When you work with two TDI configurations, which is a very common scenario
in a setup where you also have external users, it could occur that profiles
aren’t marked as inactive anymore. Even if the account of the user
is deleted from the LDAP directory.
This could be caused by the facts that:
1. you work with two TDI configurations which requires a specific setup for
both TDI configs. This prevents that the one TDI sync process marks all the
profiles provided by the other TDI solution as inactive and visa versa.
These are the settings for profiles-tdi.properties
2, in the situation that the LDAP filter or the LDAP host is changed
after the user profiles where populated.
In order to prevent this you should come up with a LDAP filter to rule theme all
and stick to it or update the PROF_SOURCE_URL column for all profiles to
keep it “synced” with the current LDAP host and LDAP filter in use by the TDI
The PROF_SOURCE_URL is built as follows from the following
source_ldap_url + ‘/’ + source_ldap_search_base + ‘?’ source_ldap_search_filter
To make difference between the Profiles that are internal and external you can
use the PROF_MODE column. If it is set to 1 it indicates an external user profile
and 0 is for an internal user profile.
update EMPINST.EMPLOYEE set PROF_SOURCE_URL='ldap://lcalhost:389/dc=base,dc=com?(objectClass=person)' WHERE PROF_MODE=0;
Credits for this fix go to my colleague Remco.