I have in Identity Manager with a custom endpoint to CA Directory, when I assign a provisioning role to CA Directory (in this case named LDAP), it create account correctly in endpoint (CA Directory), so, then I revoke provisioning role or remove user from Identity Manager this show an errors but effectively the account in endpoint was deleted and in User Store from Identity Manager, but it was not deleted from Provisioning Server and it looks as if the account still exists.
With this scenario if the user is created again it seems to have already had the assigned provisioning role but without the created account
2017-07-09 06:02:52,888 | DEBUG | Worker-thread-17 | RetryOpProcessorProxy | 131 - com.ca.jcs.core - 18.104.22.16870325 |
class com.ca.jcs.jndi.JNDIMetaConnector: LDAP [eTDYNDirectoryName=LDAP,eTNamespaceName=LDAP,dc=im,dc=etasa]:
no retry group found matching exception text 'org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: JCS@vapp: JNDI:
[LDAP: error code 32 - No Such Object]: failed to lookup cn=johndoe,ou=users,dc=company,dc=gov,dc=co'