Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Exports do not resolve object class and fail
Exports are currently failing with a null reference exception due to the fact the object class is not being properly resolved:
System.Exception: Error occurred when attempting to save entity with distinguished name
CN=100807,DC=CHRIS21-DEMO
Error:
Value cannot be null.
Parameter name: key
at System.Collections.Generic.Dictionary`2.FindEntry(TKey key)
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveAdapterBase`1.ConvertValues(String objectClass, IEnumerable`1 convertedValues) in S:\Hg\Product\IdentityBroker\IdentityBroker\Source\Adapter\Unify.IdentityBroker.Adapter.LDIF\LDIFToAdapterEntitySaveAdapterBase.cs:line 116
at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.GetConvertedValuesFromSchema(String objectClass, IEnumerable`1 values) in S:\Hg\Product\IdentityBroker\IdentityBroker\Source\Adapter\Unify.IdentityBroker.Adapter.LDIF\LDIFToAdapterEntitySaveChangeAdapter.cs:line 148
at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.<Transform>d__3.MoveNext() in S:\Hg\Product\IdentityBroker\IdentityBroker\Source\Adapter\Unify.IdentityBroker.Adapter.LDIF\LDIFToAdapterEntitySaveChangeAdapter.cs:line 118
at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) in S:\Hg\Product\IdentityBroker\IdentityBroker\Source\Adapter\Unify.IdentityBroker.Adapter.Remoting\LDIFAdapterBase.cs:line 244
at Unify.Product.IdentityBroker.LDIFAdapterServiceHostDecoratorBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) in S:\Hg\Product\IdentityBroker\IdentityBroker\Source\Service\Unify.IdentityBroker.Connect.Engine\LDIFAdapterServiceHostDecoratorBase.cs:line 57
at SyncInvokeExportChanges(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage41(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) in S:\Hg\Adapters\Microsoft.FIM\Master\Source\Unify.IdentityBroker.FIMAdapter\IdentityBrokerManagementAgent.cs:line 105
PartitionId error on adapter import
When attempting an adapter full import, the following error is appearing:
The given ColumnName 'PartitionId' does not match up with any column in data source.
System.Data.dll!System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServer(int columnCount) + 0x3f3 bytes
System.Data.dll!System.Data.SqlClient.SqlBulkCopy.WriteToServer(System.Data.DataTable table, System.Data.DataRowState rowState) + 0x134 bytes
> Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.ContainerContext.InsertItems(System.Collections.Generic.HashSet<Unify.Product.IdentityBroker.IContainer> addedItems, Unify.Product.IdentityBroker.Repository.ContainerDataContext sourceContext, System.Data.SqlClient.SqlConnection connection) Line 257 + 0x3f bytes C#
Unify.Framework.Data.dll!Unify.Framework.Data.LinqContextConversionBase<Unify.Product.IdentityBroker.IContainer,Unify.Product.IdentityBroker.Repository.ContainerDataContext,Unify.Product.IdentityBroker.Repository.Container,Unify.Framework.Data.IItemDeletionInformation>.SubmitChanges() Line 138 C#
Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.AdapterEntityContext.SubmitChangesBase(Unify.Product.IdentityBroker.Repository.EntityDataContext sourceContext, System.Data.SqlClient.SqlConnection connection) Line 94 + 0x20 bytes C#
Unify.Framework.Data.dll!Unify.Framework.Data.LinqContextConversionBase<Unify.Product.IdentityBroker.IAdapterEntity,Unify.Product.IdentityBroker.Repository.EntityDataContext,Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.Repository.IEntityItemDeletionInformation>.SubmitChanges() Line 140 C#
Unify.IdentityBroker.Entity.Repository.dll!Unify.Product.IdentityBroker.AdapterEntityPartitionUpdatableContextAdapter.SubmitChanges() Line 114 + 0x34 bytes C#
Unify.IdentityBroker.Adapter.dll!Unify.Product.IdentityBroker.GetAllEntitiesContainerHandler.UpdateGetAllEntitiesContainers.SubmitContainersTask(System.Collections.Generic.HashSet<Unify.Framework.IO.DistinguishedName> containers, Unify.Product.IdentityBroker.IContainerContext context) Line 109 + 0x34 bytes C#
Unify.IdentityBroker.Adapter.dll!Unify.Product.IdentityBroker.ContainerContextHandlerBase.SubmitContainersJobBase.RunBase() Line 128 + 0x1d bytes C#
Unify.Framework.Scheduling.Job.dll!Unify.Framework.JobBase.Run() Line 16 C#
Unify.Framework.Scheduling.Job.dll!Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(object state) Line 29 + 0x20 bytes C#
The full import file is successfully generated, so I believe this may only be preventing containers being added to the database or something to this effect. Yet to confirm negative impact.
Improve logging info for attributeValue errors
Bubble up the name/id of the transformation that caused the error so that it is easy for the layman to identify the cause of the problem.
20130411,07:34:24,Adapter get all entities for adapter failed.,Adapter,Warning,"Adapter get all entities for adapter 365e6a23-2e27-485f-a6e5-52ccd3347634 failed with reason Specified argument was out of the range of valid values. Parameter name: attributeValue. Duration: 00:00:05.3996214 Error details: System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. Parameter name: attributeValue at Unify.Framework.DistinguishedNameComponent..ctor(DNAttributeType attributeType, String attributeValue) at Unify.Framework.EntityFieldValueDistinguishedNameComponentGenerator`2.Transform(TEntity sourceValue) at Unify.Framework.EntityDistinguishedNameGenerator`2.<>c__DisplayClass3.<Transform>b__0(IEntityDistinguishedNameComponentGenerator`2 componentFactory) at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Framework.EntityDistinguishedNameGenerator`2.Transform(TEntity sourceValue) at Unify.Framework.AdapterEntity.Convert(IEntity source, Func`2 dnFactory, Func`2 classFactory) at Unify.Framework.Adapter.<GetTransformedEntities>b__7a(IEntity item) at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at Unify.Framework.EnumerableExtensions.<ActionOnFirst>d__1c`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.ActionOnExceptionEnumerator`1.MoveNext() at Unify.Framework.EnumerableExtensions.<ActionOnLast>d__16`1.MoveNext() at Unify.Framework.EnumerableStreamWriter`2.OnWriteBodyContents(Stream stream, IEnumerable`1 enumerable) at Unify.Framework.EnumerableStreamWriter`2.<>c__DisplayClass2.<.ctor>b__0(Stream stream) at Unify.Framework.LazyEvaluationStream.Evaluate(Object obj)",Normal
Connector polling imports break after an update export
After an item has been updated in a connector via an adapter, polling imports return errors saying the key has been duplicated:
Connector processing failed.
Connector Processing page 2 for connector chris21 DET failed with reason The key 100001 has been duplicated.. Duration: 00:00:00.3505859.
Error details:
System.ArgumentException: The key 100001 has been duplicated.
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue arg1)
at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashErrorTKey,TValue,TOriginal(IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IQueryable`1 sourceEntities, Guid connectorId, IEnumerable`1 originalEntities)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32 index, Int32 entitiesProcessedSoFar, Int32 totalNumberOfEntities, IEntityChangesReportGenerator`2 reportGenerator)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c_DisplayClass4.<PerformChangeDetection>b_0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
This was done using a composite adapter.
Confirming delta imports following exports return no changes in some cases
For singular and composite adapters, successful exports do not seem to result in changes being generated, as confirming delta imports return empty in some cases.
An entity that is present in two adapters that share the same base connector - The changes table shows a change for the entity, but the "AdapterId" it is using is only the first adapter in the list.
There also seems to be an issue with items changed in a composite adapter - a successful export does not get added to the changes table for the entity ID.
Parameter limit issue when updating multiple containers
The following error is thrown when a large number of containers are being updated:
An exception has occured whilst performing a job for adapter d5251d7d-05cc-4d35-916e-e99e06b9ffd3 job UpdateGetAllEntitiesContainers:
The incoming tabular data stream (TDS) remote procedure call (RPC) protocol stream is incorrect. Too many parameters were provided in this RPC request. The maximum is 2100.
This was found while configured SALES-230. Within a composite, I have an address and person connector. The address DNs are set up such that they are contained by the person object (eg. person CN=100001 with address CN=H,CN=100001). If the person objects are cleared and reimported, the attempt to update all the containers fails with the above error.
Only validate final adapter schema
The following error occurs when attempting to make use of a non-LDAP compliant named field, even when the field name will not be part of the final schema (in this case it's used in the dn generator):
System.ArgumentException: new_personid is not a valid LDAP attribute name Parameter name: attributeName at Unify.Product.IdentityBroker.AdapterEntityValueCollectionKey..ctor(String valueName) in c:\workspaces\DEV\IdentityBroker\Source\Entity\Unify.IdentityBroker.Entity.Interfaces\AdapterEntityValueCollectionKey.cs:line 46 at Unify.Product.IdentityBroker.AdapterEntityValueCollectionKey.op_Implicit(String field) in c:\workspaces\DEV\IdentityBroker\Source\Entity\Unify.IdentityBroker.Entity.Interfaces\AdapterEntityValueCollectionKey.cs:line 176 at Unify.Connect.Web.AdapterController.SaveFieldDNGenerator(FieldDNComponentGeneratorViewInformation viewInformation) in c:\workspaces\DEV\IdentityBroker\Source\Studio\Unify.Connect.Web\Controllers\AdapterController.cs:line 1444 at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
The schema shouldn't validate this here, especially when the field is only being used in a dn generator.
Identity Broker 4.0
I have a few thoughts around Identity Broker based on relatively recent interactions with the product. Hopefully I won't have doubled up too much with others or missed functionality that might already be there.
COMMON TRANSFORMATIONS
Over time I have seen quite a bit of work needing to be done in SQL to prepare or cleanse data prior to Broker (or straight ILM) being involved. This may just be simple views or complex changes. Currently views need to be developed still with Broker when things could perhaps be solved with a few common simple transformations such as:
- Trimming leading and / or trailing spaces
- Case changes (toupper, tolower)
DATA LOADING and management
- Ability to specify a query (akin to a SQL view definition) when retrieving data from a SQL repository)
- Ability to archive / age data out of the store so the connector space is reduced (e.g. if a record is inactive for more than 90 days don't present through to the adapter interface)
INTERFACE and OPERATIONAL MANAGEMENT
- Ability search for individual records rather than having to return all adaper or connector space records
- More visibility of teh transformations (I think this has already been referenced but thought I would support it)
- Better scheduling. We need to be able to schedule daily and time based delta and full loads. i.e. akin to what is being delivered with the newer Event Broker.
- Timing: Please at least let us work in seconds (and minutes and hours) rather than "ticks"
- Better visibility around what is happenning and what is in the data repository
I am sure there are a few others, but this is a start.
thanks,
Craig Gilmour
Auto-configuration for connectors and adapters.
To achieve similar configuration speed/ease benefits of Event Broker v3.1, an auto-configuration process should be considered for Identity Broker v4.1.
This issue has an explicit prerequisite for IDB-932, as being able to talk to target systems will be a prerequisite to describe their object classes.
Unlike FIM Event Broker where we have to ask a number of questions about each management agent, we could describe the partitions of a Chris21 or TRIM etc. in a standard manner. This means no custom UI per instance.
Definitions of connectors are much closer to schema providers, namely many connectors can be described by dynamic/static unique identifiers. Those that can't could be described away with bespoke Alerts.
With our definitions of connectors defined in concrete, we can systematically define standard adapters. Whether they're standard would be debatable, but they would at least be a backbone for the implementation, and hopefully get us the 80/20.
LDAP Client cannot add entity if DN Template uses IdBID
If a adapter DN template is generated using the IdBID, a LDAP client cannot add entities as the add request requires a DN, which includes a new guid value, however the IdBID is still generated for the entities creation. This means the DN supplied doesn't match the newly created entities generated DN, resulting in the following error.
Handling of LDAP add request. Handling of LDAP add request from user Admin on connection 192.168.16.54:53591 to add an entity with a distinguished name of UID=EA866F73-1AFD-483C-9D8B-37DE4A982A38,OU=childCon,DC=IdentityBroker failed with error "Add request failed as the converted DN UID=7f30b4c7-dd4d-4aef-9200-ee9570282069,OU=childCon,DC=IdentityBroker does not match the request DN UID=EA866F73-1AFD-483C-9D8B-37DE4A982A38,OU=childCon,DC=IdentityBroker.". Duration: 00:00:00.0250182.
Customer support service by UserEcho
