From 682edbf2152aa2dce2f6350226bffc6ebc2526c1 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Tue, 25 Sep 2012 08:14:57 -0400
Subject: Restrict admins group modifications

Group-mod command no longer allows --rename and/or --external
changes made to the admins group. In such cases, ProtectedEntryError
is being raised.

https://fedorahosted.org/freeipa/ticket/3098
---
 ipalib/errors.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ipalib/errors.py')

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 31fc14ea4..7bf267290 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1659,18 +1659,18 @@ class LastMemberError(ExecutionError):
 
 class ProtectedEntryError(ExecutionError):
     """
-    **4309** Raised when an entry being deleted is protected
+    **4309** Raised when an entry being deleted or modified in a forbidden way is protected
 
     For example:
     >>> raise ProtectedEntryError(label=u'group', key=u'admins', reason=_(u'privileged group'))
     Traceback (most recent call last):
       ...
-    ProtectedEntryError: group admins cannot be deleted: privileged group
+    ProtectedEntryError: group admins cannot be deleted/modified: privileged group
 
     """
 
     errno = 4309
-    format = _('%(label)s %(key)s cannot be deleted: %(reason)s')
+    format = _('%(label)s %(key)s cannot be deleted/modified: %(reason)s')
 
 
 ##############################################################################
-- 
cgit