With the point release UCS 5.0-3, the next important step for the further development of the Univention Corporate Server has been taken – towards more usability and performance as well as the deeper integration of services and their central administration. In this blog article, I would like to give you an overview of the most important new features and improvements bundled in the release.
Table of Contents
Improvements in the Area of Usability: More System Diagnosis Possibilities for More Efficient Support
Univention Support Info – Provision of Relevant Information
The “Univention Support Info” programme identifies a range of system information about the UCS system that is in operation, which our Univention Support team needs to be able to analyse problems and identify the relevant error sources quickly. This can include, for example, information about running processes, open network connections, file system utilisation, log files and aspects of the system configuration. You no longer have to install this program separately yourself, as it is pre-installed on all UCS instances and can be used by you.
Optimisation of System Diagnosis to Suit Individual Needs and System RequirementsYou can deactivate individual tests within the system diagnostics via UCR. For example, a test that does not make sense to carry out in your environment should be excluded. The format of the UCR variable you need for this is:
ucr set diagnostic/check/disable/TEST_NAME = true
Visualisation of Operational Attributes
Operational attributes are internal attributes of the OpenLDAP database. The database maintains some properties of objects, such as when they were created, who created them, who last modified them, etc. In the past, retrieving these values was sometimes a bit more complicated. The extension in the Directory Manager contained in the UCS 5.0-3 release now lets you visualise the values using a configuration on the front end and thus also supports various support scenarios. You can read more about this in our user forum article about displaying LDAP operational attributes in extended attributes.
Step-by-step Saving of Information Around Server Password Changes for Easier Troubleshooting
We have also improved the usability and provision of information for detecting errors when changing server passwords. Additional information about all steps taken to change the password is now saved to make it easier for you to analyse failed server password changes. This facilitates troubleshooting and subsequent debugging.
Improvements in the Area of Performance: Cache on User Object Displays Group Memberships
Determine Group Membership of Users Faster
The group membership of a user in UCS is now conveyed via the “memberof” attribute of the user. This means you no longer have to search across all groups for a user but can access a cache on the user object that contains this information. This considerably speeds up the search for group membership.
Other Features
Synchronisation of Password History
With the new UCS version, to prevent the use of passwords that have already been used, a user’s passwords that have been used in the past are stored in a history. For this purpose, UCS saves hashes of the passwords in the history. In the past, the history was saved individually by the system that processes the password change – this can be OpenLDAP (for changes via UDM and Kerberos), Samba4 (for changes via desktop systems in the UCS domain) or Active Directory (when using the AD connector).
From now on, these different histories will be synchronised, so it doesn’t matter which system the user changes their password on since the same overarching password history now applies.
Highlights from the Univention App Center
Migration to Keycloak
An important milestone has been reached in the step-by-step migration to Keycloak as identity provider in UCS: In August 2022, we made Keycloak available as an app in the UCS App Center for integration into UCS in a first version and have been gradually developing it since then. With the release in December, the Keycloak app is now also part of our official product support and is, therefore, also ready for productive use by you. Read more about Keycloak in our referring blogarticle.
The following additional apps have also been made available for UCS 5.0 since Release 5.0-2 in June 2022:
Updates and improvements have been released for a multitude of other apps. You can find an overview in the Univention App Center.
Release Notes
The complete list of all improvements and bug fixes for UCS 5.0-3 can be found in the Release Notes.
And What Will be Next?
To conclude, I would like to give you a brief overview of our plans for the further development of UCS for the rest of the year. The next steps are further feature enhancements in Keycloak and preparation for Release 5.1, which is planned for the second half of 2023. Essential features in the UCS 5.1 minor release are a Debian release upgrade, a component and feature upgrade and the introduction of Keycloak as the new default IDP.
In addition, in the coming months, we will also be working on expanding and developing our roles and rights model for identity management, and like to further develop the UCS portal. You can listen to more information about the roadmap of UCS in the presentation of our vice-president Milisav Radmanić at the Univention Summit in January 2023, which we recorded for you and published on our Youtube channel: Highway to Univention Products 2023 (German only).
And, of course, as always: If you have any requests or suggestions for improvement, we look forward to your feedback – here in the blog or on help.univention.com/.