Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+1
Fixed

MIM Adapter Error if no IDB Adapters Enabled

Tested Against: Identity Broker v5.3

Currently if you have no adapters enabled in IDB, and you attempt to create an MA in MIM using the MIM Adapter ECMA2, you get the following error:

The extensible extension returned an unsupported error.
  
The stack trace is:
 "System.InvalidOperationException: Sequence contains no elements
   at System.Linq.Enumerable.Aggregate[TSource](IEnumerable`1 source, Func`3 func)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.get_Schema()
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.4.1302.0"

It would be good if the error could either be reported in a more logical way (IE inform that there's no adapters enabled, and therefore no OU's to load), or simply allow the creation process to continue and the user will realise there's no adapters enabled in a subsequent step.


The error also occurs if you have adapters which are enabled with valid schema, but inhibited due to a condition with the base connector. 

Answer

Fixed, will be in next release

0
Not a bug

System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

Currently have a client getting errors on all exports to a Broker (5.3.1) adapter (ma-extension-error).

Happening on adds,updates,deletes

Not much in the way of messaging provided except for the following after each attempt at export:

The extensible extension returned an unsupported error.

The stack trace is:

"System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

at System.ThrowHelper.ThrowKeyNotFoundException()

at System.Collections.Generic.Dictionary`2.get_Item(TKey key)

at Unify.Product.IdentityBroker.ExportProxy.EntryToModifyDNRequest(CSEntryChange entry)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()

at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)

at Unify.Product.IdentityBroker.ExtensionMethods.d__3`1.MoveNext()

at System.Linq.Enumerable.d__5`2.MoveNext()

at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)

at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)

at Unify.Product.IdentityBroker.BulkUpdateRequest.Send(Func`2 send, Func`2 recv)

at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)

at Unify.Product.IdentityBroker.ExportProxy.GetBulkRequestResult(BulkUpdateRequest request)

at Unify.Product.IdentityBroker.ExportProxy.BulkExportEntries(IList`1 csentries)

at Unify.Product.IdentityBroker.ExportProxy.Export(IList`1 csentries)

at Unify.Product.IdentityBroker.UnifyLdapConnector.PutExportEntries(IList`1 csentries)

Forefront Identity Manager 4.5.412.0"

0
Answered

LdapOperationException: Found multiple entities with the distinguished name

Hi, 

Unify.IdentityBroker.FIMAdapter.dll is generating error during a Delta import, but works fine with a Full Import:

The extensible extension returned an unsupported error.
The stack trace is:

"Unify.Product.IdentityBroker.LdapOperationException: Found multiple entities with the distinguished name 'CN=00******,OU=Staff,DC=IdentityBroker'.
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.d__30.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1749.0"

Each time the error occurs, it is a different user.

I have check in the UnifyBroker connector and adapter, there is only one entry for this user. I checked in ADSI, only one record as well.

There are 3 connectors plugged to UNIFYBroker, all connectors have already got this issue in the past.

The database is on a loadbalanced cluster.

Do you have any idea why this error occurs?

UNIFYBroker v.5.3.1 RC2

Unify.IdentityBroker.FIMAdapter.dll v5.3.0

Answer

Hi Anthony

This is a known issue with this release of Broker, not the MA. I recommend upgrading to the latest release, Broker v5.3.2 RTM, which contains the fix for this issue.

0

Write operation failed

Bob Bradley 6 months ago in UNIFYBroker/Microsoft Identity Manager updated 6 months ago 1

The following error appears in the IdB logs on an attempted full import from the employee OU:

Handling of LDAP search request from user mimuser on connection 127.0.0.1:50264 targeting OU=employees,DC=IdentityBroker with a scope of WholeSubtree failed with error "The write operation failed, see inner exception.". Duration: 00:01:25.7969304.

MIM MA Import fails with the standard "stopped-extension-dll-exception", but the event log reports a time-out:

The extensible extension returned an unsupported error.
The stack trace is:

"Unify.Product.IdentityBroker.LdapOperationException: Error during processing of SearchRequest targetting OU=employees,DC=IdentityBroker: Operation timed out while waiting for message queue with id of 13. ---> System.OperationCanceledException: Operation timed out while waiting for message queue with id of 13.
at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.d__29.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1459.0"
0
Duplicate

Full import returns only root node

Bob Bradley 6 months ago in UNIFYBroker/Microsoft Identity Manager updated 6 months ago 3

When running a FULL IMPORT on an IdB5.3.2 implentation I am getting data returned from only 2 of the 7 configured partitions - yet data is clearly visible for each of them via LDP, making me suspect an issue with the Broker for MIM component.  I have tried deleting and recreating run profiles, refreshing schema, reloading interfaces, and even creating a new instance of the MA - but still the same result.

There are no exceptions being logged for the full import (currently in VERBOSE mode).  As an example

  • The AREA adapter correctly returns 11 records, including the root container node (although the Total Entities count incorrectly shows as 0 on the Import job counter)
  • The COMPANIES adapter returns 1 record, being the container node only - despite all objects appearing correctly via LDAP.EXE.

Can I please have some urgent assistance to determine the root cause?

0
Not a bug

Unexpected-error when exporting data from MIM to UnifyBroker

Hi,

From UNIFYBroker 5.3.1 RC2, Active Directory accounts are created via the powershell connector.

MIM (4.4.1749) is exporting data to UnifyBroker. The user is created in AD with the correct AccountName.

There is no error in UnifyBroker Logs, but for each batch of users (5 at the moment), MIM is showing the error message: unexpected-error with the DN of the first user. After the creation of the user, the user doesn't appear in the Connector space. FI & FS are required to get them back and link the user in MIM.


Do you have any idea to remove this error in MIM for all executed batch? It seems to be a communication issue from UNIFYBroke to MIM.


Thanks.

Regards

0
Not a bug

MIM Connectivity Bug

I'm getting this error when I try to create an MA connecting to UNIFYBroker. I'm using MIM SP1 v4.4.1237.0.


I've just installed UnifyBroker v5.3.1 and then Identity Broker for FIM v5.0.4. I created SQL connectors and an adapter and created the LDAP User. I changed the port it uses to 8888. I copied the .dll into the FIM Extensions directory, selected extensible connectivity 2.0 and selected the .dll and the refresh interfaces works but on the next page, trying to auth with IdB I get the above error. There's nothing in event viewer. I get the same error if I enter the wrong credentials but a different error if I enter the wrong port. I also tried 127.0.0.1 instead of localhost and got the same error. I also tried port 59991 in case I should be connecting to the web service and got the same error.

0
Answered

Trigger event on delete from source

We are currently working with a datasource (via Broker to MIM) which only shows active users - there is no end-date field for us to trigger events on termination.

Is there a way to capture the record delete event in Broker and create an action based on that (i.e., write some field about the record to a log file, etc..)?

Thanks.

Answer

Hey Paul,

As discussed, a potential solution would be to hook up a new MA, that connects to the same UNIFYBroker Adapter. You could then configure this MA to remove its Connector Space objects when they are removed from the adapter, and join to your existing metaverse object. That way you have a record of who has been terminated and who hasn't - if they're terminated they'll exist in one MA, and if not terminated they'll exist in both.

You should be able to use this and a combination of some other logic to trigger your notifications and other requirements.

Let us know how it goes. As mentioned, I wouldn't recommend relying on the changelog table as a source of truth as the format could potentially change in future versions and it's not directly supported as a data source so we can't guarantee the integrity of the data.

0
Not a bug

Container not imported - completed-no-objects

Carol Wapshere 2 years ago in UNIFYBroker/Microsoft Identity Manager updated 2 years ago 4

I need to import the container from an empty adapter, but MIM is returning completed-no-objects and the container is not imported.

I have found another couple of Voice issues about this but both indicate the problem should already be fixed. I'm on IdB v5.2.1.

Answer

I've updated the page that I linked, there are a few things that need to be checked, see https://voice.unifysolutions.net/knowledge-bases/7/articles/3364-identity-broker-for-microsoft-identity-manager-configuration for details. I.e. importing the container object type; and also at least one attribute on that object type.

0
Answered

Does IdB v5.2 support Windows 2016

Rizwan Ahmed 2 years ago in UNIFYBroker/Microsoft Identity Manager updated 2 years ago 2

The best I could find was the link below;

https://voice.unifysolutions.net/knowledge-bases/7/articles/2920-identity-broker-installation-prerequisites

which does mention Window 2008 SP1 or later, but client’s question is specific to Windows 2016 testing and certification. To be honest I believe what they really mean is, are the following products tested to be supporting Windows 2016 by UNIFY. Or should they get the new server build on Windows 2012 2012 R2 64bit

  • UNIFY Identity Broker Service v5.2.1.0 RTM x64
  • UNIFY Identity Broker for Microsoft Identity Manager v5.1.0 RTM
  • UNIFY Identity Broker for Aurion v5.2.0 RC1

Thank You.

Answer

Hi Rizwan,

Identity Broker has been tested against all versions of Windows from 2008 SP1 and onwards, with most testing against 2016. I'll look at updating the page so that it's a little more clear.

If the client was actually referring to Microsoft certification, then no; the certification program is not available at the moment as it's being reworked.

Thanks.