The admins group cannot be renamed.

433880
author: Rob Crittenden <rcritten@redhat.com> 2008-02-27 10:50:17 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2008-02-27 10:50:17 -0500
commit: f49ed705b3040cb1b098341ccb1cdac34d21d8db (patch)
tree: c7e84c572c7648b9738ef52f4b5d48593da21e0f
parent: f02b5c196221d487b201f78a492038089962bd9e (diff)
download: freeipa-f49ed705b3040cb1b098341ccb1cdac34d21d8db.tar.gz
freeipa-f49ed705b3040cb1b098341ccb1cdac34d21d8db.tar.xz
freeipa-f49ed705b3040cb1b098341ccb1cdac34d21d8db.zip
2 files changed, 8 insertions, 0 deletions
diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py
index c5ed7e778..8a47ead88 100644
--- a/ipa-python/ipaerror.py
+++ b/ipa-python/ipaerror.py
@@ -148,6 +148,11 @@ INPUT_NOT_DNS_A_RECORD = gen_error_code(
         0x0003,
         "The requested hostname is not a DNS A record. This is required by Kerberos.")
 
+INPUT_ADMINS_IMMUTABLE = gen_error_code(
+        INPUT_CATEGORY,
+        0x0004,
+        "The admins group cannot be renamed.")
+
 #
 # Connection errors
 #
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index a2031eca9..6bd404012 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -1518,6 +1518,9 @@ class IPAServer:
         if isinstance(newcn, str):
             newcn = [newcn]
 
+        if "admins" in oldcn:
+            raise ipaerror.gen_exception(ipaerror.INPUT_ADMINS_IMMUTABLE)
+
         oldcn.sort()
         newcn.sort()
         if oldcn != newcn:
author	Rob Crittenden <rcritten@redhat.com>	2008-02-27 10:50:17 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2008-02-27 10:50:17 -0500
commit	f49ed705b3040cb1b098341ccb1cdac34d21d8db (patch)
tree	c7e84c572c7648b9738ef52f4b5d48593da21e0f
parent	f02b5c196221d487b201f78a492038089962bd9e (diff)
download	freeipa-f49ed705b3040cb1b098341ccb1cdac34d21d8db.tar.gz freeipa-f49ed705b3040cb1b098341ccb1cdac34d21d8db.tar.xz freeipa-f49ed705b3040cb1b098341ccb1cdac34d21d8db.zip