LDAP Migration Guide

 

Things to Know

The current LDAP service is being transitioned from OIRT to ESS. A new infrastructure will be built to host the LDAP service. It is anticipated that this transition will be mostly transparent to the existing LDAP users.

• What will remain the same?

LDAP schema, access control policies, service DNs, authentication modules and data feeding process will remain the same. Production LDAP service URL will also remain the same.

• What will be changed?

The LDAP server software will be upgraded to Sun Java System Directory Server 5.2 from 5.1. The host machines OS will be upgraded to Solaris 10. ESS LDAP service endpoints will have different IP addresses.

• How will this impact LDAP users?

While those changes should be transparent to LDAP users, unforeseeable compatibility issues may arise. It is strongly recommended that all LDAP applications should be tested against LDAP service developed by ESS. Since the LDAP service cutover will require downtime for LDAP applications, it is recommended that the owners of affected LDAP applications announce their application downtimes prior to the LDAP service cutover.

Testing

ESS LDAP service will be made available for testing on May 21^st. The test URL of ESS LDAP service is: test-ldap.rutgers.edu.

• Change Application LDAP Configuration

LDAP applications should be reconfigured to use test-ldap.rutgers.edu for testing.

• Run Tests

Some of LDAP applications may require a restart to pick up the new LDAP configuration. At a minimum, User Acceptance Tests need to be run to verify that it works with ESS LDAP service.

• Restore Original LDAP Configuration

After testing you should restore back to the original LDAP configuration. There is no need to change your LDAP configuration for production cutover since the production LDAP service URL will remain the same as ldap.rutgers.edu or ldap2.rutgers.edu.

• Report Test Results

Please report your test results to ldap-support@rutgers.edu by June 1^st. If there is any issue, we will work with you to address them. It is important to let us know your test results to avoid unnecessary interruption to university services.

Production Cutover

Production cutover is currently scheduled for June 26^th. There is no need to reconfigure production LDAP applications since production LDAP service URL will remain the same. A restart of application is required to redirect LDAP requests to new LDAP service. A machine reboot may be required, for some platforms, to pick up the correct IP address of ESS LDAP service. ldap.rutgers.edu and ldap2.rutgers.edu will be mapped to ESS LDAP servers before 6:00AM on production cutover day. We expect the IP address update will be propagated across campus network within an hour.

• Restart Production LDAP Applications

LDAP applications should be restarted after 7:00AM on production cutover day. Some applications may require machine reboot. Considering DNS can be cached in various places, before restarting application, please check if ldap.rutgers.edu is correctly resolved to 128.6.235.137 and ldap2.rutgers.edu is correctly resolved to 165.230.139.235.

• Test Production LDAP Applications

Test your production application after restart/reboot. It is strongly recommended that the whole migration should be done by 8:00AM on production cutover day to minimize the end user impact.

• Report Production Issues

Report any production issues to ldap-support@rutgers.edu. A phone number will also be provided later.

FAQ

Questions and answers will be posted here based on user feedback.