0
Answered

On the Container search - receive Unable to get the hierarchy from the LDAP server.ExtensibleExtensionException: (87) Filter Error Server Message: The search filter is invalid

André van der Westhuizen 7 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 6 years ago 2

Created a new Adapter in Identity Broker for the Department with a DN - CN=Name,OU=Group. The objectclass is ADVDepartment.

The Adapter is created successfully and the Processed Entity Count is 16.
I create the Generic LDAP (Microsoft) MA successfully and could import the objects.

When I select the Containers from the Configure Partitions and Hierarchies pane off the MA properties I receive the following errors:

The error in the Event viewer is:

The extensible extension returned an unsupported error.
 The stack trace is:
 
 "Microsoft.MetadirectoryServices.ExtensibleExtensionException: Unable to get the hierarchy from the LDAP server.ExtensibleExtensionException: (87) Filter Error Server Message: The search filter is invalid. Matched DN: RootCauseException:  ---> System.DirectoryServices.Protocols.LdapException: The search filter is invalid.
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at Microsoft.IdentityManagement.Connector.GenericLdap.Channel.DirectoryContext.GetDirectoryEntries(String namingContext, SearchScope scope, DirectoryControlCollection directoryControls, String filter, String[] attributes)
   at Microsoft.IdentityManagement.Connector.GenericLdap.Proxy.HierarchyProxy.GetHierarchy(HierarchyNode parent, LdapDirectory directoryName)
   at Microsoft.IdentityManagement.Connector.GenericLdap.ConfigStrategy.GetHierarchy(HierarchyNode parent)
   at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.GetHierarchy(KeyedCollection`2 configParameters, HierarchyNode parent)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityManagement.Connector.GenericLdap.ExceptionManager.ExceptionHelper.MapExceptionType(Exception exception)
   at Microsoft.IdentityManagement.Connector.GenericLdap.ExceptionManager.ExceptionHelper.SetConnectorException(Exception baseException, String errorMessage, String distinguishedName)
   at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.ReportErrorToSyncService(String errorMessage, Exception exception)
   at Microsoft.IdentityManagement.Connector.GenericLdap.GenericLdapConnector.GetHierarchy(KeyedCollection`2 configParameters, HierarchyNode parent)
Forefront Identity Manager 4.1.3599.0"

screenshot-1.png
Affected Versions:
Fixed by Version:

Resolved.

This is a bug in FIM that only allows the container window to populate for object classes in a pre-defined list.

Unless an OU below the adapter is required to be targeted, the window is not necessary. If OU targeting is required, either do so through filters, or use the UNIFY provided MA (when it is made available).