SpanVA includes a protection feature designed to prevent the unintended mass deletion of user accounts. Such events may occur due to configuration errors, changes in the LDAP directory structure, or unexpected LDAP responses. The protection mechanism allows administrators to review and confirm significant account changes before they are applied in a production environment.

This feature, integrated into the LDAP server profile settings, monitors and controls the proportion of user accounts that can be deleted during each LDAP (or Active Directory) sync cycle. 

1. Percentage Threshold:

The system calculates the ratio of accounts marked for deletion against the total number of accounts returned by the LDAP query. It then compares this ration to a configured "Deletion Protection" threshold.

2. Action on Exceeding Threshold:

Example:

Suppose that the LDAP query of a SpanVA profile returns 100 user accounts, and suppose that the "Deletion protection" threshold is set at 10%

During a sync cycle, if 10 or more user accounts are marked for deletion, the system will automatically stop that cycle preventing the change from taking effect.

Admin Intervention:

If the admin reviews the pending escaped deletions and approves them, manual intervention is required. The admin may either:

- Temporarily disable the deletion protection feature

OR

- Increase the threshold percentage limit, apply the change, and then restore the original setting once the desired result is achieved.

Valid value:

The setting accepts only integer values without decimals or a percentage sign

for example, for a "10%" limit, enter "10" (not "10%", or "10.0")

Examples of incorrect values: