On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote: > On Sat, 04 May 2013, Sumit Bose wrote: > >On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: > >>On Fri, 03 May 2013, Sumit Bose wrote: > >>>On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: > >>>>Hi! > >>>> > >>>>Attached are patches to allow resolving SIDs in Web UI in external > >>>>membership panel for groups. Please see more detailed description in the > >>>>main patch. > >>>> > >>>>I haven't rebased it yet on top of Petr's Web UI rework, hopefully it > >>>>should be simple. > >>>> > >>>>https://fedorahosted.org/freeipa/ticket/3302 > >>>> > >>>>Since framework doesn't allow to hide commands from CLI, underlying > >>>>command is usable from CLI too: > >>>># ipa trust-resolve > >>>>--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} > >>>> Name: enterprise read-only domain controll...@ad.lan > >>>> SID: S-1-5-21-3502988750-125904550-3683905862-498 > >>>> > >>>> Name: administra...@ad.lan > >>>> SID: S-1-5-21-3502988750-125904550-3683905862-500 > >>>> > >>>> Name: domain adm...@ad.lan > >>>> SID: S-1-5-21-3502988750-125904550-3683905862-512 > >>>> > >>>>-- > >>>>/ Alexander Bokovoy > >>>>+ try: > >>>>+ sids = map(lambda x: str(x), options['sids']) > >>>>+ xlate = pysss_nss_idmap.getnamebysid(sids) > >>> > >>>The latest version, which is already committed to sssd, return a dict. > >>>The output of ipa trust-resolve now look like: > >>> > >>>[root@ipa18-devel ~]# ipa trust-resolve > >>>--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} > >>> Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} > >>> SID: S-1-5-21-3090815309-2627318493-3395719201-500 > >>> > >>> Name: {'type': 2, 'name': u'enterprise read-only domain > >>> controllers@ad18.ipa18.devel'} > >>> SID: S-1-5-21-3090815309-2627318493-3395719201-498 > >>> > >>> Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} > >>> SID: S-1-5-21-3090815309-2627318493-3395719201-513 > >>> > >>>>+ for sid in xlate: > >>>>+ entry = dict() > >>>>+ entry['sid'] = [unicode(sid)] > >>>>+ entry['name'] = [unicode(xlate[sid])] > >>> > >>>I think you need entry['name'] = > >>>[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] > >>>here. > >>Fixed, thanks! > >>I also added type conversion to a text (user, group, both). The type is not > >>shown by default > >>in CLI but is available through --all option. We might consider using it > >>in Web UI for visual hint about the name nature. > >> > >>>I tried with firefox, but the SIDs of the external members are not > >>>resolved. Do I have to clean any firefox cache? > >>No, you do not. When picking up changes from my development VM, I > >>omitted one chunk in group.js where sid_facet was actually taken in use. > >>Without that one nothing is used. > >> > >>Updated patch 0103 is attached, tested against sssd in ipa-devel repo > >>which already includes your patches. > > > >I'm sorry, it still does not work for me in firefox on F18 32bits. Can > >you give me some hints where to look what the WebUI is trying to do?
sorry, I meant how to debug the WebUI. > >'ipa trust-resolve' on the command line is working well. > Navigate from top /ipa/ui to: > - Identity|User groups > - select specific group > - select 'External' tab > > I recorded small animated sequence that shows how it looks in new Web > UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif I only see the SIDs with your patches applied. I used master with your git patches. Do I need the patches for the new WebUI and your additional patch for that as well? bye, Sumit > > -- > / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel