UCS 5.2-4 released

Before the year comes to an end, we are releasing UCS 5.2-4, the final cumulative update for 2025. It includes several noteworthy enhancements, among them a preview of the new delegated administration in UDM.

As always, the new release contains numerous updates and smaller improvements. A selection:

• Synchronization of the “locked” status of user accounts across Nubus, Active Directory and Samba 4 has been unified. This ensures that, for example, a lock set in Active Directory after too many failed login attempts also applies in Nubus.
• The App Center has been improved in its handling of filtering proxy servers and will therefore support even more environments in the future.
• Several security updates for Keycloak were included, most recently a short-notice update to Keycloak 26.4.4 addressing an issue affecting accounts with uppercase characters in their names.
• Default values for the size of the OpenLDAP database have been adjusted and incorporated into the monitoring checks in Nagios and Prometheus as well as UMC.
• The OX Connector now supports a new operating mode that stores occurring issues in an error log for later review.

With the release of UCS 5.2-4, we are discontinuing support for UCS as a PXE server. Until now, a UCS instance could be used to provide the network installation environment for additional UCS installations. However, customer surveys show that this function is not being used. Instead, alternatives such as hypervisor images or software deployment solutions with PXE support, such as OPSI, are typically employed.

This change does not affect the actual installation of UCS, which can still be automated via profiles.

Through errata updates in recent months, Nubus has been prepared for a new form of delegated administration. This will make it even easier to delegate user and group management for specific parts of the directory.

A typical use case is the organization of accounts into Organizational Units (OUs), that is, separate subtrees in the Directory Service. Organizations can store all accounts belonging to a department, division or subsidiary within such an OU. Administrative rights for managing users and groups within this OU can then be assigned to individuals without granting them any additional administrative privileges. These delegated administrators see only the contents of “their” OUs and can edit users and groups there or create new users.

The implementation is already available as a preview in UCS and is being tested in close collaboration with project partners. If you are interested in testing it, please contact us before using the feature in a production environment.

UCS 5.2-4 also includes preparations for additional new features in Univention Nubus. One of these is a frequently requested enhancement: a recycle bin for the Univention Directory Manager. This will make it possible to easily restore accidentally deleted users and groups. We will share more information about this soon here on the blog and at the Univention Summit at the end of January.

As always, the update includes numerous other security and feature improvements, which are detailed in the release notes and the help article.

We look forward to your feedback, either here on the blog or at help.univention.com.