RDBMS Synchronization Import Definitions

Similar Messages

• RDBMS Synchronization problem in ACS Appliance 3.3

  Hi,
  I was adding multiple AAA Clients on ACS Appliance using RDBMS Synchronization option I followed the complete steps but failed to synchronize accountActions.csv file on ACS my ftp server is working fine and returned the logs saying "accountActions.csv file read recieved file successfully size 0 bytes 0.00 kbps" and RDBMS synchronization logs ACS reported as "No import CSV file on ftp server - nothing to process" I have attached related screen shots. Any help on this issue will be highly appreciated.
  Thanks in advance
  Best Regards,
  Ahmed

  The format of the accountsaction.csv file is incorrect as a result of which the RDBMS Synchronization is not executed correctly.
  I have attached a sample accountsAction.csv file for you.
  (i) The AAA Client C7609-X with the ip address 10.10.10.10 has been added with the shared secret key as mikey and is is registered with TACACS+
  (ii) The NDG michasisX has been added.
  (iii) The device C7609-X has been added to the NDG michasisX
  Place the file in the FTP and try performing an RDBMS synchronization. Restart the ACS services.
  Then you can add the devices as per the sample file attached.
  Also check if the file name is exactly the same in the RDBMS Synchronization page in the ACS
  Hope this helps,
  Soumya

• RDBMS Synchronization Options

  I use Cisco ACS 3.3 version. When i want to configure RDBMS Synchronization i can't see the table "FTP Setup Options". I needed this table to configure FTP with the purpose of adding some user options.
  Somebody knows the solution for this problem ?

  Although not strictly supported you can make the software image run like the appliance
  csutil -setPlatform appliance
  This will then enable the appliance features

• RDBMS Synchronization

  The user guide for ACS for Windows ver4.0 states that Cisco ACS can use RDBMS to synchronize its database with a third party RDBMS system and only one primary ACS server needs to interact with the third party system and the other ACSs in the network can be updated by this primary ACS using RDBMS synchronization.
  However, like many other features that suppose to work (e.g. domain stripping for MS AD) this too does not seem to work and there is no detailed documentation on how it actually does it.
  The procedure stated in user guide fails and there are gaps in the documentation.
  Can someone refer to any documentation other than the User Guide for instructions/details of this functionality?
  Thanks in advance.

  I think the easiest solution is to have a single ACS that is populated via RDBMS Sync. This ACS becomes the replication "master" that then pushes its config down to a set of "slaves".
  That is the easiest method but replication is a destructive write onto the slave - so you may choose not to do this.
  An alternative is to use the Sync Partners config (part of RDBMS Sync) which attemtps to process actions in the sync table on multiple ACSs. For this to work you need the "other" ACSs to have the RDBMS Sync'ing ACS server in their network config db.
  You need to make sure that ACS can write to the transaction table too (note CSV datasources no good) in case one of the other ACSs is down.
  If you're having problems check the rdbms sync CSV & service log on the "master" ACS and the csauth service log on the "slave" for errors.

• Need help on Query Criteria for GET Import Definition.

  Hi,
  For GET Contact Import Definition, I tried to hit URI /contacts/imports?q="id<50" and I received totalRecords=30.
  In same way, I tried to hit URI /contacts/imports?q="id<50" OR "id=8", Eloqua returned totalResults=1 whose id=8.
  But expected result was fetching all records where id is less than 50.
  Why only second criteria worked in this case? Am I missing something here?
  Thanks

  Add the NOCYCLE clause to your connect by statement CONNECT BY NOCYCLE PRIOR
  You also might want to add the organization ID into your join.

• RDBMS Synchronization with a .CSV file

  Good morning. I am trying to create a testable .csv file that I can import into our ACS on a prescheduled basis.
  Here are my questions about this process:
  1. Do I need to use the PASS_Expire action or is there a STOP_DATE? I have looked at the codes and didn't really see one.
  2. Is there a way that I can extract a copy of the dump.txt or get my actual database exported to a different system?
  3. What are the group's recommendations on synchronization? Are there some lesson's learned I should look out for?
  Thanks
  Dwane

  can you help me add vendor UDV and attributs to ACS.
  I tried it it showing me UDV, but getting a error RDBMS report for one attribut.
  when v3 is integer
  Error: ACS 'ACS_A1' Action failed [SI=6 A=352 UN="" GN="" AI="" VN="Login-Service" V1="2011" V2="10" V3="integer"] Reason: UDV VSA error - User Defined Vendor/VSA operation failed (VSA name not unique)
  when v3 is string
  Error: ACS 'rdevid-4eafe3cf' Action failed [SI=6 A=352 UN="" GN="" AI="" VN="Login-Service" V1="2011" V2="7" V3="string"] Reason: UDV VSA error - User Defined Vendor/VSA operation failed (VSA name not unique)
  actually i am doing it for H3c.dct  it is for 3com.
  Below is the file which i used.
  SequenceId,Priority,UserName,GroupName,Action,ValueName,Value1,Value2,Value3,DateTime,MessageNo,ComputerNames,AppId,Status
  1,0,,,350,3COM-H3C,AUTO_ASSIGN_SLOT,2011,,,,,,0
  2,0,,,352,h3c-User-Access-Level,2011,26,integer,,,,,0
  3,0,,,352,Administrator,2011,3,string,,,,,0
  4,0,,,352,Manager-(write),2011,2,string,,,,,0
  5,0,,,352,Monitor-(read),2011,1,string,,,,,0
  6,0,,,352,Login-Service,2011,5,string,,,,,0
  7,0,,,352,SSH,2011,50,string,,,,,0
  8,0,,,352,Terminal,2011,52,string,,,,,0
  9,0,,,353,,2011,221,IN OUT,,,,,0
  10,0,,,355,,,,,,,,,0
  Also please let me know how can delete the UDV if i want to. i tried procedure mentioned in user guide but failed.

• SAP BO DI 3.2 How to import definition for flat files

  Hi All,
  I have several MS Access database with their respective tables , but Im needing now to import the tables structure/definitions of their tables as Flat Files definitions inside SAP BO DI 3.2 , is there an automatically way to do this without using the Flat File Editor?
  Thanks in advance!

  Hi,
  if you have the data in an Access database can you not just connect via ODBC to get the data?  This would also allow you to get the column metadata easily.
  If you are going to export the data from Access to flat files then do this first and then use the Flat File editor to create each file in turn, as long as you have access to the file then you can open it in the file editor and Designer will import the schema for you.
  regards,
  Adrian

• Policy Store Error in Import Definitions In Oracle I/PM (11.1.1.6.0)

  Hi All,
       At present I am trying to implement the imaging solution. When I try to import the definitions from I/PM it's giving me the following error.
       Policy Store Error: The User 100.weblogic does not exist in the policy store.
       Policy Store Error: The Group 100.PayablesProcessor does not exist in the policy store.
      I am unable to understand why it's giving the above error.
      User 'weblogic' and Group 'PayablesProcessor'  exists on myrealm. Unable to understand why error showing '100.weblogic' and '100.PayablesProcessor'.
      Invoices.xml comes with Solution Accelerator mentioned the user & group is 'weblogic' and 'PayablesProcessor' .
      So many times I configure the Accelerator but never faced the above issue.
      I tried to resolve the above to run refreshIPMSecurity() command but no luck.
     Could you please help me to resolve this issue ?
     Thanks in advance.

  Hi,
  The request to connect from the client is reaching the server but it seems the parsing of the service name is either wrong or the information is correct. Here are a couple of suggestions.
  If you have a good known set of sqlnet.ora and tnsnames.ora files on another client where the same connection descriptor works, then backup the curreny client network config files and copy the good known files to the Windows 2008 web server where you see the error. Make sure you recycle the worker processes once the files have been copied.
  Try to connect via Ezconnect and by pass the config files to see if you get the same error.
  //hostname:port/servicenameofdb
  where hostname is the machine where the target database is running
  port is the port on the DB machine where the tns listener is running and listening
  service name is the service name of the target DB
  Use this syntax in the connect string box when attempting to connect from SQL PLUS out of the ODAC home.
  You can also run lsnrctl utility on the server and vertify there is a handler for the service name or instance that is the target,
  HTH
  Jenny B.

• Wli console: rdbms channel rule definition with empty datasource

  Hi all,
  I googled around for a solution of this problem, but did not find one. Can anyone please help me whith this problem:
  I deployed a process-application on a 9.2 server. When I want to define a RDBMS event generator rule for my process, I get a page with an empty datasource JNDI name list. In the logfile I see this exception when i request the channel rule definition page:
  <Mar 14, 2007 3:58:59 PM CET> <Error> <WLI-Core> <BEA-489003> <Caught Exception: weblogic.management.ManagementException: Edit Server is not enabled. You will need to enable it through the JMXMBean.
  weblogic.management.ManagementException: Edit Server is not enabled. You will need to enable it through the JMXMBean.
  at com.bea.wli.management.MBeanHelper.getEditServiceMBean(MBeanHelper.java:1298)
  at com.bea.wli.management.MBeanHelper.getAdminDomainMBean(MBeanHelper.java:1268)
  at com.bea.wli.oam.eventgenerators.servlets.EventGenerators.getQCFJndiName(EventGenerators.java:576)
  at com.bea.wli.oam.eg.framework.XEGMainServlet.displayChannel(XEGMainServlet.java:759)
  at com.bea.wli.oam.eg.framework.XEGMainServlet.newChannel(XEGMainServlet.java:424)
  This only happens on an external server, if I delpoy on the local workshop server, everything works fine.
  Any help is appreciated!
  Best regards

  Hi everyone intersted in a solution:
  after consulting the bea support we finally found out the reason for this ManagementException:
  We configured our test and production server in a cluster environment, that means we specified <listen-address>our.cluster.name</listen-address> in the file <domain>/config/config.xml. The server does not work with this properly, this is a bug for which a patch will be developed!
  This workaround helps for servers in cluster environment:
  * stop server
  * edit config.xml and clear the listen-address field: <listen-address></listen-address>
  * start server
  * use physical address of server to log into wli-console and create all eventgenerators you need
  * stop server, change config.xml to original value and restart
  best regards and happy beta testing ...

• ACS RDBMS Synchronization

  I have been reviewing the ACS 4.0 documentation and want to know if there are any options available for synchronizing the DB using ODBC on the Solution Engine. Looking for something other than FTP, if available.

  Like Jeff said - not supported.
  The reason is because ODBC can require a 3rd party driver and the appliance is "hard".
  Although common ones could be loaded, there tends to be regular security vulnerabilities (esp in jet) that would require constant patching/updating.
  Of course you can still manage DBSync in your own DB, you just need to export to csv to get it actioned.

• Deleting or Renaming the AccountAction.csv in RDBMS synchronization

  Good morning all,
  I am trying to finalize a process using the RBDMS Sync on Cisco ACS 4.1 SE. The process will get my AccountActions.csv file, but does not seem to want to rename it. I have the synch occuring every morning at 0300. I guess one question would be, if the file does not change, what will occur? I get an error like this;
  Could not delete CSV file on FTP Server - may process same actions again. (The file may be in use).
  I have set up the FTP server to allow deletion and renaming from this login.
  Any help or direction would be appreciated.
  Thanks
  Dwane

  I would schedule something to rename the account actions csv on the ftp server.. have it run at 04:00
  That way you know it done. Otherwise ACS will simply process all the same actions again.
  This is because RRBMS sync was designed to work with proper databases. There is a field to indicate a row has been processed, but csv files are read only thanks to the retarded Microsoft csv driver.

• Changing shared key in bulk for Clients in ACS 4.2.1

  HI,
  is there any way to change the shared secret key for all devices in bulk instead of going to each clients and changing key in ACS 4.2.1 ?
  Please let me know if is there any way to perform it faster.
  Thanks

  Hi Nitin,
  Well, if you have all the devices in a single NDG then just click on that NDG >> at the bottom click edit properties  >> enter the new shared secret key there and it will take precedence from there on. Even though if you click on any AAA client inside that NDG, it will show the OLD shared secret key but due to the presence of this feature where NDG key will always override the AAA client, this will surely work for you.
  If you're not convinced with the above suggestion and really want to change the shared secret key then let me know;
  Are you using ACS SE or ACS windows. I'm assuming that you have ACS SE
  Here you need a CSV file with the action code to certain NAS and you should be able to synch the CSV file with RDBMS to the database using
  4.2 version
  Code 224 - UPDATE_NAS
  VN = AAA client Name
  V1 = IP-Address
  V2 = shared secret key
  V3 = vendor
  RDBMS Synchronization Import Definitions
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322
  Action Codes for Modifying Network Configuration
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp78096
  HTH
  Jatin
  Do rate helpful posts~

• ACS dump.txt file contents

  Hi i have to write some code to parse dump.txt file and retrieve user information.
  My first question is : what is the structure/ format of the attribute "Expiry :"
  The second question would be, how can i find, if a user is disabled when the number of failed login attempts exceeds the limit.
  In this case i have observed that the Status attribute does not change value, when user is disabled.

  RDBMS synchronization import definitions are a listing of the action codes allowable in an accountActions table. The RDBMS Synchronization feature of the Cisco Secure Access Control Server Release 4.0 Solution Engine, hereafter referred to as ACS, uses a table named accountActions as input for automated or manual updates of the ACS internal database.
  Refer to RDBMS Synchronization Import Definitions for more information
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/user/guide/ag.html

• Adding RADIUS VSAs on ACS 3.2 SE

  I have tried to add a VSA to enable a Packeteer to authenticate using RADIUS on the ACS.
  Using RDBMS synchronization to import the csv file below.
  SequenceId,Priority,GroupName,Action,ValueName ,Value1,Value2,Value3
  1,1,External,163,26,access=look,2334,1
  The group name is 'External', Action is 163 which corresponds to ADD_RADIUS_ATTR.
  From RDBMS Sychronization Import Definitions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/ag.htm#wp35130)
  To add a vendor-specific attribute (VSA), set VN = "26" and use V2 and V3 as follows:
  •V2 = IETF vendor ID (which in this case is 2334)
  •V3 = VSA attribute ID (1)
  •V1 = In this case 'access=look'
  After a couple of attempts I got the format correct but when I try and import the file I don't get an "INFO" message in the "Reports" section of the ACS indicating that the process was successful. I don't get any message at all, WARNING, ERROR or INFO.
  From the FTP server I can confirm that the file was transferred.
  What I should get is an INFO message similar to:
  08/30/2004 16:27:50 INFO Sync complete: 1 transaction(s) 0 parse error(s) 0 process error(s)
  Any ideas as to what is wrong would be much appreciated.
  Cheers,
  Aylmer.

  HI you need to import the RADIUS VSA for PAcketeer from their site.
  The link to the steps as shown below is ( might require u to subscribe & login)
  https://packeteer.custhelp.com/cgi-bin/packeteer.cfg/php/enduser/std_adp.php?p_faqid=399&p_created=1046793530&p_sid=gszcDFBh&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PWRmbHQmcF9ncmlkc29ydD0mcF9yb3dfY250PTImcF9wcm9kcz0wJnBfY2F0cz0wJnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9YW5zd2Vycy5zZWFyY2hfZm5sJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9YWNz&p_li=&p_topview=1
  IN any case the same content is copied below:-
  Also the stpes on how to do them is listed here
  Create a User Defined Vendor
  First, you need to create a User Defined Vendor.
  1. Create a text file (packet.ini) and enter the following:
  [User Defined Vendor]
  Name=Packeteer
  IETF Code=2334
  VSA 1=Packeteer-AVPair
  [Packeteer-AVPair]
  Type=STRING
  Profile=OUT
  2. Name the file packet.ini.
  Add the Vendor to the Database
  Next, you need to add the above vendor to the database.
  1. Go to the command prompt, and change the directory to the Cisco Secure utils directory (typically C:\Program Files\CiscoSecure ACS v3.0\Utils).
  2. The instructions below install the vendor into User Defined slot 0. If you have other vendors, you need to change this number to a free slot. To see a list of slots and their assignments, use the csutil -listudv command. For example:
  C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listudv
  CSUtil v3.0(2.5), Copyright 1997-2002, Cisco Systems Inc
  UDV 0 - Unassigned
  UDV 1 - Unassigned
  UDV 2 - Unassigned
  UDV 3 - Unassigned
  UDV 4 - Unassigned
  UDV 5 - Unassigned
  UDV 6 - Unassigned
  UDV 7 - Unassigned
  UDV 8 - Unassigned
  UDV 9 - Unassigned
  3. Run csutil -addudv to and add Packeteer to UDV (User Defined Vendor) slot 0 or the next
  open slot.
  C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -addudv 0 c:\temp\packet.ini
  CSUtil v3.0(2.5), Copyright 1997-2002, Cisco Systems Inc
  Adding or removing vendors requires ACS services to be re-started.
  Please make sure regedit is not running as it can prevent registry
  backup/restore operations
  Are you sure you want to proceed? (y/n)y
  Parsing [c:\temp\packet.ini] for addition at UDV slot [0]
  Stopping any running services
  Creating backup of current config
  Adding Vendor [Packeteer] added as [RADIUS (Packeteer)]
  Adding VSA [Packeteer-AVPair]
  Done
  Checking new configuration...
  New configuration OK
  Re-starting stopped services
  Verify that Packeteer was added.
  C:\Program Files\CiscoSecure ACS v3.0\Utils>
  C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listudv
  CSUtil v3.0(2.5), Copyright 1997-2002, Cisco Systems Inc
  UDV 0 - RADIUS (Packeteer)
  UDV 1 - Unassigned
  UDV 2 - Unassigned
  UDV 3 - Unassigned
  UDV 4 - Unassigned
  UDV 5 - Unassigned
  UDV 6 - Unassigned
  UDV 7 - Unassigned
  UDV 8 - Unassigned
  UDV 9 - Unassigned
  4. Return to ACS Admin and select Network Configuration.
  From the main screen select Network Configurtion and add the PacketShaper by supplying the AAA client Hostname, IP address: , Key. Scroll through the Authenticate Using choices and select RADIUS (Packeteer).
  5. From the main screen select User Setup and enter a user name for a Touch or Look access user to the Packet Shaper. Supply the PAP/CHAP password. Leave other fields at defaults and scroll to the bottom
  of the form. Be sure the Packeteer-AVPair box is selected and supply either
  "access=touch" or "access=look" in the available entry space.

• Importing field level definitions

  I have a model that was created by reverse engineering an Oracle database. This model is really small, about 400 columns, but I'd really like to get definitions of the columns and tables into this thing before it gets really big. Being an old-time data modeler, I know how to bulk import definitions into other modeling tools like Erwin and ER/Studio. But I'm just now trying to figure out SDDM.
  Is there a way for me to bulk import definitions for all the columns and tables in the Relational model? i have the text already, just don't really have time to pound it in one column at a time.
  Steve

  Hi,
  below is a script that do what you want but it imports from excel file into notes property. It works for logical model, entities and attributes. You need to change it for relational model, tables and columns. Also add code if you want to import comments and comments in RDBMS properties. Pay attention on the name of excel sheet - it's "Sheet 1". Also you need to create ODBC Data Source for your excel file- named "Excel_imp" in example below
  Philip
  var model;
  function getAttribute(entities,ename,aname){
  if(current!=null && current.getName().equals(ename)){
    return current.getElementByName(aname);
  for (var i = 0; i < entities.length; i++) {
    current = entities;
  if(current.getName().equals(ename)){
       return current.getElementByName(aname);
  return null;
  //====
  var current;
  model = model.getDesign().getLogicalDesign();
  entities = model.getEntitySet().toArray();
  java.lang.Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");
  // url - jdbc:oracle:thin:@host:port:sid
  //"user","pswd"
  conn = java.sql.DriverManager.getConnection("jdbc:odbc:Excel_imp", "", "");
  stmt = conn.createStatement();
  rset = stmt.executeQuery("select * from [Sheet 1$]");
  if(rset!=null){
  while(rset.next()){
  entity_name = rset.getString(1);
  attr_name = rset.getString(2);
  descr = rset.getString(3);
  if(descr!=null){
  attr = getAttribute(entities,entity_name,attr_name);
  if(attr!=null){
  attr.setNotes(descr);
  attr.setDirty(true);
  rset.close();
  stmt.close;