0
Not a bug

Active Directory User Connector Failed to Import at Monash Health

Rizwan Ahmed 9 months ago in UNIFYBroker/Microsoft Active Directory updated by Matthew Davis (Technical Product Manager) 4 weeks ago 11

Hi, 

Monash Health  reported an issue with AD user creation. 

Following is the product installed, there have been no recent changes to the configuration.

UNIFYBroker v5.3.2 Revision #0

Plug-in Version Details
Plugin Key Version
Microsoft Active Directory 5.3.0.0
Chris21 Connector 5.3.0.0
Sync Changes 5.3.0.2
Plus Change Tracking 5.3.0.2
Connections 5.3.0.2
Links 5.3.0.2
Link Statistics 5.3.0.2
Lockers 5.3.0.2
Locker Statistics 5.3.0.2
Provisioning 5.3.0.2
Plus 5.3.0.2

Answer

Answer

The otherMobile attribute was causing when importing data from Active Directory. We have updated the attribute from String to Multi Valued String. The sync job is running at the moment the data appears to be fine, will check in few hours if mentioned accounts are created.

Error details:

System.AggregateException: One or more errors occurred. ---> Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Object[] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.

Under review

Hi Rizwan,

What's the issue being reported?

at per the logs at this stage system is failing to perform full import.

at per the logs at this stage system is failing to perform full import.

Okay, thanks. Are you able to share any of the investigation steps done so far to determine if it's a product issue or a configuration / environment issue? You mention above that there have been no recent changes to the configuration - have there been recent changes to the product installation? Or any customer AD changes that may have triggered the problem?

Disabled all the connectors and adapters, copied the AD connector and performed import to isolate the issue. We have not updated the configuration of the product. On clients AD side we are not aware of any major changes.

Can you validate the AD side of things? If the configuration and product haven't changed in a while, the code wouldn't have just stopped working all of a sudden. Check the schema and data being returned with an LDAP tool to see whether it's expected

In a process of checking which tools can be installed on the box. 

However, the exception was System.InvalidCastException: Object must implement IConvertible. which might have been reported before may be from another client.

Change detection engine import changes for connector AD Test Connector failed with reason One or more errors occurred.. Duration: 00:00:12.4491780
Error details:
System.AggregateException: One or more errors occurred. ---> Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Object[] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.
at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
--- End of inner exception stack trace ---

Unfortunately no other reports from other customers. 

At a quick glance, it looks like there might be a multivalue attribute being returned and because Broker has a string field configured as the schema type, it can't unpack the value. 

Given you've cloned the connector, I'd recommend removing the schema rows one by one off the connector and then attempting an import until it no longer throws an error. This will tell you which schema field is causing the problem and assist in your troubleshooting.

Check the 'info' or 'comment' field - it's MV in AD but I think I configured it as SV in the solution.  It's used to let admins disable UNIFYConnect managing the account enable/disable flag.

Answer

The otherMobile attribute was causing when importing data from Active Directory. We have updated the attribute from String to Multi Valued String. The sync job is running at the moment the data appears to be fine, will check in few hours if mentioned accounts are created.

Error details:

System.AggregateException: One or more errors occurred. ---> Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Object[] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.