New User Questions to understanding Univention Core Edition


#1

Hello,

I’m hoping I’ve posted this in the correct forum.

I’m very new to univention (just discovered it yesterday). I’m coming from using ClearOS for our Zarafa Mail and Domain Controller. Within our office we also use ownCloud and LDAPs on separate servers (not on ClearOS) and we are looking to install an XMPP server to connect our Zarafa Mail for the chat plugin. We’re a SMB with under 20 employees where 8 employees use the various services I mention above.

I’m very interested in univention but would like to better understand the apps available for univention core edition with regards to the services our small company currently uses.

Question #1:
How can I tell which apps in the Core Edition would require an annual fee or are free.

Question #2:
We use a Wildcard SSL Cert on our ClearOS Server. Would we be able to use our Wildcard Cert for Univention Core Edition?

Question #3:
Would we be able to transfer our Zarafa Mail Server to the Zarafa Univention Core Server?

Question #4:
We were never able to get Openldap using ssl (LDAPs) on ClearOS to work. Does Univention Core Edition have openldap so we can securely connect our services (like xmpp) using the users from UCS using ssl?

Thank you in advance for any assistance you can provide.


#2

Hey,

Question #1: How can I tell which apps in the Core Edition would require an annual fee or are free.

Univention itself doesn’t require any payments for any of the apps present in the App Center. The vendors behind those apps might, though, that is correct.

You can find the full catalog of available apps online on Univention’s home page. Simply browse and look at the detail pages for those apps of interest to you. Those pages should mention fees if applicable (at least I hope they do).

Question #4: We were never able to get Openldap using ssl (LDAPs) on ClearOS to work. Does Univention Core Edition have openldap so we can securely connect our services (like xmpp) using the users from UCS using ssl?

I’ll answer this one before #2. In UCS all supported services including LDAP are automatically configured to support SSL/TLS encryption. A UCS server sets up its own certificate authority which is used throughout the UCS domain: each server has its own certificate signed by that authority, and a service running on server Y is using the certificate of server Y for SSL/TLS encryption. This affects but is not limited to Apache, Postfix, Samba, Cyrus, Dovecot…

Question #2: We use a Wildcard SSL Cert on our ClearOS Server. Would we be able to use our Wildcard Cert for Univention Core Edition?

Yes, you would, though the answer is a bit longer than that.

A lot of services running on a UCS server are configured at least partially automatically. Which means that certain configuration files are generated from templates in which the UCR (Univention config registry) replaces placeholders with actual values. However, there are many places where the UCR provides opportunities for the administrator to provide his/her own configuration, either by providing separate variables to set or by enabling the use of additional configuration files (think of conf.d directories). You can also register your own templates with the UCR mechanism, something we regularly use for our clients.

Like I said in the answer to #4 the Apache on a UCS server is configured to use that server’s certificate by default. However, the UCR mechanism described provides variables for the certificate to use – meaning that you simply place your certificate and key file somewhere on the server (pay attention to file ownership and permissions, of course) and set the appropriate variables to the file names you’ve chosen. Restart Apache, and you’re done.

For other services (e.g. Postfix) a similar process applies. For services which aren’t managed by Univention (e.g. a XMPP server) you can adjust the configuration to anything you want as the UCR won’t get in your way; so this is no different from a non-UCS server.

Question #3: Would we be able to transfer our Zarafa Mail Server to the Zarafa Univention Core Server?

Assuming your current Zarafa’s version roughly matches the one available on UCS: kind of yes. Copy the database, copy the attachments, pay attention to the configuration (which should be auto-generated on UCS to work with the LDAP users).

Now comes the tricky part: the user IDs in the new system will most likely not match the ones in the old system. However, Zarafa does provide tools (zarafa-admin) for mapping a store with its internal GUID to the IDs used by an external account authority (the LDAP server). So you can fix those assignments after such a migration.

We’ve done this a couple of times for our customers, too, so I can attest that it works :wink: