Results 1 to 7 of 7

Thread: [SOLVED] Can one account be admin of multiple domains?

  1. #1
    jsabater's Avatar
    jsabater is offline Active Member
    Join Date
    Mar 2008
    Location
    Palma, Majorca, Balearic Islands, Spain
    Posts
    44
    Rep Power
    7

    Default [SOLVED] Can one account be admin of multiple domains?

    Hello.

    Is it possible to configure one account to be administrator of multiple domains? I have not been able to find this in the forums or the wiki.

    Thanks in advance.
    Jaume Sabater
    http://linuxsilo.net/

    "Ubi sapientas ibi libertas"

  2. #2
    y@w's Avatar
    y@w
    y@w is offline Moderator
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Not that I'm aware of unless you want to make the user an administrator on the system. That would definitely be nice...

  3. #3
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    5.0.7_GA_2444.DEBIAN4.0 FOSS edition

    Delegated admin is a NE feature (can't tell if you have any).
    A domain administrator can create and maintain accounts, aliases, distribution lists, and calendar resources in a specific domain (they can't currently "view mail" either).

    These are underway for multi-domain delegated admins:
    Bug 6965 - Domain groups > Bug 5254 - Domain Admin can own multiple domains > Bug 5253 - Domain Admin should be able create sub-domains of the domain of which he is owner

    Others:
    Bug 11515 - role based delegate administration
    Bug 13183 - view mail, domain mail queue, and virus update info for domain admins (Might seem like a contradiction to people wanting to keep the current "can't view mail" like Bug 11374 - View Mail: should be possible to disable this for some/all admins but that will be handled in the role based RFE)
    Bug 29102 - expose COS and allow setting COS on account creation for domain admin
    Bug 7742 - Enable domain-specific COS's, manageable by a domain admin

    For FOSS you might set up a SOAP portal, command limited console to run only certain zmprov commands, or a zimlet to hide functionality in the admin console.
    Last edited by mmorse; 07-16-2008 at 10:03 AM.

  4. #4
    jsabater's Avatar
    jsabater is offline Active Member
    Join Date
    Mar 2008
    Location
    Palma, Majorca, Balearic Islands, Spain
    Posts
    44
    Rep Power
    7

    Default

    Quote Originally Posted by mmorse View Post
    5.0.7_GA_2444.DEBIAN4.0 FOSS edition
    It's not for my personal use, but rather for a customer of mine, who uses 5.0.7 Network Edition (but I posted my Open Source Edition in the profile, since the mail in my profile is my personal mail, not work).

    Okay, so it's a feature planned for version 5.5. Thanks, I'll let my customer know (and for myself, too!).

    Thanks!
    Jaume Sabater
    http://linuxsilo.net/

    "Ubi sapientas ibi libertas"

  5. #5
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Role based is, but the targets are still unset on the 3 'multi-domain delegated admin' ones.

  6. #6
    William's Avatar
    William is offline Active Member
    Join Date
    Jan 2007
    Location
    Middlesex, UK
    Posts
    40
    Rep Power
    8

    Default

    Greetings

    Delegation of domain admin is what we neeeed!

    Quote Originally Posted by mmorse View Post

    Delegated admin is a NE feature
    How? (please)

    Quote Originally Posted by mmorse View Post
    These are underway for multi-domain delegated admins ....
    Yes please

    Quote Originally Posted by mmorse View Post
    you might set up a SOAP portal, command limited console to run only certain zmprov commands ...
    Is there a how-to on this?

    Thanks for reading
    All that glitters .... oh look, a shiny thing

  7. #7
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    5.0.6_GA_2314.RHEL4_20080522092131 CentOS4 NETWORK edition
    Delegated admin = domain admin right now.

    (A lot of people want Bug 11515 - role based delegate administration starting off with more settings for what domain admins can/can't do, and morphing into other levels after that.)

    For NE the account simply needs zimbraIsDomainAdminAccount TRUE



    The zimlet reference for FOSS is more of an un-secure 'cloak & dagger' where you give someone full admin, then hide stuff (like all but 2 domains) in the admin console when their account is logged in.

    NE customers can checkout /opt/zimbra/zimlets-network/com_zimbra_domain.zip - you're still protected by ACL's - you can see permissions in /opt/zimbra/conf/attra/zimbra-attrs.xml domainAdminModifiable references.

    You'll definitely want to checkout:
    /opt/zimbra/doc/soap.txt & soap-admin.txt

    There's all sorts of different approaches:
    PHP SOAP vs Zimbra
    Perl Module to simplify SOAP access to Zimbra
    Example: Create user with SOAP
    With java use the zmmailbox class.

    The limited CLI is in reference to a few utilities out there that can be used to create a shell that can only run pre-determined set of commands, search the web for some.

    There's also a new CLI utility (in 5.0.6 but better implemented in 5.0.7) called zmsoap, which is used for sending ad-hoc SOAP commands to our server. The idea is that you specify the request on the command line in an XPath-inspired syntax, and zmsoap takes care of authenticating, generating the envelope, sending the request, and writing the response to stdout.

    Examples.
    zmsoap -z -e GetAccountInfoRequest/account=user1 -v @by=name
    zmsoap -m user1 -p test123 -u http://localhost:7070/service/soap --type account GetInfoRequest | head
    zmsoap -z -m user1 SearchRequest/query=in:inbox | head
    Code:
    zmsoap [options] <path1> [<path2> ...]                                          
    options                                                                         
      --help (-h)                 Print usage information.                          
      --mailbox (-m) name         Mailbox account name.  mail and account requests  
                                  are sent to this account.  Also used for          
                                  authentication if -a and -z are not specified.    
      --target name               Target account name to which requests will be     
                                  sent.  Only used for non-admin sessions.          
      --admin (-a) name           Admin account name to authenticaste as.           
      --zadmin (-z)               Authenticate with zimbra admin name/password from 
                                  localconfig.                                      
      --password (-p) pass        Password.                                         
      --passfile (-P) path        Read password from file.                          
      --element (-e) path         Root element path.  If specified, all path        
                                  arguments that don't start with a slash (/) are   
                                  relative to this element.                         
      --type (-t) type            SOAP request type (mail, account, admin).         
                                  Default is admin.                                 
      --url (-u) http[s]://...    Server hostname and optional port.                
      --verbose (-v)              Print the SOAP request and other status           
                                  information.                                      
      path [path ...]             Element or attribute path and value.  Roughly     
                                  follows XPath syntax:                             
                                  [/]element1[/element2][/@attr][=value].

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Advanced MTA Configuration - multiple domains
    By keyhman in forum Installation
    Replies: 6
    Last Post: 04-20-2012, 02:23 AM
  2. Allow single account to be domain admin over multiple domains
    By peter@mxtoolbox.com in forum Administrators
    Replies: 2
    Last Post: 03-19-2008, 12:36 PM
  3. Replies: 5
    Last Post: 11-28-2007, 09:51 AM
  4. restore admin account
    By preem in forum Administrators
    Replies: 2
    Last Post: 01-19-2007, 07:56 AM
  5. Multiple domains, single account
    By roastpork in forum Administrators
    Replies: 1
    Last Post: 02-08-2006, 09:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •