Technology News

Information Technology Services

{original post: June 25, 2018}

Who: System administrators and/or app owners with services that utilize LDAP groups

What: Transition to a new style of organization for groups in LDAP

When: Transition period beginning June 29, 2018 and completing October 31, 2018

Why: The new style is being adopted to address a 64-character length limitation in Active Directory (AD)

To address a 64-character length limitation in AD, Information Technology Services (ITS) will be changing how groups are organized in LDAP.

  • Old style: groups are provisioned “flat” with a directory prefix.
  • New style: prefix is separated into nested OU’s.

Transition Timeline

Given the significant ramifications of this change, ITS will ease the transition to the new organization by taking a phased approach.

Phase 1: Implementation of the new style (6/29/2018) – New OU structure is deployed and run in parallel with the existing flat groups.

Phase 2: Transition (6/29/2018 – 10/30/2018) – Owners of LDAP-consuming services will need to have their admins or vendors confirm, modify their configurations to account for the new format if needed. ITS will be accepting support requests to assist in the transition where possible.

Phase 3: Decommission of the old (10/31/2018) – Old format groups will be removed from the LDAP servers and existing services should be using the new structure. Services that are dependent on LDAP groups that have not been remediated may experience authentication errors or inconsistent behavior.

For additional detail about this transition, please see Updating Your Filters to Work with New Group Organization in LDAP.

If you have questions or need assistance, please contact 6-TECH at (336) 256-TECH (8324) or