When the LDAP sync occurs, whether according to schedule or on demand, users not passing through the LDAP filter are not removed.
For example, the user viptestuser is created in the cloud using SSP IDP. Viptestuser is deleted from the AD, and LDAP sync is manually run. However, the user is not deleted.
In the example above, LDAP sync sees the user “viptestuser“ in the cloud as an Anonymous user since it cannot find an account for user “viptestuser“ on the AD.
Anonymous users are not deleted from the cloud. This is expected behavior
User created in the cloud using SSP IDP must be bound by running LDAPSync in RunOnce mode or in Service mode before any modification/deletion is done to this user.
Once a user is created in the cloud using SSP IDP and before doing any modification or deletion to this user, an LDAP sync must be completed either in Service or RunOnce mode to create stored bindings for that user. LDAPSync then recognizes that the user “viptestuser“ was created through the VIP Enterprise Gateway and not through VIP Manager. These bindings allow LDAP to manage this user (and all other users bound via the LDAP sync) from then on. After the next sync operation, that bound user will be deleted from the cloud.
Imported Document ID: SO22321
Subscribing will provide email updates when this Article is updated. Login is required.