[Freeipa-devel] [PATCH] 160,161 Trust Web UI

Alexander Bokovoy abokovoy at redhat.com
Fri Jun 22 16:48:42 UTC 2012 

Hi Petr,

On Fri, 22 Jun 2012, Petr Vobornik wrote:
>The static preview of trust UI can be seen at: http://pvoborni.fedorapeople.org/trusts/#ipaserver=trust&navigation=ipaserver
Looks nice!

>
>[Patch] 161 Trust Web UI:
>
>This patch adds Web UI for trusts.
>
>Navigation path is IPA Server/Trust. It allows to add, deleted and 
>show trust. Mod command doesn't have defined input options so update 
>of a trust is not supported yet.
Yes, it will get defined once we finish support for uid/gid ranges.

>Adder dialog supports two ways if adding a trust:
>1) adding with domain name, admin name and admin password.
>2) adding with domain name, shared secret
>
>Search page shows only list of realm names which are trusts' cns.
>
>Details page is read only. It contains following attributes:
>* Realm name (cn)
>* Domain NetBIOS name (ipantflatname)
>* Domain Security Identifier (ipanttrusteddomainsid)
>* Trust direction (trustdirection)
>* Trust type (trusttype)
>
>For Domain Security Identifier is not used ipantsecurityidentifier 
>param which is defined in trust plugin's trust_output_params list. 
>This param is not returned by show command so ipanttrusteddomainsid 
>is used instead.
You are using the proper one. I'm attaching a patch to fix existing
plugin. The issue here is that we have two attributes, one for SIDs of
our objects (users, groups, ...), another one is used specifically for
a trusted domain object. It was my mistake to mix them as I also was
thinking to allow seeing our own domain SID via 'ipa trust' commands.

>trust_output_params also defines 'Trust status' param. This param is 
>not return by show command as well so it's commented out in code 
>until it's fixed in plugin code.
Yes, the code for this will be implemented as part of trust validation,
ticket 2763.

>Fields in details pages are using labels defined in internal.py. It 
>is temporary solution until including of command.has_output_params 
>will be added to metadata.
>
>https://fedorahosted.org/freeipa/ticket/2829
1. Please update the patch with regards to the change in my
    attached patch.
2. First two chunks of install/ui/test/data/ipa_init_commands.json and
    install/ui/test/data/ipa_init_objects.json changes look unrelated to
    this ticket.

>[PATCH] 160 Same password validator:
>
>This patch adds validator which compares passwords in two fields.
>
>In future it should be used in various password reset dialogs.
>
>A flags attribute was added to field. It's purpose is to define 
>control flags. This patch uses it in details facet and adder dialog 
>to not include fields to command option if the field has 'no_command' 
>flag. Therefore there is no need to use hacks such as disabling of 
>field or removing a value from command's option map when a 
>non-command field is needed (ie verify password).
>
>https://fedorahosted.org/freeipa/ticket/2829
ACK

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list