-
Title
Object deletion does not get synchronized to target domain when advanced filter is used in synchr -
Description
Object deletion does not get synchronized to target domain when advanced filter is used in synchronization scope, for example (nondefaultschemaattribute=qmm)
Last entry in the dsa.log file regarding deleted object is similar to the following:
11/03/11 14:44:48 (GMT+01:00) Source JobID:0 -> OU Mapping Handler started with 2 objects
11/03/11 14:44:48 (GMT+01:00) Source JobID:0 -> Found parent CN=Users,DC=company,DC=lab for deleted object LDAP://LABDC.COMPANY.LAB/CN=Test User\0ADEL:d685e0dc-d284-40eb-bc70-47fbfd06fc39,CN=Deleted Objects,DC=company,DC=lab....
11/03/11 14:44:48 (GMT+01:00) Source JobID:0 -> throwing LDAP://LABDC.COMPANY.LAB/CN=Test User\0ADEL:d685e0dc-d284-40eb-bc70-47fbfd06fc39,CN=Deleted Objects,DC=company,DC=lab...
11/03/11 14:44:48 (GMT+01:00) Source JobID:0 -> OU Mapping Handler finished with 1 objects -
Cause
This can be caused by the corresponding attribute value being cleared when the object is deleted, then the tombstone object does not match the advanced filter anymore and since they are now out of scope, their deletion is not synchronized to the target.
-
Resolution
Modify the schema in the source environment to add 8 to searchflags value of the corresponding attribute, then the attribute values will remain when the object is tombstone. Another option is to set up a different filter which puts users into sync, using the attribute that is not getting cleared upon object being deleted.