Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Add request failed as the converted DN blah does not match the request DN otherBlah

Matthew Woolnough 7 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 7 years ago 9

Seeing the error below in exporting users to Sharepoint. 

Is there a DN requirement in Sharepoint?


Add request failed as the converted DN UID=18df1b3e-7787-429b-b0a0-ddad2ed4b1a4,OU=SPUsers,DC=IdentityBroker does not match the request DN CN=wxli,OU=SPUsers,DC=IdentityBroker.
Answer
anonymous 7 years ago

Hi Matt,

This error indicates that the DN that you are generating in your IDM platform differs from the DN generated by Identity Broker based on the Distinguished Name Template for your adapter. You'll need to reconfigure one or the other so that they match. Just a note that if you use @IdBID in the DN template, you will also need to supply a value for the entryUUID field as part of your add requests.

0
Answered

"Attempted to perform an unauthorized operation" Error on Export

Matthew Woolnough 7 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 7 years ago 8

Permissions like error upon export to Sharepoint.  I have reviewed the Pre-reqs and it appears as though the service account has the appropriate rights (screenshots below).

Are there additional rights required?

Matthew


System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Attempted to perform an unauthorized operation. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at Microsoft.Office.Server.UserProfiles.OrganizationProfileValueCollection.CheckUpdatePermissions()
   at Microsoft.Office.Server.UserProfiles.ProfileValueCollectionBase.set_Value(Object value)
   at Microsoft.Office.Server.UserProfiles.OrganizationProfile.set_DisplayName(String value)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.PopulateProfile(OrganizationProfileData organizationProfile, OrganizationProfile profile, IEnumerable`1 schemaValueNames)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.UpdateOrganizationProfile(OrganizationProfileData organizationProfile, String[] schemaValueNames)
   at SyncInvokeUpdateOrganizationProfile(Object , Object[] , Object[] )
   ...).

 




Answer
anonymous 7 years ago

In all three cases, the stack traces show the error is raised inside the Microsoft library (Microsoft.Office.Server.UserProfiles) and we are reporting them as-is.

0
Fixed

KeyNotFoundException on Sharepoint Org export

Matthew Woolnough 7 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 7 years ago 6

Error being encountered exporting data to Sharepoint org connector

Image 4323


System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Unify.Product.IdentityBroker.SharePoint2010Utilities.ConvertAttributeToValues(KeyValuePair`2 attribute, IDictionary`2 profileTypes, IValueAdapter`2 referenceValueToUserProfileNameAdapter, UserProfileNameToStringAdapter userProfileToNameAdapter)
   at Unify.Product.IdentityBroker.SharePoint2010OrganizationProfileConnector.<ConvertConnectorEntityToOrganizationProfileData>b__34_3(<>f__AnonymousType4`2 <>h__TransparentIdentifier1)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Product.IdentityBroker.SharePoint2010OrganizationProfileConnector.ConvertConnectorEntityToOrganizationProfileData(IConnectorEntity connectorEntity)
   at Unify.Product.IdentityBroker.SharePoint2010OrganizationProfileConnector.UpdateEntity(IConnectorEntity entity, ISharePoint2010OrganisationProfileService communicatorChannel, ISaveEntityResults`2 results)
Answer
anonymous 7 years ago

Perfect, thanks for that!

This should fix it: Unify.Connectors.Microsoft.SharePoint.dll

0
Answered

Sharepoint connector ignores proxy configuration

Matthew Woolnough 11 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 3

Configuring following settings in an attempt to use Fiddler to debug connection.
Connector ignores proxy configuration, it does not appear to route traffic to proxyUri.

<communicator
ignoreCertificateError="True"
pollingChangeTokenOffset="-1.00:00:00"
credentials="Custom"
proxy="Custom"
preauthenticate="true"
timeout="02:00:00"
proxyUri="http://localhost:8888"
uri="http://kweb.bne.catholic.edu.au/informationservices/SSAS/SSA/"
domain="CATHOLIC"
user="svc_FIM_SharePoint"
securePassword="TE+bBSNefb5uHPQAhhSpsw==" certificate="" listName="eMinerva Exceptions - All Schools" viewName="" rowLimit="100">
</communicator>

0
Answered

Improve handling of Root Organization behaviour

Matthew Clark 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 4

See APRA-38, IDBSP-47 and http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/e9c91765-4c35-424d-888d-58e993783855. SharePoint 2010 will become unresponsive if the root organization is set to be its own parent, even though SharePoint does not prevent you from doing so programmatically or via the UI. Both the UI and the object model are affected by this bug. SharePoint considers the root organization to be the first organization with a parent of -1 in its database (ie. how it determines its value of the RootOrganization property). It is operationally and functionally valid for multiple organizations to exist with a parent of -1, and also to be self-referential (ie. their own parent), but doing so on the profile SharePoint considers its root brings about this instability. The connector could account for this functional limitation by preventing the solution from modifying the parent of the root organization. It is then up to solution implementers to ensure the behaviour of their hierarchy is correct.

Estimate includes work initial research carried out already, as well as implementing and testing.

0
Fixed

Issues with SharePoint list polling

Matthew Clark 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 4

I've encountered issues with the new polling functionality of the list connector. In both SharePoint 2007 and 2010, the following error is thrown when changes are present in the list:

Timestamp	Severity	Source	Module	Message
23/06/2011 4:18:12 PM	Warning	Change detection engine poll failed.	Change detection engine	"Change detection engine poll for connector SharePoint 2007 List Connector failed with reason StartIndex cannot be less than zero.
Parameter name: startIndex. Duration: 00:00:03.2295000
Error details:
System.ArgumentOutOfRangeException: StartIndex cannot be less than zero.
Parameter name: startIndex
   at System.String.Remove(Int32 startIndex, Int32 count)
   at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.GetIdsWhereClause(Int32[] ids) in C:\Hg\Connectors\Microsoft.SharePoint\Master\Source\Unify.Communicators.Moss2007List\Moss2007ListWebServiceCommunicatorBase.cs:line 371
   at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.<GetListItems>d__6.MoveNext() in C:\Hg\Connectors\Microsoft.SharePoint\Master\Source\Unify.Communicators.Moss2007List\Moss2007ListWebServiceCommunicatorBase.cs:line 232
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext()
   at Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext()
   at Unify.Framework.EnumerableExtensions.<ProduceAutoPages>d__9`1.MoveNext()
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
   at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
   at Unify.Framework.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
   at Unify.Framework.ChangeDetectionPollJob.RunBase()
   at Unify.Framework.MutexJobDecorator.Run()
   at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
   at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)"

Config attached


ConnectorEngine.extensibility.config.xml
0
Fixed

Organization profile connector polling not possible

Adam van Vliet 14 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 6

Polling has had to be disable in the Organization Connector.

When OrganizationProfileManager.GetChanges(token); is called, the exception below is thrown.

This is due to the OrganizationProfileMembershipChange constructor containing a cast directly from an object to an int.

The code for polling is already written, only the interface on the connector was removed.

Check online sources, find a patch or raise an issue with Microsoft.

Specified cast is not valid.
   at Microsoft.Office.Server.UserProfiles.OrganizationProfileMembershipChange..ctor(ProfileManagerBase profileManager, SqlDataReader reader, Boolean loadProfile, ProfileBase profile)
   at Microsoft.Office.Server.UserProfiles.ProfileBase.GetOneChange(ProfileManagerBase profileManager, SqlDataReader sqlRecords, Boolean restrictToColleagueProperties, Boolean loadProfile, ProfileBase profile)
   at Microsoft.Office.Server.UserProfiles.ProfileBase.GetChanges(ProfileManagerBase profileManager, Int32 viewerRights, ProfileBaseChangeQuery changeQuery, Boolean restrictToColleagueChanges, Boolean fSortDescending, ProfileBase profile)
   at Microsoft.Office.Server.UserProfiles.ProfileBase.GetChanges(ProfileManagerBase profileManager, Int32 viewerRights, ProfileBaseChangeQuery changeQuery)
   at Microsoft.Office.Server.UserProfiles.OrganizationProfileManager.GetChanges(ProfileBaseChangeQuery changeQuery)
   at Microsoft.Office.Server.UserProfiles.OrganizationProfileManager.GetChanges(UserProfileChangeToken changeToken)
   at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.GetChangedOrganizationProfileIds(String oldChangeToken)
0
Fixed

Adapter RDN - DN Formatting Issue

Richard Green 10 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 7

Hi Gents,

I've run into an issue with the DN formatting on an Adapter for my SharePoint Connector.

The usual DN configuration for a SharePoint adapter is an RDN configured on the AccountName field. (This is always in the format - CN=<acctname>,DC=<domain>)

I have configured my dn template as AccountName as shown in the attached screenshots. However on import into FIM, the DN format is incorrect - the commas in the DN have been replaced with plus characters.

ie. 'CN=xs-sp-setup,DC=tafe' is imported as 'CN=xs-sp-setup+DC=tafe'

I've attached screenshots showing the Connector values, DN configuration and FIM import values, along with the LDIF file output from the Adapter Full Import.

Is this possibly a mis-configuration?


Adapter Values.PNG
FIM Objects.PNG
RDN Config.PNG
Unify.Framework.IO.LDIF.dll
UNIFYFull.txt
0
Fixed

Remove Connection Checks For Start-Up of Identity Broker

Richard Courtenay 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 6

Currently the SharePoint Broker causes the startup of Identity Broker to fail if a connection can not be established to sharepoint (see error below).

This is not ideal behaviour as it places a dependency of Identity Broker on the SharePoint server being available. Realistically, even if SharePoint is not available, other systems may be and the inability to connect to SharePoint should not prevent data synchronization between HR, SQL or any other systems.

The issue is documented already, but I think if possible we should at least allow Identity Broker to start, as we do with other systems. https://unifysolutions.jira.com/wiki/display/IDBSP305/Identity+Broker+Service+fails+to+start+or+a+full+import+fails+due+to+a+permissions+error

The current work around is to remove/comment out the connector and any adapters completely.

Service cannot be started. Unify.Framework.UnifyServerInitializeException: Could not connect to http://sharepoint/_vti_bin/unify/userprofile.svc. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.133:80.  ---> System.ServiceModel.EndpointNotFoundException: Could not connect to http://sharepoint/_vti_bin/unify/userprofile.svc. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.133:80.  ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.133:80
   at System.Net.Soc...
0
Fixed

MOSS List Connector error when modifying multivalue user lookup field

Matthew Clark 12 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 6

Updates to the MOSS List connector are failing. I have attempted to update the Author and the Description field. Error message:

The extensible extension returned an unsupported error.
The stack trace is:

"System.Exception: Error occurred when attempting to save entity with distinguished name

UID=f2ef4a06-c8fb-4c2e-a354-16ae7eb227d2

Error:

Object reference not set to an instance of an object.
at Unify.Communicators.ValuesToJoinedLookupAdapter.Transform(IEnumerable`1 sourceValue)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.GetBatch(IEnumerable`1 data)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.ModifyListItemAndReturnUpdates(IEnumerable`1 data)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.ModifyListItemAndReturnId(IEnumerable`1 data)
at Unify.Connectors.MossListConnector.SaveEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.UpdateEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Product.IdentityBroker.Adapter.UpdateEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Product.IdentityBroker.Adapter.UpdateEntity(IAdapterEntity entity)
at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.UpdateEntity(IAdapterEntity entityToSave)
at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
at SyncInvokeExportChanges(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Forefront Identity Manager 4.1.2273.0"

See screenshot for attempted modification.


List Update.png
Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml