When using a Master-Master replication Setup in MySQL i cannot make it work
with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1 server
it doesnt work anymore on the other server.
And when making 2 resolvers with 2 different setting types i cant resolve
users anymore. Have you been able to tested this successfully in the past?
Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:
When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Sorry i havent read the manual correctly, gonna try again.On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:
Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:
When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
My export and import of the database was not correct and i have to look out
for the fact that the file and position changes if both databases are
exactly the same and the replication is on both sides ok then it works.
Also i had to check this when exporting the database of the primary server
“Disable foreign key checks”
Lets see if i can keep it working as i am a mysql noob. 
Gr.
JohanOn Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote:
Also when i log in to server 1 with a user which has a token assigned i
see the token, server 2 i do not see the token but i guess thats related to
me not doing it right,On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:
I still cant get it to work, what i did was the following:
- Copy’d the enckey, private.pem and public.pem from server1 to server 2.
- Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
pi.cfg.- Configured master-master replication in mysql doing the following steps:
Server1 my.cnf:
server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=piServer2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pii imported the database named “pi” of server1 to server2 (got 1 error
doing that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121)
(Details…) )
and enabled replication using master slave start; on both servers.On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.I am obviously doing something wrong.
I would appreciate it if you can help me out.
On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:
Sorry i havent read the manual correctly, gonna try again.
On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:
Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:
When using a Master-Master replication Setup in MySQL i cannot make
it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
I still cant get it to work, what i did was the following:
Server1 my.cnf:
server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi
Server2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi
i imported the database named “pi” of server1 to server2 (got 1 error doing
that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121) (Details…)
)
and enabled replication using master slave start; on both servers.
On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.
I am obviously doing something wrong.
I would appreciate it if you can help me out.On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:
Sorry i havent read the manual correctly, gonna try again.
On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:
Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:
When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Also when i log in to server 1 with a user which has a token assigned i see
the token, server 2 i do not see the token but i guess thats related to me
not doing it right,On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:
I still cant get it to work, what i did was the following:
- Copy’d the enckey, private.pem and public.pem from server1 to server 2.
- Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
pi.cfg.- Configured master-master replication in mysql doing the following steps:
Server1 my.cnf:
server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=piServer2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pii imported the database named “pi” of server1 to server2 (got 1 error
doing that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121)
(Details…) )
and enabled replication using master slave start; on both servers.On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.I am obviously doing something wrong.
I would appreciate it if you can help me out.
On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:
Sorry i havent read the manual correctly, gonna try again.
On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:
Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:
When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Good to hear there is gonna be a “gui”.
Still when i check the table pidea_audit auto_increment is on and
autoincrement was not on the same value on both servers i made it the same
on both servers and started all over again doing a import of primary to the
other and started replication again.
See pictures: http://imgur.com/a/bFVvQOn Monday, June 27, 2016 at 3:11:37 PM UTC+2, Cornelius Kölbel wrote:
Hi Johan,
you probably are missing a auto_increment.
Anyway. I am working on some kind of “Appliance”, which will also allow
the easy setup of master-master replication. This will be part of the
SLAs.http://privacyidea.readthedocs.io/en/latest/configuration/privacyidea-setup.html
I already wrote the mysql config parser:
GitHub - privacyidea/mysqlparser: python parser for the mysqld configuration fileKind regards
CorneliusAm Montag, den 27.06.2016, 06:06 -0700 schrieb jmdeking:
Maste-Master replication stopped again with the following error:
Last_Error Error ‘Duplicate entry ‘10900’ for key ‘PRIMARY’’ on query.
Default database: ‘pi’. Query: ‘INSERT INTO pidea_audit (date,
signature, action, success, serial, token_type, user, realm,
administrator, action_detail, info, privacyidea_server, client,
loglevel, clearance_level) VALUES (‘2016-06-23 07:49:57’, ‘’,
‘POST /validate/check’, 0, NULL, NULL, ‘TEST’, ‘olvg.nl’, NULL, ‘’,
‘The user has no tokens assigned’, ‘privacyidea.olvg.nl’,
‘10.10.2.33’, NULL, NULL)’Any clue on how this is happening?
On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote:
My export and import of the database was not correct and i
have to look out for the fact that the file and position
changes if both databases are exactly the same and the
replication is on both sides ok then it works.Also i had to check this when exporting the database of the primary server "Disable foreign key checks" Lets see if i can keep it working as i am a mysql noob. :( Gr. Johan On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote: Also when i log in to server 1 with a user which has a token assigned i see the token, server 2 i do not see the token but i guess thats related to me not doing it right, On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote: I still cant get it to work, what i did was the following: - Copy'd the enckey, private.pem and public.pem from server1 to server 2. - Copy'd the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2 pi.cfg. - Configured master-master replication in mysql doing the following steps: Server1 my.cnf: server-id=5568509 log_bin=mysql-bin log_error=mysql-bin.err binlog_do_db=pi Server2 my.cnf: server-id=2742525 log_bin=mysql-bin log_error=mysql-bin.err binlog_do_db=pi i imported the database named "pi" of server1 to server2 (got 1 error doing that: #1005 - Can't create table 'pi.#sql-440b_7d' (errno: 121) (Details…) ) and enabled replication using master slave start; on both servers. On server 2 My LDAP resolver still gives a ***resolver error*** and when going to the resolver and testing the connection it says password not correct. I am obviously doing something wrong. I would appreciate it if you can help me out. On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote: Sorry i havent read the manual correctly, gonna try again. On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote: Yes. You need the same encryption keys on both nodes! Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking: > When using a Master-Master replication Setup in MySQL i cannot make it > work with my 2 ldap resolvers. > I get password failed on the ldap resolvers, so when i save it on 1 > server it doesnt work anymore on the other server. > > > And when making 2 resolvers with 2 different setting types i cant > resolve users anymore. Have you been able to tested this successfully > in the past? > -- > Please read the blog post about getting help >> > For professional services and consultancy regarding two factor > authentication please visit >One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
> > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: >> --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com.> To post to this group, send email to priva...@googlegroups.com. > Visit this group athttps://groups.google.com/group/privacyidea.
> To view this discussion on the web visit >> For more options, visithttps://groups.google.com/d/optout.
-- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
I think this is out of scope of a mailing list for an application
“privacyIDEA”.
If you need more time consuming help on this, please buy some
consultancy at your preferred service provider.
Kind regards
CorneliusAm Montag, den 27.06.2016, 07:03 -0700 schrieb jmdeking:
Good to hear there is gonna be a “gui”.
Still when i check the table pidea_audit auto_increment is on and
autoincrement was not on the same value on both servers i made it the
same on both servers and started all over again doing a import of
primary to the other and started replication again.See pictures: http://imgur.com/a/bFVvQ
On Monday, June 27, 2016 at 3:11:37 PM UTC+2, Cornelius Kölbel wrote:
Hi Johan,you probably are missing a auto_increment. Anyway. I am working on some kind of "Appliance", which will also allow the easy setup of master-master replication. This will be part of the SLAs. http://privacyidea.readthedocs.io/en/latest/configuration/privacyidea-setup.html I already wrote the mysql config parser: https://github.com/privacyidea/mysqlparser Kind regards Cornelius Am Montag, den 27.06.2016, 06:06 -0700 schrieb jmdeking: > Maste-Master replication stopped again with the following error: > > > Last_Error Error 'Duplicate entry '10900' for key 'PRIMARY'' on query. > Default database: 'pi'. Query: 'INSERT INTO pidea_audit (date, > signature, action, success, serial, token_type, user, realm, > administrator, action_detail, info, privacyidea_server, client, > loglevel, clearance_level) VALUES ('2016-06-23 07:49:57', '', > 'POST /validate/check', 0, NULL, NULL, 'TEST', 'olvg.nl', NULL, '', > 'The user has no tokens assigned', 'privacyidea.olvg.nl', > '10.10.2.33', NULL, NULL)' > > > Any clue on how this is happening? > > On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote: > My export and import of the database was not correct and i > have to look out for the fact that the file and position > changes if both databases are exactly the same and the > replication is on both sides ok then it works. > > > Also i had to check this when exporting the database of the > primary server "Disable foreign key checks" > > > Lets see if i can keep it working as i am a mysql noob. :( > > > Gr. > Johan > > On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote: > Also when i log in to server 1 with a user which has a > token assigned i see the token, server 2 i do not see > the token but i guess thats related to me not doing it > right, > > On Tuesday, June 21, 2016 at 1:03:14 PM UTC +2, jmdeking wrote: > I still cant get it to work, what i did was > the following: > > > - Copy'd the enckey, private.pem and > public.pem from server1 to server 2. > - Copy'd the PI_PEPPER and SECRET_KEY from > server1 pi.cfg to server 2 pi.cfg. > - Configured master-master replication in > mysql doing the following steps: > > > Server1 my.cnf: > > > server-id=5568509 > log_bin=mysql-bin > log_error=mysql-bin.err > binlog_do_db=pi > > > Server2 my.cnf: > server-id=2742525 > log_bin=mysql-bin > log_error=mysql-bin.err > binlog_do_db=pi > > > i imported the database named "pi" of server1 > to server2 (got 1 error doing that: #1005 - > Can't create table 'pi.#sql-440b_7d' (errno: > 121) (Details…) ) > and enabled replication using master slave > start; on both servers. > > > On server 2 My LDAP resolver still gives a > ***resolver error*** and when going to the > resolver and testing the connection it says > password not correct. > > > I am obviously doing something wrong. > > > I would appreciate it if you can help me out. > > On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote: > Sorry i havent read the manual > correctly, gonna try again. > > On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote: > Yes. > You need the same encryption > keys on both nodes! > > Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking: > > When using a Master-Master > replication Setup in MySQL i > cannot make it > > work with my 2 ldap > resolvers. > > I get password failed on the > ldap resolvers, so when i save > it on 1 > > server it doesnt work > anymore on the other server. > > > > > > And when making 2 resolvers > with 2 different setting types > i cant > > resolve users anymore. Have > you been able to tested this > successfully > > in the past? > > -- > > Please read the blog post > about getting help > > > https://www.privacyidea.org/getting-help/. > > > > For professional services > and consultancy regarding two > factor > > authentication please visit > > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment > you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for > SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message > because you are subscribed to > the Google > > Groups "privacyidea" group. > > To unsubscribe from this > group and stop receiving > emails from it, send > > an email to > privacyidea...@googlegroups.com. > > To post to this group, send > email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on > the web visit > > > https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com. > > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 > Kassel, Germany > Tel: +49 561 3166797, Fax: +49 > 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius > Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/7f0219a0-5b92-48fe-9e37-f5944ed6be01%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/8ad60db9-5109-49df-ba05-907f795ef404%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Hi Johan,
you probably are missing a auto_increment.
Anyway. I am working on some kind of “Appliance”, which will also allow
the easy setup of master-master replication. This will be part of the
SLAs.
http://privacyidea.readthedocs.io/en/latest/configuration/privacyidea-setup.html
I already wrote the mysql config parser:
Kind regards
CorneliusAm Montag, den 27.06.2016, 06:06 -0700 schrieb jmdeking:
Maste-Master replication stopped again with the following error:
Last_Error Error ‘Duplicate entry ‘10900’ for key ‘PRIMARY’’ on query.
Default database: ‘pi’. Query: ‘INSERT INTO pidea_audit (date,
signature, action, success, serial, token_type, user, realm,
administrator, action_detail, info, privacyidea_server, client,
loglevel, clearance_level) VALUES (‘2016-06-23 07:49:57’, ‘’,
‘POST /validate/check’, 0, NULL, NULL, ‘TEST’, ‘olvg.nl’, NULL, ‘’,
‘The user has no tokens assigned’, ‘privacyidea.olvg.nl’,
‘10.10.2.33’, NULL, NULL)’Any clue on how this is happening?
On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote:
My export and import of the database was not correct and i
have to look out for the fact that the file and position
changes if both databases are exactly the same and the
replication is on both sides ok then it works.Also i had to check this when exporting the database of the primary server "Disable foreign key checks" Lets see if i can keep it working as i am a mysql noob. :( Gr. Johan On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote: Also when i log in to server 1 with a user which has a token assigned i see the token, server 2 i do not see the token but i guess thats related to me not doing it right, On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote: I still cant get it to work, what i did was the following: - Copy'd the enckey, private.pem and public.pem from server1 to server 2. - Copy'd the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2 pi.cfg. - Configured master-master replication in mysql doing the following steps: Server1 my.cnf: server-id=5568509 log_bin=mysql-bin log_error=mysql-bin.err binlog_do_db=pi Server2 my.cnf: server-id=2742525 log_bin=mysql-bin log_error=mysql-bin.err binlog_do_db=pi i imported the database named "pi" of server1 to server2 (got 1 error doing that: #1005 - Can't create table 'pi.#sql-440b_7d' (errno: 121) (Details…) ) and enabled replication using master slave start; on both servers. On server 2 My LDAP resolver still gives a ***resolver error*** and when going to the resolver and testing the connection it says password not correct. I am obviously doing something wrong. I would appreciate it if you can help me out. On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote: Sorry i havent read the manual correctly, gonna try again. On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote: Yes. You need the same encryption keys on both nodes! Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking: > When using a Master-Master replication Setup in MySQL i cannot make it > work with my 2 ldap resolvers. > I get password failed on the ldap resolvers, so when i save it on 1 > server it doesnt work anymore on the other server. > > > And when making 2 resolvers with 2 different setting types i cant > resolve users anymore. Have you been able to tested this successfully > in the past? > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7f0219a0-5b92-48fe-9e37-f5944ed6be01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Maste-Master replication stopped again with the following error:
Last_Error Error ‘Duplicate entry ‘10900’ for key ‘PRIMARY’’ on query.
Default database: ‘pi’. Query: ‘INSERT INTO pidea_audit (date, signature,
action, success, serial, token_type, user, realm, administrator,
action_detail, info, privacyidea_server, client, loglevel, clearance_level)
VALUES (‘2016-06-23 07:49:57’, ‘’, ‘POST /validate/check’, 0, NULL, NULL,
‘TEST’, ‘olvg.nl’, NULL, ‘’, ‘The user has no tokens assigned’,
‘privacyidea.olvg.nl’, ‘10.10.2.33’, NULL, NULL)’
Any clue on how this is happening?On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote:
My export and import of the database was not correct and i have to look
out for the fact that the file and position changes if both databases are
exactly the same and the replication is on both sides ok then it works.Also i had to check this when exporting the database of the primary server
“Disable foreign key checks”Lets see if i can keep it working as i am a mysql noob.
Gr.
JohanOn Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote:
Also when i log in to server 1 with a user which has a token assigned i
see the token, server 2 i do not see the token but i guess thats related to
me not doing it right,On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:
I still cant get it to work, what i did was the following:
- Copy’d the enckey, private.pem and public.pem from server1 to server 2.
- Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
pi.cfg.- Configured master-master replication in mysql doing the following
steps:Server1 my.cnf:
server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=piServer2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pii imported the database named “pi” of server1 to server2 (got 1 error
doing that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121)
(Details…) )
and enabled replication using master slave start; on both servers.On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.I am obviously doing something wrong.
I would appreciate it if you can help me out.
On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:
Sorry i havent read the manual correctly, gonna try again.
On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:
Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:
When using a Master-Master replication Setup in MySQL i cannot make
it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this
successfully
in the past?Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel