Errata Updates for Spectre and Meltdown Problems

Developers at Google have discovered a problem with processors of several different CPU vendors, which can be exploited by software. Due to these security vulnerabilities, unauthorized users may gain access to supposedly protected memory areas.

These problems, known as “Spectre” and “Meltdown”, are specified by the CVE (Common Vulnerability and Exposures) numbers: CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Apparently some of these problems affect most CPUs made by Intel, but also by AMD and ARM, regardless of the operating system in use.

We are currently working hard to provide errata updates for UCS to fix the problem. The current status and links to the errata can be found in the Univention Forum.

I Mattermost now…

I wrote the following article about the ChatOps solution Mattermost on November 26, 2017 for my own Blog “gestreift.net”. As Mattermost has been available in the Univention App Center for a few months now, Univention had the idea to publish this article here for your information, too.

And here we go:

It’s just over a year now since I first wrote about the popularity of Slacking und WhatsApping and explained how to install Rocket.Chat. For a number of reasons, I stumbled across Mattermost a while ago and the time has come to pen a few lines on the how and the why…

Customized Univention Portal Page in Just a Few Steps

Screenshot of a personalized Univention portal

The Univention Portal is the central hub via which users access a Univention system. It is where you can find links to installed applications like webmail. In addition, administrators also have the option of including their own links to external websites. Last, but by no means least, there is also a module here with which users can change their own password.

Univention supports personalization of the portal’s start page – in the best-case scenario, this not only ensures compliance with your corporate identity, but also allows users to identify better with Univention. For example, it is possible to place a number of different applications on the start page, permitting users direct access to them. Yet another option is even more evident immediately: In just a few steps, the portal can be customized with a large-scale background image and a portal logo. Domain administrators can perform this step quickly and with minimal effort.

bitpack.io modernizes IT at the SchwuZ in Berlin with Univention Corporate Server

Foto vom Berliner SchwuZ Klub
Two outdated IT islands were causing problems time and time again at the SchwuZ, a cultural event organizer in Berlin. The existing IT infrastructure at the club was more like a mishmash of decentralized servers and software than an efficient and secure IT server environment. For this reason, the SchwuZ decided to remedy the situation and switched over to new services and state-of-the-art software which run virtually on the basis of Univention Corporate Server. This finally made it possible to establish a productive and reliable IT basis.

We here at bitpack.io accompanied the project from start to finish and would like to present it to you today.

Best use of LDAP in UCS: Schema Extensions for Adding Attributes & New Object Types

The LDAP server in UCS, like the Active Directory on a Windows server, stores all the information on your domain about all your resources from hardware to employee as objects, namely in a structured and well-defined manner. Every object has some defined attributes of a particular type. Common attributes of a user object are, for example, the user’s surname, password and further valuable information on him. Part of the LDAP is the LDAP schema, which provides the administrator with a clear overview on all objects by describing which types of attributes exist within the LDAP and what attributes they have.

So, if you want to include additional attributes or create entirely new object types, extending the schema might be the way to go.

How to Integrate SAML Single Sign-On in ownCloud App

Graphic about SAML integration for ownCloud

If you need to use various services online, which is by the way the norm, there’s nothing more conventient than using single sign-on (SSO). SSO allows you to log in to all available services in a domain with one password only. UCS provides this feature via the SAML Identity Provider since UCS 4.1.

We chose to implement SAML as the first single sign-on technology in UCS, because of its popularity in the enterprise sector, the high degree of security, and the positive experiences that we ourselves had made with SAML in the years before. Since then, a lot of services and Univention Apps already provide a SAML service provider. Now, we are working on integrating these into the UCS Identity Provider.