使用Oracle資料庫在ISE 2.3上配置ODBC
目錄
簡介
本文檔介紹如何使用Oracle資料庫配置身份服務引擎(ISE),以便使用開放資料庫連線(ODBC)進行ISE身份驗證。
開放式資料庫連線(ODBC)身份驗證要求ISE能夠獲取純文字檔案使用者密碼。密碼可以在資料庫中加密,但必須通過儲存過程解密。
必要條件
需求
思科建議您瞭解以下主題:
- 思科身分識別服務引擎2.3
- 資料庫和ODBC概念
- Oracle
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- 身分識別服務引擎2.3.0.298
- Centos 7
- Oracle資料庫12.2.0.1.0
- Oracle SQL Developer 4.1.5
設定
步驟1. Oracle基本配置
在此示例中,Oracle配置了以下引數:
- 資料庫名稱:ORCL
- 服務名稱:orcl.vkumov.local
- 連接埠:1521(預設)
- 已使用使用者名稱ise為ISE建立帳戶
配置Oracle資料庫,然後繼續操作。
步驟2. ISE基本配置
在Administration > External Identity Source > ODBC處建立ODBC身份源並測試連線:
步驟3.配置使用者身份驗證
ODBC的ISE身份驗證使用儲存過程。可以選擇過程型別。在本示例中,我們使用記錄集作為返回。
有關其他步驟,請參閱思科身份服務引擎管理員指南2.3版
1.使用使用者憑據建立表。請確保在主鍵上設定身份設定。
--------------------------------------------------------
-- DDL for Table USERS
--------------------------------------------------------
CREATE TABLE "ISE"."USERS"
( "USER_ID" NUMBER(*,0) GENERATED ALWAYS AS IDENTITY MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE NOKEEP NOSCALE ,
"USERNAME" VARCHAR2(120 BYTE),
"PASSWORD" VARCHAR2(120 BYTE)
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index USERS_PK
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."USERS_PK" ON "ISE"."USERS" ("USER_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- Constraints for Table USERS
--------------------------------------------------------
ALTER TABLE "ISE"."USERS" MODIFY ("USER_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."USERS" MODIFY ("USERNAME" NOT NULL ENABLE);
ALTER TABLE "ISE"."USERS" MODIFY ("PASSWORD" NOT NULL ENABLE);
ALTER TABLE "ISE"."USERS" ADD CONSTRAINT "USERS_PK" PRIMARY KEY ("USER_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
或者從SQL Developer GUI:
2.新增使用者
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('alice', 'password1')
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('bob', 'password1')
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('admin', 'password1')
3.建立純文字檔案密碼身份驗證過程(用於PAP、EAP-GTC內部方法、TACACS)
create or replace function ISEAUTH_R
(
ise_username IN VARCHAR2,
ise_userpassword IN VARCHAR2
) return sys_refcursor AS
BEGIN
declare
c integer;
resultSet SYS_REFCURSOR;
begin
select count(*) into c from USERS where USERS.USERNAME = ise_username and USERS.PASSWORD = ise_userpassword;
if c > 0 then
open resultSet for select 0 as code, 11, 'good user', 'no error' from dual;
ELSE
open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
END IF;
return resultSet;
end;
END ISEAUTH_R;
4.建立純文字檔案密碼提取過程(用於CHAP、MSCHAPv1/v2、EAP-MD5、LEAP、EAP-MSCHAPv2內部方法、TACACS)
create or replace function ISEFETCH_R
(
ise_username IN VARCHAR2
) return sys_refcursor AS
BEGIN
declare
c integer;
resultSet SYS_REFCURSOR;
begin
select count(*) into c from USERS where USERS.USERNAME = ise_username;
if c > 0 then
open resultSet for select 0, 11, 'good user', 'no error', password from USERS where USERS.USERNAME = ise_username;
DBMS_OUTPUT.PUT_LINE('found');
ELSE
open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
DBMS_OUTPUT.PUT_LINE('not found');
END IF;
return resultSet;
end;
END;
5.建立檢查使用者名稱或電腦存在的過程(用於MAB、PEAP快速重新連線、EAP-FAST和EAP-TTLS)
create or replace function ISELOOKUP_R
(
ise_username IN VARCHAR2
) return sys_refcursor AS
BEGIN
declare
c integer;
resultSet SYS_REFCURSOR;
begin
select count(*) into c from USERS where USERS.USERNAME = ise_username;
if c > 0 then
open resultSet for select 0, 11, 'good user', 'no error' from USERS where USERS.USERNAME = ise_username;
ELSE
open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
END IF;
return resultSet;
end;
END;
6.在ISE上配置過程並儲存
7.返回「連線」頁籤,然後按一下「測試連線」按鈕
步驟4.配置組檢索
1.建立包含使用者組和用於多對多對映的另一使用者組的表
--------------------------------------------------------
-- DDL for Table GROUPS
--------------------------------------------------------
CREATE TABLE "ISE"."GROUPS"
( "GROUP_ID" NUMBER(*,0) GENERATED ALWAYS AS IDENTITY MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE NOKEEP NOSCALE ,
"GROUP_NAME" VARCHAR2(255 BYTE),
"DESCRIPTION" CLOB
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS"
LOB ("DESCRIPTION") STORE AS SECUREFILE (
TABLESPACE "USERS" ENABLE STORAGE IN ROW CHUNK 8192
NOCACHE LOGGING NOCOMPRESS KEEP_DUPLICATES
STORAGE(INITIAL 106496 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)) ;
--------------------------------------------------------
-- DDL for Table USER_GROUPS_MAPPING
--------------------------------------------------------
CREATE TABLE "ISE"."USER_GROUPS_MAPPING"
( "USER_ID" NUMBER(*,0),
"GROUP_ID" NUMBER(*,0)
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index GROUPS_PK
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."GROUPS_PK" ON "ISE"."GROUPS" ("GROUP_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index USER_GROUPS_MAPPING_UK1
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."USER_GROUPS_MAPPING_UK1" ON "ISE"."USER_GROUPS_MAPPING" ("USER_ID", "GROUP_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255 COMPUTE STATISTICS
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- Constraints for Table GROUPS
--------------------------------------------------------
ALTER TABLE "ISE"."GROUPS" MODIFY ("GROUP_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."GROUPS" MODIFY ("GROUP_NAME" NOT NULL ENABLE);
ALTER TABLE "ISE"."GROUPS" ADD CONSTRAINT "GROUPS_PK" PRIMARY KEY ("GROUP_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
--------------------------------------------------------
-- Constraints for Table USER_GROUPS_MAPPING
--------------------------------------------------------
ALTER TABLE "ISE"."USER_GROUPS_MAPPING" MODIFY ("USER_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."USER_GROUPS_MAPPING" MODIFY ("GROUP_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."USER_GROUPS_MAPPING" ADD CONSTRAINT "USER_GROUPS_MAPPING_UK1" UNIQUE ("USER_ID", "GROUP_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255 COMPUTE STATISTICS
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
在 GUI 上:
2.新增組和對映,以便alice和bob屬於組Users,而admin屬於組Admins
-- Adding groups
INSERT INTO "ISE"."GROUPS" (GROUP_NAME, DESCRIPTION) VALUES ('Admins', 'Group for administrators')
INSERT INTO "ISE"."GROUPS" (GROUP_NAME, DESCRIPTION) VALUES ('Users', 'Corporate users')
-- Alice and Bob are users
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('1', '2')
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('2', '2')
-- Admin is in Admins group
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('3', '1')
3.建立組檢索過程。如果使用者名稱是「*」,則返回所有組
create or replace function ISEGROUPSH
(
ise_username IN VARCHAR2,
ise_result OUT int
) return sys_refcursor as
BEGIN
declare
c integer;
userid integer;
resultSet SYS_REFCURSOR;
begin
IF ise_username = '*' then
ise_result := 0;
open resultSet for select GROUP_NAME from GROUPS;
ELSE
select count(*) into c from USERS where USERS.USERNAME = ise_username;
select USER_ID into userid from USERS where USERS.USERNAME = ise_username;
IF c > 0 then
ise_result := 0;
open resultSet for select GROUP_NAME from GROUPS where GROUP_ID IN ( SELECT m.GROUP_ID from USER_GROUPS_MAPPING m where m.USER_ID = userid );
ELSE
ise_result := 3;
open resultSet for select 0 from dual where 1=2;
END IF;
END IF;
return resultSet;
end;
END ;
4.將其對映到提取組
5.獲取組並將其新增到ODBC身份源
選擇所需的組並按一下「確定」,這些組將顯示在「組」頁籤上
步驟5.配置屬性檢索
1.為了簡化此示例,將平面表用於屬性
--------------------------------------------------------
-- DDL for Table ATTRIBUTES
--------------------------------------------------------
CREATE TABLE "ISE"."ATTRIBUTES"
( "USER_ID" NUMBER(*,0),
"ATTR_NAME" VARCHAR2(255 BYTE),
"VALUE" VARCHAR2(255 BYTE)
) SEGMENT CREATION IMMEDIATE
PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255
NOCOMPRESS LOGGING
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- DDL for Index ATTRIBUTES_PK
--------------------------------------------------------
CREATE UNIQUE INDEX "ISE"."ATTRIBUTES_PK" ON "ISE"."ATTRIBUTES" ("ATTR_NAME", "USER_ID")
PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ;
--------------------------------------------------------
-- Constraints for Table ATTRIBUTES
--------------------------------------------------------
ALTER TABLE "ISE"."ATTRIBUTES" MODIFY ("USER_ID" NOT NULL ENABLE);
ALTER TABLE "ISE"."ATTRIBUTES" MODIFY ("ATTR_NAME" NOT NULL ENABLE);
ALTER TABLE "ISE"."ATTRIBUTES" ADD CONSTRAINT "ATTRIBUTES_PK" PRIMARY KEY ("ATTR_NAME", "USER_ID")
USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255
STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
TABLESPACE "USERS" ENABLE;
在 GUI 上:
2.為使用者建立一些屬性
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('3', 'SecurityLevel', '15')
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('1', 'SecurityLevel', '5')
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('2', 'SecurityLevel', '10')
3.建立過程。與組檢索相同,如果使用者名稱是「*」,它將返回所有不同的屬性
create or replace function ISEATTRSH
(
ise_username IN VARCHAR2,
ise_result OUT int
) return sys_refcursor as
BEGIN
declare
c integer;
userid integer;
resultSet SYS_REFCURSOR;
begin
IF ise_username = '*' then
ise_result := 0;
open resultSet for select DISTINCT ATTR_NAME, '0' as "VAL" from ATTRIBUTES;
ELSE
select count(*) into c from USERS where USERS.USERNAME = ise_username;
select USER_ID into userid from USERS where USERS.USERNAME = ise_username;
if c > 0 then
ise_result := 0;
open resultSet for select ATTR_NAME, VALUE from ATTRIBUTES where USER_ID = userid;
ELSE
ise_result := 3;
open resultSet for select 0 from dual where 1=2;
END IF;
END IF;
return resultSet;
end;
END ;
4.將其對映到Fetch屬性
5.提取屬性
選擇屬性並按一下確定。
步驟6.配置身份驗證/授權策略
在此示例中,配置了以下簡單授權策略:
SecurityLevel = 5的使用者將被拒絕。
步驟7.將Oracle ODBC新增到身份源序列
導航到Administration > Identity Management > Identity Source Sequences,選擇序列並將ODBC新增到序列:
儲存它。
驗證
現在,您應該能夠根據ODBC驗證使用者並檢索其組和屬性。
RADIUS即時日誌
執行一些身份驗證並導航到操作> RADIUS >即時日誌
您可以看到,使用者Alice的SecurityLevel = 5,因此訪問被拒絕。
詳細報表
按一下相關會話的Details列中的Detail報告以檢查流。
使用者Alice的詳細報告(由於安全級別低而被拒絕):
疑難排解
如果在ISE上連線不成功,請在嘗試連線時使用命令show logging application prrt-management.log tail。
使用的憑據不正確
2017-08-08 16:50:47,851 WARN [admin-http-pool11][] cisco.cpm.odbcidstore.impl.OracleDbAccess -:admin::- Connection to ODBC DB failed. Exception: java.sql.SQLException: ORA-01017: invalid username/password
; logon denied
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:600)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:445)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
...
錯誤的資料庫名稱(服務名稱)
2017-08-08 10:53:12,002 WARN [admin-http-pool2][] cisco.cpm.odbcidstore.impl.OracleDbAccess -:admin::- Connection to ODBC DB failed. Exception: java.sql.SQLException: Listener refused the connection with
the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:536)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at com.cisco.cpm.odbcidstore.impl.OracleDbAccess.connect(OracleDbAccess.java:42)
排除使用者身份驗證故障
為了對DB操作進行故障排除,請在管理>系統>日誌記錄>調試日誌配置下啟用日誌記錄元件odbc-id-store到DEBUG級別。
日誌放在prrt-management.log檔案中。
alice的輸出示例:
2017-08-08 16:56:32,403 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Authenticate Plain Text Password. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf
96x6eiTpiEMIfkUBybDj7jY
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24852
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Authenticate plain text password
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,409 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEAUTH_R
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Using recordset to obtain stored procedure result values
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24855
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEAUTH_R(?, ?)}
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice, password=***
2017-08-08 16:56:32,410 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,412 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,412 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Obtain stored procedure results from recordset
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, number of columns=4
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcAuthResult -:::- Authentication result: code=0, Conection succeeded=false, odbcDbErrorString=no error, odbcStoredProcedureCusto
merErrorString=null, accountInfo=good user, group=11
2017-08-08 16:56:32,413 DEBUG [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24853
2017-08-08 16:56:32,425 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEMIf
kUBybDj7jY
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Fetch user groups. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEMIfkU
BybDj7jY
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24869
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetch user groups
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEGROUPSH
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEGROUPSH(?,?)}
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:32,431 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,434 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, total number of columns=1
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- According to column number expect multiple rows (vertical attributes/groups retured result)
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetched data: ExternalGroup=Users
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Result code indicates success
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24870
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Got groups...
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Got groups(0) = Users
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Setting Internal groups(0) = Users
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Username=alice, ExternalGroups=[Users]
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Fetch user attributes. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEM
IfkUBybDj7jY
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24872
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetch user attributes
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEATTRSH
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEATTRSH(?,?)}
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:32,435 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, total number of columns=2
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- According to column number expect multiple rows (vertical attributes/groups retured result)
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetched data: SecurityLevel=5
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Result code indicates success
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,437 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24873
2017-08-08 16:56:32,438 DEBUG [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user attrs. Username=alice, Setting OracleDB.SecurityLevel to 5
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Lookup. Username=alice, SessionID=ise23-3:userauth7
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24865
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Lookup
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISELOOKUP_R
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Using recordset to obtain stored procedure result values
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24855
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISELOOKUP_R(?)}
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:35,292 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:35,294 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:35,294 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Obtain stored procedure results from recordset
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, number of columns=4
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcAuthResult -:::- Authentication result: code=0, Conection succeeded=false, odbcDbErrorString=no error, odbcStoredProcedureCusto
merErrorString=null, accountInfo=good user, group=11
2017-08-08 16:56:35,295 DEBUG [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24866
意見