CAIM 14.2 Build 387 - JNDI Endpoint Account Deletion/Deprovisioning Failure

Document ID : KB000094302
Last Modified Date : 03/05/2018
Show Technical Document Details
Question:
When attempting to delete and/or deprovision an endpoint account via a custom JNDI connector, we are experiencing an issue where the connector returns an error "JNDI: badly behaved endpoint: no response controls returned for support SimplePaging". When this occurs, the account on the endpoint is actually deleted but the endpoint account reference object in the IMPD remains.. Bug #0006 opened on validate.ca.com for this issue. After having encountered this issue, we have deployed the JNDI override 'connector.xml' with ' false ' added to the file, (connector.xml attached). Testing with this configuration has resulted in a different error: '(AssocAttributeOpProcessorProxy.java:404) ERROR - class com.ca.jcs.jndi.JNDIMetaConnector: CA ISD [eTDYNDirectoryName=CA ISD,eTNamespaceName=CA ISD,dc=idv,dc=etasa]: class com.ca.jcs.assoc.AssocAttributeOpProcessorProxy: failed proxy call on public abstract void com.ca.jcs.processor.OpProcessor.doDelete(com.ca.jcs.ObjectInfo) throws javax.naming.NamingException DELETE operation was skipped java.lang.ArrayIndexOutOfBoundsException: 1'. Unlike the previous issue, the endpoint account is not deleted.
Answer:
Their was a change somewhere between 12.6 SP2 and 14.2 which added a new parameter to connector.xml that is not documented. In order for this use case to be configured correctly the following was performed: 1. We require a connector.xml file (copy the sample to connector.xml) 2. Due to the directory's usage of dynamic groups we needed to add the property forcePagedResults = false. This allows the dynamic groups to be seen. 3. In order to overcome the delete error we needed to add an undocumented property entitled disableDeleteAssociations. The format of the property is: ENDPOINT_TYPE:ENDPOINT_NAME In our case the endpoint type and name are both 'CA ISD'. Please do not close this item until a KB article is created (at a minimum). It is strongly recommended that the docops page (https://docops.ca.com/ca-identity-manager/14-2/EN/programming/connector-programming-reference/configuration-files/connector-xml-files) is enhanced to document all the configuration parameters, their purpose, their potential values.