FIM2010–FIM MA App-Store-Import-Exception Errors

The other day while working in  the FIM Service, I added an attribute type to the schema and bound it to one of the resource types that was being picked up and synchronized via the Synchronization Service. I noticed however, that after the change was made and the attribute was populated with data that I received the “app-store-import-exception” when trying to do the delta imports.

Turns out the issue was quite simple. The FIM MA was getting updates from the FIM Service that included an attributeType that was not included in the MA’s record of the schema.

To fix the issue, all that was required was to simply refresh the FIM MA schema and redo the import which worked fine.

This did lead me to ask myself, why did this happen. Turns out it was a configuration shortcut that I had taken a while back when first building the system for testing that never got corrected. The MPR that granted permission to the synchronization engine for reading the objects was set to “all attributes”. So therefore, simply adding the attribute to the FIM Service and that resource type made it immediately available to the FIM MA.

Those who have attended my training classes for FIM 2010 as well as myself have yet another reason as to why I like to avoid that “All Attributes” selection when granting permissions. It can be the root of a lot of different issues not limited to the improper disclosure of data to people or systems who should not be otherwise authorized.

Advertisements
This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s