# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at legal-notices/CDDLv1_0.txt.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information:
# Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2006-2008 Sun Microsystems, Inc.
# Portions Copyright 2012-2014 ForgeRock AS
#
# Global directives
#
#global.category=ACCESS_CONTROL
#
# Format string definitions
#
# Keys must be formatted as follows:
#
# [SEVERITY]_[DESCRIPTION]_[ORDINAL]
#
# where:
#
# SEVERITY is one of:
# [INFO, WARN, ERR, DEBUG, NOTICE]
#
# DESCRIPTION is an upper case string providing a hint as to the context of
# the message in upper case with the underscore ('_') character serving as
# word separator
#
# ORDINAL is an integer unique among other ordinals in this file
#
WARN_ACI_SYNTAX_GENERAL_PARSE_FAILED_1=The provided string "%s" could \
not be parsed as a valid Access Control Instruction (ACI) because it failed \
general ACI syntax evaluation
WARN_ACI_SYNTAX_INVAILD_VERSION_2=The provided Access Control \
Instruction (ACI) version value "%s" is invalid, only the version 3.0 is \
supported
WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION_3=The provided Access \
Control Instruction access type value "%s" is invalid. A valid access type \
value is either allow or deny
WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX_4=The provided Access Control \
Instruction (ACI) rights values "%s" are invalid. The rights must be a list \
of 1 to 6 comma-separated keywords enclosed in parentheses
WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD_5=The provided Access Control \
Instruction (ACI) rights keyword values "%s" are invalid. The valid rights \
keyword values are one or more of the following: read, write, add, delete, \
search, compare or the single value all
WARN_ACI_SYNTAX_BIND_RULE_MISSING_CLOSE_PAREN_6=The provided Access \
Control Instruction (ACI) bind rule value "%s" is invalid because it is \
missing a close parenthesis that corresponded to the initial open parenthesis
WARN_ACI_SYNTAX_INVALID_BIND_RULE_SYNTAX_7=The provided Access Control \
Instruction (ACI) bind rule value "%s" is invalid. A valid bind rule value \
must be in the following form: keyword operator "expression"
WARN_ACI_SYNTAX_INVALID_BIND_RULE_KEYWORD_8=The provided Access \
Control Instruction (ACI) bind rule keyword value "%s" is invalid. A valid \
keyword value is one of the following: userdn, groupdn, roledn, userattr,ip, \
dns, dayofweek, timeofday or authmethod
WARN_ACI_SYNTAX_INVALID_BIND_RULE_OPERATOR_9=The provided Access \
Control Instruction (ACI) bind rule operator value "%s" is invalid. A valid \
bind rule operator value is either '=' or "!="
WARN_ACI_SYNTAX_MISSING_BIND_RULE_EXPRESSION_10=The provided Access \
Control Instruction (ACI) bind rule expression value corresponding to the \
keyword value "%s" is missing an expression. A valid bind rule value must be \
in the following form: keyword operator "expression"
WARN_ACI_SYNTAX_INVALID_BIND_RULE_BOOLEAN_OPERATOR_11=The provided \
Access Control Instruction (ACI) bind rule boolean operator value "%s" is \
invalid. A valid bind rule boolean operator value is either "OR" or "AND"
WARN_ACI_SYNTAX_INVALID_BIND_RULE_KEYWORD_OPERATOR_COMBO_12=The \
provided Access Control Instruction (ACI) bind rule keyword string "%s" is \
invalid for the bind rule operator string "%s"
WARN_ACI_SYNTAX_INVALID_USERDN_URL_13=The provided Access Control \
Instruction (ACI) bind rule userdn expression failed to URL decode for the \
following reason: %s
WARN_ACI_SYNTAX_INVALID_GROUPDN_EXPRESSION_16=The provided Access \
Control Instruction (ACI) bind rule groupdn expression value "%s" is invalid. \
A valid groupdn keyword expression value requires one or more LDAP URLs in \
the following format: ldap:///groupdn [|| ldap:///groupdn] ... [|| \
ldap:///groupdn]
WARN_ACI_SYNTAX_INVALID_GROUPDN_URL_17=The provided Access Control \
Instruction (ACI) bind rule groupdn expression value failed to URL decode for \
the following reason: %s
WARN_ACI_SYNTAX_INVALID_IP_EXPRESSION_21=The provided Access Control \
Instruction (ACI) bind rule ip expression value "%s" is invalid. A valid ip \
keyword expression requires one or more comma-separated elements of a valid \
IP address list expression
WARN_ACI_SYNTAX_INVALID_DNS_EXPRESSION_22=The provided Access Control \
Instruction (ACI) bind rule dns expression value "%s" is invalid. A valid dns \
keyword expression value requires a valid fully qualified DNS domain name
WARN_ACI_SYNTAX_INVALID_DNS_WILDCARD_23=The provided Access Control \
Instruction (ACI) bind rule dns expression value "%s" is invalid, because a \
wild-card pattern was found in the wrong position. A valid dns keyword \
wild-card expression value requires the '*' character only be in the leftmost \
position of the domain name
WARN_ACI_SYNTAX_INVALID_DAYOFWEEK_24=The provided Access Control \
Instruction (ACI) bind rule dayofweek expression value "%s" is invalid, \
because of an invalid day of week value. A valid dayofweek value is one of \
the following English three-letter abbreviations for the days of the week: \
sun, mon, tue, wed, thu, fri, or sat
WARN_ACI_SYNTAX_INVALID_TIMEOFDAY_25=The provided Access Control \
Instruction (ACI) bind rule timeofday expression value "%s" is invalid. A \
valid timeofday value is expressed as four digits representing hours and \
minutes in the 24-hour clock (0 to 2359)
WARN_ACI_SYNTAX_INVALID_TIMEOFDAY_RANGE_26=The provided Access Control \
Instruction (ACI) bind rule timeofday expression value "%s" is not in the \
valid range. A valid timeofday value is expressed as four digits representing \
hours and minutes in the 24-hour clock (0 to 2359)
WARN_ACI_SYNTAX_INVALID_AUTHMETHOD_EXPRESSION_27=The provided Access \
Control Instruction (ACI) bind rule authmethod expression value "%s" is \
invalid. A valid authmethod value is one of the following: none, simple,SSL, \
or "sasl mechanism", where mechanism is one of the supported SASL mechanisms \
including CRAM-MD5, DIGEST-MD5, and GSSAPI
WARN_ACI_SYNTAX_INVALID_USERATTR_EXPRESSION_28=The provided Access \
Control Instruction (ACI) bind rule userattr expression value "%s" is invalid
WARN_ACI_SYNTAX_INVALID_USERATTR_KEYWORD_29=The provided Access \
Control Instruction (ACI) bind rule userattr expression value "%s" is not \
supported
WARN_ACI_SYNTAX_INVALID_USERATTR_INHERITANCE_PATTERN_30=The provided \
Access Control Instruction (ACI) bind rule userattr expression inheritance \
pattern value "%s" is invalid. A valid inheritance pattern value must have the \
following format: parent[inheritance_level].attribute#bindType
WARN_ACI_SYNTAX_MAX_USERATTR_INHERITANCE_LEVEL_EXCEEDED_31=The \
provided Access Control Instruction (ACI) bind rule userattr expression \
inheritance pattern value "%s" is invalid. The inheritance level value cannot \
exceed the max level limit of %s
WARN_ACI_SYNTAX_INVALID_INHERITANCE_VALUE_32=The provided Access \
Control Instruction (ACI) bind rule userattr expression inheritance pattern \
value "%s" is invalid because it is non-numeric
WARN_ACI_SYNTAX_INVALID_TARGET_SYNTAX_33=The provided Access Control \
Instruction (ACI) target rule value "%s" is invalid. A valid target rule value \
must be in the following form: keyword operator "expression"
WARN_ACI_SYNTAX_INVALID_TARGET_KEYWORD_34=The provided Access Control \
Instruction (ACI) target keyword value "%s" is invalid. A valid target \
keyword value is one of the following: target, targetscope, targetfilter, \
targetattr or targattrfilters
WARN_ACI_SYNTAX_INVALID_TARGET_NOT_OPERATOR_35=The provided Access \
Control Instruction (ACI) target operator value "%s" is invalid. The only \
valid target operator value for the "%s" keyword is '='
WARN_ACI_SYNTAX_INVALID_TARGET_DUPLICATE_KEYWORDS_37=The provided \
Access Control Instruction (ACI) target keyword value "%s" was seen multiple \
times in the ACI "%s"
WARN_ACI_SYNTAX_INVALID_TARGETS_OPERATOR_38=The provided Access \
Control Instruction (ACI) target keyword operator value "%s" is invalid. A \
valid target keyword operator value is either '=' or "!="
WARN_ACI_SYNTAX_INVALID_TARGETSCOPE_EXPRESSION_39=The provided Access \
Control Instruction (ACI) targetscope expression operator value "%s" is \
invalid. A valid targetscope expression value is one of the following: one, \
onelevel, subtree or subordinate
WARN_ACI_SYNTAX_INVALID_TARGETKEYWORD_EXPRESSION_40=The provided \
Access Control Instruction (ACI) target expression value "%s" is invalid. A \
valid target keyword expression value requires a LDAP URL in the following \
format: ldap:///distinguished_name_pattern
WARN_ACI_SYNTAX_TARGET_DN_NOT_DESCENDENTOF_41=The provided Access \
Control Instruction (ACI) target expression DN value "%s" is invalid. The \
target expression DN value must be a descendant of the ACI entry DN "%s", if \
no wild-card is specified in the target expression DN
WARN_ACI_SYNTAX_INVALID_TARGETATTRKEYWORD_EXPRESSION_42=The provided \
Access Control Instruction (ACI) targetattr expression value "%s" is invalid. \
A valid targetattr keyword expression value requires one or more valid \
attribute type names in the following format: attribute1 [|| attribute2] ... \
[|| attributeN]. Attribute options are not supported
WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION_43=The provided \
Access Control Instruction (ACI) targetfilter expression value "%s" is \
invalid because it is not a valid LDAP filter
INFO_ACI_ADD_FAILED_PRIVILEGE_44=An attempt to add the entry "%s" containing \
an aci attribute type failed, because the authorization DN "%s" lacked \
modify-acl privileges
INFO_ACI_MODIFY_FAILED_PRIVILEGE_45=An attempt to modify an aci attribute \
type in the entry "%s" failed, because the authorization DN "%s" lacked \
modify-acl privileges
WARN_ACI_ADD_FAILED_DECODE_46=An attempt to add the entry "%s" \
containing an aci attribute type failed because of the following reason: %s
WARN_ACI_MODIFY_FAILED_DECODE_47=An attempt to modify an aci attribute \
type in the entry "%s" failed because of the following reason: %s
WARN_ACI_ADD_LIST_FAILED_DECODE_48= "%s", located in the entry "%s", \
because of the following reason: %s
INFO_ACI_ADD_LIST_ACIS_50=Added %s Access Control Instruction (ACI) attribute \
types found in context "%s" to the access control evaluation engine
WARN_ACI_SYNTAX_INVALID_USERATTR_ROLEDN_INHERITANCE_PATTERN_51=The \
provided Access Control Instruction (ACI) bind rule userattr expression \
inheritance pattern value "%s" is invalid for the roledn keyword because it \
starts with the string "parent["
WARN_ACI_SYNTAX_INVALID_TARGATTRFILTERS_EXPRESSION_53=The provided \
Access Control Instruction (ACI) targattrfilter expression value %s is \
invalid because it is not in the correct format.A valid targattrsfilters \
expression value must be in the following format: "add=attr1: F1 && attr2: F2 \
... && attrN: FN,del= attr1: F1 && attr2: F2 ... && attrN: FN"
WARN_ACI_SYNTAX_INVALID_TARGATTRFILTERS_OPS_MATCH_54=The provided \
Access Control Instruction (ACI) targattrfilter expression value %s is \
invalid because the both operation tokens match in the two filter lists
WARN_ACI_SYNTAX_INVALID_TARGATTRFILTERS_MAX_FILTER_LISTS_55=The \
provided Access Control Instruction (ACI) targattrfilters expression value %s \
is invalid because there are more than two filter list statements
WARN_ACI_SYNTAX_INVALID_TARGATTRFILTERS_FILTER_LIST_FORMAT_56=The \
provided Access Control Instruction (ACI) targattrfilters expression value %s \
is invalid because the provided filter list string is in the wrong format. A \
valid targattrfilters filter list must be in the following format: add=attr1: \
F1 && attr2: F2 ... && attrN: FN
WARN_ACI_SYNTAX_INVALID_TARGATTRFILTERS_FILTER_LISTS_FILTER_57=The \
provided Access Control Instruction (ACI) targattrfilters expression value %s \
is invalid because one or more of the specified filters are invalid for the \
following reason: %s
WARN_ACI_SYNTAX_INVALID_TARGATTRFILTERS_FILTER_LISTS_ATTR_FILTER_58=The \
provided Access Control Instruction (ACI) targattrfilters expression value %s \
is invalid because one or more of the specified filters are invalid because \
of non-matching attribute type names in the filter
WARN_ACI_SYNTAX_INVALID_ATTRIBUTE_TYPE_NAME_59=The provided Access \
Control Instruction (ACI) attribute name value %s is invalid. A valid \
attribute type name must begin with an ASCII letter and must contain only \
ASCII letters,digits or the "-" character
NOTE_ACI_SYNTAX_DUBIOUS_AUTHMETHOD_SASL_MECHANISM_60=The SASL mechanism \
"%s" provided in the Access Control Instruction (ACI) bind rule authmethod \
expression is not one of the currently registered mechanisms in the server
WARN_ACI_LOCALHOST_DOESNT_MATCH_CANONICAL_VALUE_61=The provided Access \
Control Instruction (ACI) bind rule dns expression value "%s" references \
hostname %s, but the canonical representation for that hostname is configured \
to be %s. The server will attempt to automatically interpret the correct \
localhost value
WARN_ACI_HOSTNAME_DOESNT_MATCH_CANONICAL_VALUE_62=The provided Access \
Control Instruction (ACI) bind rule dns expression value "%s" references \
hostname %s, which resolves to IP address %s, but the canonical hostname for \
that IP address is %s. This likely means that the provided hostname will \
never match any clients
WARN_ACI_ERROR_CHECKING_CANONICAL_HOSTNAME_63=An error occurred while \
attempting to determine whether hostname %s referenced in dns expression bind \
rule "%s" used the correct canonical representation: %s. This likely means \
that the provided hostname will never match any clients
INFO_ACI_ADD_LIST_GLOBAL_ACIS_66=Added %s Global Access Control Instruction \
(ACI) attribute types to the access control evaluation engine
INFO_ACI_HANDLER_FAIL_PROCESS_GLOBAL_ACI_67=An unexpected error occurred \
while processing the ds-cfg-global-aci attribute in configuration entry %s
INFO_ACI_HANDLER_FAIL_PROCESS_ACI_68=An unexpected error occurred while \
processing the aci attributes in the configuration system
WARN_PATTERN_DN_CONSECUTIVE_WILDCARDS_IN_VALUE_69=The pattern DN %s is \
not valid because it contains two consecutive wildcards in an attribute value
WARN_PATTERN_DN_TYPE_CONTAINS_SUBSTRINGS_70=The pattern DN %s is not \
valid because it uses wildcards for substring matching on an attribute type. \
A single wildcard is allowed in place of an attribute type
WARN_PATTERN_DN_TYPE_WILDCARD_IN_MULTIVALUED_RDN_71=The pattern DN %s \
is not valid because it contains a wildcard in an attribute type in a \
multi-valued RDN
WARN_ACI_HANDLER_CANNOT_LOCK_NEW_SUPERIOR_USER_72=Unable to obtain a \
lock on the ModifyDN new superior entry %s
WARN_ACI_NOT_VALID_DN_73=Selfwrite check skipped because an attribute \
"%s" with a distinguished name syntax was not a valid DN
WARN_ACI_TARGETATTR_INVALID_ATTR_TOKEN_74=The provided Access Control \
Instruction (ACI) targetattr expression value "%s" is invalid because the \
expression contains invalid or duplicate tokens
WARN_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED_75=The provided Access Control \
Instruction (ACI) expression value "%s" is invalid because it contains the \
roledn keyword, which is not supported, replace it with the groupdn keyword
WARN_ACI_SERVER_DECODE_FAILED_76=Failed to decode the Access Control \
Instruction (ACI)%s
WARN_ACI_ENTER_LOCKDOWN_MODE_77=The server is being put into lockdown \
mode because invalid ACIs rules were detected either when the server was \
started or during a backend initialization
WARN_ACI_SYNTAX_INVALID_USERATTR_URL_78=The provided Access Control \
Instruction (ACI) bind rule userattr expression value failed to URL decode \
for the following reason: %s
WARN_ACI_SYNTAX_INVALID_USERATTR_BASEDN_URL_79=The provided Access \
Control Instruction (ACI) bind rule userattr expression value failed to parse \
because the ldap URL "%s" contains an empty base DN
WARN_ACI_SYNTAX_INVALID_USERATTR_ATTR_URL_80=The provided Access \
Control Instruction (ACI) bind rule userattr expression value failed to parse \
because the attribute field of the ldap URL "%s" either contains more than \
one description or the field is empty
WARN_ACI_SYNTAX_INVALID_PREFIX_FORMAT_81=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
prefix part of the expression "%s" has an invalid format
WARN_ACI_SYNTAX_INVALID_PREFIX_VALUE_82=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
prefix value of the expression "%s" was an invalid value. All values must \
greater than or equal to 0 and either less than or equal 32 for IPV4 \
addresses or less than or equal to 128 for IPV6 addresses
WARN_ACI_SYNTAX_PREFIX_NOT_NUMERIC_83=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
prefix part of the expression "%s" has an non-numeric value
WARN_ACI_SYNTAX_INVALID_IPV4_FORMAT_84=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
the IPv4 address expression "%s" format was invalid
WARN_ACI_SYNTAX_INVALID_IPV4_VALUE_85=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
IPv4 address expression "%s" contains an invalid value. All values of the \
address must be between 0 and 255
WARN_ACI_SYNTAX_IPV4_NOT_NUMERIC_86=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
the IPv4 address expression "%s" contains a non-numeric value
WARN_ACI_SYNTAX_IPV6_WILDCARD_INVALID_87=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
the IPv6 address expression "%s" contains an illegal wildcard character. \
Wildcards are not supported when using IPv6 addresses in a IP bind rule \
expression
WARN_ACI_SYNTAX_INVALID_IPV6_FORMAT_88=The provided Access Control \
Instruction (ACI) bind rule IP address expression "%s" failed to parse for \
the following reason: "%s"
WARN_ACI_SYNTAX_INVALID_NETMASK_FORMAT_89=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
netmask part of the expression "%s" has an invalid format
WARN_ACI_SYNTAX_INVALID_NETMASK_90=The provided Access Control \
Instruction (ACI) bind rule IP address expression failed to parse because the \
netmask part of the expression "%s" has an invalid value
WARN_ACI_SYNTAX_INVALID_TARGETCONTROL_EXPRESSION_91=The provided \
Access Control Instruction (ACI) targetcontrol expression value "%s" is \
invalid. A valid targetcontrol keyword expression value requires one or more \
valid control OID strings in the following format: oid [|| oid1] ... [|| \
oidN]
WARN_ACI_SYNTAX_ILLEGAL_CHAR_IN_NUMERIC_OID_92=The provided Access \
Control Instruction (ACI) targetcontrol OID value "%s" could not be parsed \
because the value contained an illegal character %c at position %d
WARN_ACI_SYNTAX_DOUBLE_PERIOD_IN_NUMERIC_OID_93=The provided Access \
Control Instruction (ACI) targetcontrol OID value "%s" could not be parsed \
because the numeric OID contained two consecutive periods at position %d
WARN_ACI_SYNTAX_INVALID_TARGEXTOP_EXPRESSION_95=The provided Access \
Control Instruction (ACI) extop expression value "%s" is invalid. A valid \
extop keyword expression value requires one or more valid extended operation \
request OID strings in the following format: oid [|| oid1] ... [|| oidN]
WARN_ACI_ATTRIBUTE_NOT_INDEXED_96=Backend %s does not have a \
presence index defined for attribute type %s. Access control initialization \
may take a very long time to complete in this backend
WARN_ACI_SYNTAX_INVALID_SSF_FORMAT_97=The provided Access Control \
Instruction (ACI) bind rule SSF expression "%s" failed to parse for \
the following reason: "%s"
WARN_ACI_SYNTAX_INVALID_SSF_RANGE_98=The provided Access Control \
Instruction (ACI) bind rule ssf expression value "%s" is not in the \
valid range. A valid ssf value is in the range of 1 to 1024
WARN_ACI_SYNTAX_INVALID_TIMEOFDAY_FORMAT_99=The provided Access Control \
Instruction (ACI) bind rule timeofday expression "%s" failed to parse for \
the following reason: "%s"