amAuthLDAP.properties revision a27fbb5985dbc288dc656c25d22a4d1e5d4a7a92
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt# The contents of this file are subject to the terms
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt# of the Common Development and Distribution License
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt# (the License). You may not use this file except in
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt# compliance with the License.
# $Id: amAuthLDAP.properties,v 1.8 2010/01/25 22:09:15 qcheng Exp $
a101.help=Use this list to set the primary LDAP server used for authentication.
a101.help.txt=The LDAP authentication module will use this list as the primary server for authentication. A single entry must be in the \
format:<br/><br/><code>ldap_server:port</code><br/><br/>Multiple entries allow associations between OpenAM servers and a LDAP server. \
a102.help=Use this list to set the secondary (failover) LDAP server used for authentication.
a102.help.txt=If the primary LDAP server fails, the LDAP authentication module will failover to the secondary server. \
a103.help=The search for accounts to be authenticated start from this base DN
a103.help.txt=For a single server just enter the Base DN to be searched. Multiple OpenAM servers can have different base DNs for the search \
a104.help=The DN of an admin user used by the module to authentication to the LDAP server
a104.help.txt=The LDAP module requires an administration account in order to perform functionality such as password reset.<br/><br/>\
a104.help.uri=#tbd
a105.help=The password of the administration account.
a106.help=The LDAP module will use this attribute to search of the profile of an authenticated user.
a106.help.txt=This is the attribute used to find the profile of the authenticated user. Normally this will be the same attribute used to \
a107.help=The attributes specified in this list form the LDAP search filter.
a107.help.txt=The default value of uid will form the following search filter of <code>uid=<i>user</i></code>, if there are multiple \
values such as uid and cn, the module will create a search filter as follows <code>(|(uid=<i>user</i>)(cn=<i>user</i>))</code>
a108.help=This search filter will be appended to the standard user search filter.
a108.help.txt=This attribute can be used to append a custom search filter to the standard filter. For example: \
a109.help=The level in the Directory Server that will be searched for a matching user profile.
a109.help.txt=This attribute controls how the directory is searched.<br/><br/>\
a110=SSL/TLS Access to LDAP Server
a110.help.txt=If this property is enabled; all connections to the LDAP server will be over SSL/TLS. The SSL certificate on the LDAP server \
must be valid or the certificate must be trusted and stored in the OpenAM local certificate file.<br/><br/>\
a111.help=Controls whether the DN or the username is returned as the authentication principal.
a500.help=The authentication level associated with this module.
a500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
a114.help=Controls the mapping of local attribute to external attribute for dynamic profile creation.
a114.help.txt=If dynamic profile creation is enabled; this feature allows for a mapping between the attribute/values retrieved from \
the users authenticated profile and the attribute/values that will be provisioned into their matching account in the data store.\
a115.help=Enforced when the user is resetting their password as part of the authentication.
a115.help.txt=If the user needs to reset their password as part of the authentication process, the authentication module can enforce \
a minimum password length. This is separate from any password length controls from the underlying LDAP server. If the external LDAP \
a116.help=Enables support for modern LDAP password policies
a116.help.txt=LDAP Behera Password policies are supported by modern LDAP servers such as OpenDJ. If this functionality is disabled then \
a117.help=Enables a <code>X509TrustManager</code> that trusts all certificates.
a117.help.txt=This feature will allow the LDAP authentication module to connect to LDAP servers protected by self signed or invalid \
a118.help=Specifies how often should OpenAM send a heartbeat request to the directory.
a118.help.txt=This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured \
directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval \
period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. \
a119.help=Defines the time unit corresponding to the Heartbeat Interval setting.
a119.help.txt=This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the \
configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the \
interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact \