[Freeipa-devel] [PATCH] Resolve SIDs in Web UI

Petr Vobornik pvoborni at redhat.com
Mon May 6 09:05:40 UTC 2013 

On 05/06/2013 10:47 AM, Sumit Bose wrote:
> On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
>> On Sat, 04 May 2013, Sumit Bose wrote:
>>> On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
>>>> On Sat, 04 May 2013, Sumit Bose wrote:
>>>>> On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
>>>>>> On Fri, 03 May 2013, Sumit Bose wrote:
>>>>>>> On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
>>>>>>>> Hi!
>>>>>>>>
>>>>>>>> Attached are patches to allow resolving SIDs in Web UI in external
>>>>>>>> membership panel for groups. Please see more detailed description in the
>>>>>>>> main patch.
>>>>>>>>
>>>>>>>> I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
>>>>>>>> should be simple.
>>>>>>>>
>>>>>>>> https://fedorahosted.org/freeipa/ticket/3302
>>>>>>>>
>>>>>>>> Since framework doesn't allow to hide commands from CLI, underlying
>>>>>>>> command is usable from CLI too:
>>>>>>>> # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
>>>>>>>> Name: enterprise read-only domain controllers at ad.lan
>>>>>>>> SID: S-1-5-21-3502988750-125904550-3683905862-498
>>>>>>>>
>>>>>>>> Name: administrator at ad.lan
>>>>>>>> SID: S-1-5-21-3502988750-125904550-3683905862-500
>>>>>>>>
>>>>>>>> Name: domain admins at ad.lan
>>>>>>>> SID: S-1-5-21-3502988750-125904550-3683905862-512
>>>>>>>>
>>>>>>>> --
>>>>>>>> / Alexander Bokovoy
>>>>>>>> +        try:
>>>>>>>> +            sids = map(lambda x: str(x), options['sids'])
>>>>>>>> +            xlate = pysss_nss_idmap.getnamebysid(sids)
>>>>>>>
>>>>>>> The latest version, which is already committed to sssd, return a dict.
>>>>>>> The output of ipa trust-resolve now look like:
>>>>>>>
>>>>>>> [root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
>>>>>>> Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
>>>>>>> SID: S-1-5-21-3090815309-2627318493-3395719201-500
>>>>>>>
>>>>>>> Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
>>>>>>> SID: S-1-5-21-3090815309-2627318493-3395719201-498
>>>>>>>
>>>>>>> Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
>>>>>>> SID: S-1-5-21-3090815309-2627318493-3395719201-513
>>>>>>>
>>>>>>>> +            for sid in xlate:
>>>>>>>> +	       entry = dict()
>>>>>>>> +               entry['sid'] = [unicode(sid)]
>>>>>>>> +               entry['name'] = [unicode(xlate[sid])]
>>>>>>>
>>>>>>> I think you need  entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
>>>>>>> here.
>>>>>> Fixed, thanks!
>>>>>> I also added type conversion to a text (user, group, both). The type is not shown by default
>>>>>> in CLI but is available through --all option. We might consider using it
>>>>>> in Web UI for visual hint about the name nature.
>>>>>>
>>>>>>> I tried with firefox, but the SIDs of the external members are not
>>>>>>> resolved. Do I have to clean any firefox cache?
>>>>>> No, you do not. When picking up changes from my development VM, I
>>>>>> omitted one chunk in group.js where sid_facet was actually taken in use.
>>>>>> Without that one nothing is used.
>>>>>>
>>>>>> Updated patch 0103 is attached, tested against sssd in ipa-devel repo
>>>>>> which already includes your patches.
>>>>>
>>>>> I'm sorry, it still does not work for me in firefox on F18 32bits. Can
>>>>> you give me some hints where to look what the WebUI is trying to do?
>>>
>>> sorry, I meant how to debug the WebUI.
>> Petr wrote these notes:
>> http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html
>>
>> You'd need to put breakpoint in association.js, in
>> sidxlate_command.on_success(),  once you used sync.sh to
>> copy over non-compiled version of the UI javascript code.
>
> Thank you for the hints. Now I see the following, it is working
> as expected when I just call
>
> ./sync.sh -fc
>
> but the SIDs are not translated when I call
>
> ./sync.sh -fcC
>
> I didn't change anything at the *.js source files, just called sync.sh.
> Any ideas what might be wrong here?

-C stands for: send a built/compiled version. Usually you have to create 
it first - it's not in git.

so all ./make-ui.sh before ./sync.sh -fcC

I will send comments for the patch later today - mostly nitpicks.
>
> bye,
> Sumit
>>
>>>>> 'ipa trust-resolve' on the command line is working well.
>>>> Navigate from top /ipa/ui to:
>>>> - Identity|User groups
>>>>    - select specific group
>>>>      - select 'External' tab
>>>>
>>>> I recorded small animated sequence that shows how it looks in new Web
>>>> UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
>>>
>>> I only see the SIDs with your patches applied. I used master with your git
>>> patches. Do I need the patches for the new WebUI and your additional
>>> patch for that as well?
>> GIT master with my patches should be enough -- if you used 0103 revision 1
>>
>> Additional patch part is only for new Web UI rebase for
>> instal/ui/src/freeipa/*
>>
>> --
>> / Alexander Bokovoy
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>


-- 
Petr Vobornik

More information about the Freeipa-devel mailing list