I'm trying to help some of our students recover from being phished here.
Something we've found in the compromised accounts is that the user's name
is updated, and their email signature is replaced. Both of these are
relatively easy for the user to do themselves, they're under the mailbox
settings. But I'm trying to remove the changes from within a policy. So
far, I'm not having any luck with that.

The old Provisioning API driver doc included attributes
GmailSettingsSendAs and GmailSettingsSignature, which sound good. I can't
find any new doc for the Directory API driver that says what it supports,
only the note that "some" attributes from the Provisioning API are no
longer supported with the Directory API. Reviewing Google's docs for the
Directory API, I'm not seeing anything referencing these two. Yet, they
still exist, so they must be available somewhere.

Blindly throwing things at the driver to see what happens:

Code:
<input>
<modify cached-time="20150506205612.500Z" class-name="UserEntry"
event-id="sles10-cluster-2#20150506205612
<association state="associated">bob-test@test.niu.edu</association>
<modify-attr attr-name="IsSuspended">
<remove-all-values/>
<add-value>
<value type="string">False</value>
</add-value>
</modify-attr>
<modify-attr attr-name="GmailSettingsSendAs">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="GmailSettingsSignature">
<remove-all-values/>
</modify-attr>
</modify>
</input>
of course it doesn't work.

Code:
[05/06/15 15:56:13.136]:Google ST:connect
[05/06/15 15:56:13.136]:Google ST:dispatch
[05/06/15 15:56:13.136]:Google ST:modifyHandler
[05/06/15 15:56:13.136]:Google ST:modifyHandler: class-name  ==
'UserEntry'
[05/06/15 15:56:13.140]:Google ST:modifyHandler: association == 'bob-
test@test.niu.edu'
[05/06/15 15:56:13.140]:Google ST:DirectoryAppClient.isEmailAddressFormat
(): validating bob-test@test.niu.edu
[05/06/15 15:56:13.140]:Google ST:DirectoryAppClient.retrieveUser():
Retrieving object bob-test@test.niu.edu
[05/06/15 15:56:13.316]:Google ST:GMailSubscriptionShim.handleUserModify
(): attr-name   == 'IsSuspended'
[05/06/15 15:56:13.316]:Google ST:addSingleValueHandler:        add-
value    == 'False'
[05/06/15 15:56:13.316]:Google ST:getAssociationRefFromValue:   assoc-ref
received a null Association-Ref
[05/06/15 15:56:13.316]:Google ST:getValueAssociationRef:       assoc-ref
received a null Association-Ref
[05/06/15 15:56:13.320]:Google ST:DirectoryAppClient.restoreuser():
Restoring system access for user
[05/06/15 15:56:13.320]:Google ST:GMailSubscriptionShim.handleUserModify
(): attr-name   == 'GmailSettingsSendAs'
[05/06/15 15:56:13.344]:Google ST:SubscriptionShim.execute() returned:
[05/06/15 15:56:13.344]:Google ST:
<nds dtdversion="3.0">
<source>
<product build="20150319_1650" instance="Google"
version="4.0.4.0">GoogleApps Driver</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status event-id="sles10-cluster-2#20150506205612#3#1:d64fdac5-
c6ad-44a9-d6ab-c5da4fd6adc6" level="fatal" type="driver-status">
<description>java.lang.ClassCastException:
com.novell.nds.dirxml.driver.xds.XDSRemoveAllValuesElement cannot be cast
to com.novell.nds.dirxml.driver.xds.XDSRemoveValueElement</description>
<exception class-name="java.lang.ClassCastException">

<message>com.novell.nds.dirxml.driver.xds.XDSRemoveAllValuesElement
cannot be cast to com.novell.nds.dirxml.driver.xds.XDSRemoveValueElement</
message>
<stack-trace>java.lang.ClassCastException:
com.novell.nds.dirxml.driver.xds.XDSRemoveAllValuesElement cannot be cast
to com.novell.nds.dirxml.driver.xds.XDSRemoveValueElement
at
com.novell.nds.dirxml.driver.gmailshim.GMailSubscriptionShim.handleUserModify
(GMailSubscriptionShim.java:4634)
at
com.novell.nds.dirxml.driver.gmailshim.GMailSubscriptionShim.modifyHandler
(GMailSubscriptionShim.java:3809)
at
com.novell.nds.dirxml.driver.gmailshim.GMailSubscriptionShim.dispatch
(GMailSubscriptionShim.java:616)
at
com.novell.nds.dirxml.driver.gmailshim.GMailSubscriptionShim.execute
(GMailSubscriptionShim.java:485)
at com.novell.nds.dirxml.engine.Subscriber.execute
(Subscriber.java:448)
at com.novell.nds.dirxml.engine.Subscriber.execute
(Subscriber.java:282)
at com.novell.nds.dirxml.engine.Subscriber$ModifyProcessor.process
(Subscriber.java:1499)
at com.novell.nds.dirxml.engine.Subscriber.processEvent
(Subscriber.java:1102)
at com.novell.nds.dirxml.engine.Subscriber.processEvents
(Subscriber.java:946)
at com.novell.nds.dirxml.engine.Driver.submitTransaction
(Driver.java:628)
at com.novell.nds.dirxml.engine.DriverEntry.submitTransaction
(DriverEntry.java:1065)
at
com.novell.nds.dirxml.engine.DriverEntry.processCachedTransaction
(DriverEntry.java:949)
at com.novell.nds.dirxml.engine.DriverEntry.eventLoop
(DriverEntry.java:771)
at com.novell.nds.dirxml.engine.DriverEntry.run
(DriverEntry.java:561)
at java.lang.Thread.run(Unknown Source)
</stack-trace>
</exception>
<document xml:space="preserve">&lt;nds dtdversion="4.0"
ndsversion="8.x">
&lt;source>
&lt;product edition="Advanced"
version="4.0.2.1">DirXML&lt;/product>
&lt;contact>Novell, Inc.&lt;/contact>
&lt;/source>
&lt;input>
&lt;modify cached-time="20150506205612.500Z" class-
name="UserEntry" event-id="sles10-cluster-2#20150506205612#3#1:d64fdac5-
c6ad-44a9-d6ab-c5da4fd6adc6" qualified-src-dn="O=NIU\OU=Users\CN=bob" src-
dn="\NIU-FLAT-DEVELOPMENT\NIU\Users\bob" src-entry-id="57370"
timestamp="1430945772#2">
&lt;association state="associated">bob-
test@test.niu.edu&lt;/association>
&lt;modify-attr attr-name="IsSuspended">
&lt;remove-all-values/>
&lt;add-value>
&lt;value type="string">False&lt;/
value>
&lt;/add-value>
&lt;/modify-attr>
&lt;modify-attr attr-name="GmailSettingsSendAs">
&lt;remove-all-values/>
&lt;/modify-attr>
&lt;modify-attr attr-
name="GmailSettingsSignature">
&lt;remove-all-values/>
&lt;/modify-attr>
&lt;/modify>
&lt;/input>
&lt;/nds></document>
</status>
</output>
</nds>
Similarly, an attempt to query for them:

Code:
<do-set-local-variable name="GSSA" scope="policy">
<arg-node-set>
<token-dest-attr name="GmailSettingsSendAs"/>
</arg-node-set>
</do-set-local-variable>
turns in to:

Code:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="UserEntry" event-id="0" scope="entry">
<association>bob-test@test.niu.edu</association>
<read-attr attr-name="GmailSettingsSendAs"/>
</query>
</input>
</nds>
which also, of course, doesn't work:

Code:
[05/06/15 16:09:42.373]:Google ST:            connect
[05/06/15 16:09:42.373]:Google ST:            dispatch
[05/06/15 16:09:42.373]:Google ST:            queryHandler
[05/06/15 16:09:42.373]:Google ST:            queryHandler:
association      == 'bob-test@test.niu.edu'
[05/06/15 16:09:42.373]:Google ST:            queryHandler: class-
name       == 'UserEntry'
[05/06/15 16:09:42.373]:Google ST:            queryHandler: dest-
dn          == null
[05/06/15 16:09:42.373]:Google ST:            queryHandler: event-
id         == '0'
[05/06/15 16:09:42.373]:Google ST:            queryHandler: max-result-
count == 2147483647
[05/06/15 16:09:42.373]:Google ST:            queryHandler: qualified-src-
dn == null
[05/06/15 16:09:42.373]:Google ST:            queryHandler:
scope            == 'entry'
[05/06/15 16:09:42.373]:Google ST:            queryHandler: src-
dn           == null
[05/06/15 16:09:42.373]:Google ST:            queryHandler: src-entry-
id     == null
[05/06/15 16:09:42.373]:Google ST:
DirectoryAppClient.isEmailAddressFormat(): validating bob-
test@test.niu.edu
[05/06/15 16:09:42.373]:Google ST:            queryHandler:  Adding
GmailSettingsSendAs to read attrs
[05/06/15 16:09:42.373]:Google ST:            queryHandler: read-
attr        == 'GmailSettingsSendAs'
[05/06/15 16:09:42.373]:Google ST:            Processing search criteria
[05/06/15 16:09:42.373]:Google ST:            GMailDriver queryHandler():
No search-class element specified.  Attempting to use the base class from
the class-name attribute
[05/06/15 16:09:42.373]:Google ST:            GMailDriver queryHandler():
using class-name UserEntry instead of search-class
[05/06/15 16:09:42.373]:Google ST:            Query for User object
[05/06/15 16:09:42.373]:Google ST:            Search Attribute: null
[05/06/15 16:09:42.373]:Google ST:            Association: bob-
test@test.niu.edu
[05/06/15 16:09:42.373]:Google ST:
DirectoryAppClient.retrieveUser(): Retrieving object bob-test@test.niu.edu
[05/06/15 16:09:42.377]:Google PT:  --JCLNT-- \NIU-FLAT-DEVELOPMENT\NIU
\DirXML\DS2\Google - Publisher : Calling free on tempContext = 183697577
[05/06/15 16:09:42.377]:Google PT:
DirXML Log Event -------------------
Driver:   \NIU-FLAT-DEVELOPMENT\NIU\DirXML\DS2\Google
Channel:  Publisher
Status:   Success
[05/06/15 16:09:42.377]:Google PT:  Direct command from policy result
[05/06/15 16:09:42.377]:Google PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.1">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"><application>DirXML</application>
<module>Google</module>
<object-dn></object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
So, the docs don't yet say that this can't be done, but they also don't
say that it can. Anybody figured out how to get at these settings with
the new driver?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.