How to delete unwanted entries from the CA IDM Directory

book

Article ID: 220540

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite CA Directory

Issue/Introduction

Some entries have been created with "special characters" that are not recognized by IM and are causing search issues. We would like to remove those entries from the directory. 

 

Cause

When groups are created in bulk using the dx commands, some non-ascii characters have been fed into the system by mistake.

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

 

CA Identity Manager (IM) 14.x is running with CA directory 14.x as the userstore.  

Resolution

As the characters are UTF-8 or base64 encoded when they are dumped into LDIF file they appear in an encoded format.

For example:

dn:: sdfsfkoporhqmamsdf=

and

cn:: jnhiuwapmds01=

Having dumped the data (dxdumpdb) the next action is to identify and remove the erroneous entries from LDIF and then reload it (dxloaddb).  However, we strongly recommend testing the import against the test directory before overwriting production data.

For example:

a) Remove all erroneous entries from LDIF (e.g. name it removed.ldif)
b) dxserver stop test
c) dxemptydb test
d) dxloaddb test removed.ldif
e) dxserver start test
f) Connect via JXplorer and review the results.

 

Attachments