5.2. Univention Directory Manager (UDM)#
This section describes the technical details for UDM. For a general overview about the UCS management system and the role of UDM, see UCS management system.
You find the source code for UDM at UCS source: management/univention-directory-manager-modules/.
Other packages in UCS can also define UDM modules. The respective packages include the sources for their UDM modules. For example, the following packages also provide UDM modules:
S4 Connector at UCS source: services/univention-s4-connector/
5.2.1. UDM architecture#
Fig. 5.5 shows the architecture for UDM. A description of the elements follows.
- LDAP directory
The data persistence layer consists of the LDAP directory, that provides the domain database, the persistence layer and data source for UDM. For communication with the LDAP directory, UDM uses the Lightweight Directory Access Protocol (LDAP).
UDM uses a two layer architecture for abstraction as shown in Fig. 5.5. Except for the LDAP directory, all shown elements belong to UDM. The first abstraction layer at the bottom is the UDM Python library with the following elements:
- UDM Python library
Provides the library for abstraction and the environment for UDM syntax, UDM modules, and UDM hooks. UDM Python library uses the LDAP directory. You can imagine something similar to an object relational mapper for SQL. UDM Python library provides Python modules and classes below
- UDM Syntax
UDM syntax provides the following capability:
Perform syntax validation on user input data.
Present static values from a predefined list of possible values.
Calculate possible values dynamically upon use.
Specify the layout and widget type for presentation in UMC.
- UDM modules
UDM modules translate LDAP objects to UDM objects and back. They ensure data consistency, validate user input, implement process logic and improve the usability of UCS.
- UDM hooks
UDM hooks are Python classes with methods that can integrate into existing UDM modules together with extended attributes. They offer an alternative to customize UDM.
The second abstraction layer in Fig. 5.5 uses the UDM Python library and offers UDM in UMC, UDM HTTP REST API, the UDM CLI daemon, the UCS@school library, and the UDM Simple API.
- UDM in UMC
Runs the UDM modules inside UMC and presents them to the user over HTTP through the web browser. It creates one process per user session for all UDM modules. UDM in UMC uses the UDM Python library.
- UDM HTTP REST API
Provides the HTTP REST API interface to UDM as a separate service. UDM offers HTTP access through the UDM HTTP REST API to use UDM through a remote interface.
- UDM CLI Daemon
Provides the command-line interface to UDM through one system wide process for each user. The process terminates itself after a default idle time of 10 minutes. The command-line interface uses the UDM Python library.
- UCS@school library
Provides an abstraction in Python for UCS@school. The UCS@school library uses the UDM Python library.
- UDM Simple API
As mentioned before, UDM is highly customizable to the needs of environments, custom services and apps. Custom UDM modules, extended attributes and UDM hooks offer different possibilities for the customization of UDM.
Administrators, refer to Univention Corporate Server - Manual for users and administrators :
5.2.2. Dependencies for UDM#
UDM depends on LDAP. You can resolve the other detailed dependencies with the package manager.
The following services in UCS need UDM:
Active Directory Connector
UDM Python library
And UDM offers its capability to the following items:
Python UDM API
UDM CLI daemon
5.2.3. UDM modules#
UDM modules represent a set of LDAP object classes and their corresponding attributes in UDM objects. They ensure data consistency, validate user input, implement process logic and improve the usability of UCS.
UDM modules exist for almost every LDAP object class. For example, UDM objects
users/user represent different LDAP object classes like
shadowAccount. Another example is the password field at a UDM object
users/user, that creates several password hash types in the different LDAP
object classes for users. UDM presents one password to the user. In the
background it ensures password consistency for different services, that need
different password hash types.
Python is the programming language for UDM modules. During installation UDM modules register themselves in the LDAP directory. The UCS domain replicates the UDM modules to UCS systems across the domain. On the UCS systems, the Univention Directory Listener writes the UDM modules to the systems’ file system. The replication ensures the availability of all UDM modules in the UCS domain alike.
Domain administrators can grant permission to use particular UDM modules in UMC to other users. UDM modules access the LDAP directory with the permissions of the user so that LDAP access control lists for read and write actions apply to the user.
5.2.4. UDM data#
Talking about UDM modules requires a distinction between data describing a UDM object and an LDAP object:
The term properties refers to data fields in UDM objects.
The term attributes refers to data fields in LDAP objects.
UDM modules map between LDAP objects and UDM objects. They format data upon read and write operations to and from the LDAP directory for representation to the user as shown in Fig. 5.6. UDM modules are in the center of the data mapping and emphasize their translation role. For example, widgets in UMC show a human readable representation of the data. Fields that represent a date value offer a calendar widget to the user.
Extended attributes provide the capability to add and customize properties in UDM. They define a mapping between UDM properties and LDAP attributes.