On Fri, May 03, 2013 at 09:27:29AM +0200, Sumit Bose wrote:
On Thu, May 02, 2013 at 08:31:40PM +0200, Sumit Bose wrote:
> On Thu, May 02, 2013 at 07:23:11PM +0200, Jakub Hrozek wrote:
> > On Thu, May 02, 2013 at 04:07:57PM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > this is the second series of patches for the SID related lookups. With
> > > these 4 patches, together with the ones send before, the FreeIPA WebUI
> > > can do the SID-to-name lookups as described in
> > >
https://fedorahosted.org/freeipa/ticket/3302.
> > >
> > > The patches currently only support IPA subdomain user, i.e. user and
> > > groups from trusted domains. Upcoming patches will add support for IPA
> > > user and support for the AD provider as well.
> > >
> > > bye,
> > > Sumit
> >
> > Seems like the patches need rebasing on top of Pavel's recent patchset..
>
> rebased on current master.
>
Patch 0003 still doesn't apply on master for me.. (sorry, I think it's
because I pushed Abhishek's tests after you rebased)
> bye,
> Sumit
I forgot to add some hints about how to test all this. You need a
FreeIPA server with trust to an AD domain. Since I found some issues in
the IPA extdom plugin during the development of the new API you need a
very recent build of FreeIPA with contains the patches:
- c152c9e Allow ID-to-SID mappings in the extdom plugin
- 0f43cd6 Do not store SID string in a local buffer
- 631b3cf Do not lookup up the domain too early if only the SID is known
The packages from
http://jdennis.fedorapeople.org/ipa-devel/fedora/19
already have those patches.
If all this is in place and sssd with the patches is installed a SID can
be mapped to a name with the help of the python interface provided by
the last patch:
python -c 'import pysss_nss_idmap; print
pysss_nss_idmap.getnamebysid("S-1-5-21-111-222-333-513");'
For other mapping pysss_nss_idmap.getidbysid,
pysss_nss_idmap.getsidbyid and pysss_nss_idmap.getsidbyname can be used.
Thanks, that's quite helpful.