[12:06] <robertj_> anythong new in -directory land?
[12:06] <robertj_> i s this the quiet before the storm?
[12:09] <ajmitch> quiet before people meet up in person
[12:09] <ajmitch> & so I'm off to have a shower now :)
[12:57] <robertj_> is krb5-kdc not in any .schema?
[01:03] <robertj_> err any .deb
[01:03] <robertj_> krb5-kdc.schema is MIA according to apt-file
[01:41] <lophyte> arr..
[04:16] <wasabi_> hi
[05:09] <ajmitch> hi wasabi
[06:01] <nkassi> Hey
[06:01] <bmonty> hi nkassi
[06:09] <ajmitch> morning all
[06:09] <ajforgue> shut up, n00b.
[06:10] <ajforgue> roflcopter
[06:10] <nkassi> Does Gconf have a way to pull info from an ldap server ?
[06:11] <bmonty> nkassi: I saw some info about pulling settings for evolution from LDAP into gconf
[06:11] <bmonty> I don't think the code is maintained anymore though
[06:11] <nkassi> evolution-gconf-ldap-backend Just saw that on google
[06:12] <bmonty> other than that I havn;'
[06:12] <bmonty> grr
[06:13] <nkassi> that sucks.
[06:13] <bmonty> I have not seen anything other than that
[06:13] <nkassi> I was thinking that it would be possible to use that to create *gulp* GPOs
[06:14] <nkassi> At least to control the desktop
[06:14] <bmonty> nkassi: it makes sense to me
[06:15] <bmonty> kinda like the windows registry can override local machine settings with domain settings
[06:15] <nkassi> exactly
[06:16] <nkassi> http://www.gnome.org/projects/gconf/plans.html
[06:17] <nkassi> according to that it's already been done twice.
[06:28] <ajmitch> nkassi: I've looked at the code, it's fairly ioncomplete/old
[06:51] <nkassi> so no luck on that one I guess.
[06:52] <ajmitch> unless someone wants to do some coding :)
[06:55] <wasabi_> who's here?
[06:55] <ajforgue> nobody
[06:55] <ajforgue> ajmitch is here too
[06:55] <ajmitch> sort of
[06:55] <wasabi_> Hhe.
[06:56] <ajmitch> wasabi_: going to edubuntu network auth server spec session at 11?
[06:56] <wasabi_> Most definitly.
[06:57] <ajmitch> great
[06:57] <ajmitch> ogra is right in front of me now
[06:58] <wasabi_> LP is slow. =(
[06:58] <ajmitch> always
[07:03] <wasabi_> okay where is everybody? haha
[07:08] <wasabi_> ????
[07:11] <ajmitch> forums arguments
[07:11] <wasabi_> where are you?
[08:02] <bmonty> what room number is the edubuntu network auth server discussion?
[08:03] <bmonty> nevermind, I found it just needed a page refresh
[08:03] <robertj_> will recordings of the meetings be online or do we need to listen in via sip
[08:04] <bmonty> both are available
[08:05] <robertj_> well I'm sure there are enough competent people there so I'll catch up later
[08:05] <ajmitch> we're just in the room now
[08:06] <bmonty> ajmitch: I'm listening to the VOIP room
[08:10] <ajmitch> anything interesting? :)
[08:13] <bmonty> not yet
[09:50] <robertj_> ahh cleared up
[11:27] <robertj_> wasabi_: so what happened in edubuntu network auth?
[11:27] <robertj_> I tried to listen in but my machine conspired against me
[11:29] <ajmitch> basically they'll use smbldap-tools, they need stuff working asap
[11:30] <robertj_> did they decide on openldap then?
[11:30] <wasabi_> they did not decide.
[11:30] <wasabi_> If we can get FDS packed they'll consider it
[11:31] <wasabi_> I'm not that concerned either way. Whatever they do will have very limited scope... small schools, etc.
[11:31] <wasabi_> And hopefully it'll get them working on the same stuff we know they need to be working on anyways? heh
[11:31] <ajmitch> any multi-server stuff will be fairly basic - mostly just 1 auth server for everything
[11:31] <wasabi_> Ya know, principal unplugs his laptop, NSS blocks.
[11:32] <wasabi_> Yeah. I suspect they aren't going to touch on kerberos much. ogre said he had some more meetups scheduled for it.
[11:33] <wasabi_> I suspect they'll run into the same things we're already considering when they start talkinga bout large districts connected together, and various security requirements in the US, etc etc
[11:34] <wasabi_> kbuntu samba integration next hour?
[11:34] <wasabi_> Wonder what that's about.
[11:35] <robertj_> did you see GOOG's plans for a 20k annual donation to SMB?
[11:35] <robertj_> (recurring annually that is)
[11:35] <wasabi_> Woh. No.
[11:36] <robertj_> make no mistake, to GOOG it is chump change, but like I said, samba 4 has _got_ to work
[11:38] <bmonty> wasabi_: kubuntu samba integration is about making it easier to mount smb shares in KDE
[11:38] <wasabi_> ahh.
[11:38] <bmonty> doesn't look like a directory services type topic
[11:41] <robertj_> although ironically OS X uses structured network views to do just that
[11:50] <robertj_> wasabi_: but to put things in perspective, if you are in the middle of a rural school district you probably don't have hardware that can really deliver enough 9's, so a very limited scope is probably pretty realistic
[11:51] <robertj_> although alot of those issues go away if home directories are synced and credentials cached vs mounting
[11:52] <wasabi_> Sure. Worst case scenarios apply though.
[11:52] <wasabi_> Server goes down, entire school locks up.
[11:52] <wasabi_> Not being able to access network resources is one thing, losing open documents because the filechooser tried to lookup a uid and the server was gone, is another.
[11:54] <robertj_> wasabi: and for that reason I think you will see a lot of schools with only student desktops being managed in such a fashion, at least until syncing replaces mounting
[11:55] <abartlet> wasabi_: which uid are they going to be looking up?
[11:56] <wasabi_> Heh. Good point.
[11:56] <abartlet> most users operate with files in their own uid, or at least their supplementary groups
[11:56] <abartlet> and most gui apps don't display the user anyway
[11:56] <abartlet> so, the user and their supplementary groups are 'easy' to cache
[11:57] <wasabi_> How does winbind deal with that anyways? it has a password cache built in right?
[11:57] <ajmitch> hey abartlet
[11:57] <wasabi_> But also a lookup one, but under what criteria is the record cached?
[11:57] <abartlet> easy
[11:58] <abartlet> at login time, it is a sensible decision to cache information about the user who just logged in
[11:58] <abartlet> ie, all the groups returned in the initgroups()
[11:58] <abartlet> you probably have that anyway, as part of processing the initgroups
[11:59] <abartlet> we aggressivly cache the user -> group list information at login time
[11:59] <abartlet> taken from either the PAC, or the 'info3' reply from a NTLM SamLogon request
[12:00] <wasabi_> Heh. I really want to have a conversation with somebody about my winbind->somethingelse idea.
[12:01] <abartlet> what would the something else be?