UCS AD Connection not synchronising new added AD attributes


I have set UCS server with Active Directory Connection application installed.(UCS is not running as a member of AD but running in parallel to AD)

Newly added users with passwords in AD are getting synchronised in UCS OpenLDAP.

Also if I update some attributes like surname or first name or username it gets synchronised to UCS OpenLDAP but if I add email attribute or telephone number (which was not exiting in both AD and UCS) then it does not get sychronised to OpenLDAP.

Is there any specific setting/mapping we need to do for such scenarios?


You have a working synchronisation of users and everything but some attributes (that you created yourself?) are not synchronized, is that right? If that is the case, yes you can edit the mapping of attributes that it suits your needs - though I would not recommend to do this yourself, since you may break the synchronisation by playing with the mapping.py and the mapping in general. If you want to do this I would consult with our or another service team to help you.

You can find an example for a mapping in our Cool-Solutions wiki: http://wiki.univention.de/index.php?title=Cool_Solution_-_Kerio_Connect. Maybe you find additional informations regarding mail attributes in the Cool Solutions Wiki also.

Thanks Thorp-Hansen .Yes you are right some attributes like telephone number and mail are not getting synchronised.

We would be getting the support and license stuff sorted in few weeks but for now we need to test few scenarios so that we can decide whether we would have any issues with UCS or not.

Can you please suggest whether I need to modify mapping.py or mapping file and does it require restart of UCS server ?


it most likely do not need a restart of the server, but of the connector and possibly samba:

[code]# service univention-s4-connector restart

service samba restart[/code]

I am not sure if there is a mapping of the telephone number already included (I doubt that), but the mail address should map to primarymailaddress. If you have further mail attributes, you would need to create extended attributes at the UCS and map them to the AD. That is certainly possible, but i would (as I said) recommend a consulting.