UCS 4.2-2 Release Notes

Release Notes für die Inbetriebnahme und Aktualisierung von Univention Corporate Server (UCS) 4.2-2


Inhaltsverzeichnis

1. Release-Highlights
2. Hinweise zum Update
2.1. Empfohlene Update-Reihenfolge
2.2. UCS-Installations-DVDs nur noch als 64-Bit-Variante
3. Vorbereitung des Updates
4. Nachbereitung des Updates
5. Hinweise zum Einsatz einzelner Pakete
5.1. Erfassung von Nutzungsstatistiken
5.2. Umfang des Sicherheits-Supports von WebKit, Konqueror und QtWebKit
5.3. Empfohlene Browser für den Zugriff auf Univention Management Console
6. Changelog
6.1. General
6.2. Univention Installer
6.3. Basic system services
6.3.1. Univention Configuration Registry
6.4. Domain services
6.4.1. OpenLDAP
6.4.1.1. LDAP schema changes
6.4.2. DNS server
6.4.3. DHCP server
6.5. Univention Management Console
6.5.1. Univention Management Console web interface
6.5.2. Univention Portal
6.5.3. Univention Management Console server
6.5.4. Univention App Center
6.5.5. Univention Directory Manager UMC modules and command line interface
6.5.6. Modules for system settings / setup wizard
6.5.7. Software update module
6.5.8. Domain join module
6.5.9. Users module
6.5.10. Univention Directory Reports
6.5.11. Process overview module
6.5.12. Policies
6.5.13. Univention Configuration Registry module
6.5.14. Other modules
6.6. Univention base libraries
6.7. System services
6.7.1. SAML
6.7.2. Mail services
6.7.3. Printing services
6.7.4. Nagios
6.7.5. Apache
6.7.6. PAM / Local group cache
6.7.7. NFS
6.8. Virtualization
6.8.1. Univention Virtual Machine Manager (UVMM)
6.9. Container Technologies
6.10. Services for Windows
6.10.1. Samba
6.10.2. Univention AD Takeover
6.10.3. Univention S4 Connector
6.10.4. Univention Active Directory Connection
6.11. Other changes

§Kapitel 1. Release-Highlights

Mit Univention Corporate Server 4.2-2 steht das zweite Point-Release für Univention Corporate Server (UCS) 4.2 zur Verfügung. Es umfasst eine Reihe Funktionserweiterungen und Verbesserungen, neue Eigenschaften sowie diverse Detailverbesserungen und Fehlerkorrekturen. Die wichtigsten Änderungen im Überblick:

  • Das Portal ist nun auch einfach in Cloud Setups nutzbar. So sind die auf UCS installierten Dienste, ohne weitere Konfigurationsschritte, direkt erreichbar. Dafür wandelt das Portal vorhandene Links in relative Links um. Bei Portaleinträgen mit mehreren Links sorgen heuristische Verfahren für die Ermittlung der besten Verlinkung.

  • Die Usability des Managementsystems wurde weiter ausgebaut. So können Benutzer und Gruppen kopiert werden, die Fehlerbehandlung wurde an diversen Stellen verbessert und die Performance gesteigert.

  • Jeder App Anbieter kann sich nun über das App Provider Portal einfache App Appliances erstellen. App Appliances bündeln ein App mit UCS in eine sofort nutzbare virtuelle Maschine. Zusätzlich kann die Integrationstiefe der Apps durch so genannte App Settings deutlich erhöht werden. Diese können vom App Anbieter einfach über das Provider Portal ohne zusätzliche Programmierkenntnisse erstellt werden.

  • Diverse Security Updates wurden in UCS 4.2-2 integriert, bspw. für OpenLDAP, den Linux Kernel, Samba, MySQL und PostgreSQL.

§Kapitel 2. Hinweise zum Update

Während der Aktualisierung kann es zu temporären Ausfällen von Diensten innerhalb der Domäne kommen. Aus diesem Grund sollte das Update innerhalb eines Wartungsfensters erfolgen. Grundsätzlich wird empfohlen, das Update zunächst in einer Testumgebung einzuspielen und zu testen. Die Testumgebung sollte dabei identisch zur Produktivumgebung sein. Je nach Systemgeschwindigkeit, Netzwerkanbindung und installierter Software kann das Update zwischen 20 Minuten und mehreren Stunden dauern.

§2.1. Empfohlene Update-Reihenfolge

In Umgebungen mit mehr als einem UCS-System muss die Update-Reihenfolge der UCS-Systeme beachtet werden:

Auf dem Domänencontroller Master wird die maßgebliche (authoritative) Version des LDAP-Verzeichnisdienstes vorgehalten, die an alle übrigen LDAP-Server der UCS-Domäne repliziert wird. Da bei Release-Updates Veränderungen an den LDAP-Schemata auftreten können, muss der Domänencontroller Master bei einem Release-Update immer als erstes System aktualisiert werden.

§2.2. UCS-Installations-DVDs nur noch als 64-Bit-Variante

UCS-Installations-DVDs werden ab UCS 4 nur noch für 64-Bit-Architekturen bereitgestellt. Vorhandene 32-Bit UCS 3 Systeme können weiterhin über das Online Repository oder über Update DVDs auf UCS 4 aktualisiert werden. Die 32-Bit-Architektur wird für die gesamte UCS 4 Maintenance noch unterstützt.

§Kapitel 3. Vorbereitung des Updates

Es sollte geprüft werden, ob ausreichend Festplattenplatz verfügbar ist. Eine Standard-Installation benötigt min. 6 GB Speicherplatz. Das Update benötigt je nach Umfang der vorhanden Installation ungefähr 1 GB weiteren Speicherplatz zum Herunterladen und Installieren der Pakete.

Für das Update sollte eine Anmeldung auf der lokalen Konsole des Systems mit dem Benutzer root durchgeführt und das Update dort gestartet werden. Alternativ kann das Update über Univention Management Console durchgeführt werden.

Eine Remote-Aktualisierung über SSH wird nicht empfohlen, da dies beispielsweise bei Unterbrechung der Netzverbindung zum Abbruch des Update-Vorgangs und zu einer Beeinträchtigung des Systems führen kann. Sollte dennoch eine Aktualisierung über eine Netzverbindung durchgeführt werden, ist sicherzustellen, dass das Update bei Unterbrechung der Netzverbindung trotzdem weiterläuft. Hierfür können beispielsweise die Tools screen oder at eingesetzt werden, die auf allen UCS Systemrollen installiert sind.

§Kapitel 4. Nachbereitung des Updates

Nach dem Update müssen die neuen oder aktualisierten Join-Skripte ausgeführt werden. Dies kann auf zwei Wegen erfolgen: Entweder über das UMC-Modul Domänenbeitritt oder durch Aufruf des Befehls univention-run-join-scripts als Benutzer root.

Anschließend muss das UCS-System neu gestartet werden.

§Kapitel 5. Hinweise zum Einsatz einzelner Pakete

§5.1. Erfassung von Nutzungsstatistiken

Bei Verwendung der UCS Core Edition (die in der Regel für Evaluationen von UCS herangezogen wird) werden anonyme Nutzungsstatistiken zur Verwendung von Univention Management Console erzeugt. Die aufgerufenen Module werden dabei von einer Instanz des Web-Traffic-Analyse-Tools Piwik protokolliert. Dies ermöglicht es Univention die Entwicklung von Univention Management Console besser auf das Kundeninteresse zuzuschneiden und Usability-Verbesserungen vorzunehmen.

Diese Protokollierung erfolgt nur bei Verwendung der UCS Core Edition. Der Lizenzstatus kann überprüft werden durch den Eintrag Lizenz -> Lizenzinformation des Benutzermenüs in der rechten, oberen Ecke von Univention Management Console. Steht hier unter Lizenztyp der Eintrag UCS Core Edition wird eine solche Edition verwendet. Bei Einsatz einer regulären UCS-Lizenz erfolgt keine Teilnahme an der Nutzungsstatistik.

Die Protokollierung kann unabhängig von der verwendeten Lizenz durch Setzen der Univention Configuration Registry-Variable umc/web/piwik auf false deaktiviert werden.

§5.2. Umfang des Sicherheits-Supports von WebKit, Konqueror und QtWebKit

WebKit, Konqueror und QtWebKit werden in UCS im maintained-Zweig des Repositorys mitgeliefert, aber nicht durch Sicherheits-Updates unterstützt. WebKit wird vor allem für die Darstellung von HTML-Hilfeseiten u.ä. verwendet. Als Web-Browser sollte Firefox eingesetzt werden.

§5.3. Empfohlene Browser für den Zugriff auf Univention Management Console

Univention Management Console verwendet für die Darstellung der Web-Oberfläche zahlreiche JavaScript- und CSS-Funktionen. Cookies müssen im Browser zugelassen sein. Die folgenden Browser werden empfohlen:

  • Chrome ab Version 37

  • Firefox ab Version 38

  • Internet Explorer ab Version 11

  • Safari und Safari Mobile ab Version 9

Auf älteren Browsern können Darstellungs- oder Performanceprobleme auftreten.

§Kapitel 6. Changelog

Die Changelogs mit den detaillierten Änderungsinformationen werden nur in Englisch gepflegt. Aufgeführt sind die Änderungen seit UCS 4.2-1:

§6.1. General

§6.2. Univention Installer

  • Some profile settings have been adjusted to the new Firefox version for the System Setup after the installation (Bug 45321).

§6.3. Basic system services

§6.3.1. Univention Configuration Registry

  • The sequence : in a Univention Configuration Registry variable key is now prohibited (Bug 25095).

§6.4. Domain services

§6.4.1. OpenLDAP

  • The LDAP overlay module pwd_scheme_kinit has been adapted to return more error information if authentication at the Kerberos server fails (Bug 44912).

§6.4.1.1. LDAP schema changes

  • The LDAP attribute univentionUDMPropertyCopyable for extended attributes has been added (Bug 1567).
  • The new attribute univentionUDMPropertyCopyable is now indexed only if the attribute is known to the LDAP server (Bug 44909).

§6.4.2. DNS server

  • The BIND9 name server was not restarted after the automatic password change when using the LDAP backend. This has been fixed (Bug 45090).

§6.4.3. DHCP server

  • The runsv service for the DHCP server is now always started, even when the initial check of the configuration file /etc/dhcp/dhcpd.conf fails. This sometimes happens when BIND and OpenLDAP start too slowly during boot, in which case that is mis-detected as an error in that configuration file (Bug 45065).

§6.5. Univention Management Console

§6.5.1. Univention Management Console web interface

  • The button styling of referenced policy objects has been adapted (Bug 44066).
  • Hidden objects are no longer shown by default in an multi object select widget (Bug 44044).
  • The design of disabled input fields has been improved to be more recognizable (Bug 43402).
  • No duplicated tool tips are shown anymore for the links in the footer of the login page (Bug 44072).
  • A check box to select all entries has been added to widgets with selection choices (Bug 19928).
  • Text in grid cells is now selectable (Bug 44481).
  • A display problem in tables with multiple lines per row has been corrected. Especially DNS zones were affected by this problem (Bug 44431).
  • The design of notifications has been adjusted (Bug 43658).
  • The uninstallation on a base system is now possible (Bug 44894).

§6.5.2. Univention Portal

  • The portal was empty on unjoined systems. Therefore it was not possible to reach UMC for the initial domain join after logging in (Bug 44865).
  • The handling of portal links has been improved to be more robust. Links are now converted to relative links if possible (e.g., on EC2 DC master systems). For multiple links of one portal entry, the best matching link is now being chosen using a heuristic (Bug 44371).

§6.5.3. Univention Management Console server

  • Errors during connecting to the LDAP server are now handled (Bug 39963).
  • Errors during module initialization are now handled (Bug 44670).
  • The SSL security of the UMC server has been strengthened by disabling SSLv3 and making the TLS Ciphers configurable via Univention Configuration Registry (Bug 40998).
  • The build utilities have been adjusted to enhance the creation of translation packages (Bug 44841).
  • The permissions of the log file /var/log/univention/ec2.log have been fixed (Bug 44803).
  • The keywords for the module search on the UMC overview page are now localized (Bug 34960).
  • A crash of the UMC server during uninstallation of a module is prevented (Bug 38375).
  • The UMC web server falls back to English language in case no language is provided in HTTP request, which is the case for clients using UCS 4.1. This makes it possible to join UCS 4.1 Appliances into UCS 4.2 domains (Bug 44719).
  • Using UMC was not possible with multiple docker instances on the system as the browser then sends multiple cookies which caused that the session could not be detected (Bug 45043).
  • A memory leak in the UMC server has been corrected which caused the UMC web server to crash with [Errno24] Too many open files errors (Bug 44965).
  • The uninstallation on a base system is now possible (Bug 44894).
  • Since erratum 139 the Univention Configuration Registry variable umc/module/timeout was not evaluated anymore which caused that the connection to module processes was closed after 30 seconds bug (Bug 45307).

§6.5.4. Univention App Center

  • The initial archives for the App Center meta data have been updated. This also adds Self Service to the software selection during system setup (Bug 44240).
  • Apps may now ship a file describing settings that can be applied dynamically (Bug 44872).
  • The host listing for an installed app incorrectly warned about limited manageability in some cases (Bug 44036).
  • A crash during creation of translation files when the name or description of an app is not set has been fixed (Bug 43896).
  • Docker Apps are now stopped before backing up their data (Bug 44763).
  • Fixed an issue while detecting the installation status during package updates (Bug 43079).
  • Improved speed of download routines for App meta data (Bug 43847).
  • Use docker cp to copy files into the container (Bug 44814).
  • Fixed univention-app update zsync issue (Bug 45180).

§6.5.5. Univention Directory Manager UMC modules and command line interface

  • Group and user objects can now be copied in UMC (Bug 1567).
  • The :umlauts modifier in the template mechanism of e.g. user templates now normalizes all characters (Bug 44370).
  • When creating policy objects the DN of the created object is returned (Bug 43150).
  • The LDAP base could not be modified via UMC anymore since erratum 39. This has been fixed (Bug 43395).
  • An error in the UDM python interface has been fixed which caused that default values containing template variables (e.g. the mail property of a user) were not reset resulting in wrong default values if multiple objects were created at once (Bug 41092).
  • It is prevented to move or remove the own object now (Bug 42526).
  • It is now checked if the create, modify and remove operation is allowed before executing the action (Bug 39253).
  • Objects of type Settings: Service were not editable through the LDAP directory module. This has been fixed (Bug 30214).
  • An error during creation of existing objects has been fixed when policies should be referenced (Bug 38856).
  • The descriptions of properties belonging to print quota policies have been enhanced (Bug 39862).
  • The Span both columns option for extended attributes is functioning again (Bug 40487).
  • An error is prevented when trying to attach an unknown object class to an object (Bug 41802).
  • It is now possible to hide existing properties in the layout via an extended attribute (Bug 43373).
  • More descriptions have been added to the windows settings of user objects (Bug 40964).
  • The UDM CLI now shows a readable error message when the LDAP server is not available (Bug 43975).
  • The home share and home share path properties are now correctly displayed (Bug 37611).
  • It is now possible to remove values from Univention Configuration Registry policies via CLI (Bug 43562).
  • The udm --help output has been cleaned up to improve readability (Bug 31768).
  • The --position argument has been added to the --help output of the udm list command (Bug 29501).
  • The layout of container objects has been adapted so that the configuration options for default containers are visible on the General tab (Bug 33652).
  • The license evaluation now respects renamed default user and group names (Bug 33891).
  • Searching for the printmodel property in printer driver lists is working again (Bug 35925).
  • The DN of objects removed with udm remove --filter is now displayed (Bug 37285).
  • Legacy and unused code has been removed (Bug 29929).
  • The ObjectFlag syntax now allows the value synced (Bug 37676).
  • The syntax check for udm search filter has been improved (Bug 34276).
  • The performance of search filters for user objects has been improved (Bug 28633).
  • The output from the list command of the UDM CLI is now sorted (Bug 34180).
  • Legacy code related to custom attributes has been removed (Bug 41556).
  • The listener module for handling UDM extensions now removes old python files when the file was renamed (Bug 42862).
  • A programmatic error when creating container objects has been fixed (Bug 43396).
  • Error messages now contain more details in case of errors with invalid LDAP DN syntax (Bug 42403).
  • The remove operation of the UDM CLI now allows the option --ignore_not_exists (Bug 40737).
  • A package dependency to python-ipaddr has been added (Bug 28054).
  • Overwritten syntax classes for properties which are shown in a wizard for creating objects can now use ComboBox widgets (Bug 44847).
  • The options of objects are now sorted (Bug 41015).
  • A crash is prevented if a default container contained special characters like , (Bug 42423).
  • A possible crash when loading widget definitions for UDM properties is now prevented (Bug 42466).
  • Some spelling mistakes in the UDM CLI Client have been corrected (Bug 31927).
  • Unused legacy code has been removed (Bug 43299).
  • Legacy code regarding the ordering number of extended attributes has been cleaned up (Bug 32781).
  • A lookup function for the users/self and users/passwd modules have been added for convenience (Bug 37623).
  • The error handling during adding hosts to nagios services has been improved (Bug 38362).
  • The temporary locking objects are removed when an error happens during object creation. This prevents that one needs to save an object twice to create it after resolving the error (Bug 41294).
  • It is currently possible to supply a wrong object type when modifying objects. This erratum prepares for preventing this by adding more error messages to the log files instead (Bug 30368).
  • Passing univention.uldap.access() instances to UDM objects is handled more gracefully (Bug 41368).
  • The detection of DNS TXT and Host records has been improved to not detect objects as the wrong type (Bug 40839).
  • The description for the "options" property of extended attributes has been improved (Bug 39201).
  • An LDAP error is prevented when changing the user password and the "Change password on next login" option at the same time (Bug 42015).
  • Unused legacy code regarding container/dc objects has been removed (Bug 24374).
  • Some undefined python references have been fixed (Bug 36631).
  • Removing the IP range from a network object is possible again (Bug 35074).
  • The hosts property has been added to the settings/umc_operationset (Bug 25187).
  • The description property of settings/umc_operationset is now a required field (Bug 25189).
  • It was not possible to automatically get the next free IP address for a newly created computer object when the license was exceeded (Bug 30351).
  • The group members of printer groups with multiple spool hosts are now detected correctly again (Bug 29707).
  • The validation when removing and modifying printers and printer groups has been corrected (Bug 40765).
  • The Spool Host label of printers and printer groups has been renamed into Print server (Bug 23888).
  • The e-mail property of a user is no longer copyable. The default values for empty properties are now properly evaluated after copying an object (Bug 44908).
  • Support lookup of specific attributes via PostReadControl (RFC 4527) (Bug 43628).
  • The tab that is opened when editing a user in a new tab can now be closed (Bug 40486).
  • LDAP attributes which are required by their schema are now marked as required in UMC (Bug 24601).
  • Some performance optimizations during modification of user and group objects has been done (Bug 37081).
  • The next free sambaRID is used when only a S4 Connector with IPv6 is part of the domain (Bug 25058).
  • The error handling during creation of network objects with an invalid netmask has been improved (Bug 24828).
  • A regression in univention.admin.objects.get() has been fixed which caused that the Univention Corporate Client UMC configuration was not possible anymore (Bug 45116).
  • The mapping of the sambaWriteList property of shares has been corrected to not raise an exception if the value is not set (Bug 45207).

§6.5.6. Modules for system settings / setup wizard

  • It is possible again to install UCS systems without joining directly into any domain when no DNS server is configured during set up (Bug 43402).
  • Adapt univention-app-appliance to changes in UCS 4.2 branding. The package univention-system-activation has been updated to work with UCS 4.2 App Appliances (Bug 44523).
  • The license upload step was displayed first even if no license mail was sent (Bug 44910).
  • A crash during startup of the settings UMC modules has been fixed which occurred if certain values were not correctly encoded (Bug 28070).
  • The host name of a system which joins into an Active Directory domain is now restricted to 13 characters in the initial system configuration (Bug 40212).
  • The network configuration does not list TUN/TAP interfaces as configurable Ethernet interfaces anymore (Bug 33132).
  • The naming restrictions for bridge and bonding network interfaces have been adjusted so that is is not required to have any number in the name anymore (Bug 33131).
  • The error handling when executing system setup scripts has been improved (Bug 32817).
  • The startup of the welcome screen after the setup in appliance mode has been fixed (Bug 44061).
  • The license check during an app appliance join has been fixed (Bug 44995).
  • The univention-system-setup package now depends on gettext-base (Bug 38342).
  • A display error when configuring multiple network interfaces has been corrected (Bug 44194).
  • Fixed a typo on the appliance first steps overlay (Bug 45084).
  • The error handling during the initial system configuration has been improved (Bug 43152).
  • The handling of applying network settings in the setup wizard has been improved to be more robust against network timeouts (Bug 45280).

§6.5.7. Software update module

  • The temporary APT sources.list used for release updates is now removed if any of the pre-update scripts signals an abort condition (Bug 44821).
  • The check for QEMU virtual machines has been removed from the pre-update script (Bug 44842).
  • App updates that merely update software packages inside the App's Docker container are not displayed anymore as these updates are currently not supported through the App Center module (Bug 44623).

§6.5.8. Domain join module

§6.5.9. Users module

  • A warning is now shown if a user name is too long to be usable for a login on Windows clients (Bug 34973).

§6.5.10. Univention Directory Reports

  • The generation of PDF reports has been optimized: They are now generated with the RML language instead of LaTeX. LaTeX reports are still supported by installing the new package univention-directory-reports-latex (Bug 39239).
  • The PDF user report did not include all groups of the user (Bug 45231).

§6.5.11. Process overview module

  • The error handling has been improved when a process stops during the calculation of the CPU consumption of a process (Bug 38738).

§6.5.12. Policies

  • The join script 20univention-directory-policy now aborts on errors (Bug 40247).

§6.5.13. Univention Configuration Registry module

  • The validation of Univention Configuration Registry variable names has been improved (Bug 25095).

§6.5.14. Other modules

  • The start/stop/restart actions are prohibited now if the service is already in that state (Bug 36563).
  • The error handling during starting/stopping/restarting services has been improved: Upon error the service status is shown (Bug 36562).
  • A non-working proxy server is now classified as an critical error in the diagnostic module (Bug 36750).
  • An unset gateway causes an error message to be shown in the diagnostic module (Bug 42155).

§6.6. Univention base libraries

  • Legacy and unused code has been removed in univention-python (Bug 41234).

§6.7. System services

§6.7.1. SAML

  • Optimizations in the UDM module for SAML service providers have been done (Bug 41695).
  • The error handling during the SAML configuration of the UMC service provider has been improved (Bug 44966).
  • The univention-saml Apache site is now disabled upon package removal (Bug 41500).
  • The path to the packages unjoin script has been fixed (Bug 44815).
  • crudesaml has been updated to version 1.8. This corrects a segmentation fault in slapd which occurs during SAML authentication at the UMC server if the certificates are expired (Bug 45042).
  • A segmentation fault in pam-saml has been corrected, which caused the UMC server to crash in certain situations during loading of identity provider metadata (Bug 39355).

§6.7.2. Mail services

  • A regression has been fixed which was introduced in erratum 36. The regression prevented the delivery of mails to shared folders in Cyrus (Bug 44948).
  • The use of UDM utility functions has been corrected in the listener script dovecot_shared_folder.py (Bug 41368).

§6.7.3. Printing services

  • Old code from UCS 2.4 has been removed from the package univention-printserver (Bug 39419).

§6.7.4. Nagios

  • Fixed a nscd Nagios warning on systems with docker apps installed. The check now inspects the processes on the nscd socket instead of just counting the number of running nscd processes (Bug 42812).
  • Fix UNIVENTION_NSCD service (Bug 45186).

§6.7.5. Apache

  • The uninstallation on a base system is now possible (Bug 44894).

§6.7.6. PAM / Local group cache

  • UCS specific patches have been re-applied which got dropped for UCS 4.2-0. This includes the patch for Bug 29393, which allows configuring the memory for parsing large groups through the Univention Configuration Registry variable pamaccess/maxent (Bug 45039).

§6.7.7. NFS

  • Remove remaining HA support (Bug 32272).
  • Remove port 4660 from firewall (Bug 33254).
  • Start NFS server for first NFS share (Bug 45101).
  • Make RPCNFSDCOUNT configurable (Bug 25446).

§6.8. Virtualization

§6.8.1. Univention Virtual Machine Manager (UVMM)

  • It is now possible to open virtual machines in a new tab via the UMC module (Bug 24721).
  • The MAC address in the network interfaces view of a virtual machine can be selected again (Bug 44481).

§6.9. Container Technologies

  • UDM objects with the object flags synced and docker can now be deleted (Bug 43846).
  • The script univention-fix-ucr-dns is installed in Docker containers too (Bug 45040).
  • Disable update check on boot in container mode (Bug 45103).
  • The docker service is now restarted right after installation to ensure the correct storage backend is used immediately (Bug 44986).
  • Always apply docker iptables rules (even if the univention-firewall is disabled) in Univention firewall. Can be configured with the Univention Configuration Registry variable security/packetfilter/docker/disabled (Bug 44829).

§6.10. Services for Windows

§6.10.1. Samba

  • Skip re-provision of Samba on DC Master and DC Backup if the system already provides the S4-Connector service and sam.ldb and secrets.ldb look functional (Bug 44787).
  • Fixed an error in univention-samba4.prerm (Bug 44936).
  • Fixed en error message due to missing phpldapadmin-config.php (Bug 33235).

§6.10.2. Univention AD Takeover

  • Unused legacy code has been removed (Bug 43299).

§6.10.3. Univention S4 Connector

  • Fix CNAME and PTR record deletion in the S4-Connector (Bug 43072).
  • Some objects were identified as the wrong object type. The identification handling has been fixed (Bug 44976).
  • It is possible to start the S4 Connector service process in foreground (Bug 45001).
  • During sync_to_ucs remember entryCSN of msGPO changes to be able to identify and skip them later in sync_from_ucs (Bug 43628).

§6.10.4. Univention Active Directory Connection

  • The error handling in the Active Directory setup has been improved during looking up the _domaincontroller_master._tcp SRV record in case no DNS servers are available (Bug 44849).

§6.11. Other changes

  • The package python-trml2pdf has been moved to maintained (Bug 39239).
  • Configure systemd-journald.service for time limited log retention (Bug 44234).
  • The packages univention-system-activation, phantomjs and univention-app-appliance are now maintained (Bug 44990).
  • The transition from bootsplash to welcome screen is now flicker free. Improved systemd integration for the welcome screen. Crashes and graphic errors on VirtualBox and VMware have been fixed. Always use framebuffer driver to ensure a working welcome screen (Bug 44061).
  • The welcome screen design has been improved and adapted to the UCS 4.2 design style. The FQDN has been removed from the screen (Bug 45031, Bug 45025).
  • Fix for hard to read status messages during boot because they were overlaid by the appliance logo (Bug 44952).
  • Fixed calling univention-fix-ucr-dns when not default gateway is set (Bug 45120).
  • The package libjsoncpp is now maintained as a new dependency of firefox-esr (Bug 44858).
  • The packages jquery-goodies and wxwidgets3.0 are now maintained as a new dependency of erlang (Bug 45216).