Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Completed

LDAP subschema or shared attributes

Adam van Vliet 9 years ago updated by anonymous 9 years ago 1

To better accommodate large deployments or deployments consolidating many copies of the same system, allow either or both of the following:

  • Support subschema;
  • Allow attributes with the same configuration to be shared.
0
Fixed

Adding an entity which fails validation leaves an entry in the LDAP entity cache

Curtis Lusmore 9 years ago updated by anonymous 9 years ago 2

Adding an entity via the LDAP endpoint which fails schema validation leaves an entry in the entity cache with the requested DN. This means that a second attempt to add the entity that should succeed will instead fail saying the entity already exists. Consider any other conditions that might result in a non-existing entity remaining in the entity cache and verify that they are handled correctly.

0
Answered

Identity Broker Change Detection Failing Due to MS DTC

Richard Courtenay 12 years ago updated by anonymous 9 years ago 7

I'm having trouble overcoming the below issue which so far has appeared once or twice in the newly set up production system. I noticed this after being informed that a change made in CPAL had not been flown into FIM and other systems. Looking in the logs, there was one or two occurances of the below error.

20120703,02:37:01,Connector Processing started.,Connector Processor,Information,Connector Processing started for connector CPAL Person (page 1),Normal
20120703,02:37:02,Connector processing success.,Connector Processor,Information,"Processing page 1 for connector CPAL Person processed 277 entities, finding 2 differences. Duration: 00:00:01.2031712",Normal
20120703,02:37:02,Connector Post Processing started.,Connector Processor,Information,Connector Post Processing started for connector CPAL Person. Processed Entities: 227,Normal
20120703,02:37:02,Connector Post Processing success.,Connector Processor,Information,Connector Post Processing completed for connector CPAL Person. Processed Entities: 227. Matching Entities: 0. Reported Changes: 0. Duration: 00:00:00.1718816,Normal
20120703,02:37:02,Change detection engine import all items completed.,Change detection engine,Information,Change detection engine import all items for connector CPAL Person completed. Duration: 00:00:01.7500672,Normal
20120703,02:37:05,Started processing changes register items.,Change detection engine,Information,Started processing changes register items for connector CPAL Person.,Normal
20120703,04:07:05,Changes register item processing on failed.,Change detection engine,Warning,"Changes register item processing on connector CPAL Person failed with reason Communication with the underlying transaction manager has failed.. Duration: 00:00:00.0625024
Error details:
System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B)
   at System.Transactions.Oletx.IDtcProxyShimFactory.ReceiveTransaction(UInt32 propgationTokenSize, Byte[] propgationToken, IntPtr managedIdentifier, Guid& transactionIdentifier, OletxTransactionIsolationLevel& isolationLevel, ITransactionShim& transactionShim)
   at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken)
   --- End of inner exception stack trace ---
   at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken)
   at System.Transactions.TransactionStatePSPEOperation.PSPEPromote(InternalTransaction tx)
   at System.Transactions.TransactionStateDelegatedBase.EnterState(InternalTransaction tx)
   at System.Transactions.EnlistableStates.Promote(InternalTransaction tx)
   at System.Transactions.Transaction.Promote()
   at System.Transactions.TransactionInterop.ConvertToOletxTransaction(Transaction transaction)
   at System.Transactions.TransactionInterop.GetExportCookie(Transaction transaction, Byte[] whereabouts)
   at System.Data.SqlClient.SqlInternalConnection.GetTransactionCookie(Transaction transaction, Byte[] whereAbouts)
   at System.Data.SqlClient.SqlInternalConnection.EnlistNonNull(Transaction tx)
   at System.Data.ProviderBase.DbConnectionInternal.ActivateConnection(Transaction transaction)
   at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()
   at System.Data.SqlClient.SqlBulkCopy.CreateOrValidateConnection(String method)
   at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServer(Int32 columnCount)
   at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState)
   at Unify.Repository.ChangesItemContext.InsertItems(HashSet`1 addedItems, ChangesRegisterDataContext sourceContext, SqlConnection connection)
   at Unify.Data.LinqContextConversionBase`4.SubmitChanges()
   at Unify.Framework.BaseConnectorAdapterTransformationChangeProcessor.ProcessChangeReport(IDictionaryTwoPassDifferenceReport`4 changesReport, DateTime changeProcessTime)
   at Unify.Framework.ChangeReportProcessor.<>c__DisplayClassc.<ProcessCurrentReport>b__b(ITransformationChangeProcessor processor)
   at Unify.Framework.Visitor.<>c__DisplayClass1`1.<Visit>b__0(T item, Int32 index)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor)
   at Unify.Framework.ChangeReportProcessor.ProcessCurrentReport(IEnumerable`1 adapterTransformationProcessors, IDictionaryTwoPassDifferenceReport`4 differenceReport, DateTime changeTime)
   at Unify.Framework.ChangeReportProcessor.CreateAndProcessReport[T](IEnumerable`1 adapterTransformationProcessors, IEnumerable`1 sourceEnumerable, DateTime changeTime, Action`2 addAction)
   at Unify.Framework.ChangeReportProcessor.ProcessReport(IChangeReportProcessingRequest request)
   at Unify.Framework.Visitor.<>c__DisplayClass1`1.<Visit>b__0(T item, Int32 index)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor)
   at Unify.Framework.ChangeReportProcessor.RunBase()
   at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal

On the SQL Server System (a different virtual system), the below appears in the event log

Event 4879, MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system DSCSQL1.

DSCSQL1 is the database server and the system where the above error appeared.

MSDTC is enabled on both the SQL Server and the Identity Broker systems with "Network DTC Access", "Allow Inbound" and "Allow Outbound" are enabled. The same set up appeared in test.

I didn't see this issue in the test environment, I'm sure there is an environmental reason for it but I'm not sure what that is. After the error above Identity Broker appears to run along just fine, however updates may not have been made in the source system since the one above occurred.

0
Completed

Schema row update commit multiple rows

Adam van Vliet 10 years ago updated by anonymous 9 years ago 1

From PRODUCT-372, to update the connector schema following a change on the UI, a new button should be added that performs the task of submitting all of the individual JavaScript buttons that appear (that update an individual row in the schema). The new button could appear next to the buttons at the top of schema, using the events that are already in place for the schema. The button click could potentially just call the submit method for each of the schema row buttons that are visible.

0
Answered

How to create a Composite Adapter in IdB 4

Carol Wapshere 12 years ago updated by anonymous 9 years ago 5

I got a direct connector -> adapter relationship working with IdB 4, the MA installed and data came into FIM Sync. Nice and easy!

Now I want to add an extra table on the chris21 side so I want a composite adpater but can't see how you create one. Under "Composite Adapter" I just have buttons for "Compare Adapters" and "Delete Adapters".

Otherwise it's looking very good. Just a minor layout comment - when you create a transformation the Field drop-down is very narrow so hard to see the full column names.

0
Fixed

New dropdown doesn't show full value name

Matthew Clark 13 years ago updated by anonymous 9 years ago 4

The new dropdown is great but if you have a longer field name, you can't see the full name for the selected value. See the attached screenshot from the Copy transformation where "EmployeeID" is selected. This could be problematic for schemas with lots of fields starting with the same characters.


Small dropdown.png
0
Fixed

MVC-mini-profiler causes response header to be too large

Adam van Vliet 10 years ago updated by anonymous 9 years ago 0

Components:

  • MVC-mini-profiler;
  • Identity Broker management studio.

Reproduce, either:

  • Attach the debugger (this triggers the profiler to start) and leave Identity Broker running long enough and then try to use the UI using a browser that has a small header limit size (e.g. Chrome); OR
  • Use fiddler/curl to hit Identity Broker UI, notice how large X-MiniProfiler-Ids is.

The issue is caused by the mvc-mini-profiler not clearing out it's cache of profiled operations:

Whilst fixing this issue, make sure that all operations are covered by the profiler (it's done in a decorator).

Thanks.

0
Answered

Error during idB5 import

Ryan Crossingham 9 years ago updated by anonymous 9 years ago 10

Hi Product team!

I'm not sure if this is the best place to be adding in support request seeing as though these have now been moved to VSO. If you would like me to add remove this issue and repost, please let me know.

Currently importing an LDAP Group (Powershell connector) into FIM - Nothing crazy on the transforms and receiving the following error on import

 "Unify.Product.IdentityBroker.LdapOperationException: Internal Server Error #11: Sequence contains more than one element
   at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
   at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__6.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
   at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
   at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__0`1.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.1.3646.0"

Please see attached connector and adapter config

This error sounds as though it could be data related - If you require additional logging on the clients data set please let me know.


Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml
UnifyLog20150928.csv
0
Answered

Error when provisioning to Broker - MV attributes

Peter Wass 13 years ago updated by anonymous 9 years ago 4

I am currently provisioning to a placeholder connector and am receiving the error below. None of the multivalue attributes have data in them as part of the initial provisioning. Any ideas?

Error:
System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: Index was outside the bounds of the array. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.IndexOutOfRangeException: Index was outside the bounds of the array.
at Unify.Repository.EntityExpressionQueryVisitor`3.CreateMultiValueRangeExpression(IMultiKey`1 multiKey, IEnumerable`1 sourceValueList, IQueryable`1 sourceQueryable)
at Unify.Repository.EntityExpressionQueryVisitor`3.VisitMethodWhereWithMultiValueEnumerableContains(MethodCallExpression expression)
at Unify.Repository.EntityExpressionQueryVisitor`3.VisitMethodCall(MethodCallExpression m)
at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp)
at Unify.Framework.LinqContextConversionExpressionVisitorBase`5.ConvertExpression(Expression partitionExpression)
at Unify.Framework.LinqQueryConversionProvider`5.GetOrderedQuery(Expression businessExpression, IQueryable`1 sourceQueryable, TContext sourceContext)
at Unify.Framework.LinqWhereQuery`5.EvaluateQuery(TContext context)
at Unify.Framework.LinqWhereQuery`5...).

The connector config is:

<connector connector="Unify.Connectors.Placeholder"  id="{5034C1B2-1121-49bc-BF05-D72F6B738833}" name="Cisco Placeholder Connector">
          <entitySchema>
			<!-- user fields -->
            <field name="userid" validator="string" />
            <field name="firstname" validator="string"  />
            <field name="middlename" validator="string" />
            <field name="lastname" validator="string" />
            <field name="manager" validator="string" />
            <field name="department" validator="string" />
            <field name="telephoneNumber" validator="string" />
            <field name="status" validator="int" />
	    <field name="associatedDevices" validator="string.multi" />
	    <!-- device fields -->
            <field name="device-profileId" validator="guid"/>
            <field name="device-name" validator="string" />
            <field name="device-product" validator="string" />
            <field name="device-model" validator="string" />
            <field name="device-class" validator="string" />
            <field name="device-protocol" validator="string" />
            <field name="device-securityProfileName" validator="string" />
            <field name="device-description" validator="string" />
            <field name="device-lines" validator="guid.multi" />
            <!-- line fields -->
            <field name="line-uuid" validator="guid" />
            <field name="line-pattern" validator="string" />
            <field name="line-description" validator="string" />
            <field name="line-usage" validator="string" />
            <field name="line-aarVoiceMailEnabled" validator="boolean" />
            <field name="line-voiceMailProfileId" validator="guid" />
	    <!-- voicemail fields -->			
	    <field name="voicemail-uuid" validator="guid" />
            <field name="voicemail-name" validator="string" length="50" />
            <field name="voicemail-description" validator="string" length="50" />
            <field name="voicemail-isDefault" validator="boolean" />
            <field name="voicemail-voiceMailboxMask" validator="string" />
          </entitySchema>
0
Answered

How to configure Adapter's DN with the attribute name containing the underscore, "_" character

Shane Lim 14 years ago updated by anonymous 9 years ago 7

All the fields name for all the SQL tables at client site (ACG CEO) contains the underscore, "_" character.

When configuring DN (<dnComponent>) for Empower Adapter to specify the attribute (field) hr_empl_code the Identity Broker service could not start.

The following error is generated:

og Name:      Application
Source:        The following error in Adapters occurred during start of the server: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName
Date:          2/17/2011 3:01:36 PM
Event ID:      0
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      w2k8r2x64-fim.fim.uns.com
Description:
Error occurred in module: Adapters

The following error occurred: 
System.ArgumentException: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName
   at Unify.Framework.AdapterEntityValueCollectionKey..ctor(String valueName)
   at Unify.Framework.AdapterEntityValueCollectionKey.op_Implicit(String field)
   at Unify.Framework.AdapterEntityDistinguishedNameGeneratorXmlGenerator.ConvertKey(String value)
   at Unify.Framework.EntityFieldValueDistinguishedNameComponentGeneratorFactory`2.CreateComponentGenerator(XElement factoryInformation, DNAttributeType attributeType)
   at Unify.Framework.EntityDistinguishedNameComponentGeneratorXmlFactoryBase`2.CreateComponent(XElement factoryInformation)
   at Unify.Framework.PlugInGeneratorBase`4.CreateComponent(TFactoryInfo factoryInformation)
   at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.<>c__DisplayClass1.<CreateComponent>b__0(XElement dnComponentElement)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source)
   at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.CreateComponent(XElement factoryInformation)
   at Unify.Framework.GenericEntityDistinguishedNameGeneratorXmlGenerator.CreateComponent[TKey,TEntity]()
   at Unify.Framework.AdapterConfigurationFactory.CreateComponent(XElement factoryInformation)
   at Unify.Framework.AdapterConfigurationGenerator.<>c__DisplayClass4.<CreateComponent>b__1(XElement configurationElement)
   at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Framework.AdapterConfigurationGenerator.CreateComponent(XElement factoryInformation)
   at Unify.Framework.AdapterEngine.Start()
   at Unify.Framework.UnifyEngine.Start()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="The following error in Adapters occurred during start of the server: hr_empl_code is not a valid LDAP attribute name&#xD;&#xA;Parameter name: attributeName" />
    <EventID Qualifiers="0">0</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-02-17T04:01:36.000000000Z" />
    <EventRecordID>15370</EventRecordID>
    <Channel>Application</Channel>
    <Computer>w2k8r2x64-fim.fim.uns.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Error occurred in module: Adapters

The following error occurred: 
System.ArgumentException: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName
   at Unify.Framework.AdapterEntityValueCollectionKey..ctor(String valueName)
   at Unify.Framework.AdapterEntityValueCollectionKey.op_Implicit(String field)
   at Unify.Framework.AdapterEntityDistinguishedNameGeneratorXmlGenerator.ConvertKey(String value)
   at Unify.Framework.EntityFieldValueDistinguishedNameComponentGeneratorFactory`2.CreateComponentGenerator(XElement factoryInformation, DNAttributeType attributeType)
   at Unify.Framework.EntityDistinguishedNameComponentGeneratorXmlFactoryBase`2.CreateComponent(XElement factoryInformation)
   at Unify.Framework.PlugInGeneratorBase`4.CreateComponent(TFactoryInfo factoryInformation)
   at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.&lt;&gt;c__DisplayClass1.&lt;CreateComponent&gt;b__0(XElement dnComponentElement)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source)
   at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.CreateComponent(XElement factoryInformation)
   at Unify.Framework.GenericEntityDistinguishedNameGeneratorXmlGenerator.CreateComponent[TKey,TEntity]()
   at Unify.Framework.AdapterConfigurationFactory.CreateComponent(XElement factoryInformation)
   at Unify.Framework.AdapterConfigurationGenerator.&lt;&gt;c__DisplayClass4.&lt;CreateComponent&gt;b__1(XElement configurationElement)
   at System.Linq.Enumerable.&lt;&gt;c__DisplayClass12`3.&lt;CombineSelectors&gt;b__11(TSource x)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Framework.AdapterConfigurationGenerator.CreateComponent(XElement factoryInformation)
   at Unify.Framework.AdapterEngine.Start()
   at Unify.Framework.UnifyEngine.Start()</Data>
  </EventData>
</Event>

The sample Empower Adapter configuration is

<AdapterEngine>
	<!-- Adapter configuration for Empower Person -->
	<AdapterEngineConfigurations>
		<!-- Adapter configuration for Empower Person consist of Person and Position Connectors -->
		<AdapterConfiguration BaseConnectorId="{862A68B4-377C-41b5-AFB9-2A705076285F}"
							AdapterId="{706D4F9A-D291-43CB-9A24-3467DE6B588A}"
							AdapterName="Empower Person Adapter" 
							class="person" >
			<dn>
				<dnComponent name="Field" key="hr_empl_code" attributeType="UID" />
			</dn>
			<adapterEntityTransformationFactory name="ChainList">
				<!-- Renaming (mapping) the Person connector attributes for the Person connector -->
				<adapter name="Move" >
					<columnMappings>
						<columnMapping TargetAttribute="EmployeeCode" SourceAttribute="hr_empl_code" />
						<columnMapping TargetAttribute="MonthNumb" SourceAttribute="hr_mnth_numb" />
						<columnMapping TargetAttribute="StatusCode" SourceAttribute="hr_stus_code" />
						<columnMapping TargetAttribute="StatusDate" SourceAttribute="hr_stus_date" />
						<columnMapping TargetAttribute="StatusDati" SourceAttribute="hr_stus_dati" />
						<columnMapping TargetAttribute="Surname" SourceAttribute="hr_empl_surn" />
						<columnMapping TargetAttribute="GivenName" SourceAttribute="hr_empl_givn" />
						<columnMapping TargetAttribute="EmployeeName" SourceAttribute="hr_empl_name" />
						<columnMapping TargetAttribute="EmployeeTitle" SourceAttribute="hr_empl_title" />
						<columnMapping TargetAttribute="EmailAddress" SourceAttribute="hr_email_adr" />
						<columnMapping TargetAttribute="Mobile" SourceAttribute="hr_mobile_ph" />
						<columnMapping TargetAttribute="PreferredName" SourceAttribute="hr_pref_name" />
						<columnMapping TargetAttribute="NoneFlag" SourceAttribute="hr_none_flag" />
					</columnMappings>
				</adapter>
			</adapterEntityTransformationFactory>
			<image>omitted-for-brevity</image>
		</AdapterConfiguration>
	</AdapterEngineConfigurations>
</AdapterEngine>

Could you please advise me how I could specify the DN?

The Empower Connector and Adapter configuration file attached.


AdapterEngine.extensibility.config.xml
ConnectorEngine.extensibility.config.xml