During initial experience with IPA, a person accidentally deleted their IPA admin user via the web interface. Put in some safe-guards to prevent this. It's difficult to recreate the admin user. Also this could easily reoccur when the IPA infrastructure rollout is complete, and the day-to-day is turned over to Operations. Brainstorming: - Should we throw an 'are you sure' prompt in the GUI when deleting a certain type of entry - What class of entry we would add to a 'prompt-list' -- admin ? replication ? internal directory entries ? - Prompt for everything maybe ? - Add a setting to toggle prompting ? - Perhaps customer could identify their Admin OU, and the GUI adds it to a prompt-list. Open for debate whether the CLI tool should also follow the same rules as the GUI.
A new ticket #2564 is open to track the prevention of deleting the last admin. This ticket will track the prompting.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=805211
Re: Add a setting to toggle prompting ?
Definitelly. Admins don't like to be treated as childs. I'm sure they appreciate option to disable this check.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.