I am using the email address in the DN and have a requirement to allow accounts to be renamed. There are no other attributes that are suitable for use in the DN.

If I change the email address attribute it will fail (error attached) as it is being used in the DN. I have attempted change the DN however MIM is processing it as an attribute flow instead of a rename (error and screenshot attached).

Error Email Address Change.txt

Error DN and Email Address Change.txt

Looking at the doco I can see reference to the Remote Function Calls. Is there any information available about what ports it uses or is it something configurable at the SAP end? I have found SAP docs that point out the connecting system needs to be able to use TCP/IP but I cannot find any port info. I am trying to provide the relevant details to the SAP owners.

This is related to:

• http://voice.unifysolutions.net/topics/2737-identity-broker-for-mim-watermark-functioanlity-enhancement/
• http://voice.unifysolutions.net/topics/2672-delta-import-timeouts-on-identity-broker-51-management-agents/

The Delta Import on an IDB 5.1 MA is failing and returning the following stack trace:

The extensible extension returned an unsupported error.

Previously this issue was under control by occasionally doing full imports but the delta imports are no longer functioning at all and failing on each run.

When the delta imports were running each run would have a number of staging errors from trying to recreate connectors that've already been created and we can see on other IDB MA's in the environment that each delta import is computing the same items each run.

Thanks,
Tom

Quick question about the way IdB deals with duplicates and whether there are any other options. Customer has reported that their Aurion security connector is failing during processing because there is a duplicate record with the same key (PersonNumber). They have asked be how we should deal with this - I think my only answer is to advise them that their HR department needs to ensure they maintain uniqueness for PersonNumber in Aurion, but I just wondered if there are any other suggestions or ways to manage this sort of thing.

Getting an error on an IDB 5.1 MA in the production environment, all Delta Imports are failing and taking an extended period of time to fail. IDB logs indicate that data is being returned (as per screenshot below), however the MIM MA errors as per the below italicised text.

The extensible extension returned an unsupported error.
The stack trace is:

"Unify.Product.IdentityBroker.LdapOperationException: Invalid change log format.
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__30.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.3.2266.0"

My Aurion connectors are giving errors - I suspect a network / timeout issue. Is that just a matter of increasing the timeout for the agent (or getting a better network)?

Change detection engine import all items failed.

Change detection engine import all items for connector XXXXXX Security failed with reason Unable to connect to the remote server. Duration: 00:00:21.0082077

Error details:

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

--- End of inner exception stack trace ---

When adding a new transformation, the UI defaults to the first Constant Value transformation:

The details field says Select a transformation for more information

When you then click the dropdown and choose Constant Value:

No real issue, just a quirk. May be worth showing the transformation explanation as default for the first selected one or adding a blank transformation option as the default selection in the dropdown.

Currently when adding an adapter, it is expected to contain LDAP compliant fields. If the fields are not LDAP compliant (contain invalid characters) then it recommends automatically adding rename transformations to LDAP compliant names.

When you add the adapter; however, it allows you to use invalid named fields to set the DN template.

Idea is that either the field name transformations are able to be added before setting the DN template (so that on creation all fields are LDAP compliant), or when a rename transformation is added it gives the option to update all existing references to the name (so that the DN template would be updated from the old value to the new value).

The following 2 identical transformations are being used to flow the same data into 2 separate CS properties being used in the FIM configuration for different purposes.

The data in each property should be identical, but it is not ... there are some 1.3K users with nulls in the DEPARTMENTS field but which have values in the ALLDEPARTMENTS field, e.g.

3.5K have values in both.

Please advise what could be causing the null values in the second property, but only for about a quarter of the user base?

This is having a significant impact at CSODBB where the data in the original mapped value (DEPARTMENTS) is now significantly compromised. There is only one user with a null value in the ALLDEPARTMENTS property.

Note that in testing both values always had the same values present - this is only something which I have spotted since the change to introduce the second transform was promoted before Christmas.

Logged for customer against https://unifysolutions.jira.com/browse/CSODBB-536

The Connector import complete but we receive the error in the logs, do we need to bring the adrline1 column into the adapter by itself as well?

Changes register item processing on failed.

at System.Collections.Generic.Dictionary`2.get_Item(TKey key)

at Unify.Product.IdentityBroker.ChangeReportProcessor.ProcessReport(IChangeReportProcessingRequest request)