<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hmm,</p>
<p>I was expecting to see associationTargetSearch witch
searchOnResource; that could be optimized. But these
associationFromLink should be OK.</p>
<p>I hope the answer provided by Pavol will help you (and us) to
trace the root of the problem further.</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 11/02/2016 12:49 PM, Martin Herbert
wrote:<br>
</div>
<blockquote
cite="mid:F029A8E4-62C1-4440-9B08-25FAC1712363@tahzoo.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1031"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Ivan,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Yes the
assignments are setup to add users to groups. We have
multiple AD Domains and the groups reside on each domain.
The below is the metarole we have associated with each role
within Midpoint itself that has the logic to map it to all
resources where relevant.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><role
xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
oid="aef77645-a406-4598-be2e-6c7217944fe1"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
version="76"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<name>Metarole for groups</name><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<createTimestamp>2016-10-14T06:52:38.197Z</createTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<creatorRef oid="a507b312-69a5-422a-852a-3d1d5f1f02b9"
type="c:UserType"><!-- admin.dm
--></creatorRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<createChannel><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<inducement id="1"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<resourceRef oid="58535b46-2326-4b4e-9d9c-67c8cfa8fdfa"
type="c:ResourceType"><!-- Active Directory
eu1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<code>roleType != "system"</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<inducement id="2"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<resourceRef oid="58535b46-2326-4b4e-9d9c-67c8cfa8fdfa"
type="c:ResourceType"><!-- Active Directory
eu1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:path>$user/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<code>organizationalUnit.toString() == 'Employees
Delft' || organizationalUnit.toString() == 'Employees
Milton Keynes' || organizationalUnit.toString() ==
'Employees Maarssen' || organizationalUnit.toString() ==
'Employees Borlange' || organizationalUnit.toString() ==
'Contractors EXLRT' || organizationalUnit.toString() ==
'Contractors EU' || organizationalUnit.toString() ==
'Customers EU'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<inducement id="4"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<resourceRef oid="f8939b78-2bd6-4eb4-b886-548b414ae9ff"
type="c:ResourceType"><!-- Active Directory
NA1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:path>$user/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<code>organizationalUnit.toString() == 'Employees DC'
|| organizationalUnit.toString() == 'Employees Richmond' ||
organizationalUnit.toString() == 'Contractors USEast' ||
organizationalUnit.toString() == 'Customers
USEast'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<inducement id="6"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<resourceRef oid="9ebeffc4-d1ce-4e6e-8077-4a77883cb04f"
type="c:ResourceType"><!-- Active Directory
NA2.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:path>$immediateRole/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<code>organizationalUnit.toString() == 'Employees
Seattle' || organizationalUnit.toString() == 'Contractors
USWest' || organizationalUnit.toString() == 'Customers
USWest'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<inducement id="3"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<resourceRef oid="f8939b78-2bd6-4eb4-b886-548b414ae9ff"
type="c:ResourceType"><!-- Active Directory
NA1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<code>roleType != 'system'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<inducement id="5"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<resourceRef oid="9ebeffc4-d1ce-4e6e-8077-4a77883cb04f"
type="c:ResourceType"><!-- Active Directory
NA2.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
<code>roleType != 'system'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div
style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;white-space:normal;"><br>
<table
style="background-color:#FFFFFF;border-collapse:collapse;font-size:0;line-height:16.88px;"
cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td style="vertical-align:middle;" align="left">
<table style="border-collapse:collapse;font-size:0;"
cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td style="border-top:none;border-right:solid
2px
#124A7D;border-bottom:none;border-left:none;padding:0
10px 0
0;vertical-align:middle;line-height:normal;"
align="left"><a moz-do-not-send="true"
href="http://www.tahzoo.com" target="_blank"
id="LPlnk689713"
style="text-decoration:none;"><img
src="cid:part1.119DC099.83459CE1@evolveum.com"
alt="" style="min-width:96px;font-size:0;"
border="0" height="51" width="96"></a></td>
<td style="padding:10px 0 10px
10px;vertical-align:top;" align="left">
<table
style="border-collapse:collapse;font-size:0;"
cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td style="vertical-align:top;"
align="left">
<table
style="border-collapse:collapse;font-size:13.5px;color:#606060;font-style:normal;font-weight:bold;text-decoration:none;"
cellpadding="0" cellspacing="0"
border="0">
<tbody>
<tr>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left">Martin
Herbert</td>
</tr>
<tr
style="font-size:12px;color:#808080;line-height:15px;">
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left">Hosting
Manager / Head of IT &
Hosting Services</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr
style="line-height:15px;white-space:nowrap;">
<td style="padding:5px 0
10px;vertical-align:top;" align="left">
<table
style="border-collapse:collapse;font-size:0;"
cellpadding="0" cellspacing="0"
border="0">
<tbody>
<tr>
<td style="vertical-align:top;"
align="left">
<table
style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"
cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;"
align="left">M: </td>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left"><a
moz-do-not-send="true"
href="tel:+44%207862%20993%20003" target="_blank" id="LPlnk689713"
style="color:#808080;text-decoration:none;"><strong
style="font-weight:normal;">+44 7862 993 003</strong></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="vertical-align:top;"
align="left">
<table
style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"
cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;"
align="left">E: </td>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left"><a
moz-do-not-send="true"
href="mailto:martinh@tahzoo.com" target="_blank" id="LPlnk689713"
style="color:#808080;text-decoration:none;"><strong
style="font-weight:normal;">martinh@tahzoo.com</strong></a></td>
<td
style="vertical-align:top;text-align:left;color:#808080;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left"> | </td>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;"
align="left">W: </td>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left"><a
moz-do-not-send="true"
href="http://www.tahzoo.com" target="_blank" id="LPlnk689713"
style="color:#808080;text-decoration:none;"><strong
style="font-weight:normal;">www.tahzoo.com</strong></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="vertical-align:top;"
align="left">
<table
style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"
cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;"
align="left">A: </td>
<td
style="vertical-align:top;text-align:left;font-family:Century
Gothic,CenturyGothic,AppleGothic,sans-serif;" align="left"><a
moz-do-not-send="true"
href="https://www.google.com/maps/place/399+Silbury+Blvd,+Milton+Keynes+MK9+2AH,+UK/@52.0414531,-0.7670066,17z/data=%213m1%214b1%214m5%213m4%211s0x4877aa98b50bb921:0xef39de0bd21f30c6%218m2%213d52.0414531%214d-0.7648179"
target="_blank"
id="LPlnk689713"
style="color:#808080;text-decoration:none;"><strong
style="font-weight:normal;">399 Silbury Blvd, Milton Keynes, MK9 2AH, </strong></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr style="line-height:normal;">
<td style="vertical-align:top;"
align="left"><map
id="map_810b3c0f-3ac4-40b1-bf51-68da198480f7"
name="map_810b3c0f-3ac4-40b1-bf51-68da198480f7">
<area shape="rect"
coords="0,0,16,16"
href="https://www.linkedin.com/company/tahzoo"
alt="LinkedIn" title="LinkedIn"
target="_blank">
<area shape="rect"
coords="19,0,35,16"
href="skype:live:mherbert84?chat"
alt="Skype" title="Skype"
target="_blank">
<area shape="rect"
coords="38,0,54,16"
href="http://www.twitter.com/Tahzoo"
alt="Twitter" title="Twitter"
target="_blank">
</map>
<img
usemap="#map_810b3c0f-3ac4-40b1-bf51-68da198480f7"
src="cid:part7.7565ACE4.A632B618@evolveum.com" alt=""
style="min-width:57px;font-size:0;"
border="0" height="16" width="57"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span
style="color:black">midPoint
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a> on behalf of
Ivan Noris <a class="moz-txt-link-rfc2396E" href="mailto:ivan.noris@evolveum.com"><ivan.noris@evolveum.com></a><br>
<b>Organization: </b>Evolveum, s.r.o.<br>
<b>Reply-To: </b>midPoint General Discussion
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Date: </b>Wednesday, 2 November 2016 at 11:36<br>
<b>To: </b>midPoint General Discussion
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Subject: </b>Re: [midPoint] Midpoint 3.4.1 Performance
Issues UI and REST</span><span
style="color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New
Roman""><o:p> </o:p></span></p>
</div>
<p>Hi Martin,<o:p></o:p></p>
<p>are those 42 assignments using associationTargetSearch to put
accounts to e.g. groups?<o:p></o:p></p>
<p>If so, can you paste an example how are you using it?<o:p></o:p></p>
<p>Best regards,<o:p></o:p></p>
<p>Ivan<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 11/02/2016 11:53 AM, Martin Herbert
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Guys,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We’ve
constantly been suffering with performance issues on our
Midpoint environment. The setup includes a cluster of 2
servers with around 10,000 objects. Although user account
modifications are fairly quick when it comes to a small
number of assignments (1 or 2 maximum), there is a
significant performance issue with a larger amount of
assignments. Testing my own account during reconciliation
which has 42 assignments and 2 projections to different AD
resources which can take up to 5 minutes before
completion.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">From an
integration standpoint for these two projections, one of
the AD servers utilises the .Net Connector which is still
slow, but much quicker than the OpenICF integration on the
other projection.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We also
have a password tool that integrates with the REST
services for Midpoint, the same issue also applies here.
The more assignments that are on an account, the longer it
takes for a password change to occur. And in a number of
cases even timeouts for a given account.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The major
pain point is the password changes, is there no way
password changes can be done without removing and
re-adding all assignments for each given account?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Overall
performance also seems to be an issue in some browsers as
well (Firefox for example). Is there a list of supported
browsers available?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times
New Roman";mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<table class="MsoNormalTable"
style="background:white;border-collapse:collapse"
cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable"
style="border-collapse:collapse" cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td style="border:none;border-right:solid
#124A7D 1.5pt;padding:0in 7.5pt 0in 0in">
<p class="MsoNormal"><span
style="font-size:1.0pt;font-family:"Times
New
Roman";mso-fareast-language:EN-GB"><a
moz-do-not-send="true"
href="http://www.tahzoo.com"
target="_blank"><span
style="text-decoration:none"><img
id="_x0000_i1025"
src="cid:part8.97DD8989.38E3DC93@evolveum.com"
border="0" height="51" width="96"></span></a><o:p></o:p></span></p>
</td>
<td style="padding:7.5pt 0in 7.5pt 7.5pt"
valign="top">
<table class="MsoNormalTable"
style="border-collapse:collapse"
cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in"
valign="top">
<table class="MsoNormalTable"
style="border-collapse:collapse"
cellpadding="0" cellspacing="0"
border="0">
<tbody>
<tr>
<td style="padding:0in 0in 0in
0in" valign="top">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Century
Gothic";color:#606060;mso-fareast-language:EN-GB">Martin
Herbert<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in
0in" valign="top">
<p class="MsoNormal"
style="line-height:11.25pt;mso-line-height-rule:exactly"><b><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:gray;mso-fareast-language:EN-GB">Hosting
Manager / Head of IT
& Hosting Services<o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:3.75pt 0in 7.5pt
0in" valign="top">
<table class="MsoNormalTable"
style="border-collapse:collapse"
cellpadding="0" cellspacing="0"
border="0">
<tbody>
<tr>
<td style="padding:0in 0in 0in
0in" valign="top">
<table
class="MsoNormalTable"
style="border-collapse:collapse"
cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB">M: <o:p></o:p></span></b></p>
</td>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a
moz-do-not-send="true" href="tel:+44%207862%20993%20003" target="_blank"><strong><span
style="font-family:"Century
Gothic";color:gray;font-weight:normal;text-decoration:none">+44 7862 993 003</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in
0in" valign="top">
<table
class="MsoNormalTable"
style="border-collapse:collapse"
cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB">E: <o:p></o:p></span></b></p>
</td>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a
moz-do-not-send="true" href="mailto:martinh@tahzoo.com" target="_blank"><strong><span
style="font-family:"Century
Gothic";color:gray;font-weight:normal;text-decoration:none">martinh@tahzoo.com</span></strong></a><o:p></o:p></span></p>
</td>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:gray;mso-fareast-language:EN-GB"> | <o:p></o:p></span></p>
</td>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB">W: <o:p></o:p></span></b></p>
</td>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a
moz-do-not-send="true" href="http://www.tahzoo.com" target="_blank"><strong><span
style="font-family:"Century
Gothic";color:gray;font-weight:normal;text-decoration:none">www.tahzoo.com</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in
0in" valign="top">
<table
class="MsoNormalTable"
style="border-collapse:collapse"
cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB">A: <o:p></o:p></span></b></p>
</td>
<td style="padding:0in
0in 0in 0in"
valign="top">
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Century
Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a
moz-do-not-send="true"
href="https://www.google.com/maps/place/399+Silbury+Blvd,+Milton+Keynes+MK9+2AH,+UK/@52.0414531,-0.7670066,17z/data=%213m1%214b1%214m5%213m4%211s0x4877aa98b50bb921:0xef39de0bd21f30c6%218m2%213d52.0414531%214d-0.7648179"
target="_blank"><strong><span style="font-family:"Century
Gothic";color:gray;font-weight:normal;text-decoration:none">399 Silbury Blvd, Milton Keynes, MK9 2AH, </span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in"
valign="top">
<p class="MsoNormal"><span
style="font-size:1.0pt;font-family:"Times
New
Roman";mso-fareast-language:EN-GB"><map
name="MicrosoftOfficeMap0">
<area shape="Rect" coords="-1,
0, 15, 16"
href="https://www.linkedin.com/company/tahzoo"
target="_blank"
title="LinkedIn">
<area shape="Rect" coords="18,
0, 34, 16"
href="skype:live:mherbert84?chat"
target="_blank"
title="Skype">
<area shape="Rect" coords="37,
0, 53, 16"
href="http://www.twitter.com/Tahzoo"
target="_blank"
title="Twitter">
</map>
<img id="_x0000_i1026"
src="cid:part14.CCF04BAA.2C8F3A7E@evolveum.com"
usemap="#MicrosoftOfficeMap0"
border="0" height="16"
width="57"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-family:"Times
New Roman";mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Times New
Roman";mso-fareast-language:EN-GB"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-family:"Times New
Roman";mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Ivan Noris<o:p></o:p></pre>
<pre>Senior Identity Engineer<o:p></o:p></pre>
<pre>evolveum.com<o:p></o:p></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>