I also think this bug should get HIGH priority. LDAP is essential for so many deployments.
I also recommend testing that "sudo", "su -" and "sudo su -" work as expected from LDAP-only user accounts. I'm experiencing this bug with LDAP user accounts, but I worked around it using instructions found in this bug report. However, there's an additional problem probably related to this, which doesn't go away:
I have a user account "johndoe" that only exists in LDAP. That user account belongs to local groups "sudo" and "admin" as specified in /etc/group.
I also think this bug should get HIGH priority. LDAP is essential for so many deployments.
I also recommend testing that "sudo", "su -" and "sudo su -" work as expected from LDAP-only user accounts. I'm experiencing this bug with LDAP user accounts, but I worked around it using instructions found in this bug report. However, there's an additional problem probably related to this, which doesn't go away:
I have a user account "johndoe" that only exists in LDAP. That user account belongs to local groups "sudo" and "admin" as specified in /etc/group.
~# getent passwd johndoe x:10003: 10003:John Doe:/home/ johndoe: /bin/bash
johndoe:
~# getent group sudo
sudo:x:27:johndoe
~# getent group admin x:118:johndoe
admin:
~# cat /etc/sudoers | grep '%[admin|sudo]'
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
I have NOT set ignore_ local_sudoers so it should work with LDAP and local /etc/sudoers file.
But sudo is not working. What happens instead is:
johndoe@host:~$ sudo su PASSWORD* **
sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
johndoe@host:~$ su -
Password: ***CORRECT*
su: Authentication failure
johndoe@host:~$ sudo cat /etc/group
sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
These problems may be related, so I recommend checking sudo and su as well when investigating and testing this bug.