It still tries to create instead of modify the user. There is an additional step necessary: synchronized Azure users are identified by a unique ID from LDAP: the entryUUID. It must be set on the Azure object.
Unfortunately that is not possible anymore in the new Azure portal. But it can be done using the listener code. Here is what I had to do, to write the entryUUID of user “test1” into its corresponding Azure user object:
$ univention-ldapsearch uid=test1 entryUUID | egrep ^entryUUID | cut -f 2 -d ' '
fae2ee28-83ff-1037-9b63-1112f663baab
$ python -c 'import base64
from univention.office365.azure_handler import AzureHandler
from univention.config_registry import ConfigRegistry
ucr = ConfigRegistry()
ucr.load()
ah = AzureHandler(ucr, "foo")
azure_uid = "682cb910-ac39-482b-87b4-eaa9fee6366e"
entry_uuid = "fae2ee28-83ff-1037-9b63-1112f663baab"
print(ah.modify_user(azure_uid, {"immutableId": base64.encodestring(entry_uuid).rstrip()}))'
This should print:
<Response [204]>
… it might produce a traceback, as there is a bug there, that has been fixed, but the fix has not been published yet… we’ll see…
After that you should be able to sync changes to the user.