Organization profile connector hindered by read-only nature of record IDs
It appears the organization profile connector currently only works in environments where OUs are added sequentially with sequential IDs.
SharePoint has a “RecordId” field which is a unique identifier for an organization profile. This is also used to manage the hierarchy, with organization profiles having a parent property which contains the RecordId of the parent. However, this field is readonly in SharePoint, meaning that we have no control over its value, and to ensure the hierarchy is correct, the parent values would need to be updated for the organization profiles after an initial export. Currently, the mapping is only correct if SharePoint happens to generate an ID which is the same as the one from the source system.
The connector must be revisited to handle this behaviour.
Current work is around testing the addition of two fields to SharePoint and the FIM metaverse for handling this mapping as follows, making use of the export control of reference values. From an earlier email:
The issue of course here is that the record ID is not known prior to the creation of the organization in SharePoint, and a two-pass approach is required. However, if the field was configured as a reference instead you could assume that you would have already exported the parent and have its correct SharePoint ID, meaning you wouldn’t have to do all your adds and then all your updates on a second FIM export. This would, however, mean that the solution would need to configure the hierarchy as a reference (if it hadn’t already). In order for joins to work successfully, we’ll likely need to flow this information back into the MA.
Conversation with Adam van Vliet Matthew Clark.msg
IDBSP-44 - Attribute Flows in SharePoint Org MA.png
Customer support service by UserEcho
Attached adapter and connector engine config from demo machine for Richard. Screenshot attached of FIM flows for test MA
New development release uploaded to https://unifysolutions.jira.com/wiki/display/SUBIDBSP/Downloads for Richard to confirm functionality.
Assigned to Richard for feedback
The null exception discussed on skype the other day is still appearing whenever I attempt to import organisations.
The error is
I have tested this on my previous VM, an early snapshot of that VM and now a fresh install of Windows, SQL Server and SharePoint and all systems have encountered the same error. (The updated WSP is installed)
As far as configuratiom, Sharepoint is a base install with the exception being I added the AD admin to the users list. That said, the local admin of that system has also been tested and had the same error.
Besides that I've added the attribute 'IdMProfileReference' to the organisation schema with a type string (as per the connector configuration above).
Additionally I have tested the schema discovery plugin in identity broker and that functions fine, I can retrieve the organisations schema, and also tested using the generated code to perform an import before receiving this same error.
Lastly, the user profile search still functions, I have a single administrator user that is returned.
I'm going through the event viewer and can find no issues on the SharePoint system...the Security Audits are shown as being successful and theres no errors I can see to indicate anything going wrong on the SharePoint server. I'll continue to investigate.
This may be relevant, but the configuration is as follows
IDM Products (FIM, IDentity Broker)
Idm SQL Server instance
SharePoint Server (installed using a local admin account, with the domain admin granted access via the administrative interface after install)
Sharepoint SQL Server instance
I am having a look at the wcf service, but it certainly appears that the SharePoint API is returning the wrong thing (as discussed the other day).
Please have a look through the SharePoint logs (I think they are in c:\Program Files\Common Files\Microsoft Shared\web server extensions\14\LOGS).
I will keep looking on my end, and I'll let you know if I find anything.
Recent entries included. See below for the bit of interest where a request did fail. I'll need to look into that further.
going to look into the meaning ot
Richard, with the fresh install of SP, did you start fresh, with a fresh database?
Have you ever had it work? As the part that is failing hasn't been changed since it was released as a candidate.
It is a fresh database.
The existing VM, which I blew away as I didn't have space for it if I was going to try a fresh one, worked for a period minus the issue that I couldn't set the RecordID. I havent tested this VM with the older release, only the dev copy Matt provided. I'm currently looked at IIS and anything else that may cause issues security wise, nothing has come up yet but I'll continue to investigate.
From IIS Logs. A User full import followed by an organisation full import
I take it that the final line there is a HTTP 500 error, eg Internal Server Error
Were you able to add WCF trace to the SharePoint service?
Richard, this is a test version that will hopefully tell us which object is causing the problem.
Hi, I've installed that component. How do I go about using it.
And for the previous response, I hadn't enabled tracing at that time, looking into it now
Just as before, it just checks if a few key objects are null and if they are the exception will tell us which one.
Appears to be as before.
Hrm, don't even know how that is possible.
I'm going to reboot the sharepoint server and see if that helps. I looked in the GAC etc at when the last update occured and it matched when I ran the update, however I'll reboot in case anything weird is being cached. Did try an IISRESET.
I upgraded it by:
Attached new Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp, with additional error messages. I would be very surprised if this doesn't help track down the error!
The stored procedure to look for if you run a database trace is dbo.Profile_EnumProfiles.
As discussed, a wcf trace on the SharePoint service may also give us additional details, as should the additional logging I've added to the service.
Firstly, I've updated the connector to Mondays 184.108.40.206 release. I didn't realise that was available, possibly due to a mistake on my part. Until now I was on the 220.127.116.11 sharepoint connector uploaded on Friday.
I've also updated the WSP file to the latest provided in the comment above and the error message is slightly different. There is a "3 ---->" included before the null exception.
also differs to what I previsouly had, which was previously
Full error is:
I'm yet to do the DB trace, will look at it in the morning
Attached new Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp.
Sorry, silly mistake with exception handling. That error doesn't help me.
From the database, monitoring RPS:Starting and RPC:Completed the following queries run
The above returns two sets of results in SQL Server, the first is a single Column labelled "RecordID" with two rows, '1' and '2' respectively.
The second set is a single row with two unnamed columns with the values '1' and '2' respectively. These values correspond to the RecordIDs of the two organisations I have.
The next query is:
This returns the information of the root organisation (which is RecordID = 1). The UserProfile_GUID, PreferredName and IdMProfileReference attributes are the three returned
Notable here is there is no query that I can see being performed to return the data for the second organisation, eg RecordID = 2. I manually ran that second query with the RecirdID set as 2 and got the data for that organisation as I would expect.
Attaching the database table that has the org structure.
When we discussed this with Matt last week, he suggested changing the ParentType to be the same as the ProfileSubtypeID and the Parent to be the same as the Record ID for the root organisation.
He was off site and presumably had no access to his system, however I just want to highlight that a default install has a NULL ParentType for the root and a parent of -1. Attached the convo also.
It may just be things getting lost due to not being at the PC, but have any incorrect assumptions been made about the state of the root node that could effect the solution?
Matthew's comment was questioning whether your database had the values that match what a fresh install would have. There may be other issues with the WCF endpoint, but the point is that it's failing before we get a chance to do anything as something is coming back null from the SharePoint API that shouldn't.
Appears to be the same error.
Attached new Unify.Connectors.SharePoint.SharePoint2010WCFService.wsp where there is separate error handling and null checks for pretty much every line of code involved.
The following queries appear to be running in a loop, except that the correlationId is changing with each block of 7 queries.
Code that has been confirmed to work (dev), has been pushed to the repo. Now needs to be regression tested due to the change in logic.
Matthew to look at fixing up the parameter names also.
The parameter names have been updated and the service contract has been updated in the communicator. Imports perform as expected. Exports are still also working well on my local machine.
I have uploaded the latest development builds of the connector, WCF service, and Connector Configuration Plug-In to the SUBIDBSP:Downloads page. Note that the WCF service will need to be redeployed to SharePoint in order for the connector and the Configuration plug-in to work correctly.
Organization profiles are importing and baselining correctly in SharePoint, with Event Broker able to rectify any profiles who are missed with an "exported-change-not-reimported" error (as expected).
To be logged elsewhere, the following error was encountered when the IdBID was provisioned. Note that Organization Profile is not a ModifyAnchor connector:
System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: Object reference not set to an instance of an object. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.NullReferenceException: Object reference not set to an instance of an object.
at Unify.Framework.EventNotifierModifyAnchorConnectorDecorator.ModifyAnchor(MultiKeyValue oldKey, MultiKeyValue newKey)
at Unify.Framework.Adapter.<>c_DisplayClass34.<CheckAnchorChangeOnSave>b_2f(KeyValuePair`2 keyValue)
at Unify.Framework.Visitor.<>c_DisplayClass1`1.<Visit>b_0(T item, Int32 index)
at Unify.Framework.Visitor.VisitT(IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Framework.Visitor.VisitT(IEnumerable`1 visitCollection, Action`1 visitor)
at Unify.Framework.Adapter.CheckAnchorChangeOnSave(IEntitySchema connectorSchema, IEnumerable`1 entitiesToSave, IEntityPartitionUpdatableContext connectorContext, IEnumerable`1 entityIds)
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
This occurred where RecordId was set to the key.
Can this issue be closed?
With the above error, is it a documentation issue, a bug, or a place for a better exception message? Could you please create the issue most appropriate?
IDB-295for investigating the other issue, but as far as I'm concerned this is working appropriately. Marking as resolved and assigning to Richard for confirmation.
Everything appears to be working fine. Closing