Separation of Users in Office 365 Through Synchronization of Several Azure Active Directories

Identities and roles in a Microsoft Azure AD environment can be provisioned very easily thanks to the Office 365 Connector App for UCS. Users can get an easy single sign-on access to Office 365 resources while maintaining control over the information conveyed about each identity.

Moreover, in a UCS environment, precise permissions are often defined to control the visibility of user properties within an organization. Especially in large environments it is necessary that not every user “sees” every other user. For example, the data protection requirements at schools are implemented by UCS@school: The school authorities can administer user accounts centrally across all schools, but users only “see” each other within their own school. In a single Azure AD, such a separation is generally not provided, but the creation of several Azure AD or tenants is expected.

In this article I am going to explain how you can implement such separate setups with UCS for Azure AD more easily and how the scenarios are structured since the last update of the Office 365 Connector App.

Crust: Digital Sovereignty for your Business with the Open Source Salesforce Alternative

Crust is now available in the Univention App Center. What is it and why should you try it out?

About Crust

Image: crust interfaceMore and more organisations are turning to Crust as a Salesforce alternative, for the feature set, the lower costs and the ability to self-host.

The Crust platform includes a CRM, Service Cloud, Enterprise Messaging and an industry-leading Low Code Development Environment for building End-to-End Business Process Management applications.

Crust is a mobile-friendly, customer-scale application, capable of handling giant populations within the application itself. Designed to be either self-hosted or run in the cloud, Crust is 100% extensible with rich API’s and third party application integration features.

How to integrate with LDAP – Example Redmine

In the blog article series “How to integrate with LDAP”, we introduce a whole range of different options and possibilities for how you can use LDAP provided by UCS to expand or use in cooperation with other services.

In the first section of this article, “Typical Configuration Options”, I will be using an example to demonstrate the sort of information typically required to perform user authentication against the UCS LDAP. I will be taking you through the necessary configuration steps using the project management system Redmine as an example, as this requests all the typical information.

In the second section, “Types of Search Users”, I will detail the possibilities available to you if it is not possible to search through the UCS LDAP anonymously.

Brief Introduction: What is a Linux Derivative?

Univention Corporate Server (UCS) and Univention Corporate Server @ school (UCS@school) are Debian derivatives, i.e. operating systems derived from the Linux distribution Debian GNU/Linux. So, what exactly is Linux, what is a Linux distribution, and what does derivative mean? Read on to find out more about these terms and the connection between UCS and Debian GNU/Linux.

How to Deploy Meet Videoconferencing on UCS

Communication is at the core of any business. Lack thereof can create misunderstanding and friction. The fact that today’s modern workplace is no longer bound to a single physical location, has made communication between professionals more challenging though. Fortunately, technologies like email, chat and online video meetings are here to help us out.

The Univention App Center already offered apps for email and chat. And now, you can also make use of the great advantages of video communication thanks to Meet videocalling on UCS.

Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Third Point Release for UCS 4.4

Release 4.4-3 Header

As always, the errata updates of the past months have resulted in many small and large innovations, which we have collected and released with the release of UCS 4.4-3. I would like to give you an overview of the most important new features and an outlook on what we are currently working on. Important new features include better checking of required resources during installation, avoidance of Windows Explorer crashes with extended file system permissions, documentation of best practices in dealing with Windows printer drivers and printer settings, and improvements to the Samba 4 Connector.

After receiving so much positive feedback on our questions in the article UCS 5.0 is coming!, I’d like to use this article to ask you a few questions that are relevant to the further development of UCS 4 and the direction UCS 5 will take. We highly value the UCS user‘s opinion and like to hear what you have to sayuse the comment box below or gladly write to feedback@univention.de.

UCS@school: Automatic Integration of Samba Shares into Nextcloud

The free and open source file hosting solution Nextcloud is available in the Univention App Center either preconfigured or as a virtual appliance and is therefore quickly installed and set up on UCS. Nextcloud can also offer it‘s services on a central server in large, distributed environments and is therefore ideal for integrating network shares from other computers.

The Way to the IT Concept For the Schools In the District of Harz

The district of Harz as a school authority recognized early, that a school has different needs than the public administration. Therefore the school IT is separated from the IT structure of the administrative district. Our structures enable us to remain flexible and to respond to the individual needs of the schools. A special school needs other applications and end devices than a grammar school. Nevertheless, both systems must be manageable and functional.

Web Proxy and “Shalla List” for Access Rules to External Websites and Higher Performance at the Same Time

For the IT administration of organizations with many users, typically also schools, it can be very useful to regulate the access to external websites. From a technical point of view, in order to improve performance when accessing frequently visited pages, but also in terms of restricting access to certain pages, e.g. for security reasons or to protect minors.
The web proxy, which is a central component of UCS@School, is used to improve performance and control data traffic. In this blog article I’ll show you how to configure Squid Proxy with SquidGuard and how to combine both with existing (youth protection) website filters. And with the “Shalla-List-Downloader” I would like to present you a Cool Solution, with which you can further round off this protection and which we have already successfully implemented in various school projects.