How to tackle delegation in 2.1.15

Diego Rivera lrivera at racsa.co.cr
Sun Oct 26 13:09:33 EST 2003 

Hello all,

I'm seeking to implement a server with virtual domains, using one
postfix instance (with LDAP-based lookup tables, virtual_alias_maps,
etc), multiple cyrus instances (one per VD), and perdition as the
gateway to the different cyrus instances so that a single IP address can
be used.  SMTP/(SSL|TLS) is working perfectly, as is
(IMAP|POP)/(SSL|TLS).

Users log in using their full e-mail address.

The setup works quite nicely, but it's not as "beautiful" as I'd like :P

What I'd REALLY like to do is go with a single cyrus-imap instance
(which I COULD do).  But if I do that, my problem becomes: how can I
delegate administration for a particular set of users to a particular
user?

I.e., let the user 'admin at domain.com' have admin rights on every user
who ends with '@domain.com', but NOT on users who end with '@site.org'.

Is this even possible in 2.1.15?  I realize that granting or denying ACL
rights to the admin user at a granular per-mailbox level might be a way
to do it, but this would clearly become a maintenance nightmare.

I realize 2.2 has more robust VD support (and possibly all I want), but
it's beta quality.  The customer this system is for got burned REALLY
bad with Oracle Collaboration Suite (10 months of trying and the vendor
couldn't make it work right), so BETA level code is a non-option at this
time (zero risk tolerance).

Suggestions?  Options?

What I like about the multi-instance approach is the "hard" boundary
between domain admins.  If such a delegation approach is possible on
2.1.15, would this approach also keep similarly hard boundaries between
admins?

Best

Diego
-- 
===========================================================
* Diego Rivera                                            *
*                                                         *
* "The Disease: Windows, the cure: Linux"                 *
*                                                         *
* E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
* Replace: <AT>='@', <DOT>='.'                            *
*                                                         *
* GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
* GPG Public Key avaliable at: http://pgp.mit.edu         *
===========================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20031026/7cd9023c/attachment.bin

More information about the Info-cyrus mailing list