4.3. UCS portal page#

Portal pages offer a central view of all available services in a UCS domain. Requirements strongly differ from small to large environments in organizations, public authorities, or even schools. Therefore, UCS implemented a very flexible and individually customizable concept for portal pages.

As illustrated in Fig. 4.3, portal entries (i.e., links to applications/Apps/services; UDM object type portals/entry) can be assigned to none, one or multiple portal categories. A portal category (UDM object type portals/category) can be assigned to none, one or multiple portals. A portal itself (UDM object type portals/portal) renders all portal categories which are assigned to it.

The portal domain, shipped with every installation, is configured on each server by default. In addition to all installed applications of the domain, links to Univention Management Console as well as the server overview are shown on this portal page.

To change the displayed portal, the Univention Configuration Registry Variable portal/default-dn must be adjusted. After a change, the univention-portal-server service must be restarted.

Custom portals and portal entries can be defined and managed either via the UMC module Portal or directly on the portal site.

After logging in to the portal on the Primary Directory Node or Backup Directory Node, members of the Domain Admins group can edit the portal after clicking on the corresponding entry in the user menu. They now can create new entries on the portal, modify existing entries, modify the order or the design.

Advanced settings, such as adding new portals or setting which group members can see which portal entries can be made using the UMC portal settings module.

By default, all portal entries are displayed for everyone. In the UMC module Portal in the category Login, it can be configured whether anonymous visitors have to sign in before they can see entries. It is also possible to limit certain entries for certain groups. This requires the LDAP attribute memberOf. Nested group memberships (i.e., groups in groups) are evaluated.

Further design adjustments can be made in the file /usr/share/univention-portal/css/custom.css. This file will not be overwritten during an update.

Schema of the portal concept in UCS

Fig. 4.3 Schema of the portal concept in UCS: Portals can be independently defined and assigned to UCS systems as start site; a link entry can be displayed on multiple portals.#

4.3.1. Assign rights for portal settings#

The following describes how to make the UMC module Portal accessible to selected groups or users. This example assumes that a group Portal Admins has been created and members of this group are supposed to be given access to the portal settings.

On a Primary Directory Node an ACL file has to be created first, for example /opt/62my-portal-acl.acl. This file has to have the following content to allow the necessary ACL changes:

access to dn="cn=portal,cn=univention,@%@ldap/base@%@" attrs=children
  by group/univentionGroup/uniqueMember="cn=Portal Admins,cn=groups,@%@ldap/base@%@" write
  by * +0 break

access to dn.children="cn=portal,cn=univention,@%@ldap/base@%@" attrs=entry,@univentionObject,@univentionPortalEntry,
  by group/univentionGroup/uniqueMember="cn=Portal Admins,cn=groups,@%@ldap/base@%@" write
  by * +0 break

Then execute the following command to create an LDAP object for the LDAP ACLs:

$ udm settings/ldapacl create \
> --position "cn=ldapacl,cn=univention,$(ucr get ldap/base)" \
> --set name=62my-portal-acl \
> --set filename=62my-portal-acl \
> --set data="$(bzip2 -c /opt/62my-portal-acl.acl | base64)" \
> --set package="62my-portal-acl" \
> --set packageversion=1

If the ACL is to be deleted again, the following command can be used:

udm settings/ldapacl remove \
  --dn "cn=62my-portal-acl,cn=ldapacl,cn=univention,$(ucr get ldap/base)"

An appropriate UMC policy can now be created via UMC. The following UMC operations must be allowed within the policy:

  • udm-portal

  • udm-syntax

  • udm-validate

  • udm-license

How to create a policy is described in Creating a policy. Now the newly created policy only needs to be assigned to the wanted object, in this case the group Portal Admins. This can also be done directly within the UMC. For this example, navigate to the group module and edit the wanted group there. In the group settings, existing policies for the group object can be selected under Policies. More detailed information about policy assignment is described under Applying policies.