Mysql Master-Master setup (HA)

When using a Master-Master replication Setup in MySQL i cannot make it work
with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1 server
it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant resolve
users anymore. Have you been able to tested this successfully in the past?

Yes.
You need the same encryption keys on both nodes!Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:

When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Sorry i havent read the manual correctly, gonna try again.On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:

Yes.
You need the same encryption keys on both nodes!

Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:

When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

My export and import of the database was not correct and i have to look out
for the fact that the file and position changes if both databases are
exactly the same and the replication is on both sides ok then it works.

Also i had to check this when exporting the database of the primary server
"Disable foreign key checks"

Lets see if i can keep it working as i am a mysql noob. :frowning:

Gr.
JohanOn Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote:

Also when i log in to server 1 with a user which has a token assigned i
see the token, server 2 i do not see the token but i guess thats related to
me not doing it right,

On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:

I still cant get it to work, what i did was the following:

  • Copy’d the enckey, private.pem and public.pem from server1 to server 2.
  • Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
    pi.cfg.
  • Configured master-master replication in mysql doing the following steps:

Server1 my.cnf:

server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

Server2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

i imported the database named “pi” of server1 to server2 (got 1 error
doing that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121)
(Details…) )
and enabled replication using master slave start; on both servers.

On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.

I am obviously doing something wrong.

I would appreciate it if you can help me out.

On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:

Sorry i havent read the manual correctly, gonna try again.

On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:

Yes.
You need the same encryption keys on both nodes!

Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:

When using a Master-Master replication Setup in MySQL i cannot make
it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

I still cant get it to work, what i did was the following:

  • Copy’d the enckey, private.pem and public.pem from server1 to server 2.
  • Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
    pi.cfg.
  • Configured master-master replication in mysql doing the following steps:

Server1 my.cnf:

server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

Server2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

i imported the database named “pi” of server1 to server2 (got 1 error doing
that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121) (Details…)
)
and enabled replication using master slave start; on both servers.

On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.

I am obviously doing something wrong.

I would appreciate it if you can help me out.On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:

Sorry i havent read the manual correctly, gonna try again.

On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:

Yes.
You need the same encryption keys on both nodes!

Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:

When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Also when i log in to server 1 with a user which has a token assigned i see
the token, server 2 i do not see the token but i guess thats related to me
not doing it right,On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:

I still cant get it to work, what i did was the following:

  • Copy’d the enckey, private.pem and public.pem from server1 to server 2.
  • Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
    pi.cfg.
  • Configured master-master replication in mysql doing the following steps:

Server1 my.cnf:

server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

Server2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

i imported the database named “pi” of server1 to server2 (got 1 error
doing that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121)
(Details…) )
and enabled replication using master slave start; on both servers.

On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.

I am obviously doing something wrong.

I would appreciate it if you can help me out.

On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:

Sorry i havent read the manual correctly, gonna try again.

On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:

Yes.
You need the same encryption keys on both nodes!

Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:

When using a Master-Master replication Setup in MySQL i cannot make it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this successfully
in the past?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Good to hear there is gonna be a “gui”.

Still when i check the table pidea_audit auto_increment is on and
autoincrement was not on the same value on both servers i made it the same
on both servers and started all over again doing a import of primary to the
other and started replication again.

See pictures: http://imgur.com/a/bFVvQOn Monday, June 27, 2016 at 3:11:37 PM UTC+2, Cornelius Kölbel wrote:

Hi Johan,

you probably are missing a auto_increment.

Anyway. I am working on some kind of “Appliance”, which will also allow
the easy setup of master-master replication. This will be part of the
SLAs.

http://privacyidea.readthedocs.io/en/latest/configuration/privacyidea-setup.html

I already wrote the mysql config parser:
https://github.com/privacyidea/mysqlparser

Kind regards
Cornelius

Am Montag, den 27.06.2016, 06:06 -0700 schrieb jmdeking:

Maste-Master replication stopped again with the following error:

Last_Error Error ‘Duplicate entry ‘10900’ for key ‘PRIMARY’’ on query.
Default database: ‘pi’. Query: ‘INSERT INTO pidea_audit (date,
signature, action, success, serial, token_type, user, realm,
administrator, action_detail, info, privacyidea_server, client,
loglevel, clearance_level) VALUES (‘2016-06-23 07:49:57’, ‘’,
‘POST /validate/check’, 0, NULL, NULL, ‘TEST’, ‘olvg.nl’, NULL, ‘’,
‘The user has no tokens assigned’, ‘privacyidea.olvg.nl’,
‘10.10.2.33’, NULL, NULL)’

Any clue on how this is happening?

On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote:
My export and import of the database was not correct and i
have to look out for the fact that the file and position
changes if both databases are exactly the same and the
replication is on both sides ok then it works.

    Also i had to check this when exporting the database of the 
    primary server "Disable foreign key checks" 
    
    
    Lets see if i can keep it working as i am a mysql noob. :( 
    
    
    Gr. 
    Johan 
    
    On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote: 
            Also when i log in to server 1 with a user which has a 
            token assigned i see the token, server 2 i do not see 
            the token but i guess thats related to me not doing it 
            right, 
            
            On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2,  jmdeking wrote: 
                    I still cant get it to work, what i did was 
                    the following: 
                    
                    
                    - Copy'd the enckey, private.pem and 
                    public.pem from server1 to server 2. 
                    - Copy'd the PI_PEPPER and SECRET_KEY from 
                    server1 pi.cfg to server 2 pi.cfg. 
                    - Configured master-master replication in 
                    mysql doing the following steps: 
                    
                    
                    Server1 my.cnf: 
                    
                    
                    server-id=5568509 
                    log_bin=mysql-bin 
                    log_error=mysql-bin.err 
                    binlog_do_db=pi 
                    
                    
                    Server2 my.cnf: 
                    server-id=2742525 
                    log_bin=mysql-bin 
                    log_error=mysql-bin.err 
                    binlog_do_db=pi 
                    
                    
                    i imported the database named "pi" of server1 
                    to server2 (got 1 error doing that: #1005 - 
                    Can't create table 'pi.#sql-440b_7d' (errno: 
                    121) (Details…) ) 
                    and enabled replication using master slave 
                    start; on both servers. 
                    
                    
                    On server 2 My LDAP resolver still gives a 
                    ***resolver error*** and when going to the 
                    resolver and testing the connection it says 
                    password not correct. 
                    
                    
                    I am obviously doing something wrong. 
                    
                    
                    I would appreciate it if you can help me out. 
                    
                    On Monday, June 20, 2016 at 4:03:34 PM UTC+2,  jmdeking wrote: 
                            Sorry i havent read the manual 
                            correctly, gonna try again. 
                            
                            On Monday, June 20, 2016 at 3:51:38 PM  UTC+2, Cornelius Kölbel wrote: 
                                    Yes. 
                                    You need the same encryption 
                                    keys on both nodes! 
                                    
                                    Am Montag, den 20.06.2016, 
                                    06:45 -0700 schrieb jmdeking: 
                                    > When using a Master-Master 
                                    replication Setup in MySQL i 
                                    cannot make it 
                                    > work with my 2 ldap 
                                    resolvers. 
                                    > I get password failed on the 
                                    ldap resolvers, so when i save 
                                    it on 1 
                                    > server it doesnt work 
                                    anymore on the other server. 
                                    > 
                                    > 
                                    > And when making 2 resolvers 
                                    with 2 different setting types 
                                    i cant 
                                    > resolve users anymore. Have 
                                    you been able to tested this 
                                    successfully 
                                    > in the past? 
                                    > -- 
                                    > Please read the blog post 
                                    about getting help 
                                    > 

https://www.privacyidea.org/getting-help/.

                                    >   
                                    > For professional services 
                                    and consultancy regarding two 
                                    factor 
                                    > authentication please visit 
                                    > 

https://netknights.it/en/leistungen/one-time-services/

                                    >   
                                    > In an enterprise environment 
                                    you should get a SERVICE LEVEL 
                                    AGREEMENT 
                                    > which suites your needs for 
                                    SECURITY, AVAILABILITY and 
                                    LIABILITY: 
                                    > 

https://netknights.it/en/leistungen/service-level-agreements/

                                    > --- 
                                    > You received this message 
                                    because you are subscribed to 
                                    the Google 
                                    > Groups "privacyidea" group. 
                                    > To unsubscribe from this 
                                    group and stop receiving 
                                    emails from it, send 
                                    > an email to 
                                    privacyidea...@googlegroups.com. 
                                    > To post to this group, send 
                                    email to 
                                    priva...@googlegroups.com. 
                                    > Visit this group at 

https://groups.google.com/group/privacyidea.

                                    > To view this discussion on 
                                    the web visit 
                                    > 

https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.

                                    > For more options, visit 

https://groups.google.com/d/optout.

                                    -- 
                                    Cornelius Kölbel 
                                    corneliu...@netknights.it 
                                    +49 151 2960 1417 
                                    
                                    NetKnights GmbH 
                                    http://www.netknights.it 
                                    Landgraf-Karl-Str. 19, 34131 
                                    Kassel, Germany 
                                    Tel: +49 561 3166797, Fax: +49 
                                    561 3166798 
                                    
                                    Amtsgericht Kassel, HRB 16405 
                                    Geschäftsführer: Cornelius 
                                    Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/7f0219a0-5b92-48fe-9e37-f5944ed6be01%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

I think this is out of scope of a mailing list for an application
“privacyIDEA”.
If you need more time consuming help on this, please buy some
consultancy at your preferred service provider.

Kind regards
CorneliusAm Montag, den 27.06.2016, 07:03 -0700 schrieb jmdeking:

Good to hear there is gonna be a “gui”.

Still when i check the table pidea_audit auto_increment is on and
autoincrement was not on the same value on both servers i made it the
same on both servers and started all over again doing a import of
primary to the other and started replication again.

See pictures: http://imgur.com/a/bFVvQ

On Monday, June 27, 2016 at 3:11:37 PM UTC+2, Cornelius Kölbel wrote:
Hi Johan,

    you probably are missing a auto_increment. 
    
    Anyway. I am working on some kind of "Appliance", which will
    also allow 
    the easy setup of master-master replication. This will be part
    of the 
    SLAs. 
    http://privacyidea.readthedocs.io/en/latest/configuration/privacyidea-setup.html 
    
    I already wrote the mysql config parser: 
    https://github.com/privacyidea/mysqlparser 
    
    Kind regards 
    Cornelius 
    
    
    
    
    Am Montag, den 27.06.2016, 06:06 -0700 schrieb jmdeking: 
    > Maste-Master replication stopped again with the following
    error: 
    > 
    > 
    > Last_Error Error 'Duplicate entry '10900' for key 'PRIMARY''
    on query. 
    > Default database: 'pi'. Query: 'INSERT INTO pidea_audit
    (date, 
    > signature, action, success, serial, token_type, user,
    realm, 
    > administrator, action_detail, info, privacyidea_server,
    client, 
    > loglevel, clearance_level) VALUES ('2016-06-23 07:49:57',
    '', 
    > 'POST /validate/check', 0, NULL, NULL, 'TEST', 'olvg.nl',
    NULL, '', 
    > 'The user has no tokens assigned', 'privacyidea.olvg.nl', 
    > '10.10.2.33', NULL, NULL)' 
    > 
    > 
    > Any clue on how this is happening? 
    > 
    > On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote: 
    >         My export and import of the database was not correct
    and i 
    >         have to look out for the fact that the file and
    position 
    >         changes if both databases are exactly the same and
    the 
    >         replication is on both sides ok then it works. 
    >         
    >         
    >         Also i had to check this when exporting the database
    of the 
    >         primary server "Disable foreign key checks" 
    >         
    >         
    >         Lets see if i can keep it working as i am a mysql
    noob. :( 
    >         
    >         
    >         Gr. 
    >         Johan 
    >         
    >         On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote: 
    >                 Also when i log in to server 1 with a user
    which has a 
    >                 token assigned i see the token, server 2 i
    do not see 
    >                 the token but i guess thats related to me
    not doing it 
    >                 right, 
    >                 
    >                 On Tuesday, June 21, 2016 at 1:03:14 PM UTC +2,  jmdeking wrote: 
    >                         I still cant get it to work, what i
    did was 
    >                         the following: 
    >                         
    >                         
    >                         - Copy'd the enckey, private.pem
    and 
    >                         public.pem from server1 to server
    2. 
    >                         - Copy'd the PI_PEPPER and
    SECRET_KEY from 
    >                         server1 pi.cfg to server 2 pi.cfg. 
    >                         - Configured master-master
    replication in 
    >                         mysql doing the following steps: 
    >                         
    >                         
    >                         Server1 my.cnf: 
    >                         
    >                         
    >                         server-id=5568509 
    >                         log_bin=mysql-bin 
    >                         log_error=mysql-bin.err 
    >                         binlog_do_db=pi 
    >                         
    >                         
    >                         Server2 my.cnf: 
    >                         server-id=2742525 
    >                         log_bin=mysql-bin 
    >                         log_error=mysql-bin.err 
    >                         binlog_do_db=pi 
    >                         
    >                         
    >                         i imported the database named "pi"
    of server1 
    >                         to server2 (got 1 error doing that:
    #1005 - 
    >                         Can't create table
    'pi.#sql-440b_7d' (errno: 
    >                         121) (Details…) ) 
    >                         and enabled replication using master
    slave 
    >                         start; on both servers. 
    >                         
    >                         
    >                         On server 2 My LDAP resolver still
    gives a 
    >                         ***resolver error*** and when going
    to the 
    >                         resolver and testing the connection
    it says 
    >                         password not correct. 
    >                         
    >                         
    >                         I am obviously doing something
    wrong. 
    >                         
    >                         
    >                         I would appreciate it if you can
    help me out. 
    >                         
    >                         On Monday, June 20, 2016 at 4:03:34 PM UTC+2,  jmdeking wrote: 
    >                                 Sorry i havent read the
    manual 
    >                                 correctly, gonna try again. 
    >                                 
    >                                 On Monday, June 20, 2016 at 3:51:38 PM  UTC+2, Cornelius Kölbel wrote: 
    >                                         Yes. 
    >                                         You need the same
    encryption 
    >                                         keys on both nodes! 
    >                                         
    >                                         Am Montag, den 20.06.2016,  06:45 -0700 schrieb
    jmdeking: 
    >                                         > When using a
    Master-Master 
    >                                         replication Setup in
    MySQL i 
    >                                         cannot make it 
    >                                         > work with my 2
    ldap 
    >                                         resolvers. 
    >                                         > I get password
    failed on the 
    >                                         ldap resolvers, so
    when i save 
    >                                         it on 1 
    >                                         > server it doesnt
    work 
    >                                         anymore on the other
    server. 
    >                                         > 
    >                                         > 
    >                                         > And when making 2
    resolvers 
    >                                         with 2 different
    setting types 
    >                                         i cant 
    >                                         > resolve users
    anymore. Have 
    >                                         you been able to
    tested this 
    >                                         successfully 
    >                                         > in the past? 
    >                                         > -- 
    >                                         > Please read the
    blog post 
    >                                         about getting help 
    >                                         > 
    >
    https://www.privacyidea.org/getting-help/. 
    >                                         >   
    >                                         > For professional
    services 
    >                                         and consultancy
    regarding two 
    >                                         factor 
    >                                         > authentication
    please visit 
    >                                         > 
    >
    https://netknights.it/en/leistungen/one-time-services/ 
    >                                         >   
    >                                         > In an enterprise
    environment 
    >                                         you should get a
    SERVICE LEVEL 
    >                                         AGREEMENT 
    >                                         > which suites your
    needs for 
    >                                         SECURITY,
    AVAILABILITY and 
    >                                         LIABILITY: 
    >                                         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >                                         > --- 
    >                                         > You received this
    message 
    >                                         because you are
    subscribed to 
    >                                         the Google 
    >                                         > Groups
    "privacyidea" group. 
    >                                         > To unsubscribe
    from this 
    >                                         group and stop
    receiving 
    >                                         emails from it,
    send 
    >                                         > an email to 
    >
    privacyidea...@googlegroups.com. 
    >                                         > To post to this
    group, send 
    >                                         email to 
    >
    priva...@googlegroups.com. 
    >                                         > Visit this group
    at 
    >
    https://groups.google.com/group/privacyidea. 
    >                                         > To view this
    discussion on 
    >                                         the web visit 
    >                                         > 
    >
    https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com. 
    >                                         > For more options,
    visit 
    >
    https://groups.google.com/d/optout. 
    >                                         
    >                                         -- 
    >                                         Cornelius Kölbel 
    >
    corneliu...@netknights.it 
    >                                         +49 151 2960 1417 
    >                                         
    >                                         NetKnights GmbH 
    >
    http://www.netknights.it 
    >                                         Landgraf-Karl-Str.
    19, 34131 
    >                                         Kassel, Germany 
    >                                         Tel: +49 561
    3166797, Fax: +49 
    >                                         561 3166798 
    >                                         
    >                                         Amtsgericht Kassel,
    HRB 16405 
    >                                         Geschäftsführer:
    Cornelius 
    >                                         Kölbel 
    >                                         
    >                                         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/7f0219a0-5b92-48fe-9e37-f5944ed6be01%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/8ad60db9-5109-49df-ba05-907f795ef404%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Johan,

you probably are missing a auto_increment.

Anyway. I am working on some kind of “Appliance”, which will also allow
the easy setup of master-master replication. This will be part of the
SLAs.
http://privacyidea.readthedocs.io/en/latest/configuration/privacyidea-setup.html

I already wrote the mysql config parser:

Kind regards
CorneliusAm Montag, den 27.06.2016, 06:06 -0700 schrieb jmdeking:

Maste-Master replication stopped again with the following error:

Last_Error Error ‘Duplicate entry ‘10900’ for key ‘PRIMARY’’ on query.
Default database: ‘pi’. Query: ‘INSERT INTO pidea_audit (date,
signature, action, success, serial, token_type, user, realm,
administrator, action_detail, info, privacyidea_server, client,
loglevel, clearance_level) VALUES (‘2016-06-23 07:49:57’, ‘’,
‘POST /validate/check’, 0, NULL, NULL, ‘TEST’, ‘olvg.nl’, NULL, ‘’,
‘The user has no tokens assigned’, ‘privacyidea.olvg.nl’,
‘10.10.2.33’, NULL, NULL)’

Any clue on how this is happening?

On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote:
My export and import of the database was not correct and i
have to look out for the fact that the file and position
changes if both databases are exactly the same and the
replication is on both sides ok then it works.

    Also i had to check this when exporting the database of the
    primary server "Disable foreign key checks"
    
    
    Lets see if i can keep it working as i am a mysql noob. :(
    
    
    Gr.
    Johan
    
    On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote:
            Also when i log in to server 1 with a user which has a
            token assigned i see the token, server 2 i do not see
            the token but i guess thats related to me not doing it
            right,
            
            On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:
                    I still cant get it to work, what i did was
                    the following:
                    
                    
                    - Copy'd the enckey, private.pem and
                    public.pem from server1 to server 2.
                    - Copy'd the PI_PEPPER and SECRET_KEY from
                    server1 pi.cfg to server 2 pi.cfg.
                    - Configured master-master replication in
                    mysql doing the following steps:
                    
                    
                    Server1 my.cnf:
                    
                    
                    server-id=5568509
                    log_bin=mysql-bin
                    log_error=mysql-bin.err
                    binlog_do_db=pi
                    
                    
                    Server2 my.cnf:
                    server-id=2742525
                    log_bin=mysql-bin
                    log_error=mysql-bin.err
                    binlog_do_db=pi
                    
                    
                    i imported the database named "pi" of server1
                    to server2 (got 1 error doing that: #1005 -
                    Can't create table 'pi.#sql-440b_7d' (errno:
                    121) (Details…) ) 
                    and enabled replication using master slave
                    start; on both servers.
                    
                    
                    On server 2 My LDAP resolver still gives a
                    ***resolver error*** and when going to the
                    resolver and testing the connection it says
                    password not correct.
                    
                    
                    I am obviously doing something wrong.
                    
                    
                    I would appreciate it if you can help me out.
                    
                    On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:
                            Sorry i havent read the manual
                            correctly, gonna try again.
                            
                            On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:
                                    Yes. 
                                    You need the same encryption
                                    keys on both nodes! 
                                    
                                    Am Montag, den 20.06.2016,
                                    06:45 -0700 schrieb jmdeking: 
                                    > When using a Master-Master
                                    replication Setup in MySQL i
                                    cannot make it 
                                    > work with my 2 ldap
                                    resolvers. 
                                    > I get password failed on the
                                    ldap resolvers, so when i save
                                    it on 1 
                                    > server it doesnt work
                                    anymore on the other server. 
                                    > 
                                    > 
                                    > And when making 2 resolvers
                                    with 2 different setting types
                                    i cant 
                                    > resolve users anymore. Have
                                    you been able to tested this
                                    successfully 
                                    > in the past? 
                                    > -- 
                                    > Please read the blog post
                                    about getting help 
                                    >
                                    https://www.privacyidea.org/getting-help/. 
                                    >   
                                    > For professional services
                                    and consultancy regarding two
                                    factor 
                                    > authentication please visit 
                                    >
                                    https://netknights.it/en/leistungen/one-time-services/ 
                                    >   
                                    > In an enterprise environment
                                    you should get a SERVICE LEVEL
                                    AGREEMENT 
                                    > which suites your needs for
                                    SECURITY, AVAILABILITY and
                                    LIABILITY: 
                                    >
                                    https://netknights.it/en/leistungen/service-level-agreements/ 
                                    > --- 
                                    > You received this message
                                    because you are subscribed to
                                    the Google 
                                    > Groups "privacyidea" group. 
                                    > To unsubscribe from this
                                    group and stop receiving
                                    emails from it, send 
                                    > an email to
                                    privacyidea...@googlegroups.com. 
                                    > To post to this group, send
                                    email to
                                    priva...@googlegroups.com. 
                                    > Visit this group at
                                    https://groups.google.com/group/privacyidea. 
                                    > To view this discussion on
                                    the web visit 
                                    >
                                    https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com. 
                                    > For more options, visit
                                    https://groups.google.com/d/optout. 
                                    
                                    -- 
                                    Cornelius Kölbel 
                                    corneliu...@netknights.it 
                                    +49 151 2960 1417 
                                    
                                    NetKnights GmbH 
                                    http://www.netknights.it 
                                    Landgraf-Karl-Str. 19, 34131
                                    Kassel, Germany 
                                    Tel: +49 561 3166797, Fax: +49
                                    561 3166798 
                                    
                                    Amtsgericht Kassel, HRB 16405 
                                    Geschäftsführer: Cornelius
                                    Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7f0219a0-5b92-48fe-9e37-f5944ed6be01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Maste-Master replication stopped again with the following error:

Last_Error Error ‘Duplicate entry ‘10900’ for key ‘PRIMARY’’ on query.
Default database: ‘pi’. Query: ‘INSERT INTO pidea_audit (date, signature,
action, success, serial, token_type, user, realm, administrator,
action_detail, info, privacyidea_server, client, loglevel, clearance_level)
VALUES (‘2016-06-23 07:49:57’, ‘’, ‘POST /validate/check’, 0, NULL, NULL,
‘TEST’, ‘olvg.nl’, NULL, ‘’, ‘The user has no tokens assigned’,
privacyidea.olvg.nl’, ‘10.10.2.33’, NULL, NULL)’

Any clue on how this is happening?On Tuesday, June 21, 2016 at 2:54:31 PM UTC+2, jmdeking wrote:

My export and import of the database was not correct and i have to look
out for the fact that the file and position changes if both databases are
exactly the same and the replication is on both sides ok then it works.

Also i had to check this when exporting the database of the primary server
"Disable foreign key checks"

Lets see if i can keep it working as i am a mysql noob. :frowning:

Gr.
Johan

On Tuesday, June 21, 2016 at 1:24:35 PM UTC+2, jmdeking wrote:

Also when i log in to server 1 with a user which has a token assigned i
see the token, server 2 i do not see the token but i guess thats related to
me not doing it right,

On Tuesday, June 21, 2016 at 1:03:14 PM UTC+2, jmdeking wrote:

I still cant get it to work, what i did was the following:

  • Copy’d the enckey, private.pem and public.pem from server1 to server 2.
  • Copy’d the PI_PEPPER and SECRET_KEY from server1 pi.cfg to server 2
    pi.cfg.
  • Configured master-master replication in mysql doing the following
    steps:

Server1 my.cnf:

server-id=5568509
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

Server2 my.cnf:
server-id=2742525
log_bin=mysql-bin
log_error=mysql-bin.err
binlog_do_db=pi

i imported the database named “pi” of server1 to server2 (got 1 error
doing that: #1005 - Can’t create table ‘pi.#sql-440b_7d’ (errno: 121)
(Details…) )
and enabled replication using master slave start; on both servers.

On server 2 My LDAP resolver still gives a resolver error and when
going to the resolver and testing the connection it says password not
correct.

I am obviously doing something wrong.

I would appreciate it if you can help me out.

On Monday, June 20, 2016 at 4:03:34 PM UTC+2, jmdeking wrote:

Sorry i havent read the manual correctly, gonna try again.

On Monday, June 20, 2016 at 3:51:38 PM UTC+2, Cornelius Kölbel wrote:

Yes.
You need the same encryption keys on both nodes!

Am Montag, den 20.06.2016, 06:45 -0700 schrieb jmdeking:

When using a Master-Master replication Setup in MySQL i cannot make
it
work with my 2 ldap resolvers.
I get password failed on the ldap resolvers, so when i save it on 1
server it doesnt work anymore on the other server.

And when making 2 resolvers with 2 different setting types i cant
resolve users anymore. Have you been able to tested this
successfully
in the past?

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/8d1b0e4a-5122-4a4d-8814-827fac558b66%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel