Deleting SecureLogin applications does not reduce size of "entries" attribute held in the directory

  • 7014437
  • 21-Jan-2014
  • 05-Sep-2017

Environment

Novell SecureLogin
NetIQ SecureLogin
NSL7.x
NSL8

Situation

Unable to reduce the number of values in protocom-sso-entries in AD environment as shown by adsiedit
Deleting SecureLogin applications does not reduce size of SecureLogin entries "blob" stored in the directory
Deleting application definitions does not decrease entries shown by directory tools

Resolution

Create the DWORD registry value called ObituaryRecordsDeletion and specify the number of days to keep deleted data before purging it.  This value should be created under HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin

Setting this value to 0 will result in deleted entries being immediately purged from the directory.  This value needs to be set on the workstation where the SecureLogin Client is installed.  Set it on workstations where desired users will be logging in.  After setting the registry value, login to SecureLogin as a  problem user.

Cause

By default deleted SecureLogin entries will remain as "obituary records" for 90 days after such entries are deleted.  

Status

Reported to Engineering

Additional Information

Note:  The ObituaryRecordsDeletion value controls the length of time deleted values are kept on USER objects.  It does not control how long deleted values (obituary records) are held on a container.  Enhancement request has been entered requesting a similar setting for containers.