#3354 ipa group-mod setattr allows renaming of admins group - setattr on cn
Closed: Fixed None Opened 11 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=895710 (Red Hat Enterprise Linux 6)

Description of problem:

although --rename is no longer allowed on the admins group ..

# ipa group-show --all --raw admins
  dn: cn=admins,cn=groups,cn=accounts,dc=testrelm,dc=com


you can still setattr on cn and then no longer find, show or modify the admins
group


# ipa group-mod
--setattr="cn=Administrators,cn=users,cn=accounts,dc=testrelm,dc=com" admins
-----------------------
Modified group "admins"
-----------------------
  Group name: administrators,cn=users,cn=accounts,dc=testrelm,dc=com
  Description: Account administrators group
  GID: 1057800000
  Member users: admin


ldap group entry after mod command

# administrators\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dtestrelm\2Cdc\3Dcom, gro
 ups, accounts, testrelm.com
dn: cn=administrators\2Ccn\3Dusers\2Ccn\3Daccounts\2Cdc\3Dtestrelm\2Cdc\3Dcom,
 cn=groups,cn=accounts,dc=testrelm,dc=com
objectClass: top
objectClass: groupofnames
objectClass: posixgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: nestedGroup
description: Account administrators group
gidNumber: 1057800000
member: uid=admin,cn=users,cn=accounts,dc=testrelm,dc=com
ipaUniqueID: cd89534c-5f48-11e2-be06-00215e20311c
cn: administrators,cn=users,cn=accounts,dc=testrelm,dc=com


Version-Release number of selected component (if applicable):
ipa-server-3.0.0-21.el6

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:
admin group renamed

Expected results:
error message stating it is not allowed

Additional info:

Metadata Update from @dpal:
- Issue assigned to tbabej
- Issue set to the milestone: Future Releases

7 years ago

Login to comment on this ticket.

Metadata