How to integrate with LDAP – Example Redmine

In the blog article series “How to integrate with LDAP”, we introduce a whole range of different options and possibilities for how you can use LDAP provided by UCS to expand or use in cooperation with other services.

In the first section of this article, “Typical Configuration Options”, I will be using an example to demonstrate the sort of information typically required to perform user authentication against the UCS LDAP. I will be taking you through the necessary configuration steps using the project management system Redmine as an example, as this requests all the typical information.

In the second section, “Types of Search Users”, I will detail the possibilities available to you if it is not possible to search through the UCS LDAP anonymously.

Bitwarden: Open Source Password Manager

Logos von Bitwarden und UCS mit einem Schlüsselbund in der Mitte
Apart from two-factor authentication (2FA), strong passwords are still your best protection against data theft. We already described how you can apply what are known as “password policies” in our article “Secure passwords for the UCS domain”.
In this article, we will go one step further. After a brief refresher on the topic of password managers in general, we will present a concrete software solution that offers a convenient way to store and manage passwords – so that none of your users have to rely on writing down their access data anywhere in plain text.

An introduction to DNS and its relationship with Univention Corporate Server

This article is about the Domain Name System (DNS) and explains how the “Internet’s telephone book” works. Alongside the fundamental details of name resolution on the Internet, we also look at special topics like administering DNS records in dynamic environments and debugging DNS setups during operation. We look at it within the technical framework of Univention Corporate Server, because it contains not only a dyed-in-the-wool DNS server, but also diverse tools to make managing DNS records significantly easier.

LDAP replication: ensuring fail-safe performance and reasonable load distribution

Server in use

It is well-known among IT staff members: the administration tasks (for multiple applications and depending access rights) which apply even with a small amount of users can prove to be very time-consuming. With possible changes of responsibilities or the joining of new staff members, chances are high that uncontrolled growth arises quickly within the IT infrastructure. And not only does this procedure take a lot of time, but it also endangers the security of your system after a while. A common consequence: the administration of users and their access rights becomes a nuisance and tends to get neglected. If not taken on in due time, this problem grows in parallel with the company and will, eventually, cause quite a bit of trouble. To get back in charge as soon as possible, it is recommended to establish a centralized user management in the shape of an Identity Management System.
Quite often, the so-called LDAP directory service (which we have also integrated in UCS) is the core of the identity management system. Meaning „Lightweight Directory Access Protocol“, it rather describes „only“ the protocol itself, even though users tend to adress „the LDAP“, while in fact talking about the LDAP directory service.

LDAP: Last logon timestamp recordings with UCS

In relatively many UCS environments, system administrators have not yet developed consistent processes for detecting, deactivating or deleting inactive user accounts. Over the years, accounts that have not been used for a long time accumulate in the LDAP directory. At Univention, we have developed a new UCS extension on behalf of a customer, which helps to detect such unused accounts. The Lastbind-Overlay-Module and a new Python script detect inactive accounts on LDAP servers, even in large environments with several LDAP instances and distributed system roles.

UCS Samba/AD: How to establish trust with native Microsoft Active Directory domains

Logos von UCS und Windows mit verbindenden Pfeilen

Establishing a trust relationship means giving users of a domain access to the resources of another domain. In some situations this can extend the options for identity management. In the following example, I will refer to the interaction between Samba in UCS and Microsoft Windows. I will explain in detail how a so-called trust relationship can be configured and what the current state of implementation is.

Reporting for professionals: Log activities in the UCS LDAP directory service

Many services and processes running in a domain document their activities fully automatically in the background. The log files contain information about users’ logins to the system, installation and uninstallation of software, access to web pages, error messages and other information. Univention Corporate Server (UCS) also creates such reports – either behind the scenes in the form of log files or by using the UCS Admin Diary. You can also obtain ready-made reports as CSV or PDF files via the Univention Management Console or Shell.

In this article, I would like to show you how to create audit-proof log files of the LDAP directory service with Univention Directory Logger. I’d also like to tell you how to obtain a complete overview of the operations in a UCS domain with Admin Diary and how you can evaluate data from the directory service with Univention Directory Reports.

How To configure the BigBlueButton video conferencing solution for UCS and use it easily

Since the beginning of spring, school authorities and other educational institutions have been faced with the challenge of continuing their teaching with no or only limited face-to-face interaction. This article introduces the web conferencing system BigBlueButton, which may be a possible solution to this problem. In the first part of the article I would like to give you an overview of the most important functions of BigBlueButton and briefly discuss what you need to pay attention to the sizing of the servers and how to deal with problems caused by NAT and firewalls of the users. In the second part, I will explain how to integrate BigBlueButton into your UCS environment step by step so that users can use it with their usual credentials.

Samba 4 and OpenLDAP: SURF relies on UCS

SURF is the cooperative association of Dutch educational and research institutions. One of the goals of our organization is to facilitate research with HPC (High Performance Computing). We run national super computer clusters and provide computing power, data transport, data management and analysis for the Dutch academic community, i.e. to universities, universities of applied science, senior secondary vocational institutions (MBO), UMCs and research institutions.