#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# https://opensso.dev.java.net/public/CDDLv1.0.html or
# opensso/legal/CDDLv1.0.txt
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# at opensso/legal/CDDLv1.0.txt.
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions Copyrighted [year] [name of copyright owner]"
#
# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $
#
# Portions Copyrighted 2011-2016 ForgeRock AS.
# Portions Copyrighted 2012 Open Source Solution Technology Corporation
onlinehelp.doc=ldapauth.html
authentication=Authentication Modules
iplanet-am-auth-ldap-service-description=LDAP
UPerror=Both user ID and password are required.
classpathError=Class not found. Check the class path.
NoServer=Server cannot be contacted.
Naming=Naming error has occurred.
PasswordExp=Password expires in: {0}
GraceLogins=Your password has expired and you have {0} grace logins remaining.
TimeBeforeExpiration=Password expires in: {0}
PasswordReset=Password must be reset.
PasswdMismatch=The password and the confirm password do not match.
PasswordInvalid=Your password does not comply with present password policy.
NewPasswordInvalid=Your new password does not comply with present password policy.
UPsame=Username and password must be different. Try again.
inPwdQual=New password does not meet the password policy requirements.
pwdInHist=New password has been used previously.
pwdToShort=New password is too short.
pwdToYoung=Password has been changed recently, cannot change password.
PInvalid=The password you entered is invalid.
PasswdSame=The password must be different. Try again.
a101=Primary LDAP Server
a101.help=Use this list to set the primary LDAP server used for authentication.
a101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
format:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
The local server name is the full name of the server from the list of servers and sites.
a102=Secondary LDAP Server
a102.help=Use this list to set the secondary (failover) LDAP server used for authentication.
a102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
A single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\
Multiple entries allow associations between OpenAM servers and a LDAP server. \
The format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a103=DN to Start User Search
a103.help=The search for accounts to be authenticated start from this base DN
a103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
The format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
a104=Bind User DN
a104.help=The DN of an admin user used by the module to authentication to the LDAP server
a104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
a104.help.uri=#tbd
a105=Bind User Password
a105.help=The password of the administration account.
a106=Attribute Used to Retrieve User Profile
a106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
a106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
find the user account. The value will be the name of the user used for authentication.
a107=Attributes Used to Search for a User to be Authenticated
a107.help=The attributes specified in this list form the LDAP search filter.
a107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
values such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
a108=User Search Filter
a108.help=This search filter will be appended to the standard user search filter.
a108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
<code>(&(uid=<i>user</i>)(objectClass=person))</code>
a109=Search Scope
a109.help=The level in the Directory Server that will be searched for a matching user profile.
a109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
a110=LDAP Connection Mode
a110.help=Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.
a110.help.txt=If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> \
If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> \
If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.
a1101=LDAP
a1102=LDAPS
a11021=LDAPS Server Protocol Version
a11021.help=Defines which protocol version is used to establish the secure connection to the LDAP Directory Server.
a110211=TLSv1
a110212=TLSv1.1
a110213=TLSv1.2
a1103=StartTLS
a111=Return User DN to DataStore
a111.help=Controls whether the DN or the username is returned as the authentication principal.
## Note level should have the highest
## number for i18N key since it should
## be the last attribute when viewed in
## the adminconsole
a500=Authentication Level
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
associated with the module; 0 is the lowest (and the default).
a114=User Creation Attributes
a114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
a114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
a115=Minimum Password Length
a115.help=Enforced when the user is resetting their password as part of the authentication.
a115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \
a minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
server password policy is enforcing password length, set this value to 0 to avoid confusion.
a116=LDAP Behera Password Policy Support
a116.help=Enables support for modern LDAP password policies
a116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
only the older Netscape VCHU password policy standard will be enforced.
a117=Trust All Server Certificates
a117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
a117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
certificates (such as invalid hostname).<br/><br/>\
<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
a118=LDAP Connection Heartbeat Interval
a118.help=Specifies how often should OpenAM send a heartbeat request to the directory.
a118.help.txt=This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured \
directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval \
period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. \
Zero or negative value will result in disabling heartbeat requests.
a119=LDAP Connection Heartbeat Time Unit
a119.help=Defines the time unit corresponding to the Heartbeat Interval setting.
a119.help.txt=This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the \
configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the \
interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact \
interval.
a1191=second
a1192=minute
a1193=hour
a120=LDAP operations timeout
a120.help=Defines the timeout in seconds OpenAM should wait for a response of the Directory Server - <code>0</code> means no timeout.
a120.help.txt=If the Directory Server's host is down completely or the TCP connection became stale OpenAM waits until operation \
timeouts from the OS or the JVM are applied. However this setting allows more granular control within OpenAM itself. \
A value of <code>0</code> means NO timeout is applied on OpenAM level and the timeouts from the JVM or OS will apply.
PasswdMinChars=New password contains fewer than minimum number of characters.
AcctInactive=Account is locked or not activated. Unlock or activate the account to continue.
#ExceedRetryLimit=Exceed password retry limit. Please try later.
ExceedRetryLimit=Authentication failed.
noUserMatchFound=User not found.
multipleUserMatchFound=Multiple matches found for this user. Contact your system administrator to fix the problem.
Nosecserver=No secondary server provided.
choiceObject=OBJECT
choiceOneLevel=ONELEVEL
choiceSubTree=SUBTREE
HostInvalid=Invalid host name.
HostUnknown=Unknown host {0}.
SchBaseInvalid=Invalid search base.
PwdInvalid=Invalid user password.
FConnect=Connection failed.
CredInvalid=Invalid credentials.
UsrNotExist=User does not exist :
UNAttr=User naming attribute is null.
USchAttr=User search attribute must have at least one value.
days=days
hours=hrs
minutes=mns
seconds=sec
i18nTrue=Enabled
i18nFalse=Disabled