Ales Rozmarin via FreeIPA-users wrote:
Hi Guys I'm trying to disable admin user in Freeipa 4.10.2 and I
get this:
user admin cannot be deleted/modified: privileged user
I did create new user with admin privileges add to group admins. But I can't disable
admin user. This worked up to version FreeIPA 4.10.1 but not anymore. anyone know why is
that or how can I disable admin user in 4.10.2.
It looks like an unexpected side-effect of the change in
https://pagure.io/freeipa/issue/8878 which made the admin user undeletable.
The original check ensured that the last member of the admins group
wasn't deleted or disabled. That check now prevents protected users, but
it was only intended to affect delete and not disable.
I filed
https://pagure.io/freeipa/issue/9489 to track this.
rob