Connecting Ubuntu and Linux Mint Clients to UCS Domains: New Version of the Univention Domain Join Assistant

The Domain Join Assistant for Univention Corporate Server (UCS) automatically integrates Ubuntu and many Ubuntu-based systems such as Linux Mint into a UCS domain. That way, administrators no longer have to manually configure the client computers. Users can then log into the desktop environment with their UCS credentials – on any client in the domain.
The tool offers a graphical user interface and a command line tool for admins who prefer to work on the shell. We have just released a new version of the Domain Join Assistant that comes with various improvements and supports the latest Ubuntu and Linux Mint versions. In this article I’m going to show you how the tool works and I’m going to introduce the new features.

Release UCS 4.4-5 brings improvements in Single Sign-on, Self Service, more performance for LDAP and compatibility with Python 3

The release of version 4.4-5 of Univention Corporate Server (UCS) brings a series of technical innovations for the Single Sign-on of users to applications connected to UCS. There are also new functions for the UCS Self Service. Users can now register themselves at a UCS domain via the User Self Service and create a user account, assign a user name and password, and store further information. Performance improvements in the LDAP directory service have accelerated the replication of groups. And in preparation for UCS 5.0, which is scheduled for release at the end of this year, our development department has made more than 45 UCS packages compatible with Python 3. So when you upgrade to UCS 5.0, the corresponding code parts in UCS will run for both Python 2 and Python 3. In addition, we have also published a preview of the new UCS 5 portal as an app in the App Center for testers. It already brings important new technical features such as embedding apps directly into the portal page.

Synchronize Password Hashes between MS Active Directory and UCS

Schaubild: UCS Kerberos-Hashes

Version 4.4-4 of Univention Corporate Server (UCS) comes with some cool new features, one of them being the new AD Connector app. It makes the synchronization of password hashes between a Microsoft Active Directory domain and a UCS domain significantly more secure and less error-prone. While previous versions could only synchronize NTLM hashes, the AD Connector of UCS 4.4-4 also reads newer hashes, the so-called Kerberos keys which allow single sign-on (SSO) to different applications.

I am a second-year trainee at Univention (job description: IT specialist for application development). I was involved in the development of the new feature and mainly had to deal with three tasks: the AD Connector itself, the OpenLDAP overlay module, and the S4 Connector (Samba). In this blog post I’m going to explain what Kerberos hashes are and how I implemented the new feature.

Register your own Account – new Self Service for SUSE and UCS

In this article I’m going to introduce our project self-registration of users via UCS Self Services, which we have just implemented for SUSE Software Solutions Germany GmbH and their Bugzilla and openSUSE Build Service (OBS). The OBS platform is mainly used to develop the openSUSE Linux distribution, but also helps to build packages for Fedora, Debian GNU/Linux, Ubuntu and, of course, SUSE Linux Enterprise. At the time of writing this article, the openSUSE Build Service hosts about 26,000 projects, approximately 190,000 packages in 36,000 repositories. About 33,000 developers use the service and have registered an account.

Practical Use of the REST API Using the Example of EGroupware

The Univention Directory Manager (UDM) enables access to content in the LDAP directory service, for example viewing, editing, deleting, and moving of objects (users, groups, computers, printers, shares, etc.).
The UDM can be accessed and controlled via both the web interface and the command line. In UCS 4.4-2, a third option has now also been added: the REST API. This interface connects applications with the UCS directory service via HTTPS and supports the maintenance of the user properties or computer objects of the connected systems.
This article begins by explaining the technical background of the REST API and its implementation in UCS.
During the implementation of the REST API, an exciting exchange took place between Univention and the developers at EGroupware GmbH in Kaiserslautern, Germany. As a result, EGroupware became the first solution to employ the new interface in the Univention App Center. In the second section of the article, Ralf Becker from EGroupware explains the implementation of the new API and the advantages it offers providers of third-party applications.

UCS 4.4-4: Fourth Point Release of UCS 4.4

We’ve just published the 4th point release of UCS 4.4: apart from bug fixes and some patches, we added some cool new features and improved numerous apps. For example, UCS 4.4-4 introduces logging of LDAP authentications, something that was previously only available via Samba 4. Our developers also put some work into the AD Connector (enhanced security, performance and compatibility), the Univention App Center and the UCS portal login screen. Read on to find out more about the most important innovations.

UCS@school 4.4 v4 brings improved exam mode, computer room control and ID connector

The UCS@school team released the 4th version of the UCS@school app a few weeks ago. It is technically based on UCS 4.4 and brings some new functions as well as various adjustments and improvements.

In this article, I would like to give you a short overview about the most important new features for administrators and users, especially in the exam mode, computer room and laptop class control, single sign-on and printer control. Very interesting is the new ID-Connector, which enables data transfer between federal state directories, school district directories and school directories.

Separation of Users in Office 365 Through Synchronization of Several Azure Active Directories

Identities and roles in a Microsoft Azure AD environment can be provisioned very easily thanks to the Office 365 Connector App for UCS. Users can get an easy single sign-on access to Office 365 resources while maintaining control over the information conveyed about each identity.

Moreover, in a UCS environment, precise permissions are often defined to control the visibility of user properties within an organization. Especially in large environments it is necessary that not every user “sees” every other user. For example, the data protection requirements at schools are implemented by UCS@school: The school authorities can administer user accounts centrally across all schools, but users only “see” each other within their own school. In a single Azure AD, such a separation is generally not provided, but the creation of several Azure AD or tenants is expected.

In this article I am going to explain how you can implement such separate setups with UCS for Azure AD more easily and how the scenarios are structured since the last update of the Office 365 Connector App.

Third Point Release for UCS 4.4

Release 4.4-3 Header

As always, the errata updates of the past months have resulted in many small and large innovations, which we have collected and released with the release of UCS 4.4-3. I would like to give you an overview of the most important new features and an outlook on what we are currently working on. Important new features include better checking of required resources during installation, avoidance of Windows Explorer crashes with extended file system permissions, documentation of best practices in dealing with Windows printer drivers and printer settings, and improvements to the Samba 4 Connector.

After receiving so much positive feedback on our questions in the article UCS 5.0 is coming!, I’d like to use this article to ask you a few questions that are relevant to the further development of UCS 4 and the direction UCS 5 will take. We highly value the UCS user‘s opinion and like to hear what you have to sayuse the comment box below or gladly write to feedback@univention.de.