Account status notifications are used to notify users (or administrators) about events that affect their accounts or potentially to invoke custom code if such events occur.
The types of events that can generate account status notifications include:
- The account has been locked after too many failed authentication attempts.
- A bind attempt failed because it has been too long since the user last authenticated.
- A bind attempt failed because the user did not choose a new password in a timely manner after an administrative reset.
- A bind attempt failed because the password was rejected by one or more bind password validators.
- The account has been unlocked by an administrator.
- The account has been disabled or enabled by an administrator.
- A bind attempt failed because the account is not yet active or has expired.
- A bind attempt failed because the password is expired.
- The user’s password is about to expire.
- The user has changed their own password.
- The user’s password has been reset by an administrator.
- The user’s account has been created with an add request that matches a defined set of criteria.
- The user’s account has been updated with a modify or modify distinguished name (DN) request that matches a defined set of criteria.
The following password policy configuration property can be used to configure one or more account status notification handlers for use with that policy:
account-status-notification-handler
- The set of account status notification handlers that should be invoked for users associated with the password policy.
The server offers support for a few types of account status notification handlers by default, including:
- A multi-part email account status notification handler that can generate elaborate email messages (containing plain-text and HTML-formatted body text and an optional set of attachments) from customizable templates.
- A legacy SMTP account status notification handler that can generate simple plain-text email messages.
- An error log account status notification handler that can record a message in the server’s error log when such events occur.
You can also use the UnboundID Server SDK to create custom account status notification handlers if desired.
See the config/sample-dsconfig-batch-files/enable-email-account-status-notifications.dsconfig batch file for more information about configuring the multi-part email account status notification handler, and see the config/account-status-notification-email-templates/README.txt file for a detailed overview of the options that are available for customizing the email templates.