The LDAP servers behind the load balancer for ldap.eecs.berkeley.edu will be upgraded tonight between 6pm and 8pm. Beginning at 6pm a final backup will be made of the data on the old servers, loaded into the new servers, and then the old servers will be retired. No service interruption is expected as the load balancer will be used to route requests to the right machines during the transition.

This is a change in both operating system and OpenLDAP software version. We have been testing the new servers for several months and do not expect any problems, but please inform help@eecs if you have any issues after the upgrade.

One enhancement is the addition of the memberOf overlay. This puts a new attribute (memberOf) in each person’s record to reflect LDAP groups they are members of, and is needed for some authorization situations.

Unix groups and automount maps are now also published in LDAP. Documentation is being prepared which will describe how to configure sssd on Unix/Linux machines to use these new OUs in LDAP instead of NIS.

---

UPDATE

[2017-08-15 19:43:50 | Rob McNicholas]

During the maintenance window, basic LDAP queries were working but authentication was not.

A “helper app” called saslauthd was not starting on the new LDAP servers. This is what allows LDAP to authenticate against passwords in our Windows Active Directory. Without this running, no passwords were being recognized. This was fixed around 7:30pm.

Resolved as of 2017-08-15 19:30:00