diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-04-04 17:41:32 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-04 17:41:32 -0400 |
commit | ac5a35086ec2c57ca36a6b746734add51cdb74dd (patch) | |
tree | f11233cb84d99da31412d8ab727072ac5971216a /ipa-server | |
parent | cb4648a8af0cc3298e59fa65f8b42c79524647bc (diff) | |
download | freeipa-ac5a35086ec2c57ca36a6b746734add51cdb74dd.tar.gz freeipa-ac5a35086ec2c57ca36a6b746734add51cdb74dd.tar.xz freeipa-ac5a35086ec2c57ca36a6b746734add51cdb74dd.zip |
Don't allow the admin user to be removed from the admins group.
439281
Diffstat (limited to 'ipa-server')
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 9beb609aa..b28030c78 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1426,6 +1426,10 @@ class IPAServer: old_group = self.get_entry_by_dn(group_dn, None, opts) if old_group is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + if old_group.get('cn') == "admins": + member = self.get_entry_by_dn(member_dn, ['dn','uid'], opts) + if member.get('uid') == "admin": + raise ipaerror.gen_exception(ipaerror.INPUT_ADMIN_REQUIRED_IN_ADMINS) new_group = copy.deepcopy(old_group) if new_group.get('member') is not None: @@ -1475,6 +1479,9 @@ class IPAServer: except ipaerror.exception_for(ipaerror.STATUS_NOT_GROUP_MEMBER): # not a member of the group failed.append(member_dn) + except ipaerror.exception_for(ipaerror.INPUT_ADMIN_REQUIRED_IN_ADMINS): + # Can't remove admin from admins group + failed.append(member_dn) return failed @@ -1612,6 +1619,9 @@ class IPAServer: except ipaerror.exception_for(ipaerror.STATUS_NOT_GROUP_MEMBER): # User is not in the group failed.append(group_dn) + except ipaerror.exception_for(ipaerror.INPUT_ADMIN_REQUIRED_IN_ADMINS): + # Can't remove admin from admins group + failed.append(member_dn) return failed |