directory Server has the technical capabilities [07:59] And so does OpenLDAP I guess [07:59] I'm confused. It works with replication, then i have 1 (or more) ldap master and many ldap slaves? [07:59] Yes [07:59] FDS also supports multiple masters I think [08:01] My mistake - I didn't mention master-slave, because I just assumed it. === fernando don't like FDS [08:01] =) [08:01] OK. [08:02] We need to pick one or the other I think [08:02] fds does multimaster [08:02] I mostly use AD [08:02] So I'm not qualified to make the call [08:02] fds is probably the most advanced [08:03] it has some nasty bits that will need to be worked on [08:06] We don't have to pick. We can have a server independent system (except for initial config of couse) [08:08] no, we need to choose a server [08:08] ubuntu has done very well choosing technology until now [08:08] the idea is to use a x.500/LDAP? [08:09] one specific ldap server [08:09] likely FDS [08:09] Ah. [08:09] that is part of what the easy ldap spec is about [08:09] I guess. [08:10] It would have the most management tools [08:10] Is any one actively porting FDS ? [08:10] http://www.watersprings.org/pub/id/draft-zeilenga-ldup-harmful-02.txt [08:10] http://www.ietf.org/rfc/rfc2251.txt, section 3.3 [08:11] lovely [08:11] except the real world needs multimaster [08:13] :D [08:15] I've amended the spec to make multiple services explicit [08:16] http://directory.fedora.redhat.com/wiki/Howto:DebianUbuntu is this any good ? [08:17] I guess that means that the core service can be repackaged. [08:17] oops, too late [08:18] But I think that Burgwork wasn't happy with some the library dependencies [08:18] fds is going to be split for the next release [08:19] the deps for the server are icky, but for the management console (sun or ibm java),such [08:19] suck [08:19] I increasingly feel that most management tools are slightly wrong [08:20] They either ought to treat the LDAP directory as LDAP and use the correct terms etc. [08:20] Or offer simple management facilities without using any of the terms [08:21] Which probably means that I'm going to have to learn how to write Python Web apps at some point :) [08:21] yes, yes you are [08:24] hi Burgwork [08:40] I'm back class ended [08:41] can I ask about LDAP clients in here? [08:41] TurboGears!!! (over kill I know ;-) ) [08:43] <^robertj> stelis: why web apps? [08:43] Heterogenous networks [08:43] gottreu: gq [08:44] e.g. even if you have a Linux server you may have Windows clients [08:45] Possibly even for the majority of desktops [08:45] Also Ubuntu Server has no graphical interface [08:45] hey ajmitch [08:45] web apps (python-ldap) ? [08:46] fernando: for management [08:46] I've updated the spec again [08:47] there are a number of client apps [08:47] gq has issues with its UI [08:47] it is also not really actively developed [08:48] gq is what i'm using now, what does not actively developed mean? [08:48] luma is nice if you don't mind the Qt stuff [08:49] how can I determine the versions of apps available in drake, eft, etc? [08:49] and possibly backported ones [08:49] packages.ubuntu.com [08:50] stelis: thank you [08:50] wasabi_: I really like your NetAuth client spec [08:51] I guess that I've thinking about this from two separate angles: generic LDAP service, and specific AD replacement for small networks [08:51] In the first case you want to directly see the DNs and schema [08:51] whiprush: Glad somebody does. Burg thinks it's too wordy. [08:51] =) [08:51] heh [08:51] whiprush: My explicite goal being to SELL Mark, I think it's fine. [08:51] yeah [08:52] I figured that [08:52] stelis: in that case they can easily use tools like gq to hack it up. [08:52] Obviously none of this is happening unless he puts somebody paid on it. [08:52] plus, there's no real way to do this stuff without being wordy [08:52] I don't have time to do it, you don't. Nobody here has C, etc. [08:52] yeah [08:52] I am going to blog about the lists and stuff in a minute. [08:52] nkassi: Yes an existing tool would probably be OK [08:52] Did you notice my amendment about winbind? [08:52] WANTED: Underappreciated C developers. [08:52] I am radically altering my approach to the problem. [08:53] no I'm only half way through [08:53] gimme 10 [08:53] k [08:53] In the second case you want to help people accomplish tasks like "add a printer" [08:53] ah that brings up a point [08:53] have we even talked about printers yet? [08:53] wasabi_: Why is a long term dependence on winbind undesirable ? [08:53] because that's going to suck [08:53] nkassi, doesn't work for anything other than AD. [08:53] whiprush: Started to [08:53] ok [08:53] nkassi, part 2 of our mission is our own directory server, using LDAP and Kerberos. [08:53] The EasyLDAPServer specs has comments [08:53] We should remember to not forget to talk about printers in mv. [08:54] I'm very disinterested in focusing on printers, actually. [08:54] because we should have the cups guy there when we talk printers [08:54] wasabi_: So you want one solution for everything right ? [08:54] whiprush: I guess you've already seen this: http://primates.ximian.com/~federico/docs/gnome-deployments-2006/index.html [08:54] nkassi, cross over would be beneficial. [08:54] nkassi, since both AD and our thing will be LDAP+Kerberos [08:54] wasabi_: yeah but there's only 2 chances a year where you can sit down with a printers guy, we might as well spec it [08:54] I was surprised to see printer management flagged as an issue [08:55] stelis: yeah, I'm in it. :D [08:55] wasabi_ True. Sounds smart ;0) [08:55] stelis: I bitched about printers. [08:55] heh [08:55] Ha [08:55] actually, alot of the longer comments in that survey are mine. [08:55] An explicite goal of step #1 is to log onto AD though... winbind is the shortest path. [08:55] And It is a step on the way to a replacement for NSS. [08:55] I gave lots of feedback, took me like 2 days to do it [08:55] Replacing NSS? [08:55] Yup. [08:55] High and mighty goal, eh? [08:55] That sounds radical [08:55] Yeah [08:55] Completely is. [08:56] What we need is a robust, async, queryable, user/group base. [08:56] With support for the concepts of realms. [08:56] That's like replacing the whole init system or something :) [08:56] Caching built in. [08:56] Smart fall back. [08:56] Robost configuration and runtime operation. [08:56] Stop, I'm drooling [08:56] Basically that comes down to replacing NSS with a daemon. [08:56] And proving a local socket interface to it. [08:57] If the NSS replacement has the benefits of upstart it will be awesome [08:57] And what is Winbind anyways, except that? [08:57] or impact I mean [08:57] NSS will still exist, obviously, just like a sysvinit init framework will exist with upstart. [08:57] Just like nss_winbind exists. [08:57] But a whole new set of rich APIs for querying users will be added. [08:57] That just doesn't fit into NSS at all. [08:58] wasabi_: how does mDNS etc. fit in? [08:58] It doesn't. [08:58] I think that Avahi plug into NSS? [08:58] Such a daemon would be only for user/groups. Not hosts. [08:58] NSS again, will still exist, and gethostbyname, will still work. [08:59] OK, I see [08:59] All existing programs will not be radically changed to use !NSS. [08:59] Upstream would have a fit, dropping POSIX basically. [09:00] But a new set of APIS can be used where it makes sense: GnomeVFS for async resolution of owner info, Nautilus for a better permissions tab. [09:00] POSIX seems a pretty dead standard to me [09:00] It still holds large importance politically. [09:01] <^robertj> wasabi_: I propose the new system be officially named bangnss [09:01] Also, it's a reality that gnome targets !Linux. [09:01] And POSIX is a bridge to that. [09:02] I suspect there will be a big #ifdef NEW_NSS_THING in Nautilus, with a coorresponding if (able to contact new nss thing) { new way} else { old way; } [09:02] True, it's just not an area that I have much experience in personally [09:02] It's either Linux or Windows for us [09:02] Don't see Sun or AIX coming back on to our network [09:03] Well, I'd like to reallyk think hard about whatever new User/Group API we come up with. I defintatly want the Samba guys to be involved big time. [09:06] wasabi_: Have you looked at OLPC at all? [09:06] What was at the back of my mind when I asked about mDNS was adhoc workgroups [09:07] What's that mean? [09:07] what was that earlier about C developers wanted? [09:07] Like a conference or meeting, where the users turn up and share resources [09:07] have you talked with samba4 team? [09:08] Briefly with jelmer this morning. [09:11] do you have informations about samba4 ldap builtin? [09:11] Yeah. I have an okay understanding of it now. [09:11] It's an interesting problem. [09:12] =) [09:14] <^robertj> hrmmm, has anyone looked at LAT? [09:14] <^robertj> gtk# directory util? [09:14] Yeah. I like it. [09:15] <^robertj> I mean it's not python but other than that it looks ok ;) [09:15] I've got this crazy idea that this new auth server deal will return a uri with each user/group record. [09:16] where that uri may be a ldap://domain/?(query) [09:16] And so, you should be able to click on the user from any location, and it would open in the user editor. [09:18] <^robertj> eh, couldn't hurt [09:19] I guess that in an ideal world you should be able to type a name in Beagle or whatever and get back the person's contact details [09:19] Yup. [09:19] bye all [09:19] I'm thinking that wouldn't be that hard. === ^robertj notes that doesn't work on OS X [09:19] You've got this name service... you've got a galago feed that pulls from it. [09:20] <^robertj> when it says Beagle searches your address book, it means "Beagle searches your local address book file" [09:20] <^robertj> err not Beagle, Spotlight [09:20] You've got Beagle which searches Galago. [09:20] You click on it in Beagle, Galago opens it by opening the handler for ldap:/// [09:20] And up pops the record. [09:24] <^robertj> wasabi: when you sell Mark, try to sell him on a team :) [09:24] <^robertj> because err...this is realy an appropriate size project for a small army [09:24] Yeah. I agree. [09:24] ^robertj: We seem to getting more than one new sign-up a day on Launchpad [09:25] <^robertj> stelis: I'd say that's next to meaningless [09:25] I don't know how many will contribute [09:25] <^robertj> I mean _i'm_ signed up on launchpad [09:26] I guess it surprised me, because I didn't think that DS was a cool topic [09:26] It's not. [09:26] But there is at least a lot of casual interest [09:26] That's hte problem. Hackers at home don't have a need to work on it. [09:27] People running huge networks do. [09:27] And those tend to be corps who pay for commercial ones. ;) [09:27] That's actually something I was thinking about when I wrote the server spec [09:27] Anybody who has multiple systems in a small network can use bit of this stuff [09:28] But it's perceived as corporate-only because the UNIX versions are complex [09:28] Mac OS X and Microsoft Small Business Server are run by IT pros at home [09:29] Yup. [09:29] And in small businesses where no one knows a thing about Kerberos [09:29] ^robertj: true, it doesn't just need to be wasabi_'s crusade to get hired :) (or mine) [09:29] Yes, but it is. ;) [09:30] wasabi_: doesn't always make for the best group environment :) [09:30] I work with people who have been pressganged into managing small networks [09:31] So I just wish that it sucked less for them [09:33] Hey, I need a quick fact check, and this is the only active ubuntu channel I'm in: Is Ubuntu the most widely installed Linux distro? I seem to remember hearing that, but I don't know where or if it's accurate [09:33] SimonAnibal: I don't know how that could be measured [09:33] It's been top on DistroWatch for ages [09:33] Me neither, which is why I'm suspicious [09:34] <^robertj> well most people probably never change their mirrors [09:34] Yeah, I've got that (even more impressive considering it's competing with it's own derivatives on that list, and Kubuntu is number 12 right now) [09:34] <^robertj> so that's probably a pretty good indicator of the networked install base [09:35] Hmm, I suppose I should scratch the "largest install base" stuff from my presentation tonight [09:36] Most talked about? [09:37] I'll just mention it being at the top of the distrowatch list [09:37] The DistroWatch stats reflect /interest/ [09:38] how? [09:38] Oh and there's that Google Trends thing with the pretty graphics [09:38] which is to say: what makes a distro go up on that list [09:39] People visiting the DistroWatch page that talks about that distribution [09:39] Twice as many look at the Ubuntu page as the 2nd most popular [09:40] Ok, and to someone who's never heard of Distro Watch, why is it important that it's ranked number one on that page? [09:41] I'm looking for that Google graph... [09:41] That shows searches against distributions [09:41] It was on Slashdot or something [09:41] Google would certainly be a more familiar name as far as dropping statistics [09:43] WRT DistroWatch: it's the proportions that are interesting [09:43] http://distrowatch.com/ [09:43] Ubuntu has double the interest that Fedora Core does, and is consistently no. 1 whilst the other distros go up and down rankings depending on whether they've just put out a release [09:45] Cool, well, thanks for being helpful! I've got to go before I give my fiancee reason to hurt me! [09:46] http://www.google.com/trends?q=debian%2C+redhat%2C+fedora%2C+centos&ctab=0&date=all&geo=all [09:46] Play with it if you have time [09:47] oooh [09:47] I don't, but oooh [09:47] :) [09:47] Ubuntu beats Mac OSX on trends ;-) [09:48] stelis: People actually use WIN2k3 small bussiness ? [09:48] Loads of them [09:48] stelis: I heard it suck really really bad [09:49] is that trends of searches performed on the Operating system [09:49] stelis: since it misses a lot of the ad tools that EEhas [09:49] or searches performed with any OS usinig that name? [09:49] It had some nasty issues I beleive, but there is a specific scenario: [09:49] SimonAnibal: I believe that can compare any five terms [09:49] ahh, so it's search terms [09:49] thanks [09:50] Yup [09:50] later! [09:50] It looks pretty, which all you can ask of stats :) [09:50] nkassi: WRT SBS what happens is that a small business hires a consultant [09:51] They only want one server to do file, print, email and calandaring [09:51] Plus may be run CRM and payroll apps [09:51] So he clicks the wizards in SBS [09:51] stelis: I guess I can see the niche for it [09:52] And somebody in the business may add and remove ussr accounts etc. [09:52] There's a lot of similarity with small school environments I guess [09:52] stelis: I can see the killer market for ubuntu [09:53] The catch is that need LDAP, groupware, and Web application platforms [09:53] Plus make it easy for consultants and ISVs to sell it [09:54] Because they won't promote stuff that they can't use [09:54] Or make a profit on [09:54] MS already developed all this tech for enterprises [09:55] So SBS is nearly pure profit... === lophyt1 [n=dsulliva@bas5-toronto63-1096729125.dsl.bell.ca] has joined #ubuntu-directory [10:07] stelis: I don't see how free licenses would not allow them to make pure profit. I can see a consultant walking in installing Ubuntu SBE and making 10K for a month of work [10:08] stelis: Plus the fact that these setups rarely need more than a few hours of attention. === lophyt1 is now known as lophyte [10:09] nkassi: Sure, but there's perception that "Free Software" and no license fees means that nobody get paid [10:10] The "Free Software people all live in their parent's basements" BS [10:10] stelis: From whom the client or consultant ? [10:10] The consultants often know very little about Linux or OSS [10:11] also, the consultant doesn't bear the risk [10:11] if it goes wrong, they get paid to fix it again [10:11] abartlet: Absolutely [10:11] stelis: oh well, in terms they will see the benefit. If not it's more money for people like us [10:11] The expectations are so low [10:11] People don't expect their IT to work right :( [10:12] thats a good thing cause it never does [10:12] It can [10:13] I agree but currently, even Linux Mac or WIndows don't have anything flawless. [10:13] True [10:13] I've just been looking at OpenBSD for small servers... [10:13] stelis: Flawless=No job ;-) [10:14] yikes, that would require lots of setup time would it not ? [10:14] :) [10:14] I've been suprised [10:15] It ships a bunch of standard services in the install [10:15] oh. [10:15] The installer is really simple [10:15] Though the partition editor makes no sense [10:15] Until you read the instructions, really, really carefully [10:16] hehe, I got burned on that one once [10:16] I love VMware [10:16] I've been playing with it in that, and just trashing the VMs [10:17] I agree [10:17] I like OpenBSD a lot, but the main software update system is source based [10:18] So I'm not sure whether I'll persist with it, or go back to stripping down Debian installs [10:20] Well I can't live without dpkg&apt anymore [10:20] <^robertj> I'd like to say that I have no interest in working for someone where they are going to complain about the cost of AD [10:20] what do you mean ? [10:21] Where they won't buy Win2K3 [10:21] <^robertj> nkassi: if you chose not to buy Win2K3 just because you are scared of the initial cost outlay you can't afford to pay someone worth their salt to keep up your directory server [10:22] <^robertj> except for CALS there isn't a whole lot of money to be saved from the _software_ cost of Microsoft's server products [10:22] ^robertj: That's very true [10:22] I guess it's true [10:22] It's the maintenance costs [10:23] But I guess I wouldn't turn down the savings [10:24] <^robertj> nkassi: but like I said, theres probably not alot of savings to be had in most cases [10:24] Well, the terminal server licenses can bite. [10:24] <^robertj> nkassi: the real advantage gets to be when you have 5000 seats and have to automate all the day-to-day stuff [10:26] nkassi: When I said pure profit I meant for MS [10:26] They spent a huge amount developing AD and Exchange [10:26] stelis: oh, yeah. [10:26] And stick new GUIs on it for small business [10:26] sadly you had to bring up exchange [10:27] I'm very hopeful about Hula [10:27] *shudders* [10:27] <^robertj> I'm not [10:27] How so? [10:27] what about ZImbra ? [10:28] Proprietary [10:28] The search and /backup/ require the proprietary versions [10:28] only the outlook part [10:28] oh really ? [10:28] I think so, unless it's changed [10:28] <^robertj> Planet should be covered up with screenshots of Evolution & Hula and rc debs, but it's not [10:29] <^robertj> it's got dork buzz but no street-cred [10:29] True, but there's been no release for mainstream IT to go potty over [10:30] <^robertj> thus the point about there not being an rc [10:30] I spoke to a Hula guy last week [10:31] <^robertj> and also, Samba4 quite simply has to work [10:31] He was very aware that they need to do more to show that the project is alive [10:31] VMware machines etc. [10:31] Unfortunately they are the depths of a rewrite [10:31] <^robertj> stelis: but there is going to be an incredible drive to get Samba4 really, really spick-and-span [10:32] True. I guess that's the same issue: the devs need to blog and go to conferences and give presentations and all that stuff [10:32] To get other people interested in testing [10:33] stelis:I wish there was a Samba4 dev blog [10:33] stelis: the same thing needs to happen with ubuntu stuff [10:33] <^robertj> stelis: but if Hula goes away, people will whine. If Samba4 goes away, Redhat will pay to have it nursed back to life. [10:33] I was thinking that somebody ought to do a weekly thing on Ubuntu and admin related stuff [10:33] Get some buzz going [10:33] <^robertj> stelis: and they need to be a bastard [10:34] <^robertj> stelis: so it can stay short and on-topic and interesting [10:34] I got a 2 ubuntu-administration domain ? I'll be glad to let someone use them [10:35] .org and .com [10:35] nkassi: That sounds *very* useful [10:35] they point to opensource parking right now [10:35] See macenterprise.org [10:35] And afp548 [10:35] <^robertj> <3 [10:35] Mac admin comminities [10:35] woooh! [10:37] You know, I didn't want to split the community by creating another site but if there is a need for a Enterprise/Admin only site Iwould be glad to work on it [10:37] I would [10:37] <^robertj> nkassi: why not just keep it on the DL [10:37] <^robertj> put up a wikipage for DirectoryIntegrationNews [10:37] <^robertj> or EnterpriseIntegrationHappenings [10:38] Sounds good too. [10:38] DL? [10:38] yeah... DL ? [10:38] My mind is going [10:38] <^robertj> down-low [10:39] A section in Ubuntu Weekly News would one way to do it I guess [10:39] sure [10:39] That infrastructure is already there [10:39] I was imagining ubuntu-administration.org to be like debian-administration.org just a bunch of how-to [10:40] then I realised that is what the WIki is for [10:40] I was thinking about news [10:41] There's lot of cool stuff going on around GNOME, Ubuntu, Fedora, etc. [10:41] That could be done easily with wordpress [10:41] <^robertj> I feel like I'm over-newsed as it is though [10:41] hehe [10:41] <^robertj> most of the real happenings "X considers Y" [10:41] <^robertj> and then the minute they go up on a web page, they get dugg, and 200 replies [10:41] Well I have too many feeds, which is the only reason I know about half the stuff [10:42] Digg has gone down a bit lately. [10:42] I can't help but feel that the ifolder and hula lists ought to be buzzing [10:42] v3's new algorithm hasn't really helped [10:43] <^robertj> I've unsubscribed from Digg [10:43] <^robertj> it's now far worse than /. ever was [10:43] ArsTechnica is now my main tech news source [10:44] The articles are usually intelligent, and the comments as well [10:44] plus a zillion feeds [10:44] why do people have to post every single 1995 unix tutorial they see ??? [10:45] on digg? [10:45] yeah [10:45] <^robertj> unix docs are'nt fun to read until you go at least back into the 80s [10:45] I love the old UNIX books [10:45] Well, those aren't actually online much. [10:46] I took one look at the digg comments and never went back to the site [10:46] But I have the first oreilly emacs book. That is what I learned emacs with. Haven't read the new stuff [10:46] <^robertj> then you get all the fun stuff about first boot proccesses where you start by typing ASM, then you recompile the kernel if you are using a hard drive [10:46] At least Lion [10:46] 's is online ;-) [10:47] <^robertj> stelis: I swear, it really makes me want a "turn off comments from south america, france, and the middle east" option in Digg [10:47] Yeah [10:48] I still occasionally visit slashdot.org as a guilty pleasure though [10:48] Oh well, I still read and I love the read x ;-) [10:49] Zealotry is *fun* darn it [10:49] 10 minutes .... [10:49] (work ends here I mean) [10:53] ^robertj: WRT Samba4, is there anything Ubuntu-related that could be done to drive interest? [10:54] <^robertj> stelis: well Samba4 is going to happen without any additional interest [10:54] <^robertj> the question is will Ubuntu be matching pace with it or playing catch up when it does come out [10:54] I was thinking about VMware machines with TPs on, I guess [10:55] I don't understand the schedule for Samba4 ATM [10:55] <^robertj> stelis: they need real life grinding [10:55] How long do you think it will take for Samba4 to come out ? (I know it's going to be some christmas (perl 6 reference)) [10:55] no idea [10:55] they have not set a date [10:56] it's far from ready for general release [10:56] What is sort of level would TP be ? Beta ? Alpha ? [10:57] alpha, I think [10:58] oh thanks, [10:58] <^robertj> feature-incomplete pre-alpha [11:06] pretty much [11:07] eg I asked about winbindd, and apparantly it's in a few pieces to get the AD integration that samba3 has now [11:07] so they all need stitched together [11:07] 17:24 <@abartlet> so, we need to work on Samba4's winbindd [11:07] 17:25 <@abartlet> we have the peices, and even a winbindd, but not as much of the actual deamon [11:08] <^robertj> ajmitch: are there any core contributors that remain unhired yet ;) [11:08] core contributors to..? [11:09] <^robertj> samba [11:09] yeah, there are some [11:12] yeah, we have folks who would be very glad to be paid === ajmitch wouldn't mind getting paid for something either, but that's probably far in the future :) [11:22] all this talk about money make me want to buy something [11:23] I would if I could afford it [11:24] well, I love student loans ;-) [11:24] Got a new laptop :-) [11:24] I won't like them later I guess [11:24] yeah [11:25] I'm trying to find some way to pay off mine [11:26] yeah, I decided I would be a career student that way I will never have to pay them (I dream in 4-dimensions) [11:29] you'll find that money is useful at times [11:30] hehe [11:30] I'm just kidding. [11:33] stelis: are you still interested in developing a news site ? [11:34] I think that ^robertj is right about starting small [11:34] hehe [11:34] I just feel that I wasted 16 bucks [11:35] At least it's supporting somehting. Opensourceparking.com [11:35] I think that it's worth keeping that domain :) [11:35] they are paid for for a while in any case [11:35] If directory-services keeps moving forwards I'll ask about having a section about admin stuff in UWN [11:36] just if you think of something don't hesitate in asking. [11:36] Thanks. === fernando [n=fernando@unaffiliated/musb] has joined #ubuntu-directory [11:55] 'morning all [11:55] hi :) [11:55] so, those who are coming to the thing in mountain view, are invited to hook up with RedHat while you are in town [11:56] hi abartlet [11:56] (just got off my weekly con-call with my team in MTV) [11:57] abartlet: wonderful === Fujitsu [n=Fujitsu@ubuntu/member/fujitsu] has joined #ubuntu-directory [11:58] stelis: what do you need from the UWN? === nkinder [i=nkinder@nat/redhat/x-98ef55fa4947573e] has joined #ubuntu-directory [11:59] hi nkinder === rowley [i=rowley@nat/redhat/x-c9898a87b91ca3a2] has joined #ubuntu-directory [12:00] Hey abartlet [12:00] wasabi: wasabi_: are you around?