08-12-2010 07:26 AM - edited 03-10-2019 05:19 PM
Hi. We're having some trouble importing users via the csv import into our new ACS 5.0.0.21 install.
I downloaded the template from the "Import" page and wrote a script that populated the .csv with all of the required data but it seems to fail every time on the Identity Group.
At first I thought it was because the groups weren't in the system already so I manually added each group. I retried the import and it still fails with the message:
2010-08-12 05:56:47: Record number: 1, Internal User <userid>: Import Failed
2010-08-12 05:56:47: <userid>: Referenced object not found
IdentityGroup:<Group Name>.
This repeats for every user and the group name changes based on the group we need to add them to.
From what I can see, there aren't any additional line breaks or extra characters anywhere in the csv file so I don't understand what could possibly be causing the import to fail.
Any insight would be appreciated.
Thanks!
Solved! Go to Solution.
08-12-2010 12:37 PM
You need to have the full path of the identity groups. Since it is hierarchical it includes all names
of parent nodes separated by :. For example if you created "Test Group" under "All Groups"
then string for import file would appear as:
dave,,TRUE,FALSE,1234,,All Groups:Test Group
08-12-2010 07:45 AM
First I do recommend upgrading to ACS 5.1 when you have a chance. ACS 5.1 has richer functionality in the area of import (add/modify/delete) and also provides export capabilities
I do not have access to an ACS 5.0 system. However, the following file works for me in ACS 5.1 (assuming you have no internal user attributes defined)
name:String(64):Required,description:String(1024),"enabled:Boolean(true,false):Required","changePassword:Boolean(true,false):Required",password:String(32):Required,enablePassword:String(32),UserIdentityGroup:String(256)
dave,,TRUE,FALSE,1234,,All Groups
first line is header; second is data. This corresponds to:
name: dave
description:
enabled: TRUE
changePassword: FALSE
password: 1234
enablePassword:
UserIdentityGroup: All groups (this is default defined roup)
08-12-2010 08:01 AM
Thanks for the response. The csv you posted is pretty much what we've been trying:
name:String(64):Required,description:String(1024),"enabled:Boolean(true,false):Required","changePassword:Boolean(true,false):Required",password:String(32):Required,enablePassword:String(32),UserIdentityGroup:String(256)
userid,,true,true,password,,Test Group
That fails when we try to import it into our system, citing an error with the Identiy Group.
08-12-2010 12:37 PM
You need to have the full path of the identity groups. Since it is hierarchical it includes all names
of parent nodes separated by :. For example if you created "Test Group" under "All Groups"
then string for import file would appear as:
dave,,TRUE,FALSE,1234,,All Groups:Test Group
08-12-2010 01:11 PM
Thank you!
That did the trick. I've been all over the documentation (or so I thought) and never saw this mentioned.
You wouldn't happen to know an easy way of upgrading to 5.1, would you? We've always run our own homegrown TACACS+ servers. This is the first time we've ever messed with ACS.
Thanks again!
08-14-2010 04:38 PM
There are two ways to do this
1) Install two patches followed by an upgrade to 5.1
2) Backup 5.0 data, reimage server to 5.1 and then restore the backup of 5.0 data
Can't really comment which is easier. More details on each of the options below
Option 1) Install two patches followed by application upgrade
there are a couple patches that need to be installed before upgrading to 5.1
1) ACS 5.0 patch 9. On CCO: 5-0-0-21-9.tar.gpg
2) ADE-OS version 1.2 /// upgrades operating system version. On CCO: ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg
Both these steps use the following command "acs patch install patch-name.tar.gpg repository repository-name "
Then can perform the upgrade to 5.1 using following command:
application upgrade application-bundle remote-repository-name
All the patches/upgrade bundles can be downloaded from CCO. 5.1 package is called "ACS_5.1.0.44.tar.gz"
More detailed documentation is at:
Option 2) Backup/Restore Option
Step 2 Perform Reimaging the ACS Server, page 5-6.
ACS upgrades the ADE-OS to 1.2 and ACS to 5.1.
Step 3 Restore the ADE-OS and ACS configuration data to the ACS 5.1 server:
Issue the restore command in the EXEC mode to restore the backup taken earlier:
restore filename repository repository-name
While ACS restores the 5.0 configuration data, it begins to convert and upgrade the ACS 5.0 Monitoring and Report Viewer data to the 5.1 format.
In Boh case the folloiwng steps should be performed to monitor status of upgrade
Step 4 To monitor the status of the data upgrade, from the Monitoring and Report Viewer, choose Monitoring Configuration > System Operations > Data Upgrade Status.
The Data Upgrade Status page appears with the following information:
•Progress—Indicates the progress of the Monitoring and Report Viewer data upgrade.
•Status—Indicates whether the Monitoring and Report Viewer data upgrade is complete or not. ACS displays the following message when the upgrade is complete:
The View database conversion is complete.
Step 5 After the data upgrade status is complete, click Switch Database.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide