Reporting for professionals: Log activities in the UCS LDAP directory service

Many services and processes running in a domain document their activities fully automatically in the background. The log files contain information about users’ logins to the system, installation and uninstallation of software, access to web pages, error messages and other information. Univention Corporate Server (UCS) also creates such reports – either behind the scenes in the form of log files or by using the UCS Admin Diary. You can also obtain ready-made reports as CSV or PDF files via the Univention Management Console or Shell.

In this article, I would like to show you how to create audit-proof log files of the LDAP directory service with Univention Directory Logger. I’d also like to tell you how to obtain a complete overview of the operations in a UCS domain with Admin Diary and how you can evaluate data from the directory service with Univention Directory Reports.

Connecting Ubuntu and Linux Mint Clients to UCS Domains: New Version of the Univention Domain Join Assistant

The Domain Join Assistant for Univention Corporate Server (UCS) automatically integrates Ubuntu and many Ubuntu-based systems such as Linux Mint into a UCS domain. That way, administrators no longer have to manually configure the client computers. Users can then log into the desktop environment with their UCS credentials – on any client in the domain.
The tool offers a graphical user interface and a command line tool for admins who prefer to work on the shell. We have just released a new version of the Domain Join Assistant that comes with various improvements and supports the latest Ubuntu and Linux Mint versions. In this article I’m going to show you how the tool works and I’m going to introduce the new features.

How To configure the BigBlueButton video conferencing solution for UCS and use it easily

Since the beginning of spring, school authorities and other educational institutions have been faced with the challenge of continuing their teaching with no or only limited face-to-face interaction. This article introduces the web conferencing system BigBlueButton, which may be a possible solution to this problem. In the first part of the article I would like to give you an overview of the most important functions of BigBlueButton and briefly discuss what you need to pay attention to the sizing of the servers and how to deal with problems caused by NAT and firewalls of the users. In the second part, I will explain how to integrate BigBlueButton into your UCS environment step by step so that users can use it with their usual credentials.

Samba 4 and OpenLDAP: SURF relies on UCS

SURF is the cooperative association of Dutch educational and research institutions. One of the goals of our organization is to facilitate research with HPC (High Performance Computing). We run national super computer clusters and provide computing power, data transport, data management and analysis for the Dutch academic community, i.e. to universities, universities of applied science, senior secondary vocational institutions (MBO), UMCs and research institutions.

Secure Communication Processes in UCS with (Self-generated and Signed) Certificates

Certificates – Why and What for

In this article I would like to give you an insight into the topic “Securing the Internet-based exchange of information through certificates”. I’ll take a quick look back at the beginnings of the Internet and the use of protocols such as HTTP, SMTP, POP … and their encrypted transport via SSL or TLS. Above all, however, I would like to explain to you how you can use public certificates with Univention Corporate Server to secure your data transfer or also how you can create trustworthy certificates by yourself with Let’s Encrypt. Completely secure and free of charge on top.

Synchronize Password Hashes between MS Active Directory and UCS

Schaubild: UCS Kerberos-Hashes

Version 4.4-4 of Univention Corporate Server (UCS) comes with some cool new features, one of them being the new AD Connector app. It makes the synchronization of password hashes between a Microsoft Active Directory domain and a UCS domain significantly more secure and less error-prone. While previous versions could only synchronize NTLM hashes, the AD Connector of UCS 4.4-4 also reads newer hashes, the so-called Kerberos keys which allow single sign-on (SSO) to different applications.

I am a second-year trainee at Univention (job description: IT specialist for application development). I was involved in the development of the new feature and mainly had to deal with three tasks: the AD Connector itself, the OpenLDAP overlay module, and the S4 Connector (Samba). In this blog post I’m going to explain what Kerberos hashes are and how I implemented the new feature.

Film Tutorial: How to Add a Windows 10 Computer to a UCS Domain

In our 4-minute film tutorial we will show you how to add a Windows 10 computer to your UCS domain. First, we will prepare the UCS domain by installing the software package “Active Directory Domain Controller” from the Univention App Center. The Active Directory Domain Controller is an app which extends UCS with Active Directory functions. This makes it possible to operate an Active Directory compatible domain controller with UCS and thus login to a Windows client. In addition, replication mechanisms are used to synchronize data with other domain controllers.

Jitsi Meet and the UCS Identity Management

In recent weeks, the increased demand for video conferencing solutions has kept us in the App Center team busy with the question of how Univention can help companies, organizations and school authorities to communicate effectively in digital form without leaving out aspects of data protection. For this reason, we have intensively studied various open source solutions for video conferencing and published quickly Jitsi Meet as an app in the App Center. It is now available to UCS users for easy installation.
Jitsi is a fully encrypted and 100% open source video conferencing solution. The connection to the UCS directory service via LDAP is already configured. Therefore, administrators of a UCS environment can give users access to Jitsi with their regular username and password using the Univention Management Console (UMC). Then Jitsi can be easily accessed from the UCS portal. In this blog post, I would like to show you the most important installation steps and then focus on the different use cases regarding user authentication. Organizations can use Jitsi Meet on Univention Corporate Server (UCS) to specifically control how open they make the access to the app and which users can conduct video conferences.