Ldap Deletion of User deletes Entry in Group uniqueMember

Question

i am deleting a user in Tivoli ldap using spring ldaptemplate -> ldaptemplate.unbind().

When i delete a user its DN automatically gets deleted from uniqueMember of Groups.

Can someone tell me how and why this scenario happens?

---

I try to create a new Attribute Organization in Users and put Org DN in it but when i delete organisation this DN is not remove.

Is there a setting i am missing which is present in UniqueMember and not in my custom attribute which will auto delete the organisation DN from my Users branch

---

Update: I found a Way to Handle this in Theory but i am not able to implement it https://www.ibm.com/support/knowledgecenter/SSVJJU_6.3.0/com.ibm.IBMDS.doc/plugin198.htm

Has anyone tried this? if someone can point me to an example

Answer 1

The cascade delete could be a result of a trigger. Perhaps these post operations will point you in the right direction of how the implement your requirement.

Answer 2

The fact that your user is removed from a group when the user is removed is a common behaviour of LDAP directories which manage the membership that way.

If a user is deleted, it will maintain the integrity of the members of the group and remove the non existing user in these groups.

The group membership behaviour is generally linked to the objectClasses which represent a group.

I don't know if it is possible to extend this behaviour on custom objectClass tivoli.

Update :

From what I understand of the documentation you linked, what I would do would be :

• Add to the user an attribute (which I think must be of the DN syntax). We will call this attribute organization

• Add the plugin configuration file in tivoli containing this confiruration :

  at=organization
  dn=dc=example,dc=com
  

• Add the DN of an organization to the user organization attribute

• Try to remove the organization to see if it is reflected