Register your own Account – new Self Service for SUSE and UCS

In this article I’m going to introduce our project self-registration of users via UCS Self Services, which we have just implemented for SUSE Software Solutions Germany GmbH and their Bugzilla and openSUSE Build Service (OBS). The OBS platform is mainly used to develop the openSUSE Linux distribution, but also helps to build packages for Fedora, Debian GNU/Linux, Ubuntu and, of course, SUSE Linux Enterprise. At the time of writing this article, the openSUSE Build Service hosts about 26,000 projects, approximately 190,000 packages in 36,000 repositories. About 33,000 developers use the service and have registered an account.

UCS 4.4-4: Fourth Point Release of UCS 4.4

We’ve just published the 4th point release of UCS 4.4: apart from bug fixes and some patches, we added some cool new features and improved numerous apps. For example, UCS 4.4-4 introduces logging of LDAP authentications, something that was previously only available via Samba 4. Our developers also put some work into the AD Connector (enhanced security, performance and compatibility), the Univention App Center and the UCS portal login screen. Read on to find out more about the most important innovations.

UCS@school 4.4 v4 brings improved exam mode, computer room control and ID connector

The UCS@school team released the 4th version of the UCS@school app a few weeks ago. It is technically based on UCS 4.4 and brings some new functions as well as various adjustments and improvements.

In this article, I would like to give you a short overview about the most important new features for administrators and users, especially in the exam mode, computer room and laptop class control, single sign-on and printer control. Very interesting is the new ID-Connector, which enables data transfer between federal state directories, school district directories and school directories.

Separation of Users in Office 365 Through Synchronization of Several Azure Active Directories

Identities and roles in a Microsoft Azure AD environment can be provisioned very easily thanks to the Office 365 Connector App for UCS. Users can get an easy single sign-on access to Office 365 resources while maintaining control over the information conveyed about each identity.

Moreover, in a UCS environment, precise permissions are often defined to control the visibility of user properties within an organization. Especially in large environments it is necessary that not every user “sees” every other user. For example, the data protection requirements at schools are implemented by UCS@school: The school authorities can administer user accounts centrally across all schools, but users only “see” each other within their own school. In a single Azure AD, such a separation is generally not provided, but the creation of several Azure AD or tenants is expected.

In this article I am going to explain how you can implement such separate setups with UCS for Azure AD more easily and how the scenarios are structured since the last update of the Office 365 Connector App.

Secure Passwords for the UCS Domain

Obviously, your first name, cat’s name or mother-in-law’s birthday are not good passwords. Also password or 123456 (actually to be found on the list of the most frequently chosen passwords!) are out of the question. As the administrator of a UCS domain, you can’t prevent users from writing down their passwords or storing them under the keyboard, but you can tweak other settings to make the system more secure.
Policies can, for example, be used to specify a minimum length or to require users to change passwords regularly. In addition, Univention Corporate Server provides a quality check that forces the use of a certain number of numbers, special characters, uppercase and lowercase letters in passwords. This article presents some tips and tricks for setting up a good password policy in an UCS domain. We also show what variables can be set in the Univention Configuration Registry to optimize the whole thing. If you are using Samba in your environment, this article will also explain how to adjust the password requirements for the Samba domain object to those of the new policy.

Third Point Release for UCS 4.4

Release 4.4-3 Header

As always, the errata updates of the past months have resulted in many small and large innovations, which we have collected and released with the release of UCS 4.4-3. I would like to give you an overview of the most important new features and an outlook on what we are currently working on. Important new features include better checking of required resources during installation, avoidance of Windows Explorer crashes with extended file system permissions, documentation of best practices in dealing with Windows printer drivers and printer settings, and improvements to the Samba 4 Connector.

After receiving so much positive feedback on our questions in the article UCS 5.0 is coming!, I’d like to use this article to ask you a few questions that are relevant to the further development of UCS 4 and the direction UCS 5 will take. We highly value the UCS user‘s opinion and like to hear what you have to sayuse the comment box below or gladly write to feedback@univention.de.

UCS@school: Automatic Integration of Samba Shares into Nextcloud

The free and open source file hosting solution Nextcloud is available in the Univention App Center either preconfigured or as a virtual appliance and is therefore quickly installed and set up on UCS. Nextcloud can also offer it‘s services on a central server in large, distributed environments and is therefore ideal for integrating network shares from other computers.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

Technical Difficulties with UCS 4.4-2 Download Image

After the release of the UCS 4.4-2 update, technical problems with the DVD ISO and appliance images of UCS 4.4-2 were discovered that interfere with the operation of some important apps. This prompted us to take them offline until further notice. We continue to make the UCS 4.4-1 images available for download, from which users can then simply upgrade to UCS 4.4-2 without the technical problems. In this blog post I would like to give information about the current status and the background.

UCS 4.4-2: Second Point Release

We’ve just published the second point release for UCS 4.4. Apart from some bug fixes and corrections, we’ve also implemented some new features and, of course, we’ve put some work into numerous apps.

Final Version of the UDM REST API

Looking back at the first point release (UCS 4.4-1 in June 2019), our REST API for the Univention Directory Manager was still in beta stadium. Good news: the interface for accessing the directory service is stable now. The API connects applications to the UCS directory service; access is granted via a web service using HTTPS, and data is exchanged JSON format. So, the REST API offers the same functionality as the udm command line tool.
For example, it simplifies the maintenance of user properties or computer objects from connected systems. Developers of applications offered in the Univention App Center also benefit from the new, standardized access because they are no longer limited to the UDM Python interface. The REST API of the Univention Directory Manager is by default activated on all UCS 4.4-2 DC Master and DC Backup instances.