The versions are 5.3.2 for broker and 4.3.0 for AD with a provided patch. Plus is v5.3.0.2.  I'm attempting to export to AD with Broker Plus but getting this unknown error. The permissions in AD are right. The connection is right, Test Connection works and I'm getting user in when I import with the connector. When I run a baseline on the AD to Person link, I wait a while then this error appears in the log. The operations that should be ocurring are a DN rename and some attribute modifies.

Update entities to connector failed.
Update entities [Count:2] to connector Active Directory failed with reason A task faulted. See inner exception for details.. Duration: 00:00:00.0156294
Error details:
System.Exception: A task faulted. See inner exception for details. ---> System.Exception: Received error code Other for item with dn CN=Jane Jones,OU=Win10 Canberra Users,OU=Win10 Users,DC=internal,DC=govt. Message: 00002089: UpdErr: DSID-031B0E6F, problem 5012 (DIR_ERROR), data 2
---> System.DirectoryServices.Protocols.DirectoryOperationException: An unknown error occurred.
Server stack trace:
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at [0]:
at System.DirectoryServices.Protocols.LdapConnection.EndSendRequest(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
--- End of inner exception stack trace ---
at Unify.Connectors.AD.ADAgent.ErrorCheckResponse(String dn, DirectoryResponse response, String operationName, Exception originalException)
at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADAgent.<MoveEntryAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADConnector.<UpdateEntitiesAsync>d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.ConnectorToUpdatingAsyncConnectorBridge.<UpdateEntitiesAsync>d__8.MoveNext()
--- End of inner exception stack trace ---
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.EventNotifierUpdatingAsyncConnectorDecorator.<UpdateEntitiesAsync>d__3.MoveNext()

Any ideas?

Connection to Aurion was working yesterday. I was surprised it worked with nothing done to do with certificates since the webservice is a https address but today it's stopped working: "Change detection engine import all items for connector Aurion Employee failed with reason The request was aborted: Could not create SSL/TLS secure channel" System.Net.WebException. Does this mean a certificate needs to be installed on the Broker server? Or maybe something needs to be updated in the exe config? I googled the error but it was just alot of code samples and code fixes to resolve the issue. No description of what's really causing the error.

I am using Broker/Plus to only join to objects from Aurion to AD, and not to provision (i.e. Outgoing Provisioning is disabled).  For a user in Aurion (with corresponding Locker record) where there is no corresponding AD record (i.e. the join criteria are not met for any existing AD adapter objects) the Link still reports an Outgoing Change for that object.

I have 7 Lockers:

I have four users in AD:

When I run a Baseline Synchronization on the AD Link, I see this:

Note that there are 7 Outgoing Changes, even though there are only 4 objects in the AD Adapter, and Provisioning is disabled so it should not be provisioning new ones.

Log file attached:

UnifyLog20190624.csv

In Broker/Plus, outgoing provisioning tasks are run even when the outgoing provisioning flag is disabled.

That task can be used for out of band provisioning operations.  Since the configuration flag only turns off object provisioning via the target adapter (and not any out-of-band provisioning activities that the task performs) the flag isn't as useful as it could be and the flag operates in a manner that may be contrary to user expectations.

When I run 'Request Schema' on the Broker/AD connector, the 'accessExpires' AD attribute does not appear.

How do I add this attribute to my connector so that I can synchronise it in Broker/Plus?

We are seeing unwanted/impacting behavioural variations in the IdB5 adapter data when compared with the legacy IdB4 adapter for the same JadeStar record.

When values are missing in the connector they are (correctly) not being surfaced in the IdB4 adapter, but are being surfaced as empty strings in IdB5.

Here is an example of the problem, as exposed for employee 500015 via LDP:

ld = ldap_open("localhost", 389);
Established connection to localhost.
Retrieving base DSA information...
Getting 1 entries:
Dn: (RootDSE)

-----------
res = ldap_simple_bind_s(ld, 'MIM_ReadWrite', <unavailable>); // v.3
Authenticated as: 'MIM_ReadWrite'.
-----------
Expanding base 'CN=500015,OU=JadeStar,DC=IdentityBroker'...
Matched DNs: CN=500015,OU=JadeStar,DC=IdentityBroker
Getting 1 entries:
Dn: CN=500015,OU=JadeStar,DC=IdentityBroker
CellphoneCountryCode: <ldp: binary="" blob="" 0="" bytes="">; 
CellphoneNumber: <ldp: binary="" blob="" 0="" bytes="">; 
CellphonePrefix: <ldp: binary="" blob="" 0="" bytes="">; 
DDiCountryCode: +64; 
DDiNumber: 222 4456; 
DDiPrefix: 4; 
DepartmentCode: 260526; 
DepartmentDescription: External Retail Network; 
DepartmentJadeCode: 1476; 
DeskNumber: <ldp: binary="" blob="" 0="" bytes="">; 
DivisionCode: SAS; 
DivisionDescription: Sales and Service; 
DivisionJadeCode: 30; 
DivisionSubCode: RETAIL CHANGE; 
DivisionSubDescription: Retail Change and Agencies; 
DivisionSubJadeCode: 225; 
EffectiveDate: 20190601000000.000Z; 
EmailAddress: <ldp: binary="" blob="" 0="" bytes="">; 
EmployeeNumber: 500015; 
EmployeeStatus: <ldp: binary="" blob="" 0="" bytes="">; 
EmployeeType: Temporary; 
EmploymentEndDate: 25000101000000.000Z; 
EmploymentStartDate: 20190601000000.000Z; 
ExpiryDate: 25000101000000.000Z; 
Extension: <ldp: binary="" blob="" 0="" bytes="">; 
FaxCountryCode: <ldp: binary="" blob="" 0="" bytes="">; 
FaxNumber: <ldp: binary="" blob="" 0="" bytes="">; 
FaxPrefix: <ldp: binary="" blob="" 0="" bytes="">; 
FirstName: Indiana; 
Function: <ldp: binary="" blob="" 0="" bytes="">; 
Initials: IM; 
JobFamily: <ldp: binary="" blob="" 0="" bytes="">; 
Level: <ldp: binary="" blob="" 0="" bytes="">; 
LocationCode: WN 20 Customhouse Quay; 
Manager: CN=852206,OU=JadeStar,DC=IdentityBroker; 
MiddleName: <ldp: binary="" blob="" 0="" bytes="">; 
objectClass: employee; 
OccupancyEndDate: 25000101000000.000Z; 
OccupancyStartDate: 20190601000000.000Z; 
OccupancyType: Std; 
OID: 7878.93689; 
OrganisationLevel: 0; 
OU: JadeStar; 
PositionCode: K2A-0012; 
PositionName: Agent Manager - Kiwibank Thorndon Sth; 
PositionOccupancyReportsToEmployee: 852206; 
PositionOccupancyReportsToName: Andrew Holford; 
PreferredName: Indiana; 
PrimaryOccupancyIndicator: TRUE; 
PrimaryPositionIndicator: FALSE; 
ReportsToEmployee: 852206; 
ReportsToName: Andrew Holford; 
ReportsToPositionCode: K2-4666; 
ReportsToPositionName: Commercial and Contracts Manager; 
StandardHoursFortnight: 80.00; 
subschemaSubentry: CN=JadeStar,cn=schema; 
Surname: Manager; 
TeamCode: EXT RETAIL NETWORK; 
TeamDescription: External Retail Network; 
TeamJadeCode: 10837; 
Title: <ldp: binary="" blob="" 0="" bytes="">; 
UserID: <ldp: binary="" blob="" 0="" bytes="">; 

-----------
</ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></ldp:></unavailable>

The above record shows "0 bytes" for a large number of attributes, as opposed to no value at all (NULL) which is what both myself and the legacy FIM rules extensions had expected.

The FIM data imported in LDIF format from IdB4, however, shows no data in these fields at all (i.e. correctly interpreting null values in the adapter).

dn: CN=500015
objectClass: person
IdBID: 65b70aac-4666-4396-9b95-0bcb33803c53
FaxCountryCode: 
EmailAddress: 
LocationCode: WN 20 Customhouse Quay
ReportsToEmployee: 852206
Initials: IM
DDiNumber: 222 4456
PreferredName: Indiana
EmployeeNumber: 500015
EmploymentStartDate: 2019-06-01T00:00:00.000
Extension: 
FaxNumber: 
ReportsToName: Andrew Holford
MiddleName: 
CellphonePrefix: 
FaxPrefix: 
EmployeeStatus: 
CellphoneCountryCode: 
OID: 7878.93689
Title: 
CellphoneNumber: 
DDiCountryCode: +64
Surname: Manager
FirstName: Indiana
DeskNumber: 
EmploymentEndDate: 2500-01-01T00:00:00.000
DDiPrefix: 4
UserID: 
EmployeeType: Temporary
DepartmentCode: 260526
DepartmentJadeCode: 1476
DivisionCode: SAS
DivisionJadeCode: 30
DivisionSubCode: RETAIL CHANGE
DivisionSubJadeCode: 225
OccupancyEndDate: 2500-01-01T00:00:00.000
OccupancyStartDate: 2019-06-01T00:00:00.000
OccupancyType: Std
PositionCode: K2A-0012
PrimaryOccupancyIndicator: True
PrimaryPositionIndicator: False
PositionOccupancyReportsToEmployee: 852206
PositionOccupancyReportsToName: Andrew Holford
StandardHoursFortnight: 80.00
TeamCode: EXT RETAIL NETWORK
TeamJadeCode: 10837
DepartmentDescription: External Retail Network
DivisionDescription: Sales and Service
DivisionSubDescription: Retail Change and Agencies
EffectiveDate: 2019-06-01T00:00:00.000
ExpiryDate: 2500-01-01T00:00:00.000
Function: 
JobFamily: 
Level: 
OrganisationLevel: 0
PositionName: Agent Manager - Kiwibank Thorndon Sth
ReportsToPositionCode: K2-4666
ReportsToPositionName: Commercial and Contracts Manager
TeamDescription: External Retail Network
Manager: CN=852206

Given the problematicdata includes fields such as CellphoneCountryCode from the base connector (i.e. untransformed), can the above behaviour be traced back to a problem with the IdB5 version of the JadeStar connector that can be easily corrected in the one place please?

TIA

I'm not sure that this is really a product issue but raising a ticket in case this has been encountered before. I've connected to a cloud instance of Aurion. The agent Test Connection returns correctly but when I try to import on the Person or Employee connectors, I get a schema validation warning with a warning in the error log "The entity <null> (GUID) in the connector Aurion Employee failed validation 1 times for the following reasons: EmployeeNumber is a required and is not present". Same thing on the person connector but I get it for PersonNumber. The query has been scoped to one user for testing. When we run the report in the Aurion App we can see the PersonNumber in the XML. I tried turning on the trace logging in the exe config but it's not outputting any files, is this because the connection is https? It seems the report is running but either has no data at all or the key field just isn't populated. Any ideas?

What do I need to do with a web service URL that is https? I'm assuming I'll need a certificate installed somewhere. Do I just need to install it to the machine where broker is running? Is there anything else I need to do to communicate over https?

I will attach the Extensibility files.  This used to work, but some configuration change has caused it to stop working now.  Reverting is not an option as there have been many changes and this project is under time constraints to deliver ASAP.

In my Broker/Plus environment (based on UNIFYAssure for Aurion) I am trying to synchronise the manager attribute to AD but seeing the following error:

My configuration has an Aurion connector/adapter -> Link -> Locker -> Link -> AD connector/adapter in a standard setup.

The Manager attribute in the Aurion adapter is calculated via a DN join:

Here's an example, looks correct.

I synchronise the Manager attribute from the Aurion Adapter to the Locker:

It looks correct in the Locker:

Then from the Locker to the AD Adapter:

Here's the AD Adapter configuration:

When I attempt a Baseline Synchronisation on the AD Link this is what I see, and the error above appears in the log file:

Can you please tell me what I need to do to get the synchronisation of the manager attribute to work correctly from the Locker to the AD Adapter?