Univention Bugzilla – Bug 40357
extend ad connector mapping for syncing mailAlternativeAddress attributes
Last modified: 2020-07-09 10:05:45 CEST
The ad connector mapping should be extended that mailAlternativeAddress are also syncronised to AD. The attribute "proxyAddresses" in AD should be suitable for the UCS attribute "mailAlternativeAddress". This feature could be done by adding the following part to /etc/univention/connector/ad/mapping: 'mailAlternativeAddress': univention.connector.attribute ( ucs_attribute='mailAlternativeAddress', ldap_attribute='mailAlternativeAddress', con_attribute='proxyAddresses', ), This Bug is also needed in "UCS<->AD with MS Exchange" environments. But there can be additional requirements in case of the MS Exchange version. In some MS Exchange versions (eg. MS Exchange 2013), the value of a created MS Exchange account in the proxyAddresses will look like "smtp:mail@example.com" instead of "mail@example.com". MS Exchange need this to map a mail address to a mail account. But this behaviour can not be handled by the part above. There has to be a better solution for this issue.
requested by customer Ticket#2015120821000628
The package with the updated mapping has been built in errata4.1-1. There is a new pair of UCR variables to activate this for users and group individually: connector/ad/mapping/user/alternativemail and connector/ad/mapping/group/alternativemail. Ad the corresponding pair for primarymail, these two new variables are set by univention-ad-connector-exchange.postinst. I checked that UMC/UDM also accepts smtp:foo@my.domain. I guess there is not much more we should currently do. Advisory: univention-ad-connector.yaml
As discussed, it won't be an option to set smtp: in UDM / UMC. I guess this will break the address book and the listener.
Ok, then we will have to consider the semantics of the attribute values. Quoting http://blogs.technet.com/b/exchange/archive/2005/01/10/350132.aspx : =============================================================================== proxyAddresses This is the main attribute where e-mail address information is kept. When you open the properties of a recipient in Outlook and look at the "E-mail Addresses" tab, you are looking at this attribute. This is a multi-valued string containing all the addresses that represent the recipient. Each value must have the following format: type:address For example: SMTP:nospam@online.microsoft.com When the type is in uppercase letters, the address is considered to be the primary address of that type and it is used as the default reply address of that recipient. When the type is in lowercase letters, the address is considered a secondary address and is used to resolve addresses during e-mail delivery, allowing the same recipient to receive e-mails directed to different e-mail addresses. For example: Primary: SMTP:currentAlias@domain.com Secondary: smtp:oldAlias@domain.com On the 'Users and Computers' snap-in, this property is edited on the 'E-mail Addresses' page of a recipient. =============================================================================== So, coming from OpenLDAP we would probably create/write the type-prefix in lower case if it doesn't exist yet but we would respect/keep the case in case an address is already present.
Adjusted: * proxyAddresses values are now mapped to mailAlternativeAddress values and vice versa * Non-SMTP values in proxyAddresses are preserved and synchonized Testcase: 55_adconnector/130sync_user_mail_attributes Advisory: univention-ad-connector.yaml
Attached, you can find two connector logs of the initial sync between UCS and AD. connector-old.log is without these changes and connector-new.log is with these changes. It looks like several containers are renamed with have a different case in AD and in UCS for example cn=users. I guess the reason is, that you moved if type(value) == type(types.ListType()) and len(value) == 1: value = value[0] below the following line: compare=[ucs_object[ucs_key],value] This will lead to a wrong comparison and the container gets renamed.
Created attachment 7514 [details] connector-old.log
Created attachment 7515 [details] connector-new.log
The autotest were successful. In one case the system wasn't updated to UCS 4.1-1 and thus one test failed: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-1/job/ADConnectorMultiEnv/9/
Jenkins tests: OK YAML: OK Tests: OK, it works. The following UCR variables needs to be set: ucr set connector/ad/mapping/group/primarymail=true \ connector/ad/mapping/user/primarymail=true \ connector/ad/mapping/user/alternativemail=true \ connector/ad/mapping/group/alternativemail=true Lesson's learned while setting up Exchange: - Use the latest Windows version, in this case 2012 - > 30 GB free space - > 4 GB RAM - Use Microsoft sites only with browsers from the Linux Desktop - Install every Exchange role, at least the client access role - be patient ...
<http://errata.software-univention.de/ucs/4.1/126.html>