Univention Bugzilla – Bug 45508
Make the Office 365 app available on DC backups
Last modified: 2018-08-21 10:09:03 CEST
Currently the Office 365 Connector App can only be installed on a UCS Master. In medium to large environments, services are often moved away from the UCS Master - or even have to run somewhere else because of compliance restrictions. Therefore, running the Office 365 Connector should be possible on other UCS server roles. I guess at least for UCS Backups the required changes shouldn't be that extensive.
The listener module must be able to modify 4 extended attributes of users and 2 extended attributes of groups. An ACL that'd allow host accounts that have the service "univention-office365" to modify those would probably suffice.
After fixing the SSO data replication in bug #45537, the certificate generation was the only thing left that required a dc master connection. As the domain administrator cannot generate a cert with univention-certificate, the machine certificate will be used for the API communication. b1706ed7 Use machine certificate for API connection univention-office365 2.0.0-10A~4.3.0.201807251003
It was decided, to make the app currently only available on DC master and DC backup. When the requirement of availability for DC slave or memberserver arises, please open a separate bug.
OK: host SSL cert usage OK: listener works on dc backup OK: manual functional test: - installed office365 app on dc backup from test appcenter -> works - ran wizard - SSO configuration of Windows 7 client works - create user -> is creates in Azure - set ucs-sso.domain to point to backup, stopped dc master - logged in to office365 through dc backups portal link -> works
App Update released