On Tuesday, April 1, 2014 IRIS will begin restricting access to the EECS LDAP directory server (`ldap.eecs.berkeley.edu`) from off-campus IP addresses. This will primarily affect people who use email programs such as Thunderbird, Outlook or Apple Mail that are configured to auto-complete email addresses from our directory. This will not affect people using the bMail web interface.
At this time, anonymous queries are allowed against the EECS LDAP directory, but searches are restricted to no more than 100 results. Unfortunately this configuration still allows an anonymous query to retrieve some details about a specific person, such as their email address, phone number or advisor. To mitigate this, after April 1 only authenticated queries will be allowed when coming from an off-campus IP address. For the purposes of this change, “off-campus” means an IP not in the any of the following ranges:
- 128.32.0.0/16
- 169.229.0.0/16
- 136.152.0.0/16
- 172.16.0.0/16
- 10.16.0.0/16
Those who need continued anonymous access to the directory from off-campus can use the [campus VPN](http://ist.berkeley.edu/node/591), which will give their off-campus machine a campus IP address. Those who need to run queries that return unlimited results can bind to the directory using their EECS credentials, or an “application” account can be created if needed.
We expect this change will affect a small number of people, but if you have any concerns or questions please contact the IRIS helpdesk at help@eecs.berkeley.edu.
[Read more…] about Changes to EECS LDAP Access from off-campus