A.4 Subscriber Channel Policies

The configuration of the Subscriber channel policies depends on what a particular installation wants to accomplish with the Manual Task Service driver. However, there are certain guidelines that might be helpful.

In general, the best place to construct a <mail> element to send to the Subscriber is in the Command Transformation policy. The reason for this is that most Metadirectory engine processing has been completed by the time commands reach the Command Transformation policy. This means that Create policies have been processed for Add events (allowing vetoing of Add events for objects that don't have all the attributes necessary for constructing the e-mail, for example). This also means that Modify events for objects without associations have already been converted to Add events.

The XSLT style sheet that constructs the e-mail message might or might not need to query eDirectory for additional information.

For example, if the e-mail message is simply a welcome message to a new employee, the Add command can contain all the information necessary: Given Name, Surname, and Internet E-mail Address. This is accomplished by specifying in the Create policy that Given Name, Surname, and Internet E-mail Address are required attributes. This ensures that only add commands that contain the necessary information can reach the Command Transformation.

However, if the e-mail message is a message to the manager of an employee, the style sheet needs to query eDirectory. The manager DN can be obtained from the Add event for the employee's User object, but a query must be made to obtain the manager's e-mail address because that information is an attribute of the manager's User object.

In addition, if e-mail notifications are being generated as the result of Modify commands for objects that are associated with the driver, queries must be made to obtain information not contained in the modify command.

A.4.1 Blocking Commands from Reaching the Subscriber Channel

If e-mail messages are to be generated from events other than Add events, the Add events must be allowed to reach the Subscriber channel for those objects that are to be monitored. Allowing Add events to reach the Subscriber channel results in a generated association value being returned to Identity Manager from the Subscriber channel.

It is important that eDirectory objects to be monitored by the Manual Task Service driver policies have an association for the Manual Task Service driver. Only objects that have an association have Delete, Rename, and Move events reported to the driver. In addition, Modify events on objects that do not have an association are converted to Add events after the Subscriber channel event transformation.

All other commands (Modify, Move, Rename, and Delete) should be blocked by the Command Transformation policy and prevented from reaching the Subscriber channel. The Subscriber channel handles only Add commands and Mail commands. Other commands result in the Subscriber channel returning an error.

A.4.2 Generating E-Mail Messages

E-mail messages are sent by the Subscriber in response to receiving a <mail> element that describes the e-mail message to be sent. See Section E.0, <mail> Element for a description of the <mail> element and its content.

E-mail messages can be generated in response to any Identity Manager event (Add, Modify, Rename, Move, Delete).

The replacement data that is supplied with the <message> element children of a <mail> element depends on two primary factors:

  • The template used to generate the message body. Replacement items to be used by the e-mail template appear as children of the <replacement-data> element.

  • The information needed by the Web page templates on the Publisher channel if the e-mail is to result in a response on the Publisher channel. Replacement items to be used by the Web page templates appear as children of the <url-query> element, which is a child of <url-data>, which in turn is a child of <replacement-data>.

If the e-mail message contains a URL that points to the Publisher channel Web server and is used to solicit information from a user, the replacement data must contain at least one responder-dn item. The values of the responder-dn items must be the DNs of the User objects of the users to which the message is being sent.

If a query replacement token (see Section 1.5, Replacement Data) is used in the template, then the replacement data for the <message> element must contain an item named src-dn, src-entry-id, or association with the appropriate value. An association item can only be used if the eDirectory object to be queried already has an association for the Manual Task Service driver. The association generated by the Subscriber for unassociated objects cannot be used because it hasn't been written to the eDirectory object when the query takes place.

The <message> element can specify the MIME type of the message body. If the MIME type is specified but a style sheet is not specified (that is, there is no <stylesheet> element child of <message>), one of two default style sheet names is used. If the MIME type is text/plain, the default style sheet name is process_text_template.xsl. If the MIME type is anything other than text/plain, the default style sheet name is process_template.xsl.