From Bob Bradley:

Other ideas are ways to avoid user errors during agent/connector config, e.g.
1. AD/ADLDS changes plug-in
Wondering if something similar to the MMC snap-in LDAP query builder could be added to the Event Broker gui? Something perhaps like http://softwaretopic.informer.com/ldap-query-builder/ or http://jxplorer.org/
2. SQL changes, etc. plugins
Similar to LDAP query builder, wondering if there is a SQL query builder? Maybe something like http://redquerybuilder.appspot.com/?

Both AHG and GCCC have plans to upgrade to chris21 v7.5 in the not too distant future. It appears that in the extensive release notes for that version, it is mentioned that some database tables have been changed. Given the current issues at AHG, they have specifically asked us to confirm whether that upgrade will require changes to the Identity Broker solution.

Put the following into my dev environment and the portalAccessMembersDN column did not generate. No errors present. Not urgently required for this project, but would help in efficency down the track.

<adapter name="Multivalue.GenerateDNs"
InputKey="portalAccessMembers"
GroupTarget="portalAccessMembersDN"
groupValueType="Integer">
<dn>
<dnComponent name="Field" attributeType="UID" key="MultivaluePart"/>
<dnComponent name="Constant" attributeType="DC" value="Parent"/>
</dn>
</adapter>

Gold Coast City Council has asked whether an upgrade of Oracle from Version 9 to either 10g or 11g will have any impact on Identity Broker for chris21. It is presumed that there is NO associated upgrade to the chris21 application version.

The field "Telphone" is multivalue, and the following line is being imported:

13,Matthew Clark,1337,"0413371337,0412123123",another@address.com

However, the Telephone value is still being sent to FIM as a single valued field:

dn: CN=859cbd1d-fe77-4cd7-b88d-998f12aae491
objectClass: csvPerson
IdBID: 859cbd1d-fe77-4cd7-b88d-998f12aae491
Key: 13
Name: Matthew Clark
EmployeeID: 1337
Telephone: 0413371337,0412123123
Email: another@address.com

It's pretty easy to miss the fact that you have to update the connector after the schema is updated, a yellow bar similar to that used in the standard warnings above the schema mappings would help this.

The error from Chris21 is passed straight through to the IdB UI and displays the password.
I don't think this is desirable.

Enable the connector to fetch the names of available Chris21 forms on configuration. We could use the scripted dropdown control so that it does not become cumbersome to navigate the hundreds of forms available by default.

Estimate includes restructuring the UI for the required multi-step approach, and research into how to retrieve form details via GTR.

The Service Account user is not created in the Database and therefore the service cannot start. I would expect that the user would be created if the database is being created.

Because of the use of the GetObjectClass method which uses an object's DN to work out which schema it should use, new objects are not found for added entities exported to the adapter. The following error is thrown:

For adds, the adapter should be checking for the presence of the objectClass attribute exclusively (which is present in the LDIF).