amAuthAD.properties revision 0060948e91c50750c2bebdfc81e3619ee6332311
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
82bdf8ce36ccfe1b6ff389a9c9c7e2b2d049a43dTom Gundersen# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# The contents of this file are subject to the terms
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# of the Common Development and Distribution License
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# (the License). You may not use this file except in
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# compliance with the License.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# You can obtain a copy of the License at
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# https://opensso.dev.java.net/public/CDDLv1.0.html or
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# See the License for the specific language governing
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# permission and limitations under the License.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# When distributing Covered Code, include this CDDL
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# Header Notice in each file and include the License file
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# If applicable, add the following below the CDDL Header,
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# with the fields enclosed by brackets [] replaced by
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# your own identifying information:
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# "Portions Copyrighted [year] [name of copyright owner]"
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# $Id: amAuthAD.properties,v 1.5 2009/12/11 01:43:23 goodearth Exp $
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# Portions Copyrighted 2011-2015 ForgeRock AS.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen# Portions Copyrighted 2012 Open Source Solution Technology Corporation
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersenauthentication=Authentication Modules
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenLDAPex=Unknown LDAP exception.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenUPerror=Both user ID and password required.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenclasspathError=Class not found. Check class path.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenInvalidUP=Invalid user ID and password. Try again.
10b17992ee59ac1d03d6fc210a976bc2b59f6d75Jason St. JohnNoUser=User ID not found.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenNoServer=Server cannot be contacted.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenNaming=Naming error has occurred.
10b17992ee59ac1d03d6fc210a976bc2b59f6d75Jason St. JohnsunAMAuthADServiceDescription=Active Directory
10b17992ee59ac1d03d6fc210a976bc2b59f6d75Jason St. JohnPasswordExp=Password Expires In: {0}
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenGraceLogins=Your password has expired and you have {0} grace logins remaining.
10b17992ee59ac1d03d6fc210a976bc2b59f6d75Jason St. JohnTimeBeforeExpiration=Password expires in: {0}
10b17992ee59ac1d03d6fc210a976bc2b59f6d75Jason St. JohnPasswordReset=Reset the password.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenPasswdMismatch=The password and the confirm password do not match.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenPasswordInvalid=Your password does not comply with present password policy.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenNewPasswordInvalid=Your new password does not comply with present password policy.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenUPsame=Username and password must be different. Try again.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GunderseninPwdQual=New password does not meet the password policy requirements.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenpwdInHist=New password has been used previously.
6436165dbc500f14abfec738af28f87a71f6a12aLennart PoetteringpwdToShort=New password is too short.
54cba0b16cdc94d5c21e8d805a4ade1255d43bc9Tom GundersenpwdToYoung=Password has been changed recently, cannot change password.
6436165dbc500f14abfec738af28f87a71f6a12aLennart PoetteringPInvalid=The password you have entered is invalid.
6436165dbc500f14abfec738af28f87a71f6a12aLennart PoetteringPasswdSame=The password must be different. Try again.
6436165dbc500f14abfec738af28f87a71f6a12aLennart PoetteringPasswdMinChars=Password contains fewer than minimum number of characters.
6436165dbc500f14abfec738af28f87a71f6a12aLennart Poetteringa101=Primary Active Directory Server
6436165dbc500f14abfec738af28f87a71f6a12aLennart Poetteringa101.help=Use this list to set the primary Active Directory server used for authentication.
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa101.help.txt=The Active Directory authentication module will use this list as the primary server for authentication. A single entry must \
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringbe in the format:<br/><br/><code>server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and an \
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart PoetteringActive Directory server. \
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart PoetteringThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart PoetteringThe local server name is the full name of the server from the list of servers and sites.
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa102=Secondary Active Directory Server
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa102.help=Use this list to set the secondary (failover) Active Directory server used for authentication.
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa102.help.txt=If the primary Active Directory server fails, the Active Directory authentication module will failover to the secondary \
438ca2bbd4dc1de6193ec61f3c12e19cded7921dTom Gundersenserver. A single entry must be in the format:<br/><br/><code>server:port</code><br/><br/>\
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom GundersenMultiple entries allow associations between OpenAM servers and an Active Directory server. \
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom GundersenThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom Gundersen<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom Gundersena103=DN to Start User Search
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom Gundersena103.help=The search for accounts to be authenticated start from this base DN
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom Gundersena103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
8434fd5cf23f998a0f3a0f947a4308a8c18ba7a5Tom GundersenThe format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersen<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersena104=Bind User DN
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersena104.help=The DN of an admin user used by the module to authentication to the LDAP server
438ca2bbd4dc1de6193ec61f3c12e19cded7921dTom Gundersena104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersen<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersena105=Bind User Password
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersena105.help=The password of the administration account.
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersena106=Attribute Used to Retrieve User Profile
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersena106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersena106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersenfind the user account. The value will be the name of the user used for authentication.
d3df0e3982777fd5de8cffaa585eba0af3773c08Tom Gundersena107=Attributes Used to Search for a User to be Authenticated
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersena107.help=The attributes specified in this list form the LDAP search filter.
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersena107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersenvalues such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
d6731e4c7964ee2860d4f5abdb0b52acd7a66960Tom Gundersena108=User Search Filter
deb2e5230b4dcbc0e2e02cc47a0b2d0d7179a044Tom Gundersena108.help=This search filter will be appended to the standard user search filter.
6f4dedb250f2d607eceefaa491f338becbeee7c0Tom Gundersena108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
6f4dedb250f2d607eceefaa491f338becbeee7c0Tom Gundersen<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
d6731e4c7964ee2860d4f5abdb0b52acd7a66960Tom Gundersen<code>(&(uid=<i>user</i>)(objectClass=person))</code>
7dbf94a9c4dcdf9b56384e66eb2652fb61da5063Tom Gundersena109=Search Scope
6f4dedb250f2d607eceefaa491f338becbeee7c0Tom Gundersena109.help=The level in the Directory Server that will be searched for a matching user profile.
6f4dedb250f2d607eceefaa491f338becbeee7c0Tom Gundersena109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
d6731e4c7964ee2860d4f5abdb0b52acd7a66960Tom Gundersen<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
7dbf94a9c4dcdf9b56384e66eb2652fb61da5063Tom Gundersen<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poettering<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa110=SSL/TLS Access to Active Directory Server
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa110.help=Ensures the SSL/TLS will be used to establish connections to the LDAP server.
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa110.help.txt=If this property is enabled; all connections to the Active Directory server will be over SSL/TLS. The SSL certificate on \
d6731e4c7964ee2860d4f5abdb0b52acd7a66960Tom Gundersenthe Active Directory server must be valid or the certificate must be trusted and stored in the OpenAM local certificate file.
03cc0fd1431b82e59c11ae12a274c1f2df23169dLennart Poetteringa111=Return User DN to DataStore
9b4d1882ca46d5b2ae7d028ec2b5d0d0c3a46a76Tom Gundersena111.help=Controls whether the DN or the username is returned as the authentication principal.
9b4d1882ca46d5b2ae7d028ec2b5d0d0c3a46a76Tom Gundersena114=User Creation Attributes
9b4d1882ca46d5b2ae7d028ec2b5d0d0c3a46a76Tom Gundersena114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
67272d157a35e5cda4e5c904eafdcc23d20541d1Tom Gundersena114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
67272d157a35e5cda4e5c904eafdcc23d20541d1Tom Gundersenthe users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
67272d157a35e5cda4e5c904eafdcc23d20541d1Tom Gundersen<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
67272d157a35e5cda4e5c904eafdcc23d20541d1Tom Gundersena117=Trust All Server Certificates
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersencertificates (such as invalid hostname).<br/><br/>\
7e141e498c73ec7c8b61a0df37c4937f1d6becc7Tom Gundersen<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
0014a4ad505d119c7ac4346d9d774c3f17f663a5Lennart Poetteringa118=LDAP Connection Heartbeat Interval
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena118.help=Specifies how often should OpenAM send a heartbeat request to the directory.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena118.help.txt=Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersenrequests will ensure that the connections won't become idle. Use along with the Heartbeat Time Unit parameter to \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersendefine the correct interval. Zero or negative value will result in disabling heartbeat requests.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena119=LDAP Connection Heartbeat Time Unit
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena119.help=Defines the time unit corresponding to the Heartbeat Interval setting.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena119.help.txt=Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersenrequests will ensure that the connections won't become idle.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena120=LDAP operations timeout
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena120.help=Defines the timeout in seconds OpenAM should wait for a response of the Directory Server - <code>0</code> means no timeout.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersena120.help.txt=If the Directory Server's host is down completely or the TCP connection became stale OpenAM waits until operation \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersentimeouts from the OS or the JVM are applied. However this setting allows more granular control within OpenAM itself. \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenA value of <code>0</code> means NO timeout is applied on OpenAM level and the timeouts from the JVM or OS will apply.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom GundersenAcctInactive=Account in-activated or locked. Unlock or activate the account.
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen## Note level should have the highest
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen## number for i18N key since it should
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \