ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unable to remove user account from Provisioning Directory if the CA Directory target endpoint has the "memberOf" parameter set.


Article ID: 8090


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal



I have in Identity Manager with a custom endpoint to CA Directory, when I assign a provisioning role to CA Directory (in this case named LDAP), it create account correctly in endpoint (CA Directory), so, then I revoke provisioning role or remove user from Identity Manager this show an errors but effectively the account in endpoint was deleted and in User Store from Identity Manager, but it was not deleted from Provisioning Server and it looks as if the account still exists. 

With this scenario if the user is created again it seems to have already had the assigned provisioning role but without the created account 



2017-07-09 06:02:52,888 | DEBUG | Worker-thread-17 | RetryOpProcessorProxy | 131 - - | 

class LDAP [eTDYNDirectoryName=LDAP,eTNamespaceName=LDAP,dc=im,dc=etasa]: 

no retry group found matching exception text ' [email protected]: JNDI: 

[LDAP: error code 32 - No Such Object]: failed to lookup cn=johndoe,ou=users,dc=company,dc=gov,dc=co' 



Bug on Java Connector Server


1. CA Identity Suite Virtual Applicance 14 SP1 2. CA Directory 12.0.18 Build 12074