[HOWTO] Domain Admin rights in Zimbra OSE 8.x
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
Hi guys!
After trying some 3rd party domain admin software i decided try to figure out how can grant domain admin rights to a regular user in Zimbra OSE.
Based on some google search here is my solution..
1: Create a regular user belong to the manageable domain.
2: Run this script from the command line with zimbra user (parameter 1: domain, parameter 2: domain admin email)
(example: domain_right.sh domain.tld domainadmin@domain.tld)
#!/bin/bash
# $1 domain
# $2 email
zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE
zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView
zmprov ma $2 zimbraDomainAdminMaxMailQuota 0
zmprov grantRight domain $1 usr $2 +createAccount
zmprov grantRight domain $1 usr $2 +createAlias
zmprov grantRight domain $1 usr $2 +createCalendarResource
zmprov grantRight domain $1 usr $2 +createDistributionList
zmprov grantRight domain $1 usr $2 +deleteAlias
zmprov grantRight domain $1 usr $2 +listDomain
zmprov grantRight domain $1 usr $2 +domainAdminRights
zmprov grantRight domain $1 usr $2 +configureQuota
zmprov grantRight domain $1 usr $2 set.account.zimbraAccountStatus
zmprov grantRight domain $1 usr $2 set.account.sn
zmprov grantRight domain $1 usr $2 set.account.displayName
zmprov grantRight domain $1 usr $2 set.account.zimbraPasswordMustChange
zmprov grantRight account $2 usr $2 +deleteAccount
zmprov grantRight account $2 usr $2 +getAccountInfo
zmprov grantRight account $2 usr $2 +getAccountMembership
zmprov grantRight account $2 usr $2 +getMailboxInfo
zmprov grantRight account $2 usr $2 +listAccount
zmprov grantRight account $2 usr $2 +removeAccountAlias
zmprov grantRight account $2 usr $2 +renameAccount
zmprov grantRight account $2 usr $2 +setAccountPassword
zmprov grantRight account $2 usr $2 +viewAccountAdminUI
zmprov grantRight account $2 usr $2 +configureQuota
Working perfectly fine with Zimbra OSE 8.x
Even the quota changing working properly
The domain admin user only can see their own domain and nothing else, but can be administrate everything belong that domain.
After trying some 3rd party domain admin software i decided try to figure out how can grant domain admin rights to a regular user in Zimbra OSE.
Based on some google search here is my solution..
1: Create a regular user belong to the manageable domain.
2: Run this script from the command line with zimbra user (parameter 1: domain, parameter 2: domain admin email)
(example: domain_right.sh domain.tld domainadmin@domain.tld)
#!/bin/bash
# $1 domain
# $2 email
zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE
zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView
zmprov ma $2 zimbraDomainAdminMaxMailQuota 0
zmprov grantRight domain $1 usr $2 +createAccount
zmprov grantRight domain $1 usr $2 +createAlias
zmprov grantRight domain $1 usr $2 +createCalendarResource
zmprov grantRight domain $1 usr $2 +createDistributionList
zmprov grantRight domain $1 usr $2 +deleteAlias
zmprov grantRight domain $1 usr $2 +listDomain
zmprov grantRight domain $1 usr $2 +domainAdminRights
zmprov grantRight domain $1 usr $2 +configureQuota
zmprov grantRight domain $1 usr $2 set.account.zimbraAccountStatus
zmprov grantRight domain $1 usr $2 set.account.sn
zmprov grantRight domain $1 usr $2 set.account.displayName
zmprov grantRight domain $1 usr $2 set.account.zimbraPasswordMustChange
zmprov grantRight account $2 usr $2 +deleteAccount
zmprov grantRight account $2 usr $2 +getAccountInfo
zmprov grantRight account $2 usr $2 +getAccountMembership
zmprov grantRight account $2 usr $2 +getMailboxInfo
zmprov grantRight account $2 usr $2 +listAccount
zmprov grantRight account $2 usr $2 +removeAccountAlias
zmprov grantRight account $2 usr $2 +renameAccount
zmprov grantRight account $2 usr $2 +setAccountPassword
zmprov grantRight account $2 usr $2 +viewAccountAdminUI
zmprov grantRight account $2 usr $2 +configureQuota
Working perfectly fine with Zimbra OSE 8.x
Even the quota changing working properly
The domain admin user only can see their own domain and nothing else, but can be administrate everything belong that domain.
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
Thnx @vadonka , it's great work for me on zimbra Ubuntu Server
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
Thank you Vadonka so much! This is wonderful tip. Work perfect on Centos 6.4 + Zimra 8.3.
-
- Posts: 1
- Joined: Sat Sep 13, 2014 2:03 am
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
[quote user="minhhoang"]Thank you Vadonka so much! This is wonderful tip. Work perfect on Centos 6.4 + Zimra 8.3.[/QUOTE]
Excellent.... The Stats Service is not enabled for this user, so it gives an error while logging. How can we settle this issue for the domain designated admin?
BR
Harbir Ghai
Excellent.... The Stats Service is not enabled for this user, so it gives an error while logging. How can we settle this issue for the domain designated admin?
BR
Harbir Ghai
- ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
[quote user="harbirghai"]Excellent.... The Stats Service is not enabled for this user, so it gives an error while logging. How can we settle this issue for the domain designated admin?
[/QUOTE]
Just add
zmprov grantRight global usr account@domain.com +getServiceStatus
ccelis
[/QUOTE]
Just add
zmprov grantRight global usr account@domain.com +getServiceStatus
ccelis
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
Good work!
Where can i find all zimbraAdminConsoleUIComponents?
I find only a file delegatedadmin.txt, where it was writen:
"TODO: document the list of all admin console UI components."
Where can i find all zimbraAdminConsoleUIComponents?
I find only a file delegatedadmin.txt, where it was writen:
"TODO: document the list of all admin console UI components."
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
with zimbra user:
zmprov gar -c ALL
zmprov gar -c ALL
-
- Posts: 17
- Joined: Sun Feb 02, 2014 9:10 pm
[HOWTO] Domain Admin rights in Zimbra OSE 8.x
Hi Sir,
i make changes as per below. however, i can see the Description under notes are greyed out. and we cannot change the description. is there anyway we can enabled that?
thanks
i make changes as per below. however, i can see the Description under notes are greyed out. and we cannot change the description. is there anyway we can enabled that?
thanks
Re: [HOWTO] Domain Admin rights in Zimbra OSE 8.x
Hello,
Is it possible to allow the domain admin to only list the account and change the account password? But admin should not be allowed to create a new account.
Regards,
Prabin
Is it possible to allow the domain admin to only list the account and change the account password? But admin should not be allowed to create a new account.
Regards,
Prabin
- ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
Re: [HOWTO] Domain Admin rights in Zimbra OSE 8.x
Yes, you can. Just read and test the grants in the OP..prabin wrote:Hello,
Is it possible to allow the domain admin to only list the account and change the account password? But admin should not be allowed to create a new account.
Regards,
Prabin
ccelis