eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# The contents of this file are subject to the terms
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# of the Common Development and Distribution License
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# (the License). You may not use this file except in
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# compliance with the License.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# You can obtain a copy of the License at
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# https://opensso.dev.java.net/public/CDDLv1.0.html or
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# See the License for the specific language governing
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# permission and limitations under the License.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# When distributing Covered Code, include this CDDL
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# Header Notice in each file and include the License file
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# If applicable, add the following below the CDDL Header,
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# with the fields enclosed by brackets [] replaced by
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# your own identifying information:
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# "Portions Copyrighted [year] [name of copyright owner]"
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici# $Id: amAuthAD.properties,v 1.5 2009/12/11 01:43:23 goodearth Exp $
b0465323d102d12fdad78489cccc5e6a379db9e0Kamal Sivanandam# Portions Copyrighted 2011-2016 ForgeRock AS.
472fc80404c5545ee7bdc88554b8580758ccccdaKohei Tamura# Portions Copyrighted 2012 Open Source Solution Technology Corporation
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Briciauthentication=Authentication Modules
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciLDAPex=Unknown LDAP exception.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciUPerror=Both user ID and password required.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciclasspathError=Class not found. Check class path.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciInvalidUP=Invalid user ID and password. Try again.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciNoUser=User ID not found.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciNoServer=Server cannot be contacted.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciNaming=Naming error has occurred.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BricisunAMAuthADServiceDescription=Active Directory
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPasswordExp=Password Expires In: {0}
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorGraceLogins=Your password has expired and you have {0} grace logins remaining.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorTimeBeforeExpiration=Password expires in: {0}
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPasswordReset=Reset the password.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPasswdMismatch=The password and the confirm password do not match.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorPasswordInvalid=Your password does not comply with present password policy.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorNewPasswordInvalid=Your new password does not comply with present password policy.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciUPsame=Username and password must be different. Try again.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorinPwdQual=New password does not meet the password policy requirements.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorpwdInHist=New password has been used previously.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorpwdToShort=New password is too short.
f35fa6b495e6ea8bfb6b752ecc172d75187e7b48Peter MajorpwdToYoung=Password has been changed recently, cannot change password.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPInvalid=The password you have entered is invalid.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPasswdSame=The password must be different. Try again.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPasswdMinChars=Password contains fewer than minimum number of characters.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia101=Primary Active Directory Server
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia101.help=Use this list to set the primary Active Directory server used for authentication.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia101.help.txt=The Active Directory authentication module will use this list as the primary server for authentication. A single entry must \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricibe in the format:<br/><br/><code>server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and an \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciActive Directory server. \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciThe local server name is the full name of the server from the list of servers and sites.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia102=Secondary Active Directory Server
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia102.help=Use this list to set the secondary (failover) Active Directory server used for authentication.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia102.help.txt=If the primary Active Directory server fails, the Active Directory authentication module will failover to the secondary \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Briciserver. A single entry must be in the format:<br/><br/><code>server:port</code><br/><br/>\
472fc80404c5545ee7bdc88554b8580758ccccdaKohei TamuraMultiple entries allow associations between OpenAM servers and an Active Directory server. \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia103=DN to Start User Search
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia103.help=The search for accounts to be authenticated start from this base DN
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciThe format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia104=Bind User DN
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia104.help=The DN of an admin user used by the module to authentication to the LDAP server
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia105=Bind User Password
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia105.help=The password of the administration account.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia106=Attribute Used to Retrieve User Profile
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricifind the user account. The value will be the name of the user used for authentication.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia107=Attributes Used to Search for a User to be Authenticated
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia107.help=The attributes specified in this list form the LDAP search filter.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricivalues such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia108=User Search Filter
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia108.help=This search filter will be appended to the standard user search filter.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<code>(&(uid=<i>user</i>)(objectClass=person))</code>
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia109=Search Scope
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia109.help=The level in the Directory Server that will be searched for a matching user profile.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
0e93e49a78b66390d2ff541eea6307b4c3fb33b4Peter Majora110=LDAP Connection Mode
0e93e49a78b66390d2ff541eea6307b4c3fb33b4Peter Majora110.help=Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.
0e93e49a78b66390d2ff541eea6307b4c3fb33b4Peter Majora110.help.txt=If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> \
0e93e49a78b66390d2ff541eea6307b4c3fb33b4Peter MajorIf 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> \
0e93e49a78b66390d2ff541eea6307b4c3fb33b4Peter MajorIf 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.
b0465323d102d12fdad78489cccc5e6a379db9e0Kamal Sivanandama11021=LDAPS Server Protocol Version
b0465323d102d12fdad78489cccc5e6a379db9e0Kamal Sivanandama11021.help=Defines which protocol version is used to establish the secure connection to the LDAP Directory Server.
b0465323d102d12fdad78489cccc5e6a379db9e0Kamal Sivanandama110212=TLSv1.1
b0465323d102d12fdad78489cccc5e6a379db9e0Kamal Sivanandama110213=TLSv1.2
0e93e49a78b66390d2ff541eea6307b4c3fb33b4Peter Majora1103=StartTLS
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia111=Return User DN to DataStore
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia111.help=Controls whether the DN or the username is returned as the authentication principal.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia114=User Creation Attributes
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricithe users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayra117=Trust All Server Certificates
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayra117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayra117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayrcertificates (such as invalid hostname).<br/><br/>\
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayr<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majora118=LDAP Connection Heartbeat Interval
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majora118.help=Specifies how often should OpenAM send a heartbeat request to the directory.
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majora118.help.txt=Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat \
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majorrequests will ensure that the connections won't become idle. Use along with the Heartbeat Time Unit parameter to \
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majordefine the correct interval. Zero or negative value will result in disabling heartbeat requests.
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majora119=LDAP Connection Heartbeat Time Unit
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majora119.help=Defines the time unit corresponding to the Heartbeat Interval setting.
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majora119.help.txt=Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat \
7b231e67dc8acb6995cce9bcdbc71f40a4f37dd9Peter Majorrequests will ensure that the connections won't become idle.
4dc602d4e4ad1f57d4c9e3fdd7da27ad84aad32cPeter Majora120=LDAP operations timeout
4dc602d4e4ad1f57d4c9e3fdd7da27ad84aad32cPeter Majora120.help=Defines the timeout in seconds OpenAM should wait for a response of the Directory Server - <code>0</code> means no timeout.
4dc602d4e4ad1f57d4c9e3fdd7da27ad84aad32cPeter Majora120.help.txt=If the Directory Server's host is down completely or the TCP connection became stale OpenAM waits until operation \
4dc602d4e4ad1f57d4c9e3fdd7da27ad84aad32cPeter Majortimeouts from the OS or the JVM are applied. However this setting allows more granular control within OpenAM itself. \
4dc602d4e4ad1f57d4c9e3fdd7da27ad84aad32cPeter MajorA value of <code>0</code> means NO timeout is applied on OpenAM level and the timeouts from the JVM or OS will apply.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciAcctInactive=Account in-activated or locked. Unlock or activate the account.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici## Note level should have the highest
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici## number for i18N key since it should
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici## be the last attribute when viewed in
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Brici## the adminconsole
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia500=Authentication Level
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia500.help=The authentication level associated with this module.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Bricia500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin Briciassociated with the module; 0 is the lowest (and the default).
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciInappAuth=Inappropriate Authentication
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BricinoUserMatchFound=User not found.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BricimultipleUserMatchFound=Multiple matches found for the user. Contact your system administrator to fix the problem.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciNosecserver=No secondary server provided.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BricichoiceObject=OBJECT
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BricichoiceOneLevel=ONELEVEL
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BricichoiceSubTree=SUBTREE
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciHostInvalid=Invalid host name.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciHostUnknown=Unknown host {0}
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciSchBaseInvalid=Invalid search base.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciPwdInvalid=Invalid user password.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciFConnect=Connection failed.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciCredInvalid=Invalid credentials.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciUsrNotExist=User does not exist.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciFAuth=Authentication failed.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciUNAttr=User naming attribute is null.
eff90ff0c76aeda1c8a5f091602c67f929ee29a2Alin BriciUSchAttr=User search attributes must have at least one value.
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayri18nTrue=Enabled
972cf11d75985240ffcd151efe0f0fa055263591Bernhard Thalmayri18nFalse=Disabled