Re: Wheezy Gosa² setup
On Dienstag, 22. Januar 2013, Wolfgang Schweer wrote: > More precisely: errors are not reported (tested with a pw of length 3, d-e > squeeze default minlength beeing 5). please file a bug in the Debian BTS (or of course, better yet, fix it in svn ;) -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201301251328.15653.hol...@layer-acht.org
Re: Wheezy Gosa² setup
On Tue, Jan 22, 2013 at 10:40:28PM +0100, Wolfgang Schweer wrote: > On Tue, Jan 22, 2013 at 09:43:06PM +0100, Mike Gabriel wrote: > > On Di 22 Jan 2013 10:40:41 CET Wolfgang Schweer wrote: > > > > >(2) Changing to your version of gosa-sync the error is reported if the > > >password is too short, pw change is denied. Same thing concerning > > >character classes after changing users policy minclasses from 1 (d-e > > >default) to 2. Funny enough, "blöd" ist considered to be a valid pw (due > > >to the German umlaut?) although imo qualifying as being too short. > > > > > >postmodify is no longer required in the administration section if your > > >version of gosa-sync is in use. > > > > > >Well done, Andi! > > > > Wolfgang, thanks for the cross-checking!!! Can you commit Andreas's > > gosa-sync script to trunk/debian-edu-config/** so that we have it in > > squeeze-r1? That would be quite an improvement!!! > > I've checked it in parallel for gosa 2.6.11; it doesn't seem to work. More precisely: errors are not reported (tested with a pw of length 3, d-e squeeze default minlength beeing 5). Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
On Tue, Jan 22, 2013 at 09:43:06PM +0100, Mike Gabriel wrote: > On Di 22 Jan 2013 10:40:41 CET Wolfgang Schweer wrote: > > >(2) Changing to your version of gosa-sync the error is reported if the > >password is too short, pw change is denied. Same thing concerning > >character classes after changing users policy minclasses from 1 (d-e > >default) to 2. Funny enough, "blöd" ist considered to be a valid pw (due > >to the German umlaut?) although imo qualifying as being too short. > > > >postmodify is no longer required in the administration section if your > >version of gosa-sync is in use. > > > >Well done, Andi! > > Wolfgang, thanks for the cross-checking!!! Can you commit Andreas's > gosa-sync script to trunk/debian-edu-config/** so that we have it in > squeeze-r1? That would be quite an improvement!!! I've checked it in parallel for gosa 2.6.11; it doesn't seem to work. Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
On Di 22 Jan 2013 10:40:41 CET Wolfgang Schweer wrote: (2) Changing to your version of gosa-sync the error is reported if the password is too short, pw change is denied. Same thing concerning character classes after changing users policy minclasses from 1 (d-e default) to 2. Funny enough, "blöd" ist considered to be a valid pw (due to the German umlaut?) although imo qualifying as being too short. postmodify is no longer required in the administration section if your version of gosa-sync is in use. Well done, Andi! Wolfgang, thanks for the cross-checking!!! Can you commit Andreas's gosa-sync script to trunk/debian-edu-config/** so that we have it in squeeze-r1? That would be quite an improvement!!! Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgp_HDy6ploiH.pgp Description: Digitale PGP-Unterschrift
Re: Wheezy Gosa² setup
On Tue, Jan 22, 2013 at 08:35:09AM +0100, Andreas B. Mundt wrote: > On Tue, Jan 22, 2013 at 05:43:59AM +0100, Mike Gabriel wrote: > > On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote: > > > > >>In addition, I had to rewrite gosa-sync. > > > > > >gosa-sync seems to work here without any change. > > > > In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not > > report back failures to GOsa², thus, passwords run out of sync. As > > we have several OTRS tickets open about this with our customers, > > this definitely would be an improvement for squeeze, at least. Are > > you really sure that error handling is correct with wheezy and GOsa² > > 2.7 (/me doubts it by what is written in this thread). > > > > Simple way to test gosa-sync failures: e.g. stop kadmind and try to > > modify or add a user with GOsa². > > > > I just tried this test, however, even with kadmind stopped, the > password can be modified as gosa-sync operates via kadmin.local > directly on the database, I guess. > > The test I used is changing to a password with just a single class of > characters, for example "12345". GOsa allows this password, but I use > a Kerberos policy that demands 2 character classes: This error is > reported in GOsa and the password modification canceled (also within > LDAP). Tests here: (1) Using Debian Edu's version of gosa-sync no error is reported in GOsa² if the provided password is too short (d-e default minlength being 5), but sync fails due to violated Kerberos policy. So maybe a possible reason for the errors mentioned by Mike were passwords beeing too short. (2) Changing to your version of gosa-sync the error is reported if the password is too short, pw change is denied. Same thing concerning character classes after changing users policy minclasses from 1 (d-e default) to 2. Funny enough, "blöd" ist considered to be a valid pw (due to the German umlaut?) although imo qualifying as being too short. postmodify is no longer required in the administration section if your version of gosa-sync is in use. Well done, Andi! Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi, On Tue, Jan 22, 2013 at 05:43:59AM +0100, Mike Gabriel wrote: > Hi Andi, hi Wolfgang, > > On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote: > > >>In addition, I had to rewrite gosa-sync. > > > >gosa-sync seems to work here without any change. > > In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not > report back failures to GOsa², thus, passwords run out of sync. As > we have several OTRS tickets open about this with our customers, > this definitely would be an improvement for squeeze, at least. Are > you really sure that error handling is correct with wheezy and GOsa² > 2.7 (/me doubts it by what is written in this thread). > > Simple way to test gosa-sync failures: e.g. stop kadmind and try to > modify or add a user with GOsa². > I just tried this test, however, even with kadmind stopped, the password can be modified as gosa-sync operates via kadmin.local directly on the database, I guess. The test I used is changing to a password with just a single class of characters, for example "12345". GOsa allows this password, but I use a Kerberos policy that demands 2 character classes: This error is reported in GOsa and the password modification canceled (also within LDAP). Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130122073509.GA17391@fuzi
Re: Wheezy Gosa² setup
Hi Andi, hi Wolfgang, On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote: In addition, I had to rewrite gosa-sync. gosa-sync seems to work here without any change. In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not report back failures to GOsa², thus, passwords run out of sync. As we have several OTRS tickets open about this with our customers, this definitely would be an improvement for squeeze, at least. Are you really sure that error handling is correct with wheezy and GOsa² 2.7 (/me doubts it by what is written in this thread). Simple way to test gosa-sync failures: e.g. stop kadmind and try to modify or add a user with GOsa². Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpnaZowxmAhX.pgp Description: Digitale PGP-Unterschrift
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 11:17:37PM +0100, Andreas B. Mundt wrote: > Hi, > > On Sun, Jan 20, 2013 at 05:25:16PM +0100, Wolfgang Schweer wrote: > > On Sun, Jan 20, 2013 at 01:38:22PM +0100, Andreas B. Mundt wrote: > > > I had to modify the variable name to be send to gosa-sync: > > > > > > - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo > > >/usr/local/sbin/gosa-sync %dn" > > > + postmodify="USERPASSWORD=%new_password /usr/bin/sudo > > >/usr/local/sbin/gosa-sync %dn" > > > > Seems to be that this change is required in the administration section > > too. > > Strange, it seems to work here with just one occurrence. Perhaps because > I use fewer features. I just had a look at your gosa.conf file. Seems to be that there are the same features. But: I've put the postmodify line into the administration section after class="userManagement". Seems to work. > In addition, I had to rewrite gosa-sync. gosa-sync seems to work here without any change. Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi, On Sun, Jan 20, 2013 at 05:25:16PM +0100, Wolfgang Schweer wrote: > On Sun, Jan 20, 2013 at 01:38:22PM +0100, Andreas B. Mundt wrote: > > I had to modify the variable name to be send to gosa-sync: > > > > - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo > >/usr/local/sbin/gosa-sync %dn" > > + postmodify="USERPASSWORD=%new_password /usr/bin/sudo > >/usr/local/sbin/gosa-sync %dn" > > Seems to be that this change is required in the administration section > too. Strange, it seems to work here with just one occurrence. Perhaps because I use fewer features. In addition, I had to rewrite gosa-sync. Take a look at: http://anonscm.debian.org/gitweb/?p=collab-maint/debian-lan.git;a=blob;f=fai/config/files/usr/local/sbin/gosa-sync/GOSA> If kadmin.local gives an error, the error message is shown in GOsa and the password change reverted. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130121221737.GA7713@fuzi
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 09:57:09PM +0100, Mike Gabriel wrote: > On Mo 21 Jan 2013 16:46:33 CET Wolfgang Schweer wrote: > >On Mon, Jan 21, 2013 at 03:25:24PM +0100, Holger Levsen wrote: > >>On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > >>> > > New Revision: 78794 > >>> > > +# FIXME: Check this for jessie > >>> > why do we need this plugin again? didnt we do this already for > >>> > squeeze? > >>> gosa-plugin-netgroups isn't available in wheezy (bug #682747). for > > The problem with gosa-plugin-netgroups was, that the upstream > changes in the plugin that were needed for 2.7 compatibility were > only provided by GONICUS very shore before the wheezy freeze. Too > short. The GOsa² packaging team offered to include the netgroups > plugin into the build infrastructure of the gosa src:package, but > for this it was also too late at that time. > > >>> squeeze there was am imo ugly solution > >>> (debian-edu-gosa-plugin-netgrups). > >> > >>why do you think this was ugly and how did you implement this > >>differently now? > > > >it was implemented as the (virtual) package > > not as a virtual package. The upstream code was in src:package > debian-edu-config. The build process of src:package > debian-edu-config created a bin:package named > debian-edu-config-gosa-netgroups. This bit of code was hacked on the > dev meeting in 2011 in Hamburg. > > >debian-edu-config-gosa-netgrroups, causing bug #662947 > > /me wonders if there is a typo in the bug number... the quoted bug > seems totally unrelated... you probably also mean #682747 here? typo, should've been #662967 Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi all, On Mo 21 Jan 2013 16:46:33 CET Wolfgang Schweer wrote: On Mon, Jan 21, 2013 at 03:25:24PM +0100, Holger Levsen wrote: On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > > > New Revision: 78794 > > > +# FIXME: Check this for jessie > > why do we need this plugin again? didnt we do this already for > > squeeze? > gosa-plugin-netgroups isn't available in wheezy (bug #682747). for The problem with gosa-plugin-netgroups was, that the upstream changes in the plugin that were needed for 2.7 compatibility were only provided by GONICUS very shore before the wheezy freeze. Too short. The GOsa² packaging team offered to include the netgroups plugin into the build infrastructure of the gosa src:package, but for this it was also too late at that time. > squeeze there was am imo ugly solution > (debian-edu-gosa-plugin-netgrups). why do you think this was ugly and how did you implement this differently now? it was implemented as the (virtual) package not as a virtual package. The upstream code was in src:package debian-edu-config. The build process of src:package debian-edu-config created a bin:package named debian-edu-config-gosa-netgroups. This bit of code was hacked on the dev meeting in 2011 in Hamburg. debian-edu-config-gosa-netgrroups, causing bug #662947 /me wonders if there is a typo in the bug number... the quoted bug seems totally unrelated... you probably also mean #682747 here? now it's simply shipped within d-e-c (which might be even more ugly concerning policy?) Yes, it is more ugly, but for wheezy, this is our only chance to get the netgroups plugin into Debian (again). > this was detected by some script and > as a consequence you removed it for wheezy. rather, the new gosa version includes this plugin now (or was said to), so thats why we had those "Breaks:"-releationships and so I removed it. see bugs #682747 and #680945 > without the plugin the > main-server is badly crippled. why dont we add this plugin the old way then? could be done, but see above. anyway: it must be there. Let's take the squeeze way here (or no way...). > there's yet another big problem: in gosa-plugin-ldapmanager the import > feature has been dropped upstream since version 2.7. it was "not widely > used" (or some such) and so porting cut to limit workload. that's sort > of a great loss for local school admins. what functionality does that plugin provide? it allows mass creation of user accounts using a csv file. argghhh... the LDAP import add-on is a must I cannot imaging to maintain a large deployment without such an import filter. There were caveats in the 2.6 LDAP mass import code, but once you were aware of them, it did good deeds. We probably have to hack that one into debian-edu-config, as well (plus updating the upstream code for usage with gosa 2.7). Grmpf... Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpBjQ0qGm45i.pgp Description: Digitale PGP-Unterschrift
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 03:25:24PM +0100, Holger Levsen wrote: > On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > > > > New Revision: 78794 > > > > +# FIXME: Check this for jessie > > > why do we need this plugin again? didnt we do this already for > > > squeeze? > > gosa-plugin-netgroups isn't available in wheezy (bug #682747). for > > squeeze there was am imo ugly solution > > (debian-edu-gosa-plugin-netgrups). > > why do you think this was ugly and how did you implement this > differently now? it was implemented as the (virtual) package debian-edu-config-gosa-netgrroups, causing bug #662947 now it's simply shipped within d-e-c (which might be even more ugly concerning policy?) > > this was detected by some script and > > as a consequence you removed it for wheezy. > > rather, the new gosa version includes this plugin now (or was said to), so > thats why we had those "Breaks:"-releationships and so I removed it. see bugs #682747 and #680945 > > without the plugin the > > main-server is badly crippled. > > why dont we add this plugin the old way then? could be done, but see above. anyway: it must be there. > > there's yet another big problem: in gosa-plugin-ldapmanager the import > > feature has been dropped upstream since version 2.7. it was "not widely > > used" (or some such) and so porting cut to limit workload. that's sort > > of a great loss for local school admins. > > what functionality does that plugin provide? it allows mass creation of user accounts using a csv file. > debian/changelog entries should be self-explainatory! :-) agreed. Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130121154633.GA4457@schweer-online.local
Re: Wheezy Gosa² setup
Hi, On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > > > New Revision: 78794 > > > +# FIXME: Check this for jessie > > why do we need this plugin again? didnt we do this already for squeeze? > gosa-plugin-netgroups isn't available in wheezy (bug #682747). for > squeeze there was am imo ugly solution > (debian-edu-gosa-plugin-netgrups). why do you think this was ugly and how did you implement this differently now? > this was detected by some script and > as a consequence you removed it for wheezy. rather, the new gosa version includes this plugin now (or was said to), so thats why we had those "Breaks:"-releationships and so I removed it. > without the plugin the > main-server is badly crippled. why dont we add this plugin the old way then? > there's yet another big problem: in gosa-plugin-ldapmanager the import > feature has been dropped upstream since version 2.7. it was "not widely > used" (or some such) and so porting cut to limit workload. that's sort > of a great loss for local school admins. what functionality does that plugin provide? > > will this work (=calling update-gosa without path) ? > path is included, though hard to see due to line wrapping. ah, good. > > this also didnt really answer the question (much), but fine... > > > > - * finish-install: prevent configured network interfaces file from > > being deleted by d-i. > > -Don't delete file, only zero content, to avoid error message > > -in log file. > > last two lines only understandable as sort of a reply to a proposal by > pere (delete file as one of five options to solve the problem) -- so > nothing was really changed. debian/changelog entries should be self-explainatory! :-) cheers, Holger -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201301211525.25258.hol...@layer-acht.org
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 12:51:22AM +0100, Holger Levsen wrote: > "Worst offence" now, you increased the version of debian-edu-config > from 1.703 to 1.704 without an upload happening! -> (always) use "svn > diff" before commiting to check if you really commit what you want to. o.k. > On Sonntag, 20. Januar 2013, schweer-gu...@alioth.debian.org wrote: > > New Revision: 78794 > > > +# FIXME: Check this for jessie > > why do we need this plugin again? didnt we do this already for squeeze? gosa-plugin-netgroups isn't available in wheezy (bug #682747). for squeeze there was am imo ugly solution (debian-edu-gosa-plugin-netgrups). this was detected by some script and as a consequence you removed it for wheezy. without the plugin the main-server is badly crippled. there's yet another big problem: in gosa-plugin-ldapmanager the import feature has been dropped upstream since version 2.7. it was "not widely used" (or some such) and so porting cut to limit workload. that's sort of a great loss for local school admins. > > +# Install gosa-plugin-netgroups provided by d-e-c > > +in-target update-gosa install > > /usr/share/debian-edu-config/netgroups/plugin.dsc +log "Install gosa > > netgroups plugin" > > will this work (=calling update-gosa without path) ? path is included, though hard to see due to line wrapping. > this also didnt really answer the question (much), but fine... > > - * finish-install: prevent configured network interfaces file from being > deleted by d-i. > -Don't delete file, only zero content, to avoid error message > -in log file. last two lines only understandable as sort of a reply to a proposal by pere (delete file as one of five options to solve the problem) -- so nothing was really changed. thanks again, Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi Wolfgang, On Sonntag, 20. Januar 2013, Wolfgang Schweer wrote: > thanks for the hints; first changes done, please check. yes, much better, thanks a lot! "Worst offence" now, you increased the version of debian-edu-config from 1.703 to 1.704 without an upload happening! -> (always) use "svn diff" before commiting to check if you really commit what you want to. then: On Sonntag, 20. Januar 2013, schweer-gu...@alioth.debian.org wrote: > New Revision: 78794 > +# FIXME: Check this for jessie why do we need this plugin again? didnt we do this already for squeeze? > +# Install gosa-plugin-netgroups provided by d-e-c > +in-target update-gosa install > /usr/share/debian-edu-config/netgroups/plugin.dsc +log "Install gosa > netgroups plugin" will this work (=calling update-gosa without path) ? this also didnt really answer the question (much), but fine... - * finish-install: prevent configured network interfaces file from being deleted by d-i. -Don't delete file, only zero content, to avoid error message -in log file. -# FIXME: this changelog message is bad, it needs to describe why the -change was done in r78766 + * finish-install: prevent configured network interfaces file from being +deleted during execution of d-i netcfg-copy-config. and again: thanks & cheers, Holger -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201301210051.22751.hol...@layer-acht.org
Re: Wheezy Gosa² setup
On Sun, Jan 20, 2013 at 06:38:11PM +0100, Holger Levsen wrote: > > In future, please also add entries in debian/changelog for your changes. This > is achived quite easily with the help of dch and debcommit from the > devscripts > package: > > $edit $somefiles > dch # opens debian/changelog in $EDITOR and takes care of formatting > debcommit -C # uses the just added change message from debian/changelog as ># message for svn commit Hi Holger, thanks for the hints; first changes done, please check. Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi Wolfgang, many thanks for your commits in the wheezy branch! In future, please also add entries in debian/changelog for your changes. This is achived quite easily with the help of dch and debcommit from the devscripts package: $edit $somefiles dch # opens debian/changelog in $EDITOR and takes care of formatting debcommit -C # uses the just added change message from debian/changelog as # message for svn commit I'm fixing the packages now, but please write debian/changelog entries in future together with your much appreciated changes. If you have any usage questions about dch or debcommit, please ask! dch -r and dch -i are also quite useful, and so are their manpages. cheers, Holger -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201301201838.11824.hol...@layer-acht.org
Re: Wheezy Gosa² setup
On Sun, Jan 20, 2013 at 01:38:22PM +0100, Andreas B. Mundt wrote: > I had to modify the variable name to be send to gosa-sync: > > > > > acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/php > - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo >/usr/local/sbin/gosa-sync %dn" > + postmodify="USERPASSWORD=%new_password /usr/bin/sudo >/usr/local/sbin/gosa-sync %dn" > /> > Seems to be that this change is required in the administration section too. Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
On Sun, Jan 20, 2013 at 01:38:22PM +0100, Andreas B. Mundt wrote: > > I had to modify the variable name to be send to gosa-sync: > > > > > acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/php > - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo >/usr/local/sbin/gosa-sync %dn" > + postmodify="USERPASSWORD=%new_password /usr/bin/sudo >/usr/local/sbin/gosa-sync %dn" > /> > > > > If I don't do that, I end up with the hash in the variable making gosa > sync fail. Hi Andi, thanks for the feedback. Confirmed, the modification works (and is required). Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130120160349.GA5199@schweer-online.local
Wheezy Gosa² setup
Hi, concerning Wolfgangs work on the GOsa setup for wheezy which I currently do for debian-lan, I found the following which I would like to share to not double debugging. I had to modify the variable name to be send to gosa-sync: If I don't do that, I end up with the hash in the variable making gosa sync fail. If you don't need that, it would be rather interesting to find out why it's needed here. In addition and for your information, I filed http://bugs.debian.org/698544 on the use of SASL instead of ssha as "password hash" in GOsa. Using SASL would allow to authenticate login to gosa with kerberos authentication. The password hashes would only be stored in kerberos and additionally providing the hash in LDAP wouldn't be needed anymore. kpasswd could be used for changes as well as the GOsa interface. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130120123822.GA16810@fuzi
Re: Wheezy Gosa² setup
Gi Giorgio (and others), Quoting Giorgio Pioda (2013-01-19 12:59:40) > > >In my wishlist I would also like to see Cfengine3 deeper boundled; > > >im currently using it since November to keep the client in sync and > > >is really great to automatize additional packages and configs. > > > > Yes, I have also had several deployed setups (not any more) that > > were fully maintained by Cfengine3. However, if a switch over to > > Debian LAN will be in the discussion, one should see what can be > > handled by FAI and if then is anything left that has to be handled > > by cfengine. > > But FAI itself is a mix of Cfengine2 with other tools. Cfengine3 > should support Cf2 legacy scripts. Isn't it? CFEngine is both a scripting engine and a site-wide OS customizing framework. FAI is an OS install and customizing framework. FAI can make use _some_ CFEngine _scripts_ (and many other scripts), but the core of the FAI framework is different from CFEngine the framework. I agree with Mike that a move to FAI is a different path than tying CFEngine scripts to the CFEngine framework. I believe that a move to FAI will make Debian Edu easier to reuse for similar but not identical Debian usecases. I believe that use of CFEngine the framework has a higher risk of drifting further away from Debian than FAI. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: Wheezy Gosa² setup
Hi again Mike, > How about this goal: deploy Debian Edu wheezy. ;-) Yeah, that would be great. That's why I asked about release timing! If D-E wheezy would be in a useful state, I could start a deep debugging with direct use in production prior to official release. I like to live on the edges... ;-) > > >>Send the file back to this list and I will commit the translation. > >> > >>>What about release timings? I really need kernel >= 3 for my 10 > >>>starboard whiteboards (I'm using the russian GPL'ized lsadrv > >>>module). > >> > >>Is linux-image 3.2.x from squeeze-backports an option? We stuff up > >>our squeeze installation with packages from squeeze-backports which > >>works fine. > > > >I tested once the Kenji Muto .iso but only on pupil laptops. > >I dropped the experience in favour of Ubuntu 12.04 (brand new hardware > >combined with unskilled hands on). I should test it. > >Anyway, since years I'm used to do most of things on "testing" which normally > >is pretty stable. > > During a freeze phase in Debian, I fully agree. During non-freeze > stages (e.g. while multiarch was introduced lately) I must say, I > fully disagree... Well, I survived it, with clients workstations too (not server). If the overall architecture is kept from one version to the next, mixing a stable server with testing workstation would be a no-problem situation. > > >I don't understand why the debian-edu development is not kept > >up to date on testing, thus having a release timing synced with > >main debian release. > > This mostly due do lack of continuous man power. Those people who > are working on Debian Edu are doing great. However, all of us have > loads of fields of endeavour, so noone from the dev team can > contribute 100% time to Debian Edu. :-( I see the point :-( Having more people using and committing would help. > > >> > >>>My "non eduified" educational lan is already migrating to wheezy > >>>in these days. I also > >>>admit that debian-lan is also actracting me, because of flexibility. > >> > >>My secret dream is to use Debian LAN for D-E jessie. But for that, > >>we indeed have to push out D-E wheezy shortly after the official > >>Debian wheezy release. > >> > >>Mike > >> > > > >Merging the effort would be great. I also think this, and yes, for D-E jessie > >the devel, please, in sync with jessie itself. > > :-) So hop onboard, with each active developer, this becomes more likely. > Maybe, I right now considering this argument. > >In my wishlist I would also like to see Cfengine3 deeper boundled; > >im currently using it since > >November to keep the client in sync and is really great to > >automatize additional packages > >and configs. > > Yes, I have also had several deployed setups (not any more) that > were fully maintained by Cfengine3. However, if a switch over to > Debian LAN will be in the discussion, one should see what can be > handled by FAI and if then is anything left that has to be handled > by cfengine. But FAI itself is a mix of Cfengine2 with other tools. Cfengine3 should support Cf2 legacy scripts. Isn't it? Cheers -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130119115940.ga5...@ticino.com
Re: Wheezy Gosa² setup
Hi Giorgio, On Sa 19 Jan 2013 12:21:14 CET Giorgio Pioda wrote: Please send me the translation file, then... Obtain the .pot file from here: https://oss.gonicus.de/repositories/gosa-contrib/netgroups/ as I said, I first have to consider in which direction to go for next school year 2013/2014 How about this goal: deploy Debian Edu wheezy. ;-) Send the file back to this list and I will commit the translation. >What about release timings? I really need kernel >= 3 for my 10 >starboard whiteboards (I'm using the russian GPL'ized lsadrv >module). Is linux-image 3.2.x from squeeze-backports an option? We stuff up our squeeze installation with packages from squeeze-backports which works fine. I tested once the Kenji Muto .iso but only on pupil laptops. I dropped the experience in favour of Ubuntu 12.04 (brand new hardware combined with unskilled hands on). I should test it. Anyway, since years I'm used to do most of things on "testing" which normally is pretty stable. During a freeze phase in Debian, I fully agree. During non-freeze stages (e.g. while multiarch was introduced lately) I must say, I fully disagree... I don't understand why the debian-edu development is not kept up to date on testing, thus having a release timing synced with main debian release. This mostly due do lack of continuous man power. Those people who are working on Debian Edu are doing great. However, all of us have loads of fields of endeavour, so noone from the dev team can contribute 100% time to Debian Edu. :-( >My "non eduified" educational lan is already migrating to wheezy >in these days. I also >admit that debian-lan is also actracting me, because of flexibility. My secret dream is to use Debian LAN for D-E jessie. But for that, we indeed have to push out D-E wheezy shortly after the official Debian wheezy release. Mike Merging the effort would be great. I also think this, and yes, for D-E jessie the devel, please, in sync with jessie itself. :-) So hop onboard, with each active developer, this becomes more likely. In my wishlist I would also like to see Cfengine3 deeper boundled; im currently using it since November to keep the client in sync and is really great to automatize additional packages and configs. Yes, I have also had several deployed setups (not any more) that were fully maintained by Cfengine3. However, if a switch over to Debian LAN will be in the discussion, one should see what can be handled by FAI and if then is anything left that has to be handled by cfengine. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpdmGgJg4NhZ.pgp Description: Digitale PGP-Unterschrift
Re: Wheezy Gosa² setup
Hi Mike > Please send me the translation file, then... Obtain the .pot file from here: > https://oss.gonicus.de/repositories/gosa-contrib/netgroups/ > as I said, I first have to consider in which direction to go for next school year 2013/2014 > Send the file back to this list and I will commit the translation. > > >What about release timings? I really need kernel >= 3 for my 10 > >starboard whiteboards (I'm using the russian GPL'ized lsadrv > >module). > > Is linux-image 3.2.x from squeeze-backports an option? We stuff up > our squeeze installation with packages from squeeze-backports which > works fine. I tested once the Kenji Muto .iso but only on pupil laptops. I dropped the experience in favour of Ubuntu 12.04 (brand new hardware combined with unskilled hands on). I should test it. Anyway, since years I'm used to do most of things on "testing" which normally is pretty stable. I don't understand why the debian-edu development is not kept up to date on testing, thus having a release timing synced with main debian release. > > >My "non eduified" educational lan is already migrating to wheezy > >in these days. I also > >admit that debian-lan is also actracting me, because of flexibility. > > My secret dream is to use Debian LAN for D-E jessie. But for that, > we indeed have to push out D-E wheezy shortly after the official > Debian wheezy release. > > Mike > Merging the effort would be great. I also think this, and yes, for D-E jessie the devel, please, in sync with jessie itself. In my wishlist I would also like to see Cfengine3 deeper boundled; im currently using it since November to keep the client in sync and is really great to automatize additional packages and configs. gfwp -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130119112114.ge4...@ticino.com
Re: Wheezy Gosa² setup
Hi Giorgio, On Sa 19 Jan 2013 11:41:51 CET Giorgio Pioda wrote: Hi folks There is still i18n work to do for the upstream code of the plugin, so if anyone volunteers... The original i18n translators are not I'm still caressing the idea to jump onboard completely. In that case you could have found an i18n translator (italian mother language). Please send me the translation file, then... Obtain the .pot file from here: https://oss.gonicus.de/repositories/gosa-contrib/netgroups/ Send the file back to this list and I will commit the translation. What about release timings? I really need kernel >= 3 for my 10 starboard whiteboards (I'm using the russian GPL'ized lsadrv module). Is linux-image 3.2.x from squeeze-backports an option? We stuff up our squeeze installation with packages from squeeze-backports which works fine. My "non eduified" educational lan is already migrating to wheezy in these days. I also admit that debian-lan is also actracting me, because of flexibility. My secret dream is to use Debian LAN for D-E jessie. But for that, we indeed have to push out D-E wheezy shortly after the official Debian wheezy release. Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpootnUbhEPC.pgp Description: Digitale PGP-Unterschrift
Re: Wheezy Gosa² setup
Hi folks > There is still i18n work to do for the upstream code of the plugin, > so if anyone volunteers... The original i18n translators are not I'm still caressing the idea to jump onboard completely. In that case you could have found an i18n translator (italian mother language). What about release timings? I really need kernel >= 3 for my 10 starboard whiteboards (I'm using the russian GPL'ized lsadrv module). My "non eduified" educational lan is already migrating to wheezy in these days. I also admit that debian-lan is also actracting me, because of flexibility. Cheers gfwp -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130119104151.ga4...@ticino.com
Re: Wheezy Gosa² setup
Hi Wolfgang, On Mi 16 Jan 2013 21:57:18 CET Wolfgang Schweer wrote: Hi, anybody has any idea about gosa-plugin-netgroups (bug #682747)? To integrate the gosa netgroup functionality just for testing, one could proceed like this (once tjener is up and running and connected to the internet; setting up tjener is not yet working automatically): apt-get update apt-get install subversion svn co https://oss.gonicus.de/repositories/gosa-contrib/netgroups update-gosa install netgroups/trunk/plugin.dsc The Gosa² 2.7.4 configuration file gosa.conf (svn wheezy branch) is supposed to work with the plugin. Thanks to Caius Pollmeier and Fabian Hickert from GONICUS we have a working upstream code base for gosa-plugin-netgroups. I am currently the ITP holder for that package in Debian, however, because of the whole process of upstream provision (GREAT THANKS to Caius and Fabian!!!) and still missing i18n translations, the plugin did not make it into wheezy. So, in debian-edu-config for wheezy, we again have to ship the plugin. There is still i18n work to do for the upstream code of the plugin, so if anyone volunteers... The original i18n translators are not available anymore (AFAICT). Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgph3yBMKvQ3j.pgp Description: Digitale PGP-Unterschrift
Wheezy Gosa² setup
Hi, anybody has any idea about gosa-plugin-netgroups (bug #682747)? To integrate the gosa netgroup functionality just for testing, one could proceed like this (once tjener is up and running and connected to the internet; setting up tjener is not yet working automatically): apt-get update apt-get install subversion svn co https://oss.gonicus.de/repositories/gosa-contrib/netgroups update-gosa install netgroups/trunk/plugin.dsc The Gosa² 2.7.4 configuration file gosa.conf (svn wheezy branch) is supposed to work with the plugin. Wolfgang signature.asc Description: Digital signature