[Freeipa-devel] [PATCH] Resolve SIDs in Web UI

Sumit Bose sbose at redhat.com
Mon May 6 09:55:35 UTC 2013 

On Mon, May 06, 2013 at 11:05:40AM +0200, Petr Vobornik wrote:
> On 05/06/2013 10:47 AM, Sumit Bose wrote:
> >On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
> >>On Sat, 04 May 2013, Sumit Bose wrote:
> >>>On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
> >>>>On Sat, 04 May 2013, Sumit Bose wrote:
> >>>>>On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
> >>>>>>On Fri, 03 May 2013, Sumit Bose wrote:
> >>>>>>>On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
> >>>>>>>>Hi!
> >>>>>>>>
> >>>>>>>>Attached are patches to allow resolving SIDs in Web UI in external
> >>>>>>>>membership panel for groups. Please see more detailed description in the
> >>>>>>>>main patch.
> >>>>>>>>
> >>>>>>>>I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
> >>>>>>>>should be simple.
> >>>>>>>>
> >>>>>>>>https://fedorahosted.org/freeipa/ticket/3302
> >>>>>>>>
> >>>>>>>>Since framework doesn't allow to hide commands from CLI, underlying
> >>>>>>>>command is usable from CLI too:
> >>>>>>>># ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
> >>>>>>>>Name: enterprise read-only domain controllers at ad.lan
> >>>>>>>>SID: S-1-5-21-3502988750-125904550-3683905862-498
> >>>>>>>>
> >>>>>>>>Name: administrator at ad.lan
> >>>>>>>>SID: S-1-5-21-3502988750-125904550-3683905862-500
> >>>>>>>>
> >>>>>>>>Name: domain admins at ad.lan
> >>>>>>>>SID: S-1-5-21-3502988750-125904550-3683905862-512
> >>>>>>>>
> >>>>>>>>--
> >>>>>>>>/ Alexander Bokovoy
> >>>>>>>>+        try:
> >>>>>>>>+            sids = map(lambda x: str(x), options['sids'])
> >>>>>>>>+            xlate = pysss_nss_idmap.getnamebysid(sids)
> >>>>>>>
> >>>>>>>The latest version, which is already committed to sssd, return a dict.
> >>>>>>>The output of ipa trust-resolve now look like:
> >>>>>>>
> >>>>>>>[root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
> >>>>>>>Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
> >>>>>>>SID: S-1-5-21-3090815309-2627318493-3395719201-500
> >>>>>>>
> >>>>>>>Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
> >>>>>>>SID: S-1-5-21-3090815309-2627318493-3395719201-498
> >>>>>>>
> >>>>>>>Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
> >>>>>>>SID: S-1-5-21-3090815309-2627318493-3395719201-513
> >>>>>>>
> >>>>>>>>+            for sid in xlate:
> >>>>>>>>+	       entry = dict()
> >>>>>>>>+               entry['sid'] = [unicode(sid)]
> >>>>>>>>+               entry['name'] = [unicode(xlate[sid])]
> >>>>>>>
> >>>>>>>I think you need  entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
> >>>>>>>here.
> >>>>>>Fixed, thanks!
> >>>>>>I also added type conversion to a text (user, group, both). The type is not shown by default
> >>>>>>in CLI but is available through --all option. We might consider using it
> >>>>>>in Web UI for visual hint about the name nature.
> >>>>>>
> >>>>>>>I tried with firefox, but the SIDs of the external members are not
> >>>>>>>resolved. Do I have to clean any firefox cache?
> >>>>>>No, you do not. When picking up changes from my development VM, I
> >>>>>>omitted one chunk in group.js where sid_facet was actually taken in use.
> >>>>>>Without that one nothing is used.
> >>>>>>
> >>>>>>Updated patch 0103 is attached, tested against sssd in ipa-devel repo
> >>>>>>which already includes your patches.
> >>>>>
> >>>>>I'm sorry, it still does not work for me in firefox on F18 32bits. Can
> >>>>>you give me some hints where to look what the WebUI is trying to do?
> >>>
> >>>sorry, I meant how to debug the WebUI.
> >>Petr wrote these notes:
> >>http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html
> >>
> >>You'd need to put breakpoint in association.js, in
> >>sidxlate_command.on_success(),  once you used sync.sh to
> >>copy over non-compiled version of the UI javascript code.
> >
> >Thank you for the hints. Now I see the following, it is working
> >as expected when I just call
> >
> >./sync.sh -fc
> >
> >but the SIDs are not translated when I call
> >
> >./sync.sh -fcC
> >
> >I didn't change anything at the *.js source files, just called sync.sh.
> >Any ideas what might be wrong here?
> 
> -C stands for: send a built/compiled version. Usually you have to
> create it first - it's not in git.
> 
> so all ./make-ui.sh before ./sync.sh -fcC

thanks, that did the trick and also told me why the packages created
with 'make rpms' didn't work for me, because I forgot to add

export BASE_OPTIONS="-Xss512k"

to my build environment, because otherwise I see a StackOverflowError
while uglifying.

bye,
Sumit
> 
> I will send comments for the patch later today - mostly nitpicks.
> >
> >bye,
> >Sumit
> >>
> >>>>>'ipa trust-resolve' on the command line is working well.
> >>>>Navigate from top /ipa/ui to:
> >>>>- Identity|User groups
> >>>>   - select specific group
> >>>>     - select 'External' tab
> >>>>
> >>>>I recorded small animated sequence that shows how it looks in new Web
> >>>>UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
> >>>
> >>>I only see the SIDs with your patches applied. I used master with your git
> >>>patches. Do I need the patches for the new WebUI and your additional
> >>>patch for that as well?
> >>GIT master with my patches should be enough -- if you used 0103 revision 1
> >>
> >>Additional patch part is only for new Web UI rebase for
> >>instal/ui/src/freeipa/*
> >>
> >>--
> >>/ Alexander Bokovoy
> >
> >_______________________________________________
> >Freeipa-devel mailing list
> >Freeipa-devel at redhat.com
> >https://www.redhat.com/mailman/listinfo/freeipa-devel
> >
> 
> 
> -- 
> Petr Vobornik

More information about the Freeipa-devel mailing list