LDAP replication: ensuring fail-safe performance and reasonable load distribution

Server in use

It is well-known among IT staff members: the administration tasks (for multiple applications and depending access rights) which apply even with a small amount of users can prove to be very time-consuming. With possible changes of responsibilities or the joining of new staff members, chances are high that uncontrolled growth arises quickly within the IT infrastructure. And not only does this procedure take a lot of time, but it also endangers the security of your system after a while. A common consequence: the administration of users and their access rights becomes a nuisance and tends to get neglected. If not taken on in due time, this problem grows in parallel with the company and will, eventually, cause quite a bit of trouble. To get back in charge as soon as possible, it is recommended to establish a centralized user management in the shape of an Identity Management System.
Quite often, the so-called LDAP directory service (which we have also integrated in UCS) is the core of the identity management system. Meaning „Lightweight Directory Access Protocol“, it rather describes „only“ the protocol itself, even though users tend to adress „the LDAP“, while in fact talking about the LDAP directory service.

Film Tutorial: How to Use User Templates in UCS

With user templates, Univention Corporate Server (UCS) offers a proven instrument to minimize the effort of IT admins. Who doesn’t know these slight doubts: Does the e-mail address of the new intern have the correct syntax? Has the new colleague been added to the right user group? The user templates help to dispel these and similar doubts and create user accounts consistently. This saves time and ensure that no important attributes and settings are forgotten.

LDAP: Last logon timestamp recordings with UCS

In relatively many UCS environments, system administrators have not yet developed consistent processes for detecting, deactivating or deleting inactive user accounts. Over the years, accounts that have not been used for a long time accumulate in the LDAP directory. At Univention, we have developed a new UCS extension on behalf of a customer, which helps to detect such unused accounts. The Lastbind-Overlay-Module and a new Python script detect inactive accounts on LDAP servers, even in large environments with several LDAP instances and distributed system roles.

UCS Samba/AD: How to establish trust with native Microsoft Active Directory domains

Logos von UCS und Windows mit verbindenden Pfeilen

Establishing a trust relationship means giving users of a domain access to the resources of another domain. In some situations this can extend the options for identity management. In the following example, I will refer to the interaction between Samba in UCS and Microsoft Windows. I will explain in detail how a so-called trust relationship can be configured and what the current state of implementation is.

Reporting for professionals: Log activities in the UCS LDAP directory service

Many services and processes running in a domain document their activities fully automatically in the background. The log files contain information about users’ logins to the system, installation and uninstallation of software, access to web pages, error messages and other information. Univention Corporate Server (UCS) also creates such reports – either behind the scenes in the form of log files or by using the UCS Admin Diary. You can also obtain ready-made reports as CSV or PDF files via the Univention Management Console or Shell.

In this article, I would like to show you how to create audit-proof log files of the LDAP directory service with Univention Directory Logger. I’d also like to tell you how to obtain a complete overview of the operations in a UCS domain with Admin Diary and how you can evaluate data from the directory service with Univention Directory Reports.

How To configure the BigBlueButton video conferencing solution for UCS and use it easily

Since the beginning of spring, school authorities and other educational institutions have been faced with the challenge of continuing their teaching with no or only limited face-to-face interaction. This article introduces the web conferencing system BigBlueButton, which may be a possible solution to this problem. In the first part of the article I would like to give you an overview of the most important functions of BigBlueButton and briefly discuss what you need to pay attention to the sizing of the servers and how to deal with problems caused by NAT and firewalls of the users. In the second part, I will explain how to integrate BigBlueButton into your UCS environment step by step so that users can use it with their usual credentials.

Samba 4 and OpenLDAP: SURF relies on UCS

SURF is the cooperative association of Dutch educational and research institutions. One of the goals of our organization is to facilitate research with HPC (High Performance Computing). We run national super computer clusters and provide computing power, data transport, data management and analysis for the Dutch academic community, i.e. to universities, universities of applied science, senior secondary vocational institutions (MBO), UMCs and research institutions.

Secure Communication Processes in UCS with (Self-generated and Signed) Certificates

Certificates – Why and What for

In this article I would like to give you an insight into the topic “Securing the Internet-based exchange of information through certificates”. I’ll take a quick look back at the beginnings of the Internet and the use of protocols such as HTTP, SMTP, POP … and their encrypted transport via SSL or TLS. Above all, however, I would like to explain to you how you can use public certificates with Univention Corporate Server to secure your data transfer or also how you can create trustworthy certificates by yourself with Let’s Encrypt. Completely secure and free of charge on top.

Create an SSO Login for Applications to Groups

SSO mit SAML für UCS-Gruppen
Since the introduction of single sign-on support in Univention Corporate Server (UCS) via Secure Authentication Markup Language (SAML), an administrator can assign a user within the user object to those applications, called service providers in the SAML context, he or she can log in to via single sign-on. As for administrators in organizations with many users, this assignment can be time-consuming.