From e94c4d742f1c6cf4eeface3181c4de9ab3632460 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Thu, 06 Oct 2011 08:48:48 +0000
Subject: [PATCH] Fix for OPENDJ-305: Enable notificaiton if any changes in Users' entry

---
 opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-account-lockout.xml |   29 +++++++++++++++++++++++++++--
 1 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-account-lockout.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-account-lockout.xml
index 0d152aa..792a050 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-account-lockout.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-account-lockout.xml
@@ -191,12 +191,34 @@
    <secondary>Status notifications</secondary>
   </indexterm>
   <para>OpenDJ can send mail about account status changes. OpenDJ needs an
-  SMTP server to send messages. By default, message templates are in
-  English.</para>
+  SMTP server to send messages, and needs templates for the mail it sends.
+  By default, message templates are in English, under
+  <filename>/path/to/OpenDJ/config/messages/</filename>.</para>
+  
+  <para>OpenDJ generates notifications only when OpenDJ writes to an entry or
+  evaluates a user entry for authentication. OpenDJ generates account enabled
+  and account disabled notifications when the user account is enabled or
+  disabled with the <command>manage-account</command> command, which writes
+  to the entry. OpenDJ generates password expiration notifications when a
+  user tries to bind.</para>
+  
+  <!-- TODO: olink to the controls appendix. -->
+  <para>For example, if you set up OpenDJ to send a notification about password
+  expiration, that notification gets triggered when the user authenticates
+  during the password expiration warning interval. OpenDJ does not
+  automatically scan entries to send password expiry notifications. OpenDJ does
+  implement controls that you can pass in an LDAP search to determine whether a
+  user's password is about to expire. See the appendix on
+  <citetitle>LDAP Controls</citetitle> for a list. You can send notifications
+  then based on the results of your search.</para>
   
   <procedure xml:id="mail-account-status-notifications">
    <title>To Mail Users About Account Status</title>
    
+   <para>The following steps demonstrate how to set up notifications. Whether
+   OpenDJ sends notifications depends on the settings in the password policy,
+   and on account activity as described above.</para>
+   
    <step>
     <para>Identify the SMTP server to which OpenDJ sends messages.</para>
     <screen>$ dsconfig
@@ -221,6 +243,9 @@
  --set enabled:true
  --set email-address-attribute-type:mail
  -X -n</screen>
+    <para>Notice that OpenDJ finds the user's mail address on the attribute
+    on the user's entry, specified by
+    <literal>email-address-attribute-type</literal>.</para>
     <para>You can also configure the <literal>message-subject</literal> and
     <literal>message-template-file</literal> properties. Try interactive
     mode if you plan to do so.</para>

--
Gitblit v1.10.0