This bug is created as a clone of upstream ticket:
This is related to the ticket #2560 and forked out of it to track just the admin issue.
Things to test:
1. Delete admin from admins group (by default the only user)
2. Delete admins group
3. Add several users to admins group and try to remove all members at once, so:
ipa group-add-member --users=user1,user2 admins
ipa group-remove-member --users=user1,user2,admin admins
Should fail to remove them.
Two new errors were added: LastMemberError and ProtectedEntryError.
Verified using cli and UI with ipa-server-3.0.0-8.el6.x86_64
When deleting and disabling admin - got error -
admin cannot be deleted or disabled because it is the last member of group admins
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.