0
Not a bug

An unrecognized critical control was supplied

Bob Bradley 9 years ago updated by anonymous 9 years ago 2

The following error was reported from a FIM import:

Handling of LDAP search request from user hrma on connection 127.0.0.1:51554 targeting OU=HR,DC=IdentityBroker with a scope of WholeSubtree failed with error "An unrecognized critical control was supplied.". Duration: 00:00:00.


From the error log:


20160403,23:58:20,UNIFY Identity Broker,LDAP engine,Error,"Handling of LDAP search request.

Handling of LDAP search request from user hrma on connection 127.0.0.1:63713 targeting OU=HR,DC=IdentityBroker with a scope of WholeSubtree failed with error ""An unrecognized critical control was supplied."". Duration: 00:00:00.",Normal
20160403,23:58:50,UNIFY Identity Broker,LDAP Engine,Information,A client has connected to the LDAP endpoint from address: 127.0.0.1:63741.,Normal
20160403,23:58:50,UNIFY Identity Broker,LDAP engine,Error,"Handling of LDAP search request.

Going by the frequency of the error I believe that it is from the Event Broker agent:

Image 3042

Answer

Answer
Not a bug

Hi Bob,


You're correct, it is being triggered by the FIM Event Broker operation. This is because the mechanism used to check for changes in LDAP/AD has not yet been added as a supported feature in Identity Broker (it's roadmapped). See https://unifysolutions.jira.com/wiki/display/EB32/Identity+Broker+Changes for details on checking for changes in Identity Broker.


Thanks.

GOOD, I'M SATISFIED

Event Broker UI needs to list v5 as an option for the Identity Broker agent.

Satisfaction mark by Bob Bradley 9 years ago
Answer
Not a bug

Hi Bob,


You're correct, it is being triggered by the FIM Event Broker operation. This is because the mechanism used to check for changes in LDAP/AD has not yet been added as a supported feature in Identity Broker (it's roadmapped). See https://unifysolutions.jira.com/wiki/display/EB32/Identity+Broker+Changes for details on checking for changes in Identity Broker.


Thanks.

Thanks Adam - what threw me was that the version dropdown on the Identity Broker agent config didn't list 5.*, and so I figured that this was now legacy and proceeded with a (generic) LDAP agent. I can see that https://unifysolutions.jira.com/wiki/display/EB32/Identity+Broker lists v5 so I now expect this to work, but I wouldn't be surprised if others made the same deduction as me.