تكوين ODBC على ISE 2.3 باستخدام قاعدة بيانات Oracle
المحتويات
المقدمة
يوضح هذا المستند كيفية تكوين Identity Services Engine (ISE) باستخدام قاعدة بيانات Oracle لمصادقة ISE باستخدام اتصال قاعدة البيانات المفتوحة (ODBC).
تتطلب مصادقة اتصال قاعدة البيانات المفتوحة (ODBC) أن يتمكن ISE من إحضار كلمة مرور مستخدم نص عادي. يمكن تشفير كلمة المرور في قاعدة البيانات، ولكن يجب فك تشفيرها بواسطة الإجراء المخزن.
المتطلبات الأساسية
المتطلبات
توصي Cisco بأن تكون لديك معرفة بالمواضيع التالية:
- Cisco Identity Services Engine 2.3
- قواعد البيانات ومفاهيم ODBC
- أوراكل
المكونات المستخدمة
تستند المعلومات الواردة في هذا المستند إلى إصدارات البرامج والمكونات المادية التالية:
- Identity Services Engine 2.3.0.298
- سينتوس 7
- قاعدة بيانات Oracle، الإصدار 12.2.0.1.0
- مطور Oracle SQL 4.1.5
التكوين
الخطوة 1. تهيئة Oracle الأساسية
في هذا المثال، تم تكوين Oracle باستخدام المعلمات التالية:
- اسم قاعدة البيانات: ORCL
- اسم الخدمة: orcl.vkumov.local
- المنفذ: 1521 (الافتراضي)
- تم إنشاء حساب ل ISE باسم ISE
قم بتكوين قاعدة بيانات Oracle قبل المتابعة.
الخطوة 2. ISE أساسي تشكيل
إنشاء مصدر هوية ODBC في الإدارة > مصدر هوية خارجي > ODBC واختبار الاتصال:
الخطوة 3. تكوين مصادقة المستخدم
تستخدم مصادقة ISE إلى ODBC الإجراءات المخزنة. من الممكن تحديد نوع الإجراءات. في هذا المثال، نستخدم مجموعات السجلات كمرتجعات.
بالنسبة للإجراءات الأخرى، راجع دليل مسؤول محرك خدمات الهوية من Cisco، الإصدار 2.3
1. قم بإنشاء الجدول باستخدام بيانات اعتماد المستخدمين. تأكد من تعيين إعدادات الهوية على المفتاح الأساسي.
--------------------------------------------------------
-- DDL for Table USERS
--------------------------------------------------------
CREATE TABLE "ISE"."USERS"
( "USER_ID" NUMBER(*,0) GENERATED ALWAYS AS IDENTITY MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE NOKEEP NOSCALE ,
"USERNAME" VARCHAR2(120 BYTE),
"PASSWORD" VARCHAR2(120 BYTE)
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index USERS_PK
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."USERS_PK" ON "ISE"."USERS" ("USER_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- Constraints for Table USERS
--------------------------------------------------------
ALTER TABLE "ISE"."USERS" MODIFY ("USER_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."USERS" MODIFY ("USERNAME" NOT NULL ENABLE);
ALTER TABLE "ISE"."USERS" MODIFY ("PASSWORD" NOT NULL ENABLE);
ALTER TABLE "ISE"."USERS" ADD CONSTRAINT "USERS_PK" PRIMARY KEY ("USER_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
أو من واجهة المستخدم الرسومية (GUI) لمطور SQL:
2. إضافة مستخدمين
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('alice', 'password1')
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('bob', 'password1')
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('admin', 'password1')
3. قم بإنشاء إجراء لمصادقة كلمة مرور النص العادي (يستخدم مع PAP، الأسلوب الداخلي EAP-GTC، TACACS)
create or replace function ISEAUTH_R
(
ise_username IN VARCHAR2,
ise_userpassword IN VARCHAR2
) return sys_refcursor AS
BEGIN
declare
c integer;
resultSet SYS_REFCURSOR;
begin
select count(*) into c from USERS where USERS.USERNAME = ise_username and USERS.PASSWORD = ise_userpassword;
if c > 0 then
open resultSet for select 0 as code, 11, 'good user', 'no error' from dual;
ELSE
open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
END IF;
return resultSet;
end;
END ISEAUTH_R;
4. قم بإنشاء إجراء لجلب كلمة مرور النص العادي (يستخدم مع CHAP و MSCHAPv1/v2 و EAP-MD5 و LEAP و EAP-MSCHAPv2 الأسلوب الداخلي و TACACS)
create or replace function ISEFETCH_R
(
ise_username IN VARCHAR2
) return sys_refcursor AS
BEGIN
declare
c integer;
resultSet SYS_REFCURSOR;
begin
select count(*) into c from USERS where USERS.USERNAME = ise_username;
if c > 0 then
open resultSet for select 0, 11, 'good user', 'no error', password from USERS where USERS.USERNAME = ise_username;
DBMS_OUTPUT.PUT_LINE('found');
ELSE
open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
DBMS_OUTPUT.PUT_LINE('not found');
END IF;
return resultSet;
end;
END;
5. قم بإنشاء إجراء للتحقق من اسم المستخدم أو الجهاز (يستخدم ل MAB، وإعادة الاتصال السريع ل PEAP، EAP-FAST و EAP-TTLS)
create or replace function ISELOOKUP_R
(
ise_username IN VARCHAR2
) return sys_refcursor AS
BEGIN
declare
c integer;
resultSet SYS_REFCURSOR;
begin
select count(*) into c from USERS where USERS.USERNAME = ise_username;
if c > 0 then
open resultSet for select 0, 11, 'good user', 'no error' from USERS where USERS.USERNAME = ise_username;
ELSE
open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
END IF;
return resultSet;
end;
END;
6. تكوين الإجراءات على ISE والحفظ
7. عد إلى علامة التبويب "الاتصال" وانقر فوق الزر "إختبار الاتصال"
الخطوة 4. تكوين إسترداد المجموعة
1. قم بإنشاء جداول تحتوي على مجموعات مستخدمين وجداول أخرى مستخدمة لتعيين متعدد إلى متعدد
--------------------------------------------------------
-- DDL for Table GROUPS
--------------------------------------------------------
CREATE TABLE "ISE"."GROUPS"
( "GROUP_ID" NUMBER(*,0) GENERATED ALWAYS AS IDENTITY MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE NOKEEP NOSCALE ,
"GROUP_NAME" VARCHAR2(255 BYTE),
"DESCRIPTION" CLOB
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS"
LOB ("DESCRIPTION") STORE AS SECUREFILE (
TABLESPACE "USERS" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(INITIAL 106496 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)) ;
--------------------------------------------------------
-- DDL for Table USER_GROUPS_MAPPING
--------------------------------------------------------
CREATE TABLE "ISE"."USER_GROUPS_MAPPING"
( "USER_ID" NUMBER(*,0),
"GROUP_ID" NUMBER(*,0)
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index GROUPS_PK
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."GROUPS_PK" ON "ISE"."GROUPS" ("GROUP_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index USER_GROUPS_MAPPING_UK1
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."USER_GROUPS_MAPPING_UK1" ON "ISE"."USER_GROUPS_MAPPING" ("USER_ID", "GROUP_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255 COMPUTE STATISTICS
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- Constraints for Table GROUPS
--------------------------------------------------------
ALTER TABLE "ISE"."GROUPS" MODIFY ("GROUP_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."GROUPS" MODIFY ("GROUP_NAME" NOT NULL ENABLE);
ALTER TABLE "ISE"."GROUPS" ADD CONSTRAINT "GROUPS_PK" PRIMARY KEY ("GROUP_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
--------------------------------------------------------
-- Constraints for Table USER_GROUPS_MAPPING
--------------------------------------------------------
ALTER TABLE "ISE"."USER_GROUPS_MAPPING" MODIFY ("USER_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."USER_GROUPS_MAPPING" MODIFY ("GROUP_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."USER_GROUPS_MAPPING" ADD CONSTRAINT "USER_GROUPS_MAPPING_UK1" UNIQUE ("USER_ID", "GROUP_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255 COMPUTE STATISTICS
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
من واجهة المستخدم الرسومية:
2. إضافة مجموعات وتعيينات، بحيث ينتمي أليس و بوب إلى مستخدمي المجموعة ينتمي المسؤول إلى مسؤولي المجموعة
-- Adding groups
INSERT INTO "ISE"."GROUPS" (GROUP_NAME, DESCRIPTION) VALUES ('Admins', 'Group for administrators')
INSERT INTO "ISE"."GROUPS" (GROUP_NAME, DESCRIPTION) VALUES ('Users', 'Corporate users')
-- Alice and Bob are users
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('1', '2')
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('2', '2')
-- Admin is in Admins group
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('3', '1')
3. إنشاء إجراء إسترداد مجموعة. تقوم بإرجاع كافة المجموعات إذا كان اسم المستخدم هو "*"
create or replace function ISEGROUPSH
(
ise_username IN VARCHAR2,
ise_result OUT int
) return sys_refcursor as
BEGIN
declare
c integer;
userid integer;
resultSet SYS_REFCURSOR;
begin
IF ise_username = '*' then
ise_result := 0;
open resultSet for select GROUP_NAME from GROUPS;
ELSE
select count(*) into c from USERS where USERS.USERNAME = ise_username;
select USER_ID into userid from USERS where USERS.USERNAME = ise_username;
IF c > 0 then
ise_result := 0;
open resultSet for select GROUP_NAME from GROUPS where GROUP_ID IN ( SELECT m.GROUP_ID from USER_GROUPS_MAPPING m where m.USER_ID = userid );
ELSE
ise_result := 3;
open resultSet for select 0 from dual where 1=2;
END IF;
END IF;
return resultSet;
end;
END ;
4. قم بتخطيطها لإحضار المجموعات
5. إحضار المجموعات وإضافتها إلى مصدر هوية ODBC
حدد المجموعات المطلوبة وانقر فوق موافق، وستظهر في علامة التبويب مجموعات
الخطوة 5. تكوين إسترداد السمات
1. من أجل تبسيط هذا المثال، يتم إستخدام جدول مسطح للسمات
--------------------------------------------------------
-- DDL for Table ATTRIBUTES
--------------------------------------------------------
CREATE TABLE "ISE"."ATTRIBUTES"
( "USER_ID" NUMBER(*,0),
"ATTR_NAME" VARCHAR2(255 BYTE),
"VALUE" VARCHAR2(255 BYTE)
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index ATTRIBUTES_PK
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."ATTRIBUTES_PK" ON "ISE"."ATTRIBUTES" ("ATTR_NAME", "USER_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- Constraints for Table ATTRIBUTES
--------------------------------------------------------
ALTER TABLE "ISE"."ATTRIBUTES" MODIFY ("USER_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."ATTRIBUTES" MODIFY ("ATTR_NAME" NOT NULL ENABLE);
ALTER TABLE "ISE"."ATTRIBUTES" ADD CONSTRAINT "ATTRIBUTES_PK" PRIMARY KEY ("ATTR_NAME", "USER_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
من واجهة المستخدم الرسومية:
2. إنشاء بعض السمات للمستخدمين
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('3', 'SecurityLevel', '15')
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('1', 'SecurityLevel', '5')
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('2', 'SecurityLevel', '10')
3. قم بإنشاء إجراء. كما هو الحال مع إسترجاع المجموعات، فإنها سترجع كل السمات المميزة إذا كان اسم المستخدم هو "*"
create or replace function ISEATTRSH
(
ise_username IN VARCHAR2,
ise_result OUT int
) return sys_refcursor as
BEGIN
declare
c integer;
userid integer;
resultSet SYS_REFCURSOR;
begin
IF ise_username = '*' then
ise_result := 0;
open resultSet for select DISTINCT ATTR_NAME, '0' as "VAL" from ATTRIBUTES;
ELSE
select count(*) into c from USERS where USERS.USERNAME = ise_username;
select USER_ID into userid from USERS where USERS.USERNAME = ise_username;
if c > 0 then
ise_result := 0;
open resultSet for select ATTR_NAME, VALUE from ATTRIBUTES where USER_ID = userid;
ELSE
ise_result := 3;
open resultSet for select 0 from dual where 1=2;
END IF;
END IF;
return resultSet;
end;
END ;
4. قم بتخطيطها لإحضار السمات
5. إحضار السمات
حدد خصائص وانقر موافق.
الخطوة 6. تكوين سياسات المصادقة/التخويل
في هذا المثال، تم تكوين سياسات التخويل البسيطة التالية:
سيتم رفض المستخدمين الذين لديهم SecurityLevel = 5.
الخطوة 7. إضافة Oracle ODBC إلى تسلسلات مصدر الهوية
انتقل إلى إدارة > إدارة الهوية > تسلسلات مصدر الهوية، حدد التسلسل الخاص بك وقم بإضافة ODBC إلى التسلسل:
احفظه.
التحقق من الصحة
يجب أن تكون الآن قادرا على مصادقة المستخدمين مقابل ODBC الآن واسترداد مجموعاتهم وسماتهم.
سجلات RADIUS المباشرة
قم بإجراء بعض عمليات المصادقة وانتقل إلى العمليات > RADIUS > السجلات المباشرة
كما ترى، المستخدم Alice لديه SecurityLevel = 5، وبالتالي تم رفض الوصول.
تقرير مفصل
انقر فوق تقرير التفاصيل في عمود التفاصيل للجلسة المثيرة للاهتمام للتحقق من التدفق.
التقرير التفصيلي للمستخدم Alice (رفض بسبب انخفاض مستوى الأمان):
استكشاف الأخطاء وإصلاحها
إذا لم يكن الاتصال ناجحا على الأمر ISE Use show application logging prt-management.log tail أثناء محاولة الاتصال.
تم إستخدام بيانات اعتماد غير صحيحة
2017-08-08 16:50:47,851 WARN [admin-http-pool11][] cisco.cpm.odbcidstore.impl.OracleDbAccess -:admin::- Connection to ODBC DB failed. Exception: java.sql.SQLException: ORA-01017: invalid username/password
; logon denied
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:600)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:445)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
...
اسم DB غير صحيح (اسم الخدمة)
2017-08-08 10:53:12,002 WARN [admin-http-pool2][] cisco.cpm.odbcidstore.impl.OracleDbAccess -:admin::- Connection to ODBC DB failed. Exception: java.sql.SQLException: Listener refused the connection with
the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:536)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at com.cisco.cpm.odbcidstore.impl.OracleDbAccess.connect(OracleDbAccess.java:42)
أستكشاف أخطاء مصادقة المستخدمين وإصلاحها
لاستكشاف أخطاء عمليات DB وإصلاحها، قم بتمكين مكونات التسجيل odbc-id-store إلى مستوى تصحيح الأخطاء تحت الإدارة > النظام > التسجيل > تكوين سجل التصحيح.
يتم وضع السجلات في ملف prrt-management.log.
مثال إخراج لأليس:
2017-08-08 16:56:32,403 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Authenticate Plain Text Password. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf
96x6eiTpiEMIfkUBybDj7jY
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24852
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Authenticate plain text password
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEAUTH_R
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Using recordset to obtain stored procedure result values
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24855
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEAUTH_R(?, ?)}
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice, password=***
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,412 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,412 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Obtain stored procedure results from recordset
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, number of columns=4
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcAuthResult -:::- Authentication result: code=0, Conection succeeded=false, odbcDbErrorString=no error, odbcStoredProcedureCusto
merErrorString=null, accountInfo=good user, group=11
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24853
2017-08-08 16:56:32,425 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEMIf
kUBybDj7jY
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Fetch user groups. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEMIfkU
BybDj7jY
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24869
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetch user groups
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEGROUPSH
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEGROUPSH(?,?)}
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,434 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, total number of columns=1
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- According to column number expect multiple rows (vertical attributes/groups retured result)
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetched data: ExternalGroup=Users
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Result code indicates success
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24870
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Got groups...
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Got groups(0) = Users
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Setting Internal groups(0) = Users
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Username=alice, ExternalGroups=[Users]
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Fetch user attributes. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEM
IfkUBybDj7jY
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24872
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetch user attributes
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEATTRSH
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEATTRSH(?,?)}
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, total number of columns=2
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- According to column number expect multiple rows (vertical attributes/groups retured result)
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetched data: SecurityLevel=5
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Result code indicates success
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24873
2017-08-08 16:56:32,438 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user attrs. Username=alice, Setting OracleDB.SecurityLevel to 5
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Lookup. Username=alice, SessionID=ise23-3:userauth7
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24865
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Lookup
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISELOOKUP_R
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Using recordset to obtain stored procedure result values
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24855
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISELOOKUP_R(?)}
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:35,294 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:35,294 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Obtain stored procedure results from recordset
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, number of columns=4
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcAuthResult -:::- Authentication result: code=0, Conection succeeded=false, odbcDbErrorString=no error, odbcStoredProcedureCusto
merErrorString=null, accountInfo=good user, group=11
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24866
التعليقات