Sync additional emailaddresses as alias

Apps & App Center
#1

Dear Community, dear invention team,

is it possible to set/sync alias (e.g. additional mail attributes) to google?

Thanks a lot,
best,
meg

#2

Hi Meg,

that should be the case in the default settings:

ucr search google-apps/attributes

Should list

google-apps/attributes/mapping/emails/1?"type=work,address=%mail"
google-apps/attributes/mapping/emails/2="type=other,address=%mailAlternativeAddress"

mail are the email addresses in the contacts tab, mailAlternativeAddress are the email aliases (mails to those are delivered to your mailPrimaryAddress if you have a UCS mail server).

Greetings
Daniel

#3

Hi Daniel,

thanks for the fast response. But these values just define alternate Adress in “Kontaktdetails”.
At least last time this was the case.

Now I got an exception :frowning:

Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/google-apps-group.py", line 152, in handler
    if "univentionGoogleAppsObjectID" in old or ol.udm_group_has_google_users(dn):
  File "/usr/lib/pymodules/python2.7/univention/googleapps/listener.py", line 542, in udm_group_has_google_users
    udm_user = self.get_udm_user(userdn)
  File "/usr/lib/pymodules/python2.7/univention/googleapps/listener.py", line 423, in get_udm_user
    user = usersmod.object(None, lo, po, userdn)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1450, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 796, in __init__
    raise univention.admin.uexceptions.noObject(self.dn)
univention.admin.uexceptions.noObject: cn=DESKTOP-N85GVHG,cn=Computers,dc=xxx,dc=xxx
12.04.18 17:01:29.075  LISTENER    ( WARN    ) : handler: google-apps-group (failed)
#4

Hi Meg,

Where do you want those values to go?

This has nothing to do with the email addresses.

Hmm… I think you hit a bug. The code is expecting users, but found a computer object. I opened a bug report: http://forge.univention.org/bugzilla/show_bug.cgi?id=46846

You can for now just ignore the error message. Nothing bad is happening for your system.

Greetings
Daniel

#5

to alias. When I add an additional Emailadress in UCS it should create that as alias on google.

For sure, there could be an boolean “use additional emails as alias” (if it is false, they just added to the “address book” of google

#6

You can change the gapps-attributes that UCS-attributes are synchronized to, by setting the UCS variables I mentioned earlier. In this case I think it’d be:

ucr set google-apps/attributes/mapping/aliases="%mailAlternativeAddress"

Then restart the listener and modify a user to see if it worked:

service univention-directory-listener restart

The UCR values description is:

[google-apps/attributes/mapping/.*]
Description[de]=Variablen der Form google-apps/attributes/mapping/ATTRIBUT1-DORT=ATTRIBUT2-DORT=%ATTRIBUT-HIER können 
verwendet werden, um das automatische Synchronisieren von LDAP Attributen mit dem Google Directory (GD) zu konfigurieren. 
ATTRIBUT-HIER ist der Name eines LDAP Attributes im UCS Server, wenn ein "%" vorangestellt ist. 
Ohne das "%" wird der Wert selbst verwendet. 
ATTRIBUT1-DORT ist der Name des Attributs im GD, ATTRIBUT2-DORT ist ein Attribut innerhalb eines verschachtelten Attributs. 
Mehrere ATTRIBUT2-DORT können verwendet werden, indem sie Kommasepariert angegeben werden. 
Mehrere ATTRIBUT1-DORT können verwendet werden indem multiple UCRVs mit "/NUMMER" angehängt, verwendet werden.

Description[en]=Variables in the format google-apps/attributes/mapping/ATTRIBUTE1-THERE=ATTRIBUTE2-THERE=ATTRIBUTE-HERE can
be used to configure synchronization of user attributes to the Google Directory (GD). 
ATTRIBUTE-HERE is the name of an LDAP attribute in the UCS Server if "%" is prepended. 
Without "%" the value itself is used. 
ATTRIBUTE-THERE1 is the name of the attribute in GD, ATTRIBUTE-THERE2 is the name of an attribute inside a nested structure. 
Multiple ATTRIBUTE-THERE2s can be used by comma separating them. 
Multiple ATTRIBUTE1-THERE can be used by supplying multiple UCRVs with "/NUMBER" appended.

The Google directory user structure is explained here: https://developers.google.com/admin-sdk/directory/v1/reference/users

The idea is to not require Univention to change the apps code for a custom configuration, but to allow the user to change it herself by setting the appropriate UCS variables.

But for the next app update I’ll check, if that’d be a better default for the UCR variable.

Greetings
Daniel

1 Like
#7

Thanks a lot. So in my case I’ve to set google-apps/attributes/mapping/aliases to %mail, cause UCS store any additional mail within this attribute?

Best,
meg

#8

There are three different types of email addresses in UCS. They have different purposes.

  • The mailPrimaryAddress is the address for the “physical” mailbox in a UCS mail server and must be unique.
  • The mailAlternativeAddress is (a list of) aliases. Mails received for those addresses will be delivered to the mailbox (the mailPrimaryAddress).
  • The mail attribute is (a list of) contact data. It does not configure anything in the UCS mail server and can be any address you like. Addresses can be from external mail servers. It’s like an entry in an addressbook.

If your domain were exam.ple, then it’d be for example:

  • mailPrimaryAddress: meg@exam.ple
  • mailAlternativeAddress: meg.surname@exam.ple, m.surname@exam.ple, megachip@exam.ple
  • mail: meg@exam.ple, meg.surname@exam.ple, m.surname@exam.ple, megachip@exam.ple, meg@gmail.com, meg@hotmail.com, meg@yahoo.com

Mails to meg.surname@exam.ple, m.surname@exam.ple, megachip@exam.ple will accepted by the UCS mailserver and wil be stored in the mailbox of meg@exam.ple.
Mails to meg@gmail.com, meg@hotmail.com, meg@yahoo.com will not be sent to your mailserver and even if they would, they wouldn’t be accepted by it.

1 Like
#9

Thanks for that good example.

But where in user module can I set the aliases? -> ah, within advanced options :wink: my fault

#10

Hi there :wink:

What about aliases for groups? Is it possible to set/sync them too?

#11

Hi @troeder

I’m still get an exception (BUG#74599) on sync with newest ucs and gapps version:

01.09.18 14:02:17.244  LISTENER    ( PROCESS ) : updating 'uid=xxx,cn=users,dc=xxx,dc=com' command m
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/google-apps-user.py", line 345, in handler
    ol.modify_google_user(old, new)
  File "/usr/lib/pymodules/python2.7/univention/googleapps/listener.py", line 172, in modify_google_user
    self._fix_user_resource(resource)
  File "/usr/lib/pymodules/python2.7/univention/googleapps/listener.py", line 746, in _fix_user_resource
    resource[k] = _multiply_if_has_list(resource[k])
  File "/usr/lib/pymodules/python2.7/univention/googleapps/listener.py", line 721, in _multiply_if_has_list
    raise RuntimeError("Unexpected type {!r} for item {!r} in property {!r}.".format(type(p), p, prop))
RuntimeError: Unexpected type <type 'str'> for item 'aline@xxx.com' in property [].
#12

Dear Univention Team,

any Plans to fix that bug?

I’m still running into it and had to create all aliases manually.

Thanks a lot,
Best,
Meg

#13

Any news on it?

it’s not marked as writable? So no way to sync the aliases? Or do you using user.alias

Best,
Meg

#14

i have facing an email sync issue from UCS LDAP to google G-suit pls help me

1 Like
Mastodon