Bug 805233
Summary: | [RFE] Prevent deletion of the last admin | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 6.3 | CC: | jgalipea, mkosek |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-1.el6 | Doc Type: | Enhancement |
Doc Text: |
Feature: Prevent deletion of the last admin
Reason: Administrators were able to accidentally delete a last user from Identity Management Administrators group, which could only be repaired with direct LDAP modification by Directory Manager.
Result (if any): Identity Management does not allow Administrators to delete or disable last member in Administrator group and thus the Identity Management has always at least one active Administrator.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 09:10:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 772645, 840699 |
Description
Dmitri Pal
2012-03-20 17:16:39 UTC
Fixed upstream. master: f8e7b516d923142a23058cb23ee817522686cfe3 Things to test: 1. Delete admin from admins group (by default the only user) 2. Delete admins group 3. Add several users to admins group and try to remove all members at once, so: ipa group-add-member --users=user1,user2 admins ipa group-remove-member --users=user1,user2,admin admins Should fail to remove them. Two new errors were added: LastMemberError and ProtectedEntryError. Verified using cli and UI with ipa-server-3.0.0-8.el6.x86_64 When deleting and disabling admin - got error - admin cannot be deleted or disabled because it is the last member of group admins Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html |