Re: Email templates for forgotten password?

[a...@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These templates are suppose to be used with Identity Manager and the call
to send the mail from a template passes in those variables.

Good luck.

On 02/10/2010 12:36 PM, kjhurni wrote:
>
> The docs on this are poor at best.
>
> You get a one sentence thing that says "Edit the templates as desired.
> "
>
> Gee, that's helpful
>
> Anyway, I'm specifically looking at the:
> Forgot Password_en
>
> The template uses two variables:
>
> (replacement tags they're called)
>
> $CurrentPassword$
> and
> $UserFullName$
>
> However, the full name doesn't actuall "pull" from eDirectory
>
> Instead you are emailed:
>
> dear userid (where userid is SUPPOSED to be "userfullname")
>
> How do I get it to pull full name from edir and address it that way:
>
> dear John Smith
>
> ?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLcw7DAAoJEF+XTK08PnB5Nd4P+gIk4EJ9hlIsnmVRLziyvGcX
xuT1HI7q1fDwDY5FUM/xF9E8GAimqE9hUKAYrp6mYpj2u9WBHQDVNMwE7A79ZkOH
6aPTm/owon7RV+h7gyI0wvZJ2LGkh5WFJ7+oA2ooP6L8aCAGI1hGvlb67MouM0cr
hz+/669ez5wG6BAC/URbBEgkaGCgfES/UiBwG+wTMjbrwz/CsTGsaol06z/rAG01
tdjvY6DM4AOWfQu/ERhoPD9+IOn1dkwuaQ9zPvecVf+xITmnhbHnNapbdUdUozmh
qXDJ54Cu+j5ZmFago8urSuvoXxxBhkv9NI90XrQqdlwGfvp9em20ndM/O/63QQ59
iCXeWw/thLDG7Rt5IgWiOdDG9s/v3rDSWxqZaivVJ7eENOet2xwEGMm8no1Knf1p
u2I6laWdxNB1jYn/okQZfPUzvMG+aAkV0w+DurehjXfZ29TJd5GwoxAaAUYSUur+
AuokDS2GzA0x+ixDgIUGZ0VR2jAiaCmcpPvIY8kKPkZG3NW6IIPVEyZ+VBtO4UGE
rddoNXAsXZywqzmt23cskEVyY0XR/mJRZGcLk5uThEuSQ/3olq6hOjV5f7/mmrEo
j5A5LGwVw9OYgf16VvPqJ617qxLyDqY9vsEFHnNC5PPXQV5YxGpZm9W6Uc/Lk4JM
lf82mAQa0SWx9OXO/KBK
=WoWT
-----END PGP SIGNATURE-----

[a...@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There may be some enhancements to add to the documentation in this case.
I do not believe this works like you think it does (reminds me of the
Princess Bride, "I do not think that word means what you think it means":

http://www.novell.com/documentation/password_management33/pwm_administration/data/bnpdcy4.html

Specifically:

<quote>
This is a modular framework; as new applications are added that use e-mail
templates, the templates can be installed along with the applications that
use them.
</quote>

Also, from
http://www.novell.com/documentation/noclienu/noclienu/data/bxne05q.html:

<quote>
NOTE:Not all features of Forgotten Password Self-Service are implemented
with the Novell Client at this time, including e-mailing passwords and hints.
</quote>

What these quotes from the docs mean to me is that it is up to the
authentication application (Novell Client, IDM UserApp, iManager 2.0.2) to
implement the e-mailing feature. When you use the password e-mailing
feature (which really is a terrible option, by the way, only there because
customers want it sometimes.... usually it sends mail to the same account
the user is trying to get into though they do not know their password, and
even if that is not the case it uses SMTP which is a cleartext protocol so
anything that can sniff the traffic will see the password) the
configuration is there in eDirectory but the application which the user
uses actually sends the e-mail. This is why the Novell Client (quoted
above) cannot do this since it is not guaranteed to be able to send e-mail
while a web app can be guaranteed to do that properly by the administrator
of the web app.

Good luck.

On 02/10/2010 01:16 PM, kjhurni wrote:
>
> Thanks for the offer, but it doesn't really answer the question.
>
> What format does the tag have to be in, in order to grab the values
> from eDirectory?
>
> And if they can only be used with Identity Manager, then why is this
> not listed in the Password documentation?
>
> I'm specifically referring to the Password stuff in iManager, on the
> left-hand side where you select Passwords -> Email Templates.
>
> This is not an IDM feature, it's an NMAS feature, and is in the
> Password Management 3.3.x documention.
>
> Sorry if I was not clear enough that's where I was changing things, vs.
> the IDM driver documentation for using those same templates (since IDM
> relies upon Universal Password as well) to email things for driver
> events.

>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLcyf6AAoJEF+XTK08PnB5et0QAK9o3o4wFUWaXtwigj2pA/Wq
JkwizUZH/WB1ZUM664Z7AzPqKJkX2/v9AIvOHoyYlb/Zn6EizLm9zNakABcX4FCH
G4XMEbnuRY/hq6W7zdrm2UntEYWREFC7bHrjkKm/z+Gl9Esl7yFRxW4JMD5RYyyk
II1AhlIzx87H9NLJ/2PbYR6RfP2rp76iSj5DT9GYn3uY2j3lS4WdNgWUOmyrmNtQ
tN9RnvJE6ExjMB21zoghgP+LmL7xQiraMSu/g0FEONT3tk7bRqMF31qDkAiP7NtV
wwWOvGEi5vhiAj2/X3c8Yt/1JeEPN2UE0h7+DX2TrM8x77sPu3PGaUZZ6rf/iRY6
WE5oGkenRX5dnl4c7Emct0kz6gM7Kl2H1tKD5q8PpF5Wop4y3+FBsd1SoM/CMT+6
4sansgIiVuqQUK1d/lMY2BYleE08zJHK3nUzPH3m324+6vhQRGNGsb9x5eUdurp+
3q3P83c5SY8jXK1D8wZpYHHNWXcwBJpm/4vYmrSQtlQRs6VbD2js5vE0HWq/luQu
tnVulciqv+PGHOC38xMHoOwO8JGNtlh1Gcs0EyA2J0IpTaahO+3w7KwB8cXdpVFh
bI8TYqCk+vLhb7i9bRV6HERxybCHI5izDOa8j8EPt/R5vKy8+olB380e8GOpQ6B+
IhDKbKuq4BmzHcllR/X6
=idSI
-----END PGP SIGNATURE-----

[a...@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah... within the UserApp then. In your bullet below it mentions
customizing the template; is that the part that you did? Not only the
body/text of the template but the list of available variables on the
right-hand side? Also do you have LDAP attribute mappings on the
eDirectory server which the UserApp is hitting for these attributes
pointing where you think they should?

Good luck.

On 02/10/2010 03:16 PM, kjhurni wrote:
>
> Thank you for the help
>
> I've found the section in the IDM docs that state all I need to do is
> add the tag with the EXACT name as the attribute in LDAP of the user
>
> I've done that and it still doesn't work, so I'm opening an SR.
>
> Unless I mis-read this section:
> 5.5.2 Adding Replacement Tags to Forgotten Password E-Mail Notification
> Templates
>
> Using the following guidelines, you can add tags to the e-mail
> notification templates for Forgotten Password:
>
> * You can add only tags that correspond to LDAP attributes on
> the User object that the message is being sent to.
> * The name of the tag you add must be exactly the same as the
> LDAP attribute name on the user object.
>
> To see how LDAP attributes correspond to eDirectory attribute
> names, refer to the Schema Mapping Policy that is provided in the
> Identity Manager Driver for LDAP.
> * No other configuration is necessary.

>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLcz5wAAoJEF+XTK08PnB5psQQAMhATWgqEiHEPrwOtBWMCTKM
1C/WLaUuhwMMvGh1lbyqHxO7gFPLuABIRFeNPAFG4ry/RDL+juYRlfHKDvwxBbBU
e8RBjJB+TjeggptmaocINMpPv/4HqExZu31pd3bWoPWqD3Zs/3bytevjym/ztDMV
+gNFjTInOqdfDie1aJYODc7HdnBz0ti95YpPJL8OO3yxpiMm6L0RGfpidyppifYt
bIocFa6i5y/OQOCcCH36HZ5vxfoydxDxsS+wWuOGyc04Z6HPHvpqfRe5/Mwwccc1
iSXn0A7Z0Os0uJP8cf/CQyqvtCVeDkNtwwLpuZLqpYMPOkpyyEIB0yuZHUFFgagA
lW9S6oZNDrJ1LbFsjEbdasw5xMIyWZvgBngnlLOGN6yXE/De6zVMRVkNf5OUkfFM
/aCKpugGMBPDyxzKWmozaRnkuhNq3GXlYI7sz7qAtBPrA56D+sSjpat7uf3Bwjjn
Ae3GFEALRoq4E/0fNWIBd/bqIxAk61QGndC4Ri/BZS8xhtDKYbRGbMw0EMj2tPgZ
r2336qOfVXWsROwISCm02Y4sTyTyxWjsh81dLxkG12I1zgU+zTSt0Hh9JgPo7zHj
6agl/tdksMDliBoDTAVu5ROWxZLjPNarTFRq6I31E6BE0jRsUlLuN/dMdhKTD6DV
Vse2jEjOr/iPtz7DAZyy
=KoAo
-----END PGP SIGNATURE-----

[a...@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry to hear that. You can submit comments directly on the bottom of the
HTML-based documentation and those typically get updated fairly quickly as
they go directly to the documentation folks for that section of the doc.

Good luck.

On 02/12/2010 03:06 PM, kjhurni wrote:
>
> Well apparently the docs are wrong. The template is hard-coded and even
> though it says it's using "userfullname" it will ONLY use loginname
> (userid) and nothing else.
>
> Nice to know the extend team coded it that way for some bizarre and
> ridiculous reason.
>
> I'll see what luck (ha) if any, I can get to have them update the docs
> to state you cannot edit the template. (well you can edit it, it just
> ignores everything you put into it).

>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLddVjAAoJEF+XTK08PnB5f+sQAL+xOQi53xO/aFl4EG/xEG+h
+k7x9aqITh6dHmnCOZSbOhx1Al81Kh2ogrF6dVouuo0xWufh+qZBFA4/dQDMeljV
XNMz13LgRZaWgHkp034FofpMTGQKE/jLmBeZ5dR5N6uGdQBoVmUJK/wT+Z1PaLFC
3pq5TGo5P05sgqdq3Tq7xpElfHIL5Ro0ipBmPyUI06KxPZihJZBqyxXiAZL6S91Z
QsnExnp9hE2ZSavIgYOg+Coibyg++EzV1X7WQngJrLF/hQ4F9w7OjVwwvXIhF0Au
WpK7W/pAT40LLrOfDDxLZF6JTCxpN9FioXe3GfojS+Iw18uIFfrPrmRjiPDGoALH
utDuZ1bIb+sPApEWaZWwIXp5/veJZ6LMXqQYa5hPzAfq1/QFU8gdcFl46rp/oAlw
gPdyZT9voAikgNpN5gCWfNW41u3g/URIn6CQLGlsveTiSdY7EfTlczrVOa9lxgHD
Xa8otht6eifS6yypxklL1mNnYcEa262w9pArUybRDE38gnn3xuuclERY2fc8SCec
C7/rKHyL3Ifgk/fzT2R8KRHtOBfr8XUgXXhKc3QMUjiUfv/kEHTK6Fa7zGUrB6g7
c3f4sX+3QHkJ9xC/J+m0hD9qi1L/ahNRnpQk8GF5wtmxfGVRh/kt3tKqmL9YvyQF
pLr/2cqAmq1Sv9IF2rp7
=hElt
-----END PGP SIGNATURE-----