Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
IDB Renames - Multiple Successive Renames on the same object fail on the second FIM confirming import.
Hey Guys,
I've uncovered a new issue with IDB in regards to renames.
This issue occurs when multiple renames are perfomed on the same object. I've performed a significant ammount of testing and analysis on this issue, which i'll explain in detail below, but in each case, after the second rename, the confirming import in FIM produces one or more need-full-object errors. I also believe I have determined where the issue is being produced.
In most cases, this is the general procedure for producing the issue:
1. Rename user (uid) in Active directory and produce a Provisioning Rename for Export to TAM.
2. Export rename to TAM (Successfull)
3. FIM Delta Import confirms rename. (Successfull)
4. Rename same user again in AD.
5. Export rename to TAM (Successfull)
6. FIM Delta Import - need-full-object error produced.
In each case the rename is successfully exported to TAM, and i have confirmed that in all cases the Modify Anchor method on the connector is being hit.
These are the cases tested, and the results:
(All UNIFYDelta files for these cases are in the attached ZIP)
1. - Rename user cladn3 to cladn30, and then rename back to cladn3.
2nd Import Result - need-full-object error produced on cladn3
2. - Rename user kxhep0 to kxhep50, and then rename again to kxhep70.
2nd Import Result - need-full-object errors produced on both kxhep70, and kxhep0
3. - Rename user uxngt0 to uxngt05. Perform an IDB full import, then rename user back to uxngt0.
2nd Import Result - need-full-object error produced on uxngt0
4. - Rename user ulgni1 to ulgni10. Perform a FIM full import, then rename user back to ulgni1.
2nd Import Result - need-full-object error produced on ulgni1
5. - Rename user ugfen1 to ugfen10. Perform an IDB & FIM full import, then rename user back to ugfen1.
2nd Import Result - need-full-object error produced on ugfen1
6. - Rename user bxttt0 to bxttt05. Drop IDB Connector Partition and FIM CS, then Reimport. Rename user back to bxttt0.
2nd Import Result - Rename successfull.
The need-full-object error is defined here: http://support.microsoft.com/kb/818559
We've seen this error before on QDET-156, and it occurs when an update operation is attempted on an object before the object is sucessfully renamed. The rename is completed by the presence of a moddn operation in the delta ldif file. Until this operation is processesd, the object in FIM retains it's original DN.
In viewing the UNIFYDelta ldif files produced on the second confirming import, the issue becomes apparant.
In the cases where the uid was changed back, no moddn entry is present to confirm the rename. Updates present for the object fail with the error as explained above.
In case 2, where the uid was renamed again to a different uid, the ldif file did contain a moddn, but it was incorrect. As above in this case, the first rename was from kxhep0 to kxhep50, and the second from kxhep50 to kxhep70. The second moddn (see below) was trying to rename from kxhep0 to kxhep70.
The moddn for the first rename in this case looked like this:
dn: UID=kxhep0,CN=Users,DC=DET,DC=QLD,DC=GOV,DC=AU
changetype: moddn
newrdn: UID=kxhep50
deleteoldrdn: 1
newsuperior: CN=Users,DC=DET,DC=QLD,DC=GOV,DC=AU
This is correct, and the rename was successful.
The second rename:
dn: UID=kxhep0,CN=Users,DC=DET,DC=QLD,DC=GOV,DC=AU
changetype: moddn
newrdn: UID=kxhep70
deleteoldrdn: 1
newsuperior: CN=Users,DC=DET,DC=QLD,DC=GOV,DC=AU
This is incorrect, as it is trying to rename from kxhep0 to kxhep70, but at this point in FIM, the DN is kxhep50.
After seeing this error, i performed some analysis on the database to monitor the status of the records around a simlilar operation. In this case i renamed a user from uxnnt3 to uxnnt30, and then to uxnnt31.
The results of this trace are in the attached excel sheet, but i was able to note that throught all of the exports and imports, the DN field on the entity table remained unchanged from it's initial state.
The fact that this field is not being updated explains all of the above issues. When the uid is being renamed as in case 2, it produces a moddn from the DN present, to the required DN. In cases where the uid is being changed back, as it allready has the same value in the DN field, it does not produce a moddn as assumes none is required.
It looks like this field is used to create the moddn entry, particularly in specifying the current DN of the object. On the second rename, the moddn entry is produced incorrectly, as the DN was not updated after the first rename. The result of this is that the rename is not confirmed on the FIM import, and remains in the state of awaiting export confirmation.
To summarise all of the above, i've confirmed that on rename operations within IDB, the DN field of the entity table is not updated to reflect the new DN of an object. The result of this causes issues when creating the moddn entries after a second object rename.
Rename Issue Data.zip
SQL Check.xlsx
Unify.Framework.Adapter.dll
Connector Schema multi-select deletes
Multiple rows should be able to be selected for deletion on the connector schema. Possibly use a similar mechanism to add text boxes as is used for the connector/adapter pages.
High memory consumption when change detection affects large datasets
QDET-194 shows that if a relational change affects a large data set, memory consumption can grow quite high and result in OutOfMemory exceptions. Changes should be made to the transformation contributions such that they do not load all potential matches immediately into memory.
Add support for relationships between location objects.
Add the ability to create, read, update and delete all of the possible associations (i.e. "member of", "supervised by", "supervisor of", "delegate of", "has delegates", and "administrator of").
See comment on IDBTRIM-3 for further details.
default Identity column to read only
When creating SQL connector: If there is an IDENTITY column in schema and 'IDENTITY_INSERT' is set to 'OFF' (not sure if it is possible to query table for current IDENTITY_INSERT config), create the attribute as read only.
When it is not read only, the error below is reported.
Cannot insert explicit value for identity column in table 'FIMEmployee' when IDENTITY_INSERT is set to OFF.
Http Communicator advanced settings moved over in IE9
See screenshot. This occurred when the Advanced Settings view was enabled on the initial update step.
Advanced Settings Indented IE 9.png
Items with null key values fail to save to connector context
When entities with null keys are exported (as in the case initially for SharePoint Org Profile), they fail to save to the connector context. This leaves Identity Broker in a state where the item exists in the connected system but not the connector context. Error message as follows:
Value cannot be null.
Parameter name: item
> Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.EntityLinqQueryExecutorInformation<Unify.Framework.Collections.GroupedNameValueCollectionKey>.AddValue(System.Guid searchGuid, Unify.Framework.Collections.GroupedNameValueCollectionKey keyValue, Unify.Framework.IValue item, int columnSequence, int valueSequence, Unify.Product.IdentityBroker.Repository.IEntityCollectionKeyUtility<Unify.Framework.Collections.GroupedNameValueCollectionKey> collectionKeyUtility) Line 151 C#
Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.IEntity,Unify.Framework.Collections.GroupedNameValueCollectionKey>.CreateMultiValueRangeExpression.AnonymousMethod__16(Unify.Framework.MultiKeyValue itemValue, int itemValueIndex) Line 575 + 0x155 bytes C#
Unify.Framework.DesignPatterns.dll!Unify.Framework.Visitor.Visit<Unify.Framework.MultiKeyValue>(System.Collections.Generic.IEnumerable<Unify.Framework.MultiKeyValue> visitCollection, System.Action<Unify.Framework.MultiKeyValue,int> visitor) Line 48 C#
Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.IEntity,Unify.Framework.Collections.GroupedNameValueCollectionKey>.CreateMultiValueRangeExpression.AnonymousMethod__15(Unify.Framework.Collections.GroupedNameValueCollectionKey key, int keyIndex) Line 571 + 0x9f bytes C#
Unify.Framework.DesignPatterns.dll!Unify.Framework.Visitor.Visit<Unify.Framework.Collections.GroupedNameValueCollectionKey>(System.Collections.Generic.IEnumerable<Unify.Framework.Collections.GroupedNameValueCollectionKey> visitCollection, System.Action<Unify.Framework.Collections.GroupedNameValueCollectionKey,int> visitor) Line 48 C#
Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.IEntity,Unify.Framework.Collections.GroupedNameValueCollectionKey>.CreateMultiValueRangeExpression(Unify.Product.IdentityBroker.IMultiKey<Unify.Framework.Collections.GroupedNameValueCollectionKey> multiKey, System.Collections.Generic.IEnumerable<Unify.Framework.MultiKeyValue> sourceValueList, System.Linq.IQueryable<Unify.Product.IdentityBroker.Repository.Entity> sourceQueryable) Line 570 + 0xff bytes C#
Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.VisitMethodWhereWithMultiValueEnumerableContains<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.IEntity,Unify.Framework.Collections.GroupedNameValueCollectionKey>.Transform(System.Linq.Expressions.MethodCallExpression expression) Line 76 + 0x3a bytes C#
Unify.IdentityBroker.Entity.Repository.Sql.dll!Unify.Product.IdentityBroker.Repository.EntityExpressionQueryVisitor<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.IEntity,Unify.Framework.Collections.GroupedNameValueCollectionKey>.VisitMethodCall(System.Linq.Expressions.MethodCallExpression m) Line 367 + 0x50 bytes C#
Unify.Framework.Linq.dll!Unify.Framework.ExpressionVisitorBase<System.Linq.Expressions.Expression,System.Linq.Expressions.MemberBinding,System.Linq.Expressions.ElementInit,System.Collections.ObjectModel.ReadOnlyCollection<System.Linq.Expressions.Expression>,System.Linq.Expressions.MemberAssignment,System.Linq.Expressions.MemberMemberBinding,System.Linq.Expressions.MemberListBinding,System.Collections.Generic.IEnumerable<System.Linq.Expressions.MemberBinding>,System.Collections.Generic.IEnumerable<System.Linq.Expressions.ElementInit>,System.Linq.Expressions.ParameterExpression,System.Linq.Expressions.NewExpression>.Visit(System.Linq.Expressions.Expression exp) Line 177 + 0x41 bytes C#
Unify.Framework.Data.dll!Unify.Framework.Data.LinqContextConversionExpressionVisitorBase<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,System.Linq.IQueryable<Unify.Product.IdentityBroker.IEntity>,Unify.Product.IdentityBroker.Repository.IEntityLinqQueryExecutorInformation<Unify.Framework.Collections.GroupedNameValueCollectionKey>,Unify.Product.IdentityBroker.Repository.EntityDataContext>.ConvertExpression(System.Linq.Expressions.Expression partitionExpression) Line 96 + 0x22 bytes C#
Unify.Framework.Data.dll!Unify.Framework.Data.LinqQueryConversionProvider<Unify.Product.IdentityBroker.Repository.Entity,Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.Repository.IEntityLinqQueryExecutorInformation<Unify.Framework.Collections.GroupedNameValueCollectionKey>,Unify.Product.IdentityBroker.Repository.EntityDataContext,System.Data.SqlClient.SqlConnection>.GetOrderedQuery(System.Linq.Expressions.Expression businessExpression, System.Linq.IQueryable<Unify.Product.IdentityBroker.Repository.Entity> sourceQueryable, Unify.Product.IdentityBroker.Repository.EntityDataContext sourceContext) Line 44 + 0x7f bytes C#
Unify.Framework.Data.dll!Unify.Framework.Data.LinqWhereQuery<Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.Repository.IEntityLinqQueryExecutorInformation<Unify.Framework.Collections.GroupedNameValueCollectionKey>,Unify.Product.IdentityBroker.Repository.EntityDataContext,Unify.Product.IdentityBroker.Repository.Entity,System.Data.SqlClient.SqlConnection>.EvaluateQuery(Unify.Product.IdentityBroker.Repository.EntityDataContext context) Line 172 + 0x96 bytes C#
Unify.Framework.Data.dll!Unify.Framework.Data.LinqWhereQuery<Unify.Product.IdentityBroker.IEntity,Unify.Product.IdentityBroker.Repository.IEntityLinqQueryExecutorInformation<Unify.Framework.Collections.GroupedNameValueCollectionKey>,Unify.Product.IdentityBroker.Repository.EntityDataContext,Unify.Product.IdentityBroker.Repository.Entity,System.Data.SqlClient.SqlConnection>.GetEnumerator() Line 92 + 0x10 bytes C#
System.Core.dll!System.Linq.Enumerable.ToDictionary<Unify.Product.IdentityBroker.IEntity,Unify.Framework.MultiKeyValue,System.Guid>(System.Collections.Generic.IEnumerable<Unify.Product.IdentityBroker.IEntity> source, System.Func<Unify.Product.IdentityBroker.IEntity,Unify.Framework.MultiKeyValue> keySelector, System.Func<Unify.Product.IdentityBroker.IEntity,System.Guid> elementSelector, System.Collections.Generic.IEqualityComparer<Unify.Framework.MultiKeyValue> comparer) + 0xc8 bytes
System.Core.dll!System.Linq.Enumerable.ToDictionary<Unify.Product.IdentityBroker.IEntity,Unify.Framework.MultiKeyValue,System.Guid>(System.Collections.Generic.IEnumerable<Unify.Product.IdentityBroker.IEntity> source, System.Func<Unify.Product.IdentityBroker.IEntity,Unify.Framework.MultiKeyValue> keySelector, System.Func<Unify.Product.IdentityBroker.IEntity,System.Guid> elementSelector) + 0x5a bytes
Unify.IdentityBroker.Entity.Repository.dll!Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntities(System.Collections.Generic.IEnumerable<Unify.Product.IdentityBroker.IConnectorEntity> connectorEntities, Unify.Product.IdentityBroker.IMultiKey<Unify.Framework.Collections.GroupedNameValueCollectionKey> schemaKey, System.Linq.IQueryable<Unify.Product.IdentityBroker.IEntity> sourceEntities, System.Guid connectorId, System.Collections.Generic.IEnumerable<Unify.Product.IdentityBroker.IEntity> wellKnownEntities) Line 55 + 0x28 bytes C#
Unify.IdentityBroker.ChangeDetection.dll!Unify.Product.IdentityBroker.EntityChangeDetector.ProcessConnectorChangedEntities(System.Guid connectorId, System.Collections.Generic.IEnumerable<Unify.Product.IdentityBroker.IConnectorEntity> connectorEntities, System.Collections.Generic.IEnumerable<Unify.Product.IdentityBroker.IEntity> wellKnownItems) Line 145 + 0x89 bytes C#
Unify.IdentityBroker.Adapter.Engine.dll!Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.DetectChanges(System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport> connectorEntities) Line 236 + 0xc0 bytes C#
Unify.Framework.DesignPatterns.dll!Unify.Framework.Visitor.Visit<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>>.AnonymousMethod__0(System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport> item, int index) Line 23 + 0x43 bytes C#
Unify.Framework.DesignPatterns.dll!Unify.Framework.Visitor.Visit<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>>(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>> visitCollection, System.Action<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>,int> visitor) Line 48 C#
Unify.Framework.DesignPatterns.dll!Unify.Framework.Visitor.Visit<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>>(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>> visitCollection, System.Action<System.Collections.Generic.KeyValuePair<System.Guid,Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.CollatorReport>> visitor) Line 24 C#
Unify.IdentityBroker.Adapter.Engine.dll!Unify.Product.IdentityBroker.AdapterEntityChangeDetectorCollator.Run() Line 163 + 0x4e bytes C#
Entity Search fail to change page after grouping a field
in IdB beta1, Entity Search fail to change page after grouping a field
Missing file extension for transformed configuration download
The downloaded transformed configuration files are missing their file extension.
Has the MIME type been set on these files?
Can the labels mentioning XSLT be renamed to configuration documentation? Or something along those lines, as XSLT is a technical term. This is on the connector and adapter pages tooltips, as well as the header for the page once configured.
Thanks.
Images flicker in Chrome
A fix that was added to Event Broker was not ported to IdB.
The fix is to comment out the in Request.cs (CassiniDev), lines 496-501 (case HeaderLastModified), to allow static files to be cached.
This was found as I was comparing the outputs of Internet Explorer and Chrome.
Customer support service by UserEcho