When deleting a CO, the expected behavior is for all provisioners of that CO to be able to clean up the back-end and remove relevant data.

What seems to be happening is that all provisioner-targets are removed up front when deleting a CO, after which the relevant delete operations are not passed to the - no longer existing - provisioning targets.

A similar problem occurs when removing a provisioning target. In that case, the plugin should be allowed to clean up the back-end as well. This behavior can then be re-used when deleting a CO.

Currently, our LDAP back-end retains all the CO, CoPerson, CoGroup and other information long after the original CO was deleted, which severely clutters the LDAP. It will also cause problems in case a CO is recreated with the same DN.