The PingDirectory Server’s change log backend's
changelog-deleted-entry-include-attribute property specifies which
attributes should be recorded in the change log entry during a DELETE operation.
Normally, PingDataSync cannot correlate a deleted
entry to the entry on the destination. If a Sync Class is configured with a filter, such
include-filter: objectClass=person," the
objectClass attribute must be recorded in the change log entry.
Special correlation attributes (other than DN), will also need to be recorded on the
change log entry to be properly synchronized at the endpoint server.
On each PingDirectory Server backend, use the
dsconfig command to set the property.
$ bin/dsconfig set-backend-prop --backend-name changelog \ --set changelog-deleted-entry-include-attribute:objectClass
If the destination endpoint is an Oracle/Sun DSEE (or Sun DS) server, the Sun DSEE server does not store the value of the user deleting the entry, specified in the modifiers name attribute. It only stores the value of the user who last modified the entry while it still existed.
To set up a Sun DSEE destination endpoint to record the user who deleted the entry, use the Ping Identity Server SDK to create a plugin, as follows:
Update the Sun DSEE schema to include a
deleted-by-syncauxiliaryobjectclass. It will only be used as a marker objectclass, and not require or allow additional attributes to be present on an entry.
Update the Sun DSEE Retro Change Log plugin to include the
deleted-by-sync auxiliaryobjectclass as a value for the
LDAPSyncDestinationPluginscript that in the
preDelete()method modifies the entry that is being deleted to include the
Update the Sync Class filter that is excluding changes by the Sync User to also