OIM Delayed Delete

From: Leroy Kemnitz <lkemnitz_at_uwsa.edu>
Date: Mon, 19 Feb 2018 17:36:26 +0000
Message-ID: <DM3PR17MB0809A8F5B05C2003DEBFF81AB6C80_at_DM3PR17MB0809.namprd17.prod.outlook.com>

All -

I am running OIM on Linux that syncs users to OID 11, Oracle 12 database.

I have a requirement from my security team to automatically start the delayed delete process for a database end user that has an expired password. The user would remain in the 'Disabled' state for 9 months. They should be 'Deleted' after 9 months.

I understand how to configure the delayed delete process for the 9 months. I setup my password policy to expire passwords as needed. The part that I need help with is the automating.

I have been searching for days in the docs and can't seem to find a solution. Can I modify the expired password task to call the delayed delete task for each user that it finds to be expired? If so, how? I tried one workaround and created triggers on the base tables to set dates in the delete_automatically_on field when the account is expired, but that is not disabling the accounts in OID.

Has anyone dealt with this? If so, how did you handle it? Point me in the right direction!?!?


Received on Mon Feb 19 2018 - 18:36:26 CET

Original text of this message