Linux DSN Configuration
This section describes how to set up ODBC connectivity and configure DSNs on several Linux distributions: Debian-based systems, like Ubuntu, and Red Hat Linux platforms, like Red Hat Enterprise Linux (RHEL), CentOS, and Fedora.
Minimum Linux Versions
Here are the minimum supported versions for Red Hat-based and Debian-based systems:
| OS | Min. Version |
| Ubuntu | 11.04 |
| Debian | 7 |
| RHEL | 6.9 |
| CentOS | 6.9 |
| Fedora | 13 |
| SUSE | 12.1 |
Installing the Driver Dependencies
Run the following commands as root or with sudo to install the necessary dependencies:
- Debian/Ubuntu:
apt-get install libc6 libstdc++6 zlib1g libgcc1
- RHEL/CentOS/Fedora:
yum install glibc libstdc++ zlib libgcc
Here are the corresponding libraries required by the driver:
| Debian/Ubuntu Package | RHEL/CentOS/Fedora Package | File |
| libc6 | glibc | linux-vdso.1 |
| libc6 | glibc | libm.so.6 |
| libc6 | glibc | librt.so.1 |
| libc6 | glibc | libdl.so.2 |
| libc6 | glibc | libpthread.so.0 |
| libc6 | glibc | libc.so.6 |
| libc6 | glibc | ld-linux-x86-64.so.2 |
| libstdc++6 | libstdc++ | libstdc++.so.6 |
| zlib1g | zlib | libz.so.1 |
| libgcc1 | libgcc | libgcc_s.so.1 |
Installing the Driver
You can use standard package management systems to install the driver.
On Debian-based systems, like Ubuntu, run the following command with root or sudo:
dpkg -i /path/to/driver/setup/SharePointODBCDriverforUnix.deb
On systems that support the RPM package format, run the following command with root or sudo:
rpm -ivh /path/to/driver/SharePointODBCDriverforUnix.rpm
Licensing the Driver
Run the following commands to license the driver. To activate a trial, omit the <key> input.
cd /opt/cdata/cdata-odbc-driver-for-sharepoint/bin/
sudo ./install-license.sh <key>
Connecting through the Driver Manager
The driver manager loads the driver and passes function calls from the application to the driver. You need to register the driver with the driver manager and you define DSNs in the driver manager's configuration files.
The driver installation registers the driver with the unixODBC driver manager and creates a system DSN. The unixODBC driver manager can be used from Python and from many other applications. Your application may embed another driver manager.
Creating the DSN
See Using unixODBC to install unixODBC and configure DSNs. See Using the DataDirect Driver Manager to create a DSN to connect to OBIEE, Informatica, and SAS.
Connecting to Microsoft SharePoint
Microsoft SharePoint works with all Lists and Documents in the global Microsoft Sharepoint site, as well as with individual sites. Set the URL connection property to your Site Collection URL to work with all Lists and Documents, or set it to a specific Site URL to work with Lists and Documents in that site only.| URL | Example URL |
| Site Collection | https://teams.contoso.com |
| Site | https://teams.contoso.com/teamA or https://teamA.contoso.com |
In addition to providing the URL, use one of the following sets of connection properties to authenticate to SharePoint. The default values make it easy to connect in most environments, as shown below. Sharepoint supports online (cloud-based) and on-premises architectures. Each architecture supports a different set of authentication schemes.
Online and on-prem authentication are discussed in turn below.
Authenticating to SharePoint Online
Set SharePointEdition to "SharePoint Online" and set the User and Password to the credentials you use to log onto SharePoint, for example, the credentials to your Microsoft Online Services account.
The following authentication schemes are supported:
- AzureAD
- Single sign-on (SSO) schemes
- MSI
- OAuthJWT
- ADFS
- OneLogin
- Okta
- PingFederate
If the user account domain is different from the domain configured with the identity provider, set SSODomain to the latter. This property may be required for any SSO.
AzureAD
Azure Active Directory (AzureAD) is a connection type that leverages OAuth to authenticate. OAuth requires the authenticating user to interact with Microsoft SharePoint using an internet browser. The driver facilitates this in several ways as described below. Set your AuthScheme to AzureAD. The AzureAD flows described below assume that you have done so.Your organization may require Admin Consent when authorizing a new AzureAD application for your Azure Tenant. In all AzureAD flows, any initial installation and use of an AzureAD application requires that an administrator approve the application for their Azure Tenant.
Desktop Applications
CData provides an embedded OAuth application that simplifies OAuth desktop authentication. Alternatively, you can create a custom AzureAD application. See Creating a Custom AzureAD App for information about creating custom applications and reasons for doing so.
For authentication, the only difference between the two methods is that you must set two additional connection properties when using custom AzureAD applications.
After setting the following connection properties, you are ready to connect:
- OAuthClientId: (custom applications only) Set this to the client Id in your application settings.
- OAuthClientSecret: (custom applications only) Set this to the client secret in your application settings.
- CallbackURL: Set this to the Redirect URL in your application settings.
When you connect the driver opens the OAuth endpoint in your default browser. Log in and grant permissions to the application.
Headless Machines
To configure the driver to use OAuth with a user account on a headless machine, you need to authenticate on another device that has an internet browser.
- Choose one of these two options:
- Option 1: Obtain the OAuthVerifier value as described in "Obtain and Exchange a Verifier Code" below.
- Option 2: Install the driver on another machine and transfer the OAuth authentication values after you authenticate through the usual browser-based flow, as described in "Transfer OAuth Settings" below.
- Then configure the driver to automatically refresh the access token from the headless machine.
Option 1: Obtain and Exchange a Verifier Code
To obtain a verifier code, you must authenticate at the OAuth authorization URL.
Follow the steps below to authenticate from the machine with an internet browser and obtain the OAuthVerifier connection property.
- Choose one of these options:
- If you are using the Embedded OAuth Application click Microsoft SharePoint OAuth endpoint to open the endpoint in your browser.
- If you are using a custom OAuth application, create the Authorization URL by setting the following properties:
- InitiateOAuth: Set to OFF.
- OAuthClientId: Set to the client Id assigned when you registered your application.
- OAuthClientSecret: Set to the client secret assigned when you registered your application.
- Log in and grant permissions to the driver. You are then redirected to the callback URL, which contains the verifier code.
- Save the value of the verifier code. Later you will set this in the OAuthVerifier connection property.
On the headless machine, set the following connection properties to obtain the OAuth authentication values:
- InitiateOAuth: Set this to REFRESH.
- OAuthVerifier: Set this to the verifier code.
- OAuthClientId: (custom applications only) Set this to the client Id in your custom OAuth application settings.
- OAuthClientSecret: (custom applications only) Set this to the client secret in the custom OAuth application settings.
- OAuthSettingsLocation: Set this to the path to the file where the driver saves the OAuth token values that persist across connections.
After the OAuth settings file is generated, you need to re-set the following properties to connect:
- InitiateOAuth: Set this to REFRESH.
- OAuthClientId: (custom applications only) Set this to the client Id assigned when you registered your application.
- OAuthClientSecret: (custom applications only) Set this to the client secret assigned when you registered your application.
- OAuthSettingsLocation: Set this to the file containing the encrypted OAuth authentication values. Make sure this file grants read and write permissions to the driver to enable the automatic refreshing of the access token.
Option 2: Transfer OAuth Settings
Prior to connecting on a headless machine, you need to create and install a connection with the driver on a device that supports an internet browser. Set the connection properties as described in "Desktop Applications" above.
After completing the instructions in "Desktop Applications", the resulting authentication values are encrypted and written to the path specified by OAuthSettingsLocation. The default filename is OAuthSettings.txt.
Once you have successfully tested the connection, copy the OAuth settings file to your headless machine.
On the headless machine, set the following connection properties to connect to data:
- InitiateOAuth: Set this to REFRESH.
- OAuthClientId: (custom applications only) Set this to the client Id assigned when you registered your application.
- OAuthClientSecret: (custom applications only) Set this to the client secret assigned when you registered your application.
- OAuthSettingsLocation: Set this to the path to your OAuth settings file. Make sure this file gives read and write permissions to the driver to enable the automatic refreshing of the access token.
Azure Password
To connect using your Azure credentials directly, specify the following connection properties:
- AuthScheme: Set this to AzurePassword.
- User: Set this to your user account you use to connect to Azure.
- Password: Set this to the password you use to connect to Azure.
- AzureTenant: Set this to the Directory (tenant) ID, found on the Overview page of the OAuth app used to authenticate to Microsoft SharePoint on Azure.
OAuth: Admin Consent
Admin consent refers to when the Admin for an Azure Active Directory tenant grants permissions to an application that requires an administrator in your organization to consent to the use case. The embedded application within the CData ODBC Driver for Microsoft SharePoint, contains no permissions that require administrator consent. Therefore, this information applies only to custom applications.Administrator Consent Permissions
When creating a new OAuth application in the Azure Portal, you must specify which permissions the application requires. Some permissions may be marked with "Admin Consent Required". For example, all Groups permissions require Admin Consent. If your application requires admin consent, there are two ways you can do this.
The easiest way to grant admin consent is to have an administrator log into the Azure Portal and navigate to the application you have created in App Registrations. Under API Permissions, click Grant Consent, which grants permissions on the tenant under which it was created.
If your organization has multiple tenants or you need to grant application permissions for other tenants outside your organization, use the GetAdminConsentURL stored procedure to generate the Admin Authorization URL. After the OAuth application is successfully authorized, it returns a Boolean indicating that permissions have been granted.
After the administrator has approved the OAuth Application, you can continue to authenticate.
Credentials Using a Custom App
Follow the steps below to create a custom OAuth app and obtain the connection properties for the OAuth authentication using Sharepoint App.
Register Add-In
- Navigate to the Register Add-In page by entering the url as : https://{sitename}.SharePoint.com/_layouts/15/appregnew.aspx .
- In the "App Information" section, click Generate, which is located next to the Client Id and Client Secret textboxes to generate the respective values.
- Set Title, App Domain and Redirect URI by filling respective text boxes.
- Click Create, which registers the add-in and returns the success message with created information.
- Navigate to the SharePoint site.
- Enter the URL: https://{sitename}.sharepoint.com/_layouts/15/appinv.aspx in the browser. This redirects to the Grant permission page.
- Enter the Client ID (which you generated earlier), in AppId and click Lookup button. That will populate the value to other textboxes in Title, App Domain and Redirect Url.
- Now enter the below permission request in XML format.
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl"/> </AppPermissionRequests> - When you click on Create you'll be presented with a permission consent dialog. Press Trust It to grant the permissions.
ADFS
Set the AuthScheme to ADFS. You need to set the following connection properties:
- User: Set this to the ADFS user.
- Password: Set this to ADFS password for the user.
- SSODomain (optional): The domain configured with the ADFS identity provider.
AuthScheme=ADFS;User=ADFSUserName;Password=ADFSPassword;URL='http://sharepointserver/mysite';
Okta
Set the AuthScheme to Okta. The following connection properties are used to connect to Okta:
- User: Set this to the Okta user.
- Password: Set this to Okta password for the user.
- SSODomain (optional): The domain configured with the OKTA identity provider.
The following is an example connection string:
AuthScheme=Okta;User=oktaUserName;Password=oktaPassword;URL='http://sharepointserver/mysite';
OneLogin
Set the AuthScheme to OneLogin. The following connection properties are used to connect to OneLogin:
- User: Set this to the OneLogin user.
- Password: Set this to OneLogin password for the user.
- SSODomain (optional): The domain configured with the OneLogin identity provider.
The following is an example connection string:
AuthScheme=OneLogin;User=OneLoginUserName;Password=OneLoginPassword;URL='http://sharepointserver/mysite';
PingFederate
Set the AuthScheme to PingFederate. The following connection properties are used to connect to PingFederate:
- User: Set this to the PingFederate user.
- Password: Set this to PingFederate password for the user.
- SSODomain (optional): The domain configured with the PingFederate identity provider.
The following is an example connection string:
AuthScheme=PingFederate;User=PingFederateUserName;Password=PingFederatePassword;URL='http://sharepointserver/mysite';
SharePointOAuth
Set the AuthScheme to SharePointOAuth. The following connection properties are used to connect to SharePointOAuth:
- InitiateOAuth: Set this to GETANDREFRESH.
- User: Set this to the SharePointOAuth user.
- Password: Set this to SharePointOAuth password for the user.
The following is an example connection string:
Schema=REST;InitiateOAuth=GETANDREFRESH;AuthScheme=SharepointOAuth;URL=https://rssbuscrm.sharepoint.com;User=SharePointUserName;Password=SharePointPassword;SharePointEdition='SharepointOnline';
OAuthJWT Certificate
Set the AuthScheme to OAUTHJWT. The following connection properties are used to connect to Microsoft SharePoint:
- OAuthGrantType: Set this to CLIENT.
- AzureTenant: Set this to the tenant you wish to connect to.
- OAuthJWTCert: Set this to the JWT Certificate store.
- OAuthJWTIssuer: Set this to the OAuth client Id.
MSI
If you are running Microsoft SharePoint on an Azure VM, you can leverage Managed Service Identity (MSI) credentials to connect:
- AuthScheme: Set this to AzureMSI.
The MSI credentials are automatically obtained for authentication.
Authenticating to SharePoint On-Premises
Set SharePointEdition to "SharePoint On-Premises" to use the following authentication types.
Windows (NTLM)
This is the most common authentication type. As such, the driver is preconfigured to use NTLM as the default; simply set the Windows User and Password to connect.
Kerberos
Set the AuthScheme to NEGOTIATE. The following connection properties are used to connect with Kerberos:
- KerberosKDC: Set this to the host name or IP Address of your Kerberos KDC machine.
- KerberosSPN: Set this to the service and host of the Microsoft SharePoint Kerberos Principal. This is the value prior to the '@' symbol (for instance, MyService/MyHost) of the principal value (for instance, MyService/MyHost@EXAMPLE.COM).
Please see Using Kerberos for details on how to authenticate with Kerberos.
ADFS
Set the AuthScheme to ADFS. Then set the following connection properties:
- User: Set this to the ADFS user.
- Password: Set this to ADFS password for the user.
- SSOLoginURL: Set this to the WS-trust endpoint of the ADFS server.
AuthScheme=ADFS;User=ADFSUserName;Password=ADFSPassword;SSOLoginURL='https://<authority>/adfs/services/trust/2005/usernamemixed';SSO Properties ='RelyingParty=urn:sharepoint:sp2016;';
Anonymous Access
Set the AuthScheme to NONE along with the URL.
MSI
If you are running Microsoft SharePoint on an Azure VM, you can leverage Managed Service Identity (MSI) credentials to connect:
- AuthScheme: Set this to AzureMSI.
The MSI credentials are automatically obtained for authentication.
Refreshing OAuth Values
The driver can refresh the temporary OAuth access tokens obtained during the browser-based OAuth authentication exchange. By default, the driver saves the encrypted tokens in the odbc.ini file corresponding to the DSN. Access to this odbc.ini file can be restricted in the case of System DSNs.
To enable the automatic token exchange, you can give the driver write access to the system odbc.ini.
Installing Dependencies for OAuth Authentication
The OAuth authentication standard requires the authenticating user to interact with Microsoft SharePoint, using a web-browser. If the first OAuth interaction is to be done on the same machine the driver is installed on, for example, a desktop application, the driver needs access to the xdg-open program, which opens the default browser.
To satisfy this dependency, install the corresponding package with your package manager:
| Debian/Ubuntu Package | RHEL/CentOS/Fedora Package | File |
| xdg-utils | xdg-utils | xdg-open |
Set the Driver Encoding
The ODBC drivers need to specify which encoding to use with the ODBC Driver Manager. By default, the CData ODBC Drivers for Unix are configured to use UTF-16 which is compatible with unixODBC, but other Driver Managers may require alternative encoding.
Alternatively, if you are using the ODBC driver from an application that uses the ANSI ODBC API it may be necessary to set the ANSI code page. For example, to import Japanese characters in an ANSI application, you can specify the code page in the config file '/opt/cdata/cdata-odbc-driver-for-sharepoint/lib/cdata.odbc.sharepoint.ini':
[Driver]
AnsiCodePage = 932