Digital Sovereignty is an Indispensable Prerequisite for the Resilience of Our IT Systems – First Lessons from the Corona Crisis

We are in the transition to a “new normal”. However it will look different from the normality before the corona pandemic. Step by step areas of life are being ramped up that until recently were in an unprecedented exceptional situation. This involved a lot of stresses, but it has also brought new and valuable insights into how we can organize our lives. The significance of digital communication options has increased enormously. The use of digital technologies has been accelerated tremendously. It became clear that it is important to have systems that function independently of individual providers or even of foreign countries. Systems that are resilient and can react quickly and effectively to a crisis so that stable conditions can be restored.

Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect

The integration of Kopano Konnect in the single sign-on network of Univention Corporate Server is an additional option for users to access a range of various applications that are integrated in UCS via a single, initial login using their user name and password.
The two authentication standards SAML (Security Assertion Markup Language) and OpenID Connect have already been available to UCS users for some time. So far, however, these two technologies have been two separated worlds. If some of the web services used SAML and others OpenID Connect for the authentication against UCS’ identity management, users were forced to log in twice in those environments with multiple services. With the support of the Kopano team, we were able to release an extension of the app “OpenID Connect ID” in the App Center. This is integrating the two standards with each other and thus allows a single authentication process by the end user.
I would like to briefly explain how a single sign-on generally works with UCS. Then I explain the interaction of Kerberos, SAML, and OpenID Connect and show you which functions the new implementation of Kopano Konnect offers to UCS users.

Synchronize Password Hashes between MS Active Directory and UCS

Schaubild: UCS Kerberos-Hashes

Version 4.4-4 of Univention Corporate Server (UCS) comes with some cool new features, one of them being the new AD Connector app. It makes the synchronization of password hashes between a Microsoft Active Directory domain and a UCS domain significantly more secure and less error-prone. While previous versions could only synchronize NTLM hashes, the AD Connector of UCS 4.4-4 also reads newer hashes, the so-called Kerberos keys which allow single sign-on (SSO) to different applications.

I am a second-year trainee at Univention (job description: IT specialist for application development). I was involved in the development of the new feature and mainly had to deal with three tasks: the AD Connector itself, the OpenLDAP overlay module, and the S4 Connector (Samba). In this blog post I’m going to explain what Kerberos hashes are and how I implemented the new feature.

UCS: How to set up LDAP Replication

The central element of every identity management system is usually a directory service, a repository that stores and manages information like user profiles and access privileges, and network resources. Univention Corporate Server (UCS) uses OpenLDAP for this task.
If the directory service is down, many other services are no longer available. In this article we are going to show you how to plan a fail-safe environment for your UCS domain with LDAP replication, i.e., storing an exact copy of the data on multiple servers – this improves the reliability as well as the performance.

Data Ethics & Digital Selfdefense

Using a fake identity to trick Facebook, getting paid for jogging and how to book one and the same hotel room cheaper via VPN – in their keynote speech „Data Ethics & Digital Selfdefense“ at this year‘s Univention Summit, author Pernille Tranberg and journalist Steffan Heuer showed how big our digital footprint actually is and what information we (un-)consciously publish about ourselves on the internet.

Digital Opportunities in Education Simply Too Good to Waste

Tafel mit Aufschrift "What's Next"

What is the current situation?

Compared with other developed countries, Germany’s pupils, teachers, and curricula are lagging far behind in terms of digital education and media skills. The German Minister for Education, Johanna Wanka, has identified two principal reasons for this, which will now be addressed in the new DigitalPakt#D strategy. One the one hand she sees a lack of pedagogic concepts and strategies, and on the other an underdeveloped IT infrastructure. I can agree wholeheartedly with this assessment for many sectors.

Protection Against Ransomware – a Subjective Overview

antivirus. Binary code, technology background

The threat posed by ransomware such as Locky and other malware has been a hot topic on and off in the media for months now. In a number of cases, including some rather more prominent ones, hackers have managed and continue to manage to infect their victims’ files with malware, which encrypts them to the point where they can no longer be used – the files are only made available again once a “ransom” has been paid. The more accesses the user in question has, the higher the damage: if possible, files on servers in the network are also “captured”.

A great deal has already been written on the topic. At this point, I would like – albeit very subjectively – to introduce a couple of approaches for how to protect yourself against such attacks.

How Cloud Service Providers Can Offer Integrated Applications with Real Value for Enterprises

Open-Cloud-Alliance

In this post, I want to help answering the question how cloud and managed service providers can help end user organizations to move faster and more decisively into the cloud. This is of major relevance for the growth of all CSPs and MSPs and a requirement for every provider who wants to be able to compete against the large players like Amazon and Microsoft.

Why bother?

The first question of cause is: Do organizations want to move into the cloud at all? Especially with their internal applications like collaboration software or ERP systems? And as a consequence: Is there an opportunity for service providers at all?