0
Declined

Cannot create a DN in the format UID=-12345

Bob Bradley 2 years ago • updated by anonymous 2 years ago 4

It would be great to be able to extend the definition of a valid IdB DN to include the "-".

The following error is raised when attempting to export a new record to an underlying SQL entity via IdB4:

Log Name:      Application
Source:        FIMSynchronizationService
Date:          13/04/2017 3:07:52 PM
Event ID:      6801
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CENTRELINK-FIM.unifyfim.unifytest.local
Description:
The extensible extension returned an unsupported error.
 The stack trace is:
 
 "System.Exception: Error occurred when attempting to save entity with distinguished name

UID=-281283620

Error:

1 items failed schema validation during Adapter operation.  Check log for validation errors.
   at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities)
   at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities, EntityToConnectorEntityBridge[]& backwardAdapterEntities)
   at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities)
   at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity)
   at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity)
   at Unify.Product.IdentityBroker.LDIFAdapterBase.HandleExportAdd(IAdapter adapter, IAdapterEntitySaveChange pendingAdd)
   at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
   at SyncInvokeExportChanges(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
   at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
   at Unify.Product.IdentityBroker.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Forefront Identity Manager 4.0.3732.2"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="49152">6801</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-04-13T05:37:52.000000000Z" />
    <EventRecordID>2307483</EventRecordID>
    <Channel>Application</Channel>
    <Computer>CENTRELINK-FIM.unifyfim.unifytest.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>System.Exception: Error occurred when attempting to save entity with distinguished name

UID=-281283620

Error:

1 items failed schema validation during Adapter operation.  Check log for validation errors.
   at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities)
   at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities, EntityToConnectorEntityBridge[]& backwardAdapterEntities)
   at Unify.Product.IdentityBroker.Adapter.AddEntities(IEnumerable`1 entities)
   at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity)
   at Unify.Product.IdentityBroker.AdapterNotifierDecoratorBase`1.AddEntity(IAdapterEntity entity)
   at Unify.Product.IdentityBroker.LDIFAdapterBase.HandleExportAdd(IAdapter adapter, IAdapterEntitySaveChange pendingAdd)
   at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
   at SyncInvokeExportChanges(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
   at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
   at Unify.Product.IdentityBroker.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Forefront Identity Manager 4.0.3732.2</Data>
  </EventData>
</Event>

I don't see why this should be an invalid DN - e.g. it is perfectly acceptable in ADLDS.

The reason for wanting to do this was in a test scenario where I need to enforce uniqueness so I don't clash with an existing range of identities - so flipping the sign was the simplest way to achieve this.

In the end I was able to come up with another way of generating a unique ID, but I thought this deserved consideration anyhow.

Affected Versions:
Fixed by Version:

Answer

-1
Answer
Declined

Closed, not enough information provided.

Under review

Hi Bob,

I note that the error states "1 items failed schema validation during Adapter operation. Check log for validation errors.". Could you please attach the relevant logs so we can check the validation error? I'm not sure this is related to the distinguished name.

Sorry Curtis I can't do that - this is from too long ago now and rolled off the logs, and the environment has progressed to UAT testing with the customer so I can't spend a couple of hours now recreating the scenario. The problem was surfaced on export (ADD) from FIM attempting to create a new connector entry where the DN would have been in the above format - adds only failed when there was a '-' present (succeeded 100% of the time otherwise).

-1
Answer
Declined

Closed, not enough information provided.