Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? sorry, I meant how to debug the WebUI. Petr wrote these notes: http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html You'd need to put breakpoint in association.js, in sidxlate_command.on_success(), once you used sync.sh to copy over non-compiled version of the UI javascript code. Thank you for the hints. Now I see the following, it is working as expected when I just call ./sync.sh -fc but the SIDs are not translated when I call ./sync.sh -fcC I didn't change anything at the *.js source files, just called sync.sh. Any ideas what might be wrong here? bye, Sumit 'ipa trust-resolve' on the command line is working well. Navigate from top /ipa/ui to: - Identity|User groups - select specific group - select 'External' tab I recorded small animated sequence that shows how it looks in new Web UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif I only see the SIDs with your patches applied. I used master with your git patches. Do I need the patches for the new WebUI and your additional patch for that as well? GIT master with my patches should be enough -- if you used 0103 revision 1 Additional patch part is only for new Web UI rebase for instal/ui/src/freeipa/* -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On 05/06/2013 10:47 AM, Sumit Bose wrote: On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? sorry, I meant how to debug the WebUI. Petr wrote these notes: http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html You'd need to put breakpoint in association.js, in sidxlate_command.on_success(), once you used sync.sh to copy over non-compiled version of the UI javascript code. Thank you for the hints. Now I see the following, it is working as expected when I just call ./sync.sh -fc but the SIDs are not translated when I call ./sync.sh -fcC I didn't change anything at the *.js source files, just called sync.sh. Any ideas what might be wrong here? -C stands for: send a built/compiled version. Usually you have to create it first - it's not in git. so all ./make-ui.sh before ./sync.sh -fcC I will send comments for the patch later today - mostly nitpicks. bye, Sumit 'ipa trust-resolve' on the command line is working well. Navigate from top /ipa/ui to: - Identity|User groups - select specific group - select 'External' tab I recorded small animated sequence that shows how it looks in new Web UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif I only see the SIDs with your patches applied. I used master with your git patches. Do I need the patches for the new WebUI and your additional patch for that as well? GIT master with my patches should be enough -- if you used 0103 revision 1 Additional patch part is only for new Web UI rebase for instal/ui/src/freeipa/* -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Mon, May 06, 2013 at 11:05:40AM +0200, Petr Vobornik wrote: On 05/06/2013 10:47 AM, Sumit Bose wrote: On Sat, May 04, 2013 at 08:24:52PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: +entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? sorry, I meant how to debug the WebUI. Petr wrote these notes: http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html You'd need to put breakpoint in association.js, in sidxlate_command.on_success(), once you used sync.sh to copy over non-compiled version of the UI javascript code. Thank you for the hints. Now I see the following, it is working as expected when I just call ./sync.sh -fc but the SIDs are not translated when I call ./sync.sh -fcC I didn't change anything at the *.js source files, just called sync.sh. Any ideas what might be wrong here? -C stands for: send a built/compiled version. Usually you have to create it first - it's not in git. so all ./make-ui.sh before ./sync.sh -fcC thanks, that did the trick and also told me why the packages created with 'make rpms' didn't work for me, because I forgot to add export BASE_OPTIONS=-Xss512k to my build environment, because otherwise I see a StackOverflowError while uglifying. bye, Sumit I will send comments for the patch later today - mostly nitpicks. bye, Sumit 'ipa trust-resolve' on the command line is working well. Navigate from top /ipa/ui to: - Identity|User groups - select specific group - select 'External' tab I recorded small animated sequence that shows how it looks in new Web UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif I only see the SIDs with your patches applied. I used master with your git patches. Do I need the patches for the new WebUI and your additional patch for that as well? GIT master with my patches should be enough -- if you used 0103 revision 1 Additional patch part is only for new Web UI rebase for instal/ui/src/freeipa/* -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Hello, here is review of Web UI part. ACK for abbra-102, it's a fix of error (typo), but it won't probably have any impact. Because links associated with 'a' elements are different than the resulting ones. NACK for abbra-103: NACK for abbra-pvoborni... (is included in new abbra-103) Are CLI and IPA-API parts of old abbra-103 in some different patch? We should make proper patches from the API/CLI part and WebUI part. Because of this I didn't test following fixes by using installed IPA with established trust. Attaching a diff with fixes for following errors of abbra-103: 1) There are jslint errors (missing semicolons, extra semicolons, trailing commas) (run `jslint -conf jsl.conf` in install/ui dir) Funny thing, I do the exact opposite mistakes when writing python code. 2) Do not use deferred directly as a value, use promise instead: value[i][that.attribute] = { promise: deferred.promise, temp: sid }; Latter is better because promise can't be changed by consumer component. Its resolution is still controlled by deferred. 3) We should not call trust-resolve when there are no sids. It's pointless and trust-resolve requires at least one sid (`Str('sids+',`) 4) I see that you copied attribute facet preop as sid preop but omitted adding of facet update policy. Is there a reason for it? IMO it's better just to copy the whole or don't do it at all and just specified the facet as: $type: 'attribute', $factory: IPA.sid_facet, This change is in fix2.diff. Nitpicks: a) Use `[]` instead of `new Array()` b) add space before `for` c) specifying sids: '' in command construction is not needed - it's set later -- Petr On 05/04/2013 08:04 AM, Alexander Bokovoy wrote: On Sat, 04 May 2013, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. ... and here is rebase of install/ui/src/freeipa to Web UI refactoring branch, to help testing on top of Petr's changes. With this patch SID resolving works in new Web UI. There are probably some changes that could further be removed, I haven't looked into greater detail. Please note that attached patch only covers parts in install/ui/src/freeipa, you'd still need to add plugin changes from ipalib/plugins/trust.py. -- Petr Vobornik diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index cd76b7e..71ee71d 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -1372,17 +1372,17 @@ IPA.sid_facet = function(spec,
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On 05/06/2013 01:28 PM, Martin Kosek wrote: On 05/04/2013 07:13 AM, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. Thanks for the patch! Still, I have few comments: 1) Exception should be raised instead of returning empty result: +if not _nss_idmap_installed: +return dict(result=result) Otherwise people will be confused what's wrong. 2) Why do we hide error raised in SID processing code? ... +except ValueError, e: +pass ... I think that the try-catch should be as localized possible, ideally in the FOR loop. If processing of the second SID out of 10 fails, just one SID would be return, with no additional error. People will be confused what's wrong: # ipa trust-resolve --sids S-1-5-21-3035198329-144811719-1378114514-500 # This does not really tell me what's wrong. Could we rather return all requested SIDs either with a proper result or with a respective error? This is how I would image the translation to look like: ... try: sids = map(lambda x: str(x), options['sids']) xlate = pysss_nss_idmap.getnamebysid(sids) except SomeError, e: raise SomeException(e) for sid in xlate: entry = dict() entry['sid'] = ... try: name = ... type = ... entry['name'], entry['type'] = name, type except SomeError, e: entry['failedtranslation'] = unicode(e) results.append(entry) ... I filed ticket for SSSD part of the issue: https://fedorahosted.org/sssd/ticket/1911 3) Tab/Space indentation mix: +for sid in xlate: +entry = dict() + entry['sid'] = [unicode(sid)] 4) Unneeded import: from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext, Object +from types import NoneType from ipalib.parameters import Enu Martin As Alexander is not here ATM, sending updated patch based on current master branch (with Web UI refactoring) which also includes few squashes: - fix for my point 3) - fix for my point 4) - squashed Petr Vobornik's Web UI cleanups I tested it and it worked fine. As for the points 1) and 2) I will file a ticket, these are not critical. Martin From 22c8518387e83b843e7dcf14d1d61b2ef9342c3c Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Mon, 6 May 2013 17:10:56 +0200 Subject: [PATCH] Resolve SIDs in Web UI Introduce new command, 'trust-resolve', to aid resolving SIDs to names in the Web UI. The
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Mon, May 06, 2013 at 05:55:35PM +0200, Martin Kosek wrote: On 05/06/2013 01:28 PM, Martin Kosek wrote: On 05/04/2013 07:13 AM, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. Thanks for the patch! Still, I have few comments: 1) Exception should be raised instead of returning empty result: +if not _nss_idmap_installed: +return dict(result=result) Otherwise people will be confused what's wrong. 2) Why do we hide error raised in SID processing code? ... +except ValueError, e: +pass ... I think that the try-catch should be as localized possible, ideally in the FOR loop. If processing of the second SID out of 10 fails, just one SID would be return, with no additional error. People will be confused what's wrong: # ipa trust-resolve --sids S-1-5-21-3035198329-144811719-1378114514-500 # This does not really tell me what's wrong. Could we rather return all requested SIDs either with a proper result or with a respective error? This is how I would image the translation to look like: ... try: sids = map(lambda x: str(x), options['sids']) xlate = pysss_nss_idmap.getnamebysid(sids) except SomeError, e: raise SomeException(e) for sid in xlate: entry = dict() entry['sid'] = ... try: name = ... type = ... entry['name'], entry['type'] = name, type except SomeError, e: entry['failedtranslation'] = unicode(e) results.append(entry) ... I filed ticket for SSSD part of the issue: https://fedorahosted.org/sssd/ticket/1911 3) Tab/Space indentation mix: +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] 4) Unneeded import: from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext, Object +from types import NoneType from ipalib.parameters import Enu Martin As Alexander is not here ATM, sending updated patch based on current master branch (with Web UI refactoring) which also includes few squashes: - fix for my point 3) - fix for my point 4) - squashed Petr Vobornik's Web UI cleanups I tested it and it worked fine. As for the points 1) and 2) I will file a ticket, these are not critical. Martin Patch is working as expected. So ACK from my side for the functional
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 Looks like Sumit is already on top of testing the patches, but for the record, you'd need SSSD-1.10 beta1 or newer in order to test the functionality. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, 04 May 2013, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. ... and here is rebase of install/ui/src/freeipa to Web UI refactoring branch, to help testing on top of Petr's changes. With this patch SID resolving works in new Web UI. There are probably some changes that could further be removed, I haven't looked into greater detail. Please note that attached patch only covers parts in install/ui/src/freeipa, you'd still need to add plugin changes from ipalib/plugins/trust.py. -- / Alexander Bokovoy diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d33ec87..cd76b7e 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -23,6 +23,7 @@ * the AssociationList elements; IT NEEDS IT'S OWN CODE! */ define([ +'dojo/Deferred', './ipa', './jquery', './navigation', @@ -31,7 +32,7 @@ define([ './text', './search', './dialog'], -function(IPA, $, navigation, phases, reg, text) { +function(Deferred, IPA, $, navigation, phases, reg, text) { IPA.associator = function (spec) { @@ -1364,6 +1365,49 @@ IPA.attribute_facet = function(spec, no_init) { return that; }; +IPA.sid_facet = function(spec, no_init) { + +spec.name = spec.name || 'sid_facet'; + +var that = IPA.attribute_facet(spec, no_init); + +that.load_records = function(value) { +var xlate = {} +var sidxlate_command = IPA.command({ +entity: 'trust', +method: 'resolve', +options: { +sids: '', +}, +}); +sidxlate_command.on_success = function(data, text_status, xhr) { +for(var i=0; i data.result.result.length; i++) { +var entry = data.result.result[i] +if (entry.sid[0] in xlate) { +xlate[entry.sid[0]].resolve(entry.name[0]); +} +} +}; +that.table.empty(); + +var sids = new Array(); +for(var i=0; i value.length; i++) { +var sid = value[i][that.attribute]; +var deferred = new Deferred(); +deferred.temp = sid; +value[i][that.attribute] = deferred; +xlate[sid] = deferred; +sids.push(sid) +that.add_record(value[i]); +}; +sidxlate_command.options.sids = sids; +sidxlate_command.execute(); +}; + +return that; +}; + + IPA.attr_read_only_evaluator =
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? 'ipa trust-resolve' on the command line is working well. bye, Sumit -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? 'ipa trust-resolve' on the command line is working well. Navigate from top /ipa/ui to: - Identity|User groups - select specific group - select 'External' tab I recorded small animated sequence that shows how it looks in new Web UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: +entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? sorry, I meant how to debug the WebUI. 'ipa trust-resolve' on the command line is working well. Navigate from top /ipa/ui to: - Identity|User groups - select specific group - select 'External' tab I recorded small animated sequence that shows how it looks in new Web UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif I only see the SIDs with your patches applied. I used master with your git patches. Do I need the patches for the new WebUI and your additional patch for that as well? bye, Sumit -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 06:02:27PM +0300, Alexander Bokovoy wrote: On Sat, 04 May 2013, Sumit Bose wrote: On Sat, May 04, 2013 at 08:13:17AM +0300, Alexander Bokovoy wrote: On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. I'm sorry, it still does not work for me in firefox on F18 32bits. Can you give me some hints where to look what the WebUI is trying to do? sorry, I meant how to debug the WebUI. Petr wrote these notes: http://pvoborni.fedorapeople.org/doc/debugging_web_ui.html You'd need to put breakpoint in association.js, in sidxlate_command.on_success(), once you used sync.sh to copy over non-compiled version of the UI javascript code. 'ipa trust-resolve' on the command line is working well. Navigate from top /ipa/ui to: - Identity|User groups - select specific group - select 'External' tab I recorded small animated sequence that shows how it looks in new Web UI: http://abbra.fedorapeople.org/.paste/freeipa-sid-resolve-new-web-ui.gif I only see the SIDs with your patches applied. I used master with your git patches. Do I need the patches for the new WebUI and your additional patch for that as well? GIT master with my patches should be enough -- if you used 0103 revision 1 Additional patch part is only for new Web UI rebase for instal/ui/src/freeipa/* -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy From a1cffc2ecc0bba739c3b5a5130f939a90dd0b88e Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Wed, 24 Apr 2013 13:48:07 +0200 Subject: [PATCH 2/3] Column promise support Column setup method can handle promise. It can be supplied directly or encapsulated in a object with temporal value: { promise: promise, temp: 'temp val' } Temporal value is displayed until promise is fulfilled. --- install/ui/src/freeipa/widget.js | 30 +++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index 17d9b8b..b55900d 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -1388,9 +1388,6 @@ IPA.column = function (spec) { } that.setup = function(container, record, suppress_link) { - -container.empty(); - var value = record[that.name]; var type; if (that.formatter) { @@ -1398,7 +1395,34 @@ IPA.column = function (spec) { value = that.formatter.format(value); type = that.formatter.type; } + +var promise, temp = ''; +if (value typeof value.then === 'function') promise = value; +if (value value.promise typeof value.promise.then === 'function') { +promise = value.promise; +temp = value.temp || ''; +} + +if (promise) { +var fulfilled = false; +promise.then(function(val) { +fulfilled = true; +that.set_value(container, val, type, suppress_link); +}); + +if (fulfilled) return; +// val obj can contain temporal value which is displayed +// until promise is fulfilled +value = temp; +} + +that.set_value(container, value, type, suppress_link); +}; + +that.set_value = function(container, value, type, suppress_link) { + value = value ? value.toString() : ''; +container.empty(); var c; if (that.link !suppress_link) { -- 1.8.1.4 From 016d3c827f5f9cdecf0d731a993fe5ad92191b59 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Fri, 3 May 2013 21:26:08 +0300 Subject: [PATCH 1/3] web-ui: fix typo in link highliting --- install/ui/ipa.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 3e443d5..8afcfb1 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -779,7 +779,7 @@ div[name=settings].facet-group li a { border: none; } -.search-table a:link, a:visted { +.search-table a:link, a:visited { color:black; } -- 1.8.1.4 From 879d686e5cf274446cf345f24be114d23bdc4db9 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 30 Apr 2013 13:13:25 +0300 Subject: [PATCH 3/3] Resolve SIDs in Web UI Introduce new command, 'trust-resolve', to aid resolving SIDs to names in the Web UI. The command uses new SSSD interface, nss_idmap, to resolve actual SIDs. SSSD caches resolved data so that future requests to resolve same SIDs are returned from a memory cache. Web UI code is using Dojo/Deferred to deliver result of SID resolution out of band. Once resolved names are available, they replace SID values. Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved at the same time. They all sent within the single request to the server. https://fedorahosted.org/freeipa/ticket/3302 --- API.txt | 7 ++ freeipa.spec.in | 4 +++ install/ui/src/freeipa/association.js | 45 +- install/ui/src/freeipa/entity.js | 10 +++- install/ui/src/freeipa/facet.js | 12 + install/ui/src/freeipa/group.js | 6 ++--- ipalib/plugins/trust.py | 46 +++ 7 files changed, 125 insertions(+), 5 deletions(-) diff --git a/API.txt b/API.txt index c2400e9..e5bb7be 100644 --- a/API.txt +++ b/API.txt @@ -3398,6 +3398,13 @@ option: Str('version?', exclude='webui') output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: +entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. + result.append(entry) +except ValueError, e: +pass + +return dict(result=result) + +api.register(trust_resolve) -- 1.8.1.4 I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? bye, Sumit ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Resolve SIDs in Web UI
On Fri, 03 May 2013, Sumit Bose wrote: On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote: Hi! Attached are patches to allow resolving SIDs in Web UI in external membership panel for groups. Please see more detailed description in the main patch. I haven't rebased it yet on top of Petr's Web UI rework, hopefully it should be simple. https://fedorahosted.org/freeipa/ticket/3302 Since framework doesn't allow to hide commands from CLI, underlying command is usable from CLI too: # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498} Name: enterprise read-only domain controll...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-498 Name: administra...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-500 Name: domain adm...@ad.lan SID: S-1-5-21-3502988750-125904550-3683905862-512 -- / Alexander Bokovoy +try: +sids = map(lambda x: str(x), options['sids']) +xlate = pysss_nss_idmap.getnamebysid(sids) The latest version, which is already committed to sssd, return a dict. The output of ipa trust-resolve now look like: [root@ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513} Name: {'type': 3, 'name': u'administrator@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-500 Name: {'type': 2, 'name': u'enterprise read-only domain controllers@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-498 Name: {'type': 2, 'name': u'domain users@ad18.ipa18.devel'} SID: S-1-5-21-3090815309-2627318493-3395719201-513 +for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid])] I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] here. Fixed, thanks! I also added type conversion to a text (user, group, both). The type is not shown by default in CLI but is available through --all option. We might consider using it in Web UI for visual hint about the name nature. I tried with firefox, but the SIDs of the external members are not resolved. Do I have to clean any firefox cache? No, you do not. When picking up changes from my development VM, I omitted one chunk in group.js where sid_facet was actually taken in use. Without that one nothing is used. Updated patch 0103 is attached, tested against sssd in ipa-devel repo which already includes your patches. -- / Alexander Bokovoy From d2bab4c42487ca57557ce19d1b6b90a1fd220566 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 30 Apr 2013 13:13:25 +0300 Subject: [PATCH 3/3] Resolve SIDs in Web UI Introduce new command, 'trust-resolve', to aid resolving SIDs to names in the Web UI. The command uses new SSSD interface, nss_idmap, to resolve actual SIDs. SSSD caches resolved data so that future requests to resolve same SIDs are returned from a memory cache. Web UI code is using Dojo/Deferred to deliver result of SID resolution out of band. Once resolved names are available, they replace SID values. Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved at the same time. They all sent within the single request to the server. https://fedorahosted.org/freeipa/ticket/3302 --- API.txt | 7 + freeipa.spec.in | 4 +++ install/ui/src/freeipa/association.js | 45 +++- install/ui/src/freeipa/entity.js | 10 ++- install/ui/src/freeipa/facet.js | 12 install/ui/src/freeipa/group.js | 4 +-- ipalib/plugins/trust.py | 56 +++ 7 files changed, 134 insertions(+), 4 deletions(-) diff --git a/API.txt b/API.txt index c2400e9..e5bb7be 100644 --- a/API.txt +++ b/API.txt @@ -3398,6 +3398,13 @@ option: Str('version?', exclude='webui') output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (type 'unicode', type 'NoneType'), None) output: Output('value', type 'unicode', None) +command: trust_resolve +args: 0,4,1 +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('sids+', csv=True) +option: Str('version?', exclude='webui') +output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) command: trust_show args: 1,4,3 arg: Str('cn', attribute=True, cli_name='realm', multivalue=False, primary_key=True, query=True, required=True) diff --git a/freeipa.spec.in b/freeipa.spec.in index 36e2a61..1f97418 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -211,6 +211,7 @@ Requires: samba4 Requires: samba4-winbind %endif Requires: libsss_idmap +Requires: libsss_nss_idmap-python # We use alternatives to divert