[Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Sumit Bose
sbose at redhat.com
Fri May 3 20:29:57 UTC 2013
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
> Hi!
>
> Attached are patches to allow resolving SIDs in Web UI in external
> membership panel for groups. Please see more detailed description in the
> main patch.
>
> I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
> should be simple.
>
> https://fedorahosted.org/freeipa/ticket/3302
>
> Since framework doesn't allow to hide commands from CLI, underlying
> command is usable from CLI too:
> # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
> Name: enterprise read-only domain controllers at ad.lan
> SID: S-1-5-21-3502988750-125904550-3683905862-498
>
> Name: administrator at ad.lan
> SID: S-1-5-21-3502988750-125904550-3683905862-500
>
> Name: domain admins at ad.lan
> SID: S-1-5-21-3502988750-125904550-3683905862-512
>
> --
> / Alexander Bokovoy
> + try:
> + sids = map(lambda x: str(x), options['sids'])
> + xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
> + for sid in xlate:
> + entry = dict()
> + entry['sid'] = [unicode(sid)]
> + entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
> + result.append(entry)
> + except ValueError, e:
> + pass
> +
> + return dict(result=result)
> +
> +api.register(trust_resolve)
> --
> 1.8.1.4
>
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
bye,
Sumit
More information about the Freeipa-devel
mailing list