Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is
not shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
sorry, I meant how to debug the WebUI.
Petr wrote these notes:
http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html
You'd need to put breakpoint in association.js, in
sidxlate_command.on_success(), once you used sync.sh to
copy over non-compiled version of the UI javascript code.
Thank you for the hints. Now I see the following, it is working
as expected when I just call
./sync.sh -fc
but the SIDs are not translated when I call
./sync.sh -fcC
I didn't change anything at the *.js source files, just called sync.sh.
Any ideas what might be wrong here?
bye,
Sumit
'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
- Identity|User groups
- select specific group
- select 'External' tab
I recorded small animated sequence that shows how it looks in new Web
UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
I only see the SIDs with your patches applied. I used master with your git
patches. Do I need the patches for the new WebUI and your additional
patch for that as well?
GIT master with my patches should be enough -- if you used 0103 revision 1
Additional patch part is only for new Web UI rebase for
instal/ui/src/freeipa/*
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On 05/06/2013 10:47 AM, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
sorry, I meant how to debug the WebUI.
Petr wrote these notes:
http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html
You'd need to put breakpoint in association.js, in
sidxlate_command.on_success(), once you used sync.sh to
copy over non-compiled version of the UI javascript code.
Thank you for the hints. Now I see the following, it is working
as expected when I just call
./sync.sh -fc
but the SIDs are not translated when I call
./sync.sh -fcC
I didn't change anything at the *.js source files, just called sync.sh.
Any ideas what might be wrong here?
-C stands for: send a built/compiled version. Usually you have to create
it first - it's not in git.
so all ./make-ui.sh before ./sync.sh -fcC
I will send comments for the patch later today - mostly nitpicks.
bye,
Sumit
'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
- Identity|User groups
- select specific group
- select 'External' tab
I recorded small animated sequence that shows how it looks in new Web
UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
I only see the SIDs with your patches applied. I used master with your git
patches. Do I need the patches for the new WebUI and your additional
patch for that as well?
GIT master with my patches should be enough -- if you used 0103 revision 1
Additional patch part is only for new Web UI rebase for
instal/ui/src/freeipa/*
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Petr Vobornik
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Mon, May 06, 2013 at 11:05:40AM +0200, Petr Vobornik wrote:
On 05/06/2013 10:47 AM, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in
the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is
not shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
sorry, I meant how to debug the WebUI.
Petr wrote these notes:
http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html
You'd need to put breakpoint in association.js, in
sidxlate_command.on_success(), once you used sync.sh to
copy over non-compiled version of the UI javascript code.
Thank you for the hints. Now I see the following, it is working
as expected when I just call
./sync.sh -fc
but the SIDs are not translated when I call
./sync.sh -fcC
I didn't change anything at the *.js source files, just called sync.sh.
Any ideas what might be wrong here?
-C stands for: send a built/compiled version. Usually you have to
create it first - it's not in git.
so all ./make-ui.sh before ./sync.sh -fcC
thanks, that did the trick and also told me why the packages created
with 'make rpms' didn't work for me, because I forgot to add
export BASE_OPTIONS=-Xss512k
to my build environment, because otherwise I see a StackOverflowError
while uglifying.
bye,
Sumit
I will send comments for the patch later today - mostly nitpicks.
bye,
Sumit
'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
- Identity|User groups
- select specific group
- select 'External' tab
I recorded small animated sequence that shows how it looks in new Web
UI:
http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
I only see the SIDs with your patches applied. I used master with your git
patches. Do I need the patches for the new WebUI and your additional
patch for that as well?
GIT master with my patches should be enough -- if you used 0103 revision 1
Additional patch part is only for new Web UI rebase for
instal/ui/src/freeipa/*
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Hello,
here is review of Web UI part.
ACK for abbra-102, it's a fix of error (typo), but it won't probably
have any impact. Because links associated with 'a' elements are
different than the resulting ones.
NACK for abbra-103:
NACK for abbra-pvoborni... (is included in new abbra-103)
Are CLI and IPA-API parts of old abbra-103 in some different patch? We
should make proper patches from the API/CLI part and WebUI part. Because
of this I didn't test following fixes by using installed IPA with
established trust.
Attaching a diff with fixes for following errors of abbra-103:
1) There are jslint errors (missing semicolons, extra semicolons,
trailing commas) (run `jslint -conf jsl.conf` in install/ui dir)
Funny thing, I do the exact opposite mistakes when writing python code.
2) Do not use deferred directly as a value, use promise instead:
value[i][that.attribute] = {
promise: deferred.promise,
temp: sid
};
Latter is better because promise can't be changed by consumer component.
Its resolution is still controlled by deferred.
3) We should not call trust-resolve when there are no sids. It's
pointless and trust-resolve requires at least one sid (`Str('sids+',`)
4) I see that you copied attribute facet preop as sid preop but omitted
adding of facet update policy. Is there a reason for it? IMO it's better
just to copy the whole or don't do it at all and just specified the
facet as:
$type: 'attribute',
$factory: IPA.sid_facet,
This change is in fix2.diff.
Nitpicks:
a) Use `[]` instead of `new Array()`
b) add space before `for`
c) specifying sids: '' in command construction is not needed - it's set
later
--
Petr
On 05/04/2013 08:04 AM, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in
the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type
is not shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
... and here is rebase of install/ui/src/freeipa to Web UI refactoring
branch, to help testing on top of Petr's changes. With this patch SID
resolving works in new Web UI.
There are probably some changes that could further be removed, I haven't
looked into greater detail.
Please note that attached patch only covers parts in
install/ui/src/freeipa, you'd still need to add plugin changes from
ipalib/plugins/trust.py.
--
Petr Vobornik
diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js
index cd76b7e..71ee71d 100644
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@@ -1372,17 +1372,17 @@ IPA.sid_facet = function(spec,
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On 05/06/2013 01:28 PM, Martin Kosek wrote:
On 05/04/2013 07:13 AM, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
Thanks for the patch! Still, I have few comments:
1) Exception should be raised instead of returning empty result:
+if not _nss_idmap_installed:
+return dict(result=result)
Otherwise people will be confused what's wrong.
2) Why do we hide error raised in SID processing code?
...
+except ValueError, e:
+pass
...
I think that the try-catch should be as localized possible, ideally in the FOR
loop. If processing of the second SID out of 10 fails, just one SID would be
return, with no additional error. People will be confused what's wrong:
# ipa trust-resolve --sids S-1-5-21-3035198329-144811719-1378114514-500
#
This does not really tell me what's wrong.
Could we rather return all requested SIDs either with a proper result or with
a
respective error? This is how I would image the translation to look like:
...
try:
sids = map(lambda x: str(x), options['sids'])
xlate = pysss_nss_idmap.getnamebysid(sids)
except SomeError, e:
raise SomeException(e)
for sid in xlate:
entry = dict()
entry['sid'] = ...
try:
name = ...
type = ...
entry['name'], entry['type'] = name, type
except SomeError, e:
entry['failedtranslation'] = unicode(e)
results.append(entry)
...
I filed ticket for SSSD part of the issue:
https://fedorahosted.org/sssd/ticket/1911
3) Tab/Space indentation mix:
+for sid in xlate:
+entry = dict()
+ entry['sid'] = [unicode(sid)]
4) Unneeded import:
from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext,
Object
+from types import NoneType
from ipalib.parameters import Enu
Martin
As Alexander is not here ATM, sending updated patch based on current master
branch (with Web UI refactoring) which also includes few squashes:
- fix for my point 3)
- fix for my point 4)
- squashed Petr Vobornik's Web UI cleanups
I tested it and it worked fine. As for the points 1) and 2) I will file a
ticket, these are not critical.
Martin
From 22c8518387e83b843e7dcf14d1d61b2ef9342c3c Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Mon, 6 May 2013 17:10:56 +0200
Subject: [PATCH] Resolve SIDs in Web UI
Introduce new command, 'trust-resolve', to aid resolving SIDs to names
in the Web UI.
The
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Mon, May 06, 2013 at 05:55:35PM +0200, Martin Kosek wrote:
On 05/06/2013 01:28 PM, Martin Kosek wrote:
On 05/04/2013 07:13 AM, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
Thanks for the patch! Still, I have few comments:
1) Exception should be raised instead of returning empty result:
+if not _nss_idmap_installed:
+return dict(result=result)
Otherwise people will be confused what's wrong.
2) Why do we hide error raised in SID processing code?
...
+except ValueError, e:
+pass
...
I think that the try-catch should be as localized possible, ideally in the
FOR
loop. If processing of the second SID out of 10 fails, just one SID would be
return, with no additional error. People will be confused what's wrong:
# ipa trust-resolve --sids S-1-5-21-3035198329-144811719-1378114514-500
#
This does not really tell me what's wrong.
Could we rather return all requested SIDs either with a proper result or
with a
respective error? This is how I would image the translation to look like:
...
try:
sids = map(lambda x: str(x), options['sids'])
xlate = pysss_nss_idmap.getnamebysid(sids)
except SomeError, e:
raise SomeException(e)
for sid in xlate:
entry = dict()
entry['sid'] = ...
try:
name = ...
type = ...
entry['name'], entry['type'] = name, type
except SomeError, e:
entry['failedtranslation'] = unicode(e)
results.append(entry)
...
I filed ticket for SSSD part of the issue:
https://fedorahosted.org/sssd/ticket/1911
3) Tab/Space indentation mix:
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
4) Unneeded import:
from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext,
Object
+from types import NoneType
from ipalib.parameters import Enu
Martin
As Alexander is not here ATM, sending updated patch based on current master
branch (with Web UI refactoring) which also includes few squashes:
- fix for my point 3)
- fix for my point 4)
- squashed Petr Vobornik's Web UI cleanups
I tested it and it worked fine. As for the points 1) and 2) I will file a
ticket, these are not critical.
Martin
Patch is working as expected. So ACK from my side for the functional
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
Looks like Sumit is already on top of testing the patches, but for the
record, you'd need SSSD-1.10 beta1 or newer in order to test the
functionality.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, 04 May 2013, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
... and here is rebase of install/ui/src/freeipa to Web UI refactoring
branch, to help testing on top of Petr's changes. With this patch SID
resolving works in new Web UI.
There are probably some changes that could further be removed, I haven't
looked into greater detail.
Please note that attached patch only covers parts in
install/ui/src/freeipa, you'd still need to add plugin changes from
ipalib/plugins/trust.py.
--
/ Alexander Bokovoy
diff --git a/install/ui/src/freeipa/association.js
b/install/ui/src/freeipa/association.js
index d33ec87..cd76b7e 100644
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@@ -23,6 +23,7 @@
* the AssociationList elements; IT NEEDS IT'S OWN CODE! */
define([
+'dojo/Deferred',
'./ipa',
'./jquery',
'./navigation',
@@ -31,7 +32,7 @@ define([
'./text',
'./search',
'./dialog'],
-function(IPA, $, navigation, phases, reg, text) {
+function(Deferred, IPA, $, navigation, phases, reg, text) {
IPA.associator = function (spec) {
@@ -1364,6 +1365,49 @@ IPA.attribute_facet = function(spec, no_init) {
return that;
};
+IPA.sid_facet = function(spec, no_init) {
+
+spec.name = spec.name || 'sid_facet';
+
+var that = IPA.attribute_facet(spec, no_init);
+
+that.load_records = function(value) {
+var xlate = {}
+var sidxlate_command = IPA.command({
+entity: 'trust',
+method: 'resolve',
+options: {
+sids: '',
+},
+});
+sidxlate_command.on_success = function(data, text_status, xhr) {
+for(var i=0; i data.result.result.length; i++) {
+var entry = data.result.result[i]
+if (entry.sid[0] in xlate) {
+xlate[entry.sid[0]].resolve(entry.name[0]);
+}
+}
+};
+that.table.empty();
+
+var sids = new Array();
+for(var i=0; i value.length; i++) {
+var sid = value[i][that.attribute];
+var deferred = new Deferred();
+deferred.temp = sid;
+value[i][that.attribute] = deferred;
+xlate[sid] = deferred;
+sids.push(sid)
+that.add_record(value[i]);
+};
+sidxlate_command.options.sids = sids;
+sidxlate_command.execute();
+};
+
+return that;
+};
+
+
IPA.attr_read_only_evaluator =
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
'ipa trust-resolve' on the command line is working well.
bye,
Sumit
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
- Identity|User groups
- select specific group
- select 'External' tab
I recorded small animated sequence that shows how it looks in new Web
UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
sorry, I meant how to debug the WebUI.
'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
- Identity|User groups
- select specific group
- select 'External' tab
I recorded small animated sequence that shows how it looks in new Web
UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
I only see the SIDs with your patches applied. I used master with your git
patches. Do I need the patches for the new WebUI and your additional
patch for that as well?
bye,
Sumit
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote:
On Sat, 04 May 2013, Sumit Bose wrote:
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote:
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
I'm sorry, it still does not work for me in firefox on F18 32bits. Can
you give me some hints where to look what the WebUI is trying to do?
sorry, I meant how to debug the WebUI.
Petr wrote these notes:
http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html
You'd need to put breakpoint in association.js, in
sidxlate_command.on_success(), once you used sync.sh to
copy over non-compiled version of the UI javascript code.
'ipa trust-resolve' on the command line is working well.
Navigate from top /ipa/ui to:
- Identity|User groups
- select specific group
- select 'External' tab
I recorded small animated sequence that shows how it looks in new Web
UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif
I only see the SIDs with your patches applied. I used master with your git
patches. Do I need the patches for the new WebUI and your additional
patch for that as well?
GIT master with my patches should be enough -- if you used 0103 revision 1
Additional patch part is only for new Web UI rebase for
instal/ui/src/freeipa/*
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
From a1cffc2ecc0bba739c3b5a5130f939a90dd0b88e Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Wed, 24 Apr 2013 13:48:07 +0200
Subject: [PATCH 2/3] Column promise support
Column setup method can handle promise. It can be supplied directly or
encapsulated in a object with temporal value: { promise: promise, temp: 'temp
val' }
Temporal value is displayed until promise is fulfilled.
---
install/ui/src/freeipa/widget.js | 30 +++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js
index 17d9b8b..b55900d 100644
--- a/install/ui/src/freeipa/widget.js
+++ b/install/ui/src/freeipa/widget.js
@@ -1388,9 +1388,6 @@ IPA.column = function (spec) {
}
that.setup = function(container, record, suppress_link) {
-
-container.empty();
-
var value = record[that.name];
var type;
if (that.formatter) {
@@ -1398,7 +1395,34 @@ IPA.column = function (spec) {
value = that.formatter.format(value);
type = that.formatter.type;
}
+
+var promise, temp = '';
+if (value typeof value.then === 'function') promise = value;
+if (value value.promise typeof value.promise.then ===
'function') {
+promise = value.promise;
+temp = value.temp || '';
+}
+
+if (promise) {
+var fulfilled = false;
+promise.then(function(val) {
+fulfilled = true;
+that.set_value(container, val, type, suppress_link);
+});
+
+if (fulfilled) return;
+// val obj can contain temporal value which is displayed
+// until promise is fulfilled
+value = temp;
+}
+
+that.set_value(container, value, type, suppress_link);
+};
+
+that.set_value = function(container, value, type, suppress_link) {
+
value = value ? value.toString() : '';
+container.empty();
var c;
if (that.link !suppress_link) {
--
1.8.1.4
From 016d3c827f5f9cdecf0d731a993fe5ad92191b59 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 3 May 2013 21:26:08 +0300
Subject: [PATCH 1/3] web-ui: fix typo in link highliting
---
install/ui/ipa.css | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/install/ui/ipa.css b/install/ui/ipa.css
index 3e443d5..8afcfb1 100644
--- a/install/ui/ipa.css
+++ b/install/ui/ipa.css
@@ -779,7 +779,7 @@ div[name=settings].facet-group li a {
border: none;
}
-.search-table a:link, a:visted {
+.search-table a:link, a:visited {
color:black;
}
--
1.8.1.4
From 879d686e5cf274446cf345f24be114d23bdc4db9 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Tue, 30 Apr 2013 13:13:25 +0300
Subject: [PATCH 3/3] Resolve SIDs in Web UI
Introduce new command, 'trust-resolve', to aid resolving SIDs to names
in the Web UI.
The command uses new SSSD interface, nss_idmap, to resolve actual SIDs.
SSSD caches resolved data so that future requests to resolve same SIDs
are returned from a memory cache.
Web UI code is using Dojo/Deferred to deliver result of SID resolution
out of band. Once resolved names are available, they replace SID values.
Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved
at the same time. They all sent within the single request to the server.
https://fedorahosted.org/freeipa/ticket/3302
---
API.txt | 7 ++
freeipa.spec.in | 4 +++
install/ui/src/freeipa/association.js | 45 +-
install/ui/src/freeipa/entity.js | 10 +++-
install/ui/src/freeipa/facet.js | 12 +
install/ui/src/freeipa/group.js | 6 ++---
ipalib/plugins/trust.py | 46 +++
7 files changed, 125 insertions(+), 5 deletions(-)
diff --git a/API.txt b/API.txt
index c2400e9..e5bb7be 100644
--- a/API.txt
+++ b/API.txt
@@ -3398,6 +3398,13 @@ option: Str('version?', exclude='webui')
output: Entry('result', type 'dict', Gettext('A dictionary representing an
LDAP
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
+ result.append(entry)
+except ValueError, e:
+pass
+
+return dict(result=result)
+
+api.register(trust_resolve)
--
1.8.1.4
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
bye,
Sumit
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Fri, 03 May 2013, Sumit Bose wrote:
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
Hi!
Attached are patches to allow resolving SIDs in Web UI in external
membership panel for groups. Please see more detailed description in the
main patch.
I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
should be simple.
https://fedorahosted.org/freeipa/ticket/3302
Since framework doesn't allow to hide commands from CLI, underlying
command is usable from CLI too:
# ipa trust-resolve
--sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
Name: enterprise read-only domain controll...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-498
Name: administra...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-500
Name: domain adm...@ad.lan
SID: S-1-5-21-3502988750-125904550-3683905862-512
--
/ Alexander Bokovoy
+try:
+sids = map(lambda x: str(x), options['sids'])
+xlate = pysss_nss_idmap.getnamebysid(sids)
The latest version, which is already committed to sssd, return a dict.
The output of ipa trust-resolve now look like:
[root@ipa18-devel ~]# ipa trust-resolve
--sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-500
Name: {'type': 2, 'name': u'enterprise read-only domain
controllers@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-498
Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'}
SID: S-1-5-21-3090815309-2627318493-3395719201-513
+for sid in xlate:
+ entry = dict()
+ entry['sid'] = [unicode(sid)]
+ entry['name'] = [unicode(xlate[sid])]
I think you need entry['name'] =
[unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
here.
Fixed, thanks!
I also added type conversion to a text (user, group, both). The type is not
shown by default
in CLI but is available through --all option. We might consider using it
in Web UI for visual hint about the name nature.
I tried with firefox, but the SIDs of the external members are not
resolved. Do I have to clean any firefox cache?
No, you do not. When picking up changes from my development VM, I
omitted one chunk in group.js where sid_facet was actually taken in use.
Without that one nothing is used.
Updated patch 0103 is attached, tested against sssd in ipa-devel repo
which already includes your patches.
--
/ Alexander Bokovoy
From d2bab4c42487ca57557ce19d1b6b90a1fd220566 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Tue, 30 Apr 2013 13:13:25 +0300
Subject: [PATCH 3/3] Resolve SIDs in Web UI
Introduce new command, 'trust-resolve', to aid resolving SIDs to names
in the Web UI.
The command uses new SSSD interface, nss_idmap, to resolve actual SIDs.
SSSD caches resolved data so that future requests to resolve same SIDs
are returned from a memory cache.
Web UI code is using Dojo/Deferred to deliver result of SID resolution
out of band. Once resolved names are available, they replace SID values.
Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved
at the same time. They all sent within the single request to the server.
https://fedorahosted.org/freeipa/ticket/3302
---
API.txt | 7 +
freeipa.spec.in | 4 +++
install/ui/src/freeipa/association.js | 45 +++-
install/ui/src/freeipa/entity.js | 10 ++-
install/ui/src/freeipa/facet.js | 12
install/ui/src/freeipa/group.js | 4 +--
ipalib/plugins/trust.py | 56 +++
7 files changed, 134 insertions(+), 4 deletions(-)
diff --git a/API.txt b/API.txt
index c2400e9..e5bb7be 100644
--- a/API.txt
+++ b/API.txt
@@ -3398,6 +3398,13 @@ option: Str('version?', exclude='webui')
output: Entry('result', type 'dict', Gettext('A dictionary representing an
LDAP entry', domain='ipa', localedir=None))
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('value', type 'unicode', None)
+command: trust_resolve
+args: 0,4,1
+option: Flag('all', autofill=True, cli_name='all', default=False,
exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False,
exclude='webui')
+option: Str('sids+', csv=True)
+option: Str('version?', exclude='webui')
+output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A
list of LDAP entries', domain='ipa', localedir=None))
command: trust_show
args: 1,4,3
arg: Str('cn', attribute=True, cli_name='realm', multivalue=False,
primary_key=True, query=True, required=True)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 36e2a61..1f97418 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -211,6 +211,7 @@ Requires: samba4
Requires: samba4-winbind
%endif
Requires: libsss_idmap
+Requires: libsss_nss_idmap-python
# We use alternatives to divert
