So, I just did the following:
As a result, it appears that all of the tokens assigned to a user are no
longer visible to that user, unless they (tokens) are also reassigned to
the new Resolver.
Is this correct behavior? As the user has no control over the Resolver,
will I have to re-assign all of my existing tokens?
Thanks,
-Kris
Kris Lou
@Kris_Lou
I had seen that – I just wasn’t aware that tokens were also tied to
specific resolvers.
In my case, I switched from querying a specific DC to querying the domain,
and allowing DNS to handle that portion. I don’t have a lot of users, so
it wasn’t a huge deal to make the switch.
But if a Resolver target would need to be replaced in a much larger
organization, that could be a LOT of work to troubleshoot. On the other
hand, I suppose I could only change the Server URI and not create a new
Resolver.
Kris Lou
@Kris_LouOn Mon, May 1, 2017 at 12:36 AM, Cornelius Kölbel < cornelius.koelbel@netknights.it> wrote:
Hi Kris,
5.2. Realms — privacyIDEA 3.8 documentation?
highlight=resolver%20priority#resolver-priority
a lower number means a higher priority.
Just like when you are #1 in real lifeKind regards
CorneliusAm Freitag, 28. April 2017 21:01:29 UTC+2 schrieb Kris Lou:
So, I just did the following:
- Created a new Resolver
- Add this to my existing default Realm, with a higher priority than
the existing LdapResolverAs a result, it appears that all of the tokens assigned to a user are no
longer visible to that user, unless they (tokens) are also reassigned to
the new Resolver.Is this correct behavior? As the user has no control over the Resolver,
will I have to re-assign all of my existing tokens?Thanks,
-KrisKris Lou
@Kris_Lou–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/
msgid/privacyidea/e9b826f0-6bb1-4486-a48d-2f9660961bba%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/e9b826f0-6bb1-4486-a48d-2f9660961bba%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
Hi Kris,
http://privacyidea.readthedocs.io/en/latest/configuration/realms.html?highlight=resolver%20priority#resolver-priority
a lower number means a higher priority.
Just like when you are #1 in real life 
Kind regards
CorneliusAm Freitag, 28. April 2017 21:01:29 UTC+2 schrieb Kris Lou:
So, I just did the following:
- Created a new Resolver
- Add this to my existing default Realm, with a higher priority than the
existing LdapResolverAs a result, it appears that all of the tokens assigned to a user are no
longer visible to that user, unless they (tokens) are also reassigned to
the new Resolver.Is this correct behavior? As the user has no control over the Resolver,
will I have to re-assign all of my existing tokens?Thanks,
-KrisKris Lou
klou@themusiclink.net
You would reconfigure the resolver - right. No big deal.Am Montag, 1. Mai 2017 18:41:13 UTC+2 schrieb Kris Lou:
I had seen that – I just wasn’t aware that tokens were also tied to
specific resolvers.In my case, I switched from querying a specific DC to querying the domain,
and allowing DNS to handle that portion. I don’t have a lot of users, so
it wasn’t a huge deal to make the switch.But if a Resolver target would need to be replaced in a much larger
organization, that could be a LOT of work to troubleshoot. On the other
hand, I suppose I could only change the Server URI and not create a new
Resolver.Kris Lou
klou@themusiclink.netOn Mon, May 1, 2017 at 12:36 AM, Cornelius Kölbel < @cornelinux> wrote:
Hi Kris,
5.2. Realms — privacyIDEA 3.8 documentation
a lower number means a higher priority.
Just like when you are #1 in real lifeKind regards
CorneliusAm Freitag, 28. April 2017 21:01:29 UTC+2 schrieb Kris Lou:
So, I just did the following:
- Created a new Resolver
- Add this to my existing default Realm, with a higher priority than
the existing LdapResolverAs a result, it appears that all of the tokens assigned to a user are no
longer visible to that user, unless they (tokens) are also reassigned to
the new Resolver.Is this correct behavior? As the user has no control over the Resolver,
will I have to re-assign all of my existing tokens?Thanks,
-KrisKris Lou
klou@themusiclink.net–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/e9b826f0-6bb1-4486-a48d-2f9660961bba%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/e9b826f0-6bb1-4486-a48d-2f9660961bba%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.