Public bug reported:
Log in as a ldap user. centrify, likewise-open, pam_ldap it doesn't
matter. Add the user's group to sudoers, something like
%UnixAdmins ALL=(ALL) ALL
now if you use sudo on cli it works. But if you run something like
gnome-control -center you cannot unlock it. Same with all gui programs
such as Ubuntu Software Center and Update Manager.
The issue seems to be that for these gui programs to work the user must
be in the group "admin" but this is rarely possible with LDAP. In Active
Directory the admin group is a reserved group. Even if you could figure
out a way to put the ldap user in the admin group, this is often a
security issue. You might want a user to be capable of installing
programs but not a domain administrator!
I don't know of any workaround at this time other than making a local
user and telling everyone the password for this local user. This has
obvious drawbacks.
It seems more logical for these programs to check if the user has sudo
rights, rather than just checking if the user is in "admin"
** Affects: ubuntu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888356
Title:
Cannot use gui administrative programs with ldap user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/888356/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
