GNOME Bugzilla – Bug 681753
Managing enterprise users in the user panel
Last modified: 2021-06-09 16:14:07 UTC
Enterprise users are currently mixed in with the other users in the user panel, with no indication they are different and can be managed differently. Ray is doing some redesign on Remote vs. Local users (and I'll step in to help out if needed), and so this bug is about the left hand side panel part. The design here is outdated in that it says we shouldn't be listing enterprise user accounts at all. Local admins can add enterprise users explicitly. So they need to be listed, be deletable and so on. The design proposal is here: https://live.gnome.org/Design/Proposals/UserIdentities?action=AttachFile&do=get&target=user-accounts-enterprise.png It separates local and enterprise users. Enterprise users are listed under a heading by their enterprise domain name. Not all domain accounts are listed. Those that are cached in the accounts daemon are listed. * In the case where the local administrative user is managing enterprise accounts through GNOME, the effect is that only those accounts which the local administrator added are listed. * In the case where a network administrator has enabled enterprise logins on the local machine not through GNOME (through kickstart, or command line) and logins from any enterprise account on the given domain is possible, only those accounts which have logged in are listed. User Deletion: For user deletion, the prompt dialog would have slightly different wording for enterprise users. It will indicate that the account won't be deleted, it will only be removed from the local machine.
After discussion in #gnome-design, came up with several a different set of changes and concepts. Allan is doing design for these changes. Mockup: https://dl.dropbox.com/u/5031519/system-settings/user-accounts.png Only parts of this are targetted for 3.6. Notes from discussion: General * Support a lock down option where no left side panel is shown, and only changing the currently logged in account settings are possible. * When 'locked down' change panel title from 'User Accounts' -> 'User Account' Left side list * 3.6: List local, recent/current logins, and explicitly added non-local users in the account list (already done). * 3.6: The list should reflect what the user sees in gdm (already done). * 3.6: For local accounts display the unix user name as the secondary text. This makes it possible to differentiate between users with same display name, but different user names. * 3.6: For non-local accounts display the user@domain/realm as the secondary text. The user's identity consists of the name + domain. * 3.6: Drop checkmark to indicate autologin * Add indicator for currently logged in users Right side panel * 3.6: For non-local accounts remove right side panel options that don't make sense: auto login. * 3.6: For non-local accounts lock down right side fields that are immutable: Name, Account type. * 3.6: Change 'Account type' -> 'Account Type' * Add last logged in field * Add lastlog history button Behavior * Offer way to undo removing a user account. * Be very careful about removing home directories that may be remote, don't offer the option to delete home directory in this case. * 3.6: Removing non-local accounts has nearly identical behavior to removing local accounts with the exception that the account in the domain is obviously not deleted.
note the image in comment 0 shows sectioning by enterprise realm, talking with jimmac, that idea has been dismissed, since it's pretty likely if you have an enterprise realm, that you logged in with it as your primary account.
That's right. Thanks for the clarification. We're not sectioning the names by enterprise domain. That's outdated. Instead we're listing the user name (which contains the domain name) as the secondary text under the name.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new bug report at https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/ Thank you for your understanding and your help.