It‘s been only four weeks that we published UCS 4.3-2, and we already have some more news for you from our development team.
Two weeks ago we published UCS 4.2-5. Essentially this release bundles the nearly 100 errata updates, mainly security updates and stabilizations that were released for UCS 4.2-4. The upcoming errata updates for UCS 4.2-5 will only be available for customers with an enterprise subscription. If you are a Core Edition user, we therefore recommend you to update to UCS 4.3 so that you continue to receive security updates in the future.
New: UCS maintenance mode
UCS 4.3-2 now offers a maintenance mode for importing release updates via Univention Management Console (UMC). UMC is the web-based, graphical user interface for the administration of the entire domain. In the past, when a release update was recorded, short-term failures of the UMC could occur, for example, because the updated services were restarted.
The central management of a heterogeneous network has always been UCS’ strength. This was our goal from the beginning to provide a platform that bridges the Linux/Windows worlds. But how does the synchronization between UCS and Microsoft Windows actually work? The problem is that Windows doesn’t speak the same language as UCS. They don’t support the standard-compliant LDAP protocol that allows the communication between the server and clients in UCS. Microsoft has chosen a different approach for its Active Directory.
Let me explain you today which exact technologies we introduced in Univention Corporate Server to provide a solution to this problem. Among other things, I give you details about the replication process via listener/notifier for OpenLDAP, DRS replication for the Active Directory and the Univention S4 Connector, which synchronizes between Microsoft Windows and Linux.
We released UCS 4.3-1, the first point release for Univention Corporate Server (UCS) 4.3. In addition to a number of security updates, it also brings various new features.
The diagnostics module of the Univention Management Console (UMC), for example, now provides further functional tests. These help administrators to check the “health” of the server and the entire domain. In addition, UCS 4.3-1 has improved its usability, for example with regard to the configuration of e-mail addresses or DNS settings. Furthermore, the integration of very large LDAP scheme extensions and the start of the LDAP server on DC backup and DC slave systems now work much more stable.
Today I like to introduce our new Domain Join Assistant for Univention Corporate Server (UCS). With the new tool, administrators can integrate Ubuntu computers into a UCS domain without any additional manual configuration effort. Thanks to this, all users can log in directly to their Ubuntu desktop using their usual domain accounts. With this automation, we want to make it much easier for administrators to manage Ubuntu clients on the network. Thanks to Kerberos SAML integration, organizations that already use UCS version 4.3, which was released a few weeks ago, can now offer their users single sign-on for the Ubuntu clients.
Please note that the new Domain Join Assistant will also replace the previous Univention Corporate Client (UCC), which we will discontinue. However, customers with a maintenance contract for Univention Corporate Client will receive UCC updates until April 30, 2021.
Release UCS 4.3: Easy administration of portal pages, higher performance and single sign-on for apps
With UCS 4.3 we have integrated numerous security updates – most recently the Samba 4 update of March 13 – and closed hundreds of bugs. But not only, we also focused, among other things, on a significantly higher performance during data import and more convenience in the administration of portal pages or users, for example. In addition to an efficient and easy management of UCS, it was also important to us to create a positive user experience with UCS. Here, worth mentioning milestones are certainly a single sign-on during login to Windows or Linux desktops, which in parallel allows access to the Univention Management Console, Office 365, and ownCloud or Nextcloud, just to name a few of the improvements.
With UCS 4.3 we took another resolute step in the development of UCS into an open platform for IT operations and management in enterprises – whether it is a small organization with just a few users or organizations with hundreds of thousands of users.
The Samba team discovered a critical vulnerablity in the access control of Samba/AD domain controllers. Any authenticated user can change other users’ passwords over LDAP including the passwords of the administrators.
We strongly advise to install the updated Samba packages for all UCS versions currently supported (from UCS 4.1-5 and UCS 4.2-3) which we have distributed today via the usual errata update channels.