0
Fixed

Password Synchronization not working for Google Apps

Boyd Bostock 2 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 2 years ago 3

Passwords are not being set for newly created users and not being synchronised for existing users.

Does Identity Broker need to be configured to use Secure LDAP to synchronise passwords?

I have attached a packet trace and believe the LDAP BIND requests are attempts to synchronize the password.


Affected Versions:
Fixed by Version:

Answer

Answer
Fixed

Hi Boyd

I've created a patch that should fix this issue. Place it in the installDir\Services directory, restart the service and reattempt the password sync operations. Let me know if you have any issues.

Unify.IdentityBroker.LDAP.Engine.dll

Not a bug

Hi Boyd,

There is nothing in Identity Broker that prevents password synchronization without TLS enabled. Are you using the Identity Broker for Microsoft Identity Manager management agent? As part of the ECMA2 protocol it reports the security level of the connection to MIM, specifying Secure only if TLS is enabled. How have you configured the Management Agent? On the Configure Extensions tab, under the Password management section there is a Settings... button which lets you configure whether to require a secure connection. If you haven't configured TLS, make sure this setting is disabled.


Hi Curtis

I have tried un-selecting the requirement for a secure connection and enabling TLS and both changes result in the following error continually appearing in the logs:

Handling of LDAP bind request received on connection 127.0.0.1:55091 to connect as user IdBLDAP completed successfully. The bind was successful. Duration: 00:00:00.1092003.",Normal

20170116,21:42:35,UNIFY Identity Broker,LDAP engine,Error,"Handling of LDAP extended request.
Handling of LDAP extended request from user IdBLDAP on connection 127.0.0.1:55090 failed with error ""Object reference not set to an instance of an object."". Duration: 00:00:00.4056210.",Normal
20170116,21:42:35,UNIFY Identity Broker,LDAP Engine,Error,"An error occurred on client from 127.0.0.1:55090. More details:
Internal Server Error #11: System.NullReferenceException: Object reference not set to an instance of an object.
at Unify.Product.IdentityBroker.RequestHandlerValidator`2.ValidateEntityExists(TRequestType request, Boolean failIfFound, IAdapterEntity& entity, TResponseType& errorResponse)
at Unify.Product.IdentityBroker.PasswordModifyExtendedRequestHandler.<HandleRequest>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__a.MoveNext()",Normal


Answer
Fixed

Hi Boyd

I've created a patch that should fix this issue. Place it in the installDir\Services directory, restart the service and reattempt the password sync operations. Let me know if you have any issues.

Unify.IdentityBroker.LDAP.Engine.dll

Passwords are now synchronizing to Google.