IDM 4.0.1
AD driver 3.5.16

In deletion operation we see the below error when a user has the child
object in AD.


Driver: \IGS-PROD\havigs\Services\IDM\igs-DriverSet\InternalAD
Channel: Subscriber
Object: \IGS-PROD\igs\Users\Internal\APMEA\kip
Status: Error
Message: <ldap-err ldap-rc="66"
ldap-rc-name="LDAP_NOT_ALLOWED_ON_NONLEAF">
<client-err ldap-rc="66" ldap-rc-name="LDAP_NOT_ALLOWED_ON_NONLEAF">Not
allowed on Non-leaf</client-err>
<server-err>00002015: UpdErr: DSID-031A0F93, problem 6003
(CANT_ON_NON_LEAF), data 0
</server-err>
<server-err-ex win32-rc="8213"/>
</ldap-err>

[08/15/12 08:44:17.968]:InternalAD ST:End transaction.


I have this policy ( in Command Transformation subscription channel) to
delete non-leaf user object

<rule disabled="true">
<description>delete leaf objects of a user container</description>
<comment xml:space="preserve">this rule deletes all objects contained by
another object prior to
its deletion</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-operation mode="case" op="equal">delete</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="lv.query" scope="policy">
<arg-node-set>
<token-query>
<arg-association>
<token-association/>
</arg-association>
</token-query>
</arg-node-set>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-local-variable name="lv.query"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="lv.destdn" scope="policy">
<arg-string>
<token-xpath expression="$current-node//@src-dn"/>
</arg-string>
</do-set-local-variable>
<do-delete-dest-object direct="true">
<arg-dn>
<token-local-variable name="lv.destdn"/>
</arg-dn>
</do-delete-dest-object>
</arg-actions>
</do-for-each>
</actions>
</rule>

The above policy works fine for the below scenario

AD Tree structure like this

user ID
|__ child1
|__ child2


But when i have the tree structure like below it only deletes the leave
object (sub-child1 and sub-child2)

user ID
|__child1
........... |_Sub-child1
........... |_Sub-child2

Can some one help to fix this ?


--
lvaradha
------------------------------------------------------------------------
lvaradha's Profile: https://forums.netiq.com/member.php?userid=226
View this thread: https://forums.netiq.com/showthread.php?t=47609