ACS supports the use of an external ODBC database for the automation of your ACS configuration. Two components facilitate this process, CSDBsync, which is the process that actually performs the synchronization, and the accountActions table. The synchronization with an external database allows you to configure the following based on values contained in the External Database table:
For users, you can configure the following attributes:
For user groups, you can configure the following parameters:
For network configuration, you can configure the following:
For custom RADIUS vendors and VSAs, ACS allows you to create up to 10 IETF-compliant RADIUS vendors, and all VSAs that you add for those servers must be sub-attributes of IETF RADIUS attribute number 26. Components of SynchronizationWhen you perform database synchronization, two components work together, the CSDBsync process and the accountActions table. This section should help you to better understand what each component's role in synchronization is and how the two work hand in hand to facilitate synchronization. CSDBSyncCSDBSync is a service that ACS runs to perform automated user and group account management. This functions by gaining access the ODBC driver Data Source Name (DSN) and thereby accessing the accountActions table. The accountActions table holds information that is needed by CSDBSync. accountActions TableThe accountActions table is a table on the external ODBC server that contains a set of rows that defines what actions CSDBSync performs in ACS. CSDBSync and accountActions Table Working TogetherThe basic process of CSDBSync and accountActions table working together is based on an action in the table. The most common actions are SET_VALUE and DELETE_VALUE. The SET_VALUE has an action code of 1 and the DELETE_VALUE has an action code of 2. CSDBSync reads the accountActions table for a configuration item, such as username, and the action code to determine if it is to add or delete a user from ACS. Each record is then deleted from the RDBMS database. Cisco recommends that for backup purposes, you create another table and mirror each transaction with CSDBSync to that table. Ensure that that table is backed up frequently. Also, ensure that you perform frequent backups of the ACS database. NOTE For a complete list of configurations and action codes, see the user guide that came with your ACS. Preparing for SynchronizationBefore you perform synchronization, you need to complete a few tasks. These tasks enable the ACS to use CSDBSync to communicate with the accountActions table:
RDBMS Synchronization OptionsTo enable RDBMS synchronization, you must enable it in interface configuration, under the Advanced Options link. Once enabled, you will find an RDBMS Synchronization link in System Configuration. Begin by selecting the RDBMS Synchronization link in System Configuration. Under the RDBMS Setup heading, select a DSN from the drop-down menu. (This should already be configured.) Also, you need to enter the username and password for the ODBC connection. Next, you select the synchronization options from the Synchronization Scheduling heading. Here, you can choose a manual synchronization or schedule synchronization based on a time interval or by choosing timeslots from the time grid provided. Finally, you need to select the AAA server from the list on the left, and use the right arrow to place them in the Partners column. This allows all partner device information to be synchronized. Note that you can select the Submit button to schedule synchronization, or the Synchronize Now button to force a manual synchronization. This completes the configuration of synchronization. For more detailed information on synchronization, refer to the user guide provided with your ACS as well as the vendor documentation for your ODBC RDBSM system. |