[12:03] <wasabi_> I have no idea.
[12:04] <wasabi_> Ya'll are trying to convince us to choose winbind, for very valid reasons.
[12:04] <wasabi_> But of course, it's called 'WINbind' for a very valid reason.
[12:04] <abartlet> I'll assert that for sensible values of 'something else', that samba is very likely to be involved anyway
[12:04] <wasabi_> Sure, any any networking involving any windows machine, Samba will be present.
[12:05] <abartlet> so, is it worth the effort to design the perfect system, for the network that does not exist?
[12:05] <wasabi_> So, what I'm thinking of, is the pure Unix situation... Unix workstation authing against unix server.
[12:05] <wasabi_> Also a good question.
[12:05] <abartlet> do such networks exist, in a scale worth considering these days?  Isn't there always one windows desktop, to put a fly in the ointment?
[12:05] <wasabi_> I want to know how far of a stretch is it to think that winbind could be extended to have a AD backend, and a plain kerberos-ldap backend.
[12:05] <wasabi_> And form a real replacement for NSS
[12:06] <abartlet> perhaps this is a more interesting line of enquiry:
[12:06] <abartlet> design a replacement for the ticket management components of winbindd
[12:06] <abartlet> sort of like kcm, I think
[12:07] <wasabi_> I guess my vision is apps would talk to *bind directly.
[12:07] <wasabi_> Avoiding the NSS layer.
[12:07] <abartlet> that would be a very poor solution
[12:07] <wasabi_> Why?
[12:07] <abartlet> you need the plugin layer, and nss is the best we have
[12:08] <abartlet> I liked your idea of extending nss
[12:09] <wasabi_> I think politically that would fall flat on it's face.
[12:09] <abartlet> why?
[12:10] <wasabi_> Might be a POSIX issue out there... if we add a 'realm' table.
[12:10] <wasabi_> Or all those new query APIs we would need.
[12:10] <wasabi_> People would choose not to use them, for compatilbity to !linux
[12:11] <abartlet> the number of applications that need to use the new API?
[12:11] <wasabi_> The async APIs, I'd hope everything.
[12:11] <wasabi_> UI anyways.
[12:11] <abartlet> sure, now you have cut things down *a lot*
[12:12] <abartlet> only UI, and I suspect only GUI applications will want/need to use the new API
[12:12] <abartlet> in particular, ACL editors are the major case
[12:12] <wasabi_> Yeah, well, I'd hope a "drop down of user lists" changes to a box similar to what's in windows, everywhere it's present.
[12:12] <wasabi_> Which lets you search specific realms, etc.
[12:13] <wasabi_> so you can type somebody's NAME, not just their username.
[12:13] <abartlet> it's not present in many places, and is a common GUI element in windows
[12:13] <abartlet> for good reason
[12:13] <wasabi_> Sure. They'd be a single shared widget for it.
[12:15] <wasabi_> I dunno. Do you think it'd be easier to build all the cool stuff into NSS, or build out winbind to have backend modules.
[12:15] <wasabi_> And continue to use nss_winbind, just like now.
[12:22] <tmh_> that's destroying the whole idea of NSS. NSS is supposed to be the thing with backends.
[12:33] <ajforgue> Is winbind only around to support Linux if the AD admin can't or won't extend the schema to support POSIX fields (SFU, ad4unix)?
[12:34] <abartlet> no, it does far more than that
[12:34] <wasabi_> Other things than schema apply.
[12:34] <wasabi_> password changing, host kerberos maintence, etc.
[12:34] <abartlet> and it does a far better job than just running nss_ldap on a client node
[12:34] <wasabi_> creating the computer object on join, caching, etc
[12:34] <abartlet> we take advantage of the extra feilds, if present
[12:35] <wasabi_> it does site locality stuff now too right?
[12:35] <abartlet> yep
[12:35] <ajforgue> got it, never used winbind before, I've always extended the schema
[12:35] <wasabi_> It's a large base of logic which we really want, for non-AD, too.
[03:26] <Burgundavia> ajmitch: you around?
[06:55] <ajmitch> Burgundavia: just back now
[06:56] <Burgundavia> ajmitch: put n-a up for disucssion, but I wonder if we can merge n-a and that eudubuntu spec
[06:57] <nkassi> Anyone here is an AD expert ?
[06:58] <nkassi> or knows AD a bit ?
[06:59] <Burgundavia> some, but knowledge is rusty and old
[06:59] <Burgundavia> but my, rather
[07:00] <ajmitch> Burgundavia: n-a covers more than just the edubuntu stuff though - there's quite a bit of overlap, but n-a covers the pam/winbind/nss stuff as well
[07:00] <ajmitch> putting n-a up for discussion may not be useful for the spec scheduler
[07:01] <nkassi> Ok, so OpenLDAP has .schema files but AD seems to have schema definitions stored within the directory is that correct ?
[07:01] <Burgundavia> ajmitch: you can pulli t off disuccsion then
[08:13] <wasabi_> who's here?
[08:14] <SimonAnibal> I am
[08:14] <fernando> let'me see... yes, I'm here
[08:43] <robertj> I be here