Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'.
Identity Broker v5.2.1.0
When running an import on a connector, if you have a schema field in your connector that is the same as another connector or adapter, but only differing in casing, the import fails with the following error:
Connector processing failed. Connector Processing page 1 for connector Test2Csv failed with reason Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'. Cannot insert duplicate key in object 'dbo.CollectionKey'. The duplicate key value is (MySecond). The statement has been terminated.. Duration: 00:00:00.0725432. Error details: System.Data.SqlClient.SqlException (0x80131904): Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'. Cannot insert duplicate key in object 'dbo.CollectionKey'. The duplicate key value is (MySecond). The statement has been terminated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult) at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries) at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query) at System.Data.Linq.ChangeDirector.StandardChangeDirector.DynamicInsert(TrackedObject item) at System.Data.Linq.ChangeProcessor.SubmitChanges(ConflictMode failureMode) at System.Data.Linq.DataContext.SubmitChanges(ConflictMode failureMode) at Unify.Product.IdentityBroker.Repository.EntityLinqQueryConverterUtilitiesBase`4.GetCollectionKeyData(TEntityKey key, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.EntitySingleValueDataUtilityBase`2.CreateEntityValue(TEntityKey key, IValue value, IEntityCollectionKeyUtility`1 collectionKeyUtility, EntityDataSet set, __EntityInsertRow row, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.ConvertEntityValueToDataValue(KeyValuePair`2 entityValueAndKey, __EntityInsertRow row, EntityDataSet entityDataSet, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.<>c__DisplayClass31_0.<convertitemtovalues>b__0(KeyValuePair`2 entityValueAndKey) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<selectmanyiterator>d__17`2.MoveNext() at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.InsertItems(ISet`1 addedItems, EntityDataContext sourceContext, SqlConnection connection) at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Product.IdentityBroker.SaveChangedEntitiesTransformationUnit.Transform(IDictionaryTwoPassDifferenceReport`4 input) at Unify.Product.IdentityBroker.ConnectorEntityChangeProcessor.ProcessEntities(IEnumerable`1 connectorEntities, IEnumerable`1 repositoryEntities, IEntityChangesReportGenerator`2 reportGenerator) at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys) at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page) at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate() ClientConnectionId:f57bfe7a-c01b-4101-87a7-e2809963b2e8 Error Number:2627,State:1,Class:14
To Reproduce:
Create two CSV connectors with duplicate schema, case sensitive. Run an import on both, recognise that the import succeeds.
Modify the schema of one of the connectors, changing only the casing of a field name. Re-run the import, and notice it fails with the exception above.
I've noticed this now across both the CSV connector and a custom connector. It also happens if you've got a field in the adapter with the same name, but differing in casing. You can test this by creating a constant field in one adapter that is the same as a unique schema field on your second connector, but only differing in casing. Run the connector import and the same error throws.
This issue is caused by the default SQL collation not matching that in code. Please use the workaround of changing field name to not clash.
If anyone comes up against this issue please let us know. Our current approach will be to add in support for new data layers, unless we get some new use cases.
Entities not created on Polling import
I am developing a Powershell connector. It uses exactly the same script for Full and Polling imports, just with a "-RunType Delta" switch for polling. The difference is all about how it detects how many users to look at - once it gets to creating the IdB entities the script is identical.
I have four new objects in the external system. They are correctly identified by the script on a Polling import, however the new entities are not created in IdB. When I run a Full import the entities are created. (I have done searches to confirm this)
The following log excerpt shows the four entities that should be created, but the changes reported are 0:
20171211,04:47:22,UNIFY Identity Broker,Logging,Information,Exchange Protected Import: Creating 4 entities,Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed1\, Changed1,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 20523 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed2\, Changed2,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 11831 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed3\, Changed3,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 73564915 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed4\, Changed4,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 18582 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Connector,Information,"Request to import changes from connector. Request to import changes from connector PowerShell Exchange PROTECTED.",Normal 20171211,04:47:23,UNIFY Identity Broker,Connector,Information,"Import changes from connector completed. Import changes from connector PowerShell Exchange PROTECTED reported 0 changes. Duration: 00:00:00",Normal 20171211,04:47:23,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine import changes completed. Change detection engine import changes for connector PowerShell Exchange PROTECTED returned 0 possible changes. Duration: 00:00:04.8439784",Normal
The part of the script the creates the entities is as follows. When I generated that log above I had the two lines uncommented that log the full $entity:
###
### Create/update entities
###
if ($ManagedUsers.count -gt 0)
{
$logger.LogInformation("$LogPrefix Creating {0} entities" -f $ManagedUsers.count.ToString())
foreach ($user in $ManagedUsers)
{
$entity = $entities.Create()
$entity["PersonNumber"] = $user.employeeNumber
$entity["DN"] = $user.DistinguishedName
$entity["Status"] = $user.extensionAttribute13
if ($Mailboxes.ContainsKey($user.DistinguishedName))
{
$mb = $Mailboxes.($user.DistinguishedName)
$entity["DirectPermissions"] = $mb.DirectPermissions
$entity["HiddenFromGAL"] = $mb.HiddenFromGAL
$entity["MailboxType"] = $mb.MailboxType
$entity["PrimaryEmailAddress"] = $user.mail
$entity["ProxyEmailAddresses"] = $mb.EmailAddresses
$entity["TerminationAutoReply"] = $mb.TerminationAutoReply
$entity["TerminationMailCount"] = $mb.TerminationMailCount
}
else
{
$entity["DirectPermissions"] = $null
$entity["HiddenFromGAL"] = $false
$entity["MailboxType"] = $null
$entity["PrimaryEmailAddress"] = $null
$entity["ProxyEmailAddresses"] = $null
$entity["TerminationAutoReply"] = $false
$entity["TerminationMailCount"] = $null
}
#[string]$str = $entity | fl | out-string
#$logger.LogInformation($str)
$entity.Commit()
}
}
I'm on v5.1.0 Revision #1. I should be able to upgrade but it's a bit of a process to get software into the environment, so is there anything else I should be looking at?
You were right - I had the default (Entity Id) selected when I needed Entity. I thought this seemed familiar - I have definitely hit this before.
Code Samples for Identity Broker Plus v5.1 PowerShell Tasks
Hello - I'm looking for Sample scripts to perform post-provisioning and pre-provisioning PowerShell scripts as part of IDB Plus. Knowledge base articles show some basic info on syntax but would like to see sample scripts which then could be customized.
Thanks for the suggestion, Dilip.
I've added an example to the bottom of PowerShell Task.
IdB search logging on Diagnostic instead of Verbose
With the Powershell connector I add lots of logging into my scripts. When troubleshooting I want to bump the log level up to Verbose so I can see my Information logs - however IdB UI search logging also seems to run at this level. So if I put "My Powershell script" as a search in the IdB Logs UI it fills up with lots of logging about that particular search string, making it hard for me to track my own logs. Could the IdB search logging be moved to a Diagnostic setting?
This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.
Workday Identity Broker information
Hi,
I would like to know somethings about the Workday Identity Broker.
1. Does the Identity Broker honor the Workday +7 hrs time difference or does it ignore it?
2. What data gets imported via the Delta stages when it Imports it from Workday?
Would anyone be able to assist in finding out those questions
Kind Regards
Werner
Hi Werner,
1. Are you referring to the buggy/inconsistent handling of time-zones by Workday? If so, the connector accounts for it where we have noticed it being an issue. Currently this is on the Polling import calls (Worker and Organization - using the timezone offset setting), as well as the comparison against hire date and seniority date (uses a date comparison instead of time based).
2. I've added a note to the Usage section on the Workday Worker Connector.
Thanks.
Aurion ESS account Template
I have been asked to find out if the Aurion connector supports specifying a "template" at the point of creating the ESS account. Apparently this will mean that MailType and other options are set according to the template. I know I can set these attributes directly, and this is what I intend to do, but the customer would like to continue to use her template if possible - only if specifying a template is supported by sec_user_add of course.
There is no TEMPLATE field for the SEC_USER_ADD function. Have a look at the CopyFromUserId field (COPY_FROM_USER_ID) to see if it meets your requirements.
Unify.Product.IdentityBroker.LDAPModifyException: Cannot add the value to the existing, non-multivalue field
There's an error being reported in MIM Sync on exports to a particular IdB connector several times a day. I haven't worried too much about it because the export actually works and the error is never exactly repeated (so it's not repeatedly failing to export the same change) - however I'm trying to clean up the monitoring so reported errors are worth looking into.
The error occurs seemingly randomly, as in there is no pattern of specific entity or time of day that I can see. It is always the same adapter, which backs on to a SQL connector talking to a SQL table (not a view). The error is always much the same except the attribute always changes - again I don't see a pattern. None of the attributes are multi-valued in the target table, IdB or MIM.
Here's an example of the error reported in MIM. I'm showing the healthcheck version so you can see the entity specified and the timestamp:
ErrorDN: CN=25600,OU=LANDesk,DC=IdentityBroker
ErrorDetail:
ErrorFirstOccurred: 2017-11-06T07:59:03
ErrorMessage: Internal Server Error #9:
Unify.Product.IdentityBroker.LDAPModifyException: Cannot add the value
41-50-53-34 to the existing, non-multivalue field Classification. at
Unify.Product.IdentityBroker.LDAPModifyRequestToEntityConverter.HandleAttributeValueAdd(IModifyRequestOperation
op, IAdapterEntity entity, IEntitySchema schema) at
Unify.Product.IdentityBroker.LDAPModifyRequestToEntityConverter.Transform(IRfcModifyRequest
sourceValue, IAdapterEntity origEntity) at
Unify.Product.IdentityBroker.ModifyRequestHandler.InnerApplyTransformation(IHandleRequestCoreRequest
request, LDAPModifyRequestToEntityConverter converter)
ErrorSyncType: export-error
ErrorType: Other
HCRecordType: FIMSync_Run_ErrorObject
MVObjectGUID: 540553ea-7e48-e711-80c7-005056a374e3
MaName: LANDesk
RunID: 6e0a6558-280f-4625-b0cc-9aea0ae83564
TimeInErrorDays: 0
_time: 2017-11-06T07:59:03
I've looked at the IdB logs for the same time but there is no error reported there. The logs agree that an export was being run to the expected connector. The only entity specifically mentioned does not match the entity reported in the MIM Sync error:
20171106,07:58:59,UNIFY Identity Broker,LDAP Engine,Information,A client has connected to the LDAP endpoint from address: 127.0.0.1:52744.,Normal 20171106,07:59:04,UNIFY Identity Broker,LDAP Engine,Information,A client has connected to the LDAP endpoint from address: 127.0.0.1:52750.,Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP Bulk Start request. Handling of LDAP Bulk Start request received from user IdBLDAP on connection 127.0.0.1:52744 completed successfully. Duration 00:00:18.1411237.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP Root DSE request. Handling of LDAP Root DSE request from user IdBLDAP on connection 127.0.0.1:52750 for the Root DSE completed successfully. Duration: 00:00:13.1409918.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP search request. Handling of LDAP search request from user IdBLDAP on connection 127.0.0.1:52750 targeting DC=IdentityBroker with a scope of SingleLevel completed successfully. Duration: 00:00:12.1409653.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP Bulk End request. Handling of LDAP Bulk End request received from user IdBLDAP on connection 127.0.0.1:52744 completed successfully with operations failed: 1. Duration 00:00:16.1254477.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user IdBLDAP on connection 127.0.0.1:52744 completed successfully without results available for logging. Duration 00:00:17.1410874.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:52750 to connect as user IdBLDAP completed successfully. The bind was successful. Duration: 00:00:14.1410105.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request. Handling of LDAP schema request from user IdBLDAP on connection 127.0.0.1:52750 for the server schema completed successfully. Duration: 00:00:11.1096809.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:52744 to connect as user IdBLDAP completed successfully. Duration: 00:00:15.1410375.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request. Handling of LDAP schema request from user IdBLDAP on connection 127.0.0.1:52750 for the server schema completed successfully. Duration: 00:00:09.4690085.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request. Handling of LDAP schema request from user IdBLDAP on connection 127.0.0.1:52750 for the server schema completed successfully. Duration: 00:00:08.6408457.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:52744 to connect as user IdBLDAP completed successfully. The bind was successful. Duration: 00:00:19.1411493.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request. Handling of LDAP schema request from user IdBLDAP on connection 127.0.0.1:52750 for the server schema completed successfully. Duration:<span class="redactor-selection-marker" id="selection-marker-1"></span> 00:00:07.6408392.",Normal dmfjsg 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request. Handling of LDAP schema request from user IdBLDAP on connection 127.0.0.1:52750 for the server schema completed successfully. Duration: 00:00:06.6251852.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP schema request. Handling of LDAP schema request from user IdBLDAP on connection 127.0.0.1:52750 for the server schema completed successfully. Duration: 00:00:05.6407763.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP Root DSE request. Handling of LDAP Root DSE request from user IdBLDAP on connection 127.0.0.1:52750 for the Root DSE completed successfully. Duration: 00:00:04.6876294.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP change log request. Handling of LDAP change log request from user IdBLDAP on connection 127.0.0.1:52750 completed successfully. Added: 1. Modified: 0. Renamed: 0. Deleted: 0. Total: 1. Duration: 00:00:04.1407369.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP change log request. Handling of LDAP change log request from user IdBLDAP on connection 127.0.0.1:52750 completed successfully. Added: 3. Modified: 2. Renamed: 0. Deleted: 0. Total: 5. Duration: 00:00:03.1407136.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP search request. Handling of LDAP search request from user IdBLDAP on connection 127.0.0.1:52750 targeting CN=25777,OU=LANDesk,DC=IdentityBroker with a scope of BaseObject completed successfully. Results: 1. Duration: 00:00:02.1406773.",Normal 20171106,07:59:19,UNIFY Identity Broker,LDAP engine,Information,"Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:52750 to connect as user IdBLDAP completed successfully. Duration: 00:00:00.0156256.",Normal 20171106,07:59:20,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine import all items started. Change detection engine import all items for connector Aurion Security Records started.",Normal
Hi Carol,
The error "Cannot add the value 41-50-53-34 to the existing, non-multivalue field Classification" indicates that MIM is attempting to export an update to an entity which adds a value to a field for which the entity already has a value, and that field is not multi-valued. This isn't logged in Identity Broker as an error because as far as Identity Broker is concerned, it correctly responded to an invalid request with a failure - there is no error of processing in Identity Broker.
This usually indicates that the data in Identity Broker and the MIM connector space have grown out of sync, and can be resolved with an import + sync cycle. The fact that this issue resolves itself suggests this is likely.
Blocking a transformation for one entity
I expect the answer is No, but worth asking...
Aurion has the head of Dept's position shown as reporting to her EA. This is apparently necessary for some internal Aurion reason. However they don't want her EA appearing as her Manager all over the place (as it currently is, including in the Corporate Directory).
As I can't do an Advanced Flow Rule on a reference attribute I can't selectively block "manager" coming into the Metaverse. (I may have to implement a scoped Sync Rule just for this one flow- yuck!)
If at all possible, is there any way I can exclude one entity on the Join transformation that is generating the Manager attribute inside the IdB Adapter?
Hi Carol,
No, this is not directly possible with the Join transformation. If you're using Identity Broker v5.1 or above, you could consider using the PowerShell Transformation to remove the value (by assigning the value null) to the appropriate field of the target entity.
GUI issue after an update to Aurion IDB Connector 4.1.3
Hi,
After the update of the Aurion IDB Connector 4.1.3 from 4.1.0 on Identity Broker Service 4.1.0.
I have the following web page when I try to configure the connector:
Instead of :
I followed the following guide installation: https://unifysolutions.jira.com/wiki/spaces/IDBAUR41/pages/54165644/Installation
Do you have an idea from the root cause and how to fix it?
Thanks in advance
Regards,
The issue is caused by being on a DEV version of Identity Broker. Either upgrade to the RTM, or the latest v4.1.x.
Check version of WSP installed?
How can I check the version of WSP installed on SharePoint?
Need to know in case we need to revert if upgrade does not go as planned.
As the DLL's are deployed to the GAC, there is no need to roll back that part (strongly named allowing multiple versions to be deployed). The SharePoint administrator should know how to redeploy/upgrade/downgrade the wsp file that you provide.
Customer support service by UserEcho
