Versions Compared

Old Version 74

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version 75

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You must either set up a new (empty) database, or initialize the database from a backup (e.g. a backup created on the peer system). h7.

...

Initialize a new database

...

WARNING: THIS STEP WILL DROP THE TABLES OF ANY EXISTING DATABASE. Proceed to the next step to initialize the database from a backup.

...

No Format
# mysql -u root -p < /usr/local/targeted-id/etc/tid-init.sql

...

Initialize a Targeted ID database from backup

...

Perform this step to set up the database when adding a new machine to an existing cluster. You should obtain the backup from an existing machine in the cluster.

No Format
# mysql -u root -p < /path/to/most-recent-backup.sql

...

Load the targeted ID stored function into the database

...

The IdP resolver will call a stored function tid to generate and retrieve the targeted ID as the attribute source. The source for this function is in /usr/local/targeted-id/etc/tid.sql. Note that the function uses 2 hard-coded "secret" strings to randomize the generated IDs. It is imperative that you set these 2 strings in the function source before loading it, and that all nodes in a cluster always use the same 2 secret strings. To set the secret strings, make a copy of tid.sql (to, say, tid.sql.private), edit the copy, locate the declarations of mySecret1 and mySecret2, and replace the secret_1 and secret_2 string literals accordingly.

No Format

    DECLARE mySecret1 VARCHAR(255) DEFAULT 'secret_1';
    DECLARE mySecret2 VARCHAR(255) DEFAULT 'secret_2';

Make sure the resulting file is only readable by root. Once you have correctly set these strings, you can load the function as follows:

No Format

# mysql -u root -p targetedID < /usr/local/targeted-id/etc/tid.sql.private
Set up the grant tables

Once you have loaded the database tables and stored function, you must set up the grant tables for the shib and shibadmin database users. The file /usr/local/targeted-id/etc/tid-grants.sql contains the necessary grants for users on the local machine; you should modify this to add the same grants for the users on the peer machine.

No Format

# mysql -u root -p < /usr/local/targeted-id/etc/tid-grants.sql

Firewall

Make sure that the additional port used by the IdP are enabled in the firewall. Use the command "iptables --list -n --line-numbers" to determine the proper rule number; the following example assumes we are inserting rules beginning at number 36. Also replace 18.x.y.z with the appropriate IP address of the peer node in the cluster, not the local host.

...