group-mod should not allow potentially dangerous actions like --rename or maybe also --external changes made to the admins group.
group-mod
--rename
--external
admins
Otherwise, admin users may get a restricted access to DIT as our ACIs requires admins group to have a fixed name (and DN).
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=860683
master: 682edbf[[BR]] ipa-3-0: 22211c2
Metadata Update from @mkosek: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.0 RC2
Login to comment on this ticket.