diff --git a/doc/rpm-build/post_install.php b/doc/rpm-build/post_install.php
index 6100f62c8f..c900511349 100755
--- a/doc/rpm-build/post_install.php
+++ b/doc/rpm-build/post_install.php
@@ -11,7 +11,7 @@
 
 if (php_sapi_name() !== 'cli')	// security precaution: forbit calling post_install as web-page
 {
-	die('<h1>rpm_post_install.php must NOT be called as web-page --> exiting !!!</h1>');
+	die('<h1>post_install.php must NOT be called as web-page --> exiting !!!</h1>');
 }
 $verbose = false;
 $config = array(
@@ -55,6 +55,8 @@ $config = array(
 	'ldap_context'  => 'ou=accounts,$base',
 	'ldap_search_filter' => '(uid=%user)',
 	'ldap_group_context' => 'ou=groups,$base',
+	'ldap_encryption_type' => '',
+	'sambaadmin/sambaSID'=> '',	// SID for sambaadmin
 	'mailserver'    => '',
 	'smtpserver'    => 'localhost,25',
 	'smtp'          => '',	// see setup-cli.php --help config
@@ -88,8 +90,11 @@ function set_distro_defaults($distro=null)
 	global $config;
 	if (is_null($distro))
 	{
-		$distro = file_exists('/etc/SuSE-release') ? 'suse' : (file_exists('/etc/debian_version') ? 'debian' :
-			(file_exists('/etc/mandriva-release') ? 'mandriva' : 'rh'));
+		$distro = file_exists('/etc/SuSE-release') ? 'suse' :
+			(file_exists('/etc/mandriva-release') ? 'mandriva' :
+			(file_exists('/etc/lsb-release') && preg_match('/^DISTRIB_ID="Univention"$/mi',
+				file_get_contents('/etc/lsb-release')) ? 'univention' :
+			(file_exists('/etc/debian_version') ? 'debian' : 'rh')));
 	}
 	switch (($config['distro'] = $distro))
 	{
@@ -141,6 +146,9 @@ function set_distro_defaults($distro=null)
 			$config['ldap_context'] = 'ou=People,$base';
 			$config['ldap_group_context'] = 'ou=Group,$base';
 			break;
+		case 'univention':
+			set_univention_defaults();
+			break;
 		default:
 			$config['distro'] = 'rh';
 			// fall through
@@ -293,6 +301,7 @@ if (!file_exists($config['header']) || filesize($config['header']) < 200)	// def
 		foreach(array(
 			'domain','ldap_suffix','ldap_host','ldap_admin','ldap_admin_pw',	// non-egw params: only used for create
 			'ldap_base','ldap_root_dn','ldap_root_pw','ldap_context','ldap_search_filter','ldap_group_context',	// egw params
+			'ldap_encryption_type', 'sambaadmin/sambaSID',
 		) as $name)
 		{
 			if (strpos($value=$config[$name],'$') !== false)
@@ -551,7 +560,7 @@ function usage($error=null)
 	foreach($config as $name => $default)
 	{
 		if (in_array($name, array('postfix','cyrus'))) continue;	// do NOT report deprecated options
-		if (in_array($name,array('config_passwd','db_pass','admin_passwd','ldap_root_pw')))
+		if (in_array($name,array('config_passwd','db_pass','admin_passwd','ldap_root_pw')) && strlen($config[$name]) == 16)
 		{
 			$default = '<16 char random string>';
 		}
@@ -724,3 +733,96 @@ function fix_perms()
 		system('/bin/chmod 700 /tmp/egw_cache');
 	}
 }
+
+/**
+ * Set Univention UCS specific defaults
+ *
+ * Defaults are read from ucr registry and /etc/*.secret files
+ */
+function set_univention_defaults()
+{
+	global $config;
+
+	set_distro_defaults('debian');
+	$config['distro'] = 'univention';
+
+	// mysql settings
+	$config['db_root_pw'] = _ucr_secret('mysql');
+
+	// check if ucs ldap server is configured
+	if (_ucr_get('ldap/server/ip'))
+	{
+		// ldap settings, see http://docs.univention.de/developer-reference-3.2.html#join:secret
+		$config['ldap_suffix'] = $config['ldap_base'] = _ucr_get('ldap/base');
+		$config['ldap_host'] = 'tls://'._ucr_get('ldap/server/ip').':'._ucr_get('ldap/server/port');
+		$config['ldap_admin'] = $config['ldap_root'] = 'cn=admin,$suffix';
+		$config['ldap_admin_pw'] = $config['ldap_root_pw'] = _ucr_secret('ldap');
+		$config['ldap_context'] = 'cn=users,$base';
+		$config['ldap_group_context'] = 'cn=groups,$base';
+		$config['ldap_search_filter'] = '(uid=%user)';
+
+		// ldap password hash (our default blowfish_crypt seems not to work)
+		$config['ldap_encryption_type'] = 'sha512_crypt';
+
+		$config['account_min_id'] = 1200;	// UCS use 11xx for internal users/groups
+
+		$config['account-auth'] = 'ldap';
+
+		// set sambaadmin sambaSID
+		$config['sambaadmin/sambaSID'] = exec('/usr/bin/univention-ldapsearch -x "(objectclass=sambadomain)" sambaSID|sed -n "s/sambaSID: \(.*\)/\1/p"');
+
+		// mailserver, see setup-cli.php --help config
+		if (_ucr_get('mail/cyrus/imap') == 'yes' && ($domains=_ucr_get('mail/hosteddomains')))
+		{
+			if (!is_array($domains)) $domains = explode("\n", $domains);
+			$domain = array_shift($domains);
+			$config['smtpserver'] = 'localhost,465,,,yes,tls';
+			$config['smtp'] = 'no,emailadmin_smtp_ldap_univention';
+			$config['mailserver'] = "localhost,993,$domain,email,tls";
+			$config['imap'] = 'root,'._ucr_secret('cyrus').',emailadmin_imap_cyrus';
+			if (($sieve_port = _ucr_get('mail/cyrus/sieve/port')))
+			{
+				$config['sieve'] = 'localhost,'.$sieve_port.',starttls';
+			}
+		}
+	}
+}
+
+/**
+ * Get a value from Univention registry
+ *
+ * @param string $name
+ * @return string
+ */
+function _ucr_get($name)
+{
+	static $values=null;
+	if (!isset($values))
+	{
+		$output = $matches = null;
+		exec('/usr/sbin/ucr dump', $output);
+		foreach($output as $line)
+		{
+			if (preg_match("/^([^:]+): (.*)\n?$/", $line, $matches))
+			{
+				$values[$matches[1]] = $matches[2];
+			}
+		}
+	}
+	return $values[$name];
+}
+
+/**
+ * Read one Univention secret/password eg. _ucr_secret('mysql')
+ *
+ * @param string $name
+ * @return string|boolean
+ */
+function _ucr_secret($name)
+{
+	if (!file_exists($filename = '/etc/'.basename($name).'.secret'))
+	{
+		return false;
+	}
+	return trim(file_get_contents($filename));
+}