Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
Admin Alert Account Status Notification Handlers provide a way to raise administrative alerts in response to a desired set of account status notification events.
These administrative alerts can be used to identify noteworthy events that user accounts, and especially accounts for users that are high-value targets, like server administrators. For example, this handler can be used to notify administrators whenever a root user's password is updated or if their account is locked (or an alternative lockout action is taken) as a result of too many failed attempts.
This account status notification handler will only have any effect if it is added to one or more password policies. If it is added to a password policy, then administrative alerts will be generated any time a relevant event occurs for any account subject to that password policy.
↓Parent Component
↓Properties
↓dsconfig Usage
The Admin Alert Account Status Notification Handler component inherits from the Account Status Notification Handler
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ asynchronous | |
| ↓ account-creation-notification-request-criteria | |
| ↓ account-update-notification-request-criteria | |
| ↓ account-status-notification-type |
| Description | A description for this Account Status Notification Handler |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the server should attempt to invoke this Account Status Notification Handler in a background thread so that any potentially-expensive processing (e.g., performing network communication to deliver a message) will not delay processing for the operation that triggered the notification. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
account-creation-notification-request-criteria
| Description | A request criteria object that identifies which add requests should result in account creation notifications for this handler. If this is not defined, then account creation notifications will not be processed by this account status notification handler. If it is defined, then account creation notifications will only be handled for add requests that match the provided criteria. |
| Default Value | Account creation notifications will not be processed by this account status notification handler. |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
account-update-notification-request-criteria
| Description | A request criteria object that identifies which modify and modify DN requests should result in account update notifications for this handler. If this is not defined, then account update notifications will not be processed by this account status notification handler. If it is defined, then account update notifications will only be handled for modify and modify DN requests that match the provided criteria. |
| Default Value | Account update notifications will not be processed by this account status notification handler. |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
account-status-notification-type
| Description | The types of account status notifications that should result in administrative alerts. |
| Default Value | None |
| Allowed Values | account-temporarily-locked - Generate an administrative alert whenever a user's account is temporarily locked (or an alternative lockout action is taken ) as a result of too many failed authentication attempts. account-permanently-locked - Generate an administrative alert whenever a user's account is permanently locked (or an alternative lockout action is taken) as a result of too many failed authentication attempts. account-unlocked - Generate an administrative alert whenever a locked account has been unlocked by an administrator. account-idle-locked - Generate an administrative alert whenever a user fails to authenticate because too much time had elapsed since they last successfully authenticated. account-reset-locked - Generate an administrative alert whenever a user fails to authenticate because they were required to choose a new password after an administrative reset but did not do so within the required interval. account-disabled - Generate an administrative alert whenever an account is disabled by an administrator. account-enabled - Generate an administrative alert whenever an account is enabled by an administrator. account-not-yet-active - Generate an administrative alert whenever a user fails to authenticate because their account has an activation time that is in the future. account-expired - Generate an administrative alert whenever a user fails to authenticate because their account has an expiration time that is in the past. password-expired - Generate an administrative alert whenever a user fails to authenticate because their password is expired. password-expiring - Generate an administrative alert whenever a user is first notified of an upcoming password expiration. password-reset - Generate an administrative alert whenever a user's password is reset by an administrator. password-changed - Generate an administrative alert whenever a user changes their own password. account-created - Generate an administrative alert whenever a user account is created with an add request that matches a defined set of criteria. account-updated - Generate an administrative alert whenever a user account is updated with a modify or modify DN request that matches a defined set of criteria. bind-password-failed-validation - Generate an administrative alert whenever a user fails to authenticate because their password did not satisfy all of the configured password validators. must-change-password - Generate an administrative alert whenever a user successfully authenticates to the server but will be required to choose a new password before they will be allowed to perform any other operations. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Account Status Notification Handlers:
dsconfig list-account-status-notification-handlers
[--property {propertyName}] ...
To view the configuration for an existing Account Status Notification Handler:
dsconfig get-account-status-notification-handler-prop
--handler-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Account Status Notification Handler:
dsconfig set-account-status-notification-handler-prop
--handler-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Admin Alert Account Status Notification Handler:
dsconfig create-account-status-notification-handler
--handler-name {name}
--type admin-alert
--set enabled:{propertyValue}
--set account-status-notification-type:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Account Status Notification Handler:
dsconfig delete-account-status-notification-handler
--handler-name {name}