But I have another client where the whole point of the system is to have multiple domains that share a list of users. That is, the same user and groups will apply to www.abc.org, www.def.org, and www.ghi.org -- but the contents and design of the three sites will be different.I am working on exactly this problem with Greenpeace International, which is made more complex by the fact that we're talking about countries, which means the various subsites are to be presented in different languages. We're basing our work on OpenACS 4.5.
The basic mechanism which is available is acs-subsite. You can mount as many subsites under the main subsite as you wish, and then - as Simon suggests - use the site-node mapping feature to point your various domain names to the appropriate subsite.
You can change the look and feel of each mounted acs-subsite instance by changing the "default master" parameter to a subsite-specific master. This master will let you wrap custom headers and footers, and if you use a table for the page, custom column elements. For instance you could have a leftmost column nav widget that's customized for each subsite, with content from the OpenACS 4.5 packages put in the right column.
And of course each master can define its own CSS stylesheet.
This alone gives you considerable power to change the look and feel for each subsite.
In the case of Greenpeace, this isn't quite sufficient so we're providing a mechanism to allow the mapping of arbitrary custom templates to arbitrary package pages. I have some ideas for generalizing this in the future for use in the standard toolkit, but frankly I think 90% of folks needs can be met by the process I describe above using subsite-specific default master templates.
Currently all users in OpenACS 4.5 have access to all subsites. There's a special "membership" group in acs-subsite that allows the segregation of folks by subsite, but this isn't interwoven into the various packages at this point in time. However, it sounds like you want everyone to have access to each subsite. You can control access further by use of permissions ...