Re: [SSSD-users] [SSSD] FreeIPA on Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03.09.2013 14:49, Stephen Gallagher wrote: > On 09/01/2013 04:35 PM, Timo Aaltonen wrote: >> On 01.09.2013 21:43, Dmitri Pal wrote: >>> On 09/01/2013 02:20 PM, Timo Aaltonen wrote: - dyndb support in bind * haven't asked the maintainer to add it to bind9, it might happen >>> >>> Are you talking about byndb maintainer or bind9 Debian >>> maintainer? May be we should connect the two? > >> the debian bind maintainer, I heard from the dyndb maintainer >> that bind10 might support it natively, but getting that in Debian >> might still be further in the future, so if we'd need dyndb by >> early next year it's probably needed to have it via bind9 first. > > > FreeIPA ships a separate package, bind-dyndb-ldap as an add-on for > bind 9. You should be able to do the same in Debian. We should > connect the bind-dyndb-ldap upstream with you so we can figure out > if that will work. Yes, but it depends on a dyndb patch for bind9, won't even build otherwise. I have bind-dyndb-ldap sitting in git until the patch is added to Debian bind9, and contacted the maintainer yesterday so things should get moving.. - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSJedZAAoJEMtwMWWoiYTcTeYQAJL2oleRSXol77Mkl6oxh+BE D1hsQsUJlmpI406VNA54J0ypzIM/Ri+Ivi/qos7BcSVEDlto3af3PjFYd1j3P103 3/wlpQSeft0o+/ogPxHbUawBhpoWjmDnKlEoEnxxhG9n1xyAJ+vGvDbIw+D37+K/ E0xycU5SvvQPBno14aAFWg4a4027ZjBV2eWxPV5C0upotmSUaus+H+wp3GMXYSIx qRoDpzMTbFGrSIHjxj1zLXHzL6MfTsOPVlkz//yOy9REiI3RfQQmCIfzIPRH5R4o EqD2djflBQ3vW8UV21ddzJofcop/4Be19ibscP/FqboLlAJB/rkfrTmwkdgFwtK3 kwuwzaN+BzDmGvQ6gsmR8wwNeLJop6pkgewXzLpDpI5Amt6+iahXty8Z/WPahofe yfh0FdzEANLyYLdimLqBWLqxR1NV5664DX9Oh2OOCGmLiKvDtYsGJzu2gKbSQ1WK 2CGXWsxVSJxWjbRg4nUzyQS7X8tYVWx7sifok+ueBGzBh9tbJH6Qdva266y2O6vi pfhMlbhvD/DVLf8oUR8p3rrJOWScJ2q/tabzF1f157Uw+XhAipu82LoK/JYK4qp0 +CUfD/tQzH1+M1vBt6S9R7heancChkydXv3HBtrwwjX5SqsFYeUSahNhPjCxK97k IA5BptsgoPxpVSkBOwVj =gqmZ -END PGP SIGNATURE- ___ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Re: [SSSD-users] [SSSD] FreeIPA on Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/01/2013 04:35 PM, Timo Aaltonen wrote: > On 01.09.2013 21:43, Dmitri Pal wrote: >> On 09/01/2013 02:20 PM, Timo Aaltonen wrote: >>> - dyndb support in bind * haven't asked the maintainer to add >>> it to bind9, it might happen >> >> Are you talking about byndb maintainer or bind9 Debian >> maintainer? May be we should connect the two? > > the debian bind maintainer, I heard from the dyndb maintainer that > bind10 might support it natively, but getting that in Debian might > still be further in the future, so if we'd need dyndb by early next > year it's probably needed to have it via bind9 first. > FreeIPA ships a separate package, bind-dyndb-ldap as an add-on for bind 9. You should be able to do the same in Debian. We should connect the bind-dyndb-ldap upstream with you so we can figure out if that will work. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIlzOMACgkQeiVVYja6o6NIhQCfXX68m4X/4nkdIG6OEdKLfYPX j+0AnArkaxKO1Ym+Z/FZvuHli8WfAcdH =TKLC -END PGP SIGNATURE- ___ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Re: [SSSD-users] [SSSD] FreeIPA on Debian
On 01.09.2013 21:43, Dmitri Pal wrote: > On 09/01/2013 02:20 PM, Timo Aaltonen wrote: >> On 31.08.2013 00:04, Dmitri Pal wrote: >>> Hello, >>> >>> Sorry for cross posting to 4 different lists but it seems that this is >>> the best way to include most of people who might be interested in this >>> discussion. >>> >>> The question of "When FreeIPA will be available on Debian?" has been >>> coming up periodically on the list(s) without any resolution. However it >>> is clear that it would be beneficial for the community and the project. >> Hi, >> >> As you know, I've been packaging stuff for the past two years with the >> goal of eventually having FreeIPA server on Debian/Ubuntu. A lot has >> been accomplished, but quite a bit is still missing too.. >> >>> May be it is time to try again? >>> Let us see why it yet has not happened? >>> >>> 1) Some components need to be ported to Debian especially Dogtag and a >>> slew of its new RESTEasy dependencies. This requires time and quite an >>> effort from someone familiar with the domain. >> Yes, this is the biggest blocker. Dogtag 9 is packaged in git and >> working, but I'm not going to push that to the distro. It can be used >> for testing the IPA server though, before we have Dogtag 10. Once the >> prereqs are in place the Dogtag git should be easy to rebase with 10.x. >> >> I did start packaging some of the dependencies, but hit a wall when some >> maven component needed a different release than another one.. AIUI this >> is a known issue with maven based projects.. >> >> Other blockers off the top of my head include: >> >> - support for shared certificate database in NSS >> * patches sent to the Debian bug (#537866), maintainer isn't too >> responsive > > How can we help? I don't think you can, guess it just needs some perseverance on my side.. >> - dyndb support in bind >> * haven't asked the maintainer to add it to bind9, it might happen > > Are you talking about byndb maintainer or bind9 Debian maintainer? > May be we should connect the two? the debian bind maintainer, I heard from the dyndb maintainer that bind10 might support it natively, but getting that in Debian might still be further in the future, so if we'd need dyndb by early next year it's probably needed to have it via bind9 first. >>> 3) Someone needs to own packages in Debian and maintain them, someone >>> with good knowledge of the distro and time to take ownership of about 50 >>> packages. >> I'm doing this on my spare time, which has meant obvious delays in >> shipping something. Would be great to have more skillful people (pun >> intended) on the pkg-freeipa team.. > > Are you the only person there so far? pretty much, there have been some debian developers sponsoring packages to the distro (I'm not a DD yet), but they've all fled before too long :) -- t ___ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Re: [SSSD-users] [SSSD] FreeIPA on Debian
On 09/01/2013 02:20 PM, Timo Aaltonen wrote: > On 31.08.2013 00:04, Dmitri Pal wrote: >> Hello, >> >> Sorry for cross posting to 4 different lists but it seems that this is >> the best way to include most of people who might be interested in this >> discussion. >> >> The question of "When FreeIPA will be available on Debian?" has been >> coming up periodically on the list(s) without any resolution. However it >> is clear that it would be beneficial for the community and the project. > Hi, > > As you know, I've been packaging stuff for the past two years with the > goal of eventually having FreeIPA server on Debian/Ubuntu. A lot has > been accomplished, but quite a bit is still missing too.. > >> May be it is time to try again? >> Let us see why it yet has not happened? >> >> 1) Some components need to be ported to Debian especially Dogtag and a >> slew of its new RESTEasy dependencies. This requires time and quite an >> effort from someone familiar with the domain. > Yes, this is the biggest blocker. Dogtag 9 is packaged in git and > working, but I'm not going to push that to the distro. It can be used > for testing the IPA server though, before we have Dogtag 10. Once the > prereqs are in place the Dogtag git should be easy to rebase with 10.x. > > I did start packaging some of the dependencies, but hit a wall when some > maven component needed a different release than another one.. AIUI this > is a known issue with maven based projects.. > > Other blockers off the top of my head include: > > - support for shared certificate database in NSS > * patches sent to the Debian bug (#537866), maintainer isn't too > responsive How can we help? > - dyndb support in bind > * haven't asked the maintainer to add it to bind9, it might happen Are you talking about byndb maintainer or bind9 Debian maintainer? May be we should connect the two? > - porting the IPA server installer for Debian > * this has been discussed on the list at some point, and I guess > upstream knows best how the code needs to be organized to make it > happen.. Yes I how so too. > >> 2) The code needs to be changed in installer and potentially in other >> places as it might have had some Fedorizms blended in > yep, and I need to send the platform module for the client soon, the > latest version seems to be working fine. This is great. > >> 3) Someone needs to own packages in Debian and maintain them, someone >> with good knowledge of the distro and time to take ownership of about 50 >> packages. > I'm doing this on my spare time, which has meant obvious delays in > shipping something. Would be great to have more skillful people (pun > intended) on the pkg-freeipa team.. Are you the only person there so far? > >> Can we pull it off together this time? >> Say we plan for some Dogtag and IPA domain experts to work on the port >> during Nov 13 - Feb 14 and address 1) and 2). Would there be any >> interest to join forces with them? Would there be anyone to take on item >> 3) from the list above? > I could send an email to debian-devel@ asking if someone is interested > in helping us out. And maybe blog about it too (on planet.ubuntu.com).. > > Yes that would help. Thank you very much for your efforts! -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Re: [SSSD-users] [SSSD] FreeIPA on Debian
On 31.08.2013 00:04, Dmitri Pal wrote: > Hello, > > Sorry for cross posting to 4 different lists but it seems that this is > the best way to include most of people who might be interested in this > discussion. > > The question of "When FreeIPA will be available on Debian?" has been > coming up periodically on the list(s) without any resolution. However it > is clear that it would be beneficial for the community and the project. Hi, As you know, I've been packaging stuff for the past two years with the goal of eventually having FreeIPA server on Debian/Ubuntu. A lot has been accomplished, but quite a bit is still missing too.. > May be it is time to try again? > Let us see why it yet has not happened? > > 1) Some components need to be ported to Debian especially Dogtag and a > slew of its new RESTEasy dependencies. This requires time and quite an > effort from someone familiar with the domain. Yes, this is the biggest blocker. Dogtag 9 is packaged in git and working, but I'm not going to push that to the distro. It can be used for testing the IPA server though, before we have Dogtag 10. Once the prereqs are in place the Dogtag git should be easy to rebase with 10.x. I did start packaging some of the dependencies, but hit a wall when some maven component needed a different release than another one.. AIUI this is a known issue with maven based projects.. Other blockers off the top of my head include: - support for shared certificate database in NSS * patches sent to the Debian bug (#537866), maintainer isn't too responsive - dyndb support in bind * haven't asked the maintainer to add it to bind9, it might happen - porting the IPA server installer for Debian * this has been discussed on the list at some point, and I guess upstream knows best how the code needs to be organized to make it happen.. > 2) The code needs to be changed in installer and potentially in other > places as it might have had some Fedorizms blended in yep, and I need to send the platform module for the client soon, the latest version seems to be working fine. > 3) Someone needs to own packages in Debian and maintain them, someone > with good knowledge of the distro and time to take ownership of about 50 > packages. I'm doing this on my spare time, which has meant obvious delays in shipping something. Would be great to have more skillful people (pun intended) on the pkg-freeipa team.. > Can we pull it off together this time? > Say we plan for some Dogtag and IPA domain experts to work on the port > during Nov 13 - Feb 14 and address 1) and 2). Would there be any > interest to join forces with them? Would there be anyone to take on item > 3) from the list above? I could send an email to debian-devel@ asking if someone is interested in helping us out. And maybe blog about it too (on planet.ubuntu.com).. -- t ___ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users