Scheduled Service Change: DNS Change: Cornell Enterprise Directory (LDAP) Production Environment
Event:
2020-07-26 11:00:00
Expected Duration:
2020-07-26 12:00:00
Status:
Closed
Brief Description:
On Sunday, July 26, 2020, between 7:00am and 8:00am, the domain name system (DNS) records that resolve to the current load balancer will be modified to point to the new AWS load balancer.
User Impact:
These changes do not involve Cornell’s Active Directory. For Enterprise Directory (LDAP) users, if an application has been tested against stage.directory.cornell.edu or has been pointed to one of the other new production Enterprise Directory load balancers, it should still function as expected. If you have questions or feedback, please contact idmgmt@cornell.edu.
Services Affected:
Identity and Access Management Data Services
Full Description:
Dear Enterprise Directory (LDAP) Users,
We are approaching the end of our test and migration period for the new production Cornell Enterprise Directory environment. On Sunday, July 26, 2020, between 7:00am and 8:00am, the DNS records that resolve to the current load balancer will be modified to point to the new AWS load balancer.
DNS names that resolve to the current (old) production environment load balancer are as follows:
· directory.cornell.edu
· master.directory.cornell.edu
· prodha.directory.cornell.edu
· query.directory.cornell.edu
What You Need to Do
If your applications have been tested against stage.directory.cornell.edu or have been pointed to one of the other new production Enterprise Directory load balancers, they should still function as expected.
Bind IDs
If your application is connecting without authentication (using anonymous bind), you should take this opportunity to contact idmgmt@cornell.edu and request an LDAP BindID so that your application can authenticate.
We are planning to disable unauthenticated LDAP queries as part of an upcoming project in the next year to improve security and align with best practices. Taking action now will save you work later on.
This Is Not Cornell’s Active Directory
These changes do not involve Cornell’s Active Directory. Active Directory LDAP servers reside within the *.ad.cornell.edu domain (e.g., query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu).
If you have concerns, please contact idmgmt@cornell.edu.
Thank you for your assistance,
Identity Management
Cornell Information Technologies
We are approaching the end of our test and migration period for the new production Cornell Enterprise Directory environment. On Sunday, July 26, 2020, between 7:00am and 8:00am, the DNS records that resolve to the current load balancer will be modified to point to the new AWS load balancer.
DNS names that resolve to the current (old) production environment load balancer are as follows:
· directory.cornell.edu
· master.directory.cornell.edu
· prodha.directory.cornell.edu
· query.directory.cornell.edu
What You Need to Do
If your applications have been tested against stage.directory.cornell.edu or have been pointed to one of the other new production Enterprise Directory load balancers, they should still function as expected.
Bind IDs
If your application is connecting without authentication (using anonymous bind), you should take this opportunity to contact idmgmt@cornell.edu and request an LDAP BindID so that your application can authenticate.
We are planning to disable unauthenticated LDAP queries as part of an upcoming project in the next year to improve security and align with best practices. Taking action now will save you work later on.
This Is Not Cornell’s Active Directory
These changes do not involve Cornell’s Active Directory. Active Directory LDAP servers reside within the *.ad.cornell.edu domain (e.g., query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu).
If you have concerns, please contact idmgmt@cornell.edu.
Thank you for your assistance,
Identity Management
Cornell Information Technologies
CIT TDX ID:
75091
Timeline of Changes
| Description | Current Status | Date | Time |
|---|---|---|---|
| Dear Enterprise Directory (LDAP) Users, We are approaching the end of our test and migration period for the new production Cornell Enterprise Directory environment. On Sunday, July 26, 2020, between 7:00am and 8:00am, the DNS records that resolve to the current load balancer will be modified to point to the new AWS load balancer. DNS names that resolve to the current (old) production environment load balancer are as follows: · directory.cornell.edu · master.directory.cornell.edu · prodha.directory.cornell.edu · query.directory.cornell.edu What You Need to Do If your applications have been tested against stage.directory.cornell.edu or have been pointed to one of the other new production Enterprise Directory load balancers, they should still function as expected. Bind IDs If your application is connecting without authentication (using anonymous bind), you should take this opportunity to contact idmgmt@cornell.edu and request an LDAP BindID so that your application can authenticate. We are planning to disable unauthenticated LDAP queries as part of an upcoming project in the next year to improve security and align with best practices. Taking action now will save you work later on. This Is Not Cornell’s Active Directory These changes do not involve Cornell’s Active Directory. Active Directory LDAP servers reside within the *.ad.cornell.edu domain (e.g., query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu). If you have concerns, please contact idmgmt@cornell.edu. Thank you for your assistance, Identity Management Cornell Information Technologies | 2020-07-23 | 18:32:50 |