Domain admin delegation on Zimbra Open Source

0
1278

There are millions of deployments of Zimbra Open Source Edition around the world. many of them required to assign Domain administration delegation instead giving a user the full global administration access. as far the Zimbra Open Source edition does not have the feature to assign per domain administration which is available on Network Editions only, here is a way to do it on Open Source edition as well.

The following is the step by step:

  1. Create domain_admin_delegation.sh file with the below content under root account:
    vim domain_admin_delegation.sh
  2. Copy this domain_admin_delegation.sh to /opt/zimbra
    cp domain_admin_delegation.sh /opt/zimbra
  3. Change the ownership and permisson of domain_admin_delegation.sh
    chmod +x /opt/zimbra/domain_admin_delegation.sh
    chown zimbra:zimbra /opt/zimbra/domain_admin_delegation.sh
  1. Create a regular user to the domain which need to be managed by a Domain admin.
  1. Run this sript with zimbra user, for example sudotoolbox.com domain admin delegation
    su - zimbra
    ./domain_right.sh sudotoolbox.com admin@sudotoolbox.com

 

(input 1: domain, input 2: domain_admin_email)
(example: domain_admin_delegation.sh domain.tld domainadmin@domain.tld)

####### Script start   ##########

#!/bin/bash
# $1 domain
# $2 email
zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE
zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView
zmprov ma $2 zimbraDomainAdminMaxMailQuota 0
zmprov grantRight domain $1 usr $2 +createAccount
zmprov grantRight domain $1 usr $2 +createAlias
zmprov grantRight domain $1 usr $2 +createCalendarResource
zmprov grantRight domain $1 usr $2 +createDistributionList
zmprov grantRight domain $1 usr $2 +deleteAlias
zmprov grantRight domain $1 usr $2 +listDomain
zmprov grantRight domain $1 usr $2 +domainAdminRights
zmprov grantRight domain $1 usr $2 +configureQuota
zmprov grantRight domain $1 usr $2 set.account.zimbraAccountStatus
zmprov grantRight domain $1 usr $2 set.account.sn
zmprov grantRight domain $1 usr $2 set.account.displayName
zmprov grantRight domain $1 usr $2 set.account.zimbraPasswordMustChange
zmprov grantRight domain $1 usr $2 getDomainQuotaUsage
zmprov grantRight account $2 usr $2 +deleteAccount
zmprov grantRight account $2 usr $2 +getAccountInfo
zmprov grantRight account $2 usr $2 +getAccountMembership
zmprov grantRight account $2 usr $2 +getMailboxInfo
zmprov grantRight account $2 usr $2 +listAccount
zmprov grantRight account $2 usr $2 +removeAccountAlias
zmprov grantRight account $2 usr $2 +renameAccount
zmprov grantRight account $2 usr $2 +setAccountPassword
zmprov grantRight account $2 usr $2 +viewAccountAdminUI
zmprov grantRight account $2 usr $2 +configureQuota

####### Script end  ##########

LEAVE A REPLY