Cool Solutions on GitHub

Almost ten years have passed since we published the first Cool Solution for UCS 3.0: in 2011, on November 25 at 8:02 am, we created a new page in the Univention Wiki which collects the Cool Solutions for the different versions of Univention Corporate Server. A lot has happened since then: Many instructions are now available in English and no longer in German, and there is a separate section for the Cool Solutions in the Univention forum.

Univention Summit 2021: transferring a proven format to the web

The Univention Summit looks back on a 13-year tradition as a place of exchange and discussion around the topics of digital sovereignty and sovereign IT infrastructures. This year, for the first time, it had to be purely digital. This article looks back at the challenge of translating such an event, with all its interactivity and discussion spaces, from the real world to the virtual.
In order to realize the 14th Univention Summit as an online event, Univention approached us, Plain Schwarz, last year as an event agency and service provider for the conception and implementation of virtual, hybrid events as well as face-to-face events. We already knew each other through the Open Source environment and shared networks before we worked together for the Summit.

Better together: Sovereign Productivity Suite by Univention, Open-Xchange and Nextcloud for the public sector

We were happy to announce the Sovereign Productivity Suite (SPS) at the Univention Summit on January 29  In cooperation with our partners Open-Xchange and Nextcloud, we are delivering and developing a product combination that is specifically tailored to the public sector for office work and online collaboration as well as digital education offerings.

IT expenses and Covid-19: learnings for companies

Dark server room with red covid-19 badge

Throughout the Covid-19 crisis, the IT requirements in many companies, organizations and governments have fundamentally changed as has the awareness for IT. For many organizations, it saw the widespread adoption of remote working policies. Often, these changes were required to be implemented overnight, when government- issued stay-at-home-orders created a new reality. Here is the take from our partners and customers on how efficiency gains, system integration and task delegation have changed their IT environment.

Let’s take the Corona crisis as an opportunity

Together we will change the world written on the pavement with chalk

The Corona crisis has had a huge impact on our society. Office workers had to start working remotely, medical professionals had countless double shifts and delivery companies went into over drive. Winners and losers everywhere – Amazon grew turnover by 25% in the second quarter of 2020, the cloud computing department of Microsoft saw a 47% growth, we all know Zoom barely held it together, spending hundreds of millions on expanding their server farms.

Digital Sovereignty is an Indispensable Prerequisite for the Resilience of Our IT Systems – First Lessons from the Corona Crisis

We are in the transition to a “new normal”. However it will look different from the normality before the corona pandemic. Step by step areas of life are being ramped up that until recently were in an unprecedented exceptional situation. This involved a lot of stresses, but it has also brought new and valuable insights into how we can organize our lives. The significance of digital communication options has increased enormously. The use of digital technologies has been accelerated tremendously. It became clear that it is important to have systems that function independently of individual providers or even of foreign countries. Systems that are resilient and can react quickly and effectively to a crisis so that stable conditions can be restored.

Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect

The integration of Kopano Konnect in the single sign-on network of Univention Corporate Server is an additional option for users to access a range of various applications that are integrated in UCS via a single, initial login using their user name and password.
The two authentication standards SAML (Security Assertion Markup Language) and OpenID Connect have already been available to UCS users for some time. So far, however, these two technologies have been two separated worlds. If some of the web services used SAML and others OpenID Connect for the authentication against UCS’ identity management, users were forced to log in twice in those environments with multiple services. With the support of the Kopano team, we were able to release an extension of the app “OpenID Connect ID” in the App Center. This is integrating the two standards with each other and thus allows a single authentication process by the end user.
I would like to briefly explain how a single sign-on generally works with UCS. Then I explain the interaction of Kerberos, SAML, and OpenID Connect and show you which functions the new implementation of Kopano Konnect offers to UCS users.

Synchronize Password Hashes between MS Active Directory and UCS

Schaubild: UCS Kerberos-Hashes

Version 4.4-4 of Univention Corporate Server (UCS) comes with some cool new features, one of them being the new AD Connector app. It makes the synchronization of password hashes between a Microsoft Active Directory domain and a UCS domain significantly more secure and less error-prone. While previous versions could only synchronize NTLM hashes, the AD Connector of UCS 4.4-4 also reads newer hashes, the so-called Kerberos keys which allow single sign-on (SSO) to different applications.

I am a second-year trainee at Univention (job description: IT specialist for application development). I was involved in the development of the new feature and mainly had to deal with three tasks: the AD Connector itself, the OpenLDAP overlay module, and the S4 Connector (Samba). In this blog post I’m going to explain what Kerberos hashes are and how I implemented the new feature.

UCS: How to set up LDAP Replication

The central element of every identity management system is usually a directory service, a repository that stores and manages information like user profiles and access privileges, and network resources. Univention Corporate Server (UCS) uses OpenLDAP for this task.
If the directory service is down, many other services are no longer available. In this article we are going to show you how to plan a fail-safe environment for your UCS domain with LDAP replication, i.e., storing an exact copy of the data on multiple servers – this improves the reliability as well as the performance.