Results 1 to 7 of 7

Thread: [SOLVED] Can one account be admin of multiple domains?

  1. #1
    Join Date
    Mar 2008
    Location
    Palma, Majorca, Balearic Islands, Spain
    Posts
    44
    Rep Power
    9

    Default [SOLVED] Can one account be admin of multiple domains?

    Hello.

    Is it possible to configure one account to be administrator of multiple domains? I have not been able to find this in the forums or the wiki.

    Thanks in advance.
    Jaume Sabater
    http://linuxsilo.net/

    "Ubi sapientas ibi libertas"

  2. #2
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    10

    Default

    Not that I'm aware of unless you want to make the user an administrator on the system. That would definitely be nice...

  3. #3
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    23

    Default

    5.0.7_GA_2444.DEBIAN4.0 FOSS edition

    Delegated admin is a NE feature (can't tell if you have any).
    A domain administrator can create and maintain accounts, aliases, distribution lists, and calendar resources in a specific domain (they can't currently "view mail" either).

    These are underway for multi-domain delegated admins:
    Bug 6965 - Domain groups > Bug 5254 - Domain Admin can own multiple domains > Bug 5253 - Domain Admin should be able create sub-domains of the domain of which he is owner

    Others:
    Bug 11515 - role based delegate administration
    Bug 13183 - view mail, domain mail queue, and virus update info for domain admins (Might seem like a contradiction to people wanting to keep the current "can't view mail" like Bug 11374 - View Mail: should be possible to disable this for some/all admins but that will be handled in the role based RFE)
    Bug 29102 - expose COS and allow setting COS on account creation for domain admin
    Bug 7742 - Enable domain-specific COS's, manageable by a domain admin

    For FOSS you might set up a SOAP portal, command limited console to run only certain zmprov commands, or a zimlet to hide functionality in the admin console.
    Last edited by mmorse; 07-16-2008 at 10:03 AM.

  4. #4
    Join Date
    Mar 2008
    Location
    Palma, Majorca, Balearic Islands, Spain
    Posts
    44
    Rep Power
    9

    Default

    Quote Originally Posted by mmorse View Post
    5.0.7_GA_2444.DEBIAN4.0 FOSS edition
    It's not for my personal use, but rather for a customer of mine, who uses 5.0.7 Network Edition (but I posted my Open Source Edition in the profile, since the mail in my profile is my personal mail, not work).

    Okay, so it's a feature planned for version 5.5. Thanks, I'll let my customer know (and for myself, too!).

    Thanks!
    Jaume Sabater
    http://linuxsilo.net/

    "Ubi sapientas ibi libertas"

  5. #5
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    23

    Default

    Role based is, but the targets are still unset on the 3 'multi-domain delegated admin' ones.

  6. #6
    Join Date
    Jan 2007
    Location
    Middlesex, UK
    Posts
    40
    Rep Power
    10

    Default

    Greetings

    Delegation of domain admin is what we neeeed!

    Quote Originally Posted by mmorse View Post

    Delegated admin is a NE feature
    How? (please)

    Quote Originally Posted by mmorse View Post
    These are underway for multi-domain delegated admins ....
    Yes please

    Quote Originally Posted by mmorse View Post
    you might set up a SOAP portal, command limited console to run only certain zmprov commands ...
    Is there a how-to on this?

    Thanks for reading
    All that glitters .... oh look, a shiny thing

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    23

    Default

    5.0.6_GA_2314.RHEL4_20080522092131 CentOS4 NETWORK edition
    Delegated admin = domain admin right now.

    (A lot of people want Bug 11515 - role based delegate administration starting off with more settings for what domain admins can/can't do, and morphing into other levels after that.)

    For NE the account simply needs zimbraIsDomainAdminAccount TRUE



    The zimlet reference for FOSS is more of an un-secure 'cloak & dagger' where you give someone full admin, then hide stuff (like all but 2 domains) in the admin console when their account is logged in.

    NE customers can checkout /opt/zimbra/zimlets-network/com_zimbra_domain.zip - you're still protected by ACL's - you can see permissions in /opt/zimbra/conf/attra/zimbra-attrs.xml domainAdminModifiable references.

    You'll definitely want to checkout:
    /opt/zimbra/doc/soap.txt & soap-admin.txt

    There's all sorts of different approaches:
    http://www.zimbra.com/forums/develop...vs-zimbra.html
    http://www.zimbra.com/forums/develop...ss-zimbra.html
    Example: http://www.zimbra.com/forums/6269-post3.html
    With java use the zmmailbox class.

    The limited CLI is in reference to a few utilities out there that can be used to create a shell that can only run pre-determined set of commands, search the web for some.

    There's also a new CLI utility (in 5.0.6 but better implemented in 5.0.7) called zmsoap, which is used for sending ad-hoc SOAP commands to our server. The idea is that you specify the request on the command line in an XPath-inspired syntax, and zmsoap takes care of authenticating, generating the envelope, sending the request, and writing the response to stdout.

    Examples.
    zmsoap -z -e GetAccountInfoRequest/account=user1 -v @by=name
    zmsoap -m user1 -p test123 -u http://localhost:7070/service/soap --type account GetInfoRequest | head
    zmsoap -z -m user1 SearchRequest/query=in:inbox | head
    Code:
    zmsoap [options] <path1> [<path2> ...]                                          
    options                                                                         
      --help (-h)                 Print usage information.                          
      --mailbox (-m) name         Mailbox account name.  mail and account requests  
                                  are sent to this account.  Also used for          
                                  authentication if -a and -z are not specified.    
      --target name               Target account name to which requests will be     
                                  sent.  Only used for non-admin sessions.          
      --admin (-a) name           Admin account name to authenticaste as.           
      --zadmin (-z)               Authenticate with zimbra admin name/password from 
                                  localconfig.                                      
      --password (-p) pass        Password.                                         
      --passfile (-P) path        Read password from file.                          
      --element (-e) path         Root element path.  If specified, all path        
                                  arguments that don't start with a slash (/) are   
                                  relative to this element.                         
      --type (-t) type            SOAP request type (mail, account, admin).         
                                  Default is admin.                                 
      --url (-u) http[s]://...    Server hostname and optional port.                
      --verbose (-v)              Print the SOAP request and other status           
                                  information.                                      
      path [path ...]             Element or attribute path and value.  Roughly     
                                  follows XPath syntax:                             
                                  [/]element1[/element2][/@attr][=value].

Similar Threads

  1. Advanced MTA Configuration - multiple domains
    By keyhman in forum Installation
    Replies: 6
    Last Post: 04-20-2012, 02:23 AM
  2. Allow single account to be domain admin over multiple domains
    By peter@mxtoolbox.com in forum Administrators
    Replies: 2
    Last Post: 03-19-2008, 12:36 PM
  3. Replies: 5
    Last Post: 11-28-2007, 08:51 AM
  4. restore admin account
    By preem in forum Administrators
    Replies: 2
    Last Post: 01-19-2007, 06:56 AM
  5. Multiple domains, single account
    By roastpork in forum Administrators
    Replies: 1
    Last Post: 02-08-2006, 08:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •