IDM 4.0.1
AD driver 3.5.16

In deletion operation we see the below error when a user has the child
object in AD.

Driver: \IGS-PROD\havigs\Services\IDM\igs-DriverSet\InternalAD
Channel: Subscriber
Object: \IGS-PROD\igs\Users\Internal\APMEA\kip
Status: Error
Message: <ldap-err ldap-rc="66"
<client-err ldap-rc="66" ldap-rc-name="LDAP_NOT_ALLOWED_ON_NONLEAF">Not
allowed on Non-leaf</client-err>
<server-err>00002015: UpdErr: DSID-031A0F93, problem 6003
(CANT_ON_NON_LEAF), data 0
<server-err-ex win32-rc="8213"/>

[08/15/12 08:44:17.968]:InternalAD ST:End transaction.

I have this policy ( in Command Transformation subscription channel) to
delete non-leaf user object

<rule disabled="true">
<description>delete leaf objects of a user container</description>
<comment xml:space="preserve">this rule deletes all objects contained by
another object prior to
its deletion</comment>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-operation mode="case" op="equal">delete</if-operation>
<do-set-local-variable name="lv.query" scope="policy">
<token-local-variable name="lv.query"/>
<do-set-local-variable name="lv.destdn" scope="policy">
<token-xpath expression="$current-node//@src-dn"/>
<do-delete-dest-object direct="true">
<token-local-variable name="lv.destdn"/>

The above policy works fine for the below scenario

AD Tree structure like this

user ID
|__ child1
|__ child2

But when i have the tree structure like below it only deletes the leave
object (sub-child1 and sub-child2)

user ID
........... |_Sub-child1
........... |_Sub-child2

Can some one help to fix this ?

lvaradha's Profile:
View this thread: