|
|
|
All eDir Production Servers Are Now Running At 8.8
11/21/2005
From: Bauer, Jeff
Sent: Monday, November 21, 2005 12:03 PM
To: Bauer, Jeff; Kromhout, Ethan; 'Breeze Howard'; Stephenson, Mary; 'Sherry Stafford'; Clint Ringgold; OTI-WSG; 'Johnson, Ken'; 'Steve Lawlor'; Dean, Derek
Cc: Baker, Carl - Forward; McCausland, J Randy; Barker, Michael; Gao, Dongmei; Robinson, Markus
Subject: RE: eDir upgrade on mdsoti.fsu.edu & mdsacns1.fsu.edu
We have done the upgrade -- all eDir production servers are now running at 8.8. Certs are available at http://fsuid.fsu.edu/admin/certs . Please reinstall them on your server, if your server requires a copy of the certs locally.
-- Jeff
From: Bauer, Jeff
Sent: Thursday, November 17, 2005 8:19 AM
To: Kromhout, Ethan; 'Breeze Howard'; Stephenson, Mary; 'Sherry Stafford'; Clint Ringgold; OTI-WSG; Johnson, Ken; 'Steve Lawlor'; Dean, Derek
Cc: Baker, Carl - Forward; McCausland, J Randy; Barker, Michael; Gao, Dongmei; Robinson, Markus
Subject: eDir upgrade on mdsoti.fsu.edu & mdsacns1.fsu.edu
Importance: High
Donny and I have upgraded three of the five production eDir boxes to the latest version of the eDirectory software. The two remaining servers, mdsoti.fsu.edu & mdsacns1.fsu.edu, are scheduled to be done early in the morning next Monday (November 21st).
This affects you if you are currently using either mdsoti.fsu.edu (146.201.105.140) or mdsacns1.fsu.edu (146.201.2.68) for LDAP authentication AND your particular software requires installing a certification from the LDAP server that you will need to install the new cert (they will be available right after the upgrade Monday morning at http://fsuid.fsu.edu/admin/certs ). If you don't do anything then LDAP over SSL will fail for your devices or applications starting next Monday.
A recommended method for side stepping this problem is to switch your LDAP service to mdsdata.uc.fsu.edu (146.201.105.179) right now (you can find it's current cert at http://fsuid.fsu.edu/admin/certs as well) so when the certs get regenerated Monday morning your devices and applications are not affected. Later, you can switch back your authentication to your preferred LDAP server.
Recall that recommendations for which eDir LDAP server you should use for primary auth and failover can be found at http://fsuid.fsu.edu/admin/project-history/09-22-2005.html . As you can see from this writeup using mdsdata.uc.fsu.edu over the long haul isn't a good idea, as it's the busiest LDAP server.
Applications that I think will be affected by this server upgrade include: production CAS, Secure Login, all the BlueSocket boxes that use FSUID authentication, all the Windows domain controllers that are "connected" to the eDir (FSU AD, College of Medicine, TEC & College of Human Sciences ). There may be other "users" of the LDAP; feel free to forward this to them.
Thanks,
-- Jeff
|
