[ password notification service driver ]

For quite a while, we used to run the password expiration email notification cool tool, which helped reducing password-related helpdesk calls a lot. Nevertheless, I never liked the fact that it runs outside the IDM environment and does not make use of the email template features IDM provides, thus making it a bit complicated to maintain a consistent look and feel throughout all email notifications.

Luckily, though widely unknown, IDM supports time-triggered events that can be (mis)used to kick off custom actions: the publisher driver heartbeat. Add a schedule and a few policies that can read the clock, and there it is: an all-in-one IDM 2.x/3.x service driver for password notifications that can notify users, helpdesk and - still experimental - naudit on the following events:

    * up to three times before passwords actually expire
    * after passwords expired, when grace logins fall below a configurable limit
    * when accounts get locked and passwords have to be reset by an administrator
    * on intruder lockout 

And new in v2.0 for IDM 3.5:

    * trigger notifications from the subscriber channel (via policy or WorkOrder driver)
    * notify managers on direct report's upcoming account expiration
    * uses ldap search instead of XdsQueryProcessor: much more efficient, especially in large tree environments (thanks to a hint by Father Ramon) 

All notifiction types and their targets (user, helpdesk and/or naudit) can be individually enabled/disabled. The notification schedule operates on an hourly or daily basis and is easily configured through GCVs.

Because IDM email templates are used, notifications can contain additional account data e.g. the time an intruder-locked account will be automatically unlocked again, or a company name for branding purposes. Email templates are maintained in iManager or Designer, making it easy to give them the same look and feel as the standard templates that come with IDM password synchronization.

Requires (and includes) java package bh-dirxmlutils.
 
Installation instructions:

1. copy bh-dirxmlutils.jar to your dirxml/idm server, make sure it's in the class path (try /usr/lib/dirxml/classes on SLES/OES Linux or SYS:System\lib on OES Netware. Figure out by yourself on Windows...)
2. import SRV_PWNotify_idm35.XML trough iManager or Designer
3. configure the driver through GCVs to match your needs
4. create additional email templates from the contents of EmailTemplates.ZIP (still in 3.0 format. Make sure you have the latest IDM plugins to do so, just copy 'n' paste into iManager)
5. start the driver (in a lab, i'd recommend :-)