Weve got the following config:

AD -> IDM.
Password filter on A.D. which is successfully sending the password to
the IDM store.

Now Id like to achieve the following:
Setup emailing when a password is changed on A.D. Also when this is from
a user account that does not exist in IDM (so no association)
I created in the publisher channel an input policy which checks on a
password change and then send an email. So far so good.
The problem is that the email is sometimes being send two times. I
cannot figure out under what conditions this happens.
I thought the cause of problem was that the password is sending back
from IDM -> A.D. , and generates a trigger.
So I temporary disabled this type of synchronization but still receive
sometimes two emails.
Also accounts which are not in IDM (only in A.D.) shows the same
behavior.

FIRST EVENT:
[06/06/13 15:23:13.281]:eDir --> ADtest :Remote Interface Driver:
Received.
[06/06/13 15:23:13.281]:eDir --> ADtest :
<nds dtdversion="2.2">
<source>
<product build="20120330_120000"
instance="\IDM-TEST\org\service\DriverSet\ADtest"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="user" event-id="ADtest##13f19a7c6d1##0"
src-dn="CN=tst-user1,OU=Test,OU=Accounts,OU=ORG,OU=ALT,DC=testalt ,DC=org,DC=nl">
<association>caa2f14f621b11429a8f125969808041</association>
<password><!-- content suppressed --></password>
</modify-password>
</input>
</nds>
[06/06/13 15:23:13.281]:eDir --> ADtest :Remote Interface Driver:
Received document for publisher channel
[06/06/13 15:23:13.281]:eDir --> ADtest :Remote Interface Driver:
Waiting for receive...
[06/06/13 15:23:13.281]:eDir --> ADtest PT:Receiving DOM document from
application.
[06/06/13 15:23:13.281]:eDir --> ADtest PT:
<nds dtdversion="2.2">
<source>
<product build="20120330_120000"
instance="\IDM-TEST\org\service\DriverSet\ADtest"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="user" event-id="ADtest##13f19a7c6d1##0"
src-dn="CN=tst-user1,OU=Test,OU=Accounts,OU=ORG,OU=ALT,DC=testalt ,DC=org,DC=nl">
<association>caa2f14f621b11429a8f125969808041</association>
<password><!-- content suppressed --></password>
</modify-password>
</input>
</nds>
[06/06/13 15:23:13.281]:eDir --> ADtest PT:Applying input transformation
policies.
[06/06/13 15:23:13.281]:eDir --> ADtest PT:Applying policy:
%+C%14CPassword(Pub)-Change Notification%-C.
[06/06/13 15:23:13.297]:eDir --> ADtest PT: Applying to modify-password
#1.
[06/06/13 15:23:13.297]:eDir --> ADtest PT: Evaluating selection
criteria for rule 'Email on Change Password User'.
[06/06/13 15:23:13.297]:eDir --> ADtest PT: (if-operation equal
"modify-password") = TRUE.
[06/06/13 15:23:13.297]:eDir --> ADtest PT: (if-class-name equal
"user") = TRUE.
[06/06/13 15:23:13.297]:eDir --> ADtest PT: Query from policy
[06/06/13 15:23:13.297]:eDir --> ADtest PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="user"
dest-dn="CN=tst-user1,OU=Test,OU=Accounts,OU=ORG,OU=ALT,DC=testalt ,DC=org,DC=nl"
scope="entry">
<association>caa2f14f621b11429a8f125969808041</association>
<read-attr attr-name="cn"/>
<read-attr attr-name="mail"/>
<read-attr attr-name="pwdlastset"/>
</query>
</input>
</nds>


SECOND EVENT:

[06/06/13 15:23:18.296]:eDir --> ADtest :Remote Interface Driver:
Received.
[06/06/13 15:23:18.296]:eDir --> ADtest :
<nds dtdversion="2.2">
<source>
<product build="20120330_120000"
instance="\IDM-TEST\org\service\DriverSet\ADtest"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="user" event-id="ADtest##13f19a7da68##0"
src-dn="CN=tst-user1,OU=Test,OU=Accounts,OU=ORG,OU=ALT,DC=testalt ,DC=org,DC=nl">
<association>caa2f14f621b11429a8f125969808041</association>
<password><!-- content suppressed --></password>
</modify-password>
</input>
</nds>
[06/06/13 15:23:18.312]:eDir --> ADtest :Remote Interface Driver:
Received document for publisher channel
[06/06/13 15:23:18.312]:eDir --> ADtest :Remote Interface Driver:
Waiting for receive...
[06/06/13 15:23:18.312]:eDir --> ADtest PT:Receiving DOM document from
application.
[06/06/13 15:23:18.312]:eDir --> ADtest PT:
<nds dtdversion="2.2">
<source>
<product build="20120330_120000"
instance="\IDM-TEST\org\service\DriverSet\ADtest"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="user" event-id="ADtest##13f19a7da68##0"
src-dn="CN=tst-user1,OU=Test,OU=Accounts,OU=ORG,OU=ALT,DC=testalt ,DC=org,DC=nl">
<association>caa2f14f621b11429a8f125969808041</association>
<password><!-- content suppressed --></password>
</modify-password>
</input>
</nds>


--
gschouten32
------------------------------------------------------------------------
gschouten32's Profile: https://forums.netiq.com/member.php?userid=2546
View this thread: https://forums.netiq.com/showthread.php?t=47898