amAuthAD.properties revision 4dc602d4e4ad1f57d4c9e3fdd7da27ad84aad32c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
#
# $Id: amAuthAD.properties,v 1.5 2009/12/11 01:43:23 goodearth Exp $
#
#
# Portions Copyrighted 2011-2013 ForgeRock AS
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
authentication=Authentication Modules
LDAPex=Unknown LDAP exception.
UPerror=Both user ID and password required.
classpathError=Class not found. Check class path.
InvalidUP=Invalid user ID and password. Try again.
NoUser=User ID not found.
NoServer=Server cannot be contacted.
Naming=Naming error has occurred.
sunAMAuthADServiceDescription=Active Directory
PasswordExp=Password Expires In: {0}
GraceLogins=Your password has expired and you have {0} grace logins remaining.
TimeBeforeExpiration=Password expires in: {0}
PasswordReset=Reset the password.
PasswdMismatch=The password and the confirm password do not match.
PasswordInvalid=Your password does not comply with present password policy.
NewPasswordInvalid=Your new password does not comply with present password policy.
UPsame=Username and password must be different. Try again.
inPwdQual=New password does not meet the password policy requirements.
pwdInHist=New password has been used previously.
pwdToShort=New password is too short.
pwdToYoung=Password has been changed recently, cannot change password.
PInvalid=The password you have entered is invalid.
PasswdSame=The password must be different. Try again.
PasswdMinChars=Password contains fewer than minimum number of characters.
a101=Primary Active Directory Server
a101.help=Use this list to set the primary Active Directory server used for authentication.
a101.help.txt=The Active Directory authentication module will use this list as the primary server for authentication. A single entry must \
be in the format:<br/><br/><code>server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and an \
Active Directory server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
The local server name is the full name of the server from the list of servers and sites.
a102=Secondary Active Directory Server
a102.help=Use this list to set the secondary (failover) Active Directory server used for authentication.
a102.help.txt=If the primary Active Directory server fails, the Active Directory authentication module will failover to the secondary \
server. A single entry must be in the format:<br/><br/><code>server:port</code><br/><br/>\
Multiple entries allow associations between OpenAM servers and an Active Directory server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a103=DN to Start User Search
a103.help=The search for accounts to be authenticated start from this base DN
a103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
The format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a104=Bind User DN
a104.help=The DN of an admin user used by the module to authentication to the LDAP server
a104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
a104.help.uri=#tbd
a105=Bind User Password
a105.help=The password of the administration account.
a106=Attribute Used to Retrieve User Profile
a106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
a106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
find the user account. The value will be the name of the user used for authentication.
a107=Attributes Used to Search for a User to be Authenticated
a107.help=The attributes specified in this list form the LDAP search filter.
a107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
values such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
a108=User Search Filter
a108.help=This search filter will be appended to the standard user search filter.
a108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
<code>(&(uid=<i>user</i>)(objectClass=person))</code>
a109=Search Scope
a109.help=The level in the Directory Server that will be searched for a matching user profile.
a109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
a110=SSL/TLS Access to Active Directory Server
a110.help.txt=If this property is enabled; all connections to the Active Directory server will be over SSL/TLS. The SSL certificate on \
the Active Directory server must be valid or the certificate must be trusted and stored in the OpenAM local certificate file.
a111=Return User DN to DataStore
a111.help=Controls whether the DN or the username is returned as the authentication principal.
a114=User Creation Attributes
a114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
a114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
a118=LDAP Connection Heartbeat Interval
a118.help=Specifies how often should OpenAM send a heartbeat request to the directory.
a118.help.txt=Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat \
requests will ensure that the connections won't become idle. Use along with the Heartbeat Time Unit parameter to \
define the correct interval. Zero or negative value will result in disabling heartbeat requests.
a119=LDAP Connection Heartbeat Time Unit
a119.help=Defines the time unit corresponding to the Heartbeat Interval setting.
a119.help.txt=Use this option in case a firewall/loadbalancer can close idle connections, since the heartbeat \
requests will ensure that the connections won't become idle.
a1191=second
a1192=minute
a1193=hour
a120=LDAP operations timeout
a120.help=Defines the timeout in seconds OpenAM should wait for a response of the Directory Server - <code>0</code> means no timeout.
a120.help.txt=If the Directory Server's host is down completely or the TCP connection became stale OpenAM waits until operation \
timeouts from the OS or the JVM are applied. However this setting allows more granular control within OpenAM itself. \
A value of <code>0</code> means NO timeout is applied on OpenAM level and the timeouts from the JVM or OS will apply.
AcctInactive=Account in-activated or locked. Unlock or activate the account.
## Note level should have the highest
## number for i18N key since it should
## be the last attribute when viewed in
## the adminconsole
a500=Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
InappAuth=Inappropriate Authentication
noUserMatchFound=User not found.
multipleUserMatchFound=Multiple matches found for the user. Contact your system administrator to fix the problem.
Nosecserver=No secondary server provided.
choiceObject=OBJECT
choiceOneLevel=ONELEVEL
choiceSubTree=SUBTREE
HostInvalid=Invalid host name.
HostUnknown=Unknown host {0}
SchBaseInvalid=Invalid search base.
PwdInvalid=Invalid user password.
FConnect=Connection failed.
CredInvalid=Invalid credentials.
UsrNotExist=User does not exist.
FAuth=Authentication failed.
UNAttr=User naming attribute is null.
USchAttr=User search attributes must have at least one value.
days=days
hours=hrs
minutes=mns
seconds=sec