First Last Prev Next    This bug is not in your last search results.
Bug 55984 - [MS365] Azure attribute mobilePhone is filtered by connector, although it can be set via API
[MS365] Azure attribute mobilePhone is filtered by connector, although it can...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Office 365
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Johannes Lohmer
Julia Bremer
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-04-18 22:42 CEST by Erik Damrose
Modified: 2023-05-31 15:56 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023040321000655
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2023-04-18 22:42:31 CEST 
When a mapping for the ldap attribute 'mobile' to the Azure attribute 'mobilePhone' is configured with UCR office365/attributes/mapping/mobile=mobilePhone the number is not synced to Azure.

The reason is, that the connector filters the attribute. If the attribute is not filtered, the Azure object is updated correctly and the phone number appears correctly:

diff --git modules/univention/office365/microsoft/objects/azureobjects.py modules/univention/office365/microsoft/objects/azureobjects.py
index 268704a..14e5ccc 100644
--- modules/univention/office365/microsoft/objects/azureobjects.py
+++ modules/univention/office365/microsoft/objects/azureobjects.py
@@ -402,7 +402,7 @@ class UserAzure(AzureObject):
                # type: ('AzureObject') -> Dict[str, Any]
                """"""
                data = (self - other).get_not_none_values_as_dict()
-               can_only_be_created_not_modified = ["mobilePhone", "passwordProfile", "id", "assignedLicenses"]
+               can_only_be_created_not_modified = ["passwordProfile", "id", "assignedLicenses"]
                for attrib in can_only_be_created_not_modified:
                        if attrib in data:
                                # read text at beginning delete_user()

To help in support cases, we should log when an attribute is filtered by the connector.

There is also a test which claims to test to sync all attributes, it should be adapted. 07_udm_user_max_prop_sync_multi_adconnection.py

[1] https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
Comment 2 Johannes Lohmer univentionstaff 2023-05-08 14:59:57 CEST 
fix: mobilePhone should not be removed from modlist

We remove some attributes from the modlist, which can not be modified
after initial user creation but mobilePhone is not one of them.
`mobilePhone` can be modified at leasure with the MSGraphApi and now
we also allow that.
Comment 3 Julia Bremer univentionstaff 2023-05-31 15:56:40 CEST 
Has been released
First Last Prev Next    This bug is not in your last search results.