<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>There may be a misconfiguration (of capabilities, maybe) that
causes midPoint to read and then write all members when
adding/removing just one member to/from the group. There is a jira
issue for this; you could try to find it.<br>
</p>
<pre class="moz-signature" cols="72">--
Pavol Mederly
Software developer
evolveum.com</pre>
<div class="moz-cite-prefix">On 07/06/2023 10:45, xljbi20 via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:e81a081b-32b6-3ad5-d57b-13ad9878619c@fra.se">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><br>
</p>
<p>The limit of 1500 is the default in AD.</p>
<p>You can increase it on the AD-server somewhere, up to I think
5000 to solve the problem by avoiding paging.<br>
But your original problem seems to be something else.<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Den 2023-06-06 kl. 13:36, skrev
Dmitriy Berezkin via midPoint:<br>
</div>
<blockquote type="cite"
cite="mid:13289fb9-40eb-4e2b-846b-d9fdafedcb42@Spark">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<title></title>
<div name="messageBodySection">
<div dir="auto">Hi all,<br>
<br>
I have issue with ldap ad connector (v3.4).<br>
I’m adding user to group with 2K+ members. After
provisioning this group has just 1501 members and 1501-st is
my user.<br>
I’m a bit stuck because I don’t know how to fix it. Is it a
connector bug or apache.ldap library bug or AD configuration
problem or resourse configuration problem?<br>
<br>
<br>
<br>
Logs:</div>
<blockquote style="border-left-color: rgb(26, 188, 156);
margin: 5px; padding-left: 10px; border-left-width: thin;
border-left-style: solid;">2023-06-06 13:44:02,580 []
[pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Search REQ
base=<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>,
filter=(objectClass=*), scope=base, attributes=[member,
mailNickname, objectGUID, objectClass], controls=null<br>
2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST<br>
Message ID : 14<br>
SearchRequest<br>
baseDn :
'<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>'<br>
filter : '(objectClass=*)'<br>
scope : base object<br>
typesOnly : false<br>
Size Limit : no limit<br>
Time Limit : no limit<br>
Deref Aliases : never Deref Aliases<br>
attributes : 'member', 'mailNickname', 'objectGUID',
'objectClass'<br>
org.apache.directory.api.ldap.model.message.SearchRequestImpl@8c6b5577)<br>
2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,676 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 14<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
objectClass: top<br>
objectClass: group<br>
member;range=0-1499: CN=User
1,OU=OU_Users,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=0-1499: CN=User 1499,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5
0x63 0xA4 0xCC 0x0B 0x48 0xE1 0x40 <br>
member: (null)<br>
)<br>
2023-06-06 13:44:02,677 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,680 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04128_SEARCH_ENTRY_FOUND (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 14<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
objectClass: top<br>
objectClass: group<br>
member;range=0-1499: CN=User
1,OU=OU_Users,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=0-1499: CN=User 1499,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5
0x63 0xA4 0xCC 0x0B 0x48 0xE1 0x40 <br>
member: (null)<br>
)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_DONE<br>
Message ID : 14<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04131_SEARCH_SUCCESSFUL (MessageType :
SEARCH_RESULT_DONE<br>
Message ID : 14<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04126_REMOVING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,684 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Search RES Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
objectClass: top<br>
objectClass: group<br>
member;range=0-1499: CN=User
1,OU=OU_Users,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=0-1499: CN=User 1499,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5
0x63 0xA4 0xCC 0x0B 0x48 0xE1 0x40 <br>
member: (null)<br>
<br>
2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Search REQ
base=CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test,
filter=(objectClass=*), scope=base,
attributes=member;range=1500-*<br>
2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST<br>
Message ID : 15<br>
SearchRequest<br>
baseDn :
'CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test'<br>
filter : '(objectClass=*)'<br>
scope : base object<br>
typesOnly : false<br>
Size Limit : no limit<br>
Time Limit : no limit<br>
Deref Aliases : deref Always<br>
attributes : 'member;range=1500-*'<br>
org.apache.directory.api.ldap.model.message.SearchRequestImpl@71eff6b7)<br>
2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(15,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,696 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 15<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
member;range=1500-*: CN=User New,OU=Users and
Groups,OU=Branches,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
member;range=1500-*: CN=User 1502,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=1500-*: CN=User X,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
)<br>
2023-06-06 13:44:02,696 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(15,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,697 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04128_SEARCH_ENTRY_FOUND (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 15<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
member;range=1500-*: CN=User New,OU=Users and
Groups,OU=Branches,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
member;range=1500-*: CN=User 1502,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=1500-*: CN=User X,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
<br>
2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Search REQ
base=<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>,
filter=(objectClass=*), scope=base, attributes=[dn],
controls=null,
dnHint=cn=Test-Group-1,ou=ou_groups,ou=midpoint-ad-test,ou=midpointtest,ou=ou_users,DC=domain,DC=test<br>
2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST<br>
Message ID : 16<br>
SearchRequest<br>
baseDn :
'<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>'<br>
filter : '(objectClass=*)'<br>
scope : base object<br>
typesOnly : false<br>
Size Limit : no limit<br>
Time Limit : no limit<br>
Deref Aliases : never Deref Aliases<br>
attributes : 'dn'<br>
org.apache.directory.api.ldap.model.message.SearchRequestImpl@23ee96a0)<br>
2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 16<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04128_SEARCH_ENTRY_FOUND (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 16<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_DONE<br>
Message ID : 16<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,719 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Search RES Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04131_SEARCH_SUCCESSFUL (MessageType :
SEARCH_RESULT_DONE<br>
Message ID : 16<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,719 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST ( Abandon Request :<br>
Message Id :
16org.apache.directory.api.ldap.model.message.AbandonRequestImpl@9bed323e)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04126_REMOVING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [pool-3-thread-134] WARN
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04165_NO_FUTURE_ASSOCIATED_TO_MSG_ID_COMPLETED (16)<br>
2023-06-06 13:44:02,722 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Modify REQ
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test:
[replace:member=CN=User 1,OU=OU_Users,DC=domain,DC=test,],
control=PermissiveModify<br>
2023-06-06 13:44:02,722 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(18,org.apache.directory.ldap.client.api.future.ModifyFuture)<br>
2023-06-06 13:44:22,242 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType : MODIFY_RESPONSE<br>
Message ID : 18<br>
Modify Response<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:22,242 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(18,org.apache.directory.ldap.client.api.future.ModifyFuture)<br>
2023-06-06 13:44:22,243 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04123_MODIFY_SUCCESSFUL (MessageType : MODIFY_RESPONSE<br>
Message ID : 18<br>
Modify Response<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:22,243 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04126_REMOVING
(18,org.apache.directory.ldap.client.api.future.ModifyFuture)<br>
2023-06-06 13:44:22,243 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04123_MODIFY_SUCCESSFUL (MessageType : MODIFY_RESPONSE<br>
Message ID : 18<br>
Modify Response<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:22,243 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a class="moz-txt-link-freetext"
href="ldaps://controller1.domain.test/"
moz-do-not-send="true">ldaps://controller1.domain.test/</a>
Modify RES
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test:
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''</blockquote>
<div dir="auto"><br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div class="matchFont">–––<br>
Dmitry Berezkin</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>