[Freeipa-devel] [PATCH] Resolve SIDs in Web UI

Alexander Bokovoy abokovoy at redhat.com
Sat May 4 15:02:27 UTC 2013 

On Sat, 04 May 2013, Sumit Bose wrote:
>On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
>> On Fri, 03 May 2013, Sumit Bose wrote:
>> >On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
>> >>Hi!
>> >>
>> >>Attached are patches to allow resolving SIDs in Web UI in external
>> >>membership panel for groups. Please see more detailed description in the
>> >>main patch.
>> >>
>> >>I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
>> >>should be simple.
>> >>
>> >>https://fedorahosted.org/freeipa/ticket/3302
>> >>
>> >>Since framework doesn't allow to hide commands from CLI, underlying
>> >>command is usable from CLI too:
>> >># ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
>> >> Name: enterprise read-only domain controllers at ad.lan
>> >> SID: S-1-5-21-3502988750-125904550-3683905862-498
>> >>
>> >> Name: administrator at ad.lan
>> >> SID: S-1-5-21-3502988750-125904550-3683905862-500
>> >>
>> >> Name: domain admins at ad.lan
>> >> SID: S-1-5-21-3502988750-125904550-3683905862-512
>> >>
>> >>--
>> >>/ Alexander Bokovoy
>> >>+        try:
>> >>+            sids = map(lambda x: str(x), options['sids'])
>> >>+            xlate = pysss_nss_idmap.getnamebysid(sids)
>> >
>> >The latest version, which is already committed to sssd, return a dict.
>> >The output of ipa trust-resolve now look like:
>> >
>> >[root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
>> > Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
>> > SID: S-1-5-21-3090815309-2627318493-3395719201-500
>> >
>> > Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
>> > SID: S-1-5-21-3090815309-2627318493-3395719201-498
>> >
>> > Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
>> > SID: S-1-5-21-3090815309-2627318493-3395719201-513
>> >
>> >>+            for sid in xlate:
>> >>+	       entry = dict()
>> >>+               entry['sid'] = [unicode(sid)]
>> >>+               entry['name'] = [unicode(xlate[sid])]
>> >
>> >I think you need  entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
>> >here.
>> Fixed, thanks!
>> I also added type conversion to a text (user, group, both). The type is not shown by default
>> in CLI but is available through --all option. We might consider using it
>> in Web UI for visual hint about the name nature.
>>
>> >I tried with firefox, but the SIDs of the external members are not
>> >resolved. Do I have to clean any firefox cache?
>> No, you do not. When picking up changes from my development VM, I
>> omitted one chunk in group.js where sid_facet was actually taken in use.
>> Without that one nothing is used.
>>
>> Updated patch 0103 is attached, tested against sssd in ipa-devel repo
>> which already includes your patches.
>
>I'm sorry, it still does not work for me in firefox on F18 32bits. Can
>you give me some hints where to look what the WebUI is trying to do?
>'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
  - Identity|User groups
    - select specific group
      - select 'External' tab

I recorded small animated sequence that shows how it looks in new Web
UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list