[Freeipa-devel] [PATCH] Resolve SIDs in Web UI

Alexander Bokovoy abokovoy at redhat.com
Sat May 4 17:24:52 UTC 2013 

On Sat, 04 May 2013, Sumit Bose wrote:
>On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
>> On Sat, 04 May 2013, Sumit Bose wrote:
>> >On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
>> >>On Fri, 03 May 2013, Sumit Bose wrote:
>> >>>On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
>> >>>>Hi!
>> >>>>
>> >>>>Attached are patches to allow resolving SIDs in Web UI in external
>> >>>>membership panel for groups. Please see more detailed description in the
>> >>>>main patch.
>> >>>>
>> >>>>I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
>> >>>>should be simple.
>> >>>>
>> >>>>https://fedorahosted.org/freeipa/ticket/3302
>> >>>>
>> >>>>Since framework doesn't allow to hide commands from CLI, underlying
>> >>>>command is usable from CLI too:
>> >>>># ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
>> >>>> Name: enterprise read-only domain controllers at ad.lan
>> >>>> SID: S-1-5-21-3502988750-125904550-3683905862-498
>> >>>>
>> >>>> Name: administrator at ad.lan
>> >>>> SID: S-1-5-21-3502988750-125904550-3683905862-500
>> >>>>
>> >>>> Name: domain admins at ad.lan
>> >>>> SID: S-1-5-21-3502988750-125904550-3683905862-512
>> >>>>
>> >>>>--
>> >>>>/ Alexander Bokovoy
>> >>>>+        try:
>> >>>>+            sids = map(lambda x: str(x), options['sids'])
>> >>>>+            xlate = pysss_nss_idmap.getnamebysid(sids)
>> >>>
>> >>>The latest version, which is already committed to sssd, return a dict.
>> >>>The output of ipa trust-resolve now look like:
>> >>>
>> >>>[root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
>> >>> Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
>> >>> SID: S-1-5-21-3090815309-2627318493-3395719201-500
>> >>>
>> >>> Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
>> >>> SID: S-1-5-21-3090815309-2627318493-3395719201-498
>> >>>
>> >>> Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
>> >>> SID: S-1-5-21-3090815309-2627318493-3395719201-513
>> >>>
>> >>>>+            for sid in xlate:
>> >>>>+	       entry = dict()
>> >>>>+               entry['sid'] = [unicode(sid)]
>> >>>>+               entry['name'] = [unicode(xlate[sid])]
>> >>>
>> >>>I think you need  entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
>> >>>here.
>> >>Fixed, thanks!
>> >>I also added type conversion to a text (user, group, both). The type is not shown by default
>> >>in CLI but is available through --all option. We might consider using it
>> >>in Web UI for visual hint about the name nature.
>> >>
>> >>>I tried with firefox, but the SIDs of the external members are not
>> >>>resolved. Do I have to clean any firefox cache?
>> >>No, you do not. When picking up changes from my development VM, I
>> >>omitted one chunk in group.js where sid_facet was actually taken in use.
>> >>Without that one nothing is used.
>> >>
>> >>Updated patch 0103 is attached, tested against sssd in ipa-devel repo
>> >>which already includes your patches.
>> >
>> >I'm sorry, it still does not work for me in firefox on F18 32bits. Can
>> >you give me some hints where to look what the WebUI is trying to do?
>
>sorry, I meant how to debug the WebUI.
Petr wrote these notes:
http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html

You'd need to put breakpoint in association.js, in
sidxlate_command.on_success(),  once you used sync.sh to
copy over non-compiled version of the UI javascript code.

>> >'ipa trust-resolve' on the command line is working well.
>> Navigate from top /ipa/ui to:
>>  - Identity|User groups
>>    - select specific group
>>      - select 'External' tab
>>
>> I recorded small animated sequence that shows how it looks in new Web
>> UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
>
>I only see the SIDs with your patches applied. I used master with your git
>patches. Do I need the patches for the new WebUI and your additional
>patch for that as well?
GIT master with my patches should be enough -- if you used 0103 revision 1

Additional patch part is only for new Web UI rebase for
instal/ui/src/freeipa/*

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list