Unable to remove user account from Provisioning Directory if the CA Directory target endpoint has the "memberOf" parameter set.

Document ID : KB000008090
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Scenario: 

I have in Identity Manager with a custom endpoint to CA Directory, when I assign a provisioning role to CA Directory (in this case named LDAP), it create account correctly in endpoint (CA Directory), so, then I revoke provisioning role or remove user from Identity Manager this show an errors but effectively the account in endpoint was deleted and in User Store from Identity Manager, but it was not deleted from Provisioning Server and it looks as if the account still exists. 

With this scenario if the user is created again it seems to have already had the assigned provisioning role but without the created account 

 

Error:

2017-07-09 06:02:52,888 | DEBUG | Worker-thread-17 | RetryOpProcessorProxy | 131 - com.ca.jcs.core - 1.1.0.20170325 | 

class com.ca.jcs.jndi.JNDIMetaConnector: LDAP [eTDYNDirectoryName=LDAP,eTNamespaceName=LDAP,dc=im,dc=etasa]: 

no retry group found matching exception text 'org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: JCS@vapp: JNDI: 

[LDAP: error code 32 - No Such Object]: failed to lookup cn=johndoe,ou=users,dc=company,dc=gov,dc=co' 

 

Environment:
1. CA Identity Suite Virtual Applicance 14 SP1 2. CA Directory 12.0.18 Build 12074
Cause:

Bug on Java Connector Server

Resolution:

HF-DE307959-20170804-0001.tgz.gpg