| sbalneav | Evening all | 03:42 |
|---|---|---|
| Ahmuck-Sr | . | 03:44 |
| aidave | kabikaboo 1.7 now out! https://launchpad.net/kabikaboo | 16:16 |
| sbalneav | I think we might need this: | 16:22 |
| sbalneav | http://git.gnome.org/browse/nanny/tree/ | 16:22 |
| sbalneav | I'll see about packaging it. | 16:22 |
| === alkisg1 is now known as alkisg | ||
| alkisg | sbalneav: at some point you were thinking about packaging an easy to setup ldap template, for schools... care to pick it up? I'm willing to help as much as I can... :) | 16:23 |
| alkisg | I'm trying to setup LDAP for the first time. I can succesfully do `sudo ldapaddgroup test` but I cannot get `sudo ldapadduser test test` to work, it says "ldap_add: no such object (32)". Help?! | 20:08 |
| sbalneav | Which package are you using? | 20:09 |
| alkisg | I did: sudo apt-get -y install slapd ldap-utils ldapscripts | 20:09 |
| sbalneav | Ahhhh, ldapscripts :) | 20:10 |
| alkisg | Ah got it! The ubuntu guide was using "People" while ldapscripts is using "Users"... | 20:10 |
| sbalneav | yeah | 20:10 |
| sbalneav | the whole problem with ldap is everything ONLY works if you've got your database laid out the exact way the scripts want. | 20:11 |
| sbalneav | and there's NO standard for your ou's | 20:11 |
| sbalneav | so some use "users" | 20:11 |
| alkisg | I wonder why http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html doesn't mention this problem, though :( | 20:11 |
| sbalneav | some "Users" | 20:11 |
| sbalneav | some "People" | 20:11 |
| sbalneav | some just use uid= with no ou at all | 20:12 |
| alkisg | Uhm... I think I'll just use whatever the ldapscripts use, to minimize configuration file editing :D | 20:12 |
| sbalneav | alkisg: silly boy! You're just supposed to KNOW this!!! | 20:12 |
| sbalneav | I've been using ldap for 10+ years. | 20:12 |
| sbalneav | next to RS232, it's the most non-standard standard I've ever seen. | 20:13 |
| alkisg | Heh... I was trying to avoid using it for too long now :D | 20:13 |
| alkisg | ...but maybe I need to see it to better decide what's better... | 20:13 |
| sbalneav | You talk to any good enterprise sysadm, you'll find they all have their own highly customized shell scripts for dealing with their specific LDAP instance. | 20:14 |
| sbalneav | Well, the problem with LDAP is, it's well supported. | 20:14 |
| sbalneav | Everything can talk to ldap, problem is, you have to CUSTOMIZE everything to get it to talk to the way YOU layed out your ldap. | 20:15 |
| alkisg | Bah... we should make a package for easy ldap installation for schools! | 20:15 |
| alkisg | I think I saw some packages in synaptic for caching credentials, do they work OK when the server's down? | 20:15 |
| sbalneav | Well, it's not hard. | 20:15 |
| sbalneav | skolelinux does it. | 20:16 |
| sbalneav | you just pick a database layout | 20:16 |
| sbalneav | create a package that creates that layouyt | 20:16 |
| alkisg | Really?! Ah, I need to look at it for better compatibility then... they've probably thought about samba, too... | 20:16 |
| sbalneav | and patch ldaptools + any other ldap things to support that layout "out of the box: | 20:16 |
| sbalneav | it's not HARD | 20:17 |
| sbalneav | it's just... tedious | 20:17 |
| sbalneav | there's a lot of ldap tools. | 20:17 |
| sbalneav | or things that can talk to ldap. | 20:17 |
| alkisg | It's hard to get started with ldap... it'd be much easier if there was some easy-ldap package. ogra had started a spec about this I think 3 years ago, but it was never implemented... | 20:18 |
| sbalneav | Then you get told "Well, you shouldn't design an ldap database layout without talking to the server team" | 20:18 |
| sbalneav | and you talk to the server team, and 5 guys have 8 different ways they want to do the layout. | 20:18 |
| alkisg | Heh | 20:18 |
| sbalneav | And... here we are. | 20:18 |
| sbalneav | I was going to implement it. | 20:18 |
| sbalneav | I'm STILL willing to implement it. | 20:18 |
| alkisg | Well, there are many schools out there *without sysadmins or server teams* looking for an easy way to install ldap + nfs | 20:19 |
| alkisg | I'm willling to help however I can | 20:19 |
| sbalneav | it's EASY to implemnt. Consensus is hard. | 20:19 |
| Ahmuck-Sr | alkisg>Well, there are many schools out there *without sysadmins or server teams* looking for an easy way to install ldap + nfs | 20:19 |
| sbalneav | Lets talk about it at tomorrow's meeting. | 20:19 |
| Ahmuck-Sr | this is a correct statement | 20:19 |
| alkisg | sbalneav: nice :) | 20:19 |
| * Ahmuck-Sr has been on this soapbox for a while | 20:19 | |
| alkisg | Ahmuck-Sr: did you get to install it? | 20:20 |
| sbalneav | LaserJock told me about bikeshedding. You guys know what that is? | 20:20 |
| Ahmuck-Sr | isn't LDAP standard? | 20:20 |
| sbalneav | Ahmuck-Sr: Yes and no | 20:20 |
| sbalneav | LDAP itself is standard. | 20:20 |
| sbalneav | just like SQL is standard. | 20:20 |
| sbalneav | how you design your DATABASE for access, isn't | 20:20 |
| alkisg | Heh... http://en.wiktionary.org/wiki/bikeshedding | 20:20 |
| sbalneav | it's up to you | 20:20 |
| sbalneav | right, and ldap becomes the ultimate bikeshed. | 20:21 |
| sbalneav | EVERYbody has an opinion as to why a databse should use ou=People instead of ou=Users | 20:22 |
| alkisg | sbalneav: what tools are you using to manage users? ldapscripts? | 20:23 |
| sbalneav | Why you should use o=Greek Schools Division instead of dc=greek,dc=edu,dc=gk | 20:23 |
| sbalneav | alkisg: I have all my own custom scripts I've written, modified, and dragged with me for the last 10 years. | 20:23 |
| alkisg | Heh, at least that tells me that ldap is stable :D | 20:24 |
| sbalneav | Oh, it's a fine system | 20:24 |
| sbalneav | it works well. | 20:24 |
| alkisg | Is dc=school,dc=local acceptable to be used by all greek schools? :D | 20:24 |
| alkisg | If so, I'm good to go... | 20:25 |
| sbalneav | it's just the barrier to entry is SO FRIGGING HIGH | 20:28 |
| stgraber | sbalneav: are you using kerberos for password storage/policy or not yet ? | 20:28 |
| sbalneav | No, I don't use kerberos yet. | 20:28 |
| sbalneav | so I'm using pamldap for my auth | 20:29 |
| alkisg | Can ldap work without nfs? | 20:29 |
| sbalneav | Sure | 20:29 |
| alkisg | I.e. some package to create the local home dirs etc? | 20:29 |
| sbalneav | Sure, that's no problem. | 20:30 |
| sbalneav | *ALL* you need to solve this problem is to simply VOTE on a layout. And then say, "screw everybody else, this is the layout we support" | 20:30 |
| stgraber | sbalneav: I deployed it on my LAN (80 or so VMs ;)) and it's freaking cool to be able to ssh to a server, then to another, then to another and never have to re-auth. Then when the ticket expires (once a day), I have to login again and that's it. | 20:30 |
| sbalneav | You want something other tthan this, you're on your own. | 20:31 |
| sbalneav | which is EXACTLY what skolellinux does | 20:31 |
| stgraber | sbalneav: also I have my IMAP server, web server and proxy using kerberos, so no need to login there too :) | 20:31 |
| sbalneav | yeah, I just need to sit down with it for a day and actually play with it. | 20:31 |
| alkisg | stgraber: do put something in the wiki about how to do all this... :) | 20:32 |
| sbalneav | That's why, curretnly , skolellinux is the ONLY one that actually SUPPORTS ldap | 20:32 |
| * alkisg should better copy skolelinux's layout, then... | 20:32 | |
| sbalneav | I've actually looked at skolelinux's ldap packages | 20:33 |
| sbalneav | it's just a presees. | 20:33 |
| sbalneav | it's just a preseed | 20:33 |
| sbalneav | My thought was: just steal their stuff :) | 20:33 |
| sbalneav | do what they do | 20:33 |
| sbalneav | then edubuntu can auth against skolelinux auth servers, or vice versa | 20:34 |
| alkisg | Right. That's what I'd like to have in edubuntu, prepackaged solutions... | 20:36 |
| stgraber | alkisg: I'm not yet finished with looking at kerberos, I have the basics working but I need to connect it better with my LDAP | 20:56 |
| alkisg | It'd be nice to have such solutions in edubuntu, working out of the box... | 20:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!