Hello.
Is it possible to configure one account to be administrator of multiple domains? I have not been able to find this in the forums or the wiki.
Thanks in advance.
LinkBack URL
About LinkBacks
Active Member
[SOLVED] Can one account be admin of multiple domains?
Hello.
Is it possible to configure one account to be administrator of multiple domains? I have not been able to find this in the forums or the wiki.
Thanks in advance.
Moderator
Not that I'm aware of unless you want to make the user an administrator on the system. That would definitely be nice...
Moderator
5.0.7_GA_2444.DEBIAN4.0 FOSS edition
Delegated admin is a NE feature (can't tell if you have any).
A domain administrator can create and maintain accounts, aliases, distribution lists, and calendar resources in a specific domain (they can't currently "view mail" either).
These are underway for multi-domain delegated admins:
Bug 6965 - Domain groups > Bug 5254 - Domain Admin can own multiple domains > Bug 5253 - Domain Admin should be able create sub-domains of the domain of which he is owner
Others:
Bug 11515 - role based delegate administration
Bug 13183 - view mail, domain mail queue, and virus update info for domain admins (Might seem like a contradiction to people wanting to keep the current "can't view mail" like Bug 11374 - View Mail: should be possible to disable this for some/all admins but that will be handled in the role based RFE)
Bug 29102 - expose COS and allow setting COS on account creation for domain admin
Bug 7742 - Enable domain-specific COS's, manageable by a domain admin
For FOSS you might set up a SOAP portal, command limited console to run only certain zmprov commands, or a zimlet to hide functionality in the admin console.
Last edited by mmorse; 07-16-2008 at 10:03 AM.
-Mike Morse (MCode151)
ZCS-to-ZCS Migrations & Moves | Admin Tools & Tidbits » ZimbraBlog.com | ZimbraCommunity.com
Active Member
It's not for my personal use, but rather for a customer of mine, who uses 5.0.7 Network Edition (but I posted my Open Source Edition in the profile, since the mail in my profile is my personal mail, not work).Originally Posted by mmorse
Okay, so it's a feature planned for version 5.5. Thanks, I'll let my customer know (and for myself, too!).These are underway for multi-domain delegated admins:
Bug 6965 - Domain groups > Bug 5254 - Domain Admin can own multiple domains > Bug 5253 - Domain Admin should be able create sub-domains of the domain of which he is owner
Thanks!
Moderator
Role based is, but the targets are still unset on the 3 'multi-domain delegated admin' ones.
-Mike Morse (MCode151)
ZCS-to-ZCS Migrations & Moves | Admin Tools & Tidbits » ZimbraBlog.com | ZimbraCommunity.com
Active Member
Greetings
Delegation of domain admin is what we neeeed!
How? (please)
Yes please
Is there a how-to on this?
Thanks for reading
All that glitters .... oh look, a shiny thing
Moderator
5.0.6_GA_2314.RHEL4_20080522092131 CentOS4 NETWORK edition
Delegated admin = domain admin right now.
(A lot of people want Bug 11515 - role based delegate administration starting off with more settings for what domain admins can/can't do, and morphing into other levels after that.)
For NE the account simply needs zimbraIsDomainAdminAccount TRUE
The zimlet reference for FOSS is more of an un-secure 'cloak & dagger' where you give someone full admin, then hide stuff (like all but 2 domains) in the admin console when their account is logged in.
NE customers can checkout /opt/zimbra/zimlets-network/com_zimbra_domain.zip - you're still protected by ACL's - you can see permissions in /opt/zimbra/conf/attra/zimbra-attrs.xml domainAdminModifiable references.
You'll definitely want to checkout:
/opt/zimbra/doc/soap.txt & soap-admin.txt
There's all sorts of different approaches:
PHP SOAP vs Zimbra
Perl Module to simplify SOAP access to Zimbra
Example: Create user with SOAP
With java use the zmmailbox class.
The limited CLI is in reference to a few utilities out there that can be used to create a shell that can only run pre-determined set of commands, search the web for some.
There's also a new CLI utility (in 5.0.6 but better implemented in 5.0.7) called zmsoap, which is used for sending ad-hoc SOAP commands to our server. The idea is that you specify the request on the command line in an XPath-inspired syntax, and zmsoap takes care of authenticating, generating the envelope, sending the request, and writing the response to stdout.
Examples.
zmsoap -z -e GetAccountInfoRequest/account=user1 -v @by=name
zmsoap -m user1 -p test123 -u http://localhost:7070/service/soap --type account GetInfoRequest | head
zmsoap -z -m user1 SearchRequest/query=in:inbox | head
Code:zmsoap [options] <path1> [<path2> ...] options --help (-h) Print usage information. --mailbox (-m) name Mailbox account name. mail and account requests are sent to this account. Also used for authentication if -a and -z are not specified. --target name Target account name to which requests will be sent. Only used for non-admin sessions. --admin (-a) name Admin account name to authenticaste as. --zadmin (-z) Authenticate with zimbra admin name/password from localconfig. --password (-p) pass Password. --passfile (-P) path Read password from file. --element (-e) path Root element path. If specified, all path arguments that don't start with a slash (/) are relative to this element. --type (-t) type SOAP request type (mail, account, admin). Default is admin. --url (-u) http[s]://... Server hostname and optional port. --verbose (-v) Print the SOAP request and other status information. path [path ...] Element or attribute path and value. Roughly follows XPath syntax: [/]element1[/element2][/@attr][=value].
-Mike Morse (MCode151)
ZCS-to-ZCS Migrations & Moves | Admin Tools & Tidbits » ZimbraBlog.com | ZimbraCommunity.com
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
