OpenDJ can send mail about account status changes. OpenDJ needs an
SMTP server to send messages, and needs templates for the mail it sends.
By default, message templates are in English, under
/path/to/opendj/config/messages/.
OpenDJ generates notifications only when OpenDJ writes to an entry or evaluates a user entry for authentication. OpenDJ generates account enabled and account disabled notifications when the user account is enabled or disabled with the manage-account command, which writes to the entry. OpenDJ generates password expiration notifications when a user tries to bind.
For example, if you set up OpenDJ to send a notification about password expiration, that notification gets triggered when the user authenticates during the password expiration warning interval. OpenDJ does not automatically scan entries to send password expiry notifications. OpenDJ does implement controls that you can pass in an LDAP search to determine whether a user's password is about to expire. See the appendix on LDAP Controls for a list. You can send notifications then based on the results of your search.
Procedure 12.3. To Mail Users About Account Status
The following steps demonstrate how to set up notifications. Whether OpenDJ sends notifications depends on the settings in the password policy, and on account activity as described above.
-
Identify the SMTP server to which OpenDJ sends messages.
$ dsconfig set-global-configuration-prop --port 4444 --hostname `hostname` --bindDN "cn=Directory Manager" --bindPassword password --set smtp-server:smtp.example.com --trustAll --no-prompt
-
Set up OpenDJ to be able to mail users about account status.
$ dsconfig set-account-status-notification-handler-prop --port 4444 --hostname `hostname` --bindDN "cn=Directory Manager" --bindPassword password --handler-name "SMTP Handler" --set enabled:true --set email-address-attribute-type:mail --trustAll --no-prompt
Notice that OpenDJ finds the user's mail address on the attribute on the user's entry, specified by
email-address-attribute-type.You can also configure the
message-subjectandmessage-template-fileproperties. Try interactive mode if you plan to do so.You find templates for messages by default under the
config/messagesdirectory. You can edit the templates to suit your purposes. -
Adjust applicable password policies to use the account status notification handler you configured.
$ dsconfig set-password-policy-prop --port 4444 --hostname `hostname` --bindDN "cn=Directory Manager" --bindPassword password --policy-name "Default Password Policy" --set account-status-notification-handler:"SMTP Handler" --trustAll --no-prompt
About Notification Message Templates
When editing the config/messages templates
to suit your purposes, you can use the following tokens to have OpenDJ
update the message text dynamically.
%%notification-type%%-
This token is replaced with the name of the account status notification type for the notification.
%%notification-message%%-
This token is replaced with the message for the account status notification.
%%notification-user-dn%%-
This token is replaced with the string representation of the DN for the user that is the target of the account status notification.
%%notification-user-attr:attrname%%-
This token is replaced with the value of the attribute specified by
attrnamefrom the user's entry. If the specified attribute has multiple values, then OpenDJ uses the first value encountered. If the specified attribute does not have any values, then OpenDJ replaces it with an emtpy string. %%notification-property:propname%%-
This token is replaced with the value of the specified notification property from the account status notification. If the specified property has multiple values, then OpenDJ uses the first value encountered. If the specified property does not have any values, then OpenDJ replaces it with an emtpy string. Valid
propnamevalues include the following.-
account-unlock-time -
new-password -
old-password -
password-expiration-time -
password-policy-dn -
seconds-until-expiration -
seconds-until-unlock -
time-until-expiration -
time-until-unlock
-
