[Freeipa-devel] [PATCH] Resolve SIDs in Web UI

Sumit Bose sbose at redhat.com
Fri May 3 20:29:57 UTC 2013 

On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
> Hi!
> 
> Attached are patches to allow resolving SIDs in Web UI in external
> membership panel for groups. Please see more detailed description in the
> main patch.
> 
> I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
> should be simple.
> 
> https://fedorahosted.org/freeipa/ticket/3302
> 
> Since framework doesn't allow to hide commands from CLI, underlying
> command is usable from CLI too:
> # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
>  Name: enterprise read-only domain controllers at ad.lan
>  SID: S-1-5-21-3502988750-125904550-3683905862-498
> 
>  Name: administrator at ad.lan
>  SID: S-1-5-21-3502988750-125904550-3683905862-500
> 
>  Name: domain admins at ad.lan
>  SID: S-1-5-21-3502988750-125904550-3683905862-512
> 
> -- 
> / Alexander Bokovoy
> +        try:
> +            sids = map(lambda x: str(x), options['sids'])
> +            xlate = pysss_nss_idmap.getnamebysid(sids)

The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:

[root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
  Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
  SID: S-1-5-21-3090815309-2627318493-3395719201-500

  Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
  SID: S-1-5-21-3090815309-2627318493-3395719201-498

  Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
  SID: S-1-5-21-3090815309-2627318493-3395719201-513

> +            for sid in xlate:
> +	       entry = dict()
> +               entry['sid'] = [unicode(sid)]
> +               entry['name'] = [unicode(xlate[sid])]

I think you need  entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.

> +               result.append(entry)
> +        except ValueError, e:
> +            pass
> +
> +        return dict(result=result)
> +
> +api.register(trust_resolve)
> -- 
> 1.8.1.4
> 

I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?

bye,
Sumit

More information about the Freeipa-devel mailing list