#ODBC

Hi all, 

We are doing a SQL server upgrade to SQL server v.15 from a legacy server which had v.10 . I have our Cache server as a linked server int order to pull data from our system. When building out the ROWSPEC, I have my fields typed as %String with various lengths with one field having a max length of 15000. The SQL server is trying to interpret this as a text data type instead of varchar(n). Text is a depracated data type since SQL server 2008. The error below is produced when trying to query from this view

I am unable to connect to InterSystems ODBC client. I am seeing the following error:

[Cache ODBC][State : S1000][Native Code 417] Access denied.

$cnx = new PDO("odbc:Driver={InterSystems ODBC};Server=<IP>;Uid=<id>;Pwd=<password>;");

Am i doing anything wrong?

Although, I can successfully connect and retrieve data in MS Excel using ODBC connection where I have configured my DSN and all

I have a problem with connecting to IRIS via ODBC on Apple Silicon.

I installed unixodbc with brew, and downloaded ODBC-2023.1.0.229.0-macos.tar.gz from the community github repo.

After setting up odbc.ini so that libirisodbcur6435.so that was just downloaded is used as the driver,  isql fails as follows:

$ isql -v sampleodbc

[08S01][unixODBC][Iris ODBC][State : 08S01][Native Code 459]

[libirisodbcur6435.so]

Connection via irisconnect failed:

getaddrinfo(, , 0, 0) failed in s_TCPConnect, reason = nodename nor servname provided, or not known.

 

[ISQL]ERROR: Could not SQLConnect

I'm trying to extract data from an IRIS database into SQL server with SSIS using the ODBC driver: InterSystems ODBC35 (ODBC-2023.1.0.229.0-win_x64.exe)

I have Unicode turned off in the ODBC settings. 
I'm getting strange results - with some tables the SSIS ODBC connector will work but the ADO.net connector - using the same ODBC driver will. For other tables it's the other way round. The ADO.net sees the data as unicode and won't allow me to insert it into a non unicode table but ODBC will be fine.

In some cases I'm getting data that just looks screwed up  

Hi Community,

Watch this video to see how to connect to InterSystems Cloud Services from your C++ application, using the InterSystems ODBC Driver:

⏯ Connecting to InterSystems Cloud Services with ODBC

Several steps should be done in order to secure the connection through xDBC clients to an IRIS Server instance using TLS. Most of the information can be obtained from the documentation about TLS on IRIS here, about configuring the security layer for encrypted connections. In the next paragraphs we will cover an step-by-step guide on how to configure and test the connection using SQL Clients apps using ODBC and JDBC.

You can download the drivers from InterSystems IRIS Driver Packages

Configuring IRIS SuperServer to use TLS

IRIS Documentation on this link

Before starting with the client connections, the IRIS SuperServer should be secured by configuring the SSL Configuration. Have a read of the IRIS Documentation here in order to fully understand the steps. The first step is to generate a certificate authority and the server certificate and key. I used easyRSA assuming a Linux server environment. The installation directory for easyRSA would be "~/easyRSA".

$ mkdir ~/certs
$ cd ~/certs
$ ~/easyRSA/easyrsa init-pki

Notice
------
'init-pki' complete; you may now create a CA or requests.

Your newly created PKI dir is:
* /home/useradmin/cert/pki

* Using Easy-RSA configuration:

* IMPORTANT: Easy-RSA 'vars' template file has been created in your new PKI.
             Edit this 'vars' file to customise the settings for your PKI.
             To use a global vars file, use global option --vars=<YOUR_VARS>

* Using x509-types directory: /home/useradmin/easyrsa/x509-types

$ ~/easyRSA/easyrsa build-ca

* Using SSL: openssl OpenSSL 1.1.1k  FIPS 25 Mar 2021

* Using Easy-RSA configuration: /home/useradmin/cert/pki/vars


Enter New CA Key Passphrase:

Confirm New CA Key Passphrase:
.......................................+++++
........................................................................+++++
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:iris-server

Notice
------
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/home/useradmin/cert/pki/ca.crt

$ ~/easyRSA/easyrsa gen-req IRIS nopass

* Using SSL: openssl OpenSSL 1.1.1k  FIPS 25 Mar 2021

* Using Easy-RSA configuration: /home/useradmin/cert/pki/vars
Generating a RSA private key
.................................................+++++
.............................+++++
writing new private key to '/home/useradmin/cert/pki/bf84ccf8/temp.5fd8704f'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [IRIS]:

Notice
------
Keypair and certificate request completed. Your files are:
req: /home/useradmin/cert/pki/reqs/IRIS.req
key: /home/useradmin/cert/pki/private/IRIS.key

$ ~/easyRSA/easyrsa sign-req server IRIS

* Using SSL: openssl OpenSSL 1.1.1k  FIPS 25 Mar 2021

* Using Easy-RSA configuration: /home/useradmin/cert/pki/vars

You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.

Request subject, to be signed as a server certificate for 825 days:

subject=
    commonName                = IRIS


Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes

Using configuration from /home/useradmin/cert/pki/3754c4d3/temp.165602f3
Enter pass phrase for /home/useradmin/cert/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'IRIS'
Certificate is to be certified until Aug 13 02:25:01 2025 GMT (825 days)

Write out database with 1 new entries
Data Base Updated

Notice
------
Certificate created at:
* /home/useradmin/cert/pki/issued/IRIS.crt

Then copy the files to a known location, and assign the correct permissions to them

$ sudo mkdir /tls
$ sudo cp ~/cert/pki/issued/* /tls/
$ sudo cp ~/cert/pki/private/* /tls/
$ sudo cp ~/cert/pki/ca.crt /tls/
$ sudo chown irisusr.irisgrp /tls/*
$ sudo chmod 440 /tls/*
$ ll /tls/*

total 20
-r--r-----. 1 irisusr irisgrp 1196 May 10 22:29 ca.crt
-r--r-----. 1 irisusr irisgrp 1874 May 10 22:29 ca.key
-r--r-----. 1 irisusr irisgrp 4592 May 10 22:29 IRIS.crt
-r--r-----. 1 irisusr irisgrp 1704 May 10 22:29 IRIS.key

Optionally, generate client certificate and key for mutual verification. Is recommended to do it after establishing an initial encrypted connection.

After the creation of the server cert/key, the SuperServer SSL Configuration will use them to encrypt the connection. It can be done from the IRIS Management Portal or using the IRIS console with the following commands.

IRIS> set p("CertificateFile") = "/tls/IRIS.crt"
IRIS> set p("Ciphersuites") = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
IRIS> set p("Description") = "Autogenerated SuperServer Configuration"
IRIS> set p("Enabled") = 1
IRIS> set p("PrivateKeyFile") = "/tls/IRIS.key"
IRIS> set p("PrivateKeyPassword") = ""
IRIS> set p("PrivateKeyType") = 2
IRIS> set p("TLSMaxVersion") = 32
IRIS> set p("TLSMinVersion") = 16
IRIS> set p("Type") = 1
IRIS> set sc = ##class(Security.SSLConfigs).Create("%SuperServer", .p)
IRIS> kill p

Set TLSMinVersion to 32 to stick with TLSv1.3. The name of the SSL Configuration must be exactly "%SuperServer", as we are configuring the SuperServer.

Once the configuration is created, enable (or require) SuperServer SSL/TLS support running the following commands from IRIS console.

IRIS> set p("SSLSuperServer") = 1
IRIS> set sc = ##class(Security.System).Modify("SYSTEM", .p)
IRIS> kill p

To set the SSLSuperServer configuration to "1" will enable the TLS encryption but not require it. Before you require SSL/TLS connections, remember to enable encrypted connections for WebGateway and Studio. Is recommended first enabling encrypted connections, then verifying all clients (xDBC, WebGateway, Studio, NativeAPI, etc) use SSL/TLS connections and after that change the "SSLSuperServer" configuration to "2" to require the usage of SSL/TLS connections.

Configuring ODBC Windows Driver Connection

IRIS ODBC Windows Drivers download

In the previous step, the CA certificate was created, get the certificate from the server and make sure the format is in PEM format. The certificate could be converted using "openssl" if needed by executing the following command.

$ sudo openssl x509 -in /tls/ca.crt -out /tls/ca.pem -outform PEM

After installing the driver in Windows, a configuration file should be created, since the client installer does not create one. By default the settings file is called SSLdefs.ini and should be put in the InterSystems IRIS directory under the 32-bit common program files. This directory is found in the Windows environment variable %COMMONPROGRAMFILES(x86)% on 64-bit Windows or %COMMONPROGRAMFILES% on 32-bit Windows versions. For example, on Windows 10 64-bit, the path is:

C:\Program Files (x86)\Common Files\InterSystems\IRIS

To specify a different location, an environment variable called "ISC_SSLconfigurations" must be created with the full path and file name. You may need administrator privileges to do this.

This file has two sections: the configuration where the address, ports and name of the SSL config are specified, and the section where the parameters of the encrypted connection are set. This file is also used by Studio in order to get the parameters to establish the connection with the server. The first section should look like this:

[IRIS Server]
Address=10.100.1.17
Port=51773
TelnetPort=23
SSLConfig=DefaultSettings

The name between the bracket should be something meaningful for you, but it can be anything. The address, port and telnet port are the settings used to decide which connection should match this section. Either IP address or DNS names can be used for the address. The final parameter (SSLConfig) is the name of the configuration to get TLS settings from. It needs to match the name of one of the configuration in the file. The second section looks like this:

[DefaultSettings]
VerifyPeer=2
VerifyHost=1
CAfile=c:\InterSystems\certificates\ca.pem
CertFile=c:\InterSystems\certificates\client.pem
KeyFile=c:\InterSystems\certificates\client.key
Password=
KeyType=2
Protocols=24
CipherList=ALL:!aNULL:!eNULL:!EXP:!SSLv2 

The name in this section matches the name listed in the SSLConfig parameter of the first section. Then, this config will be used for connections to the address "10.100.1.17" on ports "51773" or "23". The descriptions of the parameters are as follows.

• VerifyPeer
  Options for this are 0=none, 1=request, and 2=require. Require is the recommended value. If you choose none, it is possible for a malicious server to pretend to be the server you mean to connect to. If you choose require, you'll need to fill in a Certificate Authority that you trust to verify certificates for the CAFile value. This is the equivalent of "Server certificate verification" in the portal.
• VerifyHost
  Options for this are 0=none, 1=required. This option checks that the server's certificate lists the host name or IP you've asked to connect to in the Subject's Common Name or subjectAlternativeName fields. This field does not have an equivalent in the portal, but is the same type of check as the SSLCheckServerIdentity property of the %Net.HttpRequest class. It is only configurable if your client is using Caché / Ensemble 2018.1 or later, or any version of InterSystems IRIS Data Platform.
• CAfile
  The path to the trusted Certificate Authority (CA) file. This should be the CA that signed the certificate of the other side (the server), not your own certificate. This should be filled in if you have picked a VerifyPeer value of 2. This is the equivalent of "File containing trusted Certificate Authority certificate(s)" in the portal. Certificates must be in PEM format.
• CertFile
  The path to your own certificate. This should be blank if your client doesn't have one. This is the equivalent of "File containing this client's certificate" in the portal. Certificates must be in PEM format.
• KeyFile
  The path to the matching private key for CertFile. This should be filled in if you have a CertFile, and blank if you don't. This is the equivalent of "File containing associated private key" in the portal.
• Password
  The password needed to decrypt your private key. This should be blank if you're not using a certificate for this client, or if the certificate's private key is not encrypted on disk.
• KeyType
  Is your private key RSA (2) or DSA (1)? The value is only relevant for configurations which have CertFile and KeyFile set. If you're not sure which it is, your key is probably RSA.
• Protocols
  This is a decimal representation of bit values for the versions of SSL/TLS supported. The options are: 1=SSLv2, 2=SSLv3, 4=TLSv1, 8=TLSv1.1, 16=TLSv1.2, 32=TLSv1.3. SSLv2 and SSLv3 have known problems and are not recommended. More than one version may be specfied by adding numbers. For example, 24 is TLSv1.1 and TLSv1.2. This the equivalent of the "Protocols" checkboxes in the portal.
• CipherList
  This is the equivalent of "Enabled ciphersuites" in the portal. This controls exactly which types of encryption and hashing will be acceptable to this client. ALL:!aNULL:!eNULL:!EXP:!SSLv2 is the default value for this setting in the management portal. If you're having trouble with your connection, it's probably not this. Changing this can make your connection less secure by allowing weak encryption. You can find more information about this value on the openssl website.

Save the SSLdefs.ini file in the specified path and using the "ODBC Data Source Administrator" create a new Data Source using the "InterSystems IRIS ODBC35" driver. Give the data source a name, set the Host and Port, specify the Namespace, User Name and Password. Under "Authentication Method" select "Password with SSL/TLS" in order to use the encrypted connection. If you configured the ODBC connection with the address and port specified in the SSLdefs.ini file, then you will be using the TLS encrypted connection. Press "Test Connection" in order to check if the ODBC is configured correctly.

You can use the configured ODBC data source with any ODBC client to get access to the IRIS instance.

Configuring JDBC Client

IRIS JDBC Driver download
Using the JDBC Driver documentation

To use any of the JDBC SQL clients you need to first download the JDBC driver, copy it in the tool library directory and specify the Connection URL for the IRIS JDBC Driver. The minimal required parameters for this URL are:

jdbc:IRIS://<host>:<port>/<namespace>

but you can also specify several optional URL parameters. The full syntax is:

jdbc:IRIS://<host>:<port>/<namespace>/<logfile>:<eventclass>:<nodelay>:<ssl>

and for the purposes of this article, the ssl parameter enables TLS for both IRISDriver and IRISDataSource. Valid values are true and false. If not set, it defaults to false. So, in order to connect to our server using an encrypted connection, we should specify the URL as:

jdbc:IRIS://10.100.1.17:51773/USER/:::true

(if there is a "blank" value in the optional parameters will use the default)

It is important to note here that the CA certificate should be added to the Java trust store. In order to do this, we could use the keytool command. First locate the Java home directory where the CA certificates are. This can be achieved by going to the command line or terminal, depending on what operating system you are, and execute:

Linux: echo $JAVA_HOME
Windows: echo %JAVA_HOME%

Usually the CA certificates store is under JAVA_HOME/lib/security/cacerts. Once you located the file, make a backup copy of it and get the CA certificate for your server. To import it to the java trust store run the following command:

Linux:
$ keytool -import -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -alias mycert -file /path/to/ca.crt

Windows:
C:\> keytool -import -trustcacerts -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit -noprompt -alias mycert -file \path\to\ca.crt

Replace the paths and path delimiters accordingly.

This will add the CA certificate to the trusted store in order for the driver to accept the encrypted connection. Now from the JDBC SQL Client program you can connect to the server using the connection URL specifying to use SSL/TLS.

General Considerations

• Verifying that connection is encrypted

  To check whether the connection is encrypted and running through SSL/TLS, you could run Wireshark to capture some network packets and analyze their contents. You will easily see "TLSv1.x" in the protocol column, and upon checking the contents, it is clearly encrypted.

  

Links

• Tableau Desktop Encrypted Connections
• Configuring SSL/TLS on Cache Client Apps
• SuperServer TLS
• WebGateway TLS
• Studio TLS
• Java TLS
• Java Connection Properties
• easyRSA

 i use %SQLGatewayConnection to insert data to mysql from xml，when if the value`s ascii of any field in the sql equal to 57659 ，

Hi all,

I'm trying to use LOAD DATA to insert 11k (11,377) rows of data. LOAD BULK DATA is not available for the version of IRIS I am using.

After calling LOAD DATA it says only 5,500 rows has been inserted. The LOAD DATA docs says any error rows are skipped and a count of skipped rows can be found in %SQL_Diag.Result however there are no results here. There are no errors in the xDBC error log either.

Why have over half the rows been skipped?

InterSystems FAQ rubric

The ID of the last updated record can be obtained using the SQL function LAST_IDENTITY().
* This function can be used with embedded SQL or ODBC but not with Dynamic SQL, SQL Shell, or the Management Portal's SQL interface.

Here's an example of usage with simple Embedded SQL:

Hi,

Does anyone have experience with connecting to IRIS with OLEDB through an OLEDB-ODBC bridge? In this case the client can only speak OLEDB at this moment.

Regards,

Marcel

In the documentation  Data Types | Caché SQL Reference | Caché & Ensemble 2018.1.4 – 2018.1.8 (intersystems.com)

it says that "by default, Caché establishes a system-wide ODBC VARCHAR maximum length of 4096; this ODBC maximum length is configurable"

Per instructions, I went to SMP -> System -> Configuration -> General SQL Settings, where most of the fields from  $SYSTEM.SQL.CurrentSettings()

appear. That one does not.

How does one change it, and can it be increased?

Thanks!

[Cross-posted from https://groups.google.com/g/intersystems-public-cache/c/eRFeORb_sb0]

Introduction

This article is intended to be a simple tutorial on how to create ODBC connections and working with them, since I found starting with them a little bit confused, but I had amazing people to take my hand and walk me through it, and I think everyone deserves that kind of help too.
I'm going to divide each little part in sections, so feel free to jump to the one you feel the need to, although I recommend reading everything.
I'm going to use the sample data created in a previous article, Quick sample database tutorial: Samples.PersistentData, with the properties Name and Age.

I already have a working setup with:

- Ubuntu 21.10
- Unixodbc 2.3.6
- ODBC-2018.1.5.659.0-lnxubuntux64
- libcacheodbcur64.so

I have tried to update to:

- Ubuntu 22.04
- Unixodbc 2.3.9

But, i am getting  "SQLDriverConnect: 0 [unixODBC][Driver Manager]Driver does not support the requested version".

So, I have tried to switch to:

-  libcacheodbcur6435.so
- ODBC-2018.1.7.721.0-lnxubuntux64.tar

But i am getting same error. Please, could someone help me?

I already have a working setup with:

- Ubuntu 21.10
- Unixodbc 2.3.6
- ODBC-2018.1.5.659.0-lnxubuntux64
- libcacheodbcur64.so

I have tried to update to:

- Ubuntu 22.04
- Unixodbc 2.3.9
 

But, i am getting  "SQLDriverConnect: 0 [unixODBC][Driver Manager]Driver does not support the requested version".

So, I have tried to switch to:

-  libcacheodbcur6435.so
- ODBC-2018.1.7.721.0-lnxubuntux64.tar

But i am getting same error. Please, could someone help me?

A client recently upgraded from Cache2010 to Cache2017 and now reports that for certain tables, WinSQL does not show the indices which were previously visible in Cache2010.  Has anyone heard of this type of behavior before?  Is there a remedy or some change which needs to be made to the table definitions?  Thanks.

Product version

I try the 2021.2 2020.2 , they own have this issus

For this issus i have submit to dotnet , hope they can solve this or find the reson for this and solve this.

platform

ubuntu using unixOdbc dirver

Describe the problem you're observing:

using dotnet nuget System.Data.Odbc to connet the iris for some sql will have bug on linux,but it is ok on windows
and that driver is ok for other db type .
I have put a issue on dotnet also (dotnet/runtime#80015)
Is anyone can have a look for that

Get the quick and easy steps for setting up ODBC/JDBC connections to InterSystems IRIS® data platform and InterSystems IRIS for Health™:

• Setting Up JDBC Connections
• Setting Up ODBC Connections

Now in an easy-to-use, checklist format to help you work through the process on your own system.

Enjoy!

Hi Developers,

Enjoy watching the new video on InterSystems Developers YouTube:

⏯ InterSystems IRIS Cloud SQL @ Global Summit 2022

Hi!

Is there any ARM64 ODC driver available for InterSystems Caché?

It would be really very useful!

Hi 

I try to create an ODBC connection to MariaDB using SQL Gateway Connection. It works when testing with isql command at OS level but in the SQL Gateway Connection test is failed as this message :

Connection failed.
SQLState: () NativeError: [2002] Message:

And another way try to testing with this command

d$SYSTEM.SQLGateway.TestConnection("MariaDBodbc")

I got the error message look like this :

Hi Community

I have created a simple package that allows the use of Cache with the Laravel Framework.

From my initial testing everything seems to be operating smoothly but I would like to appeal to the PHP users in the community to help me improve this package.

For those of you out there who have time and would be interested in this, please visit the repo at https://github.com/jeandormehl/laracache

Thanks in advance

Hi team,

I'll start with an apology as I am trying to wrap my head around the architecture of how InterSystems IRIS database management works. I am attempting to connect to the platform remotely through say a JDBC or ODBC connection in order to run queries, searches (through SQL statements) on my laptop and was trying to understand whether this would be possible? It is possible to setup an inbound client connection and wanted to better understand the architecture of how the database association works for IRIS database management. Does it use it's own internal SQL database or are we able to connect to our own database and which databases are certified to run against the platform?

I am calling a stored procedure over an ODBC connection and every time I call it there are several warnings written to the log event {Found no Parameter 1 (used as 1) for query}.I seem to be getting this on every query executed and that seems to happen a number of times the query parameters are per query and its filling up my disc.

1) Is there a way to suppress these warnings as the query seems to be executed and data written to the database?

Hi I've got a service setup to query a sql server via ODBC.

I've got all the parameters etc setup and everything is ok

My Query is

Is there a way for us to restrict user's ODBC permissions based on what program they're running on a client?

For example, we have some older Windows apps (.exe) that are a regular part of our software package which require the user to be able to select, insert, update, and delete. Some of our users are also using other third-party apps to connect (mostly reporting tools) but we only want them to be able to select unless we've approved the exe. Is there a way to do that?

These are not applications that were developed using CacheDirect.

Hello,

I have an error connecting the InterSystems cache with the odbc driver with the ODBC-2017.2.2.865.0-lnxrhx64.tar version using the ubuntu versions 20.04 and version 18.04 (which works with the .Net Core 3.1 version) with the Net 6.

Error:

Hi,

We need a web-based SQL tool to connect to Ensemble/Cache, that will offer more functionality than what the Management Portal offers.
It needs to be web based, so that we can host it on a machine that has connectivity to the server via the superserver port. We (the devs and support) only have browser access to the environment via Remote Desktops, hence the requirement.

Has anyone gotten OmniDB to connect to Ensemble/Cache? If so, can you please advise on how to configure it?

Any other suggestions for such a tool are also welcome.

Kind regards,
Stefan

I have a linked procedure class and SQL gateway setup and I can't seem to get any response, status or error from using the stored procedure, I think it must be something big I'm missing to not even get a status.

Can someone see what my problem is please, any help would be very much appreciated.

Class generated by linked procedure wizard:

Hi Team,

We are facing an issue connecting to a remote Cache DB server using CacheODBC 2018 on the client side.

The connection works fine without SSL on the Cache server, but when SSL is enabled, we are getting the below error - "Failed to load cconnect executable!, SQL state 08S01 in SQLConnect"

Also, the connection works fine when the PHP script is run through CLI on client server, but fails with the above error when the script invoked from a client browser.

Could you please help us with any pointers in resolving the issue?

Hello,

I'm using the InterSystems Iris odbc driver (DriverODBCVer=02.10) to get data from Iris table but it is slow.

Is there any options to improve performance ? Increase the packet size ?

Change to do in odbcinst.ini / odbc.ini to make it quicker ?

Thanks