From b7924139d895c7ebe019fbfc9c85fed3baae642e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 28 Mar 2008 15:28:28 -0400
Subject: Don't allow the admin user to be removed using the XML-RPC Interface.

If a site really wants it gone then can delete it via LDAP.

439281
---
 ipa-server/xmlrpc-server/funcs.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ipa-server/xmlrpc-server/funcs.py')

diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 11b4e9fb5..5190b09f7 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -1105,6 +1105,8 @@ class IPAServer:
         """
         if not isinstance(uid,basestring) or len(uid) == 0:
             raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER)
+        if uid == "admin":
+            raise ipaerror.gen_exception(ipaerror.INPUT_ADMIN_REQUIRED)
         user = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts)
         if user is None:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
-- 
cgit