Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Completed

Statistics Summary

Peter Wass 13 years ago updated by anonymous 8 years ago 3

Currently there is no easy way to get stats on a connector or adapter. It would be good to be able to see:

  • Number of current objects
  • Number of changes in change register
  • Number of pending exports (to connected system or FIM)
    (Note the last two may be the same...)
  • Date / Time of last run import / export
  • Number of Errors / Warnings from last import / export run
  • Probably some more things but they're not coming off the top of my head.

Making this available via WMI would probably also be useful to allow management packs / websites etc to generate this as a report feature.

A hover-over would work on the display but in some cases you'd like the stats to be on the screen permanently - perhaps allow a configuration block where the admin can add required info for the connector / adapter.

Note: The changes for the adapter should include ALL underlying connector changes (I assume they do).

I'm not sure if there's some more info on EB integration but probably. Haven't used it enough to get a good feel for it.

0
Answered

IDB5: Adapter Schema

Peter Wass (ACT Government) 9 years ago updated by Adam van Vliet 6 years ago 2

I have started testing IDB5. I have an issue where you cannot have the same attribute name on different adapters. While I can understand this if the schema is different, it will be necessary to be able to have the same schema name where the validators are the same.

Consider this example:
We have ACT Education with about 100 MAZE instances, all read through IDB.
Each MAZE will have 3 adapters (Students, Teachers, Classes)
Each adapter will have similar attributes.

This will mean that I have 200 different attributes for 'firstname', 200 for 'lastname', 300 for 'class code', etc.

This will make it nearly impossible to create the Management agent - we will have 100 firstname attributes importing to 1 firstname metaverse attribute for 2 different objects. Aternatively, we have 300 different object types in the management agent.

Further to this, it will make the writing of code immeasurably more difficult. I can either have several hundred copies of the advanced flow rules, or I can dodgy up some method where I construct the attribute at run time to retrieve from the CSEntry so I can read and write from it.

Is it possible to only enforce new names if the schema validator is different, or require the user to agree that the schema's are the same when creating the adapter, thus making it the operators responsibility to ensure that the schema is correct?

Answer
Adam van Vliet 6 years ago

This was updated in v5.1 such that multiple schemas are supported (the setting that controls it is https://voice.unifysolutions.net/knowledge-bases/7/articles/2975-ldap-single-schema-mode).

0
Completed

Allow group transformation to group values instead of dn's

Adam van Vliet 10 years ago updated by anonymous 8 years ago 1

Allow group transformation to group values instead of dn's. The use-case is from MONASH-7, which required data that weren't really references to be grouped. Could just use target field type as a multi-value.

Additional use case:

  • Multiple fields from the target entity are needed in their own groups. If possible make the configuration a collection of target fields paired with the right side entity field
0
Completed

Persistent Search

Curtis Lusmore 9 years ago updated by anonymous 8 years ago 1

For use with FIM Event Broker, Identity Broker v5.1 should support the LDAP Server Notification OID control which allows FIM Event Broker (and other LDAP client applications) to be notified of changes on the LDAP server as they become available.

This feature will also require implementing an efficient mechanism to allow the persistent search request handler to know when changes are available.

Resources:

0
Completed

Investigate handling of inconsistent casing in container objects

Matthew Clark 13 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 8 years ago 9

QDET-97, IDBSP-29, IDBSP-36 and IDBFIM300:The distinguished name and reference value attributes of a management agent seem to change case inexplicably all detail issues that arise due to inconsistent casing in container objects retrieved from a target system, usually where the key field is a self-reference (such as Microsoft SharePoint). Microsoft FIM does not handle inconsistently cased container objects with great finesse, prompting the renaming and updating of all reference value fields and distinguished names in a connector space. Investigate if any appropriate measures can be introduced on the Identity Broker side to alleviate or address this issue.

0
Answered

Investigate more efficient retrieval from and clearing of EAI table

Matthew Clark 11 years ago in UNIFYBroker/Frontier ichris/chris21 updated by anonymous 8 years ago 2

At SSICT, a large initial export of 52000 updates to the DET table caused the EAI changes table to contain a similar amount of changes. This resulted in the Import Changes operation for the connector taking 9-10 hours to execute, and the EAI table for the DET form was not cleared. It was worked around by forcing a deletion of the CHEAI file following the initial load exercise. Investigate any improvements that can be made to this interface for environments where extremely large numbers of changes can take place.

0
Fixed

Connector clearance timeout issues/paged clear

Tony Sheehy 11 years ago updated by anonymous 8 years ago 2

The following was encountered when clearing the connector with 1million entities:

Change detection clear connector space failed.
Change detection clear connector space for connector Example failed with reason Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.. Duration: 00:17:10.3089303
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning()
at System.Data.SqlClient.TdsParserStateObject.ReadSniError(TdsParserStateObject stateObj, UInt32 error)
at System.Data.SqlClient.TdsParserStateObject.ReadSni(DbAsyncResult asyncResult, TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParserStateObject.ReadNetworkPacket()
at System.Data.SqlClient.TdsParserStateObject.ReadByte()
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Unify.Product.IdentityBroker.Repository.EntityDataContext.DeletePartitionItems(Guid partitionID) in s:\hg\Product\IdentityBroker\Master-Changes\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\Entity.cs:line 101
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.DeletePartitionItems(Guid partitionID) in s:\hg\Product\IdentityBroker\Master-Changes\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\KnownEntityContextBase.cs:line 121
at Unify.Product.IdentityBroker.EntityPartitionUpdatableContextAdapter.DeleteAllPartitionItems() in s:\hg\Product\IdentityBroker\Master-Changes\Source\Entity\Unify.IdentityBroker.Entity.Repository\EntityPartitionUpdatableContextAdapter.cs:line 30
at Unify.Product.IdentityBroker.ChangeDetectionClearConnectorJob.RunBase() in s:\hg\Product\IdentityBroker\Master-Changes\Source\ChangeDetection\Unify.IdentityBroker.ChangeDetection\ChangeDetectionClearConnectorConnectorJob.cs:line 100
at Unify.Framework.JobBase.Run() in S:\hg\Framework\Core\Master-Changes\Source\Scheduling\Unify.Framework.Scheduling.Job\JobBase.cs:line 15
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() in c:\workspaces\BUILDS\UFCORE-4.0-DEV\Source\Scheduling\Unify.Framework.Scheduling.Job.Auditing\DefinedScopeJobAuditTrailJobDecorator.cs:line 34
at Unify.Framework.BeforeJobDecorator.Run() in S:\hg\Framework\Core\Master-Changes\Source\Scheduling\Unify.Framework.Scheduling.Job\BeforeJobDecorator.cs:line 33
at Unify.Framework.BeforeJobDecorator.Run() in S:\hg\Framework\Core\Master-Changes\Source\Scheduling\Unify.Framework.Scheduling.Job\BeforeJobDecorator.cs:line 33
at Unify.Product.IdentityBroker.QueuedConnectorExecutionProcessorEndDecorator.Run() in s:\hg\Product\IdentityBroker\Master-Changes\Source\ChangeDetection\Unify.IdentityBroker.ChangeDetection\QueuedConnectorExecutionProcessorEndDecorator.cs:line 41

There is an arbitrary timeout on the DeletePartitionItems on Entity.cs; this needs to either be configurable or paged, preferably paged as it is more useful than just waiting a longer time.

0
Answered

Further investigation of chris21 change detection mechanisms

Matthew Clark 12 years ago in UNIFYBroker/Frontier ichris/chris21 updated by anonymous 8 years ago 8

As part of IDBCHRS-34, the change detection mechanism has been updated such that the user will not be required to select the relevant "EAI Type" field, as this is believed to be too advanced for the goals of Identity Broker v4.0 (in particular, the "Parts" type). These require the user to have full understanding of how chris21 is sending its data back to Identity Broker, down to the position in the string returned, and be able to interpret the result in full.

The mechanism has been updated such that a large majority of forms are completely covered by the changes. However, some forms return change data which cannot be directly mapped back to a chris21 request, such as the ALW form:

cbr="eailst",gw_transactionid="186",eaiidentity="12051411062278000023200000000",eaifile="EMALW",eaichange="A",eaikeydata="OK1006 .79496PAATF00",eaiempno="OK1006",eaiempdate,eailogonid,updatetag="FRONTIER;20514110622",accesslevel="delete",status="ok"

The key for the form is made of 5 components, but things can be of varying lengths. Compare the above key data with:

eaikeydata="101137.79372EABT00"
eaikeydata="100500008790PON_P00"

Under the old mechanism, the user would need to add a Parts type and manually enter the position of the second key in the string in order to use EAI.

Given this complexity, investigate the success of the current changes to change detection for user requirements, further investigate the wrapping of these keys, and also consider alternate change mechanisms to overcome this apparent limitation (such as seeing the impact "Changes enabled" has on file tables).

A dictionary has been added for additional handling of specific forms in the future. Specific forms should be investigated and added to the dictionary.

0
Answered

Identity Broker for chris21 errors when attempting to write to fax attribute

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 8 years ago 8

Here is an error I am getting when I attempt to write the fax attribute (alttele) to CHRIS21... I think this is the same error reflected twice.

Identity Broker Errors:

Timestamp Severity Source Module Message
26/07/2011 3:26:26 PM Warning Save entities to connector failed. Connector "Save entities Count:1 to connector Chris21 Person Connector failed with reason GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.. Duration: 00:00:00.1552735
Error details:
System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.
at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine)
at Unify.Framework.Chris21GtrWorker.CheckUpdateResult(IChris21GtrRecord updateResultRecord)
at Unify.Communicators.Chris21GtrCommunicatorBase.Update(IChris21GtrEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntity(IConnectorEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.ConnectorToWritingConnectorBridge.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.EventNotifierWritingConnectorDecorator.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)"

Timestamp Severity Source Module Message
26/07/2011 3:26:26 PM Warning Adapter request to save entity to adapter space failed. Adapter "Adapter request to save entity bb2a8727-836e-4c78-a7e0-8871b03367a9 to adapter space 53e85508-7648-409c-bd3a-0737028eba29 failed with reason GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.. Duration: 00:00:00.3388672
Error details:
System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.
at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine)
at Unify.Framework.Chris21GtrWorker.CheckUpdateResult(IChris21GtrRecord updateResultRecord)
at Unify.Communicators.Chris21GtrCommunicatorBase.Update(IChris21GtrEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntity(IConnectorEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.ConnectorToWritingConnectorBridge.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.EventNotifierWritingConnectorDecorator.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)"


FaxNumberConvertPolicy.xml
0
Completed

Give Identity Broker a Support and Help link in Programs and Features.

Tony Sheehy 12 years ago updated by anonymous 8 years ago 2

It's possible to give installed applications a Help and Support link, visible in the Programs and Features section. If this isn't too hard it might be worthwhile.

Start at http://msdn.microsoft.com/en-us/library/aa368032.aspx and http://blogs.technet.com/b/alexshev/archive/2008/02/09/from-msi-to-wix-part-2.aspx. Looks like the following might work:

<Property Id="ARPHELPLINK" Value="somelink.com" />