Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

  1. Forum: UNIFYBroker Forum
0
Fixed

Connectors sporadically go missing

Matthew Clark 12 years ago updated by anonymous 9 years ago 11

After configuring the Identity Broker console and performing normal use, configured connectors will sometimes go missing. This happens to individual connectors, and sometimes more than one at the same time.

This was thought to have been caused by IDB-454 as the logs appeared around the same time, but will need to be confirmed. See https://unifysolutions.jira.com/browse/IDB-454?focusedCommentId=29123&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-29123


Log Excerpt.txt
0
Answered

Export from FIM EmployeePosition Placeholder into EmployeePosition Placeholder Adapter result in error

Shane Lim 14 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 9 years ago 5

I have a EmployeePosition Connector that has two keys specified, employee_code and position_no.
In the EmployeePosition Adapter configuration I did not specified the <dnComponent> as I cannot find any documentation on how this would be achieved such that FIM will see all the object coming through this adapter as unique objects. Thus is left it to the default GUID to be generated.

I also have a Position Placeholder Connector and Adapter for Provisioning (exporting) the EmployeePosition objects from the EmployeePosition Adapter into it so that it could be used to generate the Positions membership and other multi-values attributes.
The Position Placeholder Connector is using the same two keys as in the Position Connector, employee_code and position_no.
The Position Placeholder Adapter configuration using the default GUID as <dnComponent>

  • I can bring the bring the EmployeePosition Adapter data into FIM EmployeePosition MA Connector Space successfully
  • I can synchronise FIM EmployeePosition MA Connector Space to FIM EmployeePosition Placeholder MA Connector Space successfully.
  • However when I perform the FIM Export on EmployeePosition Placeholder MA I got the below error.
20110404,05:19:12,Adapter request to save entity to adapter space.,Adapter,Information,Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d.,Normal
20110404,05:19:12,An entity failed validation.,Adapter,Warning,The entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 on connector b112daa3-e9aa-43a8-9615-2c20626dddc6 failed validation 1 times for the following reasons: EmployeeCode is a required field and is not present.,Normal
20110404,05:19:12,Adapter request to save entity to adapter space failed.,Adapter,Warning,"Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d failed with reason 1 items failed schema validation during Adapter operation.  Check log for validation errors.. Duration: 00:00:00.0341775
Error details:
Unify.Framework.AdapterSchemaException: 1 items failed schema validation during Adapter operation.  Check log for validation errors.
   at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
   at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
   at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity)
   at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entityToSave)
   at Unify.Framework.LDIFAdapter.ExportAdapterEntity(IAdapterEntity adapterEntity, Guid adapterId)
   at Unify.Framework.LDIFAdapterServiceHostDecorator.ExportAdapterEntity(IAdapterEntity adapterEntity, Guid adapterId)
   at SyncInvokeExportAdapterEntity(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)",Normal

When Codeless Framework configuration for provisioning to the EmployeePosition Placeholder is

   <ma name="Positions Placeholder">
      <systemtype>IdentityBroker</systemtype>
      <datasource>
        <connectionString>HTTP://localhost</connectionString>
        <Port>59999</Port>
        <UserName></UserName>
        <Password></Password>
      </datasource>
      <provisioning enabled="true"/>
      <deprovisioning enabled="true"/>
      <cs-deletes-enabled enabled="true"/>
      <cd-deletes-enabled enabled="false"/>
      <object type="Position" csobjecttype="person" anchorattribute="dn">
        <provisioning>
          <enabled>true</enabled>
          <dnprefix>UID=</dnprefix>
          <allowfilters switch="or">
                <filter priority="1">
                  <attribute>PositionTile</attribute>
                  <compareType>ne</compareType>
                  <compareValue>Casual</compareValue>
                </filter>
          </allowfilters>
          <defaults>
            <default name="EmployeeCode">
              <type>csentry</type>
              <attribute>EmployeeCode</attribute>
              <value>EmployeeCode</value>
              <mvaction></mvaction>
            </default>
            <default name="PositionNumber">
              <type>csentry</type>
              <attribute>PositionNumber</attribute>
              <value>PositionNumber</value>
              <mvaction></mvaction>
            </default>
            <default name="IdBID">
              <type>csentry</type>
              <attribute>IdBID</attribute>
              <value>IdBID</value>
              <mvaction></mvaction>
            </default>
          </defaults>
            <uniquename>            
              <namerule priority="1">    
                <maxlength>64</maxlength>
                <minlength>1</minlength>    
                <pad-with></pad-with>        
                <namecomponent priority="1">
                  <type>attribute</type>        
                  <value>IdBID</value>        
                  <attributeseparator></attributeseparator>    
                  <pad-with></pad-with>                        
                  <maxlength>64</maxlength>    
                  <minlength>1</minlength>        
                  <alphanumericsonly>true</alphanumericsonly>        
                </namecomponent>                    
              </namerule>            
              <datasource-attributename></datasource-attributename>
              <verify-against>
                  <connectionString></connectionString>    
                  <Port></Port>    
                  <UserName></UserName>    
                  <Password></Password>
              </verify-against>        
            </uniquename>            
        </provisioning> 
.
.
.

The Identity Broker for Empower Connectors and Adapter configuration file attached. Attached also the Codeless Framework configuration file to Provisioning of the "Position Placeholder" MA.

The Identity Broker error log file is also attached.

Peter, would you be able to assist with this issue. Perhaps this is best to obtain the help from the Product team.

0
Answered

On the Container search - receive Unable to get the hierarchy from the LDAP server.ExtensibleExtensionException: (87) Filter Error Server Message: The search filter is invalid

André van der Westhuizen 10 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 9 years ago 2

Created a new Adapter in Identity Broker for the Department with a DN - CN=Name,OU=Group. The objectclass is ADVDepartment.

The Adapter is created successfully and the Processed Entity Count is 16.
I create the Generic LDAP (Microsoft) MA successfully and could import the objects.

When I select the Containers from the Configure Partitions and Hierarchies pane off the MA properties I receive the following errors:

The error in the Event viewer is:

The extensible extension returned an unsupported error.
 The stack trace is:
 
 "Microsoft.MetadirectoryServices.ExtensibleExtensionException: Unable to get the hierarchy from the LDAP server.ExtensibleExtensionException: (87) Filter Error Server Message: The search filter is invalid. Matched DN: RootCauseException:  ---> System.DirectoryServices.Protocols.LdapException: The search filter is invalid.
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.IdentityManagement.Connector.GenericLdap.Channel.DirectoryContext.GetDirectoryEntries(String namingContext, SearchScope scope, DirectoryControlCollection directoryControls, String filter, String[] attributes)
   at Microsoft.IdentityManagement.Connector.GenericLdap.Proxy.HierarchyProxy.GetHierarchy(HierarchyNode parent, LdapDirectory directoryName)
   at Microsoft.IdentityManagement.Connector.GenericLdap.ConfigStrategy.GetHierarchy(HierarchyNode parent)
   at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.GetHierarchy(KeyedCollection`2 configParameters, HierarchyNode parent)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.Connector.GenericLdap.ExceptionManager.ExceptionHelper.MapExceptionType(Exception exception)
   at Microsoft.IdentityManagement.Connector.GenericLdap.ExceptionManager.ExceptionHelper.SetConnectorException(Exception baseException, String errorMessage, String distinguishedName)
   at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.ReportErrorToSyncService(String errorMessage, Exception exception)
   at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.GetHierarchy(KeyedCollection`2 configParameters, HierarchyNode parent)
Forefront Identity Manager 4.1.3599.0"

screenshot-1.png
0
Completed

Decouple adapter import from entity transformations

Adam van Vliet 13 years ago updated by anonymous 9 years ago 17

The adapter transformation process should be decoupled from the adapter import.

Allow the adapter to be configured to allow for both modes - default to decoupled mode.

The benefits would be:

  • The appearance of faster imports into the identity management solution.
  • Searches on the adapter space would not have to wait for transformations.
  • Transformations could be performed as needed.

Tasks:

  • Add methods to adapter to perform transform only.
  • Create a job that can be added to the adapter configuration that runs the transformation after:
    • The base connector has performed an import.
    • A specified connector has performed an import.
    • A change is due in the changes register.
    • As per a schedule - regular timings.

IDB-151.png
0
Fixed

Ensure exports that we expect to fail actually fail

Patrick Johannessen 11 years ago in UNIFYBroker/Aurion updated by anonymous 9 years ago 1

Here's an obscure one;

At Aurion Corp we terminated a user and placed them in to a container that wasn't managed by the AD connector. As such, when we re-hired them it couldn't find their first account and provisioned another with the same sAMAccountName.

They and I both understand that ALL users should be contained in the scope of the AD connector for this reason, but all the same I would have expected the export to fail with an "Object Already Exists" LDAP error... only it didn't. It created it in a "half finished" state, so when you clicked on the account tab it said it was corrupt or something and needed to be recreated.

Just wondering if we expected this - it's possibly that when we add userPrincipalName it will correctly pick up the duplication, not sure. Maybe we should look at picking up an error if we can get it throw one then retry with 2 or 3 revisions of the account name? Might be difficult.

0
Answered

Modifications required to employee / manager relationship hierarchy

Ryan Crossingham 12 years ago in UNIFYBroker/SAP ERP Human Capital Management updated by anonymous 9 years ago 3

John Campbell is looking to modify the SAP ABAP modules in order to update the employee / manager relationship hierarchy model.

He has asked which ABAP module he should be looking at specifically.
Any ideas?

0
Fixed

Foreign key constraint violation when attempting delta import into FIM

Matthew Clark 13 years ago updated by anonymous 9 years ago 7

In order to attempt 3.1.8 of the regression test, I did the following:

  • CSV connector with 2 entries
  • Full import into FIM
  • Added new user, updated existing user, deleted old user
  • Change detection shows 3 changes in adapter statistics, entries present in the changes table
  • Delta import into FIM to confirm changes

The following error was thrown:

The extensible extension returned an unsupported error.
The stack trace is:

"System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectClass_Partition". The conflict occurred in database "Unify.IdentityBroker", table "dbo.Partition", column 'PartitionId'.
The statement has been terminated. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.Data.SqlClient.SqlException: The INSERT statement conflicted with the FOREIGN KEY constraint "FK_ObjectClass_Partition". The conflict occurred in database "Unify.IdentityBroker", table "dbo.Partition", column 'PartitionId'.
The statement has been terminated.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning()
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(...).Forefront Identity Manager 4.0.3594.2"

Subsequent delta imports also throw this error, so fortunately the changes are not being cleared following the error of the first attempt.

0
Fixed

Attempting to delete transformation base generator or multipart inner component gets a "Sequence contains no elements" message

Matthew Clark 12 years ago updated by anonymous 9 years ago 4

When all DN components are deleted, the DN generator defaults to either the Schema Key or the Entity Id generator (depending on the schema key). When you attempt to delete this one in a transformation, you receive a "Sequence contains no elements" message in the temp data message. This has no operational impact other than this message appearing in this case.

However, this also occurs when attempting to delete a component from a multipart component results in the same error, and this does affect configuration. You can work around this currently by deleting the multipart completely and recreating it.

0
Fixed

MultiValue Union transformation functions menu errors with "Object reference not set to an instance of an object."

Tony Sheehy 13 years ago updated by anonymous 9 years ago 4

Functions menu for the MultiValue Union transformation errors with:

System.NullReferenceException: Object reference not set to an instance of an object.
at Unify.Connect.Web.AdapterController.EditTransformationOnStep(Guid id, Guid transformationId) in c:\workspaces\IdentityBroker\Source\Studio\Unify.Connect.Web\Controllers\AdapterController.cs:line 1294
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters)
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<>c__DisplayClass17.<InvokeActionMethodWithFilters>b__14()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
0
Fixed

SharePoint 2010 User Profile does not handle ampersands correctly

Matthew Clark 13 years ago in UNIFYBroker/Microsoft SharePoint updated by anonymous 9 years ago 9

In a similar vein to issues with MOSS 2007, SharePoint 2010 does not appear to handle symbols correctly. In the latest chris21 demo environment, regular ampersands were being correctly sent to SharePoint as the correct symbol '&' 

&amp;

but coming back as the wide Unicode symbol '&' 

&#65286;

causing cycling exported-change-not-reimported errors



Customer support service by UserEcho