Relution Server 5.18
LDAP Configuration
Lightweight Directory Access Protocol (LDAP) is a standardized protocol for managing and querying information in a directory service, often used for authentication and authorization in networks. Relution has supported the connection of LDAP based directory services since its inception. Until now, to successfully connect an LDAP, the configuration had to be done in the server configuration file. Since the new version it is possible to configure the LDAP based directories via the admin console. For this purpose, there is a new configuration item "LDAP synchronization" in the settings.
The new configuration interface is divided into individual areas for server configuration and user, group and class synchronization. In each area, there is the option to test the configuration in advance without having to restart the server as before. In addition, the user receives an overview in advance of which objects will be synchronized. In the server configuration, there is also the option to trust self-signed certificates and to read out the base DN from the LDAP server.
In the global "Store" client there is an additional function to assign objects in individual clients via LDAP filters. This makes it possible to connect a global LDAP server and assign the objects to individual clients.
In the detailed view of an LDAP provider, there is a detailed overview of which and how many objects were synchronized and when.
If an error should have occurred during a synchronization, this can be seen directly in the user interface.
To transfer the existing migration from the server configuration file to the new configuration interface, the configuration must be created in the interface and removed from the configuration file in the second step. The provider name must not change in the process. After a restart of the server, the configuration is active.
Global permissions
In the "store" client, it is possible to publish only created permissions globally in order to use them in the subordinate clients.
In the clients, the public permissions are read-only and can be assigned to users or groups.
Impersonation
In "system" clients, the system administrator has the option of assuming the identity of another user. This function can now be disabled via the configuration file with the parameter "relution.security.impersonation.enabled=false".
Java 11 discontinuation
In this release, Relution supports Java versions 11 and 17. Long Term Support (LTS) for Java 11 ends on September 30, 2023. Starting with Relution version 5.21, support for Java 11 will be discontinued. All on-premises servers must be upgraded to Java 17 by then.
The SaaS environments and Docker installations have already been updated.
Bypass the activation lock
In the iOS and macOS policies, there is a new configuration called "Device Settings",to allow Activation Lock. This allows the user to trigger activation lock in the "Where is?" settings, so that either the AppleID or an activation code is required when resetting a device. Relution now reads the activation code for newly enrolled devices in supervised mode. This can be viewed in the device details of the "system" section.
Bluetooth
For macOS and iOS devices, there is a new action to turn Bluetooth on or off.
In addition, the Relution Teacher App (version 5.14.5) has been extended to activate Bluetooth when starting a lesson. This function can be defined in a subprofile.
Localization can be disabled
In version 5.17, the Relution Companion App for Android Enterprise was released. This app enables the localization of devices, where the user is asked for permissions when opening the app for the first time. Now there is an option to disable the localization feature. The administrator can disable this option in the "Settings -> Device Management" for COD (Company Owned Devices) or BYOD (Bring Your Own Device) devices. This way, the Companion App will no longer ask the user for localization permission and no localization action will be displayed in the web console.
The changelog for the release can be found here.