This document talks about a scenario where user has to implemet RDBMS Sync in Cisco ACS.
Whats is RDBMS?
RDBMS stands for Relational Database Management System. It can be defined as a system which empowers the user to create, update and easy administration of a relational database.Structured Query Language (SQL) is most commonly used to access the database.
RDBMS identify and read information in form of "tables".Each table is identified with the help of "unique identifier" or "primary key". Remaining tables are connected or related to each other using "foreign keys". A foreign key can be defined as primary key attached to every table.
"Student ID" is primary key (PK) for one table but foreign key (FK) for other tables.
The Relational Database Management Systems (RDBMS) synchronization feature updates the CiscoSecure user database with information from an Open Database Connectivity (ODBC)-compliant data source. The ODBC-compliant data source can be the RDBMS database of a third-party application. It can also be an intermediate file or database that a third-party system updates. Regardless of where the file or database resides, Cisco Secure ACS for Windows (ACS) reads the file or database through the ODBC connection. RDBMS synchronization can also be regarded as an Application Program Interface (API) of much of what can be configured for a user, group, or device through the ACS HTML interface. Alternatively, it is possible to maintain the group through this feature. RDBMS synchronization supports addition, modification, and deletion for all data items it can access.
Synchronization can be configured to occur at regular intervals. Synchronizations can be performed manually, in which case the Cisco Secure user database is updated on demand.
Synchronization performed by a single ACS can update the internal databases of other ACSes, so that the RDBMS Synchronization configuration only needs to take place on one ACS. ACSes listen on TCP port 2000 for synchronization data. RDBMS Synchronization communication between ACSes is encrypted with a 128-bit encrypted, proprietary algorithm.
To perform RDBMS synchronization, follow this procedure:
Create an accountactions.csv file and save it to C:\Program Files\CiscoSecure ACSvx.x\CSDBSync\Databases\CSV (the assumption is a default installation of ACS).
Note:The order of the fields is very important for the RDBMS synchronization. The basic format for the accountactions.csv file is SequenceId, Priority, UserName, GroupName, Action, ValueName, Value1, Value2, Value3, DateTime, Message No., ComputerNames, AppId, Status.
The sequence ID is any unique number because ACS usually starts to apply the codes with highest priority and then lowest ID. This is why the sequence ID must be unique for all the entries, as shown in this example:
Access the HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAvx.x\CSDBSync key.
Change the OdbcUpdateTable value from AccountActions to accountactions.csv.
Save the changes to the registry.
Note:Failure to perform this procedure results in the [Microsoft][ODBC Text Driver] Cannot update. Database or object is read-onlyerror message.
Synchronization cannot be performed with a relational database table after the OdbcUpdateTable value has been changed to accountactions.csv. To do so, change the OdbcUpdateTable value back to AccountActions.
Configure a System Data Source Name for RDBMS synchronization with these steps:
Go to Administrative Tools > Data Sources (ODBC).
Choose the System DSN tab and click Add.
Choose Microsoft Text Driver(*.txt,*.csv) and click Finish.
Enter a name in the Data Source Name field and a description in the Description field.
Uncheck Use Current Directory and click Select Directory.
Browse to the C:\Program Files\CiscoSecure ACS vx.x\CSDBSync\Databases\CSV directory and click OK.
Click on the Options button and then the Define Format button.
Click on accountactions.csv and then OK.
Click OK if the Failed to save table attributes of (null) into (null)message is received.
Click OK, and then OK again.
Configure ACS to use an ODBC Data Source with these steps:
Go to Interface Configuration > Advanced Options.
Check the RDBMS Synchronization checkbox and click Submit.
Go to System Configuration > RDBMS Synchronization.
Choose the newly created ODBC Data Source from the dropdown list.
Keep the username and password fields empty.
Synchronization scheduling must be set to Manually.
Make sure the server is listed in the Synchronize column of the Synchronization Partners section and click Submit.
Go back into RDBMS Synchronization and click Synchronize Now. Ideally, the updates now take place.
Note:Unlike other methods of RDBMS synchronization, the lines are not deleted from the .csv file as they are added to the CSDB. This is because the MS ODBC text driver has read-only access. If ACS version 3.0 is run, it may be necessary to change the [accountactions] line in the C:\Program Files\CiscoSecure ACS vx.x\CSDBSync\Databases\CSV\schema.ini file to [accountactions.csv].
Note:RDBMS synchronization attempts made using the text driver with ACS installed on the Win2k Advanced Server do not work. These attempts most likely result in the the ;[Microsoft][ODBC Text Driver] Text file specification field separator matches decimal separator or text delimiterserror message.