Don't allow the admin user to be removed using the XML-RPC Interface.

If a site really wants it gone then can delete it via LDAP.

439281

ipa-python/ipaerror.py

@@ -163,6 +163,11 @@ INPUT_REALM_MISMATCH = gen_error_code(
         0x0006,
         "The realm for the principal does not match the realm for this IPA server.")
 
+INPUT_ADMIN_REQUIRED = gen_error_code(
+        INPUT_CATEGORY,
+        0x0007,
+        "The admin user cannot be deleted.")
+
 #
 # Connection errors
 #

ipa-server/xmlrpc-server/funcs.py

@@ -1105,6 +1105,8 @@ class IPAServer:
         """
         if not isinstance(uid,basestring) or len(uid) == 0:
             raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER)
+        if uid == "admin":
+            raise ipaerror.gen_exception(ipaerror.INPUT_ADMIN_REQUIRED)
         user = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts)
         if user is None:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)