With the release of Univention Corporate Server 5.2, Univention are not only making a significant leap in the version number: they are updating all the software included in Univention Corporate Server (UCS) and completing another milestone in the further development of UCS and Nubus with the full transition to Keycloak as the central Identity Provider (IDP).
Keycloak as the Sole Identity Provider
In UCS 5.2, Keycloak is fully integrated and replaces the components used previously; SimpleSAMLphp and Kopano Konnect. Keycloak not only offers significantly more features but also expanded configuration options in the areas of:
- Single Sign-on (SSO) and Single Logout (SLO) with OIDC, SAML or Kerberos
- Federation
- Custom conditional authentication methods
A migration is necessary for the transition, which can already be carried out with UCS version 5.0. A detailed migration guide is available. An overview of the tested application scenarios can be found in our Keycloak App Manual.
Update of the Base to Debian 12 Bookworm
The current release is based on Debian 12 “Bookworm” and includes two version jumps from Debian 10 “Buster.” For this reason, version UCS 5.0 is directly followed by version UCS 5.2, not stopping at the intermediate step of Debian 11 “Bullseye”, which would have been UCS 5.1. Univention explain the details in a blog post.
The updates include, among others:
- Samba 4.21.1
- OpenLDAP 2.5.13
- PostgreSQL 15
- Docker 20.10
- Linux Kernel 6.1.0-28
Switch to Python 3.11
With UCS 5.2, the standard version of the programming language Python is upgraded from version 3.7 to version 3.11. This affects both product components and extensions such as custom hooks or scripts. At the same time, support for the deprecated version 2.7 is completely removed. If adjustments have not yet been made, they will need to be ported to the new version.
Univention Config Registry (UCR): Validation of Input Values
The Univention Config Registry (UCR), the central interface for local system configuration, now checks and validates input values according to the specified type. This prevents accidental input of invalid values. If necessary, validation can be disabled using the variable ucr/check/type.
Modernization of the Web Interface
The web interface has also been modernized. A particular focus was placed on the integration of tiered elements to simplify navigation and highlight important areas more clearly.
Feature Highlights Since UCS 5.0:
We would like to highlight three special new features that have been introduced with various patch level releases since version 5.0:
OpenID Connect for SSO in the Nubus Portal
With UCS 5.0-9, OpenID Connect (OIDC) was introduced for the UCS web interface, including the portal and Univention Management Console (UMC). OIDC complements the previous SAML protocol of the Nubus Identity Provider and enables new features such as “Backchannel Logout” for Single Logout (SLO) without user interaction. Additionally, content in all open tabs automatically updates after a logout to display the status consistently everywhere.Improved Selective Synchronization in the AD Connection
Also introduced with version UCS 5.0-9, selective synchronization between Nubus and Active Directory has been optimized. Thanks to new Allow and Deny filters, objects can be targeted specifically—both at the subtree and object type level. This reduces unwanted entries and minimizes manual effort.Blocklists in UDM
Since version UCS 5.0-7, blocklists for attributes can be used in the Univention Directory Manager (UDM) to prevent the reuse of email addresses, for example. This avoids giving a new user access to old emails. Once the feature is activated and the blocklists are set up, blocking occurs automatically. Management is conveniently possible through a UMC module.
Support for Mixed Environments
While it was still possible to integrate systems running version 4.4 into the domain under UCS 5.0, UCS 5.2 now only supports mixed environments of versions 5.0 and 5.2.
Regular Patch Level Releases
UCS 5.2 is now available and can be installed. With the release of UCS 5.2, UCS 5.0 enters the maintenance phase, and new features will only be available for version UCS 5.2 in the future. General maintenance for UCS 5.0 will end no earlier than February 2026.
The next patch level releases, UCS 5.2-1 and UCS 5.0-10, are scheduled for mid-March.
Release Notes
The complete list of all improvements and bug fixes for UCS 5.2 can be found in the release notes. Also see the help article on installation.
For more information on Univention please see our web site and contact CustomTech (email info@customtech.com.au or call) to arrange a FREE evaluation and discuss your needs.
Interested? But got questions? A free initial discussion can help provide the answers, book HERE.
(This article is based on original articles by Jan-Luca Kiok on the Univention site).
