I created an additional administrator user called 'ipaadmin' through the web UI and deleted the original 'admin' account (wanting to reserve the latter for local use on specific machines). This worked OK until it was time for a routine IPA server upgrade, and that process then broke.
While on reflection I was likely doing something quite inadvisable, I can't help but feel the UI (or some other element of the IPA stack) should either have failed deleting 'admin', or at least told me doing this was a Very Bad Idea.
One can delete the 'admin' account with no more resistance than any other account.
Unable to delete 'admin' account, or lots of warnings that this will wreak havoc upon the realm.
freeipa-server-4.9.3-4.fc34.x86_64
Yes, we should add a list of protected users like there is for protected groups.
i also delete admin user and failed to upgrade.
how can i add admin user again?
Metadata Update from @rcritten: - Issue assigned to rcritten
master:
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1821181
Issue linked to bug 1821181
ipa-4-10:
ipa-4-9:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1821181,https://bugzilla.redhat.com/show_bug.cgi?id=2229712 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1821181)
Log in to comment on this ticket.