Univention Corporate Server 5.0-3

With the point release UCS 5.0-3, the next important step for the further
development of the Univention Corporate Server has been taken - towards more
usability and performance as well as the deeper integration of services and
their central administration. In this blog article, I would like to give you
an overview of the most important new features and improvements bundled in the
release.

Improvements in the Area of Usability: More System Diagnosis Possibilities

for More Efficient Support

Univention Support Info – Provision of Relevant Information

The "Univention Support Info" programme identifies a range of system
information about the UCS system that is in operation, which our Univention
Support team needs to be able to analyse problems and identify the relevant
error sources quickly. This can include, for example, information about
running processes, open network connections, file system utilisation, log
files and aspects of the system configuration. You no longer have to install
this program separately yourself, as it is pre-installed on all UCS instances
and can be used by you.

Optimisation of System Diagnosis to Suit Individual Needs and System
RequirementsYou can deactivate individual tests within the system diagnostics
via UCR. For example, a test that does not make sense to carry out in your
environment should be excluded. The format of the UCR variable you need for
this is:

ucr set diagnostic/check/disable/TEST_NAME = true

Visualisation of Operational Attributes

Operational attributes are internal attributes of the OpenLDAP database. The
database maintains some properties of objects, such as when they were created,
who created them, who last modified them, etc. In the past, retrieving these
values was sometimes a bit more complicated. The extension in the Directory
Manager contained in the UCS 5.0-3 release now lets you visualise the values
using a configuration on the front end and thus also supports various support
scenarios. You can read more about this in our user forum article about
displaying LDAP operational attributes in extended
attributes.

---

---

Step-by-step Saving of Information Around Server Password Changes for Easier
Troubleshooting

We have also improved the usability and provision of information for detecting
errors when changing server passwords. Additional information about all steps
taken to change the password is now saved to make it easier for you to analyse
failed server password changes. This facilitates troubleshooting and
subsequent debugging.

Improvements in the Area of Performance: Cache on User Object Displays

Group Memberships

Determine Group Membership of Users Faster

The group membership of a user in UCS is now conveyed via the "memberof"
attribute of the user. This means you no longer have to search across all
groups for a user but can access a cache on the user object that contains this
information. This considerably speeds up the search for group membership.

Other Features

Synchronisation of Password History

With the new UCS version, to prevent the use of passwords that have already
been used, a user's passwords that have been used in the past are stored in a
history. For this purpose, UCS saves hashes of the passwords in the history.
In the past, the history was saved individually by the system that processes
the password change - this can be OpenLDAP (for changes via UDM and
Kerberos), Samba4 (for changes via desktop systems in the UCS domain) or
Active Directory (when using the AD connector). From now on, these different
histories will be synchronised, so it doesn't matter which system the user
changes their password on since the same overarching password history now
applies.

Highlights from the Univention App Center

Migration to Keycloak

An important milestone has been reached in the step-by-step migration to
Keycloak as identity provider in UCS: In August 2022, we made Keycloak
available as an app in the UCS App Center for integration into UCS in a first
version and have been gradually developing it since then. With the release in
December, the Keycloak app is now also part of our official product support
and is, therefore, also ready for productive use by you.

---

---

Migration of the Identity Provider in UCS – Keycloak App now Part of the

Support Scope

Read more about the features of the identity provider Keycloak in UCS and the
current status of the app in our blog article.

Read more

---

The following additional apps have also been made available for UCS 5.0
since Release 5.0-2 in June 2022:

• OpenProject
• Kopano Core
• Kopano WebApp
• Z-Push for Kopano
• OpenVPN4UCS
• UCS Intercom Service

Updates and improvements have been released for a multitude of other apps. You
can find an overview in the Univention App
Center.

Release Notes

The complete list of all improvements and bug fixes for UCS 5.0-3 can be found
in the Release Notes.

And What Will be Next?

To conclude, I would like to give you a brief overview of our plans for the
further development of UCS for the rest of the year. The next steps are
further feature enhancements in Keycloak and preparation for Release 5.1,
which is planned for the second half of 2023. Essential features in the UCS
5.1 minor release are a Debian release upgrade, a component and feature
upgrade and the introduction of Keycloak as the new default IDP.

In addition, in the coming months, we will also be working on expanding and
developing our roles and rights model for identity management, and like to
further develop the UCS portal. You can listen to more information about the
roadmap of UCS in the presentation of our vice-president Milisav Radmanić at
the Univention Summit in January 2023, which we recorded for you and published
on our Youtube channel: Highway to Univention Products
2023 (German only).

And, of course, as always: If you have any requests or suggestions for
improvement, we look forward to your feedback - here in the blog or on
help.univention.com.

Der Beitrag Univention Corporate Server
5.0-3
erschien zuerst auf Univention.

link