connector/ad/autostart: yes connector/ad/ldap/base: DC=firma,DC=de The LDAP base DN of the Active Directory server. connector/ad/ldap/binddn: cn=Administrator,cn=users,DC=firma,DC=de The Univention AD connector uses this user to make changes in the LDAP of the Active Directory. connector/ad/ldap/bindpw: /etc/univention/connector/ad/bindpw The file, which contains the password of the synchronisation user, e.g. /etc/univention/ad.secret. This file should contain exactly one line. connector/ad/ldap/host: alabama.firma.de The fully qualified domain name of the Active Directory server. connector/ad/ldap/port: 389 The port of the LDAP service of the Active Directory server connector/ad/ldap/ssl: yes If the configuration option is set to "no", there is no SSL encryption for the access to the Active Directory. This can be necessary when no certificate service can be installed on the Active Directory server. connector/ad/listener/dir: /var/lib/univention-connector/ad Directory in which the objects transferred from UCS to Active Directory are stored, preset as /var/lib/univention-connector/ad. The corresponding listener module saves the changes in this path; it should thus not be altered. connector/ad/mapping/container/ignorelist: mail,kerberos Defines a comma separated list of containers which will be ignored by the connector (default is mail,kerberos) connector/ad/mapping/group/ignorelist: Windows Hosts,DC Slave Hosts,DC Backup Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Computers Defines a comma separated list of groups whom will be ignored by the connector (default is Windows Hosts,DC Slave Hosts,DC Backup Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Computers) connector/ad/mapping/group/language: de Defines which form of standard group names should be used between UCS (group names are always English) and Active Directory. The mapping to a Active Directory service in German language is preset using the value "de". connector/ad/mapping/group/primarymail: false Defines whether the primary e-mail address on group objects in UCS should be synchronised with the "mail" attribute in Active Directory. As "mail" is a multivalue, this can cause problems during the synchronisation. Thus preset as "false". Active Directory may require the Exchange expansion for this option. During the installation of the "univention-ad-connector-exchange" package the value is set to "true". connector/ad/mapping/kerberosdomain: firma.de The Kerberos domain of Windows accounts (used to construct the AD Kerberos principal unless already set). connector/ad/mapping/syncmode: read Defines the synchronisation mode; "read" (reading only from Active Directory to UCS), "write" (writing only from UCS to Active Directory) and "sync" (bidirectional synchronisation) are supported. connector/ad/mapping/user/ignorelist: Administrator,krbtgt,root,pcpatch Defines a comma separated list of users whom will be ignored by the connector (default is Administrator,krbtgt,root,pcpatch) connector/ad/mapping/user/primarymail: false Defines whether the primary e-mail address on user objects in UCS should be synchronised with the "mail" attribute in Active Directory. As "mail" is a multivalue, this can cause problems during the synchronisation. Thus preset as "false". During the installation of the "univention-ad-connector-exchange" package the value is set to "true". connector/ad/poll/sleep: 5 Time in seconds which is waited after a run without changes until the next request is made. Only new files are searched for locally in the directory named above; a LDAP request is made on the Active Directory side. connector/ad/retryrejected: 10 Number of requests without new changes after which an attempt is made to import retained changes subsequently. This procedure can be followed in the /var/log/univention/connector-status.log logfile. connector/debug/function: yes Controls, whether function calls should be traced in the debug log (0 or 1) When set to 1 the function calls are also documented as additional debug information connector/debug/level: 4 Specifies the amount of debug information to be written to /var/log/univention/connector.log (0-4). Preset as 2, so that the status of the synchronisation is visible in the log files. connector/password/service/encoding: iso8859-15 The password service in Windows requires the user name to be in iso8859 format for changing the password. The encoding can be set with this variable. Deviations from the preset (iso8859-15) should only be necessary in corner cases. connector/s4/autostart: yes connector/s4/ldap/base: DC=firma,DC=DE The LDAP base DN of the Samba 4 server. connector/s4/ldap/host: ucs.firma.de The fully qualified domain name of the Samba 4 server. connector/s4/ldap/port: 389 The port of the LDAP service of the Samba 4 server connector/s4/ldap/protocol: ldapi connector/s4/ldap/socket: /var/lib/samba/private/ldap_priv/ldapi connector/s4/ldap/ssl: no connector/s4/listener/dir: /var/lib/univention-connector/s4 Directory in which the objects transferred from UCS to Samba 4 are stored, preset as /var/lib/univention-connector/ad. The corresponding listener module saves the changes in this path; it should thus not be altered. connector/s4/mapping/container/ignorelist: mail,kerberos,MicrosoftDNS Defines a comma separated list of containers which will be ignored by the connector (default is mail,kerberos,MicrosoftDNS) connector/s4/mapping/dns/ignorelist: DC=_ldap._tcp.Default-First-Site-Name._site Defines a comma separated list of DNS objects which will be ignored by the connector (default is DC=_ldap._tcp.Default-First-Site-Name._site) connector/s4/mapping/gpo: true Defines whether the MS GPOs should be synchronized (Default: true) connector/s4/mapping/group/ignorelist: Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody Defines a comma separated list of groups whom will be ignored by the connector (default is Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody) connector/s4/mapping/group/language: en connector/s4/mapping/group/table/Domain Admins: Domänen-Admins A static list mapping group names in UCS-LDAP to group names in the Samba 4 user directory. Group names in UCS-LDAP are always English. The mapping "connector/s4/mapping/group/table/'Domain Users'=Domänen-Benutzer" e.g. advises the S4 Connector to synchronize a group object called "Domain Users" in UCS-LDAP with a group object called "Domänen-Benutzer" in the Samba 4 user directory. connector/s4/mapping/group/table/Domain Guests: Domänen-Gäste A static list mapping group names in UCS-LDAP to group names in the Samba 4 user directory. Group names in UCS-LDAP are always English. The mapping "connector/s4/mapping/group/table/'Domain Users'=Domänen-Benutzer" e.g. advises the S4 Connector to synchronize a group object called "Domain Users" in UCS-LDAP with a group object called "Domänen-Benutzer" in the Samba 4 user directory. connector/s4/mapping/group/table/Domain Users: Domänen-Benutzer A static list mapping group names in UCS-LDAP to group names in the Samba 4 user directory. Group names in UCS-LDAP are always English. The mapping "connector/s4/mapping/group/table/'Domain Users'=Domänen-Benutzer" e.g. advises the S4 Connector to synchronize a group object called "Domain Users" in UCS-LDAP with a group object called "Domänen-Benutzer" in the Samba 4 user directory. connector/s4/mapping/group/table/Windows Hosts: Domain Computers A static list mapping group names in UCS-LDAP to group names in the Samba 4 user directory. Group names in UCS-LDAP are always English. The mapping "connector/s4/mapping/group/table/'Domain Users'=Domänen-Benutzer" e.g. advises the S4 Connector to synchronize a group object called "Domain Users" in UCS-LDAP with a group object called "Domänen-Benutzer" in the Samba 4 user directory. connector/s4/mapping/sid: true Defines whether the SID should be synchronized (Default: true) connector/s4/mapping/syncmode: sync Defines the synchronisation mode; "read" (reading only from Samba 4 to UCS), "write" (writing only from UCS to Samba 4) and "sync" (bidirectional synchronisation) are supported. connector/s4/mapping/user/ignorelist: root,pcpatch,ucs-s4sync,Gast,Guest,Gast,Guest Defines a comma separated list of users whom will be ignored by the connector (default is root,pcpatch,ucs-s4sync) connector/s4/poll/sleep: 1 Time in seconds which is waited after a run without changes until the next request is made. Only new files are searched for locally in the directory named above; a LDAP request is made on the Samba 4 side. connector/s4/retryrejected: 2 Number of requests without new changes after which an attempt is made to import retained changes subsequently. This procedure can be followed in the /var/log/univention/connector-status.log logfile.