Migration of LDAP attribute mailForwardCopyToSelf

Knowledge Base Supported
, , , , ,
#1

Unionmap feature (UCS 4.4-7 and later)

Why?

In the past, the UCS mail server did not distribute all emails correctly in certain forwarding scenarios:

  • If a user A has the same alternative email address as the primary email address of a user B, only user B received emails.
  • Members of groups, of which the email was part of a mailing list, did not receive email when an email was sent to the list email address.

This happened, because Postfix made multiple database queries and used only the first returned email address.

What was changed?

Postfix offers unionmap, which enables us to use all email addresses returned by the database queries, instead of using only the first one. This can now used to fix these cases for the virtual_alias_maps. To make this work, we had to add the values of virtual_mailbox_maps to the virtual_alias_maps. The effects of this will be discussed in the next section.

The default behaviour will not be changed, if you already have univention-mail-postfix installed. It only changes automatically for new installations. To activate this on existing installations, please continue reading. If you have installed your UCS server with 4.4-7 or later (after 27.11.2020), you already have this feature enabled.

Migration

1. Activate new behavior on existing installations

To activate the new behavior on existing installations, execute all of the following steps. Not doing so will result in incorrect data of users and emails not being send to their recipients.

Before running any command, please read the complete article.

To switch to the new behavior, execute the following command line on the DC master, all mail servers and all systems where the UMC web management is used to change user settings:

$ ucr set directory/manager/user/activate_ldap_attribute_mailForwardCopyToSelf=yes \
  mail/postfix/activate_unionmap_in_virtual_alias_maps=yes \
  mail/postfix/activate_ldap_attribute_mailForwardCopyToSelf_in_virtual_alias_maps=yes
$ service postfix restart
$ service univention-management-console-server restart

2. Migration of old user data

We provide the script migrate_mailForwardCopyToSelf, which does the following:
If both mailPrimaryAddress and mailForwardAddress of a considered user are set and one of the mailForwardAddress is equal to the mailPrimaryAddress, mailForwardCopyToSelf is set to 1. Additionally, the redundant mailForwardAddress is deleted.

Before running the script, make sure to have run the previous step (ucr set ...). The output of the script should be read carefully, as it makes non-revertable changes to user objects in LDAP. There is a modify option, which is set to False by default, thus the changes are only displayed without applying them (a “dry-run” feature). The script can be run multiple times.
To execute the user data migration, run the following command on the DC master:

/usr/share/univention-directory-manager-tools/migrate_mailForwardCopyToSelf

This will display what will be done. If the changes are OK, append -m to the command line, to apply those changes:

/usr/share/univention-directory-manager-tools/migrate_mailForwardCopyToSelf -m

That’s it: Setting 3 UCR variables on all systems and running one data migration script on the DC master.

How to use --> UCS Variable (mailForwardCopyToSelf)
#2
Mastodon