Deleted user account comes again automatically

This topic has 14 replies, 5 voices, and was last updated 6 years, 4 months ago by Firos.

  • Author
  • #8568

    1) I created user “tester” with mailId [email protected]
    2) I created another user “user1” with mailId [email protected] (same user Id as of user1)
    3) Deleted both users
    4) Added again “user1” with mailId [email protected] (same user Id as of user1)

    – I cannot authenticate using “user1” mailId and password
    – But i can authenticate using “tester” mailId and password (deleted user’s password and mail is working not takes actual users password)

    How to solve this?

    Any kind of cache makes the issue?

    • This topic was modified 6 years, 5 months ago by Firos.

    Hi there,

    Which version of OpenDJ are you using?




    OpenDJ 2.7


    Can I see the data that DJ keeps?


    Help me pls…


    OpenDJ 2.7 is not a released version, it represents development builds that happened somewhere between the release of 2.6.x and 3.0.
    It will be hard to provide help without further details but when an entry is deleted in OpenDJ, it is completely removed and no longer accessible. There is no cache by default.
    What is your client application ?
    Does it have a cache ?


    Yes you are right.
    Its 2.6 not 2.7
    I have tried to access user using OpenAM API


    OpenAM is not a provisioning/ deprovisioning product. While it may have a few APIs to add users, it is preferable to use OpenDJ or LDAP tools to add and delete users. Or use a full Identity Management solution such as OpenIDM.


    I got it. Thanks for your suggestion and i will check with it.

    But issue still exists

     Chris Ridd

    LDAP binds with a DN and not a mail address, so there is at least one more step occurring during your bind procedure; this is likely to be some kind of SEARCH operation for the mail address that returns the DN to bind as.

    Do you have access logs that show the entry being deleted? Can you show that a search for the mail address only returns one entry before the entry is deleted? Maybe you’re getting two returned and your client isn’t detecting this and just choosing to use the first one. Can you see any ADD operations for the user’s DN in the logs?

    Are there any errors being logged in DJ’s error log, like replication conflicts?


    Issue cleared automatically without any change after some days…..

    Only thing i did is, replaced mailid(which made the issue) with another one. Today i changed new one with old one, no issue found now.

    I believe, the issue with some kind of cache happening some where.

    But not sure or don’t know where the caching occurs and how.


    Yes the issue arises while we update OpenDJ entry directly without using OpenAM.

    No issue exists if we update OpenDJ entry using OpenAM.

    That means OpenAM raising the issue using its cache.

     Ian Packer

    There is a useful section in the OpenAM docs for this:!/docs/openam/13/admin-guide/chap-tuning#caching

    If your configuration is fairly ‘out of the box’, then you should probably check that your DataStore persistent search is configured and working correctly first.


    Ian ,its highly useful link

    • This reply was modified 6 years, 4 months ago by Firos.

    Got the issue “DN Cache” was in action.

    And the issue resolved by just disabling the “DN Cache”

    Thank You all

    • This reply was modified 6 years, 4 months ago by Firos.
Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?