CAIM 14.2 Build 387 - JNDI Endpoint Account Deletion/Deprovisioning Failure
search cancel

CAIM 14.2 Build 387 - JNDI Endpoint Account Deletion/Deprovisioning Failure


Article ID: 94302


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal


When attempting to delete and/or deprovision an endpoint account via a custom JNDI connector, we are experiencing an issue where the connector returns an error "JNDI: badly behaved endpoint: no response controls returned for support SimplePaging".
When this occurs, the account on the endpoint is actually deleted but the endpoint account reference object in the IMPD remains..
After having encountered this issue, we have deployed the JNDI override 'connector.xml' with ' false ' added to the file, (connector.xml attached).
Testing with this configuration has resulted in a different error:
'( ERROR - class CA ISD [eTDYNDirectoryName=## ISD,eTNamespaceName=## ISD,dc=###,dc=etasa]: class failed proxy call on public abstract void throws javax.naming.NamingException DELETE operation was skipped java.lang.ArrayIndexOutOfBoundsException: 1'. Unlike the previous issue, the endpoint account is not deleted.


Release: 14.x
Component: IDMGR


This is due to an undocumented change between 12.6 SP2 and 14.2 which added a new parameter to connector.xml.


In order for this use case to be configured correctly the following has to be performed:
1. We require a connector.xml file (copy the sample to connector.xml)
2. Due to the directory's usage of dynamic groups we needed to add the property forcePagedResults = false. This allows the dynamic groups to be seen.
3. In order to overcome the delete error, the disableDeleteAssociations block in the (new) connector.xml should be commented out all together.

Additional Information