Removing an endpoint object can be the easiest LDAP operation to implement in a connector. In general, this operation does not involve any object attributes, but simply requires passing the naming identifier of the object to the delete method on the endpoint system.
To remove an object from the endpoint system, implement the doDelete method in the CA IAM CS SDK:
public void doDelete(ObjectInfo info)
Verify that the object you want to delete exists. To verify that the object exists, retrieve the naming identifier from the ObjectInfo parameter and call your endpoint system SDK existence check or search method.
Note: For more information, see com/ca/jcs/processor/OpProcessor.html#doDelete(com.ca.jcs.ObjectInfo) in the CA IAM CS Javadoc in the CA IdentityMinder bookshelf, and the SDK Sample connector for a complete sample implementation.
If the object is not in the endpoint system, throw the following exception: org.apache.directory.shared.ldap.exception.LdapNameNotFoundException
boolean isThere = api.searchForObject(info.getName());
if(!isThere)
{
throw new LdapNameNotFoundException(
info.getLdapDn() + " does not exist");
}
Next, call the delete method using your endpoint system API.
A common problem when deleting objects is that the credentials used by the connector contain insufficient privileges to perform a deletion.
Note: For more information, see, org.apache.directory.shared.ldap.exception.LdapNoPermissionException.
Write your code to account for a possible transient condition, such as a communication exception. In this case, throw the following exception: org.apache.directory.shared.ldap.exception.LdapServiceUnavailableException.
If necessary, perform subsequent cleanup on any other objects that contain references to the object that you deleted. For example, membership references to this account can exist in other group objects.
Some APIs (especially those not supporting transactional behavior) can prevent an object from being deleted before all references to it have been cleaned up. In this case, either to inform your customers of this restriction, or code your doDelete() method to clean up references before deleting the target object (probably by calling its implementation of com.ca.jcs.assoc.AssocAttributeOpProcesso.doDeleteAssocs()).
If possible, use the AttributeStyleProcessor doSearch(ObjectInfo info) and doDelete(ObjectInfo info) methods as a basis for your own custom logic if the association handling logic built into CA IAM CS is not sufficient. However if your connector uses any structural converters, we recommend that you carefully examine the format of the search results returned by calling doSearch(). In particular, the search results have relative (rather than absolute DNs) and are in connector-speak. However, if structural converters are used, use com.ca.jcs.meta.MetaObjectClassMapping.unflatten() before changing attribute values and flatten() after changing the values.
|
Copyright © 2013 CA.
All rights reserved.
|
|