Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Error when provisioning to Broker - MV attributes
I am currently provisioning to a placeholder connector and am receiving the error below. None of the multivalue attributes have data in them as part of the initial provisioning. Any ideas?
Error:
System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: Index was outside the bounds of the array. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.IndexOutOfRangeException: Index was outside the bounds of the array.
at Unify.Repository.EntityExpressionQueryVisitor`3.CreateMultiValueRangeExpression(IMultiKey`1 multiKey, IEnumerable`1 sourceValueList, IQueryable`1 sourceQueryable)
at Unify.Repository.EntityExpressionQueryVisitor`3.VisitMethodWhereWithMultiValueEnumerableContains(MethodCallExpression expression)
at Unify.Repository.EntityExpressionQueryVisitor`3.VisitMethodCall(MethodCallExpression m)
at Unify.Framework.ExpressionVisitorBase`11.Visit(Expression exp)
at Unify.Framework.LinqContextConversionExpressionVisitorBase`5.ConvertExpression(Expression partitionExpression)
at Unify.Framework.LinqQueryConversionProvider`5.GetOrderedQuery(Expression businessExpression, IQueryable`1 sourceQueryable, TContext sourceContext)
at Unify.Framework.LinqWhereQuery`5.EvaluateQuery(TContext context)
at Unify.Framework.LinqWhereQuery`5...).
The connector config is:
<connector connector="Unify.Connectors.Placeholder" id="{5034C1B2-1121-49bc-BF05-D72F6B738833}" name="Cisco Placeholder Connector"> <entitySchema> <!-- user fields --> <field name="userid" validator="string" /> <field name="firstname" validator="string" /> <field name="middlename" validator="string" /> <field name="lastname" validator="string" /> <field name="manager" validator="string" /> <field name="department" validator="string" /> <field name="telephoneNumber" validator="string" /> <field name="status" validator="int" /> <field name="associatedDevices" validator="string.multi" /> <!-- device fields --> <field name="device-profileId" validator="guid"/> <field name="device-name" validator="string" /> <field name="device-product" validator="string" /> <field name="device-model" validator="string" /> <field name="device-class" validator="string" /> <field name="device-protocol" validator="string" /> <field name="device-securityProfileName" validator="string" /> <field name="device-description" validator="string" /> <field name="device-lines" validator="guid.multi" /> <!-- line fields --> <field name="line-uuid" validator="guid" /> <field name="line-pattern" validator="string" /> <field name="line-description" validator="string" /> <field name="line-usage" validator="string" /> <field name="line-aarVoiceMailEnabled" validator="boolean" /> <field name="line-voiceMailProfileId" validator="guid" /> <!-- voicemail fields --> <field name="voicemail-uuid" validator="guid" /> <field name="voicemail-name" validator="string" length="50" /> <field name="voicemail-description" validator="string" length="50" /> <field name="voicemail-isDefault" validator="boolean" /> <field name="voicemail-voiceMailboxMask" validator="string" /> </entitySchema>
How to configure Adapter's DN with the attribute name containing the underscore, "_" character
All the fields name for all the SQL tables at client site (ACG CEO) contains the underscore, "_" character.
When configuring DN (<dnComponent>) for Empower Adapter to specify the attribute (field) hr_empl_code the Identity Broker service could not start.
The following error is generated:
og Name: Application
Source: The following error in Adapters occurred during start of the server: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName
Date: 2/17/2011 3:01:36 PM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: w2k8r2x64-fim.fim.uns.com
Description:
Error occurred in module: Adapters
The following error occurred:
System.ArgumentException: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName
at Unify.Framework.AdapterEntityValueCollectionKey..ctor(String valueName)
at Unify.Framework.AdapterEntityValueCollectionKey.op_Implicit(String field)
at Unify.Framework.AdapterEntityDistinguishedNameGeneratorXmlGenerator.ConvertKey(String value)
at Unify.Framework.EntityFieldValueDistinguishedNameComponentGeneratorFactory`2.CreateComponentGenerator(XElement factoryInformation, DNAttributeType attributeType)
at Unify.Framework.EntityDistinguishedNameComponentGeneratorXmlFactoryBase`2.CreateComponent(XElement factoryInformation)
at Unify.Framework.PlugInGeneratorBase`4.CreateComponent(TFactoryInfo factoryInformation)
at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.<>c__DisplayClass1.<CreateComponent>b__0(XElement dnComponentElement)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source)
at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.CreateComponent(XElement factoryInformation)
at Unify.Framework.GenericEntityDistinguishedNameGeneratorXmlGenerator.CreateComponent[TKey,TEntity]()
at Unify.Framework.AdapterConfigurationFactory.CreateComponent(XElement factoryInformation)
at Unify.Framework.AdapterConfigurationGenerator.<>c__DisplayClass4.<CreateComponent>b__1(XElement configurationElement)
at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.AdapterConfigurationGenerator.CreateComponent(XElement factoryInformation)
at Unify.Framework.AdapterEngine.Start()
at Unify.Framework.UnifyEngine.Start()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="The following error in Adapters occurred during start of the server: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-02-17T04:01:36.000000000Z" />
<EventRecordID>15370</EventRecordID>
<Channel>Application</Channel>
<Computer>w2k8r2x64-fim.fim.uns.com</Computer>
<Security />
</System>
<EventData>
<Data>Error occurred in module: Adapters
The following error occurred:
System.ArgumentException: hr_empl_code is not a valid LDAP attribute name
Parameter name: attributeName
at Unify.Framework.AdapterEntityValueCollectionKey..ctor(String valueName)
at Unify.Framework.AdapterEntityValueCollectionKey.op_Implicit(String field)
at Unify.Framework.AdapterEntityDistinguishedNameGeneratorXmlGenerator.ConvertKey(String value)
at Unify.Framework.EntityFieldValueDistinguishedNameComponentGeneratorFactory`2.CreateComponentGenerator(XElement factoryInformation, DNAttributeType attributeType)
at Unify.Framework.EntityDistinguishedNameComponentGeneratorXmlFactoryBase`2.CreateComponent(XElement factoryInformation)
at Unify.Framework.PlugInGeneratorBase`4.CreateComponent(TFactoryInfo factoryInformation)
at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.<>c__DisplayClass1.<CreateComponent>b__0(XElement dnComponentElement)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source)
at Unify.Framework.EntityDistinguishedNameGeneratorXmlGeneratorBase`2.CreateComponent(XElement factoryInformation)
at Unify.Framework.GenericEntityDistinguishedNameGeneratorXmlGenerator.CreateComponent[TKey,TEntity]()
at Unify.Framework.AdapterConfigurationFactory.CreateComponent(XElement factoryInformation)
at Unify.Framework.AdapterConfigurationGenerator.<>c__DisplayClass4.<CreateComponent>b__1(XElement configurationElement)
at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.AdapterConfigurationGenerator.CreateComponent(XElement factoryInformation)
at Unify.Framework.AdapterEngine.Start()
at Unify.Framework.UnifyEngine.Start()</Data>
</EventData>
</Event>
The sample Empower Adapter configuration is
<AdapterEngine>
<!-- Adapter configuration for Empower Person -->
<AdapterEngineConfigurations>
<!-- Adapter configuration for Empower Person consist of Person and Position Connectors -->
<AdapterConfiguration BaseConnectorId="{862A68B4-377C-41b5-AFB9-2A705076285F}"
AdapterId="{706D4F9A-D291-43CB-9A24-3467DE6B588A}"
AdapterName="Empower Person Adapter"
class="person" >
<dn>
<dnComponent name="Field" key="hr_empl_code" attributeType="UID" />
</dn>
<adapterEntityTransformationFactory name="ChainList">
<!-- Renaming (mapping) the Person connector attributes for the Person connector -->
<adapter name="Move" >
<columnMappings>
<columnMapping TargetAttribute="EmployeeCode" SourceAttribute="hr_empl_code" />
<columnMapping TargetAttribute="MonthNumb" SourceAttribute="hr_mnth_numb" />
<columnMapping TargetAttribute="StatusCode" SourceAttribute="hr_stus_code" />
<columnMapping TargetAttribute="StatusDate" SourceAttribute="hr_stus_date" />
<columnMapping TargetAttribute="StatusDati" SourceAttribute="hr_stus_dati" />
<columnMapping TargetAttribute="Surname" SourceAttribute="hr_empl_surn" />
<columnMapping TargetAttribute="GivenName" SourceAttribute="hr_empl_givn" />
<columnMapping TargetAttribute="EmployeeName" SourceAttribute="hr_empl_name" />
<columnMapping TargetAttribute="EmployeeTitle" SourceAttribute="hr_empl_title" />
<columnMapping TargetAttribute="EmailAddress" SourceAttribute="hr_email_adr" />
<columnMapping TargetAttribute="Mobile" SourceAttribute="hr_mobile_ph" />
<columnMapping TargetAttribute="PreferredName" SourceAttribute="hr_pref_name" />
<columnMapping TargetAttribute="NoneFlag" SourceAttribute="hr_none_flag" />
</columnMappings>
</adapter>
</adapterEntityTransformationFactory>
<image>omitted-for-brevity</image>
</AdapterConfiguration>
</AdapterEngineConfigurations>
</AdapterEngine>
Could you please advise me how I could specify the DN?
The Empower Connector and Adapter configuration file attached.
AdapterEngine.extensibility.config.xml
ConnectorEngine.extensibility.config.xml
Using the Move tranformation in the Adapter to rename attribute name result in the error - the column EmployeeCode is not a pre-existing column in adapter Empower Person Adapter
Using the Move tranformation in the Adapter to rename attribute name result in the error - the column EmployeeCode is not a pre-existing column in adapter Empower Person Adapter.
Note: All the fields name for all the SQL tables at client site (ACG CEO) contains the underscore, "_" character.
The following Empower Adapter configuration result in the error
<AdapterEngine>
<!-- Adapter configuration for Empower Person -->
<AdapterEngineConfigurations>
<!-- Adapter configuration for Empower Person consist of Person and Position Connectors -->
<AdapterConfiguration BaseConnectorId="{862A68B4-377C-41b5-AFB9-2A705076285F}"
AdapterId="{706D4F9A-D291-43CB-9A24-3467DE6B588A}"
AdapterName="Empower Person Adapter"
class="person" >
<adapterEntityTransformationFactory name="ChainList">
<!-- Renaming (mapping) the Person connector attributes for the Person connector -->
<adapter name="Move" >
<columnMappings>
<columnMapping TargetAttribute="EmployeeCode" SourceAttribute="hr_empl_code" />
<columnMapping TargetAttribute="MonthNumb" SourceAttribute="hr_mnth_numb" />
<columnMapping TargetAttribute="StatusCode" SourceAttribute="hr_stus_code" />
<columnMapping TargetAttribute="StatusDate" SourceAttribute="hr_stus_date" />
<columnMapping TargetAttribute="StatusDati" SourceAttribute="hr_stus_dati" />
<columnMapping TargetAttribute="Surname" SourceAttribute="hr_empl_surn" />
<columnMapping TargetAttribute="GivenName" SourceAttribute="hr_empl_givn" />
<columnMapping TargetAttribute="EmployeeName" SourceAttribute="hr_empl_name" />
<columnMapping TargetAttribute="EmployeeTitle" SourceAttribute="hr_empl_title" />
<columnMapping TargetAttribute="EmailAddress" SourceAttribute="hr_email_adr" />
<columnMapping TargetAttribute="Mobile" SourceAttribute="hr_mobile_ph" />
<columnMapping TargetAttribute="PreferredName" SourceAttribute="hr_pref_name" />
<columnMapping TargetAttribute="NoneFlag" SourceAttribute="hr_none_flag" />
</columnMappings>
</adapter>
</adapterEntityTransformationFactory>
<image>omitted-for-brevity</image>
</AdapterConfiguration>
</AdapterEngineConfigurations>
</AdapterEngine>
Identity Broker service cannot start, resulting in the error below
Log Name: Application
Source: The following error in Adapters occurred during start of the server: The column EmployeeCode is not a pre-existing column in adapter Empower Person Adapter (706d4f9a-d291-43cb-9a24-3467de6b588a). Please check yo
Date: 2/17/2011 3:21:19 PM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: w2k8r2x64-fim.fim.uns.com
Description:
Error occurred in module: Adapters
The following error occurred:
Unify.Framework.AdapterColumnException: The column EmployeeCode is not a pre-existing column in adapter Empower Person Adapter (706d4f9a-d291-43cb-9a24-3467de6b588a). Please check your configuration before continuing. Currently known fields: hr_empl_code, hr_mnth_numb, hr_stus_code, hr_stus_date, hr_stus_dati, hr_empl_surn, hr_empl_givn, hr_empl_name, hr_empl_title, hr_email_adr, hr_mobile_ph, hr_pref_name, hr_none_flag ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.ThrowHelper.ThrowKeyNotFoundException()
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Unify.Framework.AdapterColumnSources.get_Item(GroupedNameValueCollectionKey column)
--- End of inner exception stack trace ---
at Unify.Framework.AdapterColumnSources.get_Item(GroupedNameValueCollectionKey column)
at Unify.Framework.EntityMoveAttributesAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.AdapterEngine.CreateAdapter(IEntityPartitionUpdatableContextFactory entityEngineRepositoryFactory, IConnectorRepository connectorRepository, IAdapterEntityPartitionUpdatableContextFactory adapterEntityPartitionUpdatableContextFactory, IAdapterConfiguration adapterConfiguration)
at Unify.Framework.AdapterEngine.<>c__DisplayClass2.<Start>b__0(IAdapterConfiguration adapterConfiguration)
at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
at System.Linq.Enumerable.<ConcatIterator>d__71`1.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor)
at Unify.Framework.AdapterEngine.Start()
at Unify.Framework.UnifyEngine.Start()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="The following error in Adapters occurred during start of the server: The column EmployeeCode is not a pre-existing column in adapter Empower Person Adapter (706d4f9a-d291-43cb-9a24-3467de6b588a). Please check yo" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-02-17T04:21:19.000000000Z" />
<EventRecordID>15380</EventRecordID>
<Channel>Application</Channel>
<Computer>w2k8r2x64-fim.fim.uns.com</Computer>
<Security />
</System>
<EventData>
<Data>Error occurred in module: Adapters
The following error occurred:
Unify.Framework.AdapterColumnException: The column EmployeeCode is not a pre-existing column in adapter Empower Person Adapter (706d4f9a-d291-43cb-9a24-3467de6b588a). Please check your configuration before continuing. Currently known fields: hr_empl_code, hr_mnth_numb, hr_stus_code, hr_stus_date, hr_stus_dati, hr_empl_surn, hr_empl_givn, hr_empl_name, hr_empl_title, hr_email_adr, hr_mobile_ph, hr_pref_name, hr_none_flag ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.ThrowHelper.ThrowKeyNotFoundException()
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at Unify.Framework.AdapterColumnSources.get_Item(GroupedNameValueCollectionKey column)
--- End of inner exception stack trace ---
at Unify.Framework.AdapterColumnSources.get_Item(GroupedNameValueCollectionKey column)
at Unify.Framework.EntityMoveAttributesAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.EntityChainAdapterFactory.ApplyChangeDetectionColumnInformation(IAdapterColumnSources columnInformation)
at Unify.Framework.AdapterEngine.CreateAdapter(IEntityPartitionUpdatableContextFactory entityEngineRepositoryFactory, IConnectorRepository connectorRepository, IAdapterEntityPartitionUpdatableContextFactory adapterEntityPartitionUpdatableContextFactory, IAdapterConfiguration adapterConfiguration)
at Unify.Framework.AdapterEngine.<>c__DisplayClass2.<Start>b__0(IAdapterConfiguration adapterConfiguration)
at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
at System.Linq.Enumerable.<ConcatIterator>d__71`1.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor)
at Unify.Framework.AdapterEngine.Start()
at Unify.Framework.UnifyEngine.Start()</Data>
</EventData>
</Event>
I believe I understood and have followed the configuration correctly at Move attributes transformation, although the columnMapping attribute listed is out of date.
- The LeftAttribute should be SourceAttribute
- The RightAttributeshould be TargetAttribute
Could you please advise me what is causing the error above?
The Empower Connector and Adapter configuration is attached.
Thank you
Transformations should check their prerequisites
The IsOperative transformation and a number of others need to check their prerequisites before being created, like the Time Offset transformation. In the case of IsOperative, it needs to check if there are any date fields present. If there aren't it presents a UI with nothing in its dropdowns.
The Relational String priority transformation doesn't enforce the values on the string priority drop down, and the multivalue union transformation doesn't enforce the left or right field drop downs.
Identity Broker Adapter transformation, IsOperative for Empower Organisation doesn't work due to EndColumn value is blank
In section 8.1.3 of the Technical Guide for Empower Organisation Adapter, the Identity Broker Adapter transformation, IsOperative for Empower Organisation doesn't work due to EndColumn value is blank.
All the organisation "Active" status are all "F" (false) when all should be "T" (true). This is because the attribute hr_upto_date specified as the EndColumn of the IsOperative transform is a whitespace/blank. Thus the time end time is invalid.
Peter, could you please advice on how to address this.
Connectors sporadically go missing
After configuring the Identity Broker console and performing normal use, configured connectors will sometimes go missing. This happens to individual connectors, and sometimes more than one at the same time.
This was thought to have been caused by IDB-454 as the logs appeared around the same time, but will need to be confirmed. See https://unifysolutions.jira.com/browse/IDB-454?focusedCommentId=29123&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-29123
Log Excerpt.txt
Export from FIM EmployeePosition Placeholder into EmployeePosition Placeholder Adapter result in error
I have a EmployeePosition Connector that has two keys specified, employee_code and position_no.
In the EmployeePosition Adapter configuration I did not specified the <dnComponent> as I cannot find any documentation on how this would be achieved such that FIM will see all the object coming through this adapter as unique objects. Thus is left it to the default GUID to be generated.
I also have a Position Placeholder Connector and Adapter for Provisioning (exporting) the EmployeePosition objects from the EmployeePosition Adapter into it so that it could be used to generate the Positions membership and other multi-values attributes.
The Position Placeholder Connector is using the same two keys as in the Position Connector, employee_code and position_no.
The Position Placeholder Adapter configuration using the default GUID as <dnComponent>
- I can bring the bring the EmployeePosition Adapter data into FIM EmployeePosition MA Connector Space successfully
- I can synchronise FIM EmployeePosition MA Connector Space to FIM EmployeePosition Placeholder MA Connector Space successfully.
- However when I perform the FIM Export on EmployeePosition Placeholder MA I got the below error.
20110404,05:19:12,Adapter request to save entity to adapter space.,Adapter,Information,Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d.,Normal 20110404,05:19:12,An entity failed validation.,Adapter,Warning,The entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 on connector b112daa3-e9aa-43a8-9615-2c20626dddc6 failed validation 1 times for the following reasons: EmployeeCode is a required field and is not present.,Normal 20110404,05:19:12,Adapter request to save entity to adapter space failed.,Adapter,Warning,"Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d failed with reason 1 items failed schema validation during Adapter operation. Check log for validation errors.. Duration: 00:00:00.0341775 Error details: Unify.Framework.AdapterSchemaException: 1 items failed schema validation during Adapter operation. Check log for validation errors. at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect) at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect) at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity) at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entityToSave) at Unify.Framework.LDIFAdapter.ExportAdapterEntity(IAdapterEntity adapterEntity, Guid adapterId) at Unify.Framework.LDIFAdapterServiceHostDecorator.ExportAdapterEntity(IAdapterEntity adapterEntity, Guid adapterId) at SyncInvokeExportAdapterEntity(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)",Normal
When Codeless Framework configuration for provisioning to the EmployeePosition Placeholder is
<ma name="Positions Placeholder">
<systemtype>IdentityBroker</systemtype>
<datasource>
<connectionString>HTTP://localhost</connectionString>
<Port>59999</Port>
<UserName></UserName>
<Password></Password>
</datasource>
<provisioning enabled="true"/>
<deprovisioning enabled="true"/>
<cs-deletes-enabled enabled="true"/>
<cd-deletes-enabled enabled="false"/>
<object type="Position" csobjecttype="person" anchorattribute="dn">
<provisioning>
<enabled>true</enabled>
<dnprefix>UID=</dnprefix>
<allowfilters switch="or">
<filter priority="1">
<attribute>PositionTile</attribute>
<compareType>ne</compareType>
<compareValue>Casual</compareValue>
</filter>
</allowfilters>
<defaults>
<default name="EmployeeCode">
<type>csentry</type>
<attribute>EmployeeCode</attribute>
<value>EmployeeCode</value>
<mvaction></mvaction>
</default>
<default name="PositionNumber">
<type>csentry</type>
<attribute>PositionNumber</attribute>
<value>PositionNumber</value>
<mvaction></mvaction>
</default>
<default name="IdBID">
<type>csentry</type>
<attribute>IdBID</attribute>
<value>IdBID</value>
<mvaction></mvaction>
</default>
</defaults>
<uniquename>
<namerule priority="1">
<maxlength>64</maxlength>
<minlength>1</minlength>
<pad-with></pad-with>
<namecomponent priority="1">
<type>attribute</type>
<value>IdBID</value>
<attributeseparator></attributeseparator>
<pad-with></pad-with>
<maxlength>64</maxlength>
<minlength>1</minlength>
<alphanumericsonly>true</alphanumericsonly>
</namecomponent>
</namerule>
<datasource-attributename></datasource-attributename>
<verify-against>
<connectionString></connectionString>
<Port></Port>
<UserName></UserName>
<Password></Password>
</verify-against>
</uniquename>
</provisioning>
.
.
.
The Identity Broker for Empower Connectors and Adapter configuration file attached. Attached also the Codeless Framework configuration file to Provisioning of the "Position Placeholder" MA.
The Identity Broker error log file is also attached.
Peter, would you be able to assist with this issue. Perhaps this is best to obtain the help from the Product team.
On the Container search - receive Unable to get the hierarchy from the LDAP server.ExtensibleExtensionException: (87) Filter Error Server Message: The search filter is invalid
Created a new Adapter in Identity Broker for the Department with a DN - CN=Name,OU=Group. The objectclass is ADVDepartment.
The Adapter is created successfully and the Processed Entity Count is 16.
I create the Generic LDAP (Microsoft) MA successfully and could import the objects.
When I select the Containers from the Configure Partitions and Hierarchies pane off the MA properties I receive the following errors:
The error in the Event viewer is:
The extensible extension returned an unsupported error. The stack trace is: "Microsoft.MetadirectoryServices.ExtensibleExtensionException: Unable to get the hierarchy from the LDAP server.ExtensibleExtensionException: (87) Filter Error Server Message: The search filter is invalid. Matched DN: RootCauseException: ---> System.DirectoryServices.Protocols.LdapException: The search filter is invalid. at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at Microsoft.IdentityManagement.Connector.GenericLdap.Channel.DirectoryContext.GetDirectoryEntries(String namingContext, SearchScope scope, DirectoryControlCollection directoryControls, String filter, String[] attributes) at Microsoft.IdentityManagement.Connector.GenericLdap.Proxy.HierarchyProxy.GetHierarchy(HierarchyNode parent, LdapDirectory directoryName) at Microsoft.IdentityManagement.Connector.GenericLdap.ConfigStrategy.GetHierarchy(HierarchyNode parent) at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.GetHierarchy(KeyedCollection`2 configParameters, HierarchyNode parent) --- End of inner exception stack trace --- at Microsoft.IdentityManagement.Connector.GenericLdap.ExceptionManager.ExceptionHelper.MapExceptionType(Exception exception) at Microsoft.IdentityManagement.Connector.GenericLdap.ExceptionManager.ExceptionHelper.SetConnectorException(Exception baseException, String errorMessage, String distinguishedName) at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.ReportErrorToSyncService(String errorMessage, Exception exception) at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.GetHierarchy(KeyedCollection`2 configParameters, HierarchyNode parent) Forefront Identity Manager 4.1.3599.0"
screenshot-1.png
Decouple adapter import from entity transformations
The adapter transformation process should be decoupled from the adapter import.
Allow the adapter to be configured to allow for both modes - default to decoupled mode.
The benefits would be:
- The appearance of faster imports into the identity management solution.
- Searches on the adapter space would not have to wait for transformations.
- Transformations could be performed as needed.
Tasks:
- Add methods to adapter to perform transform only.
- Create a job that can be added to the adapter configuration that runs the transformation after:
- The base connector has performed an import.
- A specified connector has performed an import.
- A change is due in the changes register.
- As per a schedule - regular timings.
IDB-151.png
Ensure exports that we expect to fail actually fail
Here's an obscure one;
At Aurion Corp we terminated a user and placed them in to a container that wasn't managed by the AD connector. As such, when we re-hired them it couldn't find their first account and provisioned another with the same sAMAccountName.
They and I both understand that ALL users should be contained in the scope of the AD connector for this reason, but all the same I would have expected the export to fail with an "Object Already Exists" LDAP error... only it didn't. It created it in a "half finished" state, so when you clicked on the account tab it said it was corrupt or something and needed to be recreated.
Just wondering if we expected this - it's possibly that when we add userPrincipalName it will correctly pick up the duplication, not sure. Maybe we should look at picking up an error if we can get it throw one then retry with 2 or 3 revisions of the account name? Might be difficult.
Customer support service by UserEcho
