The types of events that can generate account status notifications include:

  • The account has been locked after too many failed authentication attempts.
  • A bind attempt failed because it has been too long since the user last authenticated.
  • A bind attempt failed because the user did not choose a new password in a timely manner after an administrative reset.
  • A bind attempt failed because the password was rejected by one or more bind password validators.
  • The account has been unlocked by an administrator.
  • The account has been disabled or enabled by an administrator.
  • A bind attempt failed because the account is not yet active or has expired.
  • A bind attempt failed because the password is expired.
  • The user’s password is about to expire.
  • The user has changed their own password.
  • The user’s password has been reset by an administrator.
  • The user’s account has been created with an add request that matches a defined set of criteria.
  • The user’s account has been updated with a modify or modify distinguished name (DN) request that matches a defined set of criteria.

The following password policy configuration property can be used to configure one or more account status notification handlers for use with that policy:

account-status-notification-handler
The set of account status notification handlers that should be invoked for users associated with the password policy.

The server offers support for a few types of account status notification handlers by default, including:

  • A multi-part email account status notification handler that can generate elaborate email messages (containing plain-text and HTML-formatted body text and an optional set of attachments) from customizable templates.
  • A legacy SMTP account status notification handler that can generate simple plain-text email messages.
  • An error log account status notification handler that can record a message in the server’s error log when such events occur.

You can also use the UnboundID Server SDK to create custom account status notification handlers if desired.

See the config/sample-dsconfig-batch-files/enable-email-account-status-notifications.dsconfig batch file for more information about configuring the multi-part email account status notification handler, and see the config/account-status-notification-email-templates/README.txt file for a detailed overview of the options that are available for customizing the email templates.