Our users are managed through FreeIPA, and each workstation has a sudo rule configured so that the user has sudo privileges on their assigned workstation. This can be verified on the workstation by running the command “sudo -ll -U “. However, since the user is not assigned to the local sudo group or an LDAP admin group, they are unable to perform elevated tasks (install software via Software Center, etc.) in the graphical environment. Instead of prompting for the password of the logged-in user trying to perform the task, the “Requires authentication” window prompts for the password of a user in either the LDAP sudo group or local sudo group. Is there a way to write a rule or conf file that can detect that a user’s authorization comes from an LDAP rule and not membership in a group?