none
Errors not passed from ECMA 1 (XMA) framework to synch manager RRS feed

  • Question

  • I'm using the OpenLDAP XMA project to connect to Oracle Internet Directory (OID).  I'm having issues reporting errors back to MIIS, specifically on Exports.  Errors due to OID server down are getting passed correctly and show up in the Sync Manager, it's errors happening on exports that do not get reported.

    1. CS Object is pending export (after full import/sync)

    2. CS object cannot be exported - either duplicate object exists or an object class violation occured.

    3. The Windows event log shows the error

    4. The sync manager has no error for the export, no success for the export, the CS object remains pending export but it will not retry until after a full import/sync completes.  If I search the connector space for pending exports the exports do not show up in the results until after a full import/sync is run.

    Example error in Windows event log:

    The extensible extension returned an unsupported error.

    The stack trace is:

    "System.DirectoryServices.Protocols.DirectoryOperationException: An object class violation occurred.

    at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)

    at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)

    at Miis_CallExport.OpenLDAPUtils.ExportEntry(TypeDescriptionCollection typeDescriptions, ModificationType modificationType, String[] changedAttributes, CSEntry csentry) in .\OpenLDAP-XMA 1.2b1 Source\OpenLDAPUtils.cs:line 2133

    at Miis_CallExport.MACallExport.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry) in .\OpenLDAP-XMA 1.2b1 Source\OpenLDAP XMA.cs:line 197

    Forefront Identity Manager 4.1.2273.0"

    Monday, March 25, 2013 4:55 PM

All replies

  • Make sure you've unchecked the option to "Merge pending update and delete-add" (or words to that effect) as this is known to interfere with the reporting of ECMA1 export errors.

    Steve Kradel, Zetetic LLC SMS OTP for FIM | Salesforce MA for FIM

    Tuesday, March 26, 2013 12:22 AM
  • Not directly related to your problem, but take a look at this - http://blog.konab.com/2013/02/replacing-openldap-ma-with-ps-ma/

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Tuesday, March 26, 2013 7:04 AM
  • I did see this post and was thinking about going down this path or re-writing in ECMA 2 framework.  I just don't have the time at this point so I had to put that on the back burner.

    I'm trying Steve's suggestion turning off merging of pending update and delete-add now.

    Tuesday, March 26, 2013 12:11 PM
  • Turning off the option for Enable merging of "Pending Export" and "Export in Progress" in the MA worked as Steve suggested.  Thanks Steve!

    Once I turned this option off for the MA export errors showed up in Sync Manager and Pending Exports that failed are re-queued properly.

    Tuesday, March 26, 2013 6:47 PM