Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
6
Helpful
2
Replies

ISE: question to Fetch groups" & "Fetch attributes" used by ISE in the ODBC

Go to solution
ujundt@cisco.com
Cisco Employee
Cisco Employee

‎05-04-2017 09:28 AM

Hi Team,

has maybe anybody experience in migration from ACS to ISE and the following problem?

".. Actual we are running an ACS 4.2 connected to an Oracle DB.

The idea is (and we need a solution asap) is to connect ISE to the same Oracle DB using different stored procedures.

There is a complex process running to bring the needed data into the Oracle DB (means that it is impossible to change something on the DB layout).

The team spent a lot of time reading docs on cisco.com looking for a clear description about stored procedures etc. but it seems that the given examples are incomplete or wrong.

I kindly ask you to provide a solution as soon as possible. If you need further information feel free to call me...

some technical details:

client (PC) authentication and authorization (Vlan assignment) was done with ACS 4.2 and external data source oracle using a stored procedure (as defined in the ACS manual).

Now we migrate to ISE and realize, that only half of the procedure (authentication) is working. For the assignment of users to groups (authorization) we have to use a different procedure which is in best case vaguely described.

What is now needed is the exact documentation of the interface ("Fetch groups" & "Fetch attributes" used by ISE in the ODBC Identity source, so we can program the oracle procedure accordingly...."

thanks  uwe

1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-04-2017 09:56 AM

You will need to send result code of '0' and the list of groups that the user is member of or all the attributes that user record holds. The admin guide should provide what you need:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

Also, sample procedures shown for MS SQL & Postgres SQL:

Configure ISE 2.1 with MS SQL using ODBC - Cisco

Configure ODBC on ISE 2.1 with PostgreSQL - Cisco

Hosuk

View solution in original post

2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-04-2017 09:56 AM

You will need to send result code of '0' and the list of groups that the user is member of or all the attributes that user record holds. The admin guide should provide what you need:

Cisco Identity Services Engine Administrator Guide, Release 2.1 - Manage Users and External Identity Sources [Cisco Ide…

Also, sample procedures shown for MS SQL & Postgres SQL:

Configure ISE 2.1 with MS SQL using ODBC - Cisco

Configure ODBC on ISE 2.1 with PostgreSQL - Cisco

Hosuk

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-06-2017 03:02 PM

The sample functions or stored procedures for each supported DBMS vendors are on ISE admin web UI, too.

Screen Shot 2017-05-05 at 7.23.35 PM.png

Customers Also Viewed These Support Documents