Configuring Alerts and Account Status Notification Handlers

Oracle Unified Directory provides mechanisms for transmitting alert and account status notifications by means of JMX extensions or SMTP extensions. You can configure the directory server to send alert notifications when an event occurs during processing. Typical server events include server starts and shut downs, or problems that are detected by the server, such as an attempt to write to the configuration file.

You can also receive account status notifications when an event occurs during password policy processing, such as when accounts are locked out, accounts expire, passwords expire, and so on.

Alerts and account status notification handlers are configured by using the dsconfig command. For more information, see Managing the Server Configuration With dsconfig.

For additional information about the topics in this section, see Chapter 11, Managing Password Policies and The Alert Handler Configuration.

Managing Alert Handlers

Oracle Unified Directory supports the following alert handlers:

JMX alert handler for JMX notifications
SMTP alert handler for email notifications.
Custom alert handlers

To View All Configured Alert Handlers

Oracle Unified Directory stores alert handlers information in the configuration file under the cn=Alert Handlers,cn=config subtree. You can access the information using the dsconfig command.

To display a list of alert handlers, run the following dsconfig command:

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
 list-alert-handlers

Alert Handler     : Type : enabled
------------------:------:--------
JMX Alert Handler : jmx  : false

To Enable an Alert Handler

The JMX alert handler is disabled by default. Before you begin, you must configure JMX on the server. For more information, see Monitoring the Server With JConsole.

To list the alert handler's properties, use the dsconfig command as follows.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  get-alert-handler-prop \
  --handler-name "JMX Alert Handler"

Property            : Value(s)
--------------------:---------------------------------------------
disabled-alert-type : -
enabled             : false
enabled-alert-type  : -

To enable the alert handler, use dsconfig as follows.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  set-alert-handler-prop \
  --handler-name "JMX Alert Handler" --set enabled:true

(Optional) Verify the change by using dsconfig.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  get-alert-handler-prop \
  --handler-name "JMX Alert Handler"

Property            : Value(s)
--------------------:---------------------------------------------
disabled-alert-type : -
enabled             : true
enabled-alert-type  : -

To Configure an Alert Handler

You can create a new alert handler by using dsconfig. This example configures a new SMTP handler. Before starting this procedure, ensure that you have configured an SMTP server for your server.

To create an alert handler run dsconfig with the create-alert-handler subcommand.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  create-alert-handler \
  --handler-name "my SMTP Handler" --type smtp --set enabled:true \
  --set message-body:"Alert Type: %%alert-type%%\n\nAlert ID: \
  %%alert-id%%\n\nAlert Message: %%alert-message%%" \
  --set message-subject:"Alert Message" \
  --set recipient-address:directorymanager@example.com \
  --set sender-address:OUD-Alerts@directory.example.com

(Optional) View the list of alert handlers by using dsconfig.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
 list-alert-handlers

Supported Alert Types

The server sends out message alerts when an alert type event occurs in the system. The supported alert types are defined in the following table.

Alert Type	Description
Access Control Disabled Java Class: `org.opends.server.AccessControlDisabled`	Notify administrator that the access control handler has been disabled.
Access Control Enabled Java Class: `org.opends.server.Enabled`	Notify administrator that the access control handler has been enabled.
Access Control Parse Failed Java Class: `org.opends.server.authentication.dseecompat.ACIParseFailed`	Notify administrator if the Oracle Directory Server Enterprise Edition compatible access control subsystem failed to correctly parse one or more ACI rules when the server is first started.
Backend Environment Unusable Java Class: `org.opends.server.BackendRunRecovery`	Notify administrator that the JE back end throws a `RunRecoveryException` and the directory server needs to be restarted.
Cannot Copy Schema Files Java Class: `org.opends.server.CannotCopySchemaFiles`	Notify administrator if a problem occurs while attempting to create copies of the existing schema configuration before making a schema update, and the schema configuration is left in a potentially inconsistent state.
Cannot Find Recurring Task Java Class: `org.opends.server.CannotFindRecurringTask`	Notify administrator if the directory server is unable to locate a recurring task definition in order to schedule the next iteration once the previous iteration has completed.
Cannot Rename Current Task File Java Class: `org.opends.server.CannotRenameCurrentTaskFile`	Notify administrator if the directory server is unable to rename the current tasks backing file in the process of trying to write an updated version.
Cannot Rename New Task File Java Class: `org.opends.server.CannotRenameNewTaskFile`	Notify administrator if the directory server is unable to rename the new tasks backing file into place.
Cannot Schedule Recurring Iteration Java Class: `org.opends.server.CannotScheduleRecurringIteration`	Notify administrator if the directory server is unable to schedule an iteration of a recurring task.
Cannot Write Configuration Java Class: `org.opends.server.CannotWriteConfig`	Notify administrator if the directory server is unable to write its updated configuration for some reason and so the server cannot exhibit the new configuration if it is restarted.
Cannot Write New Schema Files Java Class: `org.opends.server.CannotWriteNewSchemaFiles`	Notify administrator if a problem occurs while attempting to write new versions of the server schema configuration files, and the schema configuration is left in a potentially inconsistent state.
Cannot Write Task File Java Class: `org.opends.server.CannotWriteTaskFile`	Notify administrator if the directory server is unable to write an updated tasks backing file for some reason.
Distribution Backend Does Not Support PreRead Control Java Class: `com.sun.dps.server.distribution.globalindex.UnsupportedDirectoryBackend`	Notify administrators if the distribution is unable to maintain the content of the global index catalog. This will happen \ if one or more servers do not support the Pre-Read Entry Control (RFC 4527)
Entering Lockdown Mode Java Class: `org.opends.server.EnteringLockdownMode`	Notify administrator that the directory server is entering lockdown mode, in which only root users will be allowed to perform operations and only over the loopback address.
LDAP Connection Handler Consecutive Failures Java Class: `org.opends.server.LDAPHandlerDisabledByConsecutiveFailures`	Notify administrator of consecutive failures that have occurred in the LDAP connection handler that have caused it to become disabled.
LDAP Connection Handler Uncaught Error Java Class: `org.opends.server.LDAPHandlerUncaughtError`	Notify administrator of uncaught errors in the LDAP connection handler that have caused it to become disabled.
LDAP Server Extension Failed Java Class: `com.sun.dps.server.workflowelement.proxyldap.LDAPServerExtension.LDAPServerExtensionDown`	Notify administrator that the LDAP Server Extension has been detected as Down.
LDAP Server Extension is Up Java Class: `com.sun.dps.server.workflowelement.proxyldap.LDAPServerExtension.LDAPServerExtensionUp`	Notify administrator that the LDAP Server Extension has been detected as UP.
LDIF Backend Cannot Write Update Java Class: `org.opends.server.LDIFBackendCannotWriteUpdate`	Notify administrator that an LDIF back end was unable to store an updated copy of the LDIF file after processing a write operation.
LDIF ConnHandler Parse Error Java Class: `org.opends.server.LDIFConnectionHandlerParseError`	Notify administrator that the LDIF connection handler encountered an unrecoverable error while attempting to parse an LDIF file.
LDIF ConnHandler IO Error Java Class: `org.opends.server.LDIFConnectionHandlerIOError`	Notify administrator that the LDIF connection handler encountered an I/O error that prevented it from completing its processing.
Leaving Lockdown Mode Java Class: `org.opends.server.LeavingLockdownMode`	Notify administrator that the directory server is leaving lockdown mode.
Manual Config Edit Handled Java Class: `org.opends.server.ManualConfigEditHandled`	Notify administrator if the directory server detects that its configuration has been manually edited with the server online and those changes were overwritten by another change made through the server. The manually-edited configuration will be copied off to another location.
Manual Config Edit Lost Java Class: `org.opends.server.ManualConfigEditLost`	Notify administrator if the directory server detects that its configuration has been manually edited with the server online and those changes were overwritten by another change made through the server. The manually-edited configuration could not be preserved due to an unexpected error.
New route elected by the SaturationLoadBalancingAlgorithm Java Class: `com.sun.dps.server.SaturationLoadBalancer`	Notify administrator that a new route has been elected as active route by the saturation load balancing algorithm.
New route elected by the FailoverLoadBalancingAlgorithm Java Class: `com.sun.dps.server.FailoverLoadBalancer`	Notify administrator that a new route has been elected as the active route by the failover load balancing algorithm.
Replication Unresolved Conflict Java Class: `org.opends.server.replication.UnresolvedConflict`	Notify administrator if the multimaster replication cannot automatically resolve a conflict.
Server Started Java Class: `org.opends.server.DirectoryServerStarted`	Notify administrator that the directory server has completed its startup process.
Server Shutdown Java Class: `org.opends.server.DirectoryServerShutdown`	Notify administrator that the directory server has begun the process of shutting down.
State change for a Saturation Load Balancing Route Java Class: `com.sun.dps.server.SaturationLoadBalancer`	Notify administrator that the saturation load balancing route state has changed (either from saturated to not saturated or from not saturated to saturated).
Uncaught Exception Java Class: `org.opends.server.UncaughtException`	Notify administrator if a directory server thread has encountered an uncaught exception that caused the thread to terminate abnormally. The impact that this problem has on the directory server depends on which thread was impacted and the nature of the exception.
Unique Attr Sync Conflict Java Class: `org.opends.server.UniqueAttributeSynchronizationConflict`	Notify administrator that a unique attribute conflict has been detected during synchronization processing.
Unique Attr Sync Error Java Class: `org.opends.server.UniqueAttributeSynchronizationError`	Notify administrator that an error occurred while attempting to perform unique attribute conflict detection during synchronization processing.
Unsupported Directory Backend Java Class: `com.sun.dps.server.distribution.globalindex.UnsupportedDirectoryBackend`	Notify administrator that the distribution is unable to maintain the content of the global index catalog. This will happen if one or more servers do not support the Pre-Read Entry Control (RFC 4527).

To Delete an Alert Handler

The following example removes an alert handler from the directory server.

Note - You can simply disable an alert handler instead of deleting it. In this case, the alert handler is available if you need to enable it again in the future. For more information, see To Disable an Alert Type.

To delete an alert handler use the following dsconfig command.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  delete-alert-handler \
  --handler-name "JMX Alert Handler"

To Disable an Alert Type

By default, all alert types are allowed. If you specify a value for the enabled-alert-type property, only alerts with one of those types are allowed. If you specify a value for the disabled-alert-type property, all alert types except for the values in that property are allowed. Alert types are specified by their Java class, as shown in this example.

To disable an alert type, specify its Java class as a value of the disabled-alert-type property.

This command disables the startup alert from the JMX Alert Handler.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  set-alert-handler-prop \
  --handler-name "JMX Alert Handler" \
  --set disabled-alert-type:org.opends.server.DirectoryServerStarted

Managing Account Status Notification Handlers

Account status notification handlers provide alerts on events during password policy processing. By default, the Error Log Account Status Notification handler is set to enabled upon initial configuration. The server writes a message to the server error log when one of the following events has been configured in the password policy and occurs during the course of password policy processing:

account-temporarily-locked
account-permanently-locked
account-unlocked
account-idle-locked
account-reset-locked
account-disabled
account-expired
password-expired
password expiring
password-reset
password-changed

The error log is located at install-dir/logs/errors.

To View the Configured Account Status Notification Handlers

Use dsconfig with the list-account-status-notification-handlers subcommand.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  list-account-status-notification-handlers

Account Status Notification Handler : Type      : enabled
------------------------------------:-----------:--------
Error Log Handler                   : error-log : true
SMTP Handler                        : smtp      : false

To Enable Account Status Notification Handlers

You can enable an existing account status notification handler using the dsconfig command. By default, the directory server enables the Error Log Handler when the server is initially configured. This example enables the SMTP notification handler.

To view the enabled property use dsconfig with the get-account-status-notification-handler-prop subcommand.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  get-account-status-notification-handler-prop --handler-name "SMTP Handler" \
--property enabled

Property : Value(s)
---------:---------
enabled  : false

To enable the notification handler use dsconfig with the set-account-status-notification-handler-prop subcommand.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  set-account-status-notification-handler-prop --handler-name "SMTP Handler" \
  --set property:enabled

To Create a New Account Status Notification Handler

Use dsconfig with the create-account-status-notification-handler subcommand to create the handler.

When you specify the type, you can use either error-log or generic (default).

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  create-account-status-notification-handler \
  --handler-name "My Password Reset Logger" --type error-log --set enabled:true \
  --set account-status-notification-type:password-reset

(Optional) Use dsconfig to view the list of account status notification handlers.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  list-account-status-notification-handlers

Account Status Notification Handler : Type      : enabled
------------------------------------:-----------:--------
Error Log Handler                   : error-log : true
my Password Reset Logger            : error-log : true
SMTP Handler                        : smtp      : false

To Delete an Account Status Notification Handler

You can disable an account status notification handler instead of deleting it. In this case, the alert handler is available if you need to enable it again in the future.

You can remove an account status notification handler entirely by using dsconfig.

Use dsconfig with the delete-account-status-notification-handler subcommand.

$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \
  delete-account-status-notification-handler --handler-name "My Password Reset Logger"

Skip Navigation Links
Exit Print View
	Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1)