amAuthLDAP.properties revision d53bf94f0ac3f4b6f48d63b04efb5b610d3c30b0
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# The contents of this file are subject to the terms
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# of the Common Development and Distribution License
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# (the License). You may not use this file except in
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# compliance with the License.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# You can obtain a copy of the License at
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# https://opensso.dev.java.net/public/CDDLv1.0.html or
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# See the License for the specific language governing
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# permission and limitations under the License.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# When distributing Covered Code, include this CDDL
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# Header Notice in each file and include the License file
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# If applicable, add the following below the CDDL Header,
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# with the fields enclosed by brackets [] replaced by
cc2d77d5218c188119fa954c856e858cbde76947Pavel Březina# your own identifying information:
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# "Portions Copyrighted [year] [name of copyright owner]"
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $
79f128801d598ca57a6acebade01136525a47e00Pavel Reichl# Portions Copyrighted 2011 ForgeRock Inc
79f128801d598ca57a6acebade01136525a47e00Pavel Reichl# Portions Copyrighted 2012 Open Source Solution Technology Corporation
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozekauthentication=Authentication Modules
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozekiplanet-am-auth-ldap-service-description=LDAP
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekLDAPex=Unknown LDAP exception.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekUPerror=Both user ID and password are required.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekclasspathError=Class not found. Check the class path.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekInvalidUP=Invalid user ID and password. Try again.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekNoUser=User ID not found.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekNoServer=Server cannot be contacted.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekNaming=Naming error has occurred.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekPasswordExp=Password expires in: {0}
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekGraceLogins=Your password has expired and you have {0} grace logins remaining.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekTimeBeforeExpiration=Password expires in: {0}
225d845476b6136be9b77f528ed986bba7a7f732Simo SorcePasswordReset=Password must be reset.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekPasswdMismatch=The password and the confirm password do not match.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekPasswordInvalid=Your password does not comply with present password policy.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekNewPasswordInvalid=Your new password does not comply with present password policy.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekUPsame=Username and password must be different. Try again.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekinPwdQual=New password does not meet the password policy requirements.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekpwdInHist=New password has been used previously.
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinapwdToShort=New password is too short.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekpwdToYoung=Password has been changed recently, cannot change password.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorcePInvalid=The password you entered is invalid.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorcePasswdSame=The password must be different. Try again.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorcePasswdMinChars=Password does not meet minimum length or age requirements.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea101=Primary LDAP Server
b011330c77168cdd864aaae54a75214935136c05Pavel Reichla101.help=Use this list to set the primary LDAP server used for authentication.
b011330c77168cdd864aaae54a75214935136c05Pavel Reichla101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinaformat:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlThe local server name is the full name of the server from the list of servers and sites.
79f128801d598ca57a6acebade01136525a47e00Pavel Reichla102=Secondary LDAP Server
79f128801d598ca57a6acebade01136525a47e00Pavel Reichla102.help=Use this list to set the secondary (failover) LDAP server used for authentication.
79f128801d598ca57a6acebade01136525a47e00Pavel Reichla102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinaA single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinaMultiple entries allow associations between OpenAM servers and a LDAP server.\
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinaThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březina<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka103=DN to Start User Search
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashova103.help=The search for accounts to be authenticated start from this base DN
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashova103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceThe format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea104=Bind User DN
958037cf32ea156dfdde426a45ac1d972fe46618Pavel Reichla104.help=The DN of an admin user used by the module to authentication to the LDAP server
958037cf32ea156dfdde426a45ac1d972fe46618Pavel Reichla104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
958037cf32ea156dfdde426a45ac1d972fe46618Pavel Reichla105=Bind User Password
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea105.help=The password of the administration account.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea106=Attribute Used to Retrieve User Profile
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcefind the user account. The value will be the name of the user used for authentication.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea107=Attributes Used to Search for a User to be Authenticated
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka107.help=The attributes specified in this list form the LDAP search filter.
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashova107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcevalues such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea108=User Search Filter
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea108.help=This search filter will be appended to the standard user search filter.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce<code>(&(uid=<i>user</i>)(objectClass=person))</code>
b011330c77168cdd864aaae54a75214935136c05Pavel Reichla109=Search Scope
b011330c77168cdd864aaae54a75214935136c05Pavel Reichla109.help=The level in the Directory Server that will be searched for a matching user profile.
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinaa109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
79f128801d598ca57a6acebade01136525a47e00Pavel Reichl<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
79f128801d598ca57a6acebade01136525a47e00Pavel Reichl<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
79f128801d598ca57a6acebade01136525a47e00Pavel Reichl<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
79f128801d598ca57a6acebade01136525a47e00Pavel Reichla110=SSL/TLS Access to LDAP Server
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinaa110.help=Ensures the SSL/TLS will be used to establish connections to the LDAP server.
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinaa110.help.txt=If this property is enabled; all connections to the LDAP server will be over SSL/TLS. The SSL certificate on the LDAP server \
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinamust be valid or the certificate must be trusted and stored in the OpenAM local certificate file.<br/><br/>\
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březina<i>NB </i>Enabling <i>Trust All Server Certificates</i> will bypass the local certificate checking.
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinaa111=Return User DN to DataStore
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka111.help=Controls whether the DN or the username is returned as the authentication principal.
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov## Note level should have the highest
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov## number for i18N key since it should
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce## be the last attribute when viewed in
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorce## the adminconsole
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea500=Authentication Level
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea500.help=The authentication level associated with this module.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorceassociated with the module; 0 is the lowest (and the default).
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea113=LDAP Server Check Interval
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea113.help=The interval of the check used to detect failure in the LDAP server; in minutes.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka113.help.txt=This is the frequency that the LDAP module will check if the current LDAP server is available. If the server is not \
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozekavailable then the module will failover to the other server.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea114=User Creation Attributes
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
8e195a545d41647e591c1d06082133cbd25dc0a4Jakub Hrozeka114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
8e195a545d41647e591c1d06082133cbd25dc0a4Jakub Hrozekthe users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozek<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březinaa115=Minimum Password Length
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka115.help=Enforced when the user is resetting their password as part of the authentication.
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozeka115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorceserver password policy is enforcing password length, set this value to 0 to avoid confusion.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea116=LDAP Behera Password Policy Support
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea116.help=Enables support for modern LDAP password policies
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorceonly the older Netscape VCHU password policy standard will be enforced.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea117=Trust All Server Certificates
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcea117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
b011330c77168cdd864aaae54a75214935136c05Pavel Reichla117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
b011330c77168cdd864aaae54a75214935136c05Pavel Reichlcertificates (such as invalid hostname).<br/><br/>\
a0d010f488bf15fb3e170ce04092013fa494401fPavel Březina<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlPasswdMinChars=New password contains fewer than minimum number of characters.
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlAcctInactive=Account is locked or not activated. Unlock or activate the account to continue.
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlInappAuth=Inappropriate Authentication.
79f128801d598ca57a6acebade01136525a47e00Pavel Reichl#ExceedRetryLimit=Exceed password retry limit. Please try later.
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlExceedRetryLimit=Authentication failed.
79f128801d598ca57a6acebade01136525a47e00Pavel ReichlnoUserMatchFound=User not found.
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinamultipleUserMatchFound=Multiple matches found for this user. Contact your system administrator to fix the problem.
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinaNosecserver=No secondary server provided.
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinachoiceObject=OBJECT
a0d010f488bf15fb3e170ce04092013fa494401fPavel BřezinachoiceOneLevel=ONELEVEL
225d845476b6136be9b77f528ed986bba7a7f732Simo SorcechoiceSubTree=SUBTREE
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceHostInvalid=Invalid host name.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceHostUnknown=Unknown host {0}.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceSchBaseInvalid=Invalid search base.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorcePwdInvalid=Invalid user password.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceFConnect=Connection failed.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceCredInvalid=Invalid credentials.
225d845476b6136be9b77f528ed986bba7a7f732Simo SorceUsrNotExist=User does not exist :
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub HrozekFAuth=Authentication failed.
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai KondrashovUNAttr=User naming attribute is null.
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai KondrashovUSchAttr=User search attribute must have at least one value.
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcei18nTrue=Enabled
225d845476b6136be9b77f528ed986bba7a7f732Simo Sorcei18nFalse=Disabled