Problem: Additional attributes need to be synced by the AD-Connector

Knowledge Base Community
, ,
1

Problem:

Additional attributes like an employeeNumber for users or the displayName of groups need to be synced by the AD-Connector.

Recommendation

Since UCS 4.4-7 we introduced the localmapping.
To map additional attributes you can define a mapping hook inside the (newly to be created) file /etc/univention/connector/ad/localmapping.py like this:

# import univention.connector # optional, because localmapping itself is loaded into a file, where the import has already taken place

def mapping_hook(ad_mapping):
	ad_mapping['user'].post_attributes['employeeNumber'] = \
		univention.connector.attribute(
			ucs_attribute='employeeNumber',
			ldap_attribute='employeeNumber',
			con_attribute='employeeNumber'
		)
	ad_mapping['group'].attributes['displayName'] = \
		univention.connector.attribute(
			ucs_attribute='DisplayName',
			ldap_attribute='displayName',
			con_attribute='displayName'
		)
	return ad_mapping

where the ucs_attribute represents the UDM name and con_attribute the AD name.

Or an other example: Changing containers (cn) to organizational units (ou) - in this case the containers for student and teacher users

# import of Univention Configuration Registry (needed for referencing the ldap-base via ucr variable `ldap/base`)
from univention.config_registry import ConfigRegistry
# loading Univention Configuration Registry
ucr = ConfigRegistry()
ucr.load()

# import univention.connector # optional, because localmapping itself is loaded into a file, where the import has already taken place

# the actual mapping
def mapping_hook(ad_mapping):
    # position mapping (switch container for 'schueler' below cn='users' and school-ou='testschule' ("cn" -> "ou")
    ad_mapping['user'].position_mapping=[('cn=schueler,cn=users,ou=testschule,%(ldap/base)s' % ucr, 'OU=schueler,CN=users,OU=Testschule,%(connector/ad/ldap/base)s' % ucr)]
    # position mapping (switch container for 'lehrer' below cn='users' and school-ou='testschule' ("cn" -> "ou")
    ad_mapping['user'].position_mapping=[('cn=lehrer,cn=users,ou=testschule,%(ldap/base)s' % ucr, 'OU=lehrer,CN=users,OU=Testschule,%(connector/ad/ldap/base)s' % ucr)]
    return ad_mapping

Alternative Syntax for the same example:

# import von Univention Configuration Registry (wird z.B: für `%(ldap/base)s' % ucr` benötigt)
from univention.config_registry import ConfigRegistry
# Laden von Univention Configuration Registry (s.u.)
ucr = ConfigRegistry()
ucr.load()

# import univention.connector # optional, weil das localmapping selbst in eine Datei geladen wird, wo der Import schon vorgenommen wurde

# eigentliches Mapping beginnt
def mapping_hook(ad_mapping):
    custom_position_mapping = [
    ('cn=schueler,cn=users,ou=testschule,%(ldap/base)s' % ucr, 'OU=schueler,CN=users,OU=testschule,%(connector/ad/ldap/base)s' % ucr),
    ('cn=lehrer,cn=users,ou=testschule,%(ldap/base)s' % ucr, 'OU=lehrer,CN=users,OU=testschule,%(connector/ad/ldap/base)s' % ucr)
]

    ad_mapping['user'].position_mapping = custom_position_mapping
    return ad_mapping

or
Exclude that the attribute “description” ist synced.
cat /etc/univention/connector/ad/localmapping.py

# import univention.connector # optional, because localmapping itself is loaded into a file, where the import has already taken place
def mapping_hook(ad_mapping):
    ad_mapping['group'].attributes.pop('description')
    return ad_mapping

Sync HomeDirectory to AD

# import univention.connector # optional, because localmapping itself is loaded into a file, where the import has already taken place
def mapping_hook(ad_mapping):
    ad_mapping['user'].post_attributes['homeDirectory'] = \
                univention.connector.attribute(
                        ucs_attribute='sambahome',
                        ldap_attribute='sambaHomePath',
                        con_attribute='homeDirectory'
                )
   return ad_mapping

Further reading

1 Like