As described in the manual, it is possible to configure and run multiple AD-Connector instances to synchronize user and group objects from or to several different Active Directory domains.
With UCS 5.0 two things changed regarding the mapping configuration: First, the AD-Connector doesn’t use the UCR template file mapping any longer but instead a pure Python file localmapping.py. And second this file needs to contain Python 3.7 compatible program code.
In UCS 4.4 the AD-Connector read the UCR template mapping during startup and converted it into a Python file mapping.py in the same directory, and that Python file then was imported for execution.
In UCS 5.0 the AD-Connector doesn’t consider the UCR template mapping any longer but directly loads it’s default mapping (a Python module), which in turn checks for a file localmapping.py. If that exists (under /etc/univention/con*/ad/localmapping.py), then it attempts to load it and call a function mapping_hook.
Before updating a UCS 4.4 system running multiple AD-Connector instances to UCS 5.0, the individual /etc/univention/con*/ad/mapping.py files need to be copied into a new filename localmapping.py and the mapping_hook function needs to be added to it, as described in the manual. Additionally the Python code needs to be checked for Python 3 compatibility, see e.g. Univention Corporate Server
Assuming the additional connector instance is called connector2, this is an example of the required steps before the update:
CONFIGBASENAME="connector2"
# mapping
if ! [ -e /etc/univention/"$CONFIGBASENAME"/ad/localmapping.py ]; then
cat /etc/univention/"$CONFIGBASENAME"/ad/mapping \
| univention-config-registry filter --encode-utf8 \
>/etc/univention/"$CONFIGBASENAME"/ad/localmapping.py
mv /etc/univention/"$CONFIGBASENAME"/ad/mapping.py \
/etc/univention/"$CONFIGBASENAME"/ad/mapping.py-ucs44
sed -i 's/baseConfig as configRegistry,/configRegistry,/' \
/etc/univention/"$CONFIGBASENAME"/ad/localmapping.py
echo -e 'def mapping_hook(org_mapping):\n return ad_mapping' \
>> /etc/univention/"$CONFIGBASENAME"/ad/localmapping.py
fi
# start script
mv /usr/sbin/univention-ad-"$CONFIGBASENAME" \
/var/univention-backup/univention-ad-"$CONFIGBASENAME".old-ucs44
cp /usr/sbin/univention-ad-connector \
/usr/sbin/univention-ad-"$CONFIGBASENAME"
sed -i "s|\(python3 -W ignore -m univention.connector.ad.main\) \(.*\)|python3 -W ignore -m univention.connector.ad.main --configbase \"$CONFIGBASENAME\" \2|" /usr/sbin/univention-ad-"$CONFIGBASENAME"
sed -i "s|\(python2.7 -W ignore -m univention.connector.ad.main\) \(.*\)|python3 -W ignore -m univention.connector.ad.main --configbase \"$CONFIGBASENAME\" \2|" /usr/sbin/univention-ad-"$CONFIGBASENAME"
After the update the functionality of the connector instances has to be checked.