#

# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

#

# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved

#

# The contents of this file are subject to the terms

# of the Common Development and Distribution License

# (the License). You may not use this file except in

# compliance with the License.

#

# You can obtain a copy of the License at

# https://opensso.dev.java.net/public/CDDLv1.0.html or

# opensso/legal/CDDLv1.0.txt

# See the License for the specific language governing

# permission and limitations under the License.

#

# When distributing Covered Code, include this CDDL

# Header Notice in each file and include the License file

# at opensso/legal/CDDLv1.0.txt.

# If applicable, add the following below the CDDL Header,

# with the fields enclosed by brackets [] replaced by

# your own identifying information:

# "Portions Copyrighted [year] [name of copyright owner]"

#

# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $

#

# Portions Copyrighted 2011-2013 ForgeRock Inc

# Portions Copyrighted 2012 Open Source Solution Technology Corporation

onlinehelp.doc=ldapauth.html

authentication=Authentication Modules

iplanet-am-auth-ldap-service-description=LDAP

UPerror=Both user ID and password are required.

classpathError=Class not found. Check the class path.

NoServer=Server cannot be contacted.

Naming=Naming error has occurred.

PasswordExp=Password expires in: {0}

GraceLogins=Your password has expired and you have {0} grace logins remaining.

TimeBeforeExpiration=Password expires in: {0}

PasswordReset=Password must be reset.

PasswdMismatch=The password and the confirm password do not match.

PasswordInvalid=Your password does not comply with present password policy.

NewPasswordInvalid=Your new password does not comply with present password policy.

UPsame=Username and password must be different. Try again.

inPwdQual=New password does not meet the password policy requirements.

pwdInHist=New password has been used previously.

pwdToShort=New password is too short.

pwdToYoung=Password has been changed recently, cannot change password.

PInvalid=The password you entered is invalid.

PasswdSame=The password must be different. Try again.

a101=Primary LDAP Server

a101.help=Use this list to set the primary LDAP server used for authentication.

a101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \

format:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \

The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\

The local server name is the full name of the server from the list of servers and sites.

a102=Secondary LDAP Server

a102.help=Use this list to set the secondary (failover) LDAP server used for authentication.

a102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \

A single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\

Multiple entries allow associations between OpenAM servers and a LDAP server. \

The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\

<i>NB </i>The local server name is the full name of the server from the list of servers and sites.

a103=DN to Start User Search

a103.help=The search for accounts to be authenticated start from this base DN

a103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \

The format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\

<i>NB </i>The local server name is the full name of the server from the list of servers and sites.

a104=Bind User DN

a104.help=The DN of an admin user used by the module to authentication to the LDAP server

a104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\

<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.

a104.help.uri=#tbd

a105=Bind User Password

a105.help=The password of the administration account.

a106=Attribute Used to Retrieve User Profile

a106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.

a106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \

find the user account. The value will be the name of the user used for authentication.

a107=Attributes Used to Search for a User to be Authenticated

a107.help=The attributes specified in this list form the LDAP search filter.

a107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \

values such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>

a108=User Search Filter

a108.help=This search filter will be appended to the standard user search filter.

a108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \

<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\

<code>(&(uid=<i>user</i>)(objectClass=person))</code>

a109=Search Scope

a109.help=The level in the Directory Server that will be searched for a matching user profile.

a109.help.txt=This attribute controls how the directory is searched.<br/><br/>\

<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\

<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\

<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>

a110=SSL/TLS Access to LDAP Server

a110.help=Ensures the SSL/TLS will be used to establish connections to the LDAP server.

a110.help.txt=If this property is enabled; all connections to the LDAP server will be over SSL/TLS. The SSL certificate on the LDAP server \

must be valid or the certificate must be trusted and stored in the OpenAM local certificate file.<br/><br/>\

<i>NB </i>Enabling <i>Trust All Server Certificates</i> will bypass the local certificate checking.

a111=Return User DN to DataStore

a111.help=Controls whether the DN or the username is returned as the authentication principal.

## Note level should have the highest

## number for i18N key since it should

## be the last attribute when viewed in

## the adminconsole

a500=Authentication Level

a500.help=The authentication level associated with this module.

a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \

associated with the module; 0 is the lowest (and the default).

a113=LDAP Server Check Interval

a113.help=The interval of the check used to detect failure in the LDAP server; in minutes.

a113.help.txt=This is the frequency that the LDAP module will check if the current LDAP server is available. If the server is not \

available then the module will failover to the other server.

a114=User Creation Attributes

a114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.

a114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \

the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\

<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>

a115=Minimum Password Length

a115.help=Enforced when the user is resetting their password as part of the authentication.

a115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \

a minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \

server password policy is enforcing password length, set this value to 0 to avoid confusion.

a116=LDAP Behera Password Policy Support

a116.help=Enables support for modern LDAP password policies

a116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \

only the older Netscape VCHU password policy standard will be enforced.

a117=Trust All Server Certificates

a117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.

a117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \

certificates (such as invalid hostname).<br/><br/>\

<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process

PasswdMinChars=New password contains fewer than minimum number of characters.

AcctInactive=Account is locked or not activated. Unlock or activate the account to continue.

#ExceedRetryLimit=Exceed password retry limit. Please try later.

ExceedRetryLimit=Authentication failed.

noUserMatchFound=User not found.

multipleUserMatchFound=Multiple matches found for this user. Contact your system administrator to fix the problem.

Nosecserver=No secondary server provided.

choiceObject=OBJECT

choiceOneLevel=ONELEVEL

choiceSubTree=SUBTREE

HostInvalid=Invalid host name.

HostUnknown=Unknown host {0}.

SchBaseInvalid=Invalid search base.

PwdInvalid=Invalid user password.

FConnect=Connection failed.

CredInvalid=Invalid credentials.

UsrNotExist=User does not exist :

UNAttr=User naming attribute is null.

USchAttr=User search attribute must have at least one value.

days=days

hours=hrs

minutes=mns

seconds=sec

i18nTrue=Enabled

i18nFalse=Disabled