Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

Error when deleting an object from DS using the REST API in IDM (All versions)

Last updated Apr 8, 2021

The purpose of this article is to provide assistance if you receive an error or a 404 response when attempting to delete an object, such as a user, from DS using the REST API in IDM. This information also applies when you are connecting to other external LDAP servers.


Symptoms

With a curl command such as:

  • IDM 7 and later: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" "http://localhost:8080/openidm/system/ldap/account/uniqueidentifier=jdoe,ou=People,dc=example,dc=com"
  • Pre-IDM 7: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" "http://localhost:8080/openidm/system/ldap/account/uniqueidentifier=jdoe,ou=People,dc=example,dc=com"

where the entry DN does exist but is actually (with ou value all in lower case):

uniqueidentifier=jdoe,ou=people,dc=example,dc=com

The response is:

<"code":404,"reason":"Not Found","message":"">

Recent Changes

Installed or upgraded IDM.

Causes

IDM is case sensitive by default, whereas DS (and other LDAP servers) are not; therefore, the REST API in IDM can only delete an object if the case of the uniqueidentifier in the REST call exactly matches the entry DN in DS.

Solution

This issue can be resolved in one of two ways:

  • Standardize the data in DS so that all entry DNs use the same case.
  • Enable the CaseInsensitiveFilter to make REST calls case insensitive.

You can enable the CaseInsensitiveFilter by including the following in your LDAP provisioner config file (for example, provisioner.openicf-ldap.json), which is located in the /path/to/idm/conf directory:

"resultsHandlerConfig" :       {           "enableNormalizingResultsHandler" : true,           "enableFilteredResultsHandler" : true,           "enableCaseInsensitiveFilter": true,           "enableAttributesToGetSearchResultsHandler" : true        }

See Also

IDM (All versions) connector returns null search result

Synchronization Guide › Reconcile With Case-Insensitive Data Stores

REST API Reference

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.