sbalneav | Evening all | 03:42 |
---|---|---|
Ahmuck-Sr | . | 03:44 |
aidave | kabikaboo 1.7 now out! https://launchpad.net/kabikaboo | 16:16 |
sbalneav | I think we might need this: | 16:22 |
sbalneav | http://git.gnome.org/browse/nanny/tree/ | 16:22 |
sbalneav | I'll see about packaging it. | 16:22 |
=== alkisg1 is now known as alkisg | ||
alkisg | sbalneav: at some point you were thinking about packaging an easy to setup ldap template, for schools... care to pick it up? I'm willing to help as much as I can... :) | 16:23 |
alkisg | I'm trying to setup LDAP for the first time. I can succesfully do `sudo ldapaddgroup test` but I cannot get `sudo ldapadduser test test` to work, it says "ldap_add: no such object (32)". Help?! | 20:08 |
sbalneav | Which package are you using? | 20:09 |
alkisg | I did: sudo apt-get -y install slapd ldap-utils ldapscripts | 20:09 |
sbalneav | Ahhhh, ldapscripts :) | 20:10 |
alkisg | Ah got it! The ubuntu guide was using "People" while ldapscripts is using "Users"... | 20:10 |
sbalneav | yeah | 20:10 |
sbalneav | the whole problem with ldap is everything ONLY works if you've got your database laid out the exact way the scripts want. | 20:11 |
sbalneav | and there's NO standard for your ou's | 20:11 |
sbalneav | so some use "users" | 20:11 |
alkisg | I wonder why http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html doesn't mention this problem, though :( | 20:11 |
sbalneav | some "Users" | 20:11 |
sbalneav | some "People" | 20:11 |
sbalneav | some just use uid= with no ou at all | 20:12 |
alkisg | Uhm... I think I'll just use whatever the ldapscripts use, to minimize configuration file editing :D | 20:12 |
sbalneav | alkisg: silly boy! You're just supposed to KNOW this!!! | 20:12 |
sbalneav | I've been using ldap for 10+ years. | 20:12 |
sbalneav | next to RS232, it's the most non-standard standard I've ever seen. | 20:13 |
alkisg | Heh... I was trying to avoid using it for too long now :D | 20:13 |
alkisg | ...but maybe I need to see it to better decide what's better... | 20:13 |
sbalneav | You talk to any good enterprise sysadm, you'll find they all have their own highly customized shell scripts for dealing with their specific LDAP instance. | 20:14 |
sbalneav | Well, the problem with LDAP is, it's well supported. | 20:14 |
sbalneav | Everything can talk to ldap, problem is, you have to CUSTOMIZE everything to get it to talk to the way YOU layed out your ldap. | 20:15 |
alkisg | Bah... we should make a package for easy ldap installation for schools! | 20:15 |
alkisg | I think I saw some packages in synaptic for caching credentials, do they work OK when the server's down? | 20:15 |
sbalneav | Well, it's not hard. | 20:15 |
sbalneav | skolelinux does it. | 20:16 |
sbalneav | you just pick a database layout | 20:16 |
sbalneav | create a package that creates that layouyt | 20:16 |
alkisg | Really?! Ah, I need to look at it for better compatibility then... they've probably thought about samba, too... | 20:16 |
sbalneav | and patch ldaptools + any other ldap things to support that layout "out of the box: | 20:16 |
sbalneav | it's not HARD | 20:17 |
sbalneav | it's just... tedious | 20:17 |
sbalneav | there's a lot of ldap tools. | 20:17 |
sbalneav | or things that can talk to ldap. | 20:17 |
alkisg | It's hard to get started with ldap... it'd be much easier if there was some easy-ldap package. ogra had started a spec about this I think 3 years ago, but it was never implemented... | 20:18 |
sbalneav | Then you get told "Well, you shouldn't design an ldap database layout without talking to the server team" | 20:18 |
sbalneav | and you talk to the server team, and 5 guys have 8 different ways they want to do the layout. | 20:18 |
alkisg | Heh | 20:18 |
sbalneav | And... here we are. | 20:18 |
sbalneav | I was going to implement it. | 20:18 |
sbalneav | I'm STILL willing to implement it. | 20:18 |
alkisg | Well, there are many schools out there *without sysadmins or server teams* looking for an easy way to install ldap + nfs | 20:19 |
alkisg | I'm willling to help however I can | 20:19 |
sbalneav | it's EASY to implemnt. Consensus is hard. | 20:19 |
Ahmuck-Sr | alkisg>Well, there are many schools out there *without sysadmins or server teams* looking for an easy way to install ldap + nfs | 20:19 |
sbalneav | Lets talk about it at tomorrow's meeting. | 20:19 |
Ahmuck-Sr | this is a correct statement | 20:19 |
alkisg | sbalneav: nice :) | 20:19 |
* Ahmuck-Sr has been on this soapbox for a while | 20:19 | |
alkisg | Ahmuck-Sr: did you get to install it? | 20:20 |
sbalneav | LaserJock told me about bikeshedding. You guys know what that is? | 20:20 |
Ahmuck-Sr | isn't LDAP standard? | 20:20 |
sbalneav | Ahmuck-Sr: Yes and no | 20:20 |
sbalneav | LDAP itself is standard. | 20:20 |
sbalneav | just like SQL is standard. | 20:20 |
sbalneav | how you design your DATABASE for access, isn't | 20:20 |
alkisg | Heh... http://en.wiktionary.org/wiki/bikeshedding | 20:20 |
sbalneav | it's up to you | 20:20 |
sbalneav | right, and ldap becomes the ultimate bikeshed. | 20:21 |
sbalneav | EVERYbody has an opinion as to why a databse should use ou=People instead of ou=Users | 20:22 |
alkisg | sbalneav: what tools are you using to manage users? ldapscripts? | 20:23 |
sbalneav | Why you should use o=Greek Schools Division instead of dc=greek,dc=edu,dc=gk | 20:23 |
sbalneav | alkisg: I have all my own custom scripts I've written, modified, and dragged with me for the last 10 years. | 20:23 |
alkisg | Heh, at least that tells me that ldap is stable :D | 20:24 |
sbalneav | Oh, it's a fine system | 20:24 |
sbalneav | it works well. | 20:24 |
alkisg | Is dc=school,dc=local acceptable to be used by all greek schools? :D | 20:24 |
alkisg | If so, I'm good to go... | 20:25 |
sbalneav | it's just the barrier to entry is SO FRIGGING HIGH | 20:28 |
stgraber | sbalneav: are you using kerberos for password storage/policy or not yet ? | 20:28 |
sbalneav | No, I don't use kerberos yet. | 20:28 |
sbalneav | so I'm using pamldap for my auth | 20:29 |
alkisg | Can ldap work without nfs? | 20:29 |
sbalneav | Sure | 20:29 |
alkisg | I.e. some package to create the local home dirs etc? | 20:29 |
sbalneav | Sure, that's no problem. | 20:30 |
sbalneav | *ALL* you need to solve this problem is to simply VOTE on a layout. And then say, "screw everybody else, this is the layout we support" | 20:30 |
stgraber | sbalneav: I deployed it on my LAN (80 or so VMs ;)) and it's freaking cool to be able to ssh to a server, then to another, then to another and never have to re-auth. Then when the ticket expires (once a day), I have to login again and that's it. | 20:30 |
sbalneav | You want something other tthan this, you're on your own. | 20:31 |
sbalneav | which is EXACTLY what skolellinux does | 20:31 |
stgraber | sbalneav: also I have my IMAP server, web server and proxy using kerberos, so no need to login there too :) | 20:31 |
sbalneav | yeah, I just need to sit down with it for a day and actually play with it. | 20:31 |
alkisg | stgraber: do put something in the wiki about how to do all this... :) | 20:32 |
sbalneav | That's why, curretnly , skolellinux is the ONLY one that actually SUPPORTS ldap | 20:32 |
* alkisg should better copy skolelinux's layout, then... | 20:32 | |
sbalneav | I've actually looked at skolelinux's ldap packages | 20:33 |
sbalneav | it's just a presees. | 20:33 |
sbalneav | it's just a preseed | 20:33 |
sbalneav | My thought was: just steal their stuff :) | 20:33 |
sbalneav | do what they do | 20:33 |
sbalneav | then edubuntu can auth against skolelinux auth servers, or vice versa | 20:34 |
alkisg | Right. That's what I'd like to have in edubuntu, prepackaged solutions... | 20:36 |
stgraber | alkisg: I'm not yet finished with looking at kerberos, I have the basics working but I need to connect it better with my LDAP | 20:56 |
alkisg | It'd be nice to have such solutions in edubuntu, working out of the box... | 20:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!