With UCS 4.3-3 the third point release for Univention Corporate Server (UCS) 4.3 is now available, which includes a number of important updates and various new features.
Improved configurability of the portal
The portal is the starting point for many UCS users and administrators. As described in the blog article Design the UCS Portal with Drag & Drop, you can adapt it very easily to your needs. The categories “Applications” and “Administration” were static until now. We have extended the portal so that you can now define your own categories. In addition, you can add static links to the portal, e.g. also link an imprint here.
In many environments different users should be shown different tiles. To do this, the group members for whom a particular tile is displayed are stored in the tiles. Previously, you could only assign each tile to one group. With UCS 4.3-3 you can now assign several groups to each tile. As soon as a user is a member of one of these groups, the corresponding tile will be displayed.
UCS Dashboard for infrastructure overview
After a three-month beta phase, in which we have collected user feedback, the UCS Dashboard is now available in version 1.1 in the App Center. It can be used as an extension of UCS. In the past weeks, we have mainly improved the beta version towards more robust installation and uninstallation as well as better configuration and extensibility. Find more details about the UCS Dashboard in our article Release of UCS Dashboard: Now Published in Version 1.1.
The dashboard allows administrators to see the state of the domain or individual servers quickly and easily on different dashboards. The UCS Dashboard provides the ability to identify server utilization trends and take action before problems occur. Especially in large environments with many servers, it is a very useful feature for administrators. During installation, two dashboards are automatically created and you can easily create additional custom dashboards yourself. The open source solutions Grafana and Prometheus are used as basic technologies.
Usability improvements in the Univention Management Console
The web-based Univention Management Console (UMC) allows you to manage the entire domain. UMC offers various modules for administration, e.g. for creating users, joining the domain or diagnosing the system. We have fixed minor bugs in different modules and improved their usability. Furthermore, we have improved the scrolling in the UMC module of the App Center and the LDAP Directory. Individual areas can now be scrolled independently and edited separately more easily.
Multi container support for the App Center
So far, the App Center has only offered Docker-based apps that consist of a single Docker container. From now on also so-called multi container apps are supported. The multi container apps are apps that consist of more than one container. A detailed description can be found in the blog post Multi Container Support for Docker Apps for Univention App Center.
In addition, various improvements have been integrated into the App Center, which above all improve the stability of updates. For example, the password you enter during app updates is now validated before any action is performed.
New simplified Python API for using IDM
The Identity Management System is accessed in UCS with the help of Univention Directory Manager (UDM). In addition to the command line interface, UDM also offers a Python API, which is designed for the internal use.
With UCS 4.3-3 there is now a new improved Python API, which makes it possible to work very easily with the objects from the Identity Management System. We will publish a corresponding API documentation shortly. First examples can be found at github.
Univention Virtual Machine Manager
UVMM is primarily used to centrally manage KVM-based virtual machines. We have adapted UVMM so that you can configure whether you allow or don’t allow a live migration in case of having different CPU types of the host systems. You can and should use this especially if you use incompatible CPU types in your environment.
In addition, we have integrated several other improvements in UVMM. If, for example, the virtual machine pauses automatically, because there is not enough hard disk space available, a corresponding warning is now shown in UVMM.
It could happen in our LDAP replication that the Univention Directory Listener reestablished the LDAP connection to another server. However, the connection to the Univention Directory Notifier was kept under certain circumstances. As a result, it could happen that the notification was sent by one system, but the changes were read from another system. An incorrect replication could be the result. This problem has been fixed and it is now ensured that the information always comes from the same system.
In Samba there is a command dbcheck to detect and fix inconsistencies in the Samba databases. This tool is often the first approach to solve problems in Samba environments. Several improvements have been integrated to find and fix errors in a more targeted way.
For the synchronization of the directory service objects between OpenLDAP and Samba 4 the S4 Connector is used. For the synchronization between OpenLDAP and a Microsoft Active Directory the AD Connector is used. In both connectors various improvements in synchronization have been implemented, e.g. the synchronization of DNS objects and password expiration data in the S4 Connector and the synchronization of mail attributes in the AD Connector.
Stability and Security Updates
UCS 4.3-3 is now based on Debian 9.6., which has been released in November and contains a lot of stability and security updates.
In addition, various other security updates have been integrated into UCS 4.3-3, such as the Linux kernel, OpenSSL or MariaDB.
A complete list of changes to UCS 4.3-3 including all CVE numbers can be found in our Release Notes.