1. Proposed title of this feature request [RFE] Delete operation protection for admin user 2. Who is the customer behind the request? Account: 5584962 - Sberbank Rossii OAO TAM customer: yes CSM customer: no Strategic: yes 3. What is the nature and description of the request? An user belonging to the admin group can delete the admin user, even though this is not a supported operation. Such an operation can be performed by mistake and recovering requires manual steps. 4. Why does the customer need this? (List the business requirements here) While we do rely on common sense, human mistake can happen, especially in a large organization. Having a way to avoid getting in this situation can potentially save a lot of time. 5. How would the customer like to achieve this? (List the functional requirements here) Being able to prevent the admin user to be deleted. 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Try to delete admin user from a user in the admin group. 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? As soon as possible 9. Is the sales team involved in this request and do they have any additional input? This is one of the requests that Sberbank raised as part of a large escalation around their overall dissatisfaction about IPA's stability and reliability. 10. List any affected packages or components. 11. Would the customer be able to assist in testing this functionality if implemented? Yes
Thank you taking your time and submitting this request for Red Hat Enterprise Linux 7. Unfortunately, this RFE cannot be kept even as a stretch goal and is moved to RHEL8 for proper evaluation.
RHEL 7.9 is already near the end of a development phase and this bug cannot be kept for 7.9, hence it is moved to RHEL 8 for proper evaluation and planning.
*** Bug 2003877 has been marked as a duplicate of this bug. ***
Upstream ticket: https://pagure.io/freeipa/issue/8878
Fixed upstream master: https://pagure.io/freeipa/c/dea35922cd086883c0699646ec39fdef8f0ba579
Fixed upstream ipa-4-10: https://pagure.io/freeipa/c/4b02322fc786ee9caaa0380659507a2cec0d4101 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/f215d3f45396fa29bdd69f56096b50842df14908
Additional fix for the webui test: master: https://pagure.io/freeipa/c/e49ec1048db85f514e2db5960f773e5d56fa0cec
Additional fix for the webui test: ipa-4-10: https://pagure.io/freeipa/c/13d5e88eb4ebb7a0132cbb050a9d230304ecbcff ipa-4-9: https://pagure.io/freeipa/c/7d62d84bdd3c2acd2f4bf70bb5fabf14c72e8ee7
Pre-verified using automation from test_webui/test_user.py with ipa-server-4.9.12-6.module+el8.9.0+19634+c162f948.x86_64 Failed test_webui/test_user.py::test_user::()::test_certificate_serial Passed test_webui/test_user.py::test_user::()::test_crud Passed test_webui/test_user.py::test_user::()::test_associations Passed test_webui/test_user.py::test_user::()::test_indirect_associations Passed test_webui/test_user.py::test_user::()::test_actions Passed test_webui/test_user.py::test_user::()::test_certificates Passed test_webui/test_user.py::test_user::()::test_password_expiration_notification Passed test_webui/test_user.py::test_user::()::test_grace_login_limit Passed test_webui/test_user.py::test_user::()::test_login_without_username Passed test_webui/test_user.py::test_user::()::test_disable_delete_admin Passed test_webui/test_user.py::test_user::()::test_add_user_special Passed test_webui/test_user.py::test_user::()::test_add_delete_undo_reset_multivalue Passed test_webui/test_user.py::test_user::()::test_user_misc Passed test_webui/test_user.py::test_user::()::test_menu_click_minimized_window Passed test_webui/test_user.py::test_user::()::test_enabled_by_default Passed test_webui/test_user.py::test_user_no_private_group::()::test_noprivate_nonposix Passed test_webui/test_user.py::test_user_no_private_group::()::test_noprivate_posix Passed test_webui/test_user.py::test_user_no_private_group::()::test_noprivate_gidnumber Passed test_webui/test_user.py::TestLifeCycles::()::test_life_cycles Passed test_webui/test_user.py::TestSSHkeys::()::test_ssh_keys The failure in test_certificate_serial is a known issue. Marking as pre-verified - tested.