Hi!

The Pre-configured Notes driver policies, allows for "Password lock-out"
in Notes, when Login Disabled is set to "true" in the IDV.

The lock out works fine, but if Login Disabled is set back to "false",
the Notes driver never clears the "Check password: Lockout ID" value in
the person document in Notes.

The GCV that control what value is set to "Check password:", is
account.cert.pwdchksetting. If this value is set to other than "Default",
"Check password:" is updated with the new value. If it's set to "Default",
"Check password:" is not reset back as you would expect.
GCV:
<definition display-name="Add User: Notes User Password Check Setting" name="account.cert.pwdchksetting" type="enum">
<description>Select the desired Notes password check setting. Default: Ignore this setting (use defaults). 'Check Password': requires the user to enter a password when authenticating with servers that have password checking enabled. 'Don't Check Password': does not require user to enter a password when authenticating with other servers. 'Lockout': prevents the user from accessing servers that have password checking enabled.</description>
<enum-choice display-name="Default">default</enum-choice>
<enum-choice display-name="Check Password">PWD_CHK_CHECKPASSWORD</enum-choice>
<enum-choice display-name="Don't Check Password">PWD_CHK_DONTCHECKPASSWORD</enum-choice>
<enum-choice display-name="Lockout">PWD_CHK_LOCKOUT</enum-choice>
<value>default</value>
</definition>

Known issue?

Level 2 trace on the remote loader:
-----

DirXML: [05/23/08 14:20:52.14]: TRACE: Remote Loader: Received.
DirXML: [05/23/08 14:20:52.14]: TRACE: Remote Loader: Received document for subscriber channel
DirXML: [05/23/08 14:20:52.14]: TRACE: Remote Loader: Waiting for receive...
DirXML: [05/23/08 14:20:52.14]: TRACE: Remote Loader: Calling SubscriptionShim.execute()
DirXML: [05/23/08 14:20:52.14]: TRACE: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20071213 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify allow-adminp-support="true" cached-time="20080523122059.634Z" class-name="Person" event-id="idmvault1#20080523122059#1#1" notes-password-check-setting="default" notes-password-grace-period="0" qualified-src-dn="O=IDM\OU=Personer\OU=Ansatte\CN=testuser" src-dn="\IDMTRE\IDM\Personer\Ansatte\testuser" src-entry-id="40430" tell-adminp-process="tell adminp process all" timestamp="1211545259#5">
<association state="associated">2E84AE14D434C197882574520039F80 2</association>
<modify-attr attr-name="Comment">
<remove-value>
<value type="string">Password lock-out enabled</value>
</remove-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [05/23/08 14:20:52.15]: TRACE: <nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.11.20071213 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify allow-adminp-support="true" cached-time="20080523122059.634Z" class-name="Person" event-id="idmvault1#20080523122059#1#1" notes-password-check-setting="default" notes-password-grace-period="0" qualified-src-dn="O=IDM\OU=Personer\OU=Ansatte\CN=testuser" src-dn="\IDMTRE\IDM\Personer\Ansatte\testuser" src-entry-id="40430" tell-adminp-process="tell adminp process all" timestamp="1211545259#5">
<association state="associated">2E84AE14D434C197882574520039F80 2</association>
<modify-attr attr-name="Comment">
<remove-value>
<value type="string">Password lock-out enabled</value>
</remove-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: NotesSubscriptionShim: Connected to CN=Notes/O=Test
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: NotesSubscriptionShim: Connected as CN=IDMAdmin/O=Test
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: NotesSubscriptionShim: Reading from names.nsf
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: NotesSubscriptionShim: Input Document contains 1 Identity Manager commands
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: Subscriber Modify Op: UNID = 2E84AE14D434C197882574520039F802
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: Subscriber performModifyOperation() ** attr size = 1
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: Subscriber performModifyOperation() got attr #0
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: Subscriber: processModifyEvent - processing remove value
DirXML: [05/23/08 14:20:52.15]: TRACE: Notes: Subscriber: performModifyOperation() ** attr type = Comment attr value = Password lock-out enabled
DirXML: [05/23/08 14:20:52.17]: TRACE: Notes: Subscriber: performModifyOperation(). UNID = 2E84AE14D434C197882574520039F802
DirXML: [05/23/08 14:20:52.39]: TRACE: Notes: processUserPwdSettings: AdminP setUserPasswordSettings CN=testuser/O=Test request returned: 1373A
DirXML: [05/23/08 14:20:53.09]: TRACE: Remote Loader: SubscriptionShim.execute() returned:
DirXML: [05/23/08 14:20:53.09]: TRACE: <nds dtdversion="2.0" ndsversion="8.x">


-----

Observe "notes-password-check-setting="default"" being passed to the
driver, but the value of "Check password:" in Notes is not cleared as you
would expect...




Environment: Domino 7.0.2. IDM 3.5.1 (with the Notes driver from 3.5.1)

Regards,
Toralf Lote