I have made a backup of the IdB 4.0 files and run the install of 4.1.5, but it didn't upgrade the configuration files. I have edited the connector and adapter files by removing expert v7.5 so that we only have chris21.

I am getting the error below when adding a group with other groups as members. I can add the groups to membership manually and the subsequent import imports the membership with the correct DN.

Error Nested Group Members.txt

Image below shows the groups added manually and the one that is failing. The failing group was added manually to confirm it is possible.

I am using the email address in the DN and have a requirement to allow accounts to be renamed. There are no other attributes that are suitable for use in the DN.

If I change the email address attribute it will fail (error attached) as it is being used in the DN. I have attempted change the DN however MIM is processing it as an attribute flow instead of a rename (error and screenshot attached).

Error Email Address Change.txt

Error DN and Email Address Change.txt

Looking at the doco I can see reference to the Remote Function Calls. Is there any information available about what ports it uses or is it something configurable at the SAP end? I have found SAP docs that point out the connecting system needs to be able to use TCP/IP but I cannot find any port info. I am trying to provide the relevant details to the SAP owners.

This is related to:

• http://voice.unifysolutions.net/topics/2737-identity-broker-for-mim-watermark-functioanlity-enhancement/
• http://voice.unifysolutions.net/topics/2672-delta-import-timeouts-on-identity-broker-51-management-agents/

The Delta Import on an IDB 5.1 MA is failing and returning the following stack trace:

The extensible extension returned an unsupported error.

Previously this issue was under control by occasionally doing full imports but the delta imports are no longer functioning at all and failing on each run.

When the delta imports were running each run would have a number of staging errors from trying to recreate connectors that've already been created and we can see on other IDB MA's in the environment that each delta import is computing the same items each run.

Thanks,
Tom

Quick question about the way IdB deals with duplicates and whether there are any other options. Customer has reported that their Aurion security connector is failing during processing because there is a duplicate record with the same key (PersonNumber). They have asked be how we should deal with this - I think my only answer is to advise them that their HR department needs to ensure they maintain uniqueness for PersonNumber in Aurion, but I just wondered if there are any other suggestions or ways to manage this sort of thing.

Getting an error on an IDB 5.1 MA in the production environment, all Delta Imports are failing and taking an extended period of time to fail. IDB logs indicate that data is being returned (as per screenshot below), however the MIM MA errors as per the below italicised text.

The extensible extension returned an unsupported error.
The stack trace is:

"Unify.Product.IdentityBroker.LdapOperationException: Invalid change log format.
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__30.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.3.2266.0"

My Aurion connectors are giving errors - I suspect a network / timeout issue. Is that just a matter of increasing the timeout for the agent (or getting a better network)?

Change detection engine import all items failed.

Change detection engine import all items for connector XXXXXX Security failed with reason Unable to connect to the remote server. Duration: 00:00:21.0082077

Error details:

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

--- End of inner exception stack trace ---

When adding a new transformation, the UI defaults to the first Constant Value transformation:

The details field says Select a transformation for more information

When you then click the dropdown and choose Constant Value:

No real issue, just a quirk. May be worth showing the transformation explanation as default for the first selected one or adding a blank transformation option as the default selection in the dropdown.

Currently when adding an adapter, it is expected to contain LDAP compliant fields. If the fields are not LDAP compliant (contain invalid characters) then it recommends automatically adding rename transformations to LDAP compliant names.

When you add the adapter; however, it allows you to use invalid named fields to set the DN template.

Idea is that either the field name transformations are able to be added before setting the DN template (so that on creation all fields are LDAP compliant), or when a rename transformation is added it gives the option to update all existing references to the name (so that the DN template would be updated from the old value to the new value).