UCS at the SchwuZ in Berlin, Part 2: Synchronizing User Profiles

SchwuZ Keller

We would like to inform you about further mile stones we achieved with our IT project at the Berlin-based cultural event organizer SchwuZ and therefore complement our last blog article bitpack.io modernizes IT at the SchwuZ in Berlin with Univention Corporate Server from last year with instructions on how to setup synchronized user profiles.

Central Domain Management with Samba and Active Directory

Graphic of a company's worldwide network
The release of UCS 4.3 also provides you with the Samba version 4.7 . Compared to older versions, it clearly improves the performance in the area of LDAP queries and replications of group memberships in particular. This offers great benefits, particularly for large organizations with several thousands or even ten thousands of authentication accounts.

But what is Samba in general? How can it be compared to Microsoft‘s Active Directory? Where is it involved in UCS‘s identity management and how can you benefit from it?

In this article I want to present you two solutions for the central detection and authorization of the members of a domain. Both of them enable you to centrally administrate a domain network. They also help to achieve more data protection and significantly increase failure security for your IT systems.

Besides, I want to show you how UCS is able to bridge the gap between the Linux world and the Windows world. By this you can reap the benefits of both systems, instead of having to decide for one and thus restrict yourself.

Brief Introduction: How Can UCS Systems Be Updated Automatically?

Like any operating system manufacturer, Univention usually publishes weekly updates. As an administrator, you want to install them as soon as possible. However, in large UCS environments with many connected servers, manual updates can take a lot of time, which is not always available every week. The easiest way to reduce such a big workload is to automate the task by using policies.

In the following, I want to explain how you can set up an automated update of UCS systems by using the policy ‘maintenance settings.

Central IdM of Cloud to Minimize Risks with Users and Structures

When administrators think about user management (IdM), they often only keep an eye on traditional IT systems. But even in the cloud, where you can buy new services with just a few clicks, it’s extremely important for companies to keep control over their users if they do not want to lose control over who has rights and access in the organization. Otherwise, a dissatisfied or dismissed employee can quickly become a real threat to the entire corporate IT. Or the failure of subsystems can mean that the entire IT can no longer be accessed and all processes in the company are stopped.

Customized Univention Portal Page in Just a Few Steps

Screenshot of a personalized Univention portal

The Univention Portal is the central hub via which users access a Univention system. It is where you can find links to installed applications like webmail. In addition, administrators also have the option of including their own links to external websites. Last, but by no means least, there is also a module here with which users can change their own password.

Univention supports personalization of the portal’s start page – in the best-case scenario, this not only ensures compliance with your corporate identity, but also allows users to identify better with Univention. For example, it is possible to place a number of different applications on the start page, permitting users direct access to them. Yet another option is even more evident immediately: In just a few steps, the portal can be customized with a large-scale background image and a portal logo. Domain administrators can perform this step quickly and with minimal effort.

Best use of LDAP in UCS: Schema Extensions for Adding Attributes & New Object Types

The LDAP server in UCS, like the Active Directory on a Windows server, stores all the information on your domain about all your resources from hardware to employee as objects, namely in a structured and well-defined manner. Every object has some defined attributes of a particular type. Common attributes of a user object are, for example, the user’s surname, password and further valuable information on him. Part of the LDAP is the LDAP schema, which provides the administrator with a clear overview on all objects by describing which types of attributes exist within the LDAP and what attributes they have.

So, if you want to include additional attributes or create entirely new object types, extending the schema might be the way to go.

How to Integrate SAML Single Sign-On in ownCloud App

Graphic about SAML integration for ownCloud

If you need to use various services online, which is by the way the norm, there’s nothing more conventient than using single sign-on (SSO). SSO allows you to log in to all available services in a domain with one password only. UCS provides this feature via the SAML Identity Provider since UCS 4.1.

We chose to implement SAML as the first single sign-on technology in UCS, because of its popularity in the enterprise sector, the high degree of security, and the positive experiences that we ourselves had made with SAML in the years before. Since then, a lot of services and Univention Apps already provide a SAML service provider. Now, we are working on integrating these into the UCS Identity Provider.

Step by Step Guide to a Multi-Server Environment for Effective Protection against Outages and Network Attacks

The cumulative outages of the Amazon Web Services and the attacks on the global DNS network have shown that even large and supposedly professionally protected networks are endangered, too. These incidents also make us aware of the need to distribute critical infrastructures across multiple cloud providers. This distribution is particularly important for centralized authentication services, which provide users and permissions for various services and organizational offices. An outage of a single server system would be a catastrophe for services like AWS where thousands of users and their permissions would be affected simultaneously. This is why I would like to explain to you how you can safeguard your network against outages and criminal attacks. Even if the dimension of your network probably is not comparable to the one of AWS or the DNS network.

Shed Light on the “IT jungle” with a Domain Controller

Image of a man with code in the background
The professional structure of domains and the use of domain controllers bring order to IT infrastructures. This is especially important when organizations are growing rapidly. Professional domain management allows their IT to grow dynamically. Otherwise, the infrastructure becomes a kind of “patchwork carpet” of many small solutions and unorganized resources, some of which act independently of each other, may interfere with each other and thus require a high level of maintenance. Not to mention the complexity of maintaining users twice as often and the risks associated with data replication, data protection, and system reliability.

In the following article, we first explain briefly what a domain is and then describe the tasks of a domain controller. Finally, we become practical and see how the concept of “domain/domain controllers” has been implemented in Univention Corporate Server.