When administrators think about user management (IdM), they often only keep an eye on traditional IT systems. But even in the cloud, where you can buy new services with just a few clicks, it’s extremely important for companies to keep control over their users if they do not want to lose control over who has rights and access in the organization. Otherwise, a dissatisfied or dismissed employee can quickly become a real threat to the entire corporate IT. Or the failure of subsystems can mean that the entire IT can no longer be accessed and all processes in the company are stopped.
Developers at Google have discovered a problem with processors of several different CPU vendors, which can be exploited by software. Due to these security vulnerabilities, unauthorized users may gain access to supposedly protected memory areas.
These problems, known as “Spectre” and “Meltdown”, are specified by the CVE (Common Vulnerability and Exposures) numbers: CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Apparently some of these problems affect most CPUs made by Intel, but also by AMD and ARM, regardless of the operating system in use.
We are currently working hard to provide errata updates for UCS to fix the problem. The current status and links to the errata can be found in the Univention Forum.
One of the highlights of the second point release of Univention Corporate Server (UCS) are the significant enhancements UCS 4.2-2 offers for managing services and apps that are hosted in public cloud services such as the Amazon Marketplace. Services installed on UCS can now be accessed directly without any further configuration effort. Our development department has extended access to these services via the UCS Portal by converting the links to relative links. For portal entries for which there are several links, heuristic procedures determine the best link.
More than two years after the start of one of the largest projects in which Univention has been involved to date, a new mail platform with over 30 million managed end users finally went online in late 2016. UCS takes care of the identity management duties for all the user accounts.
I first reported on the challenges of the project almost a year ago in the article How can OpenLDAP with UCS be scaled to over 30 million objects?. However, it is now no longer a “gray theory” – the project has now gone live and the LDAP has had to cope with the strain of thousands of accesses every second in real time ever since.
Today, I would like to provide you with an update and share with you some of our most important findings from the going live process.
With UCS 4.2-1 the first point release for Univention Corporate Server 4.2 is now available.
It includes various detail improvements and error corrections. Some of the most important changes are:
- The forwarding of e-mails per each mail user can now be saved in the UCS management system.
- Improvements in changing the password in the Univention Management Console: From now on, also users from a Microsoft Active Directory domain can change their expired passwords. In addition, more hints are now displayed if the password change should fail.
- The possibilities for IPv6 (Internet Protocol Version 6) configuration have been improved in various services, for example in the Nagios or proxy server configuration and in the UCS management system.
Listener modules support you in your administrative work by synchronizing and controlling all changes in the UCS’ OpenLDAP Einacross all connected services – Learn how to build and use them!
You are surely using a variety of (cloud) services in your organization and, if required, these services will make changes to your directory service, either Active Directory or OpenLDAP. In heterogeneous environments, where UCS is typically used, the question is, how can service A notice the changes that service B has made to certain objects in the directory, and that are relevant to both services? For example, when a new printer has been added to the network, and has joined the UCS domain, the list of printers is updated in the configuration file of the printer service (CUPS) and the service reloaded.
Univention Corporate Server 4.2 Released: Improved Operating Concept and lots of New Technology under the Hood
In the past months, our development department has worked intensively on bringing all the important UCS components to the latest state-of-the-art.
Today, we have published the Release Candidate UCS 4.2. Highlight of the release is the new, freely configurable online portal, which you can flexibly adapt to your needs and the one of your organization. Further, a lot less obvious changes we have made are: We have updated the distribution base of UCS to Debian 8 (Jessie) and we have now made natively available a large part of the Debian packages. Hence, we can provide important security and product updates much faster than ever before.
We will release UCS 4.2 beginning of April 2017. Everyone who is curious to know more about UCS 4.2 can see a live demonstration of the Release Candidate at the CeBIT in hall 3 / booth D36-620 till Friday this week.
Today, we released the second milestone of Univention Corporate Server 4.2, which is available as DVD-ISO for amd64.
Information on download and installation of the milestone as well as further information on the scope and schedule of the new version can be found in the blog article about the first milestone.
In this article we would like to inform all IT administrators and IT-interested people about the possibilities of a trust between two domains (UCS Samba/AD and Microsoft AD). To set up a trust is to give users of one domain access to the resources of another. This can increase the scope for actions in some situations!
In our example, we will specifically refer to the interaction between Samba in UCS and Microsoft Windows, explaining in detail how a so-called trust relationship can be configured and informing about the current state of implementation.