When attempting to connect to the LDAP gateway from One Identity's LDAP connector, One Identity is throwing an error regarding it:

2018-07-13 00:50:51.1156 FATAL UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Error parsing condition.
syntax error!
Value "" was found, but one of the following values expected.

Unfortunately it's not a very helpful error.

The full logs of what One Identity is doing are as follows:

2018-07-13 00:50:46.7972 TRACE UFY-1IM-WEB01\UFYAdmin (SqlLog ) : -- Connection 1 switched from Working to Available 
2018-07-13 00:50:50.8968 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Simple LdapSearch BaseDN: '', SearchScope: 'Base', Filter: '(objectclass=*)', RequestAttributes: 'subschemaSubentry' 
2018-07-13 00:50:50.9594 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : LdapSearchResult code: 'Success' entries: '1' 
2018-07-13 00:50:50.9594 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Schema DN is 'cn=schema' 
2018-07-13 00:50:50.9594 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Simple LdapSearch BaseDN: 'cn=schema', SearchScope: 'Base', Filter: '(objectclass=*)', RequestAttributes: 'ldapSyntaxes,attributeTypes,matchingRules,matchingRuleUse,objectClasses' 
2018-07-13 00:50:51.0062 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Got 16 elements of type 'ldapsyntaxes' 
2018-07-13 00:50:51.0843 TRACE UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Got 34 elements of type 'matchingrules' 
2018-07-13 00:50:51.1156 FATAL UFY-1IM-WEB01\UFYAdmin (SystemConnector ) : Error parsing condition.
syntax error!
Value "" was found, but one of the following values expected.

In the logs, we can see that it's requesting certain attributes from Broker:

'ldapSyntaxes,attributeTypes,matchingRules,matchingRuleUse,objectClasses'

And this can also be seen from a wireshark trace:

But when Broker responds, we're only sending back 4 attributes:

I'm unsure if that's the cause of the issue, as One Identity doesn't provide any more information regarding the connection. But it's the only discrepancy that I can see.

The pcap file is also attached for reference.

Output.pcap

When generating a DN with a non-keyed field in an adapter, if duplicate DNs are generated, a reflection error is thrown regarding the duplicate.

However, if the DN field being used has case-insensitive duplicates, reflection runs without issues, but an error is thrown on the LDAP gateway while attempting to perform a delta import:

An error occurred for gateway LDAP Gateway (6210ccad-9e16-419e-85aa-b3bf94bfacfd) on client from 127.0.0.1:56636. More details:
Internal Server Error #11: System.Exception: A task faulted. See inner exception for details. ---> System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
at Unify.Product.IdentityBroker.CachedAdapterContext.GetEntitiesByKeyValues(IEnumerable`1 values)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_3.<normalsearch>b__3(IGrouping`2 group)
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_2.<normalsearch>b__1()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.EntryUuidAttributeValue(IChangeLogItem sourceValue, IDictionary`2 partialAttributes)
at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.Transform(IChangeLogItem sourceValue)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<normalsearch>d__9.MoveNext()
at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
at Unify.Product.IdentityBroker.LDAPEngineExtensions.<takefromenumerator>d__1`1.MoveNext()
at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<finalizesearchresults>d__12.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<handlerequest>d__4.MoveNext()
--- End of inner exception stack trace ---
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<taskcontinuewithexceptionpassthough>b__0(Task t)
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.LDAPConnection.<respondtomessageasync>d__35.MoveNext()</respondtomessageasync></taskcontinuewithexceptionpassthough></handlerequest></finalizesearchresults></takefromenumerator></normalsearch></normalsearch></normalsearch>

It would be good if, upon DN generation, a case-insensitive comparison was done to ensure that no duplicates are present (since case sensitive DN's are not treated as different objects in consuming LDAP applications).

Service will not run in a Windows Kubernetes container without this capability

Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml

Hi,

I need some help with 2 items : time offset and sliding date window in IdB Adapter transformations for a customer. They have chris21 as the source system.

IdB version: 4.1

Q1: Sliding Date Window

When an employee starts on a new position from a specific date (i.e 05 June 2018) the data flows in the connector and the data transformation is applied a day earlier(i.e on 04th June 2018). The implication is the job title is changed the day before the correct date. the customer wants to know whats wrong.

The transformation as configured: 

Q2: Time offset

When a user is terminated in chris21, he gets a termdate set and a simple transformation is applied to set the terminated flag as "True"/"False". But for example if a user has term date is 02 july 2018, by logic, it should add 24 hrs and set terminated flag to "true" 03 july 2018 midnight, but the terminated flag is set to "true" only around mid next day(i.e 04 july 2018 midday). Need some help fixing this issue.

Please help me to know where the issue is, thanks. really appreciate and thanks in advance

I have attached the Adapter xml, if you want for reference. Thanks.

Group ID's are being duplicated on connectors when modifying group membership, and not being removed on deletion.

Reproduction steps:

1. Create multiple connectors
2. Create connector group
3. Add a few connectors to group. Save group
   1. At this point, note the configuration file adds the group ID to the connector configs
4. Modify group again, adding another connector
   
   1. At this point, note that the original connectors added to the group now have two entries for group ID in the connector config. The new connector has one entry for group ID.
5. Modify group again, removing one of the original connectors
   1. At this point, note that only one of the ID's is removed from the configuration
6. Modify group again
   1. At this point, note that the connector removed in the previous step is still marked as being a member of the group
7. Delete group
   1. At this point, note that group ID's do not get removed from the connector configuration.

When attempting to create and save a join transformation, the following error presents when attempting to save the transform without any attributes mapped:

If I edit the configuration to remove the mappings, the transformation performs as expected, which confirms that they are not actually required by the service.
The transformation should let you configure and save without any mapped attributes.

As per the documentation ( https://voice.unifysolutions.net/knowledge-bases/7/articles/2873-adapter-overview ), a change in the DN template for an adapter, should generate a warning for clearing precalculated entities and generating changes again to ensure entities are updated appropriately. 

There appears to be a bug in 5.3.1, where changing the DN template does not generate a warning on the UI or in the logs. 

It would be good if the warning could be also generated for a change in the adapter object class or container name, if appropriate.

When a date field is configured on a connector / adapter in UNIFYBroker, it displays in the entity view table in a friendly format (such as 04/Jul/2014). However, when exposed into a PowerShell transformation or downstream, it is exposed in a different format (2014-07-04T00:00:00.000)

This is also true for the Timestamp field, which displays in the entity view table as something like 04/07/2014 12:00:00 AM

It would be good if you could see the raw date format as exposed by the gateways, as well as a formatted date for easier reading.

It would also be good to get some consistency across the formats that are displayed in the entity view tables.

<img alt="Unify.Connectors.CSV - The CSV connector allows for manipulation of a source CSV file. Useful for solution testing." class="AutoThumbnail" src="1b175bc1-da20-4064-9d74-d43e5744931f.connector" style="vertical-align: middle;" title="Unify.Connectors.CSV - The CSV connector allows for manipulation of a source CSV file. Useful for solution testing.">

Only fixes when you go into "edit connector" and "save". Saves successfully and shows the correct image after (even if the csv file still doesn't exist).

On installing UNIFYBroker with the database server being remote, the following is logged by the installer:

CreateDatabase:  Error 0x80004005: failed to create to database: 'UnifyIdentityBroker', error: unknown error
MSI (s) (2C!88) [11:12:22:654]: Product: UNIFYBroker/Service v5.3.1 RC1 -- Error 26201. Error -2147467259: failed to create SQL database: UnifyIdentityBroker, error detail: unknown error.

Error 26201. Error -2147467259: failed to create SQL database: UnifyIdentityBroker, error detail: unknown error.
CustomAction CreateDatabase returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)