There are many scenarios that can utilize a policy in which a user account for a connected application is deleted and the Identity Vault account remains. In the Finance scenario, there is a requirement to delete the GroupWise account and deprovision the SecretStore credentials when the user's Identity Vault employeeStatus attribute value is set to āIā. To handle this situation, the GroupWise driver's Subscriber Event Transformation contains a policy to transform the modify attribute value into an object delete. Because the eDirectory account name is still needed after the <delete> command is completed, the <operation-data> event needs to be set on the <delete> command so it is available to the SecretStore deprovisioning policy in the Input Transformation policy.
<operation-data> <nss-sync-data> <nss-target-user-dn> cn=GLCANYON,ou=finance,o=Testco Financials </nss-targer-user-dn> </nss-sync-data> </operation-data>
The policy for transforming the <modify> event into a <delete> and creating this element is available in XML format in a file called SampleSubEventTransform.xml files in the cred_prov folder in the utilities directory on the Identity Manager 3.0 Support Pack 1 media.
After the policy is created, proceed to Section 6.0, Managing Novell Credential Provisioning Policies.