Foreword / Explanation
The only way to sync existing Google users is to create UCS users and connect them to the existing Google users. The data (firstname, lastname, email etc) will have to be copied manually.
To do so, you’ll have to retrieve two attributes from the Google users and write the values into the UCS users LDAP object:
- Google users
idattribute goes into the UCS usersuniventionGoogleAppsObjectIDLDAP attribute.- Google users
primaryEmailattribute has to be written into the UCS usersuniventionGoogleAppsPrimaryEmailLDAP attribute.After doing that and then enabling the gapps support for the user, any change to a mapped attribute of the UCS users object… like the firstname, will trigger a synchronization. You can observe those in the log file
/var/log/univention/listener.log.
Script to link existing Google users
#!/bin/bash admin="username" mail="$1" LDAPMODIFY="ldapmodify -H ldaps://localhost:7636 -x -D uid=$admin,cn=domain,cn=tld -W" if [ -z "$mail" ]; then echo "mail not set!" exit 1 else echo "search DN for: $mail" fi dn=$(univention-ldapsearch mail="$mail" | grep dn: | awk '{print $2}') if [ -z "$dn" ]; then echo "could not set DN, exit" exit 1 else echo "DN found: $dn" fi id=$(/usr/share/univention-google-apps/print_google_users_and_groups \ | grep "$mail" | head -n1 | awk '{print $1}') if [ -z "$id" ]; then echo "could not set ID, exit" exit 1 else echo "ID found: $id" fi cat << EOF | $LDAPMODIFY dn: $dn changetype: modify add: univentionGoogleAppsObjectID univentionGoogleAppsObjectID: $id EOF cat << EOF | $LDAPMODIFY dn: $dn changetype: modify add: univentionGoogleAppsPrimaryEmail univentionGoogleAppsPrimaryEmail: $mail EOF cat << EOF | $LDAPMODIFY dn: $dn changetype: modify add: univentionGoogleAppsEnabled univentionGoogleAppsEnabled: 1 EOF
Thanks to “AlteSockenSuppe” for providing this workaround.
Google Connector - existing Google user accounts - #16 by AlteSockenSuppe