… but when synchronizing to samba4 there is an error.

Symptom

The class work user is created and all attributes are copied except the mailPrimaryAddress. This must only exist once.
Some other attributes like office365 are also copied, but they need the primary mail address. So the sync to samba4 failes

Solution

We have an ucr variable for blacklisting attributes:

ucr info ucsschool/exam/user/ldap/blacklist
ucsschool/exam/user/ldap/blacklist: mail|mailPrimaryAddress|mailAlternativeAddress|ucsschoolSourceUID|ucsschoolRecordUID
 Pipe-separated (|) blacklist of attribute names, that are stripped from exam users (Default: 'mail|mailPrimaryAddress|mailAlternativeAddress|ucsschoolSourceUID|ucsschoolRecordUID')
 Categories: ucsschool-base