0
Completed

Investigate handling of inconsistent casing in container objects

Matthew Clark 13 years ago in UNIFYBroker/Microsoft Identity Manager updated by anonymous 8 years ago 9

QDET-97, IDBSP-29, IDBSP-36 and IDBFIM300:The distinguished name and reference value attributes of a management agent seem to change case inexplicably all detail issues that arise due to inconsistent casing in container objects retrieved from a target system, usually where the key field is a self-reference (such as Microsoft SharePoint). Microsoft FIM does not handle inconsistently cased container objects with great finesse, prompting the renaming and updating of all reference value fields and distinguished names in a connector space. Investigate if any appropriate measures can be introduced on the Identity Broker side to alleviate or address this issue.

Hi Matthew,

Would it be possible to create an overload of IAdapter.GetAllEntities that takes a new container factory type? This would allow a different implementation of ContainerContextHandlerBase.ProcessSeenDN that uses allSeenDns to check for case changes and throw an exception.

Thanks.

This does look like the right place to put something like this. It would be preferable if it did this check and threw an exception with a list of inconsistent containers, rather than just failing one at a time.

Reducing remaining estimate as the Identity Broker component will just involve the addition of this new container handler. IDBFIM-13 will also address this with documentation, so the issue should be sufficiently covered.

Consider having optional parameter passed through from the FIM Adapter that can force this behaviour.

This would best be configured by providing an option on the UI for each adapter, rather than having this passed over on every call to the LDIF adapter. This would be put in the same location as the reflection settings.

Updating remaining estimate

Scope of work too large for Beta. Documentation from IDBFIM-13 should adequately address in the mean time. Moved to v4.1

Given the time that this issue has been endured without significant problem, it is obviously not functionality that is desperately needed. With a sufficient understanding of FIM, the documentation seems to suffice to overcome this issue. This will also change for the use of the LDAP protocol moving forward.

Marked as Resolved - Won't Fix.

Confirmed or migrated to VSO.