• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS

Header Search Widget

IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • SSL Certificate Request
    • All Other Forms
  • Rates

LDAP

LDAP (Lightweight Directory Access Protocol) service

Temporary LDAP authentication failure

May 31, 2022 by Lars Rohrbach

We experienced a failure of EECS LDAP authentication, from about 5:50pm to 10:30pm, due to routine patches changing some file permissions for saslauthd. The issue has been corrected, and LDAP authentication is working again.

The problem may have been most noticeable when attempting to login to various EECS web forms (e.g. system registration or user account request forms).

Filed Under: Resolved Incidents Services: LDAP

LDAP SSL/TLS changes

February 19, 2019 by Rob McNicholas

At this time, the department LDAP server ldap.eecs.berkeley.edu (aka ldap.cs.berkeley.edu) accepts implicit SSLv3 and TLS 1.0, 1.1 and 1.2 connections on port 636, and allow STARTTLS negotiation for the same protocols on port 389.

Beginning Tuesday, February 19th 2019 at 8am, our LDAP servers will no longer accept SSLv3 or TLSv1.0 connections. All clients must use TLS v1.1 or v1.2.

Please send any questions or problem reports to help@eecs.berkeley.edu.
[Read more…] about LDAP SSL/TLS changes

Filed Under: Resolved Incidents Services: LDAP

Power Failure in Soda Machine room 11:40am Dec 20

December 20, 2017 by Rob McNicholas

Contractors attempting to repair the UPS in our primary machine room tripped a breaker which disabled most IRIS services. Service has been mostly restored as of around 2:05pm.

The lists.eecs.berkeley.edu mailing list server is still being rebooted but should be back shortly.

Resolved as of 2017-12-20 14:07:00

Filed Under: Resolved Incidents Services: Active Directory, E-mail Forwarding, FTP Server, Home Directory Storage, IRIS Website, LDAP, Mailing Lists, NIS, Personal Web Pages, Project Storage

LDAP upgrade tonight, 6pm

August 15, 2017 by Rob McNicholas

The LDAP servers behind the load balancer for ldap.eecs.berkeley.edu will be upgraded tonight between 6pm and 8pm. Beginning at 6pm a final backup will be made of the data on the old servers, loaded into the new servers, and then the old servers will be retired. No service interruption is expected as the load balancer will be used to route requests to the right machines during the transition.

This is a change in both operating system and OpenLDAP software version. We have been testing the new servers for several months and do not expect any problems, but please inform help@eecs if you have any issues after the upgrade.

One enhancement is the addition of the memberOf overlay. This puts a new attribute (memberOf) in each person’s record to reflect LDAP groups they are members of, and is needed for some authorization situations.

Unix groups and automount maps are now also published in LDAP. Documentation is being prepared which will describe how to configure sssd on Unix/Linux machines to use these new OUs in LDAP instead of NIS.
[Read more…] about LDAP upgrade tonight, 6pm

Filed Under: Resolved Incidents Services: LDAP

Campus losing power, IRIS services shutting down

August 2, 2017 by Rob McNicholas

Due to a fire threatening our transformers, PG&E has advised campus we will be losing power.

IRIS is taking proactive steps to shut down as much equipment safely before we totally lose power.

See https://www.nixle.us/9HHZX for the warning from UCPD.
[Read more…] about Campus losing power, IRIS services shutting down

Filed Under: Resolved Incidents Services: ACG Web/Database Applications, Active Directory, DHCP, FTP Server, IRIS Website, Jabber, LDAP, Mailing Lists, Personal Web Pages

LDAP issue affected IRIS website and other services

January 20, 2017 by Rob McNicholas

A network problem with one of our LDAP load balancers caused some intermittent problems with some Departmental services. This probably started overnight when a server was patched and restarted. This morning we had reports of intermittent problems with Repo, and the IRIS roster and network applications on iris.eecs. The problem has been identified and resolved for now. Around 12:10pm we had to restart the server that hosts the iris.eecs website and the Department jabber server, but all services are operational again at this time.

Resolved as of 2017-01-20 12:10:00

Filed Under: Resolved Incidents Services: IRIS Website, Jabber, LDAP, Repo Service

LDAP High-Availability Testing Wednesday 10pm

June 17, 2015 by Rob McNicholas

We are upgrading our [LDAP infrastructure](https://iris.eecs.berkeley.edu/news/10933-department-ldap-upgrade-thu-jan) to replace an old server with a new machine. This server is a backup node which should take over the role of the LDAP server if the primary server fails. In order to ensure the new server is performing as expected, we will be simulating a failure of the primary node at 10pm on Wednesday, June 17th. The backup node should take over within 5 seconds. If all goes as planned, we will then bring the primary back up and call it a successful test.

During this testing, there will be brief (~5 second) interruptions in LDAP service. This will occur at least twice but possibly more if the first test is unsuccessful. During those brief intervals, anyone whose timing is especially good might notice trouble logging into any application that uses LDAP.

All testing will be over by 10:30pm at the latest, but probably much sooner.
[Read more…] about LDAP High-Availability Testing Wednesday 10pm

Filed Under: Resolved Incidents Services: LDAP

Slowness for services that use LDAP authentication

July 11, 2014 by Lars Rohrbach

We are currently seeing slowness in services that use LDAP authentication. This affects any services that prompt for LDAP login, such as our network registration forms, our Jabber server, and any EECS LDAP-authenticated websites.
[Read more…] about Slowness for services that use LDAP authentication

Filed Under: Resolved Incidents Services: LDAP

Authentication Trouble

April 21, 2014 by Lars Rohrbach

We’re getting reports of trouble authenticating to various EECS resources (EECS-Secure, LDAP). Staff are investigating.
[Read more…] about Authentication Trouble

Filed Under: Resolved Incidents Services: LDAP

Changes to EECS LDAP Access from off-campus

April 1, 2014 by Rob McNicholas

On Tuesday, April 1, 2014 IRIS will begin restricting access to the EECS LDAP directory server (`ldap.eecs.berkeley.edu`) from off-campus IP addresses. This will primarily affect people who use email programs such as Thunderbird, Outlook or Apple Mail that are configured to auto-complete email addresses from our directory. This will not affect people using the bMail web interface.

At this time, anonymous queries are allowed against the EECS LDAP directory, but searches are restricted to no more than 100 results. Unfortunately this configuration still allows an anonymous query to retrieve some details about a specific person, such as their email address, phone number or advisor. To mitigate this, after April 1 only authenticated queries will be allowed when coming from an off-campus IP address. For the purposes of this change, “off-campus” means an IP not in the any of the following ranges:

  • 128.32.0.0/16
  • 169.229.0.0/16
  • 136.152.0.0/16
  • 172.16.0.0/16
  • 10.16.0.0/16

Those who need continued anonymous access to the directory from off-campus can use the [campus VPN](http://ist.berkeley.edu/node/591), which will give their off-campus machine a campus IP address. Those who need to run queries that return unlimited results can bind to the directory using their EECS credentials, or an “application” account can be created if needed.

We expect this change will affect a small number of people, but if you have any concerns or questions please contact the IRIS helpdesk at help@eecs.berkeley.edu.
[Read more…] about Changes to EECS LDAP Access from off-campus

Filed Under: Resolved Incidents Services: LDAP

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.

Recent Highlights

IT Support During Winter 2022 Energy Curtailment

December 7, 2022 by Lars Rohrbach

Upcoming Change to EECS Firewall Handling of SSH

September 22, 2022 by Lars Rohrbach

  • About
  • Contact
  • PRIVACY
  • ACCESSIBILITY
  • NONDISCRIMINATION

© 2022–2023 UC Regents  |  Log in