Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleFull Active Directory Schema

Active Directory has huge schema. The schema when encoded in XSD has several megabytes. This might take several hundreds of megabytes of memory when processed. Make sure that your midpoint instance has enough memory (heap) to handle that. The impact of AD schema can be limited by reducing the number of object classes that are processed by midPoint:

Code Block
    <schema>
       <generationConstraints>
            <generateObjectClass>ri:user</generateObjectClass>
            <generateObjectClass>ri:group</generateObjectClass>
        </generationConstraints>
    </schema>

See also 

Jira
serverEvolveum Jira
serverId701b45f2-090c-3276-8ac9-f45eedf731bc
keyMID-2716


Note
titleExplicit Referential Inrtegrity

We recommend to turn off explicitReferentialIntegrity for associations with groups. Active Directory will maintain the group membership after account rename automatically.

Example:

Code Block
languagexml
...
<association>
    <ref>ri:group</ref>
    <displayName>AD Group Membership</displayName>
    <kind>entitlement</kind>
    <intent>group</intent>
    <direction>objectToSubject</direction>
    <associationAttribute>ri:member</associationAttribute>
    <valueAttribute>ri:dn</valueAttribute>
    <shortcutAssociationAttribute>ri:memberOf</shortcutAssociationAttribute>
    <shortcutValueAttribute>ri:dn</shortcutValueAttribute>
    <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
</association>
...



See Also

...