0
Fixed

Only validate final adapter schema

Adam van Vliet (Chief Information Security Officer) 6 years ago • updated by anonymous 3 years ago 3

The following error occurs when attempting to make use of a non-LDAP compliant named field, even when the field name will not be part of the final schema (in this case it's used in the dn generator):

System.ArgumentException: new_personid is not a valid LDAP attribute name
Parameter name: attributeName
 at Unify.Product.IdentityBroker.AdapterEntityValueCollectionKey..ctor(String valueName) in c:\workspaces\DEV\IdentityBroker\Source\Entity\Unify.IdentityBroker.Entity.Interfaces\AdapterEntityValueCollectionKey.cs:line 46
 at Unify.Product.IdentityBroker.AdapterEntityValueCollectionKey.op_Implicit(String field) in c:\workspaces\DEV\IdentityBroker\Source\Entity\Unify.IdentityBroker.Entity.Interfaces\AdapterEntityValueCollectionKey.cs:line 176
 at Unify.Connect.Web.AdapterController.SaveFieldDNGenerator(FieldDNComponentGeneratorViewInformation viewInformation) in c:\workspaces\DEV\IdentityBroker\Source\Studio\Unify.Connect.Web\Controllers\AdapterController.cs:line 1444
 at lambda_method(Closure , ControllerBase , Object[] )
 at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
 at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
 at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12()
 at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
 at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
 at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

The schema shouldn't validate this here, especially when the field is only being used in a dn generator.

Affected Versions:
Fixed by Version:

Validation happens at the constructor of the AdapterEntityValueCollectionKey.

How-To fix this:

Issue is two fold; First, the initial problem is that validation is occurring at the AdapterEntityValueCollectionKey itself, which is flat out wrong. That validation needs to happen at the surface area of the adapter schema.

Validation currently happens for these components on Enable. There is a mismatch on how that's enforced in Adapters vs. Connectors. On connectors its through the OperationalConnector event model, while in adapters its a single ValidateAdapterForEnable method (or something to that effect).

Once this validation has been stripped from the key, it should be added to this method. If possible, it would be great to have the validation consistent between Operational Components.