ID Broker manual for school authorities

Download PDF

Installation

3. Installation#

The ID Broker requires the installation of the UCS app UCS@school ID Connector. The UCS@school ID Connector offers the possibility to connect a UCS@school domain to another UCS@school domain and to provision it with user data. In this case the source is the UCS@school domain of the school authority and the target is the ID Broker system.

For more information about the UCS@school ID connector, see the UCS@school ID connector documentation.

To use the UCS@school ID Connector in conjunction with the ID Broker you have to install the ID Connector Plugin. It uses an API client to create users, groups and OU objects on the ID Broker system. The UCS@school ID Connector creates schools that are not yet synchronized, after the first data change in the school authority system.

3.1. Installation on school authority systems#

Prerequisite for the installation and configuration is a UCS@school domain with an already configured UCS@school app. If you need information about the setup of a UCS@school domain, have a look to the Quickstart Guide for UCS@school as well to the Manual for Administrators.

Another requirement relates to the app UCS@school ID Connector itself. As administrator you can only install the app on UCS@school systems with the system roles Primary Directory Node or Backup Directory Node. This way the UCS@school ID Connector, which is synchronizing data to the ID Broker system, can be used next to an already existing UCS@school ID Connector on the Primary Directory Node which synchronizes data to another target.

If you consider multiple systems with a matching system role for installation, keep the following information about the expected system load in mind:

  • The ID Connector generates a moderate system load during initial provisioning and during school year change.

  • The ID Connector generates low system load during LDAP changes in production operation.

The following steps describe how to install the required components for the ID Connector in your UCS@school domain. Run the commands as user root on the console. For details about the configuration of the ID Connector, see section Configuration.

  1. Install the UCS@school ID Connector app. The app version must be later than 2.3.2:

    $ univention-app install ucsschool-id-connector

  2. Install the ID Broker plugin for the ID Connector:

    $ univention-install id-broker-id-connector-plugin
$ univention-app restart ucsschool-id-connector
$ service univention-appcenter-listener-converter@ucsschool-id-connector stop
$ find /var/lib/univention-appcenter/listener/ucsschool-id-connector/ \
> /var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/ -type f -delete

After the installation you can access the API documentation at: https://[FQDN]/ucsschool-id-connector/api/v1/docs. Replace FQDN with the fully qualified domain name of your UCS system that has the UCS@school ID Connector app installed.

Note

The API is accessible by default on the UCS system and requires authentication upon access to the API endpoints. Nevertheless, we recommend that you do not make the API available directly from the Internet.

Note

To use all features described in id-broker-id-connector-plugin, update to the newest version of the debian package id-broker-id-connector-plugin.

On this page