All-in-one IDM 2.x/3.x/4.x service driver for password notifications that can notify users, helpdesk and naudit on the following events:
up to three times before passwords actually expire (notification intervals and times are configurably)
after passwords expired, when grace logins fall below a configurable limit
when accounts get locked and passwords have to be reset by an administrator
on intruder lockout
All notifiction types and their targets (user, helpdesk and/or naudit) can be individually enabled/disabled. The notification schedule operates on an hourly or daily basis and is easily configured through GCVs.
Because IDM email templates are used, notifications can contain additional account data e.g. the time an intruder-locked account will be automatically unlocked again, or a company name for branding purposes. Email templates are maintained in iManager or Designer, making it easy to give them the same look and feel as the standard templates that come with IDM password synchronization.
New 06-22-2006: v1.1: This is a bugfixed and enhanced version. Now also
decodes intruder addresses (IP only) and
includes additional email templates and
a readme.txt (finally!).
New 07-05-2007: v2.0 for IDM 3.5:
trigger notifications from the subscriber channel (via policy or WorkOrder driver)
notify managers on direct report's upcoming account expiration
uses ldap search instead of XdsQueryProcessor: much more efficient, especially in large tree environments (thanks to a hint by Father Ramon)
New 08-07-2008: v2.0.3 for IDM 3.5:
now supports (and defaults to) secure ldap operations
notify managers/helpdesk about idle accounts (no login for xx days)
changed some GCVs and added more detailed comments on how to use them
New 08-31-2011: v2.1.1 for IDM 4.0:
packaged version for easy import and maintenance through Designer
removed dependency on bh-dirxmlutils.jar by porting bh_DecodeNetAddr and bh_b64ToHEX functions to ECMAscript
code modularization and streamlining
minor bug fixes
New 01-07-2013: v2.2:
Changed policy naming scheme to include linkage weight
Moved base filter to resource object
Added suppport for Edir2Edir shim (to enable support for IDM Bundled Editions, which do not include NULL/LBACK shims), default for new installations.
Added LDAP StartTLS support and LDAP tracing (through dependency on updated BH-BitsNPieces v1.0.3)
Upgraded prompt stylesheets to latest versions
Named LDAP Bind Password now takes precedence over bind user object's Distribution Password.
Read Distribution Password (if used) on every notification cycle instead of only once per driver start
Lothar (the author) does live in Germany, though he does speak English quite well! (Better grammar than most people I meet!)
It took about 2 minutes for me to roughly translate the email template to basic English, sufficient to hand off to the Corporate Branding guys and say, here is how a Variable token is inserted, make this look like a company email. Let me know what variables you want provided.
You do not need to use his Email templates. I would have to check, but I am pretty sure the names of the templates are either GCV's, or really easy to find.
If you need any help, let me know it is really straightforward.
IDM 3.6 includes a Password Notification Job that can be scheduled to run.
This is a different approach than Lothars, and has certain benefits.
Lothars approach is heavier load wise, you have to run a driver (Honestly, big deal... We run lots of drivers), whereas the Job runs as a Java application only on the schedule.
But in Lothars model we can manually change the code to do more, or less, or edit it. The Java class in the Job is more obscured.
No doubt there are use cases for both. But I think I will stick with Lothars for now! Well done!