From 2d1a85606d61128611f49101854bb8efe4abd638 Mon Sep 17 00:00:00 2001

From: Alexander Bokovoy <abokovoy@redhat.com>

Date: Thu, 16 Jan 2014 20:31:37 +0200

Subject: [PATCH 32/34] group-show: resolve external members of the groups

Perform SID to name conversion for existing external members of the

groups if trust is configured.

https://bugzilla.redhat.com/show_bug.cgi?id=1054391

https://fedorahosted.org/freeipa/ticket/4123

---

 ipalib/plugins/group.py | 15 +++++++++++++++

 1 file changed, 15 insertions(+)

diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py

index 02eeb10ca2ca2a5710e88d6e3c11f1d1cdaa4a7b..dac55003e5a4291e8a3b7db58ae9b3c9c76e271e 100644

--- a/ipalib/plugins/group.py

+++ b/ipalib/plugins/group.py

@@ -387,6 +387,21 @@ def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **option

 class group_show(LDAPRetrieve):

     __doc__ = _('Display information about a named group.')

     has_output_params = LDAPRetrieve.has_output_params + (ipaexternalmember_param,)

+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):

+        assert isinstance(dn, DN)

+        if ('ipaexternalmember' in entry_attrs and

+            len(entry_attrs['ipaexternalmember']) > 0 and

+            'trust_resolve' in self.Command and

+            not options.get('raw', False)):

+            sids = entry_attrs['ipaexternalmember']

+            result = self.Command.trust_resolve(sids=sids)

+            for entry in result['result']:

+                try:

+                    idx = sids.index(entry['sid'][0])

+                    sids[idx] = entry['name'][0]

+                except ValueError:

+                    pass

+        return dn

 api.register(group_show)

-- 

1.8.4.2