amAuthLDAP.properties revision d53bf94f0ac3f4b6f48d63b04efb5b610d3c30b0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
#
# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $
#
# Portions Copyrighted 2011 ForgeRock Inc
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
authentication=Authentication Modules
iplanet-am-auth-ldap-service-description=LDAP
LDAPex=Unknown LDAP exception.
UPerror=Both user ID and password are required.
classpathError=Class not found. Check the class path.
InvalidUP=Invalid user ID and password. Try again.
NoUser=User ID not found.
NoServer=Server cannot be contacted.
Naming=Naming error has occurred.
PasswordExp=Password expires in: {0}
GraceLogins=Your password has expired and you have {0} grace logins remaining.
TimeBeforeExpiration=Password expires in: {0}
PasswordReset=Password must be reset.
PasswdMismatch=The password and the confirm password do not match.
PasswordInvalid=Your password does not comply with present password policy.
NewPasswordInvalid=Your new password does not comply with present password policy.
UPsame=Username and password must be different. Try again.
inPwdQual=New password does not meet the password policy requirements.
pwdInHist=New password has been used previously.
pwdToShort=New password is too short.
pwdToYoung=Password has been changed recently, cannot change password.
PInvalid=The password you entered is invalid.
PasswdSame=The password must be different. Try again.
PasswdMinChars=Password does not meet minimum length or age requirements.
a101=Primary LDAP Server
a101.help=Use this list to set the primary LDAP server used for authentication.
a101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
format:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
The local server name is the full name of the server from the list of servers and sites.
a102=Secondary LDAP Server
a102.help=Use this list to set the secondary (failover) LDAP server used for authentication.
a102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
A single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\
Multiple entries allow associations between OpenAM servers and a LDAP server.\
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a103=DN to Start User Search
a103.help=The search for accounts to be authenticated start from this base DN
a103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
The format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a104=Bind User DN
a104.help=The DN of an admin user used by the module to authentication to the LDAP server
a104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
a104.help.uri=#tbd
a105=Bind User Password
a105.help=The password of the administration account.
a106=Attribute Used to Retrieve User Profile
a106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
a106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
find the user account. The value will be the name of the user used for authentication.
a107=Attributes Used to Search for a User to be Authenticated
a107.help=The attributes specified in this list form the LDAP search filter.
a107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
values such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
a108=User Search Filter
a108.help=This search filter will be appended to the standard user search filter.
a108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
<code>(&(uid=<i>user</i>)(objectClass=person))</code>
a109=Search Scope
a109.help=The level in the Directory Server that will be searched for a matching user profile.
a109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
a110=SSL/TLS Access to LDAP Server
a110.help.txt=If this property is enabled; all connections to the LDAP server will be over SSL/TLS. The SSL certificate on the LDAP server \
must be valid or the certificate must be trusted and stored in the OpenAM local certificate file.<br/><br/>\
<i>NB </i>Enabling <i>Trust All Server Certificates</i> will bypass the local certificate checking.
a111=Return User DN to DataStore
a111.help=Controls whether the DN or the username is returned as the authentication principal.
## Note level should have the highest
## number for i18N key since it should
## be the last attribute when viewed in
## the adminconsole
a500=Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
a113=LDAP Server Check Interval
a113.help=The interval of the check used to detect failure in the LDAP server; in minutes.
a113.help.txt=This is the frequency that the LDAP module will check if the current LDAP server is available. If the server is not \
available then the module will failover to the other server.
a114=User Creation Attributes
a114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
a114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
a115=Minimum Password Length
a115.help=Enforced when the user is resetting their password as part of the authentication.
a115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \
a minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
server password policy is enforcing password length, set this value to 0 to avoid confusion.
a116=LDAP Behera Password Policy Support
a116.help=Enables support for modern LDAP password policies
a116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
only the older Netscape VCHU password policy standard will be enforced.
a117=Trust All Server Certificates
a117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
a117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
certificates (such as invalid hostname).<br/><br/>\
<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
PasswdMinChars=New password contains fewer than minimum number of characters.
AcctInactive=Account is locked or not activated. Unlock or activate the account to continue.
InappAuth=Inappropriate Authentication.
#ExceedRetryLimit=Exceed password retry limit. Please try later.
ExceedRetryLimit=Authentication failed.
noUserMatchFound=User not found.
multipleUserMatchFound=Multiple matches found for this user. Contact your system administrator to fix the problem.
Nosecserver=No secondary server provided.
choiceObject=OBJECT
choiceOneLevel=ONELEVEL
choiceSubTree=SUBTREE
HostInvalid=Invalid host name.
HostUnknown=Unknown host {0}.
SchBaseInvalid=Invalid search base.
PwdInvalid=Invalid user password.
FConnect=Connection failed.
CredInvalid=Invalid credentials.
UsrNotExist=User does not exist :
FAuth=Authentication failed.
UNAttr=User naming attribute is null.
USchAttr=User search attribute must have at least one value.
days=days
hours=hrs
minutes=mns
seconds=sec
i18nTrue=Enabled
i18nFalse=Disabled