We need to change ldap server from ldap.mit.edu to ISDA supported ldap-too.mit.edu.
To do this:
1. stop alfresco on production alfresco server (currently isda-thalia6.mit.edu)
2. goto directory /home/alfresco-2.1.1-enterprise/tomcat/webapps/alfresco/WEB-INF/lib, backup ThaliaWebScript.jar file.
3. copy ThaliaWebScript.jar from the test alfresco server (currently isda-thalia9.mit.edu).
4. download the MIT CA from http://ca.mit.edu/mitca.crt
5. import the MIT CA to java default keystore: $JAVA_HOME/jre/bin/keytool -import -alias mitca -file ./mitca.cer -keystore $JAVA_HOME/jre/lib/security/cacerts
6. restart alfresco. Watch the log to make sure that group synchronization runs fine (it runs every hour).