Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Accessing a multivalue String attribute

Carol Wapshere 7 years ago in PowerShell connector updated by Curtis Lusmore 7 years ago 3

Been searching the doco and other Voice questions but I can't find this one - how do I access a multivalue string attribute in a PowerShell connector script?

I have tried $entity["attrib"].Values, but that doesn't work.

Using $entity["attrib"].Value seems to return a long string with all the values joined by semi-colons - at least that's how it gets written to the logger. I tried splitting on semi-colon but got "Method invocation failed because [Unify.Framework.StringValue] does not contain a method named "Split"."

It would be helpful if there were examples for different data types including multi-value on this page: https://voice.unifysolutions.net/knowledge-bases/7/articles/2912-powershell-connector-entities.

Answer
Curtis Lusmore 7 years ago

Hi Carol, Thanks for raising this.

When you use the indexing operator on an entity, you get an IValue object, which contains a Value member containing the raw .Net value for that field.

In the case of a multi-value, the raw .Net value will be a List<IValue> containing the individual values - you may then need to access the Value member of each of those to access the individual raw .Net values.

As an example, consider the following script, where MV is a multi-valued integer field.

foreach ($entity in $components.InputEntities) {
    $values = $entity['MV'].Value; # List of IntegerValue
    $logger.LogWarning($values.GetType()); # Logs System.Collections.Generic.List[Unify.Framework.IntegerValue]
    $count = 0;
    $values | % { $logger.LogWarning($_.GetType()); $count += $_.Value } # Logs Unify.Framework.IntegerValue and sums raw .Net integer values into $count
}

Please let me know if this example clarifies this for you, and I'll update the documentation as you suggest.

0
Answered

Identity Broker - join transformation priority calculation for decimal types

Matthew Dayne 7 years ago updated 7 years ago 8

I have a solution in which we are trying to select a "position" record for a given employee. The method that we a putting in is to check the position end date with the priority option within the join transformation. The timestamp type is not suitable because it would select the closest date not necessarily the further most, however I have access to the value in decimal format (see image)

Image 4725

However this appears to not be selecting the expected record, in this case the expected one is the lower record. Rather it is selecting the top record which seems contrary to the "largest value is selected" description of the priority.

Are you able to explain how IdB choose which record to join on when a decimal value is selected for priority?

Answer
Curtis Lusmore 7 years ago

The solution to issue that we were experiencing was to remove the priority selection and instead rely on using a rolling window filter set to type "Relevant". The description from the documentation: "A sliding date window which takes the first matching entity inside a window. If no entities can be found inside that window, the first entity after the window will be selected. If still no entities can be found, the first entity before the window will be selected." As seen Here.

0
Not a bug

AD Link shows outgoing sync successful but entities werent provisioned

Huu Tran 7 years ago in UNIFYBroker/Plus updated by Adam van Vliet 7 years ago 21

No error in Log either:

20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter completed.
Synchronization job completed syncing 116 changes on the 'AD Link' link from the locker to adapter. Delayed: 0 Incomplete: 0 Denied: 0 Job ID: c5198353-498f-49ab-ad39-3f3ad154b57c Duration: 00:00:10.9188371",Normal
20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync adapter to locker started.
Synchronization job started syncing 21057 changes on the 'AD Link' link from the adapter to locker. Job ID: 8ab397a7-93fc-484d-b25f-0f1faaa6e883",Normal
20180121,13:01:32,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine unscheduled started.
Change detection engine unscheduled for connector AD Users started.",Normal

Link shows ougoing sync all good:




Image 4698



AD User Connector shows no entity is saved. AD User Adapter shows no entity is added. Test Mode is disabled.

0
Not a bug

Failed to export to AD

Huu Tran 7 years ago in UNIFYBroker/Plus updated by Adam van Vliet 7 years ago 1

I have the below error when trying to export to AD. It may be due to the exporting volume.


20180121,00:00:00,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20180121,00:16:39,UNIFY Identity Broker,Link,Error,"Request to sync changes on link failed.
Request to sync changes on link AD Link (4a76f3ba-6c07-4d9a-9f96-c7dc14fff2e6) in direction incoming failed with message Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding. [Count:158178]. Duration: 00:16:54.0665482
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
   at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
   at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
   at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
   at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
   at Unify.Product.Plus.LinkSynchronizer`2.<ProcessFilters>d__10.MoveNext()
   at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
   at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
   at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
   at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
   at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
   at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
   at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:d630c91c-5b93-44fe-ad1a-8e0b6dc2d624
Error Number:-2,State:0,Class:11",Normal
20180121,00:16:39,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter errored.
Synchronization job failed syncing 158178 changes on the 'AD Link' link from the locker to adapter with the reason Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.. Job ID: acf66fc4-57f8-47ae-8baf-fd121dee8efa Duration: 00:16:54.0665482
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
   at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
   at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
   at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
   at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
   at Unify.Product.Plus.LinkSynchronizer`2.<ProcessFilters>d__10.MoveNext()
   at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
   at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
   at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
   at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
   at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
   at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
   at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:d630c91c-5b93-44fe-ad1a-8e0b6dc2d624

Answer
Adam van Vliet 7 years ago

If you've been performing a large number of changes and importing fresh data, the database is likely requiring some maintenance. See https://voice.unifysolutions.net/forums/7-identity-broker-knowledge/topics/2936-identity-broker-database-recommendations/

0
Answered

Chris21 Writeback failed

Huu Tran 7 years ago in UNIFYBroker/Frontier ichris/chris21 updated 7 years ago 24

Basically, Chris21 does not allow write null into 'detemailad' field but there is no mechanism in the connector to choose not to export null value (FIM does have this feature though). The error message:


20180119,23:59:52,UNIFY Identity Broker,Update,Error,"Chris 21
Exception occured after [00:00:00.7170553] duration.

System.IO.InvalidDataException: Result record has an invalid ""status"" attribute value.

status=""fail"" existing.
status=""ok"" expected. Line: GTR,F76U81 0    Y3661W25     5910 005U2YNI97 0 42:cbr=""DETupd"",detnumber=""506797"",detworkphone,detemailad,translation=""Ring A M"",dettitle=""Ms"",detsurname=""Ring"",detdatejnd=""2001-11-26"",detcontdat,detg1name1=""Anna"",detg1name2=""Marie-Jean"",detg1name3,detprefnm,detserdate=""2001-11-26"",detworkph,detbirdate=""1980-06-14"",detsex=""2"",detcntrynm=""1101"",detcitcd=""1101"",detcommence=""Z"",detmardate,detaltnbr,detbutton,detmarcd,detpaytype=""INB"",detusertag=""SHSSTEA"",detdatetag=""2015-08-27"",edegsuind=""Y"",detsupflag=""Q"",detwcsasrn,detmobile,detage=""0"",detservice=""0"",error01=""BRE085detemailad:Value may not be empty."",status=""fail""

Chris21 GTR returned no additional error messages.
   at Unify.Product.IdentityBroker.Chris21Agent.CheckStatusAttribute(IChris21CommandLine chris21GtrCommandLine)
   at Unify.Product.IdentityBroker.Chris21Agent.StandardResultCheck(IChris21Record resultRecord, String module, IChris21ConnectorInformation connectorRequest)
   at Unify.Product.IdentityBroker.Chris21Agent.<Update>d__1a.MoveNext()",Normal
20180119,23:59:52,UNIFY Identity Broker,UpdateEntity,Error,"Chris 21
Exception occured after [00:00:00.7170553] duration.

Answer
Adam van Vliet 7 years ago

Hi Huu,

Upgrading may resolve this issue - the latest release includes a fix where entities were being "updated" (with no changes) in upstream systems even if no values were changed. With the latest version, the solution will not attempt to export changes for entities when their email hasn't changed.

0
Completed

Viewing changes in IDB Plus

Huu Tran 7 years ago in UNIFYBroker/Plus updated by Beau Harrison (Senior Product Software Engineer) 6 years ago 3

It would be very useful to view the changes that are going to happen to verify data transformation.

Image 4697

Answer

Hi Huu,

Great idea, I've added this as an item to the backlog.

0
Fixed

Google User Settings - Delete SendAs Address

Boyd Bostock 7 years ago in UNIFYBroker/Google Apps updated by Adam van Vliet 7 years ago 11

I am getting an error using the Google User Settings connector. The error occurs when deleting a custom SendAs address which was previously added using the connector.

Example

DN: CN=gsurname@email.com,OU=GmailSettings,DC=IdentityBroker

SendAs Unchanged: <SendAs name="""" address=""gsurname@email.com"" replyTo="""" signature="""" default=""false"" />

SendAs Unchanged: <SendAs name=""Givenname Surname"" address=""gsurname@email2.com"" replyTo="""" signature="""" default=""true"" />

SendAs Delete: <SendAs name=""Givenname Surname"" address=""gsurname@email3.com"" replyTo="""" signature="""" default=""false"" />

Error Message

System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.UserSettingsEntityMapper.MapEntity(IEntity originalEntity, IConnectorEntity exportedEntity)
   at Unify.Product.IdentityBroker.GoogleUserSettingsConnector.<>c__DisplayClass20_0.<UpdateEntities>b__4(IConnectorEntity entity)
   at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
   at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
   at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
   at Unify.Product.IdentityBroker.GoogleUserSettingsConnector.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.AuditUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)


Answer
Adam van Vliet 7 years ago

Now that I'm looking at it, name is probably a bad key for the list of send-as (I don't recall making the decision when originally developing it). Shall I give you a patch that uses the email address instead, try to save you going through that fun?

0
Completed

Allow configuration of Search Scope for Active Directory connector

From How to filter sub-OUs in AD connector, it would be nice if you could configure the search scope for the Active Directory connector, which is currently hard-coded to Subtree.

0
Answered

how to map Date to Timestamp from Adapter to Locker

Huu Tran 7 years ago in UNIFYBroker/Plus updated by Curtis Lusmore 7 years ago 3

An vice versa? Is there any built in transformation or is has to be done by powershell task?

Answer
Curtis Lusmore 7 years ago

Hi Huu,

There is currently no way to do this directly. As you suggest, you could use a PowerShell task in the Synchronization stage to apply the mapping, or alternatively you could use a Time Offset Transformation in the adapter to generate a Timestamp field. We may look at easier ways to accomplish type conversions in the future, but it would more likely be by converting the type in an adapter transformation.

Out of curiosity, what is the use case?

0
Answered

Deletion of partition "DC=IdentityBroker"

Carol Wapshere 7 years ago in UNIFYBroker/Microsoft Identity Manager updated by Curtis Lusmore 7 years ago 1

I have installed IdB 5.2.0.1 on a new Dev server and migrated the config from Production, which has IdB 5.0.4. I created the LDAP gateway and got the MA imported - however when I tried to make any changes to the MA I got a warning that it was going to delete the partitions "DC=IdentityBroker" (previously selected) and "cn=schema" (previously un-selected).

After backing up the MA I let it delete the partitions, and so far everything looks fine - I can run a Full Import and data was imported from the adapters.

So this is just a sanity check - was letting MIM delete that partition from the MA the right thing to do?

Answer
Curtis Lusmore 7 years ago

Hi Carol,

We changed the way the MIM MA retrieves partitions. It previously used the entries defined in the naming context of the root DSE, but it now uses the OUs underneath DC=IdentityBroker. This was to prevent using DC=IdentityBroker as a partition, as importing from DC=IdentityBroker involves querying multiple adapters and this proved problematic.

I don't believe that the deletion of those partitions should affect your solution, but if you do notice any problems please update this ticket.