QA: UCS 5.2-2 introduces the new attribute univentionObjectIdentifier

Knowledge Base Community
, , , , ,
1

Overview

Starting with Univention Corporate Server (UCS) 5.2-2, a new LDAP attribute called univentionObjectIdentifier has been introduced. This attribute provides a globally unique identifier for all objects managed through the Univention Directory Manager (UDM). It simplifies object mapping across external systems and ensures consistent tracking in log files.

What is univentionObjectIdentifier?

The univentionObjectIdentifier is a persistent, unique identifier assigned to each LDAP object. Its main purposes include:

  • Ensuring object traceability across distributed systems
  • Supporting auditing and debugging through consistent identifiers in logs
  • Facilitating external system integrations that require consistent referencing of LDAP objects

How is it Introduced?

With the upgrade to UCS 5.2-2, the following actions occur automatically:

  1. New LDAP objects created after the upgrade are assigned a univentionObjectIdentifier automatically.
  2. Existing LDAP objects are migrated during the upgrade process to include this new attribute.

The attribute is introduced by the package:

univention-ldap-config-master

During the join or upgrade process, the following script is executed:

/usr/lib/univention-install/20univention-ldap-config-master.inst

This triggers the main script that assigns the identifier to all applicable LDAP objects:

/usr/share/univention-ldap/univention-update-univention-object-identifier

Is Manual Configuration Possible?

Currently, the generation and assignment of the univentionObjectIdentifier is automatically controlled during object creation or migration. As of UCS 5.2-2, there is no supported UCR variable to disable or modify this behavior.

However, a feature request has been filed to introduce UCR-based control over this mechanism:

  • Feature Request ID: #58472
  • Requested Feature: Ability to enable/disable or configure the generation of univentionObjectIdentifier via a UCR variable

Important Notes

  • This feature is mandatory and integrated into UCS 5.2-2 and cannot currently be disabled.
  • Administrators should ensure that the upgrade scripts run without interruption to avoid partial identifier assignments.
  • For advanced LDAP integrations or log tracking, the univentionObjectIdentifier can now be used as a stable object reference.

Additional Resources