Hi. Since G Suite connector was discontinued I decided to try Google’s directory sync:
Process is simple, without much detail:
install dirsync on your laptop, either Windows or Linux, also install dirsync on UCS5 server
use config-manager to configure as you wish, you can login into your gmail (google workspace) and to create auth token
This is part of my config:
Server type OpenLDAP
Auth type Simple
I am only syncing users, and this is my search filter:
Email addr attribute:
sn attributes for first name and last name.
3. save the config as XML file. you do not need to simulate/test in dirsync app at this stage. You must export the config and auth token. See steps below:
4. Save config as XML, and copy it to your UCS5 server
5. Export auth token and copy it to your UCS5 server
./upgrade-config -exportkeys filename.foo
All above steps were done on laptop, below steps are done on UCS5 server.
Import auth token
./upgrade-config -importkeys filename.foo
might need to use sudo
Run below commands to test config
sudo ./upgrade-config -testldap -c config.xml
However, the program does not find anything in LDAP.
[2022-06-27 16:02:32,451+0100] [main] [WARN] [usersyncapp.cli.UpgradeConfig] Upgrading configuration file "config.xml" to most recent version (will save a backup). [2022-06-27 16:02:32,972+0100] [main] [INFO] [plugin.ldap.LdapQueryExecutorImpl] Executing LDAP query: base dn: "dc=subdomain,dc=example,dc=com" filter: "(mail=*)" scope: "OBJECT" context name: "default" attributes: "" [2022-06-27 16:02:32,994+0100] [main] [INFO] [plugin.ldap.LdapQueryExecutorImpl] Processed 0 results from LDAP search LDAP Connection Successful
but if I run this command, I get results
root@ucs5:~# univention-ldapsearch -x "memberOf=cn=Domain Users,cn=groups,dc=subdomain,dc=example,dc=com" | grep ^mail | wc -l 13
What am I configuring wrong?
I have tried configuring search filter as
objectClass=* which works with
univention-ldapsearch command, but still no luck with dirsync.