All-in-one IDM 2.x/3.x/4.x service driver for password notifications that can notify users, helpdesk and naudit on the following events:
up to three times before passwords actually expire (notification intervals and times are configurably)
after passwords expired, when grace logins fall below a configurable limit
when accounts get locked and passwords have to be reset by an administrator
on intruder lockout
All notifiction types and their targets (user, helpdesk and/or naudit) can be individually enabled/disabled. The notification schedule operates on an hourly or daily basis and is easily configured through GCVs.
Because IDM email templates are used, notifications can contain additional account data e.g. the time an intruder-locked account will be automatically unlocked again, or a company name for branding purposes. Email templates are maintained in iManager or Designer, making it easy to give them the same look and feel as the standard templates that come with IDM password synchronization.
New 06-22-2006: v1.1: This is a bugfixed and enhanced version. Now also
decodes intruder addresses (IP only) and
includes additional email templates and
a readme.txt (finally!).
New 07-05-2007: v2.0 for IDM 3.5:
trigger notifications from the subscriber channel (via policy or WorkOrder driver)
notify managers on direct report's upcoming account expiration
uses ldap search instead of XdsQueryProcessor: much more efficient, especially in large tree environments (thanks to a hint by Father Ramon)
New 08-07-2008: v2.0.3 for IDM 3.5:
now supports (and defaults to) secure ldap operations
notify managers/helpdesk about idle accounts (no login for xx days)
changed some GCVs and added more detailed comments on how to use them
New 08-31-2011: v2.1.1 for IDM 4.0:
packaged version for easy import and maintenance through Designer
removed dependency on bh-dirxmlutils.jar by porting bh_DecodeNetAddr and bh_b64ToHEX functions to ECMAscript
code modularization and streamlining
minor bug fixes
New 01-07-2013: v2.2:
Changed policy naming scheme to include linkage weight
Moved base filter to resource object
Added suppport for Edir2Edir shim (to enable support for IDM Bundled Editions, which do not include NULL/LBACK shims), default for new installations.
Added LDAP StartTLS support and LDAP tracing (through dependency on updated BH-BitsNPieces v1.0.3)
Upgraded prompt stylesheets to latest versions
Named LDAP Bind Password now takes precedence over bind user object's Distribution Password.
Read Distribution Password (if used) on every notification cycle instead of only once per driver start
Any suggestions on getting the P-ET-260-PWNotifyAcct (Check Accounts) only to return objects that meet a current time frame like 21 days. For some reason the policy returns all users that have a value for loginExpirationTime.
I was trying to make i own driver to catch all failed logins, en get the IntruderAddress correctly. As we are running at idm 4.0.2, i wanted to use the ECMA script. However, that one gave unreliable results. The first and last octets of the ip address were mostly, but not always! negated. So for example instead of 172 it gave 84, (256-172). So after trying to correct the script i finally implemented the bh-dirxmlutils.jar file, which gives reliable results. So if you want reliable ip addresses, use the JAR implementation.
Yes, it can be used with the edir2edir shim which is included in BE. You need to set the shim manually, add the GUID attribute to the subscriber filter and something like "127.0.0.1:11111:127.0.0.1:11111" as connection info in driver properties to make the driver startup properly and loop back. The latest version has all of the above included, but is packaged for IDM 4.x (which will be available in a Bundled Edition soon, as I hear). UNtil then you can of course use that package and export is from designer to XML to obtain a 3.6-compatible version (don't forget to export the dependencies, too!)
Geoffrey's comment is spot on: as every company want's it's own cororate look and feel, all I could provide would be templates you'd have to edit anyway. Much work to do but not much to gain compared using to the German ones I already had. Anyway, with so many instances of the driver running worldwide now, I am still hoping that someone is willing to share his/her localized templates e.g. by adding them to wiki.novell.com/.../Password_Notification_Service_Driver (with a link to e.g. http://www.sourcepod.com) or sending me an email so I can add them to the download.