[midPoint] Adding user to AD group with 2K members
Yakov Revyakin
yrevyakin at gmail.com
Wed Dec 25 18:38:41 CET 2024
Already found, sorry
On the object type level I disabled update capability in the beginning of
development in the following way:
<cap:update>
<cap:enabled>false</cap:enabled>
</cap: update >
. After some time I enabled in the same way changing from false to true:
<cap:update>
<cap:enabled>false</cap:enabled>
</cap: update >
This results that default native capabilities were turned off. This means
that the following things weren't applied on the object type level
<cap:delta>true</cap:delta>
<cap:addRemoveAttributeValues>true</cap:addRemoveAttributeValues>
So, I simply removed <cap:update> from objectType level and this fixed the
issue turning default caps on.
On Wed, 25 Dec 2024 at 19:02, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> I've caught the same case.
> I can't find that Jira issue. Can someone help?
>
> On Wed, 7 Jun 2023 at 11:48, Pavol Mederly via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
>> There may be a misconfiguration (of capabilities, maybe) that causes
>> midPoint to read and then write all members when adding/removing just one
>> member to/from the group. There is a jira issue for this; you could try to
>> find it.
>>
>> --
>> Pavol Mederly
>> Software developerevolveum.com
>>
>> On 07/06/2023 10:45, xljbi20 via midPoint wrote:
>>
>>
>> The limit of 1500 is the default in AD.
>>
>> You can increase it on the AD-server somewhere, up to I think 5000 to
>> solve the problem by avoiding paging.
>> But your original problem seems to be something else.
>>
>>
>> Den 2023-06-06 kl. 13:36, skrev Dmitriy Berezkin via midPoint:
>>
>> Hi all,
>>
>> I have issue with ldap ad connector (v3.4).
>> I’m adding user to group with 2K+ members. After provisioning this group
>> has just 1501 members and 1501-st is my user.
>> I’m a bit stuck because I don’t know how to fix it. Is it a connector bug
>> or apache.ldap library bug or AD configuration problem or resourse
>> configuration problem?
>>
>>
>>
>> Logs:
>>
>> 2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Search REQ
>> base=<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>, filter=(objectClass=*),
>> scope=base, attributes=[member, mailNickname, objectGUID, objectClass],
>> controls=null
>> 2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST
>> Message ID : 14
>> SearchRequest
>> baseDn : '<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>'
>> filter : '(objectClass=*)'
>> scope : base object
>> typesOnly : false
>> Size Limit : no limit
>> Time Limit : no limit
>> Deref Aliases : never Deref Aliases
>> attributes : 'member', 'mailNickname', 'objectGUID', 'objectClass'
>> org.apache.directory.api.ldap.model.message.SearchRequestImpl at 8c6b5577)
>> 2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04106_ADDING
>> (14,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,676 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_ENTRY
>> Message ID : 14
>> Search Result Entry
>> Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>> objectClass: top
>> objectClass: group
>> member;range=0-1499: CN=User 1,OU=OU_Users,DC=domain,DC=test
>> ...
>> ...
>> ...
>> member;range=0-1499: CN=User 1499,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>> objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5 0x63 0xA4 0xCC
>> 0x0B 0x48 0xE1 0x40
>> member: (null)
>> )
>> 2023-06-06 13:44:02,677 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04119_GETTING
>> (14,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,680 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04128_SEARCH_ENTRY_FOUND (MessageType : SEARCH_RESULT_ENTRY
>> Message ID : 14
>> Search Result Entry
>> Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>> objectClass: top
>> objectClass: group
>> member;range=0-1499: CN=User 1,OU=OU_Users,DC=domain,DC=test
>> ...
>> ...
>> ...
>> member;range=0-1499: CN=User 1499,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>> objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5 0x63 0xA4 0xCC
>> 0x0B 0x48 0xE1 0x40
>> member: (null)
>> )
>> 2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_DONE
>> Message ID : 14
>> Search Result Done
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04119_GETTING
>> (14,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04131_SEARCH_SUCCESSFUL (MessageType : SEARCH_RESULT_DONE
>> Message ID : 14
>> Search Result Done
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04126_REMOVING
>> (14,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,684 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Search RES Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>> objectClass: top
>> objectClass: group
>> member;range=0-1499: CN=User 1,OU=OU_Users,DC=domain,DC=test
>> ...
>> ...
>> ...
>> member;range=0-1499: CN=User 1499,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>> objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5 0x63 0xA4 0xCC
>> 0x0B 0x48 0xE1 0x40
>> member: (null)
>>
>> 2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Search REQ
>> base=CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test,
>> filter=(objectClass=*), scope=base, attributes=member;range=1500-*
>> 2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST
>> Message ID : 15
>> SearchRequest
>> baseDn :
>> 'CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test'
>> filter : '(objectClass=*)'
>> scope : base object
>> typesOnly : false
>> Size Limit : no limit
>> Time Limit : no limit
>> Deref Aliases : deref Always
>> attributes : 'member;range=1500-*'
>> org.apache.directory.api.ldap.model.message.SearchRequestImpl at 71eff6b7)
>> 2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04106_ADDING
>> (15,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,696 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_ENTRY
>> Message ID : 15
>> Search Result Entry
>> Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>>
>> member;range=1500-*: CN=User New,OU=Users and
>> Groups,OU=Branches,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>> member;range=1500-*: CN=User 1502,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>> ...
>> ...
>> ...
>> member;range=1500-*: CN=User X,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>> )
>> 2023-06-06 13:44:02,696 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04119_GETTING
>> (15,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,697 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04128_SEARCH_ENTRY_FOUND (MessageType : SEARCH_RESULT_ENTRY
>> Message ID : 15
>> Search Result Entry
>> Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>>
>> member;range=1500-*: CN=User New,OU=Users and
>> Groups,OU=Branches,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>> member;range=1500-*: CN=User 1502,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>> ...
>> ...
>> ...
>> member;range=1500-*: CN=User X,OU=Users and
>> Groups,OU=Branches,DC=domain,DC=test
>>
>> 2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Search REQ
>> base=<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>, filter=(objectClass=*),
>> scope=base, attributes=[dn], controls=null,
>> dnHint=cn=Test-Group-1,ou=ou_groups,ou=midpoint-ad-test,ou=midpointtest,ou=ou_users,DC=domain,DC=test
>> 2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST
>> Message ID : 16
>> SearchRequest
>> baseDn : '<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>'
>> filter : '(objectClass=*)'
>> scope : base object
>> typesOnly : false
>> Size Limit : no limit
>> Time Limit : no limit
>> Deref Aliases : never Deref Aliases
>> attributes : 'dn'
>> org.apache.directory.api.ldap.model.message.SearchRequestImpl at 23ee96a0)
>> 2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04106_ADDING
>> (16,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_ENTRY
>> Message ID : 16
>> Search Result Entry
>> Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>>
>> )
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04119_GETTING
>> (16,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04128_SEARCH_ENTRY_FOUND (MessageType : SEARCH_RESULT_ENTRY
>> Message ID : 16
>> Search Result Entry
>> Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>>
>> )
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_DONE
>> Message ID : 16
>> Search Result Done
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:02,719 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Search RES Entry
>> dn:
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test
>>
>>
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04119_GETTING
>> (16,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04131_SEARCH_SUCCESSFUL (MessageType : SEARCH_RESULT_DONE
>> Message ID : 16
>> Search Result Done
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:02,719 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04104_SENDING_REQUEST ( Abandon Request :
>> Message Id :
>> 16org.apache.directory.api.ldap.model.message.AbandonRequestImpl at 9bed323e
>> )
>> 2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04126_REMOVING
>> (16,org.apache.directory.ldap.client.api.future.SearchFuture)
>> 2023-06-06 13:44:02,719 [] [pool-3-thread-134] WARN
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04165_NO_FUTURE_ASSOCIATED_TO_MSG_ID_COMPLETED (16)
>> 2023-06-06 13:44:02,722 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Modify REQ
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test:
>> [replace:member=CN=User 1,OU=OU_Users,DC=domain,DC=test,],
>> control=PermissiveModify
>> 2023-06-06 13:44:02,722 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04106_ADDING
>> (18,org.apache.directory.ldap.client.api.future.ModifyFuture)
>> 2023-06-06 13:44:22,242 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04142_MESSAGE_RECEIVED (MessageType : MODIFY_RESPONSE
>> Message ID : 18
>> Modify Response
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:22,242 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04119_GETTING
>> (18,org.apache.directory.ldap.client.api.future.ModifyFuture)
>> 2023-06-06 13:44:22,243 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04123_MODIFY_SUCCESSFUL (MessageType : MODIFY_RESPONSE
>> Message ID : 18
>> Modify Response
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:22,243 [] [NioProcessor-107] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04126_REMOVING
>> (18,org.apache.directory.ldap.client.api.future.ModifyFuture)
>> 2023-06-06 13:44:22,243 [] [pool-3-thread-134] DEBUG
>> (org.apache.directory.ldap.client.api.LdapNetworkConnection):
>> MSG_04123_MODIFY_SUCCESSFUL (MessageType : MODIFY_RESPONSE
>> Message ID : 18
>> Modify Response
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>> )
>> 2023-06-06 13:44:22,243 [] [pool-3-thread-134] DEBUG
>> (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:
>> ldaps://controller1.domain.test/ Modify RES
>> CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test:
>> Ldap Result
>> Result code : (SUCCESS) success
>> Matched Dn : ''
>> Diagnostic message : ''
>>
>>
>>
>> –––
>> Dmitry Berezkin
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20241225/22cdfa62/attachment-0001.htm>
More information about the midPoint
mailing list