Sorry again for return to this topic.
I have made some posts here and here
I want accomplish sso with office 365 connector, but as i assume more ppl are in my shoes, i have a local domain and and office 365 domain that alredy exists, so i do have users in one side and on the other.
As my office365 domain is marked as primary and i have other domain that i can use, i verified that one before run the wizard, so my office365 domains list are domain.onmicrosoft.com, maildomain.com and otherdomain.com, my univention server that exist from a previous ad takeover have de domain.local
After run the wizard the otherdomain.com was federated and that finish with success, but now i can not understand what i’m doing wrong or how should i use to avoid the issues i’m getting.
1 - Creating a new.user in UCS with o365 template, gives me an o365 email@example.com as principalname.
I would like i’m able to choose the domain that user should use (as i have two domains) assuming that can not be done… i can manage and went to o365 portal and add a new smtp address to that user so he can get email to firstname.lastname@example.org
2 - Existents users if i went and check the o365 option in ucs, the problem is bigger, because even the user.old exists in o365 as email@example.com what ucs is doing is create a firstname.lastname@example.org so what to me should be the same user so i can use SSO, i’m getting a new user and a new license consumed in o365
In the previous posts someone apoint me to create a new domain un ucs mail module, but i don’t use ucs mail, so i never had that module, however i try and play a bit with /usr/share/pyshared/univention/office365/azure_handler.py and i hardcoded some code to change principalname to replace otherdomain.com to domain.com and that appears to work well and solve the issue (at least for create new users with domain.com) for existing users i’m getting error
LISTENER ( ERROR ) : o365: Another object with the same value for property userPrincipalName already exists.
Other test that i try was in o365 in the email@example.com add an aliases like firstname.lastname@example.org and then in ucs active the o365 user, but i get the same error
Improvement if make sense:
The module should list all the verified domains in o365 and let user choose the domain when creating the user.
So if someone have the oportunity to clarify me how is this module is supposed to work, or what i’m doing wrong is very welcome, is my understading that i don’t want accomplish nothing to fancy… but maybe i’m very wrong…
If that is that cause, can someone give me some advices how to accomplish that?