Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Organization profile connector hindered by read-only nature of record IDs
It appears the organization profile connector currently only works in environments where OUs are added sequentially with sequential IDs.
SharePoint has a “RecordId” field which is a unique identifier for an organization profile. This is also used to manage the hierarchy, with organization profiles having a parent property which contains the RecordId of the parent. However, this field is readonly in SharePoint, meaning that we have no control over its value, and to ensure the hierarchy is correct, the parent values would need to be updated for the organization profiles after an initial export. Currently, the mapping is only correct if SharePoint happens to generate an ID which is the same as the one from the source system.
The connector must be revisited to handle this behaviour.
Current work is around testing the addition of two fields to SharePoint and the FIM metaverse for handling this mapping as follows, making use of the export control of reference values. From an earlier email:
The issue of course here is that the record ID is not known prior to the creation of the organization in SharePoint, and a two-pass approach is required. However, if the field was configured as a reference instead you could assume that you would have already exported the parent and have its correct SharePoint ID, meaning you wouldn’t have to do all your adds and then all your updates on a second FIM export. This would, however, mean that the solution would need to configure the hierarchy as a reference (if it hadn’t already). In order for joins to work successfully, we’ll likely need to flow this information back into the MA.
AdapterEngine.extensibility.config.xml
ConnectorEngine.extensibility.config.xml
Conversation with Adam van Vliet Matthew Clark.msg
IDBSP-44 - Attribute Flows in SharePoint Org MA.png
orgDb.png
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp
Unable to read from SharePoint Lists since export of 37K+ items
Unable to Import from the 2 of the SharePoint Connectors since provisioning 37K+ Parents (Error is below).
In order for the SharePoint Export to work the Title attribute in the External Users list was changed from Required = True to False.
C:\Program Files\UNIFY Solutions\Services\Extensibility\ConnectorEngine.extensibility.config.xml.
Old <field name="Title" required="True" validator="string"/>
New <field name="Title" required="False" validator="string"/>
The Export was successful and parents appear in the IdB Connector and SharePoint List. However I now cannot Import back from SahrePoint.
I have changed the Title requirement back to true, this was not successful.
Error details:
System.Xml.XmlException: '=' is an unexpected token. The expected token is ';'. Line 1, position 56.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.HandleEntityReference(Boolean isInAttributeValue, EntityExpandType expandType, Int32& charRefEndPos)
at System.Xml.XmlTextReaderImpl.ParseAttributeValueSlow(Int32 curPos, Char quoteChar, NodeData attr)
at System.Xml.XmlTextReaderImpl.ParseAttributes()
at System.Xml.XmlTextReaderImpl.ParseElement()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.ParsePartialContent(XmlNode parentNode, String innerxmltext, XmlNodeType nt)
at System.Xml.XmlLoader.LoadInnerXmlElement(XmlElement node, String innerxmltext)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.<GetListItems>d__6.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext()
at Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext()
at Unify.Framework.EnumerableExtensions.<ProduceAutoPages>d__9`1.MoveNext()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Framework.Visitor.VisitEvaluateOnThreadPoolT(IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
at Unify.Framework.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Framework.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Framework.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.MutexJobDecorator.Run()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
bce.saz
Logs + dot net logs.zip
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.dll
Unify.Logs.zip
UnifyLog20120528.zip
UnifyLog20120604.zip
UnifyLog20120605.zip
UnifyLog20120605.zip
Group By Adapter or Transformation
Currently, the only way for us to create group memberships is to take a connector that contains a unique list of groups and do a relational.dn join to get its members.
Eg,
class connector contains class 001,
student enrolment connector contains a relationship between Student1 and 001
student enrolment connector contains a relationship between Student2 and 001
relational join on class:student1,student2
However, in some cases we may wish to create groups based on aggregate values (ie, group by) within a single connector - without a relationship connector.
Eg, Student connector that has Name, academicYearLevel and homeRoomClass
It would be great if i could create attribute-based groups based off of these values without a second connector that contains a unique list of academicYearLevels to join against.
Eg:
This would create an adapter that contains a unique list of academic years with a multi-value field that has DN's for the students
This would create an adapter that has attribute based groups for both academicYearLevel AND studentID... This is essentially 'union' functionality so that you don't need a seperate adapter for every type of attribute-based group. Fields are "groupkey" and "studentID". Note the prefix allows you to distinguish between the two groups (is pre-pended to attribute value)
Is equivalent to SQL group by school,academicYearLevel. Would return a group for each yearLevel at each school. The columns returned would be groupkey (containing school:academicYearLevel) and "studentID" (multi-value list of DN's... column name matches
SharePoint Broker: Deleting Users with checked out resources
When deleting a user, what will occur if the user has resources (eg a document) checked out in SharePoint. When using the standard web interface it fails. Can you describe the Broker process (will it just fail and return an error?)
SharePoint 2010 User Profile Service cannot import larger numbers of users by default
When attempting to retrieve user profiles from SharePoint 2010, the following error was thrown on the SharePoint side. Note that this is from a WCF trace on the SharePoint side - the error message thrown to Identity Broker is not at all helpful:
There was an error while trying to serialize parameter http://www.unifysolutions.net/IdentityBroker/SharePoint:GetProfilePageResult. The InnerException message was 'Maximum number of items that can be serialized or deserialized in an object graph is '65536'. Change the object graph or increase the MaxItemsInObjectGraph quota. '. Please see InnerException for more details.
Error thrown to Identity Broker:
Error occurred in module: Change detection engine Change detection engine poll for connector SharePoint 2010 User Profile Connector failed with reason An error occurred while receiving the HTTP response to http://c21sharepoint/_vti_bin/unify/userprofile.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.. Duration: 00:01:13.9003906 Error details: System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to http://c21sharepoint/_vti_bin/unify/userprofile.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Unify.Communicators.UserProfileManager.ISharePoint2010UserProfileService.GetProfilesByName(String[] accountNames) at Unify.Connectors.SharePoint2010UserProfileConnector.GetEntities(IEnumerable`1 entityIds) at Unify.Framework.ConnectorToPollingConnectorBridge.GetEntities(IEnumerable`1 entityIds) at Unify.Framework.EventNotifierReadingConnectorDecoratorBase`1.GetEntities(IEnumerable`1 entityIds) at Unify.Framework.ChangeDetectionPollJob.RunBase() at Unify.Framework.MutexJobDecorator.Run() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
The workaround is to decrease the number of users retrieved from SharePoint at a time using the bulkPageSize property of the communicator. However, the above attribute should be changed programmatically in the WCF service itself. SharePoint 2010 allocates a dynamic schema to all custom WCF services - see http://msdn.microsoft.com/en-us/library/ff521586.aspx.
SharePoint 2010 List connector failing scheduled polling imports and large lists
Manual polling import started but doesn't seem to finish and Management Studio doesn't show any activity on that connector. Also, all three SharePoint connectors have polling imports scheduled every 10 mins and there is no polling import activity on any of these connectors that I would expect.
In summary:
- Manually started polling import doesn't seem to finish
- Scheduled polling imports on any of the SharePoint connectors doesn't seem to be occurring before or after the manual polling import on the SharePoint External Users connector was initiated.
ConnectorEngine.extensibility.config.zip
Externals connector Configs.zip
IdB_network - Copy.zip
Log.zip
Logs.zip
Network.zip
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.dll
Unify.Communicators.Moss2007List.Interfaces.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.Connectors.Microsoft.SharePoint.dll
Unify.DLLs.zip
Unify.DLLs.zip
UnifyLog20120606.zip
UnifyLog20120607.csv
UnifyLog20120607.csv
UnifyLog20120611.zip
UnifyLog20120613.csv
UnifyLog20120613.zip
UnifyLog20120614.zip
UnifyLog20120625.zip
SharePoint web service connectors not using Framework communicators
When non-custom credentials are selected for the 2007 User Profile connector, an error appears during schema retrieval - "Value cannot be null: userCredentials". No other additional information logged. Unsure whether this is connector specific or from the Framework Web Communicator.
Edit:
This is because the connector is not using the web service from Framework.
The list web service has the same problem.
Review SharePoint 2010 User Profile tooltips
Currently the UserName/Password tooltips refer to "credntials", and the Enforce SID History is just "EnforceSIDHistory".
Installation of DLL in FIM extensions directory
IdB for FIM:
Is it possible to have the install place the DLL in the extensions dir & update xml file? Alternately, at end of install splash screen with remaining steps. Similar to Exchange install.
LINQ error and entity doesn't contain Id attribute error
Exporting to CRM, this is the result:
System.Exception: Error occurred when attempting to save entity with distinguished name CN=12700 Error: The method IEntityBase`.GetValue() is not supported in this context. Use IEntityBase`.GetValueOrDefault() instead. The method is not supported as use of this method in a LINQ statement against an implementation will result in the same exception type being thrown if the key value is not present in an instance of the entity. at Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor`4.VisitMethodCall(MethodCallExpression m) at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp) at Unify.Framework.ExpressionExpressionVisitorBase.<VisitExpressionList>b__d(Expression originalExpression) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source) at Unify.Framework.ExpressionExpressionVisitorBase.VisitExpressionList(ReadOnlyCollection`1 original) at Unify.Framework.Data.LinqContextConversionExpressionVisitorBase`5.VisitMethodCall(MethodCallExpression m) at Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor`4.VisitMethodCall(MethodCallExpression m) at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp) at Unify.Framework.Data.LinqContextConversionExpressionVisitorBase`5.VisitLambda(LambdaExpression lambda) at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp) at Unify.Framework.ExpressionExpressionVisitorBase.VisitUnary(UnaryExpression u) at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp) at Unify.Framework.ExpressionExpressionVisitorBase.<VisitExpressionList>b__d(Expression originalExpression) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source) at Unify.Framework.ExpressionExpressionVisitorBase.VisitExpressionList(ReadOnlyCollection`1 original) at Unify.Framework.Data.LinqContextConversionExpressionVisitorBase`5.VisitMethodCall(MethodCallExpression m) at Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor`4.VisitMethodCall(MethodCallExpression m) at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp) at Unify.Framework.Data.LinqContextConversionExpressionVisitorBase`5.ConvertExpression(Expression partitionExpression) at Unify.Framework.Data.LinqQueryConversionProvider`5.GetOrderedQuery(Expression businessExpression, IQueryable`1 sourceQueryable, TContext sourceContext) at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator() at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) at Unify.Product.IdentityBroker.DynamicsCrmObjectConnector.UpdateEntities(IEnumerable`1 entities) at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities) at Unify.Product.IdentityBroker.Adapter.UpdateEntities(IEnumerable`1 entities, Boolean reflect) at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.UpdateEntity(IAdapterEntity entityToSave) at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) at SyncInvokeExportChanges(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml
Customer support service by UserEcho
