Unable to remove user account from Provisioning Directory if the CA Directory target endpoint has the "memberOf" parameter set.

book

Article ID: 8090

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

Scenario: 

I have in Identity Manager with a custom endpoint to CA Directory, when I assign a provisioning role to CA Directory (in this case named LDAP), it create account correctly in endpoint (CA Directory), so, then I revoke provisioning role or remove user from Identity Manager this show an errors but effectively the account in endpoint was deleted and in User Store from Identity Manager, but it was not deleted from Provisioning Server and it looks as if the account still exists. 

With this scenario if the user is created again it seems to have already had the assigned provisioning role but without the created account 

 

Error:

2017-07-09 06:02:52,888 | DEBUG | Worker-thread-17 | RetryOpProcessorProxy | 131 - com.ca.jcs.core - 1.1.0.20170325 | 

class com.ca.jcs.jndi.JNDIMetaConnector: LDAP [eTDYNDirectoryName=LDAP,eTNamespaceName=LDAP,dc=im,dc=etasa]: 

no retry group found matching exception text 'org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: [email protected]: JNDI: 

[LDAP: error code 32 - No Such Object]: failed to lookup cn=johndoe,ou=users,dc=company,dc=gov,dc=co' 

 

Cause

Bug on Java Connector Server

Environment

1. CA Identity Suite Virtual Applicance 14 SP1 2. CA Directory 12.0.18 Build 12074

Resolution

HF-DE307959-20170804-0001.tgz.gpg