This has been identified as product defect 289838 (previously tracked as Defect ID 452404).
WORKAROUND 1
In the case of Deprovisioning a User object, you may choose to modify the Deprovisioning policy so that the Distinguished Name of the target object is not changed.
WORKAROUND 2
In the case of Deprovisioning a User object, it is possible to change the default Suspend action for the SPML Provider so that it performs a Deprovision instead.
On the machine hosting the SPML Provider, edit the SPML.config file. By default, this is located in C:\Program Files\Quest Software\SPML Provider\Web
Find the following section:
<suspend>
<appliesTo>
<class>user</class>
</appliesTo>
<suspendAction>disable</suspendAction>
</suspend>
Change to match the following:
<suspend>
<appliesTo>
<class>user</class>
</appliesTo>
<suspendAction>deprovision</suspendAction>
</suspend>
Now, instead of the actions taken previously, send a Suspend command to a User object when a Deprovisioning is needed. For more information, please reference the documentation included with the SPML Provider.
WORKAROUND 3
It is possible to include a flag with the SPML command so that it does not wait for the results of the request, but instead will return a success as long as the command is received by the SPML Provider.
The SPML command will contain a line similar to this:
<spml:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0">
Modify it to match the following:<spml:modifyRequest xmlns:spml="urn:oasis:names:tc:SPML:2:0" returnData="nothing">
STATUS
An Enhancement Request has been created to enhance/improve this behavior. There is no guarantee that a specific enhancement request will be implemented in a future release of the product.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center