Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
PowerShell Connector handling of DN.multi attributes where there is a single value
The PowerShell Connector treats DN.multi attributes with a single value differently to how it treats string.multi attributes with a single value. This can be overcome in the script however unnecessarily complicates import the script.
Error if handled the same as a string.multi (appears to take first char rather than first array entry):
Script that will handle the single value: StudentParentRelationshipsImport.ps1
DN.multi attribute: ParentRelationshipDNs
String.multi attribute: ParentIDLIST
Identity Broker: v5.0.5
Hi Boyd,
This appears to be a peculiarity with PowerShell.
$array = @('A')
$array.GetType() # Object[]
$sort = $array | Sort
$sort.GetType() # String
$sort = @($array | Sort)
$sort.GetType() # Object[]Please make sure that you force your value into an array before assigning to multi-valued fields.
Adapter object doesn't have corresponding object in Connector resulting in "duplicate-objects error"
This is related to http://voice.unifysolutions.net/topics/2674-idb-51-returning-duplicate-objects-that-only-exist-once-in-the-adapterconnector/ although the bug is now exhibiting new characteristics and the work around is no longer working.
Drilling down on one of these records we can see that they exist twice in IdB adaptor but only once in the connector:
The second entry in the adaptor was once correct but has since been removed from the source system (as this is to do with student enrollments that's a normal procedure). According to Andrew Silcock's notes in the linked job, previously the entries only existed in the adaptor once.
Cannot create a DN in the format UID=-12345
It would be great to be able to extend the definition of a valid IdB DN to include the "-".
The following error is raised when attempting to export a new record to an underlying SQL entity via IdB4:
Log Name: Application Source: FIMSynchronizationService Date: 13/04/2017 3:07:52 PM Event ID: 6801 Task Category: Server Level: Error Keywords: Classic User: N/A Computer: CENTRELINK-FIM.unifyfim.unifytest.local Description: The extensible extension returned an unsupported error. The stack trace is: "System.Exception: Error occurred when attempting to save entity with distinguished name UID=-281283620 Error: 1 items failed schema validation during Adapter operation. Check log for validation errors. at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities) at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities, EntityToConnectorEntityBridge[]& backwardAdapterEntities) at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities) at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity) at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity) at Unify.Product.IdentityBroker.LDIFAdapterBase.HandleExportAdd(IAdapter adapter, IAdapterEntitySaveChange pendingAdd) at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) at SyncInvokeExportChanges(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) Forefront Identity Manager 4.0.3732.2" Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="FIMSynchronizationService" /> <EventID Qualifiers="49152">6801</EventID> <Level>2</Level> <Task>3</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2017-04-13T05:37:52.000000000Z" /> <EventRecordID>2307483</EventRecordID> <Channel>Application</Channel> <Computer>CENTRELINK-FIM.unifyfim.unifytest.local</Computer> <Security /> </System> <EventData> <Data>System.Exception: Error occurred when attempting to save entity with distinguished name UID=-281283620 Error: 1 items failed schema validation during Adapter operation. Check log for validation errors. at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities) at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities, EntityToConnectorEntityBridge[]& backwardAdapterEntities) at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities) at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity) at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity) at Unify.Product.IdentityBroker.LDIFAdapterBase.HandleExportAdd(IAdapter adapter, IAdapterEntitySaveChange pendingAdd) at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) at SyncInvokeExportChanges(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) Forefront Identity Manager 4.0.3732.2</Data> </EventData> </Event>
I don't see why this should be an invalid DN - e.g. it is perfectly acceptable in ADLDS.
The reason for wanting to do this was in a test scenario where I need to enforce uniqueness so I don't clash with an existing range of identities - so flipping the sign was the simplest way to achieve this.
In the end I was able to come up with another way of generating a unique ID, but I thought this deserved consideration anyhow.
BadImageFormatException on service startup
Attempting new install of IdB 5.1 on Windows 2016. Installing Aurion connector 5.0.1 and trying to create the agent. The configuration section of the Agent is missing.
Error below is seen in logs:
20170502,22:32:16,UNIFY Identity Broker,Service Engine,Warning,"An error occurred whilst coordinating the plug-in engine. The error was: System.BadImageFormatException: Could not load file or assembly 'file:///C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect32.exe' or one of its dependencies. An attempt was made to load a program with an incorrect format. File name: 'file:///C:\Program Files\UNIFY Solutions\Identity Broker\Services\Unify.Service.Connect32.exe'
How can I get the configuration section displayed so I can configure it?
That gets logged with Verbose logging - there's nothing actually wrong. It may be fixed in v5.2.
To use v5.1 you'll have to install a v5.1.x connector.
Separation of Signature and SendAs
The signature is currently combined in the same attribute as the SendAs field. Is it possible to separate these attributes?
Signature in UI showing linkage to default SendAs
Signature in UI showing linkage to non-default SendAs
<SendAs name="" address="bbostock@cns.catholic.edu.au" replyTo="" signature="<div dir="ltr"><div>Regards</div><div>My Name</div><div><br></div><div>My Title2</div><div>My Department2</div><div>My Company2</div><div>p: 0400 000 000</div><div>e: <a href="mailto:myemail@mycompany2.com" target="_blank">myemail@mycompany2.com</a></div></div>" default="false" />, <SendAs name="Boyd Bostock" address="bbostock@sscc.qld.edu.au" replyTo="" signature="<div dir="ltr">Regards<div>My Name</div><div><br></div><div>My Title</div><div>My Department</div><div>My Company</div><div>p: 0400 000 000</div><div>e: <a href="mailto:myemail@mycompany.com" target="_blank">myemail@mycompany.com</a></div><div><br></div></div>" default="true" />
I think it will be problematic as email addresses will change if people transfer between schools. For my purposes I will configure the MIM Rule Extension to preserve the signature if present.
Google Groups: External Members email address case mismatch
I have found issues with differences in case between MIM and Google is causing unnecessary exports. To overcome this I have ensured all email addresses exports are in lowercase, the exports are successful but a subsequent import from Google returns the addresses in the original case.
I have found an anomaly in Google where one view shows the addresses in lowercase and another in mixed case. I suspect that although the email address case changes successfully it is not synchronised everywhere.
Admin Console View
Google Groups View
- Is there another membership attribute that can be used instead?
- Is there a transformation that can convert to lowercase (multi-valued field)? MIM cannot do this for confirming imports.
- Is it possible/appropriate to add an option to the Connector to import all email addresses as lowercase?
Gmail Settings remove Lables
Labels is one of the settings available in the GMail API and results in a large amount of data being retuned. As there is not IAM requirement for Labels settings I would recommend it is removed from the Google User/GMail Settings Connector.
Remove any non-required fields from the schema - that way the call won't be made as each of the fields are done as separate calls.
MA stopped-extension-dll-exception
Our Identity broker MA is failing on its Delta Imports with the ever helpful "stopped-extension-dll-exception" error.
From Event Viewer, I get:
The extensible extension returned an unsupported error.
The stack trace is:
"Unify.Product.IdentityBroker.LdapOperationException: Error during processing of SearchRequest targetting cn=changelog: Operation timed out while waiting for message queue with id of 10. ---> System.OperationCanceledException: Operation timed out while waiting for message queue with id of 10.
at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__30.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.3.2266.0"
Apart from the fact that there was a dll exception, any idea what this is about or where to look for more useful information? I am seeing nothing with any errors in the IdB logs.
Please try with the patch from http://voice.unifysolutions.net/topics/2672-delta-import-timeouts-on-identity-broker-51-management-agents/ (Unify.IdentityBroker.ChangeLog.Repository.Sql.dll - for the appropriate version of Identity Broker).
cd-error exporting to IdB
I need some help troubleshooting an issue exporting updates to Aurion Security Users.
- The IdB connector is using the standard Aurion Security User connector.
- The adapter connects only to the connector - no joins or transformations.
- When I try to export from MIM I see "cd-error" on all exports - but there is no message.
- There is nothing in the IdB logs about this adapter at all - it's like it isn't even getting that far.
- I can refresh the MA schema, I have also cleared the connector space and re-imported from IdB - so I know connectivity to IdB is fine.
I have tried enabling Verbose logging and an IdB trace (sent separately). I'm looking for suggestions about how else I can troubleshoot this.
Data Transformation on fetching previous position end date
Hi,
I am trying to do a data transformation in Chris 21 person Adapter in IdB 4.1
Connector: Ch21 Placement connector
join criteria: detnumber
What I want to achieve:
select top 1 posenddate from all positions held(sort on desc) where end date is NOT null(which will be current position, so we don't want that)
is there a way to do this OOTB in IdB 4.1?
The current set of join transformation options will all pick the open transformation, with the only way to select the previous being to change the offset of the window - which is not quite what you're after. In v5.1 you would be able to write the logic yourself using the PowerShell transformation. I believe your options are:
- Use your solution logic to do the selection;
- Update to v5.1 and use the PowerShell transformation;
- Write an extended transformation using code (not recommended as it's not trivial).
Customer support service by UserEcho
