I do not want to give more permission than that is needed (i.e. no Domain Admin right). Hence please advise the minimal AD delegate rights that the UNIFYBroker service account requires to:

- Create new users

- Modify attribute of an existing users

- Move users from one OU to another

- Suspend/activate an user (userAccountControl)

- Set initial password and set users must change password in the next logon

- Reset/ change password for an existing user

Thanks

UNIFYBroker v5.3.1

Aurion API Connector v5.3.0

MIM 2016SP1 - 4.4.1749.0

Problem:

I have an 'Aurion Person' adapter and an 'Aurion ESS' adapter - each with an attribute called PersonNumber.

In 'Aurion Person' the attribute is read-only, in 'Aurion ESS' the attribute is not read-only.

Broker settings - Single Schema mode is false.

When I create the Aurion ESS Management Agent in MIM and attempt to setup an export attribute flow to  PersonNumber, MIM reports that the attribute is read-only.

It makes no difference if I create the ESS management agent before the Person management agent (even in a vanilla MIM database).

If I apply a rename transform to the PersonNumber in the ESS adapter I am able to setup an export attribute flow to the renamed attribute (i.e., ESSPersonNumber).

Question: 

Is it a specific requirement for Broker to maintain unique attribute names throughout different adapters? 

UNIFYBroker v5.3.1

Aurion API Connector v5.3.0

After resolving an issue with the connector as per https://voice.unifysolutions.net/communities/6/topics/2460-aurion-security-user-update-user_match_value-expected (to resolve USER_MATCH_VALUE expected error), the MIM Aurion ESS Management agent is now experiencing an error only on a Delta Import step. Full Import and Export are working.

Have tried clearing entities from the connector and running Import All, generate changes, and have deleted the connector space from the Aurion ESS management agent then run Full Import/Full Sync.

Error message from MIM is:

The extensible extension returned an unsupported error.
 The stack trace is:
 
 "Unify.Product.IdentityBroker.LdapOperationException: The server forcefully terminated the connection with the following reason: Internal Server Error #11: System.Exception: A task faulted. See inner exception for details. ---> System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.CachedAdapterContext.GetEntitiesByKeyValues(IEnumerable`1 values)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_3.<NormalSearch>b__3(IGrouping`2 group)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_2.<NormalSearch>b__1()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.EntryUuidAttributeValue(IChangeLogItem sourceValue, IDictionary`2 partialAttributes)
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.Transform(IChangeLogItem sourceValue)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<NormalSearch>d__9.MoveNext()
   at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
   at Unify.Product.IdentityBroker.LDAPEngineExtensions.<TakeFromEnumerator>d__1`1.MoveNext()
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<FinalizeSearchResults>d__12.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<HandleRequest>d__4.MoveNext()
   --- End of inner exception stack trace ---
   at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__35.MoveNext() - Result Code: Other ---> Unify.Product.IdentityBroker.LdapServerException: The server forcefully terminated the connection with the following reason: Internal Server Error #11: System.Exception: A task faulted. See inner exception for details. ---> System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.CachedAdapterContext.GetEntitiesByKeyValues(IEnumerable`1 values)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_3.<NormalSearch>b__3(IGrouping`2 group)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_2.<NormalSearch>b__1()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.EntryUuidAttributeValue(IChangeLogItem sourceValue, IDictionary`2 partialAttributes)
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.Transform(IChangeLogItem sourceValue)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<NormalSearch>d__9.MoveNext()
   at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
   at Unify.Product.IdentityBroker.LDAPEngineExtensions.<TakeFromEnumerator>d__1`1.MoveNext()
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<FinalizeSearchResults>d__12.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<HandleRequest>d__4.MoveNext()
   --- End of inner exception stack trace ---
   at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__35.MoveNext() - Result Code: Other
   at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
   at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   --- End of inner exception stack trace ---
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__8.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__30.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__17`2.MoveNext()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__17`2.MoveNext()
   at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
   at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
   at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1749.0"

Refer to few thousand of repeating error in the log\

20180803,05:38:08,UNIFY Identity Broker,Connector,Warning,"Update entities to connector failed.
Update entities [Count:3215] to connector AD Users failed with reason Received error code EntryAlreadyExists for item with dn CN=redacted,DC=au. Message: 00002071: UpdErr: DSID-031B0B87, problem 6005 (ENTRY_EXISTS), data 0
. Duration: 00:00:09.5226690
Error details:
System.Exception: Received error code EntryAlreadyExists for item with dn CN=redacted,DC=au. Message: 00002071: UpdErr: DSID-031B0B87, problem 6005 (ENTRY_EXISTS), data 0
 ---> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
Server stack trace: 
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at [0]: 
   at System.DirectoryServices.Protocols.LdapConnection.EndSendRequest(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
   --- End of inner exception stack trace ---
   at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Unify.Product.IdentityBroker.EventNotifierUpdatingAsyncConnectorDecorator.<UpdateEntitiesAsync>d__3.MoveNext()",Normal
20180803,05:38:08,UNIFY Identity Broker,EntitySaver,Error,"The entity 546564 (e5b5ef1a-46df-4751-9878-e3a8e8fff5c8) for the adapter AD User Adapter (9f73e5e5-30df-4142-b850-db3e31f0a931) failed to update for the following reasons: Received error code EntryAlreadyExists for item with dn CN=redacted,DC=au. Message: 00002071: UpdErr: DSID-031B0B87, problem 6005 (ENTRY_EXISTS), data 0
",Normal
20180803,05:38:08,UNIFY Identity Broker,EntitySaver,Error,"The entity 603085 (b108073b-e6f1-4ffb-8d9b-02c23f7c1efa) for the adapter AD User Adapter (9f73e5e5-30df-4142-b850-db3e31f0a931) failed to update for the following reasons: Received error code EntryAlreadyExists for item with dn CN=redacted,DC=au. Message: 00002071: UpdErr: DSID-031B0B87, problem 6005 (ENTRY_EXISTS), data 0
",Normal

I was reading through the migration guide and it didn't mention the circumstance I'm in.

Are there any considerations that need to be made regarding the database's data when migrating between environments causes an adapter to be removed? As in does UNIFY Broker have the ability to detect that an adapter and connector has been removed and delete the entities that were in it from the database when you're migrating by replacing the extensibility folder?

Error:

20180802,13:57:12,UNIFY Identity Broker,EntitySaver,Error,"The entity 603474 (6cd1989f-bfe8-4f1e-adb6-004af8cea53f) for the adapter AD User Adapter (9f73e5e5-30df-4142-b850-db3e31f0a931) failed to update for the following reasons: Received error code InvalidAttributeSyntax for item with dn CN=redacted,DC=au. Message: 00000057: LdapErr: DSID-0C090BD1, comment: Error in attribute conversion operation, data 0, v1772",Normal

It happens to both Add and Update. However, I changed Outgoing Filter to update only one user and AD Link only update 3 fields: company, department, title. The error still happens ...

TestHarness to CSV file works well ...

Attempting to post the following to AddSCIMGateway

{

"DisplayName":"SCIM Gateway",

"Comment":"",

"Extended":{

"Address":"http://40.118.23.253:59991/IdentityBroker",

"Audience":"",

"Tenant":"https://unifyb2cworkshop.onmicrosoft.com/",

"UserIdLookupField":"upn",

"UsersMappings":{

"AdapterId":"df97e04e-4d4c-475e-bf89-8a6c3f1b66d3",

"Mappings":{}

},

"GroupsMappings":{

"AdapterId":"e7db372f-a14d-4fdc-909b-2406b8b3f874",

"Mappings":{}}

}

}

Receive the following Error Response. Thanks in advance!

{
  "Message": "An error has occurred.",
  "ExceptionMessage": "Response status code does not indicate success: 404 (Not Found).",
  "ExceptionType": "System.Net.Http.HttpRequestException",
  "StackTrace": "   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()\r\n   at Microsoft.Owin.Security.ActiveDirectory.WsFedMetadataRetriever.GetSigningKeys(String metadataEndpoint, TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)\r\n   at Microsoft.Owin.Security.ActiveDirectory.WsFedCachingSecurityTokenProvider.RetrieveMetadata()\r\n   at Microsoft.Owin.Security.ActiveDirectory.WsFedCachingSecurityTokenProvider..ctor(String metadataEndpoint, ICertificateValidator backchannelCertificateValidator, TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)\r\n   at Owin.WindowsAzureActiveDirectoryBearerAuthenticationExtensions.UseWindowsAzureActiveDirectoryBearerAuthentication(IAppBuilder app, WindowsAzureActiveDirectoryBearerAuthenticationOptions options)\r\n   at Microsoft.SystemForCrossDomainIdentityManagement.WebApplicationStarter.ConfigureApplication(IAppBuilder applicationBuilder)\r\n   at Microsoft.Owin.Hosting.Engine.HostingEngine.Start(StartContext context)\r\n   at Microsoft.SystemForCrossDomainIdentityManagement.Service.Start(Uri baseAddress)\r\n   at Unify.Product.IdentityBroker.SCIMGateway.StartGateway()\r\n   at Unify.Product.IdentityBroker.GatewayBase.Start()\r\n   at Unify.Product.IdentityBroker.GatewayNotifierDecorator.Start()\r\n   at Unify.Product.IdentityBroker.GatewayRepository.AddAndStart(IOperationalGateway gateway)\r\n   at Unify.Product.IdentityBroker.GatewayEngine.<>c__DisplayClass31_0.<ConfigurationChange>b__0()\r\n   at Unify.Framework.ExtensionMethods.WaitOnMutex(Mutex mutex, Action work)\r\n   at Unify.Framework.Notification.NotifierDecoratorBase.Notify(ITaskNotificationFactory notificationFactory, Action action)\r\n   at Unify.Product.IdentityBroker.GatewayEngineNotifierDecorator.Add(IGatewayConfiguration gateway)\r\n   at Unify.Product.IdentityBroker.GatewayEngineAuditingDecorator.Add(IGatewayConfiguration gateway)\r\n   at Unify.Product.IdentityBroker.GatewayController.InnerAddGateway[T](GatewayApiInformation`1 gatewayInformation, Guid gatewayId, XElement extended)\r\n   at Unify.Product.IdentityBroker.GatewayController.AddSCIMGateway(SCIMGatewayApiInformation gatewayInformation)\r\n   at lambda_method(Closure , Object , Object[] )\r\n   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)\r\n   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()"
}

When attempting to connect to the LDAP gateway from One Identity's LDAP connector, One Identity is throwing an error regarding it:

2018-07-13 00:50:51.1156 FATAL UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Error parsing condition.
syntax error!
Value "" was found, but one of the following values expected.

Unfortunately it's not a very helpful error.

The full logs of what One Identity is doing are as follows:

2018-07-13 00:50:46.7972 TRACE UFY-1IM-WEB01\UFYAdmin (SqlLog ) : -- Connection 1 switched from Working to Available 
2018-07-13 00:50:50.8968 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Simple LdapSearch BaseDN: '', SearchScope: 'Base', Filter: '(objectclass=*)', RequestAttributes: 'subschemaSubentry' 
2018-07-13 00:50:50.9594 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : LdapSearchResult code: 'Success' entries: '1' 
2018-07-13 00:50:50.9594 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Schema DN is 'cn=schema' 
2018-07-13 00:50:50.9594 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Simple LdapSearch BaseDN: 'cn=schema', SearchScope: 'Base', Filter: '(objectclass=*)', RequestAttributes: 'ldapSyntaxes,attributeTypes,matchingRules,matchingRuleUse,objectClasses' 
2018-07-13 00:50:51.0062 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Got 16 elements of type 'ldapsyntaxes' 
2018-07-13 00:50:51.0843 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Got 34 elements of type 'matchingrules' 
2018-07-13 00:50:51.1156 FATAL UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Error parsing condition.
syntax error!
Value "" was found, but one of the following values expected.

In the logs, we can see that it's requesting certain attributes from Broker:

'ldapSyntaxes,attributeTypes,matchingRules,matchingRuleUse,objectClasses'

And this can also be seen from a wireshark trace:

But when Broker responds, we're only sending back 4 attributes:

I'm unsure if that's the cause of the issue, as One Identity doesn't provide any more information regarding the connection. But it's the only discrepancy that I can see.

The pcap file is also attached for reference.

Output.pcap

When generating a DN with a non-keyed field in an adapter, if duplicate DNs are generated, a reflection error is thrown regarding the duplicate.

However, if the DN field being used has case-insensitive duplicates, reflection runs without issues, but an error is thrown on the LDAP gateway while attempting to perform a delta import:

An error occurred for gateway LDAP Gateway (6210ccad-9e16-419e-85aa-b3bf94bfacfd) on client from 127.0.0.1:56636. More details:
Internal Server Error #11: System.Exception: A task faulted. See inner exception for details. ---> System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
at Unify.Product.IdentityBroker.CachedAdapterContext.GetEntitiesByKeyValues(IEnumerable`1 values)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_3.<normalsearch>b__3(IGrouping`2 group)
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_2.<normalsearch>b__1()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.EntryUuidAttributeValue(IChangeLogItem sourceValue, IDictionary`2 partialAttributes)
at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.Transform(IChangeLogItem sourceValue)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<normalsearch>d__9.MoveNext()
at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
at Unify.Product.IdentityBroker.LDAPEngineExtensions.<takefromenumerator>d__1`1.MoveNext()
at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<finalizesearchresults>d__12.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<handlerequest>d__4.MoveNext()
--- End of inner exception stack trace ---
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<taskcontinuewithexceptionpassthough>b__0(Task t)
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.LDAPConnection.<respondtomessageasync>d__35.MoveNext()</respondtomessageasync></taskcontinuewithexceptionpassthough></handlerequest></finalizesearchresults></takefromenumerator></normalsearch></normalsearch></normalsearch>

It would be good if, upon DN generation, a case-insensitive comparison was done to ensure that no duplicates are present (since case sensitive DN's are not treated as different objects in consuming LDAP applications).

Service will not run in a Windows Kubernetes container without this capability