If you delete a User object in LDAP, the objects in the trust/configuration datastore related to that user can become orphaned. The system uses these objects for federated identity and user profiles. Currently, there are no known issues related to orphaned identity objects, but they might affect system performance. Orphaned user profile objects might also affect user lookup operations, and therefore you should remove them.
To do so, you first delete the user’s profile before you delete a User object, as described in the following steps:
In iManager or an LDAP browser, edit the attributes of the User object that you are going to delete.
Note the value of the User object’s GUID attribute (for eDirectory), objectGUID attribute (for Active Directory), or the nsuniqueid attribute (for Sun One).
In the Access Manager trust/configuration datastore, locate any containers that use the following naming patterns:
cn=LUP*,cn=SCC*,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell,cn=LibertyUserProfiles*,cn=SCC*,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell.
Look for a child profile object inside of these containers that is named by using the GUID noted in Step 2. There should only be one profile object for each GUID.
Delete that child profile object.
Repeat these steps for each User object that you want to delete.
Delete the User objects.