[Micronet] Campus LDAP Migration

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Micronet] Campus LDAP Migration

Dedra Chamberlin
Hi everyone,

My apologies for the cross-posting.  I thought this announcement was important enough to warrant it.  

In two weeks we will be migrating the campus directory to new a new platform (we have been running the new and old production environments in parallel for 6 months to allow adequate testing).

Here is the announcement we just sent to the calnet-developers list, the list we use for updates, announcements, and discussion regarding the campus identity management infrastructure.  Please subscribe to it if you would like to receive announcements and participate in discussion in the future.


- Dedra

Begin forwarded message:

From: Dedra Chamberlin <[hidden email]>
Subject: ANNOUNCEMENT: Campus LDAP migration
Date: July 31, 2013 2:44:23 PM PDT

Hello CalNet Developers,

As has been announced previously, we are about to migrate the campus directory service to a new platform, ForgeRock OpenDJ.  While today is the official deadline for migration to the new LDAP infrastructure, I am writing to let you know that we will be granting a two-week grace period, and that the official DNS switch to the new directory will take place on Wednesday, August 14th at 3am.

IMPORTANT NOTE: Please give your systems one more test against our nds-test.berkeley.edu environment between now and August 9th, as we recently upgraded our test environment to the latest release of Open DJ. The new version includes some security enhancements and we did not want postpone the upgrade until mid-semester. The new version does not introduce changes to the core directory service, and we do not anticipate any problems.

On August 14:  Please plan to have staff on-hand early in the morning on August 14th to report any anomalies after the DNS switch. Past migrations have indicated common issues are likely to be java apps that may cache the IP address for the old directory service and will need to be restarted to pick up the new IP address associated with ldap.berkeley.eduAlso, if your LDAP client library is configured to explicitly trust the directory server certificate rather than the Root CA certificate chain (the latter configuration being typical with LDAP clients), be sure to update your certificate trust store with the new server certificate, or, if appropriate, switch to a configuration using the implicit model of trusting the Root CA. The certificate and other migrations notes are available on the CalNet wiki here:

If you have questions, please email the CalNet team at [hidden email]

- Dedra

The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:


Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.