amAuthLDAP.properties revision 143ce8159ee015167d050d20d91b0e0dc956d347
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# The contents of this file are subject to the terms
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# of the Common Development and Distribution License
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# (the License). You may not use this file except in
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# compliance with the License.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# You can obtain a copy of the License at
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# https://opensso.dev.java.net/public/CDDLv1.0.html or
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# See the License for the specific language governing
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# permission and limitations under the License.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# When distributing Covered Code, include this CDDL
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# Header Notice in each file and include the License file
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# If applicable, add the following below the CDDL Header,
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# with the fields enclosed by brackets [] replaced by
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# your own identifying information:
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# "Portions Copyrighted [year] [name of copyright owner]"
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# Portions Copyrighted 2011-2013 ForgeRock Inc
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani# Portions Copyrighted 2012 Open Source Solution Technology Corporation
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniauthentication=Authentication Modules
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniiplanet-am-auth-ldap-service-description=LDAP
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniUPerror=Both user ID and password are required.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniclasspathError=Class not found. Check the class path.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniNoServer=Server cannot be contacted.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniNaming=Naming error has occurred.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPasswordExp=Password expires in: {0}
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniGraceLogins=Your password has expired and you have {0} grace logins remaining.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniTimeBeforeExpiration=Password expires in: {0}
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPasswordReset=Password must be reset.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPasswdMismatch=The password and the confirm password do not match.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPasswordInvalid=Your password does not comply with present password policy.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniNewPasswordInvalid=Your new password does not comply with present password policy.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniUPsame=Username and password must be different. Try again.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniinPwdQual=New password does not meet the password policy requirements.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanipwdInHist=New password has been used previously.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanipwdToShort=New password is too short.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanipwdToYoung=Password has been changed recently, cannot change password.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPInvalid=The password you entered is invalid.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPasswdSame=The password must be different. Try again.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania101=Primary LDAP Server
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania101.help=Use this list to set the primary LDAP server used for authentication.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniformat:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniThe local server name is the full name of the server from the list of servers and sites.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania102=Secondary LDAP Server
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania102.help=Use this list to set the secondary (failover) LDAP server used for authentication.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniA single entry must be in the format:<br/><br/><code>ldap_server:port</code><br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniMultiple entries allow associations between OpenAM servers and a LDAP server. \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniThe format is:<br/><br/><code>local server name | server:port</code><br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania103=DN to Start User Search
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania103.help=The search for accounts to be authenticated start from this base DN
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniThe format is as follows:<br/><br/><code>local server name | search DN</code><br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<i>NB </i>The local server name is the full name of the server from the list of servers and sites.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania104=Bind User DN
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania104.help=The DN of an admin user used by the module to authentication to the LDAP server
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<i>NB </i><code>cn=Directory Manager</code> should not be used in production systems.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania105=Bind User Password
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania105.help=The password of the administration account.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania106=Attribute Used to Retrieve User Profile
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanifind the user account. The value will be the name of the user used for authentication.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania107=Attributes Used to Search for a User to be Authenticated
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania107.help=The attributes specified in this list form the LDAP search filter.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanivalues such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania108=User Search Filter
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania108.help=This search filter will be appended to the standard user search filter.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<code>(objectClass=person)</code>would result in the following user search filter:<br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<code>(&(uid=<i>user</i>)(objectClass=person))</code>
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania109=Search Scope
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania109.help=The level in the Directory Server that will be searched for a matching user profile.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<ul><li><code>OBJECT</code>: Only the Base DN is searched.</li>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<li><code>ONELEVEL</code>: Only the single level below (and not the Base DN) is searched</li>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<li><code>SUBTREE</code>: The Base DN and all levels below are searched</li></ul>
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania110=SSL/TLS Access to LDAP Server
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania110.help=Ensures the SSL/TLS will be used to establish connections to the LDAP server.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania110.help.txt=If this property is enabled; all connections to the LDAP server will be over SSL/TLS. The SSL certificate on the LDAP server \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanimust be valid or the certificate must be trusted and stored in the OpenAM local certificate file.<br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<i>NB </i>Enabling <i>Trust All Server Certificates</i> will bypass the local certificate checking.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania111=Return User DN to DataStore
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania111.help=Controls whether the DN or the username is returned as the authentication principal.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani## Note level should have the highest
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani## number for i18N key since it should
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani## be the last attribute when viewed in
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani## the adminconsole
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania500=Authentication Level
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania500.help=The authentication level associated with this module.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniassociated with the module; 0 is the lowest (and the default).
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania114=User Creation Attributes
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanithe users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<br/><br/>The format of this property is: <br/><br/><code> local attr1|external attr1</code>
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania115=Minimum Password Length
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania115.help=Enforced when the user is resetting their password as part of the authentication.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniserver password policy is enforcing password length, set this value to 0 to avoid confusion.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania116=LDAP Behera Password Policy Support
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania116.help=Enables support for modern LDAP password policies
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanionly the older Netscape VCHU password policy standard will be enforced.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania117=Trust All Server Certificates
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanicertificates (such as invalid hostname).<br/><br/>\
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani<i>NB </i>Use this feature with care as it bypasses the normal certificate verification process
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania118=LDAP Connection Heartbeat Interval
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania118.help=Specifies how often should OpenAM send a heartbeat request to the directory.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania118.help.txt=This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanidirectory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniperiod before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniZero or negative value will result in disabling heartbeat requests.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania119=LDAP Connection Heartbeat Time Unit
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania119.help=Defines the time unit corresponding to the Heartbeat Interval setting.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania119.help.txt=This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniconfigured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahaniinterval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania120=LDAP operations timeout
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania120.help=Defines the timeout in seconds OpenAM should wait for a response of the Directory Server - <code>0</code> means no timeout.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahania120.help.txt=If the Directory Server's host is down completely or the TCP connection became stale OpenAM waits until operation \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanitimeouts from the OS or the JVM are applied. However this setting allows more granular control within OpenAM itself. \
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniA value of <code>0</code> means NO timeout is applied on OpenAM level and the timeouts from the JVM or OS will apply.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPasswdMinChars=New password contains fewer than minimum number of characters.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniAcctInactive=Account is locked or not activated. Unlock or activate the account to continue.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahani#ExceedRetryLimit=Exceed password retry limit. Please try later.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniExceedRetryLimit=Authentication failed.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaninoUserMatchFound=User not found.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanimultipleUserMatchFound=Multiple matches found for this user. Contact your system administrator to fix the problem.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniNosecserver=No secondary server provided.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanichoiceObject=OBJECT
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanichoiceOneLevel=ONELEVEL
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahanichoiceSubTree=SUBTREE
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniHostInvalid=Invalid host name.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniHostUnknown=Unknown host {0}.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniSchBaseInvalid=Invalid search base.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniPwdInvalid=Invalid user password.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniFConnect=Connection failed.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniCredInvalid=Invalid credentials.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniUsrNotExist=User does not exist :
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniUNAttr=User naming attribute is null.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant SahaniUSchAttr=User search attribute must have at least one value.
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanii18nTrue=Enabled
ad1ad5c8e36ea795034fcdac660b15d7c141d55bSusant Sahanii18nFalse=Disabled