LDAP is down

Predrag Punosevac predragp at andrew.cmu.edu
Thu Oct 24 10:23:18 EDT 2019 

Fixed! I forgot to update LDAP configuration files yesterday on Gogs
and a few other places after switching to a new LDAP server. Fixing it
right now. FYI the real upstream fix for 6.6 release is coming up.

https://marc.info/?t=157184751500003&r=1&w=2

On Thu, Oct 24, 2019 at 8:47 AM Gus Welter <gwelter at andrew.cmu.edu> wrote:
>
> Hey Predrag,
>
> Just fyi, I am not able to login to Gogs this momring.
>
> Best,
> Gus
>
>
> On Wed, Oct 23, 2019 at 9:34 PM Predrag Punosevac <predragp at andrew.cmu.edu> wrote:
>>
>> The changes I pushed onto the server appears to work like a charm and
>> LDAP is up and running. I tested it. Before anyone cries foul I would
>> like to warn you. Some of you have tried pretty hard to log into our
>> gateways. John I am thinking of you :-)
>>
>>
>> There were 62 failed login attempts since the last successful login.
>> Last login: Tue Oct 22 09:30:27 2019 from 15inmachine.wv.cc.cmu.edu
>>
>> That have probably ban (temporary) the IP address from which you were
>> trying as it was understood by the intrusion detection system as a
>> brute force attack. I will not start manually deleting IP addresses
>> from the firewall jails until tomorrow morning. Based on the severity
>> of the offense your IP should be OK by then. If you still can't log
>> into the system please send me the IP address (if it is fixed) of the
>> machine you have been trying from.
>>
>> Finally this incident could not end up without  ritual sacrifice.
>> Computer Gods have requested and we have brought the lifeless body of
>> our legacy shell gateway lop1.autonlab.org  which have perished during
>> the debugging process.  If you need to access the DMZ zone from shell
>> gateways (Jarod I am thinking of you) please ping me. Available shell
>> gateways are:
>>
>> bash.autonlab.org
>> lop2.autonlab.org
>>
>> libcrypto is not fixed yet upstream and NREC as well Auton Sys LDAP
>> servers are for now running 6.5 version of OpenBSD.
>>
>> Best,
>> Predrag
>>
>> On Wed, Oct 23, 2019 at 3:46 PM Predrag Punosevac
>> <predragp at andrew.cmu.edu> wrote:
>> >
>> > Ok. I have a solution for this. Namely I was at least smart enough not
>> > to upgrade all 10 OpenBSD servers to 6.6. I left one :-) running 6.5.
>> > It was not LDAP backup server which I also upgraded yesterday but one
>> > of new mighty backup firewalls machines which was idling. I have fully
>> > functional LDAP server running on it. I tested only one computing node
>> > with new setup (lov1) and works like a charm. You will now have to
>> > wait 2-3h until I globally push changes. I want to make sure I don't
>> > screw up anything else before this goes into production.
>> >
>> > Cheers,
>> > Predrag
>> >
>> >
>> > On Wed, Oct 23, 2019 at 12:40 PM Predrag Punosevac
>> > <predragp at andrew.cmu.edu> wrote:
>> > >
>> > > Hi Autonians,
>> > >
>> > > The problem with LDAP appears to be more serious than I originally
>> > > anticipated. I have regenerated SSL certificates and TLS handshake
>> > > still fails. I am working with developers upstream to see why is this
>> > > happening. I don't want to enact nuclear option and allow your
>> > > password to be transferred in clear text between LDAP server and
>> > > computing nodes. I would much rather "downgrade" installation if
>> > > needed than take that path.
>> > >
>> > > Thanks for your patience.
>> > >
>> > > Predrag

More information about the Autonlab-users mailing list