Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+3
Completed

Identity Broker for Google Apps v5

Boyd Bostock 3 years ago in UNIFYBroker/Google Apps • updated by anonymous 3 years ago 2

Can Identity Broker for Google Apps be made available for Identity Broker v5?


This Broker can manage more attributes than the Google Apps Directory Synchronization and can make use of existing PCNS deployments rather than require Google Apps Password Sync GAPS which needs to be installed on all DCs and is limited to one Google Apps domain.


Cairns Catholic Education will use it and Brisbane Catholic Education would be likely to use it to replace GAPS and GADS with FIM/MIM and IdB.

0
Fixed

Google passwords are not being set on creation

Google passwords are not being set on creation, subsequent resets in AD are synchronised successfully.

In MIM the export_password attribute is set with the desired password, I was unable to find any information about this attribute or how to configure the Password Script in the Google Connector.

Unsure of when this started to re-occur as most users authenticate via the IDP, however Chromebooks authenticate directly. It appears this issue has occurred before https://voice.unifysolutions.net/communities/6/topics/2816-passwords-are-not-set-on-google-account-creation however the key is configured to be email address.

Identity Broker: v5.2.0 Revision #3
Google Connector: 5.2.0.2
Unify.IdentityBroker.Communicator.Google.dll: 5.2.0.1

Answer

So just confirming, using the Identity Broker version of the Newtonsoft fixes that particular issue? I'll update the connector to use the same version so that it isn't able to override it.

Do you have an update on whether the password change is working?

0
Fixed

Google User Settings - Delete SendAs Address

I am getting an error using the Google User Settings connector. The error occurs when deleting a custom SendAs address which was previously added using the connector.

Example

DN: CN=gsurname@email.com,OU=GmailSettings,DC=IdentityBroker

SendAs Unchanged: <SendAs name="""" address=""gsurname@email.com"" replyTo="""" signature="""" default=""false"" />

SendAs Unchanged: <SendAs name=""Givenname Surname"" address=""gsurname@email2.com"" replyTo="""" signature="""" default=""true"" />

SendAs Delete: <SendAs name=""Givenname Surname"" address=""gsurname@email3.com"" replyTo="""" signature="""" default=""false"" />

Error Message

System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.UserSettingsEntityMapper.MapEntity(IEntity originalEntity, IConnectorEntity exportedEntity)
   at Unify.Product.IdentityBroker.GoogleUserSettingsConnector.<>c__DisplayClass20_0.<UpdateEntities>b__4(IConnectorEntity entity)
   at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Product.IdentityBroker.GoogleUserSettingsConnector.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.AuditUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)


Answer

Now that I'm looking at it, name is probably a bad key for the list of send-as (I don't recall making the decision when originally developing it). Shall I give you a patch that uses the email address instead, try to save you going through that fun?

0
Declined

Separation of Signature and SendAs

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 3

The signature is currently combined in the same attribute as the SendAs field. Is it possible to separate these attributes?

Signature in UI showing linkage to default SendAs


Signature in UI showing linkage to non-default SendAs


<SendAs name="" address="bbostock@cns.catholic.edu.au" replyTo="" signature="<div dir="ltr"><div>Regards</div><div>My Name</div><div><br></div><div>My Title2</div><div>My Department2</div><div>My Company2</div><div>p: 0400 000 000</div><div>e: <a href="mailto:myemail@mycompany2.com" target="_blank">myemail@mycompany2.com</a></div></div>" default="false" />, <SendAs name="Boyd Bostock" address="bbostock@sscc.qld.edu.au" replyTo="" signature="<div dir="ltr">Regards<div>My Name</div><div><br></div><div>My Title</div><div>My Department</div><div>My Company</div><div>p: 0400 000 000</div><div>e: <a href="mailto:myemail@mycompany.com" target="_blank">myemail@mycompany.com</a></div><div><br></div></div>" default="true" />

Answer
anonymous 2 years ago

I think it will be problematic as email addresses will change if people transfer between schools. For my purposes I will configure the MIM Rule Extension to preserve the signature if present.

0
Not a bug

Google Groups: External Members email address case mismatch

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 2

I have found issues with differences in case between MIM and Google is causing unnecessary exports. To overcome this I have ensured all email addresses exports are in lowercase, the exports are successful but a subsequent import from Google returns the addresses in the original case.

I have found an anomaly in Google where one view shows the addresses in lowercase and another in mixed case. I suspect that although the email address case changes successfully it is not synchronised everywhere.

Admin Console View

Google Groups View


  • Is there another membership attribute that can be used instead?
  • Is there a transformation that can convert to lowercase (multi-valued field)? MIM cannot do this for confirming imports.
  • Is it possible/appropriate to add an option to the Connector to import all email addresses as lowercase?
Answer
anonymous 2 years ago

No response.

0
Completed

Gmail Settings remove Lables

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 1

Labels is one of the settings available in the GMail API and results in a large amount of data being retuned. As there is not IAM requirement for Labels settings I would recommend it is removed from the Google User/GMail Settings Connector.

Answer
anonymous 2 years ago

Remove any non-required fields from the schema - that way the call won't be made as each of the fields are done as separate calls.

0
Fixed

Google User Settings Connector import failing

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 36

Import is failing for Google User Settings Connector after exactly 1 hour (log entries attached).

Error Google User Settings.txt

Answer
anonymous 2 years ago

No response.

0
Fixed

Failure adding a group as a member of another group in Google Apps

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 1

I am getting the error below when adding a group with other groups as members. I can add the groups to membership manually and the subsequent import imports the membership with the correct DN.

Error Nested Group Members.txt

Image below shows the groups added manually and the one that is failing. The failing group was added manually to confirm it is possible.


Answer
anonymous 2 years ago

There was a difference in how groups were calculated over users. See v5.0.0.2.

0
Answered

Email Address changes in Google Apps

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 6

I am using the email address in the DN and have a requirement to allow accounts to be renamed. There are no other attributes that are suitable for use in the DN.

If I change the email address attribute it will fail (error attached) as it is being used in the DN. I have attempted change the DN however MIM is processing it as an attribute flow instead of a rename (error and screenshot attached).

Error Email Address Change.txt

Error DN and Email Address Change.txt

Answer
anonymous 2 years ago

User rename split out from user update so that it does only what is required. See v5.0.0.2.

0
Fixed

Passwords are not set on Google account creation

Boyd Bostock 2 years ago in UNIFYBroker/Google Apps • updated by anonymous 2 years ago 8

When a new account is created an error is generated in the IdB log and the user is created in Google, however the password has not been set.

Packet Trace: UserCreate.pcap

Log: UnifyLog20170117.csv



Answer
anonymous 2 years ago

Apologies Boyd, I left out a couple of extra DLLs. I just dropped this patch onto a fresh v5.0.5 install to check and the service starts and I'm able to create adapters fine, so hopefully this resolves it for you.

UE2816 Patch 2.zip