Office Connector configuration

MarkD · July 2, 2020, 8:56am

Hello Team,

we try to activate the Office-365 Connector and we get stuck.
The configuration looked good but we are not able to create new users with office 365 access.

We can try

to deinstall office 365 completely and retry. But this seems to be complicated. The office 365 entry in the user Menu stays after a deinstallation. Maybe the entries in the LDAP survive the deinstallation …
to debug the configuration problem. But our experience with this issue is too low.
something else?

Can somebody show us a way we can go?

Thanks
MarkD.

UCS Version 4.4.4 errata 620
Office 365 connector 3.2
What else can be usefull?

Grandjean · July 3, 2020, 9:21pm

Hi Mark!

when creating a new user with 365 access (or activating an existing user for 365), there should be a corresponding entry in /var/log/univention/listener.log. If the UCS listener module tries to connect to the Azure/365 API to create the user and fails, there should be a meaningful error message. Can you check and post the log entries here?

Best regards,
Michael

MarkD · July 7, 2020, 9:21am

Hi Michael,

I think parts of the the actual listener.log file can be helpfull.
You should know that we already tried to deinstall O365C and reinstalled it after a system reboot.

Best regards
Mark.

listener.log (6,0 KB)

damrose · July 7, 2020, 9:50am

The traceback at the start of the listener.log is just a cosmetic issue but does not stop the connector from working, it is tracked at this bug: https://forge.univention.org/bugzilla/show_bug.cgi?id=50596

The listener.log does not contain an actual modification of a user that is to be synced to an Azure AD. Uncheck that option for a test user, save it, and activate the checkbox again, and save the user. The listener.log should then contain information about the usersync

MarkD · July 7, 2020, 3:18pm

Hello damrose,

here comes the new listener file.

Best regards
Mark.

listener.log (17,8 KB)

damrose · July 8, 2020, 5:17pm

In the listener.log provided i see that the UCS user T365C is successfully synced to the Azure AD, and gets a user account there, the userprincipalname starts with t265c . That part works.

I need more information what is not working, maybe i did not fully understand your initial request.

MarkD · July 8, 2020, 9:08pm

Nice! Now it’s getting interesting.

It took a long time, maybe, but now I can see the test user in MS365.
I deactivated another test user account, saved the user, activated it again (on UCS) and it is visible in MS365 too - immediately. (See log below.)

It seems that it works now. What has changed?
We had “UCS Version 4.4.4 errata 620” six days ago. Now we are on “UCS Version 4.4.4 errata 642”.
Was there a patch which maybe solved this problem? There also are no more messages like

zone refresh queued
zone reload successful

and others we saw in the log file. So something is different.

Many thanks @damrose and @Grandjean.

Best regards
Mark.

listener.log (18,1 KB)