Release of UCS 4.2 planned for April 2017


After having released a new version of UCS with new features each November for the last few years, we have decided this year to reschedule the release of UCS 4.2 for April 2017.

There are a number of reasons for this move, one of the primary ones being the migration of apps from the App Center to the use of the container technology Docker. This results in increased security during operation and the possibility of running apps with different system requirements on one and the same system. In addition, this will also allow us to render the updating of UCS itself and the individual apps more independent of each other, thus significantly reducing the efforts required on the part of app developers and users in the case of new releases.

Docker was introduced with UCS 4.1, and since then some of the newer apps are utilizing this technology. The task at hand now is to transfer existing apps to containers without excessive extra efforts being required of the app developers. We have already managed to approve the first three apps in this process and hope that others will follow suit soon.

Independently of these events, we are also noticing that the market demands on our product have increased enormously. UCS is being employed ever more frequently in very large environments. For example, more and more municipalities are tapping the potential offered by our solution for the centralized management of the identities and rights of more than 100,000 users in their schools. In the past, such large-scale projects required some elements to be set up manually, which inevitably led to mistakes being made. We have now invested a great deal of energy in making UCS more robust in such situations and ensuring the selective replication of Active Directory domains in these scenarios is also more stable. We have already passed a number of important milestones and intend to keep following this path in the interest of continuous improvement.

Additionally, we are also continuing to develop the App Center. In the future, app developers will not only be able to manage their own applications autonomously via self services, but will also be able to offer their apps to partners and eventually end customers directly for purchase via the platform. The financial transactions can be processed entirely via the App Center.

We believe that it is far more important at this point in time to offer our customers and partners improved scalability of UCS, increased security when operating apps and an all-round more robust product than to adhere stubbornly to a release tradition. The users and partners we consulted on this matter have also confirmed our perception.

As such, we now intend to launch our release candidate for UCS 4.2 at CeBIT 2017. In addition to an updated Debian basis, we also want to develop a completely new approach for the operation concept: By implementing a central portal page, we aim to allow rapid access to all the applications in the domain as well as administration of the different UCS instances. In doing so, we are making it simple for UCS users throughout an organization to access approved applications quickly and easily.

UCC 3.0 Now Verified as Citrix Ready


A new major version of Univention Corporate Client (UCC), Version 3.0, was released in mid-August. Due to a problem with Citrix Receiver, however, Citrix was not fully supported in that version. Thanks to an update, it has now proved possible to resolve the issue, and complete Citrix support with UCS is now guaranteed once again.

The last release brought with it a changeover of the operating system basis from UCC 3.0 to Ubuntu 16.04 Long Term Support (LTS). The Ubuntu substructure allows users of UCC to benefit both from the large, continuously updated software selection and from the broad hardware support offered by Ubuntu’s use of the latest Linux kernel versions.

In the version of UCC released in August, Citrix was not fully supported, as there was an error in the Citrix Receiver software provided by Citrix and preinstalled by us.

UCC_Icon_592x588_auf_transparentCitrix Receiver allows access to Citrix terminal server services. The use of UCC gives organizations the possibility of customizing their thin client hardware thanks to the wide scope of hardware support offered by Ubuntu in UCC. At the same time, the software administration via Univention Corporate Server (UCS) is performed independently of the thin client hardware employed.

The error in the Citrix Receiver software prevented USB devices operated on the client from being used in the terminal server session. This error affected the Ubuntu version of the Citrix software and thus also UCC. After we alerted Citrix to the issue, they worked intensively in the following weeks to rectify the situation and have now been able to resolve the issue in their own software, with the result that it no longer occurs in the new Citrix Receiver version 13.4. We have now verified UCC 3.0 as Citrix Ready with this new error-free version, and so it is already preinstalled in the new UCC images delivered this week. As a user of UCC 3.0, you will receive them along with an update to your system.

Citrix Ready is a partner program of Citrix and is aimed at hardware and software partners whose products are compatible with Citrix products. In order to ensure that the solutions are compatible, they need to successfully complete the Citrix Ready Verification Program. This process has already been successfully completed for UCC 3.0 following resolution of the error described above, and so UCC 3.0 is now “Citrix Ready verified”. The compatibility of UCC 3.0 with Citrix terminal server environments is thus guaranteed.

UCC 3.0 is available to download via the Univention App Center and can be installed on both standard PC clients and thin clients alike. The clients are administrated centrally via UCS.


Integrate Cloud Service Google Apps for Work in UCS

Logo Google Apps for Work Connector
Browser-supported Office solutions such as Office 365 or Google Apps for Work (now G Suite) make mobile working much easier and reduce administrative efforts, because they are not anymore installed on the computer but run in the cloud. Administrators don’t need to maintain license lists anymore, nor do regular software updates, and incompatibility issues are a thing of the past.

With the connectors “Google App for Work Connector” and „Office 365 Connector“ we developed two apps that help you facilitate administrative tasks as well as make user access safer and easier. Administrators thus manage all users access centrally via UCS while the users themselves access the cloud services from within their working environment with their usual passwords.

In this short video we will show you how you can easily download and integrate the „Google App for Work Connector“ from the Univention App Center and integrate it in your UCS environment.

Ansible Modules for the Automation of UCS-Specific Tasks

Ansible Logo

As a long-term Univention partner, we at Adfinis Sygroup operate UCS environments for many of our customers. We employ Ansible for automation when running different Linux distributions as it standardizes the roll-out of UCS among other things.

Up until now there weren’t any Ansible modules available for UCS-specific tasks. To remedy this, we developed modules based on the standard script interface of Univention Directory Manager for recurring tasks in the maintenance of the directory service with the goal of simplifying the process. These currently include the following:


These modules are included in the Ansible extra modules as of Ansible Version 2.2 and can be used accordingly with Ansible, as can other modules. If additional Ansible modules are developed in the future (and not yet included in Ansible itself), it will be possible to add them to individual projects. The following offers a brief explanation of how these additional Ansible modules can be installed and then provides a brief introduction to the modules listed above.

Cool Solution Moodle – For Cooperative Learning

Moodle Logo

What are “Cool Solutions”?

Cool Solutions is the name we use to describe Univention solutions which expand UCS with practical, advantageous functions and which we successfully employ for our customers. These solutions are regularly showcased in the Univention Wiki in the form of Cool Solutions articles.

In this article I would like to introduce the learning platform Moodle and its interface with UCS. At the end of this article you can also find an interview we conducted with the Chemnitz education authorities, which are currently implementing Moodle in a number of the city’s schools.

How to Integrate with LDAP: “Generic LDAP Connection”


In the blog article series “How to integrate with LDAP”, we introduce a whole range of different options and possibilities for how the LDAP provided by UCS can be expanded or used in cooperation with other services.

In the first section of this article, “Typical Configuration Options”, I will be using an example to demonstrate the sort of information typically required to perform user authentication against the UCS LDAP. I will be taking you through the necessary configuration steps using the project management system Redmine as an example, as this requests all the typical information.

In the second section, “Types of Search Users”, I will go into more detail on the possibilities available to you if it is not possible to search through the UCS LDAP anonymously.

If you are not all that familiar with the topic of LDAP yet, I would recommend you read our blog article: Brief Introduction: What’s Behind the Terms LDAP and OpenLDAP? first of all.

Brief Introduction: RADIUS

IT Netzwerk Sicherheit Illustration

A world which is becoming ever more mobile and the outstanding equipment of individuals with private mobile devices suggest that working and learning are no longer confined to an organization’s own devices, but rather the availability of mobile concepts is now a must. For this to become reality, (private) end devices also require simple access to the company networks without their becoming a gateway for malware or leakage. RADIUS, a tool for the authentication of devices accesses to networks, is offered as an important instrument for the construction of secure, decentralized work structures.

“Kopano to go, please!”


…or: How do I set up my own mail and communication server in just 30 minutes? That’s the question I asked myself when my daughter got her first smartphone and asked for an e-mail address. I needed something which was easy to use (I’m no Linux whiz) and compatible with both the web and smartphones, which also allowed me as a parent to retain some degree of control.

I published the following article on my own blog on August 13, 2016. And because what’s good for families with daughters of course can’t be bad for companies either, my colleagues at Univention thought it would be worth publishing here too.

Brief Introduction: Bring Your Own Device (BYOD)

Bring Your own Device Illustration

The term “bring your own device” also known by the acronyms “BYOD” and “BYOT” refers to the concept of organizations and companies allowing their employees to bring their private, mobile devices to the office and use them. This can present a number of advantages for both employees and organizations alike, for example:

  • Potential for cost savings on devices from the organization’s perspective
  • Employee satisfaction at being able to choose the device freely
  • Simplification of the work/life balance for employees
  • Increased productivity from not being bound to specific locations and schedules

In addition to the advantages listed above, the development also goes hand in hand with a whole range of legal, organizational, and technical challenges.

How can OpenLDAP with UCS be scaled to over 30 million objects?

Serverschränke mit Zahnrädern im Vordergrund

The majority of the environments in which UCS is employed include anywhere from a couple of dozen users up to several thousand – sizes which can be directly implemented with the standard configuration of UCS. In the systems operated by the education authorities we see a leap to between 10,000 and 100,000 users – in this case, the UCS@school concepts allow functioning scaling.

Even including groups, hosts, and other LDAP infrastructure objects in the calculations, these environments rarely exceed 200,000 objects. But what happens when an environment with more than 30,000,000 objects needs to be administrated in LDAP?

Page 1 of 1012345...10...Last »