What

IAM is upgrading the OpenLDAP software and replacing servers for eds.u.washington.edu (Person Directory Service - PDS).

When

We are targeting June 18th, 2020 as our migration date. We're asking PDS customers to complete testing by June 12th.

Why

Who needs to take action?

Developers and support teams that are still using PDS (eds.u.washington.edu) should to test their applications against the newer PDS eval environment which is available via eds-eval.u.washington.edu.  

What do I need to do?

  1. Test to your application and configuration against eds-eval.u.washington.edu to see if any changes are needed
  2. Send an email to iam-support@uw.edu with the subject "Person Directory Service" once you have verified your test environment can to connect to the PDS evaluation environment: eds-eval.u.washington.edu.
  3. Report any problems you have testing to iam-support@uw.edu before June 13th.

Note: eds-eval.u.washington.edu is a copy of yesterday's production data.

What is changing?

Several of the software components supporting the PDS cluster has been updated.  This includes new Linux OS, new OpenSSL libraries, newer OpenLDAP version.

The PDS service is critical to a handful of core functions of the University. Our traditional strategy for the PDS environment has been to make changes very carefully. 

Additional questions..

eds-eval results so far?

eds-eval.u.washington.edu was upgraded on in January.  No complaints have been received and normal uses of eds-eval continue to appear in the access reports.

LDAP design changes?

No, the PDS LDAP (OU) structure is identical between the old and new PDS environments.

What were the last changes made to the PDS environment?

See the previous communication page: Person Directory Service - Summer 2016 server replacement

Which environments have already been tested?

As June 17th, 2020 the following environments have successfully connected to eds-eval:

Why is the service still using OpenLDAP software?

IAM will retire PDS in the future.  OpenLDAP has provided excellent performance and reliability but is limiting in support of modern data structures and APIs.  All new customer requests for person data have been directed to use the Person Web Service (PWS).  New features and attributes are being or have been added to PWS and will not be made available via the legacy LDAP interface. 

If PDS is going away and new customers haven't been admitted isn't it a lot of overhead to have customers migrate to PWS?

Many customers have been directed to use PWS or other interfaces to get person data. Only a handful of uses are left and several are in the process of migrating off PDS. The list of remaining integrations left to migrated off PDS is small (list below).  When critical uses of PDS are migrated to other interfaces we will either remove resiliency capabilities or work directly with remaining customers to migrate off LDAP.

IAM integrations

Customer integrations (remaining as of May 29th, 2020)