Deleted users should be removed, unless you have the box "Keep external users" checked in your oxTrust config. Once you miss a cache refresh cycle though, the update will not be sent, so you may have to manually remove the person from ldap using ldapdelete. Don't forget, there is also a mapping entry in the o=site database.

Yes, I have the box keep external users. Ok now is clear to me how it works. Just one question. As I missed the cycle, instead of manually delete them, will it work If I remove the snapshot folder content? will it delete them automatically? Thanks!!!

No, it won't work if you delete the snapshots. Because it will take a new snapshot (with the user missing). You unfortunately need to find the user in ldap, and then delete it. Use ldapsearch and ldapdelete commands in `/opt/opendj/bin` Not write the ldap directory manager password to `~/.pw` (and remove it when you're done). Figure out the org inum, o=... cd /opt/opendj/bin ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -b "o=gluu" -s one "objectclass=*" dn Figure out the person's inum ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -b "ou=people,o={orgInum},o=gluu" -s one "uid=<uid>" dn Figure out if the person has any sub-entries (clients, u2f devices...) ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -b "inum={personInum}ou=people,o={orgInum},o=gluu" "uid=<uid>" dn Then delete all the DNs (sub-entries first). ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw {dn}

Thank you very much!!! We will follow this. Should be easy as we are syncing just a small number of users.

Hi, Sergio. May I ask whether you still having this issue (with accounts deleted in a backend not being removed from Gluu's internal directory)? There is a chance it still can be a bug of sort. If you don't mind to delve into it, I can guide you and we'll try to gather some clues. First, could you let me know which version of Gluu CE package are you using? You can use next commands to get it: > Check Gluu's version on Ubuntu: > dpkg -l|grep gluu-server24 > Check Gluu's version on CentOS: > yum info gluu-server24 > rpm -qi gluu-server24 Then, please run this command (while staying in the Gluu's container) and post the result here: `/opt/opendj/bin/ldapsearch -p 1636 -s sub -T -Z -X -D 'cn=directory manager' -w 'YOUR-LDAP-PASSWORD' -b 'o=gluu' '(ou=people)'` YOUR-LDAP-PASSWORD is the same as your default admin password right after installation (if you didn't change it) Regards, Alex.

Hi, Our Gluu version is 2.4.0-2 This is the output of the command: dn: ou=people,o=@!DC26.BE76.0A9B.522A!0001!A55A.4B79,o=gluu ou: people objectClass: organizationalunit objectClass: top I don't know if we still have the issue as have not tested it yet. We will let you know. Thanks!! Regards.

Thanks, got it. We have found a possible cause of your problem, so it will be fixed in upcoming releases. But if you'll encounter it again, feel free to contact us and refer to this ticket - then I'll provide you a selection of tests to make sure this is the same issue.