Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Error updating an AD user
Error:
20180802,13:57:12,UNIFY Identity Broker,EntitySaver,Error,"The entity 603474 (6cd1989f-bfe8-4f1e-adb6-004af8cea53f) for the adapter AD User Adapter (9f73e5e5-30df-4142-b850-db3e31f0a931) failed to update for the following reasons: Received error code InvalidAttributeSyntax for item with dn CN=redacted,DC=au. Message: 00000057: LdapErr: DSID-0C090BD1, comment: Error in attribute conversion operation, data 0, v1772",Normal
It happens to both Add and Update. However, I changed Outgoing Filter to update only one user and AD Link only update 3 fields: company, department, title. The error still happens ...
TestHarness to CSV file works well ...
Via screenshare, the issue turned out to be the casing of the msExchHideFromAddressLists field, which was manually added to the connector as a boolean but requires uppercase. Changing it to string resolved the issue.
AD Link shows outgoing sync successful but entities werent provisioned
No error in Log either:
20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter completed.
Synchronization job completed syncing 116 changes on the 'AD Link' link from the locker to adapter. Delayed: 0 Incomplete: 0 Denied: 0 Job ID: c5198353-498f-49ab-ad39-3f3ad154b57c Duration: 00:00:10.9188371",Normal
20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync adapter to locker started.
Synchronization job started syncing 21057 changes on the 'AD Link' link from the adapter to locker. Job ID: 8ab397a7-93fc-484d-b25f-0f1faaa6e883",Normal
20180121,13:01:32,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine unscheduled started.
Change detection engine unscheduled for connector AD Users started.",Normal
Link shows ougoing sync all good:
AD User Connector shows no entity is saved. AD User Adapter shows no entity is added. Test Mode is disabled.
Failed to export to AD
I have the below error when trying to export to AD. It may be due to the exporting volume.
20180121,00:00:00,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20180121,00:16:39,UNIFY Identity Broker,Link,Error,"Request to sync changes on link failed.
Request to sync changes on link AD Link (4a76f3ba-6c07-4d9a-9f96-c7dc14fff2e6) in direction incoming failed with message Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. [Count:158178]. Duration: 00:16:54.0665482
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
at Unify.Product.Plus.LinkSynchronizer`2.<ProcessFilters>d__10.MoveNext()
at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:d630c91c-5b93-44fe-ad1a-8e0b6dc2d624
Error Number:-2,State:0,Class:11",Normal
20180121,00:16:39,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter errored.
Synchronization job failed syncing 158178 changes on the 'AD Link' link from the locker to adapter with the reason Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.. Job ID: acf66fc4-57f8-47ae-8baf-fd121dee8efa Duration: 00:16:54.0665482
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
at Unify.Product.Plus.LinkSynchronizer`2.<ProcessFilters>d__10.MoveNext()
at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:d630c91c-5b93-44fe-ad1a-8e0b6dc2d624
If you've been performing a large number of changes and importing fresh data, the database is likely requiring some maintenance. See https://voice.unifysolutions.net/forums/7-identity-broker-knowledge/topics/2936-identity-broker-database-recommendations/
Viewing changes in IDB Plus
It would be very useful to view the changes that are going to happen to verify data transformation.
Hi Huu,
Great idea, I've added this as an item to the backlog.
how to map Date to Timestamp from Adapter to Locker
An vice versa? Is there any built in transformation or is has to be done by powershell task?
Hi Huu,
There is currently no way to do this directly. As you suggest, you could use a PowerShell task in the Synchronization stage to apply the mapping, or alternatively you could use a Time Offset Transformation in the adapter to generate a Timestamp field. We may look at easier ways to accomplish type conversions in the future, but it would more likely be by converting the type in an adapter transformation.
Out of curiosity, what is the use case?
How deprovisioning work in IDB Plus?
It is outgoing provisioning and deprovisioning: Locker-AD Link-AD Adapter - AD User Connector - AD OU
Assume that Locker has 2000 users and there are 3000 users in AD OU--> 3000 in AD Adapter.
After Import All in AD User Connector and Baseline Sync in AD Link, 1500 users in Locker join 1500 in AD Adapter.
In this case, 500 new users will be created in AD because of outgoing provisioning. How about 1500 not-joined users in AD, will they be removed due to outgoing deprovisioning?
Hi Huu,
No, such entities shouldn't be deprovisioned during a baseline. A baseline effectively simulates a change to every entity on both sides of the link, but deprovisioning only occurs when an entity is removed from the source context (i.e. a change is registered against an entity that no longer exists in the context).
Health Check Uptime for IDaaS only shows past 24 hours
This is probably fine for the customer facing thing - but I think we need to have something for our own purposes that gives a little more information than this.
Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.
Provisions in Last Month graph should be bar chart instead of line chart
This graph is confusing - if it's the "last month" - where's the last month? I also think it would be better as a bar graph.
Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.
Link Connector Errors is poorly designed
This graph is misleading - this is total connector messages. We need to rethink what this section of the graph is trying to say.
Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.
Configuring Identity Broker Plus v5.2.1 via API's only
Looking for guidance on how to configure IdB Plus via API's only. Thanks in advance.
Hi Adam,
See APIs. If you visit the Swagger endpoint you can see documentation on the API operations available to you. For the default API endpoint, this should be http://localhost:59991/IdentityBroker/swagger
Customer support service by UserEcho
