I looked over the Multi Server PDF to see if any form of distributed administration was addressed, but came through empty handed. I plan to migrate multiple domains that we host on one iPlanet server to Zimbra. We're currently in the testing phase to see if Zimbra meets our requirements. The one key question for us regards mimicking the distributed administration in iPlanet. Our organization is made up of 33 domains who contract with us to provide them with mail. However, the last thing in the world we want to do is administer their users and mail lists. In iPlanet we can provide them with their own administrator that only controls their domain. So for example:

UN: westerly_admin@westerly.ourdomain.org

can only administer/view users and lists/groups in the westerly.ourdomain.org domain.

UN: easterly_admin@easterly.ourdomain.org

can only administer/view users and lists/groups in the easterly.ourdomain.org domain.

and...

UN: root_admin@central.ourdomain.org

can administer/view EVERYONE in all domains


It seems to me that this would be possible in Zimbra since you can create multiple admins. But I haven't seen anywhere to create access lists that restrict an admin to only be able to view their own domain's resources. If it's not possible to do this, I am considering running multiple Zimbra servers on Xen VMs (I'm currently testing Zimbra in a Fedora Core 4 Xen VM) and just giving each domain their own full Zimbra server. However, I'd like to avoid that since it will cost me a lot in RAM... I want to keep this all on one box since we really have a small number of mail users (about 2000) and I don't see actually dedicating multiple boxes for mail. Hence the Xen VM option. Any suggestions?