I'm not sure your issue is a bug in policykit.
It seems to be more likely a configuration issue.
This is quite tricky to configure SSO on Ubuntu as you need to configure cleanly the LDAP client part of your workstation, the policykit system for rights elevation and PAM for authentication.
Take a look in /etc/polkit-1/localauthority.conf.d
You should have a file called 60-ldap.conf (the number may be different, this is just for ordering scripts execution) containing this text:
[Configuration]
AdminIdentities=unix-group:#####
with ##### the name of your domain/local administrators group. You can provide more than one group if you need to.
Check out that your LDAP client and nsswitch can resolve this group and all accounts within (getent group).
Hi Dave,
I'm not sure your issue is a bug in policykit.
It seems to be more likely a configuration issue.
This is quite tricky to configure SSO on Ubuntu as you need to configure cleanly the LDAP client part of your workstation, the policykit system for rights elevation and PAM for authentication.
Take a look in /etc/polkit- 1/localauthorit y.conf. d
You should have a file called 60-ldap.conf (the number may be different, this is just for ordering scripts execution) containing this text:
[Configuration] =unix-group: #####
AdminIdentities
with ##### the name of your domain/local administrators group. You can provide more than one group if you need to.
Check out that your LDAP client and nsswitch can resolve this group and all accounts within (getent group).
Hope this helps ;)
Loïc