IRIS is pleased to announce that our new LDAP infrastructure is ready for public testing. The new LDAP servers are now accessible from any on-campus host at openldap.eecs.berkeley.edu. TLS is supported on port 389 and SSL on port 636, using a new certificate from InCommon.

#Testing
Programmers and system administrators are encouraged to test any applications or scripts they maintain against this new infrastructure. The only change that should be needed for testing is to change the hostname to openldap.eecs.berkeley.edu.

Please send any questions or report any problems that come up during testing to [help@eecs.berkeley.edu](mailto:help@eecs.berkeley.edu)

#Architecture
openldap.eecs points to a redundant load balancer, which at this time is routing ldap requests to one of three backend OpenLDAP servers that are running in multi-master mode. These load balancers and backend servers are a combination of physical and virtual hosts located in independent data centers across campus (Sutardja-Dai Hall, Soda Hall, Warren Hall). With this architecture, a power or network failure in any one building will not bring the service down.

#Schema Changes
The schema is largely unchanged, save the removal of objectclasses and attributes that were added by the Sun/iPlanet IMAP and Calendar applications previously in use in the department. With the migration to bMail and bCal, these attributes are no longer needed and so have been removed.

#Timeline

• 9/6 openldap.eecs initial public testing with a snapshot of test data. Reliability testing ongoing. [1]
• 9/11 openldap.eecs is syncing real data from ldap.eecs. firewall is opened up to world. Testing continues. Reliability testing done.
• 9/18 Assuming no major problems reported, ldap.eecs and ldap.cs become nicknames for opendap.eecs

#Notes
[1] During the next week IRIS will be conducting reliability testing, meaning we will be taking down some of the servers to ensure the service as a whole stays up. This testing might affect performance but should be completed by 9/11/2013.