FIM/ILM LDIF Service - MaxReceivedMessageSize being surpassed

Tony Sheehy 9 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 5 years ago 5

The MaxReceivedMessageSize is being surpassed for large imports - ~500,000 entities and upwards.

A quick fix is to simply edit the MaxReceivedMessageSize to be its maximum value:

maxReceivedMessageSize = "2147483647"

However, this may only be hiding a more ingrained systematic problem - Why is the IDB Service sending a SOAP message that would surpass the recommended configuration?.

A determination needs to be made about the correct course of action with regards to this behaviour.

Affected Versions:
Fixed by Version:

The easiest way to go about this is to log the entire SOAP messages coming through the LDIF service - this will be achieved with the following config - and view the largest SOAP message:

  <source name="System.ServiceModel" switchValue="Verbose,ActivityTracing">
      <add name="ServiceModelTraceListener"
         type="System.Diagnostics.XmlWriterTraceListener, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089"
<trace autoflush="true" />
      <messageLogging logEntireMessage="true" logMalformedMessages="true"
              logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />

As the received message size has been confirmed to scale with the number of entities - all that should be required is for the IDBFIM documentation to be updated to reflect the additional requirements. This should only be a problem for adapters that should anticipate substantial imports (~500,000 entities or attribute rich entities).

This value can reach 10,000,000 terabytes - which should more than adequetly facilitate the requirements of such potential circumstances.

The only problem to this solution is that it potentially introduces security issues - as defined here

Reassigned for confirmation of correctness/completion.