Third Point Release for UCS 4.4

As always, the errata updates of the past months have resulted in many small and large innovations, which we have collected and released with the release of UCS 4.4-3. I would like to give you an overview of the most important new features and an outlook on what we are currently working on. Important new features include better checking of required resources during installation, avoidance of Windows Explorer crashes with extended file system permissions, documentation of best practices in dealing with Windows printer drivers and printer settings, and improvements to the Samba 4 Connector.

After receiving so much positive feedback on our questions in the article “UCS 5.0 is coming!“, I’d like to use this article to ask you a few questions that are relevant to the further development of UCS 4 and the direction UCS 5 will take. We highly value the UCS user‘s opinion and like to hear what you have to say – use the comment box below or gladly write to feedback@univention.de.

Installation & Sizing

More and more often UCS is being installed on IaaS platforms. At the same time, UCS offers the possibility of integrating distributed environments into a central management system and operating many specialized instances in parallel. In order to prevent these instances from running into errors due to “lack of resources”, the installation of UCS now checks at an early stage whether the recommended 2GB RAM is actually available and otherwise displays a corresponding warning. Well-prepared environments can also ignore this warning and continue with the installation process. We continuously collect knowledge and tips on this topic in the article “Minimum RAM requirements for the UCS installation” in the support section of our forum.

Which experiences have you gained with memory requirements in your scenarios?

Challeging Fixes with the Third Point Release of UCS 4.4

With this release, we have found a solution to three challenges: first, we fixed problems with upgrading Docker which occurred in older UCS installations. These had led us to delay the update to UCS 4.4-2 for some environments and to extend the maintenance of UCS 4.4-1 in order to give all users sufficient time to perform updates.

Less common, but all the trickier were two other cases. With some Samba 4 shares, newer versions of Windows Explorer could crash when accessing the security settings. This was caused by extended file system permissions in connection with local user accounts not stored in LDAP. From this Samba generated status codes unknown to Windows. The second and similarly difficult to pinpoint case in an Open Source software used by us was a startup problem of OpenLDAP, which only occurred with a very rare constellation of contents at the end of the database file. We were able to isolate both problems, solve them in UCS and make patches available to the OSS projects.

Download UCS 4.4-3 now

UCS is ready to download as an ISO Image as well as a preinstalled VMware, Virtualbox, Hyper-V and KVM image.

Get UCS today!

Printer Drivers

The distribution of correct printer drivers and printer settings to Windows clients is unfortunately unclear due to the mix of standards and procedures and thus error-prone. Unfortunately, the extensive documentation and instructions of the manufacturers do not facilitate the overview. In some cases it is even necessary to change the printer drivers provided by the manufacturer in order to distribute them via Samba printer shares and be able to set the correct settings.

In the last weeks we have run through some cases and documented the processes in our forum and link to this documentation directly in the UMC to printer shares.

The status described in the documentation greatly simplifies the setup of most printers. However, we are also interested in improvements. Which printers do you currently use, which drivers can you recommend? How widespread is the alternative approach of addressing printers on Windows clients via the IPP protocol now – have you gained any experience with it? Then leave a comment and help to improve our software for you.

Apps Apps Apps

Many of the App Center applications have been updated since the release of UCS 4.4-2. Major updates came from OpenProject, which is now available in version 10, and EGroupware, which is the first app to directly access our UDM REST API in its 19th version. A total of about 20 apps in updated versions were made available in the App Center. We were able to include Rocket.chat in the circle of “Recommended Apps”, which now fulfills all the criteria of a Recommended App due to the ongoing provision of updates since its release in the App Center.

Larger updates were also provided for UCS@school – for which we are publishing a separate blog article. This week we expect an update of our O365 app, which can be configured to synchronize multiple Azure AD environments much easier. The necessary extensions of our SAML IDP have already been released. We will publish more information with the release of the app and in an own blog article as well.

Preparation for UCS 5.0

Those who regularly read the information to the published Errata, will have often noticed a reference to “dh_python”. The conversion of the software packages to this toolset is a preparation for the Python 3 migration we want to do with UCS 5.0. In this context we will not only make further changes to dh_python in the next weeks, but also start to release our implementations compatible to Python 3.

List of Some Highlights

Since the release of UCS 4.4-2 almost 100 errata updates have been released. Those contain security updates as well as smaller and larger improvements – here is a selection including the errata update number.

• 296 – During domain join, the LDAP database configuration is transferred from the DC Master to other LDAP servers – this is especially useful in large environments when the default settings were too small
• 298, 330, 379 – Many small improvements have been implemented in the S4 connector, including renaming hosts / DNS entries, correcting account expiration dates for some time zones, and special cases that occurred when restoring objects in UCS@school environments
• 306 – UDM improvements for IPv6 address search and configuration of allowed users for mail distribution lists
• 308 – Self Service Support for UCS@school Environments
• 348 – View Windows printer driver information in the UMC
• 353 – Fix Windows Explorer crashes when accessing the ACLs of certain Samba shares
• 358 – SAML Kerberos authentication can now be restricted to IP addresses to allow only internal networks
• 374 – Modernization of the “noVNC” for UVMM to access the virtual machine console
• 375 – Fix of a corner case when initializing the database backend of OpenLDAP
• 380 – Support of aliases for SAML in preparation for the Multi Azure AD Support of O365
• 383 – Simplified support for VHosts in Apache configuration