Univention Corporate Server 5.2 – A Major Step Forward

With the release of Univention Corporate Server 5.2, we are not only making a significant leap in the version number: We are updating all the software included in Univention Corporate Server (UCS) and completing another milestone in the further development of UCS and Nubus with the full transition to Keycloak as the central Identity Provider (IDP).

In UCS 5.2, Keycloak is fully integrated and replaces the previously used components SimpleSAMLphp and Kopano Konnect. Keycloak not only offers significantly more features but also expanded configuration options in the areas of:

• (Single) Sign-on (SSO) and Single Logout (SLO) with OIDC, SAML, or Kerberos
• Federation
• Custom conditional authentication methods

A migration is necessary for the transition, which can already be carried out with version UCS 5.0. A detailed migration guide is available. An overview of the tested application scenarios can be found in our Keycloak App Manual.

The current release is based on Debian 12 “Bookworm” and includes two version jumps from Debian 10 “Buster.” For this reason, version UCS 5.0 is directly followed by version UCS 5.2 – we did explain the exact background in a separate post.

The updates include, among others, upgrades to:

• Samba 4.21.1
• OpenLDAP 2.5.13
• PostgreSQL 15
• Docker 20.10
• Linux Kernel 6.1.0-28

With UCS 5.2, the standard version of the programming language Python is upgraded from version 3.7 to version 3.11. This affects both product components and extensions such as custom hooks or scripts. At the same time, support for the deprecated version 2.7 is completely removed. If adjustments have not yet been made, they will need to be ported to the new version.

The Univention Config Registry (UCR), the central interface for local system configuration, now checks and validates input values according to the specified type. This prevents accidental input of invalid values. If necessary, validation can be disabled using the variable ucr/check/type.

The web interface has also been modernized. A particular focus was placed on the integration of tiered elements to simplify navigation and highlight important areas more clearly.

At this point, we would like to highlight three special new features that have been introduced with various patch level releases since version 5.0:

• OpenID Connect for SSO in the Nubus Portal:
  With UCS 5.0-9, OpenID Connect (OIDC) was introduced for the UCS web interface, including the portal and Univention Management Console (UMC). OIDC complements the previous SAML protocol of the Nubus Identity Provider and enables new features such as “Backchannel Logout” for Single Logout (SLO) without user interaction. Additionally, content in all open tabs automatically updates after a logout to display the status consistently everywhere.
• Improved Selective Synchronization in the AD Connection:
  Also introduced with version UCS 5.0-9, selective synchronization between Nubus and Active Directory has been optimized. Thanks to new Allow and Deny filters, objects can be targeted specifically—both at the subtree and object type level. This reduces unwanted entries and minimizes manual effort.
• Blocklists in UDM:
  Since version UCS 5.0-7, blocklists for attributes can be used in the Univention Directory Manager (UDM) to prevent the reuse of email addresses, for example. This avoids giving a new user access to old emails. Once the feature is activated and the blocklists are set up, blocking occurs automatically. Management is conveniently possible through a UMC module.

UCS 5.2 is now available and can be installed. With the release of UCS 5.2, UCS 5.0 enters the maintenance phase, and new features will only be available for version UCS 5.2 in the future. General maintenance for UCS 5.0 will end no earlier than February 2026.
The next patch level releases, UCS 5.2-1 and UCS 5.0-10, are scheduled for mid-March.

Detailed notes and instructions can be found in our release notes and in the help article on installation. Discover the new features and take the next step with UCS 5.2!

Join our webcast on February 17 and 20, where we will introduce the key new features of Univention Corporate Server 5.2 and share valuable tips for installation. Learn how to take advantage of the new features and what to consider when upgrading.

Register for the webcast here!

We are pleased to announce that the release of UCS@school 5.2 will be available on March 11, 2025.