From 64a160e601e74877e6ec09a9a156efce8924fdb7 Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Fri, 22 Nov 2019 18:45:06 +0100
Subject: [PATCH 1/6] Switch to LDAP connector 2.4, tests for "tree delete"
 LDAP control

---
 build-system/pom.xml                          |   2 +-
 .../impl/opendj/AbstractOpenDjTest.java       |   4 +
 .../provisioning/impl/opendj/TestOpenDj.java  |  81 +++++++++++++++++-
 .../impl/opendj/TestOpenDjDumber.java         |  33 +++++++
 .../src/test/resources/opendj/ou-super.xml    |  24 ++++++
 .../opendj/resource-opendj-dumber.xml         |   1 +
 .../resource-opendj-incomplete-password.xml   |   1 +
 .../resource-opendj-readable-password.xml     |   1 +
 .../test/resources/opendj/resource-opendj.xml |  16 ++++
 .../src/test/resources/connector-ldap.xml     |   2 +-
 .../ad/AbstractAdLdapMultidomainTest.java     |  32 +++++--
 .../conntest/ad/TestAdLdapChimeraStrange.java |  37 ++++++++
 .../resource-chimera-native-schema.xml        |   1 +
 .../resource-chimera-runas.xml                |   1 +
 .../resource-chimera-strange.xml              |   1 +
 .../ad-ldap-multidomain/resource-chimera.xml  |   7 +-
 .../src/test/resources/truststore.jks         | Bin 7400 -> 7400 bytes
 17 files changed, 230 insertions(+), 14 deletions(-)
 create mode 100644 provisioning/provisioning-impl/src/test/resources/opendj/ou-super.xml

diff --git a/build-system/pom.xml b/build-system/pom.xml
index 7d0da317939..27966258a1c 100644
--- a/build-system/pom.xml
+++ b/build-system/pom.xml
@@ -765,7 +765,7 @@
             <dependency>
                 <groupId>com.evolveum.polygon</groupId>
                 <artifactId>connector-ldap</artifactId>
-                <version>2.3</version>
+                <version>2.4</version>
             </dependency>
             <!-- End connectors -->
             <dependency>
diff --git a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java
index acd0d16c7d9..203d757bd99 100644
--- a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java
+++ b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java
@@ -136,6 +136,10 @@ public abstract class AbstractOpenDjTest extends AbstractProvisioningIntegration
     protected static final String GROUP_CORSAIRS_OID = "70a1f3ee-4b5b-11e5-95d0-001e8c717e5b";
     protected static final String GROUP_CORSAIRS_DN = "cn=corsairs,ou=groups,dc=example,dc=com";
 
+    protected static final File OU_SUPER_FILE = new File(TEST_DIR, "ou-super.xml");
+    protected static final String OU_SUPER_OID = "1d1e519e-0d22-11ea-8cdf-3f09f7f3a585";
+    protected static final String OU_SUPER_DN = "ou=Super,dc=example,dc=com";
+
     protected static final String NON_EXISTENT_OID = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee";
 
     public static final String RESOURCE_NS = "http://midpoint.evolveum.com/xml/ns/public/resource/instance/ef2bc95b-76e0-59e2-86d6-3d4f02d3ffff";
diff --git a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java
index 13585c561e0..864ba0f2a04 100644
--- a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java
+++ b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java
@@ -37,6 +37,7 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.opends.server.types.Entry;
+import org.opends.server.util.LDIFException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.ContextConfiguration;
@@ -2852,7 +2853,7 @@ public void test456AddGroupSpecialists() throws Exception {
         OperationResult result = task.getResult();
 
         ShadowType object = parseObjectType(GROUP_SPECIALISTS_FILE, ShadowType.class);
-        IntegrationTestTools.display("Adding object", object);
+        display("Adding object", object);
 
         // WHEN
         displayWhen(TEST_NAME);
@@ -3283,6 +3284,84 @@ public void test479ModifyAccountJackDescriptionJack() throws Exception {
         assertShadows(25);
     }
 
+    @Test
+    public void test480AddOuSuper() throws Exception {
+        final String TEST_NAME = "test480AddOuSuper";
+        displayTestTitle(TEST_NAME);
+
+        Task task = createTask(TEST_NAME);
+        OperationResult result = task.getResult();
+
+        ShadowType object = parseObjectType(OU_SUPER_FILE, ShadowType.class);
+        display("Adding object", object);
+
+        // WHEN
+        displayWhen(TEST_NAME);
+        String addedObjectOid = provisioningService.addObject(object.asPrismObject(), null, null, task, result);
+
+        // THEN
+        displayThen(TEST_NAME);
+        assertEquals(OU_SUPER_OID, addedObjectOid);
+
+        ShadowType shadowType =  getShadowRepo(OU_SUPER_OID).asObjectable();
+        PrismAsserts.assertEqualsPolyString("Wrong ICF name (repo)", OU_SUPER_DN, shadowType.getName());
+
+        PrismObject<ShadowType> provisioningShadow = provisioningService.getObject(ShadowType.class, OU_SUPER_OID,
+                null, taskManager.createTaskInstance(), result);
+        ShadowType provisioningShadowType = provisioningShadow.asObjectable();
+        assertEquals("Wrong ICF name (provisioning)", dnMatchingRule.normalize(OU_SUPER_DN),
+                dnMatchingRule.normalize(provisioningShadowType.getName().getOrig()));
+
+        String uid = ShadowUtil.getSingleStringAttributeValue(shadowType, getPrimaryIdentifierQName());
+        assertNotNull(uid);
+
+        Entry ldapEntry = openDJController.searchAndAssertByEntryUuid(uid);
+        display("LDAP ou", ldapEntry);
+        assertNotNull("No LDAP ou entry");
+        String groupDn = ldapEntry.getDN().toString();
+        assertEquals("Wrong ou DN", dnMatchingRule.normalize(OU_SUPER_DN), dnMatchingRule.normalize(groupDn));
+
+        assertShadows(26);
+    }
+
+    /**
+     * Try to delete ou=Super,dc=example,dc=com. But before doing that create a subobject:
+     * ou=sub,ou=Super,dc=example,dc=com. LDAP server should normally refuse to delete the Super OU
+     * because it is not empty. But we have configured use of "tree delete" control here.
+     * Therefore the delete should work.
+     *
+     * MID-5935
+     */
+    @Test
+    public void test489DeleteOuSuperWithSub() throws Exception {
+        final String TEST_NAME = "test489DeleteOuSuperWithSub";
+        displayTestTitle(TEST_NAME);
+
+        Task task = createTask(TEST_NAME);
+        OperationResult result = task.getResult();
+
+        createSubOrg();
+
+        // WHEN
+        displayWhen(TEST_NAME);
+        provisioningService.deleteObject(ShadowType.class, OU_SUPER_OID, null, null, task, result);
+
+        // THEN
+        displayThen(TEST_NAME);
+        assertSuccess(result);
+
+        assertNoRepoShadow(OU_SUPER_OID);
+        openDJController.assertNoEntry(OU_SUPER_DN);
+
+        assertShadows(25);
+    }
+
+    protected void createSubOrg() throws IOException, LDIFException {
+        openDJController.addEntry("dn: ou=sub,ou=Super,dc=example,dc=com\n"+
+                "objectClass: organizationalUnit\n"+
+                "ou: sub");
+    }
+
     @Test
     public void test701ConfiguredCapabilityNoRead() throws Exception{
         final String TEST_NAME = "test701ConfiguredCapabilityNoRead";
diff --git a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjDumber.java b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjDumber.java
index 18dce5f52c8..1bbf33d000e 100644
--- a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjDumber.java
+++ b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjDumber.java
@@ -11,6 +11,9 @@
 
 import java.io.File;
 
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.ContextConfiguration;
 
@@ -19,6 +22,7 @@
 import com.evolveum.midpoint.util.DOMUtil;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
+import org.testng.annotations.Test;
 
 /**
  * Test for provisioning service implementation using embedded OpenDj instance.
@@ -73,4 +77,33 @@ protected void assertTimestamp(String attrName, Object timestampValue) {
         assertTrue("Timestamp "+attrName+" does not end with Z: "+str, str.endsWith("Z"));
     }
 
+    /**
+     * This resource has disabled "tree delete".
+     */
+    @Test
+    @Override
+    public void test489DeleteOuSuperWithSub() throws Exception {
+        final String TEST_NAME = "test489DeleteOuSuperWithSub";
+        displayTestTitle(TEST_NAME);
+
+        Task task = createTask(TEST_NAME);
+        OperationResult result = task.getResult();
+
+        createSubOrg();
+
+        try {
+            // WHEN
+            displayWhen(TEST_NAME);
+            provisioningService.deleteObject(ShadowType.class, OU_SUPER_OID, null, null, task, result);
+
+            assertNotReached();
+        } catch (IllegalArgumentException e) {
+            // expected
+        }
+
+        // THEN
+        displayThen(TEST_NAME);
+        assertFailure(result);
+    }
+
 }
diff --git a/provisioning/provisioning-impl/src/test/resources/opendj/ou-super.xml b/provisioning/provisioning-impl/src/test/resources/opendj/ou-super.xml
new file mode 100644
index 00000000000..7537381a046
--- /dev/null
+++ b/provisioning/provisioning-impl/src/test/resources/opendj/ou-super.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2019 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+
+<shadow oid="1d1e519e-0d22-11ea-8cdf-3f09f7f3a585"
+    xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+    xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance/ef2bc95b-76e0-59e2-86d6-3d4f02d3ffff">
+    <name>ou=Super,dc=example,dc=com</name>
+    <resourceRef oid="ef2bc95b-76e0-59e2-86d6-3d4f02d3ffff" />
+    <objectClass>ri:organizationalUnit</objectClass>
+    <kind>generic</kind>
+    <intent>ou</intent>
+    <attributes>
+        <ri:dn>ou=super,dc=example,dc=com</ri:dn>
+        <ri:ou>Super</ri:ou>
+    </attributes>
+</shadow>
diff --git a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-dumber.xml b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-dumber.xml
index 8f671fc1823..954ea433f49 100644
--- a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-dumber.xml
+++ b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-dumber.xml
@@ -39,6 +39,7 @@ somehow dumber: no shortcut in associations, expclicit duplicity checks, etc.
              <icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
+            <icfcldap:useTreeDelete>never</icfcldap:useTreeDelete>
              <icfcldap:languageTagAttributes>description</icfcldap:languageTagAttributes> <!-- MID-5210 -->
              <icfcldap:usePermissiveModify>never</icfcldap:usePermissiveModify>
              <icfcldap:timestampPresentation>string</icfcldap:timestampPresentation>
diff --git a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-incomplete-password.xml b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-incomplete-password.xml
index 88a715b1264..030c275ada3 100644
--- a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-incomplete-password.xml
+++ b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-incomplete-password.xml
@@ -34,6 +34,7 @@
              <icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
+            <icfcldap:useTreeDelete>auto</icfcldap:useTreeDelete>
              <icfcldap:languageTagAttributes>description</icfcldap:languageTagAttributes> <!-- MID-5210 -->
              <icfcldap:enableExtraTests>false</icfcldap:enableExtraTests> <!-- MID-3477 -->
              <icfcldap:passwordReadStrategy>incompleteRead</icfcldap:passwordReadStrategy> <!-- MID-2928 -->
diff --git a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-readable-password.xml b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-readable-password.xml
index 569ec734d45..ae83b3f6d27 100644
--- a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-readable-password.xml
+++ b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-readable-password.xml
@@ -34,6 +34,7 @@
              <icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
+            <icfcldap:useTreeDelete>auto</icfcldap:useTreeDelete>
              <icfcldap:languageTagAttributes>description</icfcldap:languageTagAttributes> <!-- MID-5210 -->
              <icfcldap:enableExtraTests>false</icfcldap:enableExtraTests> <!-- MID-3477 -->
              <icfcldap:passwordReadStrategy>readable</icfcldap:passwordReadStrategy> <!-- MID-2928 -->
diff --git a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj.xml b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj.xml
index e27dcfcec3c..06d4ccca4d0 100644
--- a/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj.xml
+++ b/provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj.xml
@@ -35,6 +35,7 @@
              <icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
              <icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
              <icfcldap:languageTagAttributes>description</icfcldap:languageTagAttributes> <!-- MID-5210 -->
+            <icfcldap:useTreeDelete>auto</icfcldap:useTreeDelete>
              <icfcldap:enableExtraTests>false</icfcldap:enableExtraTests> <!-- MID-3477 -->
         </icfc:configurationProperties>
 
@@ -226,6 +227,21 @@
             </attribute>
         </objectType>
 
+        <objectType>
+            <kind>generic</kind>
+            <intent>ou</intent>
+            <displayName>Organizational Unit</displayName>
+            <objectClass>ri:organizationalUnit</objectClass>
+            <attribute>
+                <ref>ri:entryUUID</ref>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+            </attribute>
+            <attribute>
+                <ref>ri:dn</ref>
+                <matchingRule>mr:distinguishedName</matchingRule>
+            </attribute>
+        </objectType>
+
     </schemaHandling>
 
     <capabilities>
diff --git a/provisioning/ucf-impl-connid/src/test/resources/connector-ldap.xml b/provisioning/ucf-impl-connid/src/test/resources/connector-ldap.xml
index 2abb168de72..4399a15dcb2 100644
--- a/provisioning/ucf-impl-connid/src/test/resources/connector-ldap.xml
+++ b/provisioning/ucf-impl-connid/src/test/resources/connector-ldap.xml
@@ -14,7 +14,7 @@
     <name>ICF com.evolveum.polygon.connector.ldap.LdapConnector</name>
     <framework>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1</framework>
     <connectorType>com.evolveum.polygon.connector.ldap.LdapConnector</connectorType>
-    <connectorVersion>2.3</connectorVersion>
+    <connectorVersion>2.4</connectorVersion>
     <connectorBundle>com.evolveum.polygon.connector-ldap</connectorBundle>
     <namespace>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector</namespace>
     <schema>
diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapMultidomainTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapMultidomainTest.java
index 4b826419060..fd4bf9151d5 100644
--- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapMultidomainTest.java
+++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AbstractAdLdapMultidomainTest.java
@@ -325,6 +325,7 @@ public void test000Sanity() throws Exception {
         cleanupDelete(toOrgGroupDn(GROUP_MELEE_ISLAND_PIRATES_NAME, GROUP_MELEE_ISLAND_NAME));
         cleanupDelete(toOrgGroupDn(GROUP_MELEE_ISLAND_PIRATES_NAME, GROUP_MELEE_ISLAND_ALT_NAME));
         cleanupDelete(toOrgDn(GROUP_MELEE_ISLAND_NAME));
+        cleanupDelete("ou=underMelee," + toOrgDn(GROUP_MELEE_ISLAND_ALT_NAME));
         cleanupDelete(toOrgDn(GROUP_MELEE_ISLAND_ALT_NAME));
     }
 
@@ -1654,8 +1655,7 @@ public void test500AddOrgMeleeIsland() throws Exception {
 
         // THEN
         displayThen(TEST_NAME);
-        result.computeStatus();
-        TestUtil.assertSuccess(result);
+        assertSuccess(result);
 
         orgMeleeIslandOid = org.getOid();
         Entry entryGroup = assertLdapGroup(GROUP_MELEE_ISLAND_NAME);
@@ -1868,8 +1868,7 @@ public void test524GetMeleeIslandPirates() throws Exception {
 
         // THEN
         displayThen(TEST_NAME);
-        result.computeStatus();
-        TestUtil.assertSuccess(result);
+        assertSuccess(result);
 
         display("Shadow after", shadow);
         assertNotNull(shadow);
@@ -1879,6 +1878,7 @@ public void test524GetMeleeIslandPirates() throws Exception {
         Entry entryOu = assertLdapOrg(GROUP_MELEE_ISLAND_ALT_NAME);
         assertNoLdapOrg(GROUP_MELEE_ISLAND_NAME);
         Entry entryOrgGroup = assertLdapOrgGroup(GROUP_MELEE_ISLAND_PIRATES_NAME, GROUP_MELEE_ISLAND_ALT_NAME);
+        display("Melee org", entryOrgGroup);
         assertNoLdapOrgGroup(GROUP_MELEE_ISLAND_PIRATES_NAME, GROUP_MELEE_ISLAND_NAME);
 
 //        assertLdapConnectorInstances(2);
@@ -1899,8 +1899,7 @@ public void test595DeleteOrgGroupMeleeIslandPirates() throws Exception {
 
         // THEN
         displayThen(TEST_NAME);
-        result.computeStatus();
-        TestUtil.assertSuccess(result);
+        assertSuccess(result);
 
         assertNoLdapOrgGroup(GROUP_MELEE_ISLAND_PIRATES_NAME, GROUP_MELEE_ISLAND_ALT_NAME);
         assertNoLdapOrgGroup(GROUP_MELEE_ISLAND_PIRATES_NAME, GROUP_MELEE_ISLAND_NAME);
@@ -1910,6 +1909,13 @@ public void test595DeleteOrgGroupMeleeIslandPirates() throws Exception {
 //        assertLdapConnectorInstances(2);
     }
 
+    /**
+     * We create "underMelee" org that gets into the way of the delete.
+     * Melee cannot be deleted in an ordinary way. "tree delete" control must
+     * be used. This is configured in the connector config.
+     *
+     * MID-5935
+     */
     @Test
     public void test599DeleteOrgMeleeIsland() throws Exception {
         final String TEST_NAME = "test599DeleteOrgMeleeIsland";
@@ -1919,14 +1925,15 @@ public void test599DeleteOrgMeleeIsland() throws Exception {
         Task task = createTask(TEST_NAME);
         OperationResult result = task.getResult();
 
+        createUnderMeleeEntry();
+
         // WHEN
         displayWhen(TEST_NAME);
         deleteObject(OrgType.class, orgMeleeIslandOid, task, result);
 
         // THEN
         displayThen(TEST_NAME);
-        result.computeStatus();
-        TestUtil.assertSuccess(result);
+        assertSuccess(result);
 
         assertNoLdapGroup(GROUP_MELEE_ISLAND_NAME);
         assertNoLdapGroup(GROUP_MELEE_ISLAND_ALT_NAME);
@@ -1939,6 +1946,15 @@ public void test599DeleteOrgMeleeIsland() throws Exception {
 //        assertLdapConnectorInstances(2);
     }
 
+    protected void createUnderMeleeEntry() throws LdapException, IOException {
+        // This OU just gets into the way of the delete.
+        Entry entry = new DefaultEntry("ou=underMelee," + toOrgDn(GROUP_MELEE_ISLAND_ALT_NAME),
+                "objectclass", "organizationalUnit",
+                "ou", "underMelee");
+        display("underMelee org", entry);
+        addLdapEntry(entry);
+    }
+
     @Test
     public void test600AssignAccountSubman() throws Exception {
         final String TEST_NAME = "test600AssignAccountSubman";
diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/TestAdLdapChimeraStrange.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/TestAdLdapChimeraStrange.java
index 611aa565f1d..11cb55ff27d 100644
--- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/TestAdLdapChimeraStrange.java
+++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/TestAdLdapChimeraStrange.java
@@ -6,10 +6,15 @@
  */
 package com.evolveum.midpoint.testing.conntest.ad;
 
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
 import org.testng.annotations.Listeners;
+import org.testng.annotations.Test;
 
 import java.io.File;
 
@@ -28,4 +33,36 @@ protected File getResourceFile() {
         return new File(getBaseDir(), "resource-chimera-strange.xml");
     }
 
+    /**
+     * This resource has "tree delete" disabled.
+     * MID-5935
+     */
+    @Test
+    public void test599DeleteOrgMeleeIsland() throws Exception {
+        final String TEST_NAME = "test599DeleteOrgMeleeIsland";
+        displayTestTitle(TEST_NAME);
+
+        // GIVEN
+        Task task = createTask(TEST_NAME);
+        OperationResult result = task.getResult();
+
+        createUnderMeleeEntry();
+
+        try {
+            // WHEN
+            displayWhen(TEST_NAME);
+            deleteObject(OrgType.class, orgMeleeIslandOid, task, result);
+
+            assertNotReached();
+        } catch (IllegalArgumentException e) {
+            // expected
+        }
+
+        // THEN
+        displayThen(TEST_NAME);
+        assertFailure(result);
+
+//        assertLdapConnectorInstances(2);
+    }
+
 }
diff --git a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-native-schema.xml b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-native-schema.xml
index 19e41a8adda..21ccc770627 100644
--- a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-native-schema.xml
+++ b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-native-schema.xml
@@ -44,6 +44,7 @@
             <icfcldap:operationalAttributes>msExchHideFromAddressLists</icfcldap:operationalAttributes>
             <icfcldap:enableExtraTests>true</icfcldap:enableExtraTests>
             <icfcldap:forcePasswordChangeAtNextLogon>false</icfcldap:forcePasswordChangeAtNextLogon>
+            <icfcldap:useTreeDelete>auto</icfcldap:useTreeDelete>
             <icfcldap:winRmUsername>midpoint</icfcldap:winRmUsername>
             <icfcldap:winRmDomain>midpoint</icfcldap:winRmDomain>
             <icfcldap:winRmAuthenticationScheme>credssp</icfcldap:winRmAuthenticationScheme>
diff --git a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-runas.xml b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-runas.xml
index 20cf530f1fa..a3d9a6a2d42 100644
--- a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-runas.xml
+++ b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-runas.xml
@@ -41,6 +41,7 @@
             <icfcldap:runAsStrategy>bind</icfcldap:runAsStrategy>
             <icfcldap:enableExtraTests>true</icfcldap:enableExtraTests>
             <icfcldap:forcePasswordChangeAtNextLogon>false</icfcldap:forcePasswordChangeAtNextLogon>
+            <icfcldap:useTreeDelete>auto</icfcldap:useTreeDelete>
             <icfcldap:winRmUsername>midpoint</icfcldap:winRmUsername>
             <icfcldap:winRmDomain>midpoint</icfcldap:winRmDomain>
             <icfcldap:winRmAuthenticationScheme>credssp</icfcldap:winRmAuthenticationScheme>
diff --git a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-strange.xml b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-strange.xml
index 16b894e93be..1a426b539f7 100644
--- a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-strange.xml
+++ b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera-strange.xml
@@ -40,6 +40,7 @@
             <icfcldap:operationalAttributes>msExchHideFromAddressLists</icfcldap:operationalAttributes>
             <icfcldap:enableExtraTests>true</icfcldap:enableExtraTests>
             <icfcldap:forcePasswordChangeAtNextLogon>false</icfcldap:forcePasswordChangeAtNextLogon>
+            <icfcldap:useTreeDelete>never</icfcldap:useTreeDelete>
             <icfcldap:winRmUsername>midpoint</icfcldap:winRmUsername>
             <icfcldap:winRmDomain>midpoint</icfcldap:winRmDomain>
             <icfcldap:winRmAuthenticationScheme>credssp</icfcldap:winRmAuthenticationScheme>
diff --git a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera.xml b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera.xml
index 088df2d8af8..2cdb21d6c3d 100644
--- a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera.xml
+++ b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-chimera.xml
@@ -40,6 +40,7 @@
             <icfcldap:operationalAttributes>msExchHideFromAddressLists</icfcldap:operationalAttributes>
             <icfcldap:enableExtraTests>true</icfcldap:enableExtraTests>
             <icfcldap:forcePasswordChangeAtNextLogon>false</icfcldap:forcePasswordChangeAtNextLogon>
+            <icfcldap:useTreeDelete>always</icfcldap:useTreeDelete>
             <icfcldap:winRmUsername>midpoint</icfcldap:winRmUsername>
             <icfcldap:winRmDomain>midpoint</icfcldap:winRmDomain>
             <icfcldap:winRmAuthenticationScheme>credssp</icfcldap:winRmAuthenticationScheme>
@@ -87,7 +88,7 @@
                 <matchingRule>mr:distinguishedName</matchingRule>
                 <outbound>
                     <source>
-                        <path>$user/fullName</path>
+                        <path>fullName</path>
                     </source>
                     <expression>
                         <script>
@@ -105,7 +106,7 @@
                     <secondaryIdentifier>true</secondaryIdentifier>
                     <outbound>
                         <source>
-                            <path>$user/name</path>
+                            <path>name</path>
                         </source>
                     </outbound>
                     <inbound>
@@ -176,7 +177,7 @@
                     <ref>ri:userPrincipalName</ref>
                     <outbound>
                     <source>
-                        <path>$user/name</path>
+                        <path>name</path>
                     </source>
                     <expression>
                         <script>
diff --git a/testing/conntest/src/test/resources/truststore.jks b/testing/conntest/src/test/resources/truststore.jks
index e16f41edef3a777106bcde119aec7fca5f163891..156ea52c6cf7c75f118e13ffddbaea55270c3efd 100644
GIT binary patch
delta 635
zcmV->0)+kOIp{gCvlazzlaM&KleiWh4-PaxNdF6Nw+jFO0000EkxX(KF)=VVGB7hU
zGBH{g4Kgq>F)%hVFf%hUF_Ul?Mt`yGM{ewdSKiC!T}^y0#C|RZY}9JV7hClRsg9m$
zIZT=hIQ7hr6hw<A@r0+e{$pDt>WxE>X&GaO7I>S_Ce8p5j6l7!?ac+}`X|`>1c~C8
zzf0bBeF~~6%EU?iT-#j~#V@%5=3#VqxX}f7As+mHCpk1LtpG%6iE081{C~siuE~_2
zs5?MauC<e~m(>i-ymnMOLtk(p*21}>HZqMvf~BL>qdf7GJB*`^SA;k88V);M%SNqF
z;`VXbi#B+@8gyq`5PSlHCm#QHoR2!b)=vEQQOzYZ&A-c|#4Nd2n=MbWu<x|>zPB*x
zfC6vns=9BJ%xPHmY=%84M*<*Sv$hyF0ThZC)t7CX?x_y6cm)#>Nm3Hg=>4++8q)!P
zrXzIUQS(2ivOwUy4ZZK4nW24A9zwXz{xDElaGAucguY!mQ>wOpiuhtIT=m&hTe~Zf
z^QTEcq69Q<#B){cm;$dvrZy~CC%*N#TR7eDAlDNVR#9XNr`m9y&zY$Wls*-xY5?kg
z-Of{H9fv}6gT3?MFgq!yb#-%W)$&w-Me@lbJ49_|&!RKastMuDr3?YfIQ|l>SYaAx
zT940|b9W0k&{TtN1EZpb3F!&Xt_!u=gkUiSd};$FsOc&~(GdGt83v0kh+%cU^*;*U
z0v|8jpovf8YxSg|<SdynvPA|1TBQM*vkt;)0npk+^xO`lnqrU<4F=V-dhCc6i?yRp
V5`C38HwJ1pmny{4Ha;#gloP;qBjEr5

delta 636
zcmV-?0)zeNIp{gCvlazv{Yf@TleiWh4-9ZLIE4Ojb~yk50000CkxX$KI59CXG%+<Y
zH8eO{7Y#8vF)=YTF*PzZG&qxR7e;@$a+O9To^;Ws3$T9#F?2Yp=|{$*LQUR$(<Kae
zIXvcL#~K#mwf0J$^T#vovKtbd^7CJ4u7`*!&M05XmD;Z*SVbeG+p5rlXozS&=~uS`
zJ(azxF)e{!?B$wS$73XO284?@XUuKIX|yzycKCy;^zxmtzV@&H+4db^|J#4pV`xK6
zu+I$xKh#)9NTmc@sKi*2X}Na*;MSq9ZKYW07wh!29M@d7?%{xbzPL-b*YL6L897dy
zsP0?i@iT%5|M-LnY(BA{n7C3Bk4r|h$>~4KiLzf2F(LY6EY!qmJb}V-^o&N<y3adk
zn;_U<t8^vaAB}Dq+w9i)KNbS5J+rnLHvtqqcHA`HoYhEg<R-938<8eoHgJ!#0UFZ*
zf1|kWZgA&){waIaa*s^vY0ggvELeESCn;yJedY*>WDQJ>i}iWQ$Tkp19WZx2YulBp
zD=iM;#*g3F*S<~co;Faj)fw(jvcXnBe9c4ouJuVhGVG$GQEwJdExm$=Bw<(o6B}(7
zesCqQ#nE`QE7MVJpPJwccUT#aJ{Dd{e`S0Ugp74R=2*QvM(&26Dae5y;x)TtN3gjs
z+FE}+U^;A6p0+Rv<TSwx-lZNA17k%#TD22o4!auaiA$E@VZx3r^>k>&=|7~@YU39f
zxcD<bb^sSXf@e+7zeB2AThZkBAU+Czd`i%<RZ(6g@4rVEY`TbOJb5Bx6<9zr7EDN(
WxKb);#`47GS95z)2GzWrxzkb1`6}}O


From cfa1747c7945523837c28ff7fa92b5568f71496b Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Fri, 22 Nov 2019 19:22:58 +0100
Subject: [PATCH 2/6] Fixing provisioning test failures

---
 .../midpoint/provisioning/impl/TestConnectorDiscovery.java    | 4 ++--
 .../midpoint/provisioning/ucf/impl/connid/TestUcfDummy.java   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/TestConnectorDiscovery.java b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/TestConnectorDiscovery.java
index 8751b9fc1bc..29057605534 100644
--- a/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/TestConnectorDiscovery.java
+++ b/provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/TestConnectorDiscovery.java
@@ -79,7 +79,7 @@ public void test001Connectors() throws Exception {
             IntegrationTestTools.assertConnectorSchemaSanity(conn, prismContext);
         }
 
-        assertEquals("Unexpected number of connectors found", 9, connectors.size());
+        assertEquals("Unexpected number of connectors found", 10, connectors.size());
     }
 
     @Test
@@ -99,7 +99,7 @@ public void testListConnectors() throws Exception{
             System.out.println("-----\n");
         }
 
-        assertEquals("Unexpected number of connectors found", 9, connectors.size());
+        assertEquals("Unexpected number of connectors found", 10, connectors.size());
     }
 
     @Test
diff --git a/provisioning/ucf-impl-connid/src/test/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/TestUcfDummy.java b/provisioning/ucf-impl-connid/src/test/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/TestUcfDummy.java
index 3f123300ee2..2b433f47640 100644
--- a/provisioning/ucf-impl-connid/src/test/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/TestUcfDummy.java
+++ b/provisioning/ucf-impl-connid/src/test/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/TestUcfDummy.java
@@ -175,7 +175,7 @@ public void test010ListConnectors() throws Exception {
 
         System.out.println("---------------------------------------------------------------------");
 
-        assertEquals("Unexpected number of connectors discovered", 7, connectors.size());
+        assertEquals("Unexpected number of connectors discovered", 8, connectors.size());
     }
 
     @Test

From 95fb4ed1c967616b1e60273ae531a9f557b835b1 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Sat, 23 Nov 2019 12:24:16 +0100
Subject: [PATCH 3/6] Fix version reporting for built-in connectors

---
 .../ucf/impl/builtin/ConnectorFactoryBuiltinImpl.java | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/provisioning/ucf-impl-builtin/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/builtin/ConnectorFactoryBuiltinImpl.java b/provisioning/ucf-impl-builtin/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/builtin/ConnectorFactoryBuiltinImpl.java
index 329ca852107..ba0d319e405 100644
--- a/provisioning/ucf-impl-builtin/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/builtin/ConnectorFactoryBuiltinImpl.java
+++ b/provisioning/ucf-impl-builtin/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/builtin/ConnectorFactoryBuiltinImpl.java
@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2017-2018 Evolveum and contributors
  *
  * This work is dual-licensed under the Apache License 2.0
@@ -108,7 +108,7 @@ private void discoverConnectorsIfNeeded() {
                         connectorMap.put(type, struct);
                     } catch (ClassNotFoundException e) {
                         LOGGER.error("Error loading connector class {}: {}", beanClassName, e.getMessage(), e);
-                    } catch (ObjectNotFoundException | SchemaException e) {
+                    } catch (SchemaException e) {
                         LOGGER.error("Error discovering the connector {}: {}", beanClassName, e.getMessage(), e);
                     }
                 }
@@ -117,7 +117,7 @@ private void discoverConnectorsIfNeeded() {
         }
     }
 
-    private ConnectorStruct createConnectorStruct(Class connectorClass, ManagedConnector annotation) throws ObjectNotFoundException, SchemaException {
+    private ConnectorStruct createConnectorStruct(Class connectorClass, ManagedConnector annotation) throws SchemaException {
         ConnectorStruct struct = new ConnectorStruct();
         //noinspection unchecked
         struct.connectorClass = connectorClass;
@@ -125,14 +125,14 @@ private ConnectorStruct createConnectorStruct(Class connectorClass, ManagedConne
         ConnectorType connectorType = new ConnectorType();
         String bundleName = connectorClass.getPackage().getName();
         String type = annotation.type();
-        if (type == null || type.isEmpty()) {
+        if (type.isEmpty()) {
             type = connectorClass.getSimpleName();
         }
         String version = annotation.version();
         UcfUtil.addConnectorNames(connectorType, "Built-in", bundleName, type, version, null);
         connectorType.setConnectorBundle(bundleName);
         connectorType.setConnectorType(type);
-        connectorType.setVersion(version);
+        connectorType.setConnectorVersion(version);
         connectorType.setFramework(SchemaConstants.UCF_FRAMEWORK_URI_BUILTIN);
         String namespace = CONFIGURATION_NAMESPACE_PREFIX + bundleName + "/" + type;
         connectorType.setNamespace(namespace);
@@ -140,6 +140,7 @@ private ConnectorStruct createConnectorStruct(Class connectorClass, ManagedConne
         struct.connectorObject = connectorType;
 
         PrismSchema connectorSchema = generateConnectorConfigurationSchema(struct);
+        //noinspection ConstantConditions (probably can be null in the future)
         if (connectorSchema != null) {
             LOGGER.trace("Generated connector schema for {}: {} definitions",
                     connectorType, connectorSchema.getDefinitions().size());

From df5b4b9190a7a3475eaac43d91932fa343839d57 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Sat, 23 Nov 2019 13:09:53 +0100
Subject: [PATCH 4/6] Soften ConnId errors logging (part of MID-5937)

---
 .../midpoint/provisioning/ucf/impl/connid/ConnIdUtil.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdUtil.java b/provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdUtil.java
index a9c811985c2..4ebe790b170 100644
--- a/provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdUtil.java
+++ b/provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdUtil.java
@@ -132,8 +132,10 @@ static Throwable processConnIdException(Throwable connIdException, String desc,
             throw new IllegalArgumentException("Null exception while processing ConnId exception ");
         }
 
-        LOGGER.error("ConnId Exception {} in {}: {}", connIdException.getClass().getName(),
-                desc, connIdException.getMessage(), connIdException);
+        // We intentionally do not use LOGGER.error here, to avoid dumping the stack unless the DEBUG logging is set.
+        // This is because ConnID errors often get handled in upper layers. See also MID-5937.
+        LoggingUtils.logExceptionAsWarning(LOGGER, "Got ConnId exception (might be handled by upper layers later) {} in {}: {}",
+                connIdException, connIdException.getClass().getName(), desc, connIdException.getMessage());
 
         if (connIdException instanceof RemoteWrappedException) {
             // brutal hack, for now

From cd658478510db734059ebf128d064d16a8dd2ae3 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Sat, 23 Nov 2019 15:42:30 +0100
Subject: [PATCH 5/6] Improve post-initial import INFO messages a bit

(with a small cleanup of the code)
---
 .../midpoint/init/PostInitialDataImport.java  | 114 ++++++++----------
 1 file changed, 52 insertions(+), 62 deletions(-)

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/init/PostInitialDataImport.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/init/PostInitialDataImport.java
index d112f204886..7a841a4766c 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/init/PostInitialDataImport.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/init/PostInitialDataImport.java
@@ -29,7 +29,6 @@
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.model.scripting_3.ExecuteScriptType;
 import com.evolveum.midpoint.xml.ns._public.model.scripting_3.ScriptingExpressionType;
 
@@ -37,10 +36,12 @@
  * @author lazyman
  * @author skublik
  */
-public class PostInitialDataImport extends DataImport{
+public class PostInitialDataImport extends DataImport {
 
     private static final Trace LOGGER = TraceManager.getTrace(PostInitialDataImport.class);
 
+    private static final String OPERATION_EXECUTE_SCRIPT = DOT_CLASS + "executeScript";
+
     private static final String SUFFIX_FOR_IMPORTED_FILE = "done";
     private static final String XML_SUFFIX = "xml";
 
@@ -63,18 +64,19 @@ public void init() throws SchemaException {
 
         SecurityContext securityContext = provideFakeSecurityContext();
 
-        int countImpotredObjects = 0;
+        int countImportedObjects = 0;
         int countExecutedScripts = 0;
 
         for (File file : files) {
-            if(FilenameUtils.getExtension(file.getName()).equals(SUFFIX_FOR_IMPORTED_FILE)) {
+            String fileExtension = FilenameUtils.getExtension(file.getName());
+            if (fileExtension.equals(SUFFIX_FOR_IMPORTED_FILE)) {
                 continue;
             }
-            if(!FilenameUtils.getExtension(file.getName()).equals(XML_SUFFIX)) {
+            if (!fileExtension.equals(XML_SUFFIX)) {
                 LOGGER.warn("Post-initial import support only xml files. Actual file: " + file.getName());
                 continue;
             }
-            Item item = null;
+            Item<?,?> item = null;
             try {
                 item = prismContext.parserFor(file).parseItem();
             } catch (Exception ex) {
@@ -82,29 +84,21 @@ public void init() throws SchemaException {
                 mainResult.recordFatalError("Couldn't parse file '" + file.getName() + "'", ex);
             }
 
-            if(item instanceof PrismProperty && (((PrismProperty)item).getRealValue() instanceof ScriptingExpressionType || ((PrismProperty)item).getRealValue() instanceof ExecuteScriptType)){
-                PrismProperty<Object> expression = (PrismProperty<Object>)item;
-                Boolean executeScript = executeScript(expression, file, task, mainResult);
-                if (executeScript) {
-                    file.renameTo(new File(file.getPath() + "." + SUFFIX_FOR_IMPORTED_FILE));
+            if (item instanceof PrismProperty && (item.getRealValue() instanceof ScriptingExpressionType || item.getRealValue() instanceof ExecuteScriptType)) {
+                //noinspection unchecked
+                PrismProperty<Object> expression = (PrismProperty<Object>) item;
+                if (executeScript(expression, file, task, mainResult)) {
+                    markAsDone(file);
                     countExecutedScripts++;
                 } else {
                     break;
                 }
             } else {
-                try {
-                    LOGGER.debug("Considering post-initial import of file {}.", file.getName());
-
-                    Boolean importObject = importObject(file, task, mainResult);
-                    if (importObject) {
-                        file.renameTo(new File(file.getPath() + "." + SUFFIX_FOR_IMPORTED_FILE));
-                        countImpotredObjects++;
-                    } else {
-                        break;
-                    }
-                } catch (Exception ex) {
-                    LoggingUtils.logUnexpectedException(LOGGER, "Couldn't import file {}", ex, file.getName());
-                    mainResult.recordFatalError("Couldn't import file '" + file.getName() + "'", ex);
+                if (importObject(file, task, mainResult)) {
+                    markAsDone(file);
+                    countImportedObjects++;
+                } else {
+                    break;
                 }
             }
         }
@@ -113,45 +107,41 @@ public void init() throws SchemaException {
 
         mainResult.recomputeStatus("Couldn't import objects.");
 
-        LOGGER.info("Post-initial object import finished ({} objects imported, {} scripts executed)", countImpotredObjects, countExecutedScripts);
-        if (LOGGER.isTraceEnabled()) {
-            LOGGER.trace("Initialization status:\n" + mainResult.debugDump());
+        LOGGER.info("Post-initial object import finished ({} objects imported, {} scripts executed)", countImportedObjects, countExecutedScripts);
+        LOGGER.trace("Initialization status:\n{}", mainResult.debugDumpLazily());
+    }
+
+    private void markAsDone(File file) {
+        if (!file.renameTo(new File(file.getPath() + "." + SUFFIX_FOR_IMPORTED_FILE))) {
+            LOGGER.warn("Renaming {} to indicate 'done' status was not successful", file);
         }
     }
 
     /**
-     * @param object
-     * @param task
-     * @param mainResult
      * @return true if it was success, otherwise false
      */
-    private <O extends ObjectType> Boolean importObject(File file, Task task, OperationResult mainResult) {
+    private boolean importObject(File file, Task task, OperationResult mainResult) {
         OperationResult result = mainResult.createSubresult(OPERATION_IMPORT_OBJECT);
         try {
-               LOGGER.info("Starting post-initial import of file {}.", file.getName());
-               ImportOptionsType options = new ImportOptionsType();
-               options.overwrite(true);
-               model.importObjectsFromFile(file, options, task, result);
-               result.recordSuccess();
-               return true;
-           } catch (Exception e) {
-               LoggingUtils.logUnexpectedException(LOGGER, "Couldn't import object from file {}: ", e, file.getName(), e.getMessage());
-               result.recordFatalError(e);
-
-               LOGGER.info("\n" + result.debugDump());
-               return false;
-           }
+            LOGGER.info("Starting post-initial import of file {}.", file.getName());
+            ImportOptionsType options = new ImportOptionsType();
+            options.overwrite(true);
+            model.importObjectsFromFile(file, options, task, result);
+            result.recordSuccess();
+            return true;
+        } catch (Exception e) {
+            LoggingUtils.logUnexpectedException(LOGGER, "Couldn't import object from file {}: ", e, file.getName(), e.getMessage());
+            result.recordFatalError(e);
+            LOGGER.info("\n{}", result.debugDump());
+            return false;
+        }
     }
 
     /**
-     * @param expression
-     * @param file
-     * @param task
-     * @param mainResult
-     * @return rue if it was success, otherwise false
+     * @return true if it was success, otherwise false
      */
-    private <O extends ObjectType> Boolean executeScript(PrismProperty<Object> expression, File file, Task task, OperationResult mainResult) {
-        OperationResult result = mainResult.createSubresult(OPERATION_IMPORT_OBJECT);
+    private boolean executeScript(PrismProperty<Object> expression, File file, Task task, OperationResult mainResult) {
+        OperationResult result = mainResult.createSubresult(OPERATION_EXECUTE_SCRIPT);
 
         try {
             LOGGER.info("Starting post-initial execute script from file {}.", file.getName());
@@ -163,7 +153,7 @@ private <O extends ObjectType> Boolean executeScript(PrismProperty<Object> expre
                         scripting.evaluateExpression((ScriptingExpressionType) parsed, task, result);
             result.recordSuccess();
             result.addReturn("console", executionResult.getConsoleOutput());
-            LOGGER.info("Executed {} as part of post-initial import with output: {}", expression, executionResult.getConsoleOutput());
+            LOGGER.info("Executed a script in {} as part of post-initial import. Output is:\n{}", file.getName(), executionResult.getConsoleOutput());
             return true;
         } catch (Exception ex) {
             LoggingUtils.logUnexpectedException(LOGGER, "Couldn't execute script from file {}", ex, file.getName());
@@ -204,15 +194,16 @@ private File[] getPostInitialImportObjects() {
 
     private File[] listFiles(File folder) {
         File[] files = folder.listFiles();
-        File[] retFiles =new File[0];
-        for(File file: files){
-            if(file.isFile()){
-                retFiles = (File[])ArrayUtils.add(retFiles, file);
-                continue;
-            }
-            if(file.isDirectory()){
-
-                retFiles = (File[])ArrayUtils.addAll(retFiles, listFiles(file));
+        File[] retFiles = new File[0];
+        if (files != null) {
+            for (File file : files) {
+                if (file.isFile()) {
+                    retFiles = (File[]) ArrayUtils.add(retFiles, file);
+                    continue;
+                }
+                if (file.isDirectory()) {
+                    retFiles = (File[]) ArrayUtils.addAll(retFiles, listFiles(file));
+                }
             }
         }
         return retFiles;
@@ -231,5 +222,4 @@ private boolean checkDirectoryExistence(String dir) {
             return false;
         }
     }
-
 }

From 7225c8a1e4a3852ebe5340cf4c33a67d3be71d4f Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Sat, 23 Nov 2019 15:42:42 +0100
Subject: [PATCH 6/6] Adapt TestConnectorDummyFake

---
 .../evolveum/midpoint/model/intest/TestConnectorDummyFake.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestConnectorDummyFake.java b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestConnectorDummyFake.java
index 1f8da3517be..47618efce57 100644
--- a/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestConnectorDummyFake.java
+++ b/model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestConnectorDummyFake.java
@@ -100,7 +100,7 @@ public void test010ListConnectors() throws Exception {
         result.computeStatus();
         TestUtil.assertSuccess("getObject result", result);
 
-        assertEquals("Unexpected number of connectors", 11, connectors.size());
+        assertEquals("Unexpected number of connectors", 12, connectors.size());
         for(PrismObject<ConnectorType> connector: connectors) {
             display("Connector", connector);
             ConnectorType connectorType = connector.asObjectable();