Tool

lhaeger's picture
tool
Reads:

13242

Score:
2.7
2.7
10
 
Comments:

7

PWNotify Password Notification Service Driver

Author Info

30 August 2011 - 2:03pm
Submitted by: lhaeger

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

license: 
Free

All-in-one IDM 2.x/3.x/4.x service driver for password notifications that can
notify users, helpdesk and naudit on the following events:

  • up to three times before passwords actually expire (notification
    intervals and times are configurably)
  • after passwords expired, when grace logins fall below a
    configurable limit
  • when accounts get locked and passwords have to be reset by an
    administrator
  • on intruder lockout

All notifiction types and their targets (user, helpdesk and/or naudit)
can be individually enabled/disabled. The notification schedule operates
on an hourly or daily basis and is easily configured through GCVs.

Because IDM email templates are used, notifications can contain
additional account data e.g. the time an intruder-locked account will be
automatically unlocked again, or a company name for branding purposes.
Email templates are maintained in iManager or Designer, making it easy
to give them the same look and feel as the standard templates that come
with IDM password synchronization.

New 06-22-06: v1.1: This is a bugfixed and enhanced version. Now also

  • decodes intruder addresses (IP only) and
  • includes additional email templates and
  • a readme.txt (finally!).

New 07-05-2007: v2.0 for IDM 3.5:

  • trigger notifications from the subscriber channel (via policy or WorkOrder driver)
  • notify managers on direct report's upcoming account expiration
  • uses ldap search instead of XdsQueryProcessor: much more efficient, especially in large tree environments (thanks to a hint by Father Ramon)

New 08-07-2008: v2.0.3 for IDM 3.5:

  • now supports (and defaults to) secure ldap operations
  • notify managers/helpdesk about idle accounts (no login for xx days)
  • changed some GCVs and added more detailed comments on how to use them

New 08-31-2011: v2.1.1 for IDM 4.0:

  • packaged version for easy import and maintenance through Designer
  • removed dependency on bh-dirxmlutils.jar by porting bh_DecodeNetAddr and bh_b64ToHEX functions to ECMAscript
  • code modularization and streamlining
  • minor bug fixes

home page url: http://www.brummelhook.com/dirxml
download urls:
IDM2.0/3.0: http://www.brummelhook.com/download/pwnotify.zip
IDM3.5/3.6: http://www.brummelhook.com/download/pwnotify_idm35...
IDM4.x: use package repo at http://www.brummelhook.com/download/idm/packages/s...

Links
Driver Wiki: http://wiki.novell.com/index.php/Password_Notifica...
Some tips by Geoffrey: http://www.novell.com/communities/node/3017
Changing time zone conversions: http://www.novell.com/communities/node/3083


Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

geoffc's picture

Comparing to IDM 3.6 Password Notification Job

Submitted by geoffc on 15 August 2008 - 7:35am.

IDM 3.6 includes a Password Notification Job that can be scheduled to run.

This is a different approach than Lothars, and has certain benefits.

Lothars approach is heavier load wise, you have to run a driver (Honestly, big deal... We run lots of drivers), whereas the Job runs as a Java application only on the schedule.

But in Lothars model we can manually change the code to do more, or less, or edit it. The Java class in the Job is more obscured.

No doubt there are use cases for both. But I think I will stick with Lothars for now! Well done!

jbouley's picture

its all in german

Submitted by jbouley on 19 March 2009 - 9:53am.

I was very excited to find this tool and the web site was great until i downloaded it and took a look at the email templates.

geoffc's picture

Well he is German...

Submitted by geoffc on 19 March 2009 - 2:31pm.

Lothar (the author) does live in Germany, though he does speak English quite well! (Better grammar than most people I meet!)

It took about 2 minutes for me to roughly translate the email template to basic English, sufficient to hand off to the Corporate Branding guys and say, here is how a Variable token is inserted, make this look like a company email. Let me know what variables you want provided.

You do not need to use his Email templates. I would have to check, but I am pretty sure the names of the templates are either GCV's, or really easy to find.

If you need any help, let me know it is really straightforward.

lhaeger's picture

Geoffrey's comment is spot

Submitted by lhaeger on 27 March 2009 - 5:56am.

Geoffrey's comment is spot on: as every company want's it's own cororate look and feel, all I could provide would be templates you'd have to edit anyway. Much work to do but not much to gain compared using to the German ones I already had.
Anyway, with so many instances of the driver running worldwide now, I am still hoping that someone is willing to share his/her localized templates e.g. by adding them to http://wiki.novell.com/index.php/Password_Notifica... (with a link to e.g. http://www.sourcepod.com) or sending me an email so I can add them to the download.

gholdefe's picture

All emails.xml converted to English

Submitted by gholdefe on 20 January 2010 - 9:43am.

I sent all emails converted to English to Lothar so he could add them to the download... I modified some emails to include Links to PW home pages and Graphic images.

Thank you for the driver code Lothar.

I hope it helps,

Gary

Simeonof's picture

IDM 3.6.1 Bundle Edition

Submitted by Simeonof on 16 January 2013 - 12:31am.

Can this free driver be used legally on IDM 3.6.1 Bundle Edition?

lhaeger's picture

Yes, it can be used with the

Submitted by lhaeger on 31 January 2013 - 8:55am.

Yes, it can be used with the edir2edir shim which is included in BE. You need to set the shim manually, add the GUID attribute to the subscriber filter and something like "127.0.0.1:11111:127.0.0.1:11111" as connection info in driver properties to make the driver startup properly and loop back.
The latest version has all of the above included, but is packaged for IDM 4.x (which will be available in a Bundled Edition soon, as I hear). UNtil then you can of course use that package and export is from designer to XML to obtain a 3.6-compatible version (don't forget to export the dependencies, too!)

© 2013 Novell