entryUUID Missing from Delta Imports

Richard Courtenay 9 years ago updated by anonymous 9 years ago 11

This issue is a follow on to the now resolved https://unifysolutions.jira.com/browse/IDB-1216

What I'm finding is that if I provision an entry to UNIFY Identity Broker, and then perform a delta import, the entryUUID is not in the list of values returned. This then results in FIM throwing an exported-change-not-reimported error. If however a full import is performed, the entryUUID is present.

Generally this likely won't matter if the entryUUID isn't explicitly being used, but it is an issue if the adapter DN is UID=@idBID and you thus need to set the UUID (as the previously linked to issues final post implies)

I've captured some screen shots of the error and behaviour of delta and full imports

Performing a full sync preview which triggers provisioning that sets some defaults, as well as applies some flows

Export to occur, including the entryUUID (set so that I could also control the DN, pictured)

Errors resulting from a delta import performed after the export (there was a 1 minute gap between the export and running this import)

Missing attribute

What the delta Import brought in

Finally running a full import, which has the entryUUID present

I'd expect that deltas should bring in the entryUUID following a provision. To reproduce it I don't think you necessarily need to be using the entryUUID as part of the DN for the adapter, just select on the MA that as an attribute to be read into FIM and then provision a new record and follow it up with a delta import.

ACTH-197 uuid fix.zip

Hi Beau Harrison, could you please take a look at this one?

Hi Richard,
I've attached a zip with two DLLs that should fix this issue.

  • Place Unify.IdentityBroker.LDAP.Engine.dll in the IdentityBrokerInstallDir\Services directory and restart IdB.
  • Unify.IdentityBroker.FIMAdapter.dll should be placed in FIMInstallDir\2010\Synchronization Service\Extenstions directory. As long as the new one is named the same as the dll you created your MA with you wont need to remake your management agents.

Hi Beau Harrison,
I think that's working correctly. My lab has two Identity Broker instances (one local, one on a second server) and after patching both Identity Broker instances the delta imports look to be brining in the entryUUID which has removed the exported-change-not-reimported errors I would get. After doing a delta import and delta sync, the next full import also had 0 changes as I would expect if no other modifications had been made.

I'll assign this back to you in the event theres more work around this to integrate with the next build. I'm away on five weeks leave, so I probably won't be around to contribute any more feedback to this one until after the 20th July.

v5.0.2 has been released containing a fix for this issue. Thanks.

Been performing some testing of this following installing 5.0.2 and deltas aren't bringing in the entryUUID for newly created records.

In deploying the change, I deleted my Identity Broker 5.0.1 install and all files other than the extensibility configuration files and did a reinstall. As a result I don't have a Unify.IdentityBroker.LDAP.Engine.dll file in my Identity Broker base directory any more since I assume the functionality is integrated with the build?

I didn't notice any updates for Identity Broker for Microsoft FIM to coincide with the Unify.IdentityBroker.FIMAdapter.dll file attached to this case, so I left that at the version supplied in this case. Should I be rolling that back to the 5.0.1 build?

FIM server has been rebooted as part of this.

Hi Richard Courtenay

I'm afraid while the fix was made it was unintentionally left out of the v5.0.2 build. You'll have to continue using the Unify.IdentityBroker.LDAP.Engine.dll from the previous patch for now. The next release of Identity Broker will definitely have this issue resolved. We'll keep you posted on when this will be made available.

Hi Beau Harrison,

Thanks for the notice. As an FYI, I was talking with Adam van Vliet via email a few days back and this case was set to "resolved in 5.0.2" and included in the release notes for that release. I imagine that'll need to be changed.

To check, I'll also need to use the updated Adapter DLL included in this case?

Hi Richard Courtenay, I've fixed up the release to include this dll. I've also done the Adapter release.

Thank you for your assistance and patience.

Just tested the latest build over three development installs and delta imports appear to be working well in each.