Brief Introduction: SAML- a secure, comfortable web access

SSO-SAML-UCS
SAML – meaning „Security Assertion Markup Language“ – is a standard which enables a Single Sign-On (SSO). Users only log in once and are able to use other programs and services automatically. UCS supports SSO with SAML as well. That‘s why users get not only a central identity by using SAML but also a central log-in with UCS, making web-based working more secure and comfortable.

Journaling for Sysadmins: Admin Diary

“When did I install or remove which app, and when was the last time the password for the UCS server was changed?” Answers to these and many other questions can be found in the Admin Diary, which we introduced with UCS 4.4. It provides a quick overview of all administrative events in a UCS domain, such as software and app installations and updates, creation, modification and deletion of users and other directory service objects, password changes, etc.

Strictly speaking, the new diary consists of two apps that you can easily install in your UCS environment through the Univention App Center: the Admin Diary Backend and the Admin Diary Frontend. The backend collects data from all UCS instances in the domain and stores it in a database. The frontend provides access to this log via a module of the Univention Management Console (UMC) and displays the events.

In this blog article, I will introduce you to both apps and also explain how to run backend and frontend on two different computers. This may be useful, for example, if there already is a dedicated database server in your environment: Then you install the backend there. The frontend will be installed on that system, on which you normally use the UMC (e.g. the Master). Let’s start with the standard option: both on one system.

Simplifying Administration with User Templates – How To

UCS has always focused on centralizing and simplifying the administrative tasks related to the individual components of IT infrastructure. One of the many small tools that can simplify the life of administrators are the so-called user templates. In the following, I will describe how to create the necessary attributes to specify user templates, which for example will automatically create e-mail addresses for the users with their first name and last name in this always constant pattern. I will also show you which settings you need to make in order to apply these templates to different users in your UCS domain.

The Gateway to your IT – (New) Functions of the UCS Portal

For some time now, the portal with its modern appearance and easy administration has been the central entrance to a UCS domain for users and administrators alike. My colleague Johannes has already described the most important functions of the portal in our article How to Configure the UCS Portal Easily with Drag & Drop. With UCS 4.4, we added some new features which I would like to introduce you to in this article.

How to administrate users with UCS

User administration is a key feature of UCS and can be accessed through the „User“ module. In this article and the corresponding Howto video tutorial, I will explain its primary functions. These include:

  • searching for users
  • creating users
  • modifying user attributes
  • the detailed user overview
  • editing passwords of single or multiple users simultaneously
  • deleting users
  • administration of users in groups

How To: Configuring UCS Self Services for New Features

A major benefit of UCS is that users can log in to a variety of services which are operated on UCS and which are used in their respective organisations with the same user name and password they usually use. In the past, users could change their password through the Univention Management Console (UMC). Via the entry User settings / Change password a new password could be set after entering the old one. However, if the user had forgotten their old password, they had to contact the administrator to have them reset the password.

With the current UCS version 4.4, all of this can be done with the new function of the App Self Service without needing help from the administrator. Indeed, all you need is the user’s e-mail address (or mobile phone number to receive an SMS). Moreover, the UCS Self Service enables users to edit their own contact information and, for example, upload a profile picture or enter an address and further data.

How To: Upgrade to the new UCS version 4.4

In March we launched the fourth minor release for Univention Corporate Server 4. The current version 4.4 offers a number of new features, as well as increased security and more convenience. In the blog article UCS 4.4 Release – Admin Diary, Self Services and Windows Domain Trusts we discussed the highlights of the new UCS version. With this article we will now demonstrate how easy it is to update to the new UCS – depending on your personal preferences either through the Univention Management Console (UMC) or using the commandline.

UCS: How to set up LDAP Replication

The central element of every identity management system is usually a directory service, a repository that stores and manages information like user profiles and access privileges, and network resources. Univention Corporate Server (UCS) uses OpenLDAP for this task.
If the directory service is down, many other services are no longer available. In this article we are going to show you how to plan a fail-safe environment for your UCS domain with LDAP replication, i.e., storing an exact copy of the data on multiple servers – this improves the reliability as well as the performance.