"when I do that, all domain owners can then see the domain mapping functions in their site."
Domain Mapping - /wp-admin/network/settings.php?page=dm_admin_page has a checkbox for "User domain mapping page".
I have domain_mapping.php in wp-content/mu-plugins/ since it is a "must use" plugin, don't want to ever deactivate it. (And sunrise.php must be in wp-content/ ). If you want some sites to be able to do their own mapping, but not others, put domain_mapping.php in the normal place (I haven't done this, probably wp-content/plugins/wordpress-mu-domain-mapping/ )
Wildcard DNS (*.domainname) works fine with cPanel-created sub-domains; I have both. Seems that "actual sub-domains" take precedence over the "virtual sub-domains" of wildcard DNS. Easier than editing Apache conf, and works for people who don't have access to editing that. Just don't make WordPress sites with the same "virtual sub-domain name" as an actual sub-domain.