4th point release of Uninvention Corporate Server 4.4 is published with some new features and bug fixes. UCS 4.4-4 introduces the logging of LDAP authentications, something that was previously only available via Samba 4. Uninvention developers also put some work into the AD Connector (enhanced security, performance, and compatibility), the Univention App Center and the UCS portal login screen.
Logging LDAP Authentications
4th point release of UCS 4.4 can now log LDAP authentications (to be precise: LDAP BIND) and display a user’s last login. This new feature makes it much easier to spot inactive accounts in your UCS environment which need to be deleted. UCS 4.4-4 ships a new script, which can be called manually or via cronjob, that collects the timestamps and saves the most recent one in the user object on the DC Master server. There are two technical points:
- All LDAP servers in your UCS environment have to be upgraded to UCS 4.4-4 before you enable the feature.
- The load on the LDAP servers will increase, because authentications are no longer just read operations, but also write operations (entries in the database).
Windows Server 2019 and Support for Kerberos Hashes
The UCS app Active Directory Connection is an app in Unvention’s app center that connects an existing AD and a UCS domain and automatically synchronizes data between Microsoft Windows Active Directory and Univention Corporate Server. The new version that’s part of UCS 4.4-4 now officially supports Windows Server 2019. The connector uses standard interfaces, but automatic tests were added and UCS documentation is adapted accordingly.
Synchronizing groups with many members is now a lot faster than in 4.4-3. The AD Connector no longer transfers a full list of all members, but merely synchronizes the changes, such as information about new or removed members. The enhanced synchronization of password hashes from a Microsoft Active Directory domain to a UCS domain has become much more secure. The AD Connector of UCS 4.4-4 now reads newer hashes, the Kerberos keys.