thanks for your swift reply.
Okay - given the fact that I created several mail domains (not contexts) as described above by you, my thought had been to:
- add all users of a branch to a user group (group-branch-a, group-branch-b let's say)
- add a user (admin-branch-a), and to provide him the right to modify UDM-users or UDM-oxmail, but only limited to the users of the specfifc group
Wouldn't it be possible to limit the "admin" user by using a policy, such as "cn=branch-a,cn=UMC,cn=policies,dc=master,dc=domain" to only see the users of certain (manually created) group ?
Right now I fail to create the corresponding LDAP filter and desired/excluded object classes for such an exercise, specifically which LDAP objects would be the right ones to use within the policy.
Even if it's not out of the box, it should do the trick, or am I missing something ?
Thanks in advance.