Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

  1. Forum: UNIFYBroker Forum
0
Answered

how to map Date to Timestamp from Adapter to Locker

Huu Tran 7 years ago in UNIFYBroker/Plus updated by Curtis Lusmore 7 years ago 3

An vice versa? Is there any built in transformation or is has to be done by powershell task?

Answer
Curtis Lusmore 7 years ago

Hi Huu,

There is currently no way to do this directly. As you suggest, you could use a PowerShell task in the Synchronization stage to apply the mapping, or alternatively you could use a Time Offset Transformation in the adapter to generate a Timestamp field. We may look at easier ways to accomplish type conversions in the future, but it would more likely be by converting the type in an adapter transformation.

Out of curiosity, what is the use case?

0
Answered

Deletion of partition "DC=IdentityBroker"

Carol Wapshere 7 years ago in UNIFYBroker/Microsoft Identity Manager updated by Curtis Lusmore 7 years ago 1

I have installed IdB 5.2.0.1 on a new Dev server and migrated the config from Production, which has IdB 5.0.4. I created the LDAP gateway and got the MA imported - however when I tried to make any changes to the MA I got a warning that it was going to delete the partitions "DC=IdentityBroker" (previously selected) and "cn=schema" (previously un-selected).

After backing up the MA I let it delete the partitions, and so far everything looks fine - I can run a Full Import and data was imported from the adapters.

So this is just a sanity check - was letting MIM delete that partition from the MA the right thing to do?

Answer
Curtis Lusmore 7 years ago

Hi Carol,

We changed the way the MIM MA retrieves partitions. It previously used the entries defined in the naming context of the root DSE, but it now uses the OUs underneath DC=IdentityBroker. This was to prevent using DC=IdentityBroker as a partition, as importing from DC=IdentityBroker involves querying multiple adapters and this proved problematic.

I don't believe that the deletion of those partitions should affect your solution, but if you do notice any problems please update this ticket.

0
Answered

A user interface could not be located for this agent type

Carol Wapshere 7 years ago in UNIFYBroker/Aurion updated by Adam van Vliet 7 years ago 2

I have installed the following:

UNIFY Identity Broker Service v5.2.1 RTM

UNIFY Identity Broker for Microsoft Identity Manager v5.1.0 RTM

UNIFY Identity Broker for Aurion v5.0.1 x64

When I try to create an Aurion agent it is listed in the drop-down as an option but then when I click "Create Agent" I get this:


A user-interface could not be located for this agent type. The list of known types are:

  • Unify.Agent.FTP (FTP Agent)
  • Unify.Agent.SqlServerDatabase (SQL Server Database Agent)
  • Unify.Agent.OracleDb (Oracle Database Agent)
  • Unify.Agent.OleDb (Ole Database Agent)
  • Unify.Agent.Aurion (Aurion agent)


I have tried restarting the service and rebooting.

Answer
Adam van Vliet 7 years ago

Is that set of installed versions correct? You'll need to update the Identity Broker for Aurion to v5.2 (https://voice.unifysolutions.net/forums/7-identity-broker-knowledge/topics/3419-identity-broker-for-aurion-downloads/).

0
Answered

accountExpires in AD User Connector

Huu Tran 7 years ago in UNIFYBroker/Microsoft Active Directory updated by Curtis Lusmore 7 years ago 1

How can I retrieve accountExpires field in AD User Connector? I could not find the field in the schema provider but LDP search shows it.

Image 4685

I manually added the field into schema, trying with different types: Date, Timestamp, Long but Import All does not return any value.

Answer
Curtis Lusmore 7 years ago

Hi Huu,

It should be importable as "accountExpires" as a Timestamp. However, the value will not be set on the entity for "never".

0
Answered

How deprovisioning work in IDB Plus?

Huu Tran 7 years ago in UNIFYBroker/Plus updated by Curtis Lusmore 7 years ago 1

It is outgoing provisioning and deprovisioning: Locker-AD Link-AD Adapter - AD User Connector - AD OU

Assume that Locker has 2000 users and there are 3000 users in AD OU--> 3000 in AD Adapter.

After Import All in AD User Connector and Baseline Sync in AD Link, 1500 users in Locker join 1500 in AD Adapter.

In this case, 500 new users will be created in AD because of outgoing provisioning. How about 1500 not-joined users in AD, will they be removed due to outgoing deprovisioning?

Answer
Curtis Lusmore 7 years ago

Hi Huu,

No, such entities shouldn't be deprovisioned during a baseline. A baseline effectively simulates a change to every entity on both sides of the link, but deprovisioning only occurs when an entity is removed from the source context (i.e. a change is registered against an entity that no longer exists in the context).

0
Answered

Cannot retreive schema for Chris21 USR connector

Huu Tran 7 years ago in UNIFYBroker/Frontier ichris/chris21 updated by Adam van Vliet 7 years ago 6

Chris21 USR Connector is configured as follow:

Image 4683



However, retrieving schema failed with the below error in the log:


20180116,23:15:53,UNIFY Identity Broker,Connector Engine,Error,"The schema for 'Chris21 USR Connector' connector was not updated for the following reason: System.AggregateException: One or more errors occurred. ---> System.Exception: No schema fields retrieved for the configured form. Please confirm the connector configuration.
   at Unify.Product.IdentityBroker.Chris21ConnectorBase.<GetSchemaFields>d__42.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Unify.Product.IdentityBroker.Chris21ConnectorSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector)
---> (Inner Exception #0) System.Exception: No schema fields retrieved for the configured form. Please confirm the connector configuration.
   at Unify.Product.IdentityBroker.Chris21ConnectorBase.<GetSchemaFields>d__42.MoveNext()<---
",Normal
20180116,23:15:53,UNIFY Identity Broker,Connector engine,Warning,"Request to retrieve schema provider application result.
Request to retrieve schema provider application result for connector 2851de9a-a6f5-4026-8f63-9c4637633001 failed with message One or more errors occurred.. Provider: Unify.Connectors.Frontier.Chris21.AllFields. Duration: 00:00:01.8901441
Error details:
System.AggregateException: One or more errors occurred. ---> System.Exception: No schema fields retrieved for the configured form. Please confirm the connector configuration.
   at Unify.Product.IdentityBroker.Chris21ConnectorBase.<GetSchemaFields>d__42.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Unify.Product.IdentityBroker.Chris21ConnectorSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderApplicationResult(String providerName, Guid connectorId)
   at Unify.Product.IdentityBroker.ConnectorEngineAuditingDecorator.SchemaProviderApplicationResult(String providerName, Guid connectorId)
   at Unify.Product.IdentityBroker.ConnectorEngineNotifierDecorator.SchemaProviderApplicationResult(String providerName, Guid connectorId)
   at Unify.Product.IdentityBroker.ConnectorEngineAccessor.SchemaProviderApplicationResult(String providerName, Guid connectorId)
   at Unify.Product.IdentityBroker.IdentityServiceCollector.SchemaProviderApplicationResult(String providerName, Guid connectorId)
   at SyncInvokeSchemaProviderApplicationResult(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
---> (Inner Exception #0) System.Exception: No schema fields retrieved for the configured form. Please confirm the connector configuration.
   at Unify.Product.IdentityBroker.Chris21ConnectorBase.<GetSchemaFields>d__42.MoveNext()<---
",Verbose

Answer
Adam van Vliet 7 years ago

The field that chris21 is specifying as the key (usrlogonid) is missing from the set of returned field names. Could you please try the following request and let me know if the response changes?

cbr="componentlist",screen="USR",showtranslation="s"

If the key field comes through, update the show translation setting on the connector and try again.

0
Answered

How to export to other Chris21 table other than DET Connector

Huu Tran 7 years ago in UNIFYBroker/Frontier ichris/chris21 updated 7 years ago 3

In the standard Chris21 configuration, I have DET connector is the base connector for Chris21 Adapter and I can make the field workPhone exportable (readonly box not ticked) --> All good!

In the Chris21 Adapter, there is a join transformation with POS connector in which the field detemailad is exportable. it is mapped to the ADEmail field in Adapter. However, ADEmail field in the adapter is read-only --> not exportable?

So if I want to write back to detemailad field, do I need to create a separate adapter which have POS connector as the base connector?

 

Answer
Huu Tran 7 years ago

It is a schema provider issue. I added "detemailad" to DET connector manually. Do import and data is polulated

0
Answered

How to filter sub-OUs in AD connector

Huu Tran 7 years ago in UNIFYBroker/Microsoft Active Directory updated by Adam van Vliet 7 years ago 8

An AD connector will search objects in an OU in sub-tree mode. This means it looks through all sub-OUs.

What to do if only objects in few selected sub-OUs need to be imported? i.e.

Based Container: OU=User, DC=company, DC=com

only objects in 2 sub-OU needed to be import:

OU=Staff,OU=User, DC=company, DC=com

OU=Disabled_Staff,OU=User, DC=company, DC=com

Answer
Adam van Vliet 7 years ago

See v5.3.0.

0
Declined

Allow for IdB 5.2.1 Plus to be deployed without a Database Connection to support Container based deployments

Adam Bradley 7 years ago updated by Matthew Davis (Technical Product Manager) 5 years ago 4 1 duplicate

Most Container based orchestration solutions, including Kubernetes and Docker Compose with Swarm, provide almost no ability to modify the contents of the files in Volumes mounted within Server nodes they deploy.

To simplify deployments, without needing to resort to tools like Puppet, Chef or Ansible to carry out post provisioning tasks such as modifying Connection Strings in XML files, it would be useful to allow IdB to have the Connection String configurable via it's Management API.

Answer
Matthew Davis (Technical Product Manager) 5 years ago

Supported with containerization attached volumes.

0
Declined

Feature request: credential passthrough for authentication to Broker's LDAP interface from within powershell connector

Adrian Corston 7 years ago updated by Curtis Lusmore 7 years ago 1

It would be helpful if a valid username/password (or other authentication credential object) was made available to the powershell connector, for the purpose of submitting LDAP queries back into Broker for complex data manipulation operations.

The solution outlined here currently has to store and pass the broker LDAP query credentials manually.

Answer
Curtis Lusmore 7 years ago

Hi Adrian,

This is not possible, as the passwords are encrypted in a format that cannot be reversed.



Customer support service by UserEcho