LDAP service

1. About

TL;DR

The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over a network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications.

2. Systems

2.1 Frontend

FQDN IPv6 IPv4
ldap.bfh.info
ipv6.ldap.bfh.info1
ipv4.ldap.bfh.info1

2.2 Backend

Warning
Always use the frontend DNS record

Never use the backend nodes directly:

  • backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
  • backend has no legacy support or grace periods, changes are implemented instantly
  • backend can be rebootet without notice at any time
  • backend access will soon be restricted

FQDN IPv6 IPv4
node1.ldap.bfh.info1 2a07:6b40::51 147.87.0.51
node2.ldap.bfh.info1 2a07:6b40::52 147.87.0.52
node3.ldap.bfh.info1 2a07:6b40::53 147.87.0.53
node4.ldap.bfh.info1 2a07:6b40::54 147.87.0.54
FQDN IPv6 IPv4
ldap-primary.bfh.info1 2a07:6b40::130 147.87.0.130
node1.ldap-primary.bfh.info1 2a07:6b40::131 147.87.0.131
node2.ldap-primary.bfh.info1 2a07:6b40::132 147.87.0.132

3. Features

3.1. ACLs

  • anonymous bind allowed from 2a07:6b40::/29, 147.87.0.0/16, and 10.0.0.0/8

  • legacy applications that do not support anonymous bind can use cn=read-only,dc=bfh with password bfh

4. Backlog

4.1 Legacy

  • 2023-03-31: remove ldap.bfh.science container and records

  • 2023-03-31: remove ldap.bfh.ch container and records

4.2 Features

  • 2023: review and deploy ldap.bfh.info nodes

  • 2023: compact db regularly via ldap-tools

  • 2023: restricting backend subnet access to frontend and management only

  • 2023: anycasting ldap.bfh.info

  • ????: benchmarking

4.3 Known issues

  • no known issues

Notes

  1. current systems where ldap.bfh.info is pointing to are currently lifecycled and regenerated using their final IP adresses and backend names