Bug 50324 – Add support for multiple ad connections for Office 365

Bug 50324 - Add support for multiple ad connections for Office 365


Summary:	Add support for multiple ad connections for Office 365

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Office 365
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.4-2-errata
Assigned To:	Erik Damrose
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:	50517
Blocks:
	Show dependency tree / graph

Reported:	2019-10-07 14:49 CEST by Florian Best
Modified:	2020-07-13 11:40 CEST (History)
CC List:	1 user (show)

See Also:	50423
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2019-10-07 14:49:52 CEST

The Office 356 app should support multitenant.

* Port the prototype from UCS 4.2 to UCS 4.4
* refactor
* adjust tests
* Maybe fix Bug #47259

Comment 1 Florian Best

2019-10-07 15:02:40 CEST

Commit have been rebased in branch git:multi-tenant-squashed. Should I merge it?

Comment 2 Erik Damrose

2019-10-07 16:53:15 CEST

Thanks for porting the implementation to the office365 repository. In my opinion the version should stay in its feature branch for now, as the complete implementation will take some sprints.

Comment 3 Florian Best

2019-10-07 16:59:48 CEST

There are the following changes in the rebased code:

1.
The OID for the attribute "univentionOffice365TenantAlias" is 1.3.6.1.4.1.10176.4000.107 instead of .106.
.106 was used in the prototype but was also assigned to "univentionOffice365TokenResetDate" in our product.

The customer using the prototype must migrate his LDAP! (!!!)

2. The listener office365-user.py has the change:
instead of the filter "foo=bar" the one from upstream is used: '(objectClass=deactivatedOffice365UserListener)'

3. The listener office365-user.py has the change:
268 def deactivate_user(ol, dn, new, old):
269 »   ol.deactivate_user(old or new)

"old or new" is passed to deactivate_user, instead of only "old" is passed.
The code has been added in the UCS 4.4 branch meanwhile, i think it's more correct.

Comment 5 Daniel Tröder

2019-10-08 10:01:07 CEST

(In reply to Florian Best from comment #3)
> 2. The listener office365-user.py has the change:
> instead of the filter "foo=bar" the one from upstream is used:
> '(objectClass=deactivatedOffice365UserListener)'
This change was made to make use of the existing index for 'objectClass'.

> 3. The listener office365-user.py has the change:
> 268 def deactivate_user(ol, dn, new, old):
> 269 »   ol.deactivate_user(old or new)
This was a fix for Bug #48493 for the case of a resync.

Comment 6 Erik Damrose

2019-10-10 17:45:42 CEST

0434fb88 Adapt merge

* Extended attribute creation was partly overwritten
* Merge re-added not working certificate handling when modifying the
  manifest - this is done differently in Azure in the current version

Comment 8 Erik Damrose

2020-02-13 09:49:01 CET

After initial commits other development tasks were split into separate bugs:
Bug 50541, Bug 50468, Bug 50460, Bug 50444, Bug 50579, Bug 50573, Bug 50541, Bug 50433, Bug 50423, Bug 48493, Bug 48286, Bug 48237, 

I resolve this bug as the feature request was released with App version 3.0 in UCS 4.4

Comment 9 Jürn Brodersen

2020-07-13 11:40:12 CEST

OK New App version has been released -> Closed