<div dir="ltr">Already found, sorry<br><div>On the object type level I disabled update capability in the beginning of development in the following way:<br> <cap:update><br> <cap:enabled>false</cap:enabled><br> </cap:
update ><br><br>. After some time I enabled in the same way changing from false to true:<br> <cap:update><br> <cap:enabled>false</cap:enabled><br> </cap: update ><br>This results that default native capabilities were turned off. This means that the following things weren't applied on the object type level<br> <cap:delta>true</cap:delta><br> <cap:addRemoveAttributeValues>true</cap:addRemoveAttributeValues></div><div>So, I simply removed
<cap:update> from objectType level and this fixed the issue turning default caps on.<br> </div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, 25 Dec 2024 at 19:02, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I've caught the same case. <div>I can't find that Jira issue. Can someone help?</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 7 Jun 2023 at 11:48, Pavol Mederly via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>There may be a misconfiguration (of capabilities, maybe) that
causes midPoint to read and then write all members when
adding/removing just one member to/from the group. There is a jira
issue for this; you could try to find it.<br>
</p>
<pre cols="72">--
Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank">evolveum.com</a></pre>
<div>On 07/06/2023 10:45, xljbi20 via
midPoint wrote:<br>
</div>
<blockquote type="cite">
<p><br>
</p>
<p>The limit of 1500 is the default in AD.</p>
<p>You can increase it on the AD-server somewhere, up to I think
5000 to solve the problem by avoiding paging.<br>
But your original problem seems to be something else.<br>
</p>
<p><br>
</p>
<div>Den 2023-06-06 kl. 13:36, skrev
Dmitriy Berezkin via midPoint:<br>
</div>
<blockquote type="cite">
<div name="messageBodySection">
<div dir="auto">Hi all,<br>
<br>
I have issue with ldap ad connector (v3.4).<br>
I’m adding user to group with 2K+ members. After
provisioning this group has just 1501 members and 1501-st is
my user.<br>
I’m a bit stuck because I don’t know how to fix it. Is it a
connector bug or apache.ldap library bug or AD configuration
problem or resourse configuration problem?<br>
<br>
<br>
<br>
Logs:</div>
<blockquote style="border-left:thin solid rgb(26,188,156);margin:5px;padding-left:10px">2023-06-06 13:44:02,580 []
[pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Search REQ
base=<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>,
filter=(objectClass=*), scope=base, attributes=[member,
mailNickname, objectGUID, objectClass], controls=null<br>
2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST<br>
Message ID : 14<br>
SearchRequest<br>
baseDn :
'<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>'<br>
filter : '(objectClass=*)'<br>
scope : base object<br>
typesOnly : false<br>
Size Limit : no limit<br>
Time Limit : no limit<br>
Deref Aliases : never Deref Aliases<br>
attributes : 'member', 'mailNickname', 'objectGUID',
'objectClass'<br>
org.apache.directory.api.ldap.model.message.SearchRequestImpl@8c6b5577)<br>
2023-06-06 13:44:02,580 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,676 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 14<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
objectClass: top<br>
objectClass: group<br>
member;range=0-1499: CN=User
1,OU=OU_Users,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=0-1499: CN=User 1499,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5
0x63 0xA4 0xCC 0x0B 0x48 0xE1 0x40 <br>
member: (null)<br>
)<br>
2023-06-06 13:44:02,677 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,680 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04128_SEARCH_ENTRY_FOUND (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 14<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
objectClass: top<br>
objectClass: group<br>
member;range=0-1499: CN=User
1,OU=OU_Users,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=0-1499: CN=User 1499,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5
0x63 0xA4 0xCC 0x0B 0x48 0xE1 0x40 <br>
member: (null)<br>
)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_DONE<br>
Message ID : 14<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04131_SEARCH_SUCCESSFUL (MessageType :
SEARCH_RESULT_DONE<br>
Message ID : 14<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,682 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04126_REMOVING
(14,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,684 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Search RES Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
objectClass: top<br>
objectClass: group<br>
member;range=0-1499: CN=User
1,OU=OU_Users,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=0-1499: CN=User 1499,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
objectGUID: 0x28 0x1B 0x30 0x30 0x62 0xB1 0x26 0x4B 0xB5
0x63 0xA4 0xCC 0x0B 0x48 0xE1 0x40 <br>
member: (null)<br>
<br>
2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Search REQ
base=CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test,
filter=(objectClass=*), scope=base,
attributes=member;range=1500-*<br>
2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST<br>
Message ID : 15<br>
SearchRequest<br>
baseDn :
'CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test'<br>
filter : '(objectClass=*)'<br>
scope : base object<br>
typesOnly : false<br>
Size Limit : no limit<br>
Time Limit : no limit<br>
Deref Aliases : deref Always<br>
attributes : 'member;range=1500-*'<br>
org.apache.directory.api.ldap.model.message.SearchRequestImpl@71eff6b7)<br>
2023-06-06 13:44:02,688 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(15,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,696 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 15<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
member;range=1500-*: CN=User New,OU=Users and
Groups,OU=Branches,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
member;range=1500-*: CN=User 1502,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=1500-*: CN=User X,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
)<br>
2023-06-06 13:44:02,696 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(15,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,697 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04128_SEARCH_ENTRY_FOUND (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 15<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
member;range=1500-*: CN=User New,OU=Users and
Groups,OU=Branches,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
member;range=1500-*: CN=User 1502,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
...<br>
...<br>
...<br>
member;range=1500-*: CN=User X,OU=Users and
Groups,OU=Branches,DC=domain,DC=test<br>
<br>
2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Search REQ
base=<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>,
filter=(objectClass=*), scope=base, attributes=[dn],
controls=null,
dnHint=cn=Test-Group-1,ou=ou_groups,ou=midpoint-ad-test,ou=midpointtest,ou=ou_users,DC=domain,DC=test<br>
2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST (MessageType : SEARCH_REQUEST<br>
Message ID : 16<br>
SearchRequest<br>
baseDn :
'<GUID=30301b28-b162-4b26-b563-a4cc0b48e140>'<br>
filter : '(objectClass=*)'<br>
scope : base object<br>
typesOnly : false<br>
Size Limit : no limit<br>
Time Limit : no limit<br>
Deref Aliases : never Deref Aliases<br>
attributes : 'dn'<br>
org.apache.directory.api.ldap.model.message.SearchRequestImpl@23ee96a0)<br>
2023-06-06 13:44:02,717 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 16<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04128_SEARCH_ENTRY_FOUND (MessageType :
SEARCH_RESULT_ENTRY<br>
Message ID : 16<br>
Search Result Entry<br>
Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType : SEARCH_RESULT_DONE<br>
Message ID : 16<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,719 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Search RES Entry<br>
dn:
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test<br>
<br>
<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04131_SEARCH_SUCCESSFUL (MessageType :
SEARCH_RESULT_DONE<br>
Message ID : 16<br>
Search Result Done<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:02,719 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04104_SENDING_REQUEST ( Abandon Request :<br>
Message Id :
16org.apache.directory.api.ldap.model.message.AbandonRequestImpl@9bed323e)<br>
2023-06-06 13:44:02,719 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04126_REMOVING
(16,org.apache.directory.ldap.client.api.future.SearchFuture)<br>
2023-06-06 13:44:02,719 [] [pool-3-thread-134] WARN
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04165_NO_FUTURE_ASSOCIATED_TO_MSG_ID_COMPLETED (16)<br>
2023-06-06 13:44:02,722 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Modify REQ
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test:
[replace:member=CN=User 1,OU=OU_Users,DC=domain,DC=test,],
control=PermissiveModify<br>
2023-06-06 13:44:02,722 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04106_ADDING
(18,org.apache.directory.ldap.client.api.future.ModifyFuture)<br>
2023-06-06 13:44:22,242 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04142_MESSAGE_RECEIVED (MessageType : MODIFY_RESPONSE<br>
Message ID : 18<br>
Modify Response<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:22,242 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04119_GETTING
(18,org.apache.directory.ldap.client.api.future.ModifyFuture)<br>
2023-06-06 13:44:22,243 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04123_MODIFY_SUCCESSFUL (MessageType : MODIFY_RESPONSE<br>
Message ID : 18<br>
Modify Response<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:22,243 [] [NioProcessor-107] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04126_REMOVING
(18,org.apache.directory.ldap.client.api.future.ModifyFuture)<br>
2023-06-06 13:44:22,243 [] [pool-3-thread-134] DEBUG
(org.apache.directory.ldap.client.api.LdapNetworkConnection):
MSG_04123_MODIFY_SUCCESSFUL (MessageType : MODIFY_RESPONSE<br>
Message ID : 18<br>
Modify Response<br>
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''<br>
)<br>
2023-06-06 13:44:22,243 [] [pool-3-thread-134] DEBUG
(com.evolveum.polygon.connector.ldap.OperationLog): method:
null msg:<a>ldaps://controller1.domain.test/</a>
Modify RES
CN=Test-Group-1,OU=OU_Groups,OU=midpoint-ad-test,OU=MidPointTest,OU=OU_Users,DC=domain,DC=test:
Ldap Result<br>
Result code : (SUCCESS) success<br>
Matched Dn : ''<br>
Diagnostic message : ''</blockquote>
<div dir="auto"><br>
</div>
</div>
<div name="messageSignatureSection"><br>
<div>–––<br>
Dmitry Berezkin</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
</blockquote></div>