Ales Rozmarin via FreeIPA-users wrote:
Hi Guys I'm trying to disable admin user in Freeipa 4.10.2 and I get this:
user admin cannot be deleted/modified: privileged user
I did create new user with admin privileges add to group admins. But I can't disable admin user. This worked up to version FreeIPA 4.10.1 but not anymore. anyone know why is that or how can I disable admin user in 4.10.2.
It looks like an unexpected side-effect of the change in https://pagure.io/freeipa/issue/8878 which made the admin user undeletable.
The original check ensured that the last member of the admins group wasn't deleted or disabled. That check now prevents protected users, but it was only intended to affect delete and not disable.
I filed https://pagure.io/freeipa/issue/9489 to track this.
rob