0
Fixed

FIM/ILM LDIF Service - MaxReceivedMessageSize being surpassed

Tony Sheehy 13 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 9 years ago 5

The MaxReceivedMessageSize is being surpassed for large imports - ~500,000 entities and upwards.

A quick fix is to simply edit the MaxReceivedMessageSize to be its maximum value:

maxReceivedMessageSize = "2147483647"

However, this may only be hiding a more ingrained systematic problem - Why is the IDB Service sending a SOAP message that would surpass the recommended configuration?.

A determination needs to be made about the correct course of action with regards to this behaviour.

Assigned to Tony.

The easiest way to go about this is to log the entire SOAP messages coming through the LDIF service - this will be achieved with the following config - and view the largest SOAP message:

<system.diagnostics>
<sources>
  <source name="System.ServiceModel" switchValue="Verbose,ActivityTracing">
    <listeners>
      <add name="ServiceModelTraceListener"
         initializeData="c:\MyTracelog.svclog"
         type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
         traceOutputOptions="Timestamp"/>
    </listeners>
  </source>
</sources>
<trace autoflush="true" />
<system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logMalformedMessages="true"
              logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
    </diagnostics>
</system.serviceModel>

As the received message size has been confirmed to scale with the number of entities - all that should be required is for the IDBFIM documentation to be updated to reflect the additional requirements. This should only be a problem for adapters that should anticipate substantial imports (~500,000 entities or attribute rich entities).

This value can reach 10,000,000 terabytes - which should more than adequetly facilitate the requirements of such potential circumstances.

The only problem to this solution is that it potentially introduces security issues - as defined here

Reassigned for confirmation of correctness/completion.

Confirmed. Thanks.