https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536754#M529861 <HTML><HEAD></HEAD><BODY><P>Hi Team,</P><P></P><P>has maybe anybody experience in migration from ACS to ISE and the following problem?</P><P></P><P>".. Actual we are running an ACS 4.2 connected to an Oracle DB.</P><P>The idea is (and we need a solution asap) is to connect ISE to the same Oracle DB using different stored procedures.</P><P>There is a complex process running to bring the needed data into the Oracle DB (means that it is impossible to change something on the DB layout).</P><P>The team spent a lot of time reading docs on cisco.com looking for a clear description about stored procedures etc. but it seems that the given examples are incomplete or wrong.</P><P>I kindly ask you to provide a solution as soon as possible. If you need further information feel free to call me...</P><P></P><P><STRONG>some technical details:</STRONG></P><P></P><P>client (PC) authentication and authorization (Vlan assignment) was done with ACS 4.2 and external data source oracle using a stored procedure (as defined in the ACS manual).</P><P>Now we migrate to ISE and realize, that only half of the procedure (authentication) is working. For the assignment of users to groups (authorization) we have to use a different procedure which is in best case vaguely described.</P><P></P><P><STRONG>What is now needed is the exact documentation of the interface ("Fetch groups" &amp; "Fetch attributes" used by ISE in the ODBC Identity source, so we can program the oracle procedure accordingly.</STRONG>..."</P><P></P><P>thanks&nbsp; uwe</P></BODY></HTML> Thu, 04 May 2017 16:28:36 GMT ujundt@cisco.com 2017-05-04T16:28:36Z https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536754#M529861 <HTML><HEAD></HEAD><BODY><P>Hi Team,</P><P></P><P>has maybe anybody experience in migration from ACS to ISE and the following problem?</P><P></P><P>".. Actual we are running an ACS 4.2 connected to an Oracle DB.</P><P>The idea is (and we need a solution asap) is to connect ISE to the same Oracle DB using different stored procedures.</P><P>There is a complex process running to bring the needed data into the Oracle DB (means that it is impossible to change something on the DB layout).</P><P>The team spent a lot of time reading docs on cisco.com looking for a clear description about stored procedures etc. but it seems that the given examples are incomplete or wrong.</P><P>I kindly ask you to provide a solution as soon as possible. If you need further information feel free to call me...</P><P></P><P><STRONG>some technical details:</STRONG></P><P></P><P>client (PC) authentication and authorization (Vlan assignment) was done with ACS 4.2 and external data source oracle using a stored procedure (as defined in the ACS manual).</P><P>Now we migrate to ISE and realize, that only half of the procedure (authentication) is working. For the assignment of users to groups (authorization) we have to use a different procedure which is in best case vaguely described.</P><P></P><P><STRONG>What is now needed is the exact documentation of the interface ("Fetch groups" &amp; "Fetch attributes" used by ISE in the ODBC Identity source, so we can program the oracle procedure accordingly.</STRONG>..."</P><P></P><P>thanks&nbsp; uwe</P></BODY></HTML> Thu, 04 May 2017 16:28:36 GMT https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536754#M529861 ujundt@cisco.com 2017-05-04T16:28:36Z https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536755#M529862 <HTML><HEAD></HEAD><BODY><P>You will need to send result code of '0' and the list of groups that the user is member of or all the attributes that user record holds. The admin guide should provide what you need:</P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01101.html#id_10025" title="http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01101.html#id_10025">Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…</A></P><P></P><P>Also, sample procedures shown for MS SQL &amp; Postgres SQL:</P><P><A href="http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-21/200544-Configure-ISE-2-1-with-MS-SQL-using-ODBC.html" title="http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-21/200544-Configure-ISE-2-1-with-MS-SQL-using-ODBC.html">Configure ISE 2.1 with MS SQL using ODBC - Cisco</A></P><P><A href="http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-21/200644-Configure-ODBC-on-ISE-2-1-with-PostgreSQ.html#anc8" title="http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-21/200644-Configure-ODBC-on-ISE-2-1-with-PostgreSQ.html#anc8">Configure ODBC on ISE 2.1 with PostgreSQL - Cisco</A></P><P></P><P>Hosuk</P></BODY></HTML> Thu, 04 May 2017 16:56:54 GMT https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536755#M529862 howon 2017-05-04T16:56:54Z https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536756#M529863 <HTML><HEAD></HEAD><BODY><P>The sample functions or stored procedures for each supported DBMS vendors are on ISE admin web UI, too.</P><P><IMG alt="Screen Shot 2017-05-05 at 7.23.35 PM.png" class="image-1 jive-image" src="/legacyfs/online/fusion/107006_Screen Shot 2017-05-05 at 7.23.35 PM.png" style="height: 231px; width: 620px;" /></P></BODY></HTML> Sat, 06 May 2017 22:02:36 GMT https://community.cisco.com/t5/network-access-control/ise-question-to-fetch-groups-quot-quot-fetch-attributes-quot/m-p/3536756#M529863 hslai 2017-05-06T22:02:36Z