Hello Jeroen, I have looked at the permissions of domain admins in LDAP in more detail. In a default installation of Kolab3, this is how the permissions on cn=kolab,cn=config look like (domains added with webadmin): [root@kolab ~]# ldapsearch -x -h localhost -D "cn=Directory Manager" -w "test" -b "cn=kolab,cn=config" \* nsRole # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: * nsRole # # kolab, config dn: cn=kolab,cn=config objectClass: top objectClass: extensibleobject cn: kolab aci: (targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare, search)(userdn = "ldap:///uid=kolab-service,ou=Special Users,dc=test,dc=tbits ,dc=net");) # test.tbits.net, kolab, config dn: associateddomain=test.tbits.net,cn=kolab,cn=config objectClass: top objectClass: domainrelatedobject associatedDomain: test.tbits.net aci: (targetattr = "*") (version 3.0;acl "Read Access for test.tbits.net Users ";allow (read,compare,search)(userdn = "ldap:///dc=test,dc=tbits,dc=net??sub? (objectclass=*)");) # test2.tbits.net, kolab, config dn: associateddomain=test2.tbits.net,cn=kolab,cn=config objectClass: top objectClass: domainrelatedobject associatedDomain: test2.tbits.net # test3.tbits.net, kolab, config dn: associateddomain=test3.tbits.net,cn=kolab,cn=config objectClass: top objectClass: domainrelatedobject associatedDomain: test3.tbits.net # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4 I have tried, a user from eg. test2.tbits.net with role kolab-admin does not have read permissions on cn=kolab,cn=config. I now have modified my previous patch, and now when setting permissions for a domain admin on another domain, I will add the permissions through acl (similar to "Read Access for test.tbits.net Users" above) so that the domain admin can see the other domain. I have updated my patch here: https://gist.github.com/tpokorra/5244642#file-patchmultidomainadmins-patch And the branch off git master is here: https://github.com/tpokorra/kolab-wap/commits/admin_for_multiple_domains_V2 It does not read the kolab.conf file anymore. I also tried to follow your other suggestions from your comments. Please let me know what you think. Thanks, Timotheus On 23 April 2013 13:27, Timotheus Pokorra wrote: > Hello Jeroen, > > thank you for your comments. > They make good sense, and some answer or confirm questions that I had myself. > > I have tried to work on it this week, but I am getting distracted by > other projects. > > I have tried to avoid using kolab.conf for the domain names, made some > progress, but have not found a presentable solution yet. > I will let you know next week. > > All the best, > Timotheus > > > > On 20 April 2013 13:17, Jeroen van Meeuwen (Kolab Systems) > wrote: >> On 2013-04-17 09:08, Timotheus Pokorra wrote: >>> Hello, >>> >>> I hope I have changed as little as possible, and not broken anything >>> else. >>> >>> Please let me know what you think! >>> >> >> Hi Timotheus, >> >> I've placed some inline comments on some of the code snippets at >> https://github.com/tpokorra/kolab-wap/commit/1b70df580177e8f7a86b50adab51b9e244d9106e >> >> Kind regards, >> >> Jeroen van Meeuwen >> >> -- >> Systems Architect, Kolab Systems AG >> >> e: vanmeeuwen at kolabsys.com >> m: +44 74 2516 3817 >> w: http://www.kolabsys.com >> >> pgp: 9342 BF08 >> >> _______________________________________________ >> Kolab-devel mailing list >> Kolab-devel@kolab.org >> https://www.intevation.de/mailman/listinfo/kolab-devel _______________________________________________ Kolab-devel mailing list Kolab-devel@kolab.org https://www.intevation.de/mailman/listinfo/kolab-devel