Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
ArgumentNullException
The following error was displayed when creating an IDB Agent for Chris 21 without specifying a "Chris 21 Username" or "Chris 21 Password"
Error System.ArgumentNullException: Value cannot be null. Parameter name: value at System.Xml.Linq.XAttribute..ctor(XName name, Object value) at Unify.Product.IdentityBroker.Chris21AgentInformationAdapter.Transform(IChris21AgentInformation sourceValue) at Unify.Product.IdentityBroker.Chris21AgentInformationExtensions.TransformConfiguration(IChris21AgentInformation agent, ILogCommunicatorInformation logCommunicator, IHttpCommunicatorInformation httpCommunicator, Chris21AgentInformationAdapter agentInformationAdapter, LogCommunicatorInformationAdapter logCommunicatorInformationAdapter, HttpCommunicatorInformationAdapter httpCommunicatorInformationAdapter) at Unify.Connect.Web.Chris21AgentController.Serialize(Chris21AgentViewInformation viewInformation) at Unify.Connect.Web.Chris21AgentController.CreateOrEdit(Chris21AgentViewInformation viewInformation) at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
Either Chris21AgentInformationAdapter shouldn't require the username/password, or the fields should be made required.
Adapter updates failing 4.1 beta
When attempting to Export mail -> Email (Aurion) I receive the following error. I am not receving any further error in idB as mentioned before in IDB-1051
System.Exception: Error occurred when attempting to save entity with distinguished name CN=500000 Error: Specified argument was out of the range of valid values. Parameter name: A matching entity with distinguished name CN=500000 could not be found in adapter with id 21fb5ed7-b524-4435-a22d-99fbc1f1c34f. at Unify.Product.IdentityBroker.LDIFAdapterBase.GetObjectClass(Guid adapterId, IAdapter adapter, DistinguishedName dn) at Unify.Product.IdentityBroker.LDIFAdapterBase.<>c__DisplayClassb.<ExportChanges>b__9(DistinguishedName dn) at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.HandleUpdate(LDIFChangeObject pendingUpdate) at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.<Transform>d__2.MoveNext() at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter) at SyncInvokeExportChanges(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
Any help would be appreciated
Ryan
export1.png
Membership List composite key transformation Argument Null Exception
Fails with:
Adapter import all entities for adapter failed. Adapter import all entities for adapter 02dcad6e-a5d8-4b34-8650-1bb5e917ec2a failed with reason Value cannot be null. Parameter name: generator. Duration: 00:00:48.6640625 Error details: System.ArgumentNullException: Value cannot be null. Parameter name: generator at Unify.Product.IdentityBroker.MembershipListCompositeKeyEntityDistinguishedNameTransformationBase..ctor(IEntityPartitionUpdatableContextFactory rightSideEntityRepository, IDictionary`2 relationships, GroupedNameValueCollectionKey groupTarget, IEntityPartitionContextFactoryInformation rightSideFactoryInformation, IEntityDistinguishedNameGenerator`2 generator, Boolean distinctTargetGroup) at Unify.Product.IdentityBroker.MembershipListCompositeKeyEntityDistinguishedNameTransformationFactory.CreateComponent(IAdapterEntityTransformationFactoryInformation factoryInformation) at Unify.Product.IdentityBroker.EntitySequentialAdapterFactory.<>c__DisplayClass11.<CreateComponent>b__10(IAdapterEntityTransformationFactory innerFactory) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func) at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__17`1.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__17`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.ActionOnExceptionEnumerator`1.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__17`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Enumerable.<ConcatIterator>d__71`1.MoveNext() at Unify.Framework.IO.LDIFComponentFileGenerator`1.GenerateFile(TextWriter writer, IEnumerable`1 entries) at Unify.Product.IdentityBroker.LDIFAdapterBase.<>c__DisplayClass14`1.<CreateLDIFComponentStream>b__13(Stream stream)
Statistics Summary
Currently there is no easy way to get stats on a connector or adapter. It would be good to be able to see:
- Number of current objects
- Number of changes in change register
- Number of pending exports (to connected system or FIM)
(Note the last two may be the same...) - Date / Time of last run import / export
- Number of Errors / Warnings from last import / export run
- Probably some more things but they're not coming off the top of my head.
Making this available via WMI would probably also be useful to allow management packs / websites etc to generate this as a report feature.
A hover-over would work on the display but in some cases you'd like the stats to be on the screen permanently - perhaps allow a configuration block where the admin can add required info for the connector / adapter.
Note: The changes for the adapter should include ALL underlying connector changes (I assume they do).
I'm not sure if there's some more info on EB integration but probably. Haven't used it enough to get a good feel for it.
IDB5: Adapter Schema
I have started testing IDB5. I have an issue where you cannot have the same attribute name on different adapters. While I can understand this if the schema is different, it will be necessary to be able to have the same schema name where the validators are the same.
Consider this example:
We have ACT Education with about 100 MAZE instances, all read through IDB.
Each MAZE will have 3 adapters (Students, Teachers, Classes)
Each adapter will have similar attributes.
This will mean that I have 200 different attributes for 'firstname', 200 for 'lastname', 300 for 'class code', etc.
This will make it nearly impossible to create the Management agent - we will have 100 firstname attributes importing to 1 firstname metaverse attribute for 2 different objects. Aternatively, we have 300 different object types in the management agent.
Further to this, it will make the writing of code immeasurably more difficult. I can either have several hundred copies of the advanced flow rules, or I can dodgy up some method where I construct the attribute at run time to retrieve from the CSEntry so I can read and write from it.
Is it possible to only enforce new names if the schema validator is different, or require the user to agree that the schema's are the same when creating the adapter, thus making it the operators responsibility to ensure that the schema is correct?
This was updated in v5.1 such that multiple schemas are supported (the setting that controls it is https://voice.unifysolutions.net/knowledge-bases/7/articles/2975-ldap-single-schema-mode).
Allow group transformation to group values instead of dn's
Allow group transformation to group values instead of dn's. The use-case is from MONASH-7, which required data that weren't really references to be grouped. Could just use target field type as a multi-value.
Additional use case:
- Multiple fields from the target entity are needed in their own groups. If possible make the configuration a collection of target fields paired with the right side entity field
Persistent Search
For use with FIM Event Broker, Identity Broker v5.1 should support the LDAP Server Notification OID control which allows FIM Event Broker (and other LDAP client applications) to be notified of changes on the LDAP server as they become available.
This feature will also require implementing an efficient mechanism to allow the persistent search request handler to know when changes are available.
Resources:
Investigate handling of inconsistent casing in container objects
QDET-97, IDBSP-29, IDBSP-36 and IDBFIM300:The distinguished name and reference value attributes of a management agent seem to change case inexplicably all detail issues that arise due to inconsistent casing in container objects retrieved from a target system, usually where the key field is a self-reference (such as Microsoft SharePoint). Microsoft FIM does not handle inconsistently cased container objects with great finesse, prompting the renaming and updating of all reference value fields and distinguished names in a connector space. Investigate if any appropriate measures can be introduced on the Identity Broker side to alleviate or address this issue.
Investigate more efficient retrieval from and clearing of EAI table
At SSICT, a large initial export of 52000 updates to the DET table caused the EAI changes table to contain a similar amount of changes. This resulted in the Import Changes operation for the connector taking 9-10 hours to execute, and the EAI table for the DET form was not cleared. It was worked around by forcing a deletion of the CHEAI file following the initial load exercise. Investigate any improvements that can be made to this interface for environments where extremely large numbers of changes can take place.
Connector clearance timeout issues/paged clear
The following was encountered when clearing the connector with 1million entities:
Change detection clear connector space failed. Change detection clear connector space for connector Example failed with reason Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.. Duration: 00:17:10.3089303 Error details: System.Data.SqlClient.SqlException (0x80131904): Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() at System.Data.SqlClient.TdsParserStateObject.ReadSniError(TdsParserStateObject stateObj, UInt32 error) at System.Data.SqlClient.TdsParserStateObject.ReadSni(DbAsyncResult asyncResult, TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParserStateObject.ReadNetworkPacket() at System.Data.SqlClient.TdsParserStateObject.ReadByte() at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at Unify.Product.IdentityBroker.Repository.EntityDataContext.DeletePartitionItems(Guid partitionID) in s:\hg\Product\IdentityBroker\Master-Changes\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\Entity.cs:line 101 at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.DeletePartitionItems(Guid partitionID) in s:\hg\Product\IdentityBroker\Master-Changes\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\KnownEntityContextBase.cs:line 121 at Unify.Product.IdentityBroker.EntityPartitionUpdatableContextAdapter.DeleteAllPartitionItems() in s:\hg\Product\IdentityBroker\Master-Changes\Source\Entity\Unify.IdentityBroker.Entity.Repository\EntityPartitionUpdatableContextAdapter.cs:line 30 at Unify.Product.IdentityBroker.ChangeDetectionClearConnectorJob.RunBase() in s:\hg\Product\IdentityBroker\Master-Changes\Source\ChangeDetection\Unify.IdentityBroker.ChangeDetection\ChangeDetectionClearConnectorConnectorJob.cs:line 100 at Unify.Framework.JobBase.Run() in S:\hg\Framework\Core\Master-Changes\Source\Scheduling\Unify.Framework.Scheduling.Job\JobBase.cs:line 15 at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() in c:\workspaces\BUILDS\UFCORE-4.0-DEV\Source\Scheduling\Unify.Framework.Scheduling.Job.Auditing\DefinedScopeJobAuditTrailJobDecorator.cs:line 34 at Unify.Framework.BeforeJobDecorator.Run() in S:\hg\Framework\Core\Master-Changes\Source\Scheduling\Unify.Framework.Scheduling.Job\BeforeJobDecorator.cs:line 33 at Unify.Framework.BeforeJobDecorator.Run() in S:\hg\Framework\Core\Master-Changes\Source\Scheduling\Unify.Framework.Scheduling.Job\BeforeJobDecorator.cs:line 33 at Unify.Product.IdentityBroker.QueuedConnectorExecutionProcessorEndDecorator.Run() in s:\hg\Product\IdentityBroker\Master-Changes\Source\ChangeDetection\Unify.IdentityBroker.ChangeDetection\QueuedConnectorExecutionProcessorEndDecorator.cs:line 41
There is an arbitrary timeout on the DeletePartitionItems on Entity.cs; this needs to either be configurable or paged, preferably paged as it is more useful than just waiting a longer time.
Customer support service by UserEcho