[Freeipa-devel] [PATCH] 160,161 Trust Web UI

Alexander Bokovoy abokovoy at redhat.com
Fri Jun 22 16:49:33 UTC 2012 

Promised patch attached!


On Fri, 22 Jun 2012, Alexander Bokovoy wrote:
>Hi Petr,
>
>On Fri, 22 Jun 2012, Petr Vobornik wrote:
>>The static preview of trust UI can be seen at: http://pvoborni.fedorapeople.org/trusts/#ipaserver=trust&navigation=ipaserver
>Looks nice!
>
>>
>>[Patch] 161 Trust Web UI:
>>
>>This patch adds Web UI for trusts.
>>
>>Navigation path is IPA Server/Trust. It allows to add, deleted and 
>>show trust. Mod command doesn't have defined input options so 
>>update of a trust is not supported yet.
>Yes, it will get defined once we finish support for uid/gid ranges.
>
>>Adder dialog supports two ways if adding a trust:
>>1) adding with domain name, admin name and admin password.
>>2) adding with domain name, shared secret
>>
>>Search page shows only list of realm names which are trusts' cns.
>>
>>Details page is read only. It contains following attributes:
>>* Realm name (cn)
>>* Domain NetBIOS name (ipantflatname)
>>* Domain Security Identifier (ipanttrusteddomainsid)
>>* Trust direction (trustdirection)
>>* Trust type (trusttype)
>>
>>For Domain Security Identifier is not used ipantsecurityidentifier 
>>param which is defined in trust plugin's trust_output_params list. 
>>This param is not returned by show command so ipanttrusteddomainsid 
>>is used instead.
>You are using the proper one. I'm attaching a patch to fix existing
>plugin. The issue here is that we have two attributes, one for SIDs of
>our objects (users, groups, ...), another one is used specifically for
>a trusted domain object. It was my mistake to mix them as I also was
>thinking to allow seeing our own domain SID via 'ipa trust' commands.
>
>>trust_output_params also defines 'Trust status' param. This param 
>>is not return by show command as well so it's commented out in code 
>>until it's fixed in plugin code.
>Yes, the code for this will be implemented as part of trust validation,
>ticket 2763.
>
>>Fields in details pages are using labels defined in internal.py. It 
>>is temporary solution until including of command.has_output_params 
>>will be added to metadata.
>>
>>https://fedorahosted.org/freeipa/ticket/2829
>1. Please update the patch with regards to the change in my
>   attached patch.
>2. First two chunks of install/ui/test/data/ipa_init_commands.json and
>   install/ui/test/data/ipa_init_objects.json changes look unrelated to
>   this ticket.
>
>>[PATCH] 160 Same password validator:
>>
>>This patch adds validator which compares passwords in two fields.
>>
>>In future it should be used in various password reset dialogs.
>>
>>A flags attribute was added to field. It's purpose is to define 
>>control flags. This patch uses it in details facet and adder dialog 
>>to not include fields to command option if the field has 
>>'no_command' flag. Therefore there is no need to use hacks such as 
>>disabling of field or removing a value from command's option map 
>>when a non-command field is needed (ie verify password).
>>
>>https://fedorahosted.org/freeipa/ticket/2829
>ACK
>
>-- 
>/ Alexander Bokovoy
>
>_______________________________________________
>Freeipa-devel mailing list
>Freeipa-devel at redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-devel



-- 
/ Alexander Bokovoy
-------------- next part --------------
>From 8f4e5ece17020d31dd75f99a2c337167f896e152 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Fri, 22 Jun 2012 19:33:57 +0300
Subject: [PATCH 2/2] Use correct SID attribute for trusted domains

We have two SID attributes, ipaNTSecurityIdentifier and ipaNTTrustedDomainSID.
First is used for recording SID of our users/groups, second is to store
SID of a remote trusted domain.
---
 ipalib/plugins/trust.py |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index b313b30d9b16911adea3c607dbff7e5fe30bda1f..1f2eae584bd45bb62a1ff4740af98dcafb3489ae 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -38,7 +38,7 @@ Manage trust relationship between realms
 trust_output_params = (
     Str('ipantflatname',
         label=_('Domain NetBIOS name')),
-    Str('ipantsecurityidentifier',
+    Str('ipanttrusteddomainsid',
         label=_('Domain Security Identifier')),
     Str('trustdirection',
         label=_('Trust direction')),
@@ -90,7 +90,7 @@ class trust(LDAPObject):
     object_name = _('trust')
     object_name_plural = _('trusts')
     object_class = ['ipaNTTrustedDomain']
-    default_attributes = ['cn', 'ipantflatname', 'ipantsecurityidentifier', 
+    default_attributes = ['cn', 'ipantflatname', 'ipanttrusteddomainsid',
         'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection', 'ipanttrustpartner',
         'ipantauthtrustoutgoing', 'ipanttrustauthincoming', 'ipanttrustforesttrustinfo',
         'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
-- 
1.7.10.2

More information about the Freeipa-devel mailing list