Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Cannot upgrade IsB database - Duplicate key value
Upgrade from 5.1 to 5.2 failed with a SQL error so I elected to run the database update script manually. This is the error:
Msg 1505, Level 16, State 1, Line 1
The CREATE UNIQUE INDEX statement terminated because a duplicate key was found for the object name 'dbo.CollectionKey' and the index name 'DF_CollectionKey_Caption'. The duplicate key value is (HomePostCode).
Msg 1750, Level 16, State 0, Line 1
Could not create constraint. See previous errors.
The statement has been terminated.
I have both "HomePostCode" in a connector and "HomePostcode" (lower-case "c") in an adapter, and IdB did not prevent this happening. I'll rename one of them if I have to but am worried there might be others (lots of schema in this solution).
Shouldn't this script be using the attribute guids anyway?
Hi Carol
Turns out that, yes, the DF_CollectionKey_Caption constraint isn't actually required. If it was created in your database, go ahead and remove it. If it wasn't then no further action is required, the rest of the upgrade script will have executed correctly.
How to get user information from SAP in an MS SharePoint Workflow?
Approve so essentially I am making a Workflow BPMS in SharePoint and I need to get a client's data like his/her specialization, chief and so on into the work process.
The work process goes this way: If a worker wishes to arrange some stationary, he/she enters the work process by topping off a frame, which is sent to their chief (who's data originates from SAP HR module) and when affirmed goes to the general organization office.
Since SAP HR stores the parts of the clients and their associations, I need to have this data associated with my work process.
How might I accomplish this reconciliation?
Hi Elena,
We're not affiliated with Microsoft or SAP, nor do we provide support for their respective products.
If you have a question about our product set, please feel free to ask.
Thanks.
Accessing a multivalue String attribute
Been searching the doco and other Voice questions but I can't find this one - how do I access a multivalue string attribute in a PowerShell connector script?
I have tried $entity["attrib"].Values, but that doesn't work.
Using $entity["attrib"].Value seems to return a long string with all the values joined by semi-colons - at least that's how it gets written to the logger. I tried splitting on semi-colon but got "Method invocation failed because [Unify.Framework.StringValue] does not contain a method named "Split"."
It would be helpful if there were examples for different data types including multi-value on this page: https://voice.unifysolutions.net/knowledge-bases/7/articles/2912-powershell-connector-entities.
Hi Carol, Thanks for raising this.
When you use the indexing operator on an entity, you get an IValue object, which contains a Value member containing the raw .Net value for that field.
In the case of a multi-value, the raw .Net value will be a List<IValue> containing the individual values - you may then need to access the Value member of each of those to access the individual raw .Net values.
As an example, consider the following script, where MV is a multi-valued integer field.
foreach ($entity in $components.InputEntities) {
$values = $entity['MV'].Value; # List of IntegerValue
$logger.LogWarning($values.GetType()); # Logs System.Collections.Generic.List[Unify.Framework.IntegerValue]
$count = 0;
$values | % { $logger.LogWarning($_.GetType()); $count += $_.Value } # Logs Unify.Framework.IntegerValue and sums raw .Net integer values into $count
}Please let me know if this example clarifies this for you, and I'll update the documentation as you suggest.
Identity Broker - join transformation priority calculation for decimal types
I have a solution in which we are trying to select a "position" record for a given employee. The method that we a putting in is to check the position end date with the priority option within the join transformation. The timestamp type is not suitable because it would select the closest date not necessarily the further most, however I have access to the value in decimal format (see image)
However this appears to not be selecting the expected record, in this case the expected one is the lower record. Rather it is selecting the top record which seems contrary to the "largest value is selected" description of the priority.
Are you able to explain how IdB choose which record to join on when a decimal value is selected for priority?
The solution to issue that we were experiencing was to remove the priority selection and instead rely on using a rolling window filter set to type "Relevant". The description from the documentation: "A sliding date window which takes the first matching entity inside a window. If no entities can be found inside that window, the first entity after the window will be selected. If still no entities can be found, the first entity before the window will be selected." As seen Here.
AD Link shows outgoing sync successful but entities werent provisioned
No error in Log either:
20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter completed.
Synchronization job completed syncing 116 changes on the 'AD Link' link from the locker to adapter. Delayed: 0 Incomplete: 0 Denied: 0 Job ID: c5198353-498f-49ab-ad39-3f3ad154b57c Duration: 00:00:10.9188371",Normal
20180121,13:01:26,UNIFY Identity Broker,SyncEngine,Information,"Request to sync adapter to locker started.
Synchronization job started syncing 21057 changes on the 'AD Link' link from the adapter to locker. Job ID: 8ab397a7-93fc-484d-b25f-0f1faaa6e883",Normal
20180121,13:01:32,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine unscheduled started.
Change detection engine unscheduled for connector AD Users started.",Normal
Link shows ougoing sync all good:
AD User Connector shows no entity is saved. AD User Adapter shows no entity is added. Test Mode is disabled.
Failed to export to AD
I have the below error when trying to export to AD. It may be due to the exporting volume.
20180121,00:00:00,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20180121,00:16:39,UNIFY Identity Broker,Link,Error,"Request to sync changes on link failed.
Request to sync changes on link AD Link (4a76f3ba-6c07-4d9a-9f96-c7dc14fff2e6) in direction incoming failed with message Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. [Count:158178]. Duration: 00:16:54.0665482
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
at Unify.Product.Plus.LinkSynchronizer`2.<ProcessFilters>d__10.MoveNext()
at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:d630c91c-5b93-44fe-ad1a-8e0b6dc2d624
Error Number:-2,State:0,Class:11",Normal
20180121,00:16:39,UNIFY Identity Broker,SyncEngine,Information,"Request to sync locker to adapter errored.
Synchronization job failed syncing 158178 changes on the 'AD Link' link from the locker to adapter with the reason Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.. Job ID: acf66fc4-57f8-47ae-8baf-fd121dee8efa Duration: 00:16:54.0665482
Error details:
System.Data.SqlClient.SqlException (0x80131904): Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (0x80004005): The wait operation timed out
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TrySetMetaData(_SqlMetaDataSet metaData, Boolean moreInfo)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior)
at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
at System.Data.Linq.DataQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Framework.Data.LinqWhereQuery`5.GetEnumerator()
at Unify.Product.Plus.LinkSynchronizer`2.<ProcessFilters>d__10.MoveNext()
at Unify.Product.Plus.JoinExecutor`2.Execute(IEnumerable`1 sourceEntities, IQueryable`1 targetEntities)
at Unify.Product.Plus.LinkSynchronizer`2.JoinAndMap(IEnumerable`1 filterResult, IDictionary`2 changesDict)
at Unify.Product.Plus.Link.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Product.Plus.LinkAuditingDecorator.SynchronizeLockerChanges(IEnumerable`1 changes)
at Unify.Product.Plus.LockerToAdapterSynchronizationJob.RunBase()
at Unify.Product.Plus.SynchronizationJobExecutor.<ThreadAction>d__8.MoveNext()
ClientConnectionId:d630c91c-5b93-44fe-ad1a-8e0b6dc2d624
If you've been performing a large number of changes and importing fresh data, the database is likely requiring some maintenance. See https://voice.unifysolutions.net/forums/7-identity-broker-knowledge/topics/2936-identity-broker-database-recommendations/
Chris21 Writeback failed
Basically, Chris21 does not allow write null into 'detemailad' field but there is no mechanism in the connector to choose not to export null value (FIM does have this feature though). The error message:
20180119,23:59:52,UNIFY Identity Broker,Update,Error,"Chris 21
Exception occured after [00:00:00.7170553] duration.
System.IO.InvalidDataException: Result record has an invalid ""status"" attribute value.
status=""fail"" existing.
status=""ok"" expected. Line: GTR,F76U81 0 Y3661W25 5910 005U2YNI97 0 42:cbr=""DETupd"",detnumber=""506797"",detworkphone,detemailad,translation=""Ring A M"",dettitle=""Ms"",detsurname=""Ring"",detdatejnd=""2001-11-26"",detcontdat,detg1name1=""Anna"",detg1name2=""Marie-Jean"",detg1name3,detprefnm,detserdate=""2001-11-26"",detworkph,detbirdate=""1980-06-14"",detsex=""2"",detcntrynm=""1101"",detcitcd=""1101"",detcommence=""Z"",detmardate,detaltnbr,detbutton,detmarcd,detpaytype=""INB"",detusertag=""SHSSTEA"",detdatetag=""2015-08-27"",edegsuind=""Y"",detsupflag=""Q"",detwcsasrn,detmobile,detage=""0"",detservice=""0"",error01=""BRE085detemailad:Value may not be empty."",status=""fail""
Chris21 GTR returned no additional error messages.
at Unify.Product.IdentityBroker.Chris21Agent.CheckStatusAttribute(IChris21CommandLine chris21GtrCommandLine)
at Unify.Product.IdentityBroker.Chris21Agent.StandardResultCheck(IChris21Record resultRecord, String module, IChris21ConnectorInformation connectorRequest)
at Unify.Product.IdentityBroker.Chris21Agent.<Update>d__1a.MoveNext()",Normal
20180119,23:59:52,UNIFY Identity Broker,UpdateEntity,Error,"Chris 21
Exception occured after [00:00:00.7170553] duration.
Hi Huu,
Upgrading may resolve this issue - the latest release includes a fix where entities were being "updated" (with no changes) in upstream systems even if no values were changed. With the latest version, the solution will not attempt to export changes for entities when their email hasn't changed.
Viewing changes in IDB Plus
It would be very useful to view the changes that are going to happen to verify data transformation.
Hi Huu,
Great idea, I've added this as an item to the backlog.
Google User Settings - Delete SendAs Address
I am getting an error using the Google User Settings connector. The error occurs when deleting a custom SendAs address which was previously added using the connector.
Example
DN: CN=gsurname@email.com,OU=GmailSettings,DC=IdentityBroker
SendAs Unchanged: <SendAs name="""" address=""gsurname@email.com"" replyTo="""" signature="""" default=""false"" />
SendAs Unchanged: <SendAs name=""Givenname Surname"" address=""gsurname@email2.com"" replyTo="""" signature="""" default=""true"" />
SendAs Delete: <SendAs name=""Givenname Surname"" address=""gsurname@email3.com"" replyTo="""" signature="""" default=""false"" />
Error Message
System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
at Unify.Product.IdentityBroker.UserSettingsEntityMapper.MapEntity(IEntity originalEntity, IConnectorEntity exportedEntity)
at Unify.Product.IdentityBroker.GoogleUserSettingsConnector.<>c__DisplayClass20_0.<UpdateEntities>b__4(IConnectorEntity entity)
at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.GoogleUserSettingsConnector.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
at Unify.Product.IdentityBroker.AuditUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
Now that I'm looking at it, name is probably a bad key for the list of send-as (I don't recall making the decision when originally developing it). Shall I give you a patch that uses the email address instead, try to save you going through that fun?
Allow configuration of Search Scope for Active Directory connector
From How to filter sub-OUs in AD connector, it would be nice if you could configure the search scope for the Active Directory connector, which is currently hard-coded to Subtree.
Customer support service by UserEcho
