Passwords are not being set for newly created users and not being synchronised for existing users.

Does Identity Broker need to be configured to use Secure LDAP to synchronise passwords?

I have attached a packet trace and believe the LDAP BIND requests are attempts to synchronize the password.

Clearing all External Members from Google Groups is not working, there is no error reported during the export however membership remain unchanged.

Google Connector 5.0.0.0

Google Group Connector import is failing after a period of time, the error message does not indicate which group is triggering the error.

A test connector was created and the following found:

• Works successfully if the Membership schema was not added.
• Fails when membership schema is added.
• Fails when Group Settings schema is added (without Membership)

Error details:System.AggregateException: One or more errors occurred. ---> System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message ""Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]
"". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]


at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass115`1.<BackoffRetry>b__10d()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass17a.<ProcessedGroups>b__173(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body)
at Unify.Product.IdentityBroker.GoogleAgent.ProcessedGroups(Func`1 getDirectoryService, Func`1 getGroupsSettingsService, ConcurrentBag`1 directoryServices, ConcurrentBag`1 groupsSettingsServices, GroupEntityAdapter groupAdapter, GroupSettingsEntityAdapter groupSettingAdapter, IGroupMembersEntityAdapter groupMembersAdapter, IEnumerable`1 groupsValue, Boolean manageGroupSettings, GroupMembersReadMethod groupMembersReadMethod, String[] groupNameSuffixWhitelistFilter)
at Unify.Product.IdentityBroker.GoogleAgent.<InternalGetGroupPages>d__eb.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Collections.ActionOnExceptionEnumerator`1.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ProduceAutoPages>d__7`1.MoveNext()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass33_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
---> (Inner Exception #0) System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message ""Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]
"". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]


at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass115`1.<BackoffRetry>b__10d()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass17a.<ProcessedGroups>b__173(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0)<---
",Normal

https://unifysolutions.jira.com/wiki/display/IDBSAP51/Installation

step 4 should refer to SAP not Chris21

This applies to other HR data feeds as well, not just Aurion.

HR systems typically give us the Org Unit hierarchy in parent-child format. However we need to "flatten" this against person objects so we can use the values for group population and attribute flows.

- The number of Org Unit levels will differ from organisation to organisation

- There will be a mapping between level and org unit type - for example "Section" may be level 4.

- There may be gaps in the Org Unit hierarchy - for example a level 4 org unit that is the child of a level 1 org unit. This means you cannot assume the level of the parent org unit - you have to actually look at what it's level is.

- Populating all ancestor Org Units in a multi-value field may be ok for group population but is not helpful for flowing values like "Division", "Branch", "Section" where you have to know the level.

Data feed from HR data source comes like this. For each Org Unit:

OrgUnitID: (Key, req) Identifier of the Org Unit

OrgUnitName: Name of the Org Unit

OrgUnitLevel: (Req) A number specifying level where 1 is the top. The lowest org unit number should not be enforced – current Aurion customer goes down to level 9. This will differ for different environments.

ParentID: Identifier of the parent in the hierarchy. It is *not* required that the parent level is one level up – eg., a level 4 can be the child of a level 2, skipping level 3. However we can assume there will only be one parent. The level 1 Org Unit will not have a parent.

Data to produce – for each Org Unit:

OrgUnitID: Identifier of the Org Unit

OrgUnitName: Name of the Org Unit

OrgUnitLevel: Level of the Org Unit

OrgUnit1: (Req) The OrgUnitID of the level 1 ancestor of this Org Unit

OrgUnit2: (If applicable) The OrgUnitID of the level 2 ancestor of this Org Unit

OrgUnit3: (If applicable) The OrgUnitID of the level 3 ancestor of this Org Unit

… OrgUnitN: (If applicable) The OrgUnitID of the level N ancestor of this Org Unit

There needs to be a gap between Delete Entities and Save Entities. While there are gaps between the other sections this one constantly causes me to think the delete count is actually the save count. A gap, and possibly positioning of Save above Delete, will help avoid this unnecessary confusion.

Troubleshooting some export errors creating accounts from MIM through Identity Broker and getting the below bolded message in the logs. The corresponding error in MIM is nothing more useful than "cd-error" and there are no errors in the Windows Event Log to assist.

The MIM export is set to a single export at a time for troubleshooting purposes, but I've noticed there is a long time (some ~70 seconds) between the message in bold and the unbind request that follows.

When I create a new Join and try to delete attributes I receive the following error:

HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

When the join is saved it does not saved it with the selecting criteria I used. I have to update the xml document to get the correct values.

Unify.Communicators.AurionHRMIS9302.dll - 4.1.0

Unify.Service.Connect.exe - 4.1.0

The prerequisites for SAP connector (https://unifysolutions.jira.com/wiki/display/IDBSAP51/Prerequisites) state that:

An implementation of Identity Broker for SAP ERP Human Capital Management requires version analysis as the ABAP modules are developed against a specific version of SAP and service pack.
Please contact support@unifysolutions.net for module version compatibility.

Any idea what information I will need to provide to support?

Looking at testing the SAP connector for IdB at a customer (in a DEV lab) and getting a little confused as to what versions I should use. I was going to go with IdB 5.1 RC2, but can only find one msi file under https://unifysolutions.jira.com/wiki/display/SUBIDB/Downloads and when I run it it is the x64 version.

The prerequisites for SAP HCM connector v5.1 state that the 32 bit version of Identity Broker must be used https://unifysolutions.jira.com/wiki/display/IDBSAP51/Prerequisite

Where do I get the 32 bit version, or do I need to select an earlier IdB version (e.g. 5.0.4)?