UCS user template


Thank you for developing product of UCS4! It is awesome!

But I faced with some issue.
I want create user template with disabled options such as “Samba account”, “Kerberos principal” and others. And it seems to me that I cannot do that via web UI.
Maybe you explain me how to do that?

Also I am interested in possibility create template for DSA (en.wikipedia.org/wiki/Directory_System_Agent).
As I understood we are able to use “simple authentication accounts” for such functionality. Could we create a template for this?

Thanks in advance.

Hi sly_roar,

first of all: No it’s not possible!

it’s possible to create user templates as described here http://docs.software-univention.de/manual-4.0.html#users:templates
within univention/templates you can add a Settings: User template and add options which correspond with the option tab in users.

due to UCS is a domain controller it makes no sence to create users which are not really part of the domain (in that case you might create local users) so even you don’t add the ‘sama account’ option in your template your new user nevertheless has the ‘samba account’ or ‘kerberos principal’ activated. there is no way - at least not know - to force a deactivation of these options.

it’s not possible to add the ‘simple authentication accounts’ option in your template so it not possible to controll that behavior via templates too.

hopefully that helps somehow…


Hi nicost,

Thank you for fast reply and good explanation.

In our case we have several NAS which are connected with UCS4 server through connection to AD compatible service. Also we have much of git repositories. For that we use GitBlit and it is using UCS as an usual LDAP server.
Sometimes we need to provide access to these repositories for our clients. But we do not want that accounts of clients were visible in NAS devices.
That is why we need a possibility to create users without “Samba account”.

So we try divide connecting of our internal services to UCS4. Ones are using it as ActiveDirectory server, others as a OpenLDAP server. We thought that we can use user templates for creating users which will be domain users and all the rest, and which will be only LDAP users.

We can create LDAP only users manually via web UI by disabling such options like “Samba” or “Kerberos”. But we cannot do that using templates, don’t we?


Hi sly_roar,

I have examined the problem a bit further and I found out that indeed it’s possible!
the behavior of the user-template looks like a bit buggy and I also found a BUG-report which looks to belong to that issue.

here is what I found out:

[quote]after creating your user-template you might create new users in 3 different ways via the web interface!

[ol][li]Create a user via Users/Users->Add following the Step-by-Step Wizzard[/li]
[li]Create a user via Users/Users->Add Extended Setup[/li]
[li]Create a user via Domain/LDAP-Directory <domain/users->Add[/li][/ol][/quote]
when following the 3rd way everything works like it should - users are created without having selected options checked.

best regards

Hi nicost,

Thank you for your participation and thank you for trying to understand.

You are right. The third way works.
I checked and found that I am able to disable specific options of user account using second way as well.
I mean that if I create user via Users/Users -> Add Extended Setup then new account will be without having selected options checked.

But it is all a manual methods.

Can we uncheck these options directly in user template? So I could just create user and not uncheck its options for disabling by hands.


Hi sly_roar,

as described in my first response

[quote]it’s possible to create user templates as described here docs.software-univention.de/manu … :templates
within univention/templates you can add a Settings: User template and add options which correspond with the option tab in users.[/quote]
you end up in this dialog:

the red marked area takes the options which have a checkbox equivalent in the ‘add user’ dialog. when leaving them empty the default values are set so you have to add at least one option to overwrite these defaults! I guess that’s a bit confusing but now should be more clear, right?!

best regards