On Thu, May 02, 2013 at 08:31:40PM +0200, Sumit Bose wrote:
On Thu, May 02, 2013 at 07:23:11PM +0200, Jakub Hrozek wrote:
> On Thu, May 02, 2013 at 04:07:57PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this is the second series of patches for the SID related lookups. With
> > these 4 patches, together with the ones send before, the FreeIPA WebUI
> > can do the SID-to-name lookups as described in
> >
https://fedorahosted.org/freeipa/ticket/3302.
> >
> > The patches currently only support IPA subdomain user, i.e. user and
> > groups from trusted domains. Upcoming patches will add support for IPA
> > user and support for the AD provider as well.
> >
> > bye,
> > Sumit
>
> Seems like the patches need rebasing on top of Pavel's recent patchset..
rebased on current master.
bye,
Sumit
I forgot to add some hints about how to test all this. You need a
FreeIPA server with trust to an AD domain. Since I found some issues in
the IPA extdom plugin during the development of the new API you need a
very recent build of FreeIPA with contains the patches:
- c152c9e Allow ID-to-SID mappings in the extdom plugin
- 0f43cd6 Do not store SID string in a local buffer
- 631b3cf Do not lookup up the domain too early if only the SID is known
The packages from
http://jdennis.fedorapeople.org/ipa-devel/fedora/19
already have those patches.
If all this is in place and sssd with the patches is installed a SID can
be mapped to a name with the help of the python interface provided by
the last patch:
python -c 'import pysss_nss_idmap; print
pysss_nss_idmap.getnamebysid("S-1-5-21-111-222-333-513");'
For other mapping pysss_nss_idmap.getidbysid,
pysss_nss_idmap.getsidbyid and pysss_nss_idmap.getsidbyname can be used.
HTH
bye,
Sumit
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel