Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Cadet 1st Class
Cadet 1st Class
654 views

Adding attributes to Notification eMail

Hello,

Most of our logins have gone the way of full email addresses. The thing is we use SSPR as our password portal and being it's connected to eDirectory it still uses a Users "CN" when logging into the portal.

What I trying to do is add the Users "CN" to the password expiry notice sent out by the IDM Driver. I've been able to edit the text of the notification and add "cn" as an attribute, but the notification is not being including it when sent. I read somewhere today that attributes need to be associated the IDM policy set. Well I figured if it is part of the tree it has an association. Guess I figured wrong.

So my question is.

How do I add eDir attributes to the notification email so our Users will know to use their CN when logging into the portal?

Any suggestions would greatly be appreciated.

Allen
Labels (1)
0 Likes
6 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

On 10/24/2018 02:54 PM, allenmorris wrote:
>
> How do I add eDir attributes to the notification email so our Users will
> know to use their CN when logging into the portal?


If I understand you correctly you are sending e-mails from a driver config
object, meaning you are using a send-email or send-email-from-template
token, right?

In the action where you do that the things you want to pass from the
engine to the e-mail template are specified as arguments to the send-email
or send-email-from-template token, and along with the data (e.g. a user's
CN attribute value) you specify a name for that string which will then be
used within the e-mail template.

See documentation:
https://www.netiq.com/documentation/identity-manager-47/password_management/data/adding-your-own-replacement-tags-to-email.html



--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Cadet 1st Class
Cadet 1st Class

ab, thanks for your reply.

I followed the link you provided and the information was very helpful. The challenge is we are not using a separate driver for the Password Expire job, we are running it directly from the Driver Set.

In other word, if you go to the Driver Set and click on the "Job" tab along the top. The Password Expire Job is defined here.

It looks like that might be the correct spot, thought I do not now to put the whole driver set in "fish bone" mode.

Any suggestions?

Many thanks,

Allen
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Id I were you I would use Lothar's CoolSolution for sending e-mails
instead because it's just great.

Short of that, I am not sure how much you can customize the job's e-mails;
I haven't used it for years (see above) and I do not remember what
happened when I first tried it.

Moving beyond the e-mail thing, I thought you could configure SSPR to use
another attribute for login-prior-to-lookup; have you tried seeing if you
can change SSPR to work based on 'mail' (LDAP) to see if that makes your
user experience consistent everywhere?


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Cadet 1st Class
Cadet 1st Class

ab, thanks!

Back in the day, (2014), I was testing both the PWNotify and the IDM Jobs versions of notifications. IDM won out at the time.

Really don't feel like re-inventing the wheel at this time.

I'll look into the SSPR and see if it might streamline things a bit.

Thanks for your help.

Allen
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

allenmorris;2489487 wrote:
ab, thanks!

Back in the day, (2014), I was testing both the PWNotify and the IDM Jobs versions of notifications. IDM won out at the time.

Really don't feel like re-inventing the wheel at this time.

I'll look into the SSPR and see if it might streamline things a bit.

Thanks for your help.

Allen


In the SSPR configuration interface, look under LDAP / LDAP Directories / default / Login Setup. Change the search filter to use 'mail' instead of 'cn', and it should just work for you. If you don't already have one, you'll want a Value index defined for the Internet Email Address attribute, otherwise login performance is going to Inhale Strongly.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On 10/25/2018 11:21 AM, ab wrote:
> Id I were you I would use Lothar's CoolSolution for sending e-mails
> instead because it's just great.


Lothar's PWNotify driver is great. It runs as an eDir to eDir driver
talking to itself so it has no licensing costs. (Ourobous mode!)

It is very customizable. I have add on packages for Account Expirations,
more notifications, etc. (Tried Role assignment expirations, never got
it finished, though Norbert gave me a great hint on how to finish it).
Have an add on for Terminations that is kind of neat.

>
>


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.