|Summary:||[RFE] Prevent deletion of the last admin|
|Product:||Red Hat Enterprise Linux 6||Reporter:||Dmitri Pal <dpal>|
|Component:||ipa||Assignee:||Rob Crittenden <rcritten>|
|Status:||CLOSED ERRATA||QA Contact:||Namita Soman <nsoman>|
|Fixed In Version:||ipa-3.0.0-1.el6||Doc Type:||Enhancement|
Feature: Prevent deletion of the last admin Reason: Administrators were able to accidentally delete a last user from Identity Management Administrators group, which could only be repaired with direct LDAP modification by Directory Manager. Result (if any): Identity Management does not allow Administrators to delete or disable last member in Administrator group and thus the Identity Management has always at least one active Administrator.
|Last Closed:||2013-02-21 09:10:29 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||772645, 840699|
Description Dmitri Pal 2012-03-20 17:16:39 UTC
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/2564 This is related to the ticket #2560 and forked out of it to track just the admin issue.
Comment 1 Rob Crittenden 2012-06-07 19:17:48 UTC
Fixed upstream. master: f8e7b516d923142a23058cb23ee817522686cfe3 Things to test: 1. Delete admin from admins group (by default the only user) 2. Delete admins group 3. Add several users to admins group and try to remove all members at once, so: ipa group-add-member --users=user1,user2 admins ipa group-remove-member --users=user1,user2,admin admins Should fail to remove them. Two new errors were added: LastMemberError and ProtectedEntryError.
Comment 3 Namita Soman 2012-11-27 03:42:27 UTC
Verified using cli and UI with ipa-server-3.0.0-8.el6.x86_64 When deleting and disabling admin - got error - admin cannot be deleted or disabled because it is the last member of group admins
Comment 5 errata-xmlrpc 2013-02-21 09:10:29 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html