Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Negative right to disable ability for domainadmin to create domainadmin accounts?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-24-2011, 03:11 AM
Intermediate Member
  
Posts: 23
Default Negative right to disable ability for domainadmin to create domainadmin accounts?
I would like to revoke the ability for a domainadmin to create (or upgrade an account to be) a domainadministrator.

Is there an attribute right in Zimbra that I can use to achieve this? I have searched the zimbra site, the forums and the Zimbra Admin manual but haven't found an answer to this.

We are currently using Zimbra version 6.0.8.

Thanks
__________________
Reply With Quote
  #2 (permalink)  
Old 01-24-2011, 06:32 AM
Advanced Member
  
Posts: 198
Default
Quote:
Originally Posted by ThomS View Post
I would like to revoke the ability for a domainadmin to create (or upgrade an account to be) a domainadministrator.

Is there an attribute right in Zimbra that I can use to achieve this? I have searched the zimbra site, the forums and the Zimbra Admin manual but haven't found an answer to this.

We are currently using Zimbra version 6.0.8.

Thanks
check if revoking the modifyaccount right for the domain admin will fix the issue.
Reply With Quote
  #3 (permalink)  
Old 01-24-2011, 09:25 AM
fyd fyd is offline
Elite Member
  
Posts: 373
Default
Quote:
Originally Posted by ThomS View Post
domainadmin to create (or upgrade an account to be) a domainadministrator.
Is that a typo? you referring the latter to globaladmin I guess.
Reply With Quote
  #4 (permalink)  
Old 01-25-2011, 02:32 AM
Intermediate Member
  
Posts: 23
Default
Quote:
Originally Posted by fyd View Post
Is that a typo? you referring the latter to globaladmin I guess.
Not a typo, but you are right that it is a weird sentence. What I meant is that I also want to disable the possibility to upgrade a normal user account (non-admin ) to domainadmin.

@Saturdays: thanks for the suggestion. I will check whether this does the trick and let you know.

Thanks so far
__________________
Reply With Quote
  #5 (permalink)  
Old 01-25-2011, 10:58 AM
fyd fyd is offline
Elite Member
  
Posts: 373
Default
Quote:
Originally Posted by ThomS View Post
Not a typo, but you are right that it is a weird sentence. What I meant is that I also want to disable the possibility to upgrade a normal user account (non-admin ) to domainadmin.
Thanks so far
Its better now .. I just played around with domain admin rights, it is a jungle out there. Besides taking away the right to change an account to domain admin status, adding modifyAccount as a negative attribute will take away some other privileges from the domain admin as well like modify account contact details.

But that is the closest I could get. Another one was giving negative attribute with 'setDomainAdminAccountAndCalendarResourceAttrs'

Quote:
I would like to revoke the ability for a domainadmin to create
Under default right, a domain admin won't be able to create a domain admin in the first place, only upgrade the status of a normal account.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.