The x509 certificate for cdsldap0 was due to expire tomorrow.  This would have caused the control room systems to not recognize users.  Due to the age of our ldap server and an updated signature type from our regular certificate authority we were unable to follow our usual certificate renewal and replacement procedure.  To address this we issued a certificate from an an internal CA for cdsldap0 and pushed out the required configuration changes to the clients today.

At this point everything should be working, though CDS laptops may need to go through a cycle of puppet running to get the updates in place.

As a note to our sysadmins if there are issues the steps to check are as follows (these should all be done by puppet):

 1. ensure the LHO_CDS_CA.crt file is installed
 2. restart the nslcd service
 3. reload the nscd service

We are also working on the replacement for cdsldap0, however it will not be ready before tomorrow.