Archived: Enterprise Directory Moving on August 1

Last Updated: 08/17/2017

On Tuesday, August 1 at 6 p.m., the Enterprise Directory (LDAP), directory.colorado.edu, will transition from the legacy Sun LDAP environment to the Oracle Unified Directory (OUD) environment.

The cutover should be largely seamless and services should continue to work as expected. There are some known differences in the infrastructure that are detailed below. Be sure to check them out if your web application or service leverages directory.colorado.edu for authentication, authorization, or attribute release.

Regarding the infrastructure itself and enhanced security posture, SSLv3 will not be offered as an encryption level for authenticated binds. This would affect privileged account binds or self-binds. A separate email detailing this information was sent directly to those account owners.

The following attributes will not be an exact match between legacy SunOne LDAP and the new OUD infrastructure:

Attributes we're not comparing due to deprecation, low use, or privacy:

  • labeledURI 
  • labeledUri 
  • mailMessageStore 
  • gecos 
  • eduPersonEntitlement 
  • cuEduPersonSSN 
  • cuEduPersonConstituentID 
  • cuAccountUniqueID 
  • cuAccountOwner 
  • seeAlso 
  • objectClass 
  • cuEduPersonDOB 
  • coloradoPersonMachomelocpath 
  • coloradoPersonMacgridnumber 
  • ou 
  • postalcode 
  • cuEduPersonInsuranceOption 
  • homeDirectory 
  • loginShell 
  • uidNumber 
  • gidNumber 

Our case-insensitive compare on these fields may render these attribute values to be a different case than is released today:

  • eduPersonPrincipalName 
  • eduPersonOrgDN 
  • mailAlternateAddress 
  • cuEduPersonEMailHome 
  • cUeduPersonEmailHome 
  • coloradoUserMail 
  • coloradoUserMailAlias 
  • coloradoUserMailProxyAddress 
  • coloradoUserServiceMail 
  • cuEduPersonEMailAlias 
  • cuEduPersonEMailRewrite 
  • cuEduPersonEmailAlias 
  • mail 
  • mailRoutingAddress 
  • mailAccessDomain 
  • mailAutoReplyMode 
  • mailAutoReplyText 
  • mailDeliveryOption 
  • mailForwardingAddress 
  • mailHost 
  • mailProgramDeliveryInfo 
  • mailQuota 
  • uid 
  • ownerDN 
  • cn 
  • givenName 
  • sn

If issues do occur, there are several back out options available depending on the failures.

There are means of testing the effect this change has on your services. If you would like to explore testing your service and have not previously reached out, please contact the IAM team at IAM@colorado.edu.