0
Answered

Export from FIM EmployeePosition Placeholder into EmployeePosition Placeholder Adapter result in error

Shane Lim 8 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 4 years ago 5

I have a EmployeePosition Connector that has two keys specified, employee_code and position_no.
In the EmployeePosition Adapter configuration I did not specified the <dnComponent> as I cannot find any documentation on how this would be achieved such that FIM will see all the object coming through this adapter as unique objects. Thus is left it to the default GUID to be generated.

I also have a Position Placeholder Connector and Adapter for Provisioning (exporting) the EmployeePosition objects from the EmployeePosition Adapter into it so that it could be used to generate the Positions membership and other multi-values attributes.
The Position Placeholder Connector is using the same two keys as in the Position Connector, employee_code and position_no.
The Position Placeholder Adapter configuration using the default GUID as <dnComponent>

  • I can bring the bring the EmployeePosition Adapter data into FIM EmployeePosition MA Connector Space successfully
  • I can synchronise FIM EmployeePosition MA Connector Space to FIM EmployeePosition Placeholder MA Connector Space successfully.
  • However when I perform the FIM Export on EmployeePosition Placeholder MA I got the below error.
20110404,05:19:12,Adapter request to save entity to adapter space.,Adapter,Information,Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d.,Normal
20110404,05:19:12,An entity failed validation.,Adapter,Warning,The entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 on connector b112daa3-e9aa-43a8-9615-2c20626dddc6 failed validation 1 times for the following reasons: EmployeeCode is a required field and is not present.,Normal
20110404,05:19:12,Adapter request to save entity to adapter space failed.,Adapter,Warning,"Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d failed with reason 1 items failed schema validation during Adapter operation.  Check log for validation errors.. Duration: 00:00:00.0341775
Error details:
Unify.Framework.AdapterSchemaException: 1 items failed schema validation during Adapter operation.  Check log for validation errors.
   at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
   at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
   at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity)
   at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entityToSave)
   at Unify.Framework.LDIFAdapter.ExportAdapterEntity(IAdapterEntity adapterEntity, Guid adapterId)
   at Unify.Framework.LDIFAdapterServiceHostDecorator.ExportAdapterEntity(IAdapterEntity adapterEntity, Guid adapterId)
   at SyncInvokeExportAdapterEntity(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)",Normal

When Codeless Framework configuration for provisioning to the EmployeePosition Placeholder is

   <ma name="Positions Placeholder">
      <systemtype>IdentityBroker</systemtype>
      <datasource>
        <connectionString>HTTP://localhost</connectionString>
        <Port>59999</Port>
        <UserName></UserName>
        <Password></Password>
      </datasource>
      <provisioning enabled="true"/>
      <deprovisioning enabled="true"/>
      <cs-deletes-enabled enabled="true"/>
      <cd-deletes-enabled enabled="false"/>
      <object type="Position" csobjecttype="person" anchorattribute="dn">
        <provisioning>
          <enabled>true</enabled>
          <dnprefix>UID=</dnprefix>
          <allowfilters switch="or">
                <filter priority="1">
                  <attribute>PositionTile</attribute>
                  <compareType>ne</compareType>
                  <compareValue>Casual</compareValue>
                </filter>
          </allowfilters>
          <defaults>
            <default name="EmployeeCode">
              <type>csentry</type>
              <attribute>EmployeeCode</attribute>
              <value>EmployeeCode</value>
              <mvaction></mvaction>
            </default>
            <default name="PositionNumber">
              <type>csentry</type>
              <attribute>PositionNumber</attribute>
              <value>PositionNumber</value>
              <mvaction></mvaction>
            </default>
            <default name="IdBID">
              <type>csentry</type>
              <attribute>IdBID</attribute>
              <value>IdBID</value>
              <mvaction></mvaction>
            </default>
          </defaults>
            <uniquename>            
              <namerule priority="1">    
                <maxlength>64</maxlength>
                <minlength>1</minlength>    
                <pad-with></pad-with>        
                <namecomponent priority="1">
                  <type>attribute</type>        
                  <value>IdBID</value>        
                  <attributeseparator></attributeseparator>    
                  <pad-with></pad-with>                        
                  <maxlength>64</maxlength>    
                  <minlength>1</minlength>        
                  <alphanumericsonly>true</alphanumericsonly>        
                </namecomponent>                    
              </namerule>            
              <datasource-attributename></datasource-attributename>
              <verify-against>
                  <connectionString></connectionString>    
                  <Port></Port>    
                  <UserName></UserName>    
                  <Password></Password>
              </verify-against>        
            </uniquename>            
        </provisioning> 
.
.
.

The Identity Broker for Empower Connectors and Adapter configuration file attached. Attached also the Codeless Framework configuration file to Provisioning of the "Position Placeholder" MA.

The Identity Broker error log file is also attached.

Peter, would you be able to assist with this issue. Perhaps this is best to obtain the help from the Product team.

Affected Versions:
Fixed by Version:

I have made further progress....

By creating a "brand new" EmployeePositions Placeholder MA and configured out I am new getting a new error during the Export on EmployeePositions Placeholder MA. The error report by FIM is

System.InvalidOperationException: MA property not supported.
   at Microsoft.MetadirectoryServices.Impl.CSEntryMAImpl.get_MA()
   at Unify.Framework.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
   at Unify.Framework.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)

Interestly, in the Identity Broker log, it did not report any error. In fact it indicated that the object is created.

20110404,07:05:58,Adapter request to save entity to adapter space.,Adapter,Information,Adapter request to save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d.,Normal
20110404,07:05:58,Request to save entity to connector.,Connector,Information,Request to save entities [Count:1] to connector Placeholder Positions Connector.,Normal
20110404,07:05:58,Save entities to connector completed.,Connector,Information,Save entities [Count:1] to connector Placeholder Positions Connector reported 1 entities saved. Duration: 00:00:00.0009766,Normal
20110404,07:05:59,Adapter save entity to adapter space succeeded.,Adapter,Information,Adapter save entity 17ece84f-6e81-4ecd-9f3e-aa06faf84be1 to adapter space c17d93f7-ad7c-4a4a-aded-892125a3731d succeeded. Duration: 00:00:00.4697446,Normal

In addition, performing the Connector entity search and Adapter entity search did show that the object is created with the correct UID, EmployeeCode, PositionNumber and other details.

Any advise/help would be much appreciated.

Shane,

This error is covered in section 8.3 of the Identity Broker for Microsoft Lifecycle Manager 2007 v3.0.0 guide https://unifysolutions.jira.com/wiki/download/attachments/2490808/Identity+Broker+for+Microsoft+Identity+Lifecycle+Manager+Administrators+Guide+v3.0.0.pdf. Did you search of JIRA uncover this document?

DN generators are covered at IDB306:Distinguished Name generators.

You need to either supply the IdBID at time of provisioning, and make the DN UID=IdBID when you provision with the Codeless Framework.

The error does not occur in Identity Broker as it is not an Identity Broker error. The error exists in the xMA in which FIM/ILM does not allow a DN of an object being provisioned to be changed at that point.

Hi Shane,

I only searched for "MA property not supported" and "ExportEntry" on Jira.

I have found the issue and it is now resolved.

The issue is that for the uniqueName node for the <defaults>, the <alphanumericsonly> was set to true instead of false, this in turn removed all the "-" characters that is part of the IdBID.

Thank you for your help.