ldap_clean command

Remove only those objects that are older than the age limit setting when the Recycle Bin feature in ISIM is enabled. For example, if the age limit setting is 62 days (the default value), only objects that are older than 62 days can be deleted.

Usage

CLI.

isimvasvr > isim
isimvasvr: isim > utilities
isimvasvr: utilities > ldap_clean
isimvasvr: ldap_clean >

IBM Security Identity Manager has a feature where we can enable a recycle bin. It is disabled by default..

To enable the recycle bin, edit the enrole.recyclebin.enable property in enRole.properties.

If enabled, then when you delete IBM Security Identity Manager objects (such as organization units, persons, or accounts), the objects are not immediately removed from the directory server. Instead, they are moved to a recycle bin container in directory server. This feature is useful in many scenarios. For example, to avoid assigning an old user IDs to a new user, the assignment process might check the recycle bin to determine whether an old user ID exists.

Emptying the recycle bin is a separate process, called "garbage collection", that involves manually running a cleanup script..

The Recycle Bin Age Limit, specifies the number of days an object remains in the system's recycle bin before it becomes available for deletion by manually running the cleanup script. The Recycle Bin Age Limit protects objects in the recycle bin from cleanup scripts for the specified length of time..

To specify the age limit, edit the property enrole.ldapserver.agelimit in the enRole.properties file..

Example

Remove objects from ISIM recycle bin.

At the isimvasvr: utilities prompt, enter ldap_clean.

Running ldap clean utility. Remove old entries in Recycle Bin of Directory Server LDAP clean is successful.

Parent topic: utilities commands