Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Add request failed as the converted DN blah does not match the request DN otherBlah
Seeing the error below in exporting users to Sharepoint.
Is there a DN requirement in Sharepoint?
Add request failed as the converted DN UID=18df1b3e-7787-429b-b0a0-ddad2ed4b1a4,OU=SPUsers,DC=IdentityBroker does not match the request DN CN=wxli,OU=SPUsers,DC=IdentityBroker.
Hi Matt,
This error indicates that the DN that you are generating in your IDM platform differs from the DN generated by Identity Broker based on the Distinguished Name Template for your adapter. You'll need to reconfigure one or the other so that they match. Just a note that if you use @IdBID in the DN template, you will also need to supply a value for the entryUUID field as part of your add requests.
"Attempted to perform an unauthorized operation" Error on Export
Permissions like error upon export to Sharepoint. I have reviewed the Pre-reqs and it appears as though the service account has the appropriate rights (screenshots below).
Are there additional rights required?
Matthew
System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Attempted to perform an unauthorized operation. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: Attempted to perform an unauthorized operation. at Microsoft.Office.Server.UserProfiles.OrganizationProfileValueCollection.CheckUpdatePermissions() at Microsoft.Office.Server.UserProfiles.ProfileValueCollectionBase.set_Value(Object value) at Microsoft.Office.Server.UserProfiles.OrganizationProfile.set_DisplayName(String value) at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.PopulateProfile(OrganizationProfileData organizationProfile, OrganizationProfile profile, IEnumerable`1 schemaValueNames) at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.UpdateOrganizationProfile(OrganizationProfileData organizationProfile, String[] schemaValueNames) at SyncInvokeUpdateOrganizationProfile(Object , Object[] , Object[] ) ...).
In all three cases, the stack traces show the error is raised inside the Microsoft library (Microsoft.Office.Server.UserProfiles) and we are reporting them as-is.
KeyNotFoundException on Sharepoint Org export
Error being encountered exporting data to Sharepoint org connector
System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Unify.Product.IdentityBroker.SharePoint2010Utilities.ConvertAttributeToValues(KeyValuePair`2 attribute, IDictionary`2 profileTypes, IValueAdapter`2 referenceValueToUserProfileNameAdapter, UserProfileNameToStringAdapter userProfileToNameAdapter)
at Unify.Product.IdentityBroker.SharePoint2010OrganizationProfileConnector.<ConvertConnectorEntityToOrganizationProfileData>b__34_3(<>f__AnonymousType4`2 <>h__TransparentIdentifier1)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.SharePoint2010OrganizationProfileConnector.ConvertConnectorEntityToOrganizationProfileData(IConnectorEntity connectorEntity)
at Unify.Product.IdentityBroker.SharePoint2010OrganizationProfileConnector.UpdateEntity(IConnectorEntity entity, ISharePoint2010OrganisationProfileService communicatorChannel, ISaveEntityResults`2 results)
Perfect, thanks for that!
This should fix it: Unify.Connectors.Microsoft.SharePoint.dll
Sharepoint connector ignores proxy configuration
Configuring following settings in an attempt to use Fiddler to debug connection.
Connector ignores proxy configuration, it does not appear to route traffic to proxyUri.
<communicator
ignoreCertificateError="True"
pollingChangeTokenOffset="-1.00:00:00"
credentials="Custom"
proxy="Custom"
preauthenticate="true"
timeout="02:00:00"
proxyUri="http://localhost:8888"
uri="http://kweb.bne.catholic.edu.au/informationservices/SSAS/SSA/"
domain="CATHOLIC"
user="svc_FIM_SharePoint"
securePassword="TE+bBSNefb5uHPQAhhSpsw==" certificate="" listName="eMinerva Exceptions - All Schools" viewName="" rowLimit="100">
</communicator>
Improve handling of Root Organization behaviour
See APRA-38, IDBSP-47 and http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/e9c91765-4c35-424d-888d-58e993783855. SharePoint 2010 will become unresponsive if the root organization is set to be its own parent, even though SharePoint does not prevent you from doing so programmatically or via the UI. Both the UI and the object model are affected by this bug. SharePoint considers the root organization to be the first organization with a parent of -1 in its database (ie. how it determines its value of the RootOrganization property). It is operationally and functionally valid for multiple organizations to exist with a parent of -1, and also to be self-referential (ie. their own parent), but doing so on the profile SharePoint considers its root brings about this instability. The connector could account for this functional limitation by preventing the solution from modifying the parent of the root organization. It is then up to solution implementers to ensure the behaviour of their hierarchy is correct.
Estimate includes work initial research carried out already, as well as implementing and testing.
Issues with SharePoint list polling
I've encountered issues with the new polling functionality of the list connector. In both SharePoint 2007 and 2010, the following error is thrown when changes are present in the list:
Timestamp Severity Source Module Message 23/06/2011 4:18:12 PM Warning Change detection engine poll failed. Change detection engine "Change detection engine poll for connector SharePoint 2007 List Connector failed with reason StartIndex cannot be less than zero. Parameter name: startIndex. Duration: 00:00:03.2295000 Error details: System.ArgumentOutOfRangeException: StartIndex cannot be less than zero. Parameter name: startIndex at System.String.Remove(Int32 startIndex, Int32 count) at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.GetIdsWhereClause(Int32[] ids) in C:\Hg\Connectors\Microsoft.SharePoint\Master\Source\Unify.Communicators.Moss2007List\Moss2007ListWebServiceCommunicatorBase.cs:line 371 at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.<GetListItems>d__6.MoveNext() in C:\Hg\Connectors\Microsoft.SharePoint\Master\Source\Unify.Communicators.Moss2007List\Moss2007ListWebServiceCommunicatorBase.cs:line 232 at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext() at Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext() at Unify.Framework.EnumerableExtensions.<ProduceAutoPages>d__9`1.MoveNext() at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit() at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads) at Unify.Framework.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities) at Unify.Framework.ChangeDetectionPollJob.RunBase() at Unify.Framework.MutexJobDecorator.Run() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)"
Config attached
ConnectorEngine.extensibility.config.xml
Organization profile connector polling not possible
Polling has had to be disable in the Organization Connector.
When OrganizationProfileManager.GetChanges(token); is called, the exception below is thrown.
This is due to the OrganizationProfileMembershipChange constructor containing a cast directly from an object to an int.
The code for polling is already written, only the interface on the connector was removed.
Check online sources, find a patch or raise an issue with Microsoft.
Specified cast is not valid. at Microsoft.Office.Server.UserProfiles.OrganizationProfileMembershipChange..ctor(ProfileManagerBase profileManager, SqlDataReader reader, Boolean loadProfile, ProfileBase profile) at Microsoft.Office.Server.UserProfiles.ProfileBase.GetOneChange(ProfileManagerBase profileManager, SqlDataReader sqlRecords, Boolean restrictToColleagueProperties, Boolean loadProfile, ProfileBase profile) at Microsoft.Office.Server.UserProfiles.ProfileBase.GetChanges(ProfileManagerBase profileManager, Int32 viewerRights, ProfileBaseChangeQuery changeQuery, Boolean restrictToColleagueChanges, Boolean fSortDescending, ProfileBase profile) at Microsoft.Office.Server.UserProfiles.ProfileBase.GetChanges(ProfileManagerBase profileManager, Int32 viewerRights, ProfileBaseChangeQuery changeQuery) at Microsoft.Office.Server.UserProfiles.OrganizationProfileManager.GetChanges(ProfileBaseChangeQuery changeQuery) at Microsoft.Office.Server.UserProfiles.OrganizationProfileManager.GetChanges(UserProfileChangeToken changeToken) at Unify.Connectors.SharePoint.SharePoint2010WCFService.UNIFYIdentityBrokerService.SharePoint2010OrganizationProfileService.GetChangedOrganizationProfileIds(String oldChangeToken)
Adapter RDN - DN Formatting Issue
Hi Gents,
I've run into an issue with the DN formatting on an Adapter for my SharePoint Connector.
The usual DN configuration for a SharePoint adapter is an RDN configured on the AccountName field. (This is always in the format - CN=<acctname>,DC=<domain>)
I have configured my dn template as AccountName as shown in the attached screenshots. However on import into FIM, the DN format is incorrect - the commas in the DN have been replaced with plus characters.
ie. 'CN=xs-sp-setup,DC=tafe' is imported as 'CN=xs-sp-setup+DC=tafe'
I've attached screenshots showing the Connector values, DN configuration and FIM import values, along with the LDIF file output from the Adapter Full Import.
Is this possibly a mis-configuration?
Adapter Values.PNG
FIM Objects.PNG
RDN Config.PNG
Unify.Framework.IO.LDIF.dll
UNIFYFull.txt
Remove Connection Checks For Start-Up of Identity Broker
Currently the SharePoint Broker causes the startup of Identity Broker to fail if a connection can not be established to sharepoint (see error below).
This is not ideal behaviour as it places a dependency of Identity Broker on the SharePoint server being available. Realistically, even if SharePoint is not available, other systems may be and the inability to connect to SharePoint should not prevent data synchronization between HR, SQL or any other systems.
The issue is documented already, but I think if possible we should at least allow Identity Broker to start, as we do with other systems. https://unifysolutions.jira.com/wiki/display/IDBSP305/Identity+Broker+Service+fails+to+start+or+a+full+import+fails+due+to+a+permissions+error
The current work around is to remove/comment out the connector and any adapters completely.
Service cannot be started. Unify.Framework.UnifyServerInitializeException: Could not connect to http://sharepoint/_vti_bin/unify/userprofile.svc. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.133:80. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to http://sharepoint/_vti_bin/unify/userprofile.svc. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.133:80. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.133:80 at System.Net.Soc...
MOSS List Connector error when modifying multivalue user lookup field
Updates to the MOSS List connector are failing. I have attempted to update the Author and the Description field. Error message:
The extensible extension returned an unsupported error.
The stack trace is:
"System.Exception: Error occurred when attempting to save entity with distinguished name
UID=f2ef4a06-c8fb-4c2e-a354-16ae7eb227d2
Error:
Object reference not set to an instance of an object.
at Unify.Communicators.ValuesToJoinedLookupAdapter.Transform(IEnumerable`1 sourceValue)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.GetBatch(IEnumerable`1 data)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.ModifyListItemAndReturnUpdates(IEnumerable`1 data)
at Unify.Communicators.Moss2007ListWebServiceCommunicatorBase.ModifyListItemAndReturnId(IEnumerable`1 data)
at Unify.Connectors.MossListConnector.SaveEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.UpdateEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Product.IdentityBroker.Adapter.UpdateEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Product.IdentityBroker.Adapter.UpdateEntity(IAdapterEntity entity)
at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.UpdateEntity(IAdapterEntity entityToSave)
at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
at SyncInvokeExportChanges(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Forefront Identity Manager 4.1.2273.0"
See screenshot for attempted modification.
List Update.png
Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml
Customer support service by UserEcho