Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

In place text editors
In place text editors should be used where possible.
The following places are a minimum:
- Adapter general settings (name, comment, object class, base connector)
- Connector general settings (name, comment, queue when blocked)
Should probably be done using extension methods that are also available to connector developers so that they can have in place editors as part of the display template. May impact IDB-960. Think about user permissions also, but that may have to be extended when the "security enhancements" road map item is done.
This will also solve PRODUCT-261.

The connector job ChangeDetectionSchedulerJobDecorator could not be run as the Chris21 Person Connector is currently disabled
The following exception was being logged constantly in Matt's environment:
20121028,00:00:21,UNIFY Identity Broker,Void <.ctor>b__0(),Error,"An exception has occured whilst performing a job for partition 34b83581-377c-41b5-afb9-2a705076285f job ReflectAdapterOnChangeDueJob: Unify.Framework.UnifyEngineException: The connector job ChangeDetectionSchedulerJobDecorator could not be run as the Chris21 Person Connector is currently disabled at Unify.Product.IdentityBroker.ChangeDetectionEnablementJobDecorator.<>c__DisplayClass2.<.ctor>b__0() at Unify.Framework.BeforeJobDecorator.Run() at Unify.Product.IdentityBroker.QueuedConnectorExecutionProcessorEndDecorator.Run()",Normal
Although it is describing the correct behaviour (an attempt to run a job was made, which required a disabled connector) the way in which it logged it was not useful, and would be worrying for implementers encountering this.
Firstly, this is not an Error, it is either a Warning or possibly information data. Secondly, considering it happens under the covers the logging level might need to be reassessed, as this will fill the logs quickly if the job is left unattended.

SQL Connector timeout
SQL Connector time out after export from FIM.
Restarting IdB service resolves issue so I can import again, but export continues to timeout.
--------------------------------------
Log Name: Application
Source: FIMSynchronizationService
Date: 11/2/2012 8:32:05 AM
Event ID: 6801
Task Category: Server
Level: Error
Keywords: Classic
User: N/A
Computer: IDSYS.widgetcorp.local
Description:
The extensible extension returned an unsupported error.
The stack trace is:
"System.Exception: Error occurred when attempting to save entity with distinguished name
CN=Alex Rujak
Error:
Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open()
at Unify.Framework.Data.DbConnectionExtensions.OpenIfClosed(IDbConnection connection)
at Unify.Framework.Data.SqlServerDataControl.CreateComponent(Boolean factoryInformation)
at Unify.Framework.Data.AdoNetDataControl.ExecuteDataSetQuery(DataSet resultSet, String commandText, IEnumerable`1 parameters, String[] tableNames, CommandType commandType)
at Unify.Framework.Data.AdoNetDataControl.ReturnDataSetQueryT(String commandText, IEnumerable`1 parameters, String[] tableNames, CommandType commandType)
at Unify.Product.IdentityBroker.DirectCommunicatorBase`1.GetEntitiesDataTable(ICollection`1 keyList)
at Unify.Product.IdentityBroker.DirectCommunicatorBase`1.AddEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.DirectReadWriteConnectorBase`1.AddEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.EventNotifierAddingConnectorDecorator.AddEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity)
at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
at SyncInvokeExportChanges(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Forefront Identity Manager 4.1.2548.0"

Database conflicting reference constraint on removal of adapters from config.
When you remove an adapter from the config and restart the service, the following error presents:
Service cannot be started. Unify.Framework.UnifyServerStartException: The DELETE statement conflicted with the REFERENCE constraint "FK_Container_Container". The conflict occurred in database "Unify.FIMIdentityBroker", table "dbo.Container", column 'PartitionId'.
The statement has been terminated. ---> System.Data.SqlClient.SqlException: The DELETE statement conflicted with the REFERENCE constraint "FK_Container_Container". The conflict occurred in database "Unify.FIMIdentityBroker", table "dbo.Container", column 'PartitionId'.
The statement has been terminated.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior run...
Work-around is to go into SQL Server and manually delete items from the entity and partition tables... which is pretty time-consuming

How to build x64 Installers
Do we have any written down instructions or coded examples of what is required to build a x64 installer for a connector for distribution to clients.
I've created a number of connectors in the past, generally starting from an existing connector project and then building from there. One common issue is I've always built to x86. It would be handy, but not essential, to build to x64 given the x64 version of Identity Broker is what most clients I've seen use. So far working out how to get the installer project of any solution I've come across to output a x64 version has eluded me.
Please treat this as very low priority as we can copy the files over. If it a simple task that can be easily documented (or already is documented and I couldn't find it) then it'd be very much appreciated.
An example of a connector I've done some work on would be the Marval one for SSICT. Theres an installer project in the source code repository.

Ability to specify SQL query for CISCO UCM IdB Connector
Hi guys!
Is there any way to override the default queries the Cisco UCM IdB connector presents to the Cisco AXL service? There appears to be two modes of operation:
1. sqlTrust=True communicator option set results in the executeSQLQuery AXL request being sent with "select * from <object>".
2. sqlTrust=False communicator option set results in an AXL "get<object>" request being sent for the specified object. SQL queries are performed internally based on the object requested.
Option 1 returns too few attributes, option 2 is too verbose and when executed on End User objects takes as much time to process 1 user as operation mode 1 does in processing all users in my test environment.
If we could pass any SQL query to the AXL service via the executeSQLQuery AXL request the connector could be customised to return exactly what we need.
The attached files demonstrate the functionality and what is actually being processed by the AXL service when these requests come in. sqlTrust=False causes a heap of unnecessary queries being made to the SQL database by the AXL service, slowing down response.
sqlTrustFalse.txt
sqlTrustTrue.txt

Object class with white-space breaks IDB exports.
Exporting to an adapter with a space at the end of its object class results in the following exception:
The extensible extension returned an unsupported error. The stack trace is: "System.Exception: Error occurred when attempting to save entity with distinguished name CN=2 Error: The given key was not present in the dictionary. at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveAdapterBase`1.ConvertValues(String objectClass, IEnumerable`1 convertedValues) at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.GetConvertedValuesFromSchema(String objectClass, IEnumerable`1 values) at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.<Transform>d__3.MoveNext() at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) at SyncInvokeExportChanges(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) Forefront Identity Manager 4.0.3606.2"
A determination needs to be made about whether FIM adheres to the standard in this regards, specifically as to whether we should validate on the IDB-side for adapter object classes with whitespace.

Change detection logging is a bit confusing
The logging of change detection is a little bit confusing. Consider the following excerpt:
09/Aug/2012 09:13:39
Information
Connector Get entities from connector completed.
Get entities Count:1 from connector chris POS returned 1 entities. Duration: 00:00:00.0005000
09/Aug/2012 09:13:39
Information
Connector Processor Connector Processing started.
Connector Processing started for connector chris POS (page 1)
09/Aug/2012 09:13:39
Information
Connector Processor Connector processing success.
0 entites in cumulative total. Current processing of page 1 for connector chris POS processed 1 entities, finding 1 differences. Duration: 00:00:00.3690000.
09/Aug/2012 09:13:39
Information
Connector Processor Connector Post Processing started.
Connector Post Processing started for connector chris POS. Processed Entities: 1
09/Aug/2012 09:13:40
Information
Connector Processor Connector Post Processing success.
Connector Post Processing completed for connector chris POS. Processed Entities: 1. Matching Entities: 0. Reported Changes: 0. Duration: 00:00:00.1330000
The Post Processing information is correct, but it makes it look like that no changes should exist, even though the one change has been detected as a difference when processing the page. Perhaps it could be clarified by putting page information in the same format, and/or clarifying what post processing means. Since post processing happens afterwards, it looks like the earlier change was not found to be a match.

Error attempting to clear DN field
When attempting to clear a DN value from an entity on an export, the following error appears:
Attempted export:
delete,Manager,reference,"CN=102994,DC=CHRIS21DEMODC",
System.Exception: Error occurred when attempting to save entity with distinguished name
CN=103033,DC=CHRIS21DEMODC
Error:
could not be parsed into a valid DN.
at Unify.Product.IdentityBroker.EntityDistinguishedNameTypeSchemaValidator.CreateValue(Object dataValue)
at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveAdapterBase`1.<>c_DisplayClassf.<ConvertValues>bb(<>f_AnonymousType0`2 item)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArrayTSource(IEnumerable`1 source)
at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.GetConvertedValuesFromSchema(String objectClass, IEnumerable`1 values)
at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.<Transform>d__3.MoveNext()
at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)

SAP error generated when running a full import on Employee connector - Incomplete logon data
When attempting to run a full import on Employee connector the following error is produced:
20110221,03:50:29,Logging Engine,Logging Engine,Information,Log file started.,Minimal
20110221,03:50:29,Change detection engine import all items started.,Change detection engine,Information,Change detection engine import all items for connector Employee Connector started.,Normal
20110221,03:50:31,Change detection engine import all items failed.,Change detection engine,Warning,"Change detection engine import all items for connector Employee Connector failed with reason An error occurred attempting to connect to the SAP system, received : SAP.Connector.RfcLogonException: Incomplete logon data.
at SAP.Connector.Connection.Open()
at Unify.Communicators.SapHRCommunicator.SapHrCommunicator.Open(). Duration: 00:00:01.7187500
Error details:
Unify.Communicators.SapHRCommunicator.SapHrCommunicatorException: An error occurred attempting to connect to the SAP system, received : SAP.Connector.RfcLogonException: Incomplete logon data.
at SAP.Connector.Connection.Open()
at Unify.Communicators.SapHRCommunicator.SapHrCommunicator.Open()
at Unify.Communicators.SapHRCommunicator.SapHrCommunicator.Open()
at Unify.Communicators.SapHRCommunicator.SapHrCommunicator.GetEmployees(String statusType, DateTime startDate, DateTime endDate, String infoType, IEnumerable`1 subTypes, IEnumerable`1 employeeIdRecords)
at Unify.Connectors.SapHrEmployeeConnector.ProcessGetEntities(IEnumerable`1 employeeRecords)
at Unify.Connectors.SapHrEmployeeConnector.GetAllEntities(IStoredValueCollection storedValueState)
at Unify.Framework.ConnectorToReadingConnectorBridge.GetAllEntities(IStoredValueCollection storedValueState)
at Unify.Framework.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues)
at Unify.Framework.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Framework.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.JobBase.Run()
at Unify.Framework.MutexJobDecorator.Run()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
Customer support service by UserEcho