4.5. Univention Management Console modules#

Univention Management Console (UMC) modules are the web-based tool for administration of the UCS domain. They are shown on the portal page (UCS portal page) for logged in administrators. Depending on the system role, different UMC modules are available. Additionally installed software components may bring their own new UMC modules.

UMC modules for the administration of all the data included in the LDAP directory (such as users, groups and computer accounts) are only provided on Primary Directory Nodes and Backup Directory Node s. Changes made in these modules are applied to the whole domain.

UMC modules for the configuration and administration of the local system are provided on all system roles. These modules can for example be used to install additional applications and updates, adapt the local configuration via Univention Configuration Registry or start/stop services.

4.5.1. Activation of UCS license / license overview#

The UCS license of a domain can be managed on the Primary Directory Node via the UMC module Welcome!.

The current license status can be shown by clicking the License info button.

Displaying the UCS license

Fig. 4.5 Displaying the UCS license#

The button Import a license opens a dialogue in which a new license key can be activated (otherwise the core edition license is used as default license). A license file can be selected and imported via the button Import from file…. Alternatively, the license key can also be copied into the input field below and activated with Import from text field.

Installation of most of the applications in the Univention App Center requires a personalized license key. UCS core edition licenses can be converted by clicking Request a new license. The current license key is sent to Univention and the updated key returned to a specified email address within a few minutes. The new key can be imported directly. The conversion does not affect the scope of the license.

If the number of licensed user or computer objects is exceeded, it is not possible to create any additional objects in UMC modules or edit any existing ones unless an extended license is imported or no longer required users or computers are deleted. A corresponding message is displayed when opening a UMC module if the license is exceeded.

4.5.2. Operating instructions for modules to administrate LDAP directory data#

All UMC modules for managing LDAP directory objects such as user, group and computer accounts or configurations for printers, shares, mail and policies are controlled identically from a structural perspective. The following examples are presented using the user management but apply equally for all modules. The operation of the DNS and DHCP modules is slightly different. Further information can be found in Administration of DNS data via Univention Management Console module and Composition of the DHCP configuration via DHCP LDAP objects.

Module overview

Fig. 4.6 Module overview#

The configuration properties/possibilities of the modules are described in the following chapters:

The use of policies (Policies) and the LDAP navigation (LDAP directory browser) are described separately. Searching for objects#

The module overview lists all the objects managed by this module. Search performs a search for a selection of important attributes (e.g., for user objects by first and last name, primary email address, description, employee number and username). A wildcard search is also possible, e.g., m*.

Clicking on the Advanced options button (the filter icon) next to the input field displays additional search options:

  • The Search in field can be used to select whether the complete LDAP directory or only individual LDAP containers/OUs are searched. Further information on the structure of the LDAP directory service can be found in Structuring of the domain with user-defined LDAP structures.

  • The Property field can be used to search for a certain attribute directly.

  • The majority of the modules administrate a range of types of LDAP objects; the computer management for example administrates different objects for the individual system roles. The search can be limited to one type of LDAP object.

  • Some of the internally used user groups and groups (e.g., for domain joins) are not shown by default. If the Include hidden objects option is enabled, these objects are also shown.

Searching for users

Fig. 4.7 Searching for users# Creating objects#

At the top of the table that shows the objects is a toolbar which can be used to create a new object using Add.

There are simplified wizards for some UMC modules (users, hosts), in which only the most important settings are requested. All attributes can be shown by clicking on Advanced. Editing objects#

Right-clicking on an LDAP object and selecting Edit allows to edit the object. The individual attributes are described in the individual documentation chapters. By clicking on Save at the top of the module, all changes are written into the LDAP directory. The Back button cancels the editing and returns to the previous search view.

In front of every item in the result list is a checkbox with which individual objects can be selected. The selection status is also displayed in toolbar at the top of the table, e.g., 2 users of 102 selected. If more than one object is selected, clicking on the Edit button in the toolbar activates the multi edit mode. The same attributes are now shown as when editing an individual object, but the changes are only accepted for the objects where the Overwrite checkbox is activated. Only objects of the same type can be edited at the same time. Deleting objects#

Right-clicking on an LDAP object and selecting Delete allows to delete the object. The prompt must be confirmed. Some objects use internal references (e.g., a DNS or DHCP object can be associated with computer objects). These can also be deleted by selecting the Delete referring objects option.

Similar to editing multiple objects at once, multiple objects can be deleted at once via the Delete button in the toolbar. Moving objects#

Right-clicking on an LDAP object and selecting Move to… allows to to select an LDAP position to which the object should be moved.

Similar to editing multiple objects at once, multiple objects can be moved at once by selecting More ‣ Move to… in the toolbar.

4.5.3. Display of system notifications#

UMC modules can deploy system notifications to alert the user to potential errors like join scripts which have not been run or necessary actions such as available updates. These notifications are shown in the top right corner of the screen and can be viewed again in the Notifications menu, which can be opened by clicking the bell icon in the top right corner of the screen.