amAuthLDAP.properties revision 9bbff27a21f54d27d6215bace2899e4cb1a08bad
af062818b47340eef15700d2f0211576ba3506eevboxsync# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
af062818b47340eef15700d2f0211576ba3506eevboxsync# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
af062818b47340eef15700d2f0211576ba3506eevboxsync# The contents of this file are subject to the terms
af062818b47340eef15700d2f0211576ba3506eevboxsync# of the Common Development and Distribution License
af062818b47340eef15700d2f0211576ba3506eevboxsync# (the License). You may not use this file except in
af062818b47340eef15700d2f0211576ba3506eevboxsync# compliance with the License.
af062818b47340eef15700d2f0211576ba3506eevboxsync# You can obtain a copy of the License at
af062818b47340eef15700d2f0211576ba3506eevboxsync# https://opensso.dev.java.net/public/CDDLv1.0.html or
af062818b47340eef15700d2f0211576ba3506eevboxsync# See the License for the specific language governing
af062818b47340eef15700d2f0211576ba3506eevboxsync# permission and limitations under the License.
af062818b47340eef15700d2f0211576ba3506eevboxsync# When distributing Covered Code, include this CDDL
af062818b47340eef15700d2f0211576ba3506eevboxsync# Header Notice in each file and include the License file
4b9d6701570cb98fd36e209314239d104ec584d3vboxsync# If applicable, add the following below the CDDL Header,
4b9d6701570cb98fd36e209314239d104ec584d3vboxsync# with the fields enclosed by brackets [] replaced by
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync# your own identifying information:
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync# "Portions Copyrighted [year] [name of copyright owner]"
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $
af062818b47340eef15700d2f0211576ba3506eevboxsync# Portions Copyrighted 2011 ForgeRock Inc
af062818b47340eef15700d2f0211576ba3506eevboxsync# Portions Copyrighted 2012 Open Source Solution Technology Corporation
af062818b47340eef15700d2f0211576ba3506eevboxsyncauthentication=Authentication Modules
af062818b47340eef15700d2f0211576ba3506eevboxsynciplanet-am-auth-ldap-service-description=LDAP
af062818b47340eef15700d2f0211576ba3506eevboxsyncLDAPex=Unknown LDAP exception.
af062818b47340eef15700d2f0211576ba3506eevboxsyncUPerror=Both user ID and password are required.
af062818b47340eef15700d2f0211576ba3506eevboxsyncclasspathError=Class not found. Check the class path.
af062818b47340eef15700d2f0211576ba3506eevboxsyncInvalidUP=Invalid user ID and password. Try again.
af062818b47340eef15700d2f0211576ba3506eevboxsyncNoUser=User ID not found.
af062818b47340eef15700d2f0211576ba3506eevboxsyncNoServer=Server cannot be contacted.
af062818b47340eef15700d2f0211576ba3506eevboxsyncNaming=Naming error has occurred.
af062818b47340eef15700d2f0211576ba3506eevboxsyncPasswordExp=Password expires in: {0}
af062818b47340eef15700d2f0211576ba3506eevboxsyncGraceLogins=Your password has expired and you have {0} grace logins remaining.
af062818b47340eef15700d2f0211576ba3506eevboxsyncTimeBeforeExpiration=Password expires in: {0}
af062818b47340eef15700d2f0211576ba3506eevboxsyncPasswordReset=Password must be reset.
af062818b47340eef15700d2f0211576ba3506eevboxsyncPasswdMismatch=The password and the confirm password do not match.
af062818b47340eef15700d2f0211576ba3506eevboxsyncPasswordInvalid=Your password does not comply with present password policy.
af062818b47340eef15700d2f0211576ba3506eevboxsyncNewPasswordInvalid=Your new password does not comply with present password policy.
af062818b47340eef15700d2f0211576ba3506eevboxsyncUPsame=Username and password must be different. Try again.
af062818b47340eef15700d2f0211576ba3506eevboxsyncinPwdQual=New password does not meet the password policy requirements.
af062818b47340eef15700d2f0211576ba3506eevboxsyncpwdInHist=New password has been used previously.
af062818b47340eef15700d2f0211576ba3506eevboxsyncpwdToShort=New password is too short.
af062818b47340eef15700d2f0211576ba3506eevboxsyncpwdToYoung=Password has been changed recently, cannot change password.
af062818b47340eef15700d2f0211576ba3506eevboxsyncPInvalid=The password you entered is invalid.
af062818b47340eef15700d2f0211576ba3506eevboxsyncPasswdSame=The password must be different. Try again.
af062818b47340eef15700d2f0211576ba3506eevboxsynca101=Primary LDAP Server
af062818b47340eef15700d2f0211576ba3506eevboxsynca101.help=Use this list to set the primary LDAP server used for authentication.
af062818b47340eef15700d2f0211576ba3506eevboxsynca101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
af062818b47340eef15700d2f0211576ba3506eevboxsyncformat:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
af062818b47340eef15700d2f0211576ba3506eevboxsyncThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsyncThe local server name is the full name of the server from the list of servers and sites.
af062818b47340eef15700d2f0211576ba3506eevboxsynca102=Secondary LDAP Server
af062818b47340eef15700d2f0211576ba3506eevboxsynca102.help=Use this list to set the secondary (failover) LDAP server used for authentication.
af062818b47340eef15700d2f0211576ba3506eevboxsynca102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
af062818b47340eef15700d2f0211576ba3506eevboxsyncA single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsyncMultiple entries allow associations between OpenAM servers and a LDAP server.\
af062818b47340eef15700d2f0211576ba3506eevboxsyncThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
af062818b47340eef15700d2f0211576ba3506eevboxsynca103=DN to Start User Search
af062818b47340eef15700d2f0211576ba3506eevboxsynca103.help=The search for accounts to be authenticated start from this base DN
af062818b47340eef15700d2f0211576ba3506eevboxsynca103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
af062818b47340eef15700d2f0211576ba3506eevboxsyncThe format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
af062818b47340eef15700d2f0211576ba3506eevboxsynca104=Bind User DN
af062818b47340eef15700d2f0211576ba3506eevboxsynca104.help=The DN of an admin user used by the module to authentication to the LDAP server
af062818b47340eef15700d2f0211576ba3506eevboxsynca104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
af062818b47340eef15700d2f0211576ba3506eevboxsynca105=Bind User Password
af062818b47340eef15700d2f0211576ba3506eevboxsynca105.help=The password of the administration account.
af062818b47340eef15700d2f0211576ba3506eevboxsynca106=Attribute Used to Retrieve User Profile
af062818b47340eef15700d2f0211576ba3506eevboxsynca106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
af062818b47340eef15700d2f0211576ba3506eevboxsynca106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
af062818b47340eef15700d2f0211576ba3506eevboxsyncfind the user account. The value will be the name of the user used for authentication.
af062818b47340eef15700d2f0211576ba3506eevboxsynca107=Attributes Used to Search for a User to be Authenticated
af062818b47340eef15700d2f0211576ba3506eevboxsynca107.help=The attributes specified in this list form the LDAP search filter.
af062818b47340eef15700d2f0211576ba3506eevboxsynca107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
af062818b47340eef15700d2f0211576ba3506eevboxsyncvalues such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
af062818b47340eef15700d2f0211576ba3506eevboxsynca108=User Search Filter
af062818b47340eef15700d2f0211576ba3506eevboxsynca108.help=This search filter will be appended to the standard user search filter.
af062818b47340eef15700d2f0211576ba3506eevboxsynca108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
af062818b47340eef15700d2f0211576ba3506eevboxsync<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<code>(&(uid=<i>user</i>)(objectClass=person))</code>
af062818b47340eef15700d2f0211576ba3506eevboxsynca109=Search Scope
af062818b47340eef15700d2f0211576ba3506eevboxsynca109.help=The level in the Directory Server that will be searched for a matching user profile.
af062818b47340eef15700d2f0211576ba3506eevboxsynca109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
af062818b47340eef15700d2f0211576ba3506eevboxsynca110=SSL/TLS Access to LDAP Server
af062818b47340eef15700d2f0211576ba3506eevboxsynca110.help=Ensures the SSL/TLS will be used to establish connections to the LDAP server.
af062818b47340eef15700d2f0211576ba3506eevboxsynca110.help.txt=If this property is enabled; all connections to the LDAP server will be over SSL/TLS. The SSL certificate on the LDAP server \
af062818b47340eef15700d2f0211576ba3506eevboxsyncmust be valid or the certificate must be trusted and stored in the OpenAM local certificate file.<br/><br/>\
af062818b47340eef15700d2f0211576ba3506eevboxsync<i>NB </i>Enabling <i>Trust All Server Certificates</i> will bypass the local certificate checking.
af062818b47340eef15700d2f0211576ba3506eevboxsynca111=Return User DN to DataStore
af062818b47340eef15700d2f0211576ba3506eevboxsynca111.help=Controls whether the DN or the username is returned as the authentication principal.
af062818b47340eef15700d2f0211576ba3506eevboxsync## Note level should have the highest
af062818b47340eef15700d2f0211576ba3506eevboxsync## number for i18N key since it should
af062818b47340eef15700d2f0211576ba3506eevboxsync## be the last attribute when viewed in
af062818b47340eef15700d2f0211576ba3506eevboxsync## the adminconsole
af062818b47340eef15700d2f0211576ba3506eevboxsynca500=Authentication Level
af062818b47340eef15700d2f0211576ba3506eevboxsynca500.help=The authentication level associated with this module.
af062818b47340eef15700d2f0211576ba3506eevboxsynca500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
af062818b47340eef15700d2f0211576ba3506eevboxsyncassociated with the module; 0 is the lowest (and the default).
af062818b47340eef15700d2f0211576ba3506eevboxsynca113=LDAP Server Check Interval
af062818b47340eef15700d2f0211576ba3506eevboxsynca113.help=The interval of the check used to detect failure in the LDAP server; in minutes.
a113.help.txt=This is the frequency that the LDAP module will check if the current LDAP server is available. If the server is not \
a114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
a114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
a115.help=Enforced when the user is resetting their password as part of the authentication.
a115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \
a minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
a116.help=Enables support for modern LDAP password policies
a116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
a117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
a117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \