0
Fixed

FIM/ILM LDIF Service - MaxReceivedMessageSize being surpassed

Tony Sheehy 9 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 5 years ago 5

The MaxReceivedMessageSize is being surpassed for large imports - ~500,000 entities and upwards.

A quick fix is to simply edit the MaxReceivedMessageSize to be its maximum value:

maxReceivedMessageSize = "2147483647"

However, this may only be hiding a more ingrained systematic problem - Why is the IDB Service sending a SOAP message that would surpass the recommended configuration?.

A determination needs to be made about the correct course of action with regards to this behaviour.

Affected Versions:
Fixed by Version:

The easiest way to go about this is to log the entire SOAP messages coming through the LDIF service - this will be achieved with the following config - and view the largest SOAP message:

<system.diagnostics>
<sources>
  <source name="System.ServiceModel" switchValue="Verbose,ActivityTracing">
    <listeners>
      <add name="ServiceModelTraceListener"
         initializeData="c:\MyTracelog.svclog"
         type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
         traceOutputOptions="Timestamp"/>
    </listeners>
  </source>
</sources>
<trace autoflush="true" />
<system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logMalformedMessages="true"
              logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
    </diagnostics>
</system.serviceModel>

As the received message size has been confirmed to scale with the number of entities - all that should be required is for the IDBFIM documentation to be updated to reflect the additional requirements. This should only be a problem for adapters that should anticipate substantial imports (~500,000 entities or attribute rich entities).

This value can reach 10,000,000 terabytes - which should more than adequetly facilitate the requirements of such potential circumstances.

The only problem to this solution is that it potentially introduces security issues - as defined here

Reassigned for confirmation of correctness/completion.