From f35d168ff3e165f7dbf2bdd6846231e29e4d2168 Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Oct 03 2023 12:40:40 +0000 Subject: Update translations to FreeIPA ipa-4-11 state Signed-off-by: Antonio Torres --- diff --git a/po/ipa.pot b/po/ipa.pot index ad66af7..b818616 100644 --- a/po/ipa.pot +++ b/po/ipa.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: freeipa 4.11.0.dev202308211251+gitd98d5e475\n" +"Project-Id-Version: freeipa 4.11.1.dev202310031238+gitfd01b234e\n" "Report-Msgid-Bugs-To: https://pagure.io/freeipa/new_issue\n" -"POT-Creation-Date: 2023-08-21 14:51+0200\n" +"POT-Creation-Date: 2023-10-03 14:39+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -38,6 +38,125 @@ msgstr "" msgid "read error\n" msgstr "" +#: client/ipa-rmkeytab.c:51 +#, c-format +msgid "Unable to parse principal name\n" +msgstr "" + +#: client/ipa-rmkeytab.c:53 +#, c-format +msgid "krb5_parse_name %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:63 +#, c-format +msgid "Removing principal %s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:76 +#, c-format +msgid "Failed to open keytab\n" +msgstr "" + +#: client/ipa-rmkeytab.c:80 +#, c-format +msgid "principal not found\n" +msgstr "" + +#: client/ipa-rmkeytab.c:82 +#, c-format +msgid "krb5_kt_get_entry %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:90 +#, c-format +msgid "Unable to remove entry\n" +msgstr "" + +#: client/ipa-rmkeytab.c:92 +#, c-format +msgid "kvno %d\n" +msgstr "" + +#: client/ipa-rmkeytab.c:93 +#, c-format +msgid "krb5_kt_remove_entry %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:124 client/ipa-rmkeytab.c:146 +#: client/ipa-rmkeytab.c:160 client/ipa-rmkeytab.c:263 +#, c-format +msgid "Failed to set cursor '%1$s'\n" +msgstr "" + +#: client/ipa-rmkeytab.c:133 +#, c-format +msgid "Unable to parse principal\n" +msgstr "" + +#: client/ipa-rmkeytab.c:135 +#, c-format +msgid "krb5_unparse_name %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:169 +#, c-format +msgid "realm not found\n" +msgstr "" + +#: client/ipa-rmkeytab.c:195 client/ipa-getkeytab.c:942 +msgid "Print debugging information" +msgstr "" + +#: client/ipa-rmkeytab.c:195 +msgid "Debugging output" +msgstr "" + +#: client/ipa-rmkeytab.c:197 +msgid "" +"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)" +msgstr "" + +#: client/ipa-rmkeytab.c:198 client/ipa-getkeytab.c:948 +msgid "Kerberos Service Principal Name" +msgstr "" + +#: client/ipa-rmkeytab.c:200 +msgid "The keytab file to remove the principcal(s) from" +msgstr "" + +#: client/ipa-rmkeytab.c:200 client/ipa-getkeytab.c:952 +msgid "Keytab File Name" +msgstr "" + +#: client/ipa-rmkeytab.c:202 +msgid "Remove all principals in this realm" +msgstr "" + +#: client/ipa-rmkeytab.c:202 ipaclient/remote_plugins/2_114/trust.py:111 +msgid "Realm name" +msgstr "" + +#: client/ipa-rmkeytab.c:216 client/ipa-getkeytab.c:1001 +#, c-format +msgid "Kerberos context initialization failed\n" +msgstr "" + +#: client/ipa-rmkeytab.c:256 +#, c-format +msgid "Failed to open keytab '%1$s': %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:279 +#, c-format +msgid "Closing keytab failed\n" +msgstr "" + +#: client/ipa-rmkeytab.c:281 +#, c-format +msgid "krb5_kt_close %1$d: %2$s\n" +msgstr "" + #: client/ipa-getkeytab.c:254 #, c-format msgid "Kerberos context initialization failed: %1$s (%2$d)\n" @@ -186,10 +305,6 @@ msgstr "" msgid "Output only on errors" msgstr "" -#: client/ipa-getkeytab.c:942 client/ipa-rmkeytab.c:195 -msgid "Print debugging information" -msgstr "" - #: client/ipa-getkeytab.c:942 msgid "Output debug info" msgstr "" @@ -206,20 +321,12 @@ msgstr "" msgid "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)" msgstr "" -#: client/ipa-getkeytab.c:948 client/ipa-rmkeytab.c:198 -msgid "Kerberos Service Principal Name" -msgstr "" - #: client/ipa-getkeytab.c:950 msgid "" "The keytab file to append the new key to (will be created if it does not " "exist)." msgstr "" -#: client/ipa-getkeytab.c:952 client/ipa-rmkeytab.c:200 -msgid "Keytab File Name" -msgstr "" - #: client/ipa-getkeytab.c:954 msgid "Encryption types to request" msgstr "" @@ -288,11 +395,6 @@ msgstr "" msgid "Retrieve current keys without changing them" msgstr "" -#: client/ipa-getkeytab.c:1001 client/ipa-rmkeytab.c:216 -#, c-format -msgid "Kerberos context initialization failed\n" -msgstr "" - #: client/ipa-getkeytab.c:1014 util/ipa_krb5.c:892 #, c-format msgid "No system preferred enctypes ?!\n" @@ -442,108 +544,6 @@ msgstr "" msgid "Keytab successfully retrieved and stored in: %s\n" msgstr "" -#: client/ipa-rmkeytab.c:51 -#, c-format -msgid "Unable to parse principal name\n" -msgstr "" - -#: client/ipa-rmkeytab.c:53 -#, c-format -msgid "krb5_parse_name %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:63 -#, c-format -msgid "Removing principal %s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:76 -#, c-format -msgid "Failed to open keytab\n" -msgstr "" - -#: client/ipa-rmkeytab.c:80 -#, c-format -msgid "principal not found\n" -msgstr "" - -#: client/ipa-rmkeytab.c:82 -#, c-format -msgid "krb5_kt_get_entry %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:90 -#, c-format -msgid "Unable to remove entry\n" -msgstr "" - -#: client/ipa-rmkeytab.c:92 -#, c-format -msgid "kvno %d\n" -msgstr "" - -#: client/ipa-rmkeytab.c:93 -#, c-format -msgid "krb5_kt_remove_entry %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:124 client/ipa-rmkeytab.c:146 -#: client/ipa-rmkeytab.c:160 client/ipa-rmkeytab.c:263 -#, c-format -msgid "Failed to set cursor '%1$s'\n" -msgstr "" - -#: client/ipa-rmkeytab.c:133 -#, c-format -msgid "Unable to parse principal\n" -msgstr "" - -#: client/ipa-rmkeytab.c:135 -#, c-format -msgid "krb5_unparse_name %1$d: %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:169 -#, c-format -msgid "realm not found\n" -msgstr "" - -#: client/ipa-rmkeytab.c:195 -msgid "Debugging output" -msgstr "" - -#: client/ipa-rmkeytab.c:197 -msgid "" -"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)" -msgstr "" - -#: client/ipa-rmkeytab.c:200 -msgid "The keytab file to remove the principcal(s) from" -msgstr "" - -#: client/ipa-rmkeytab.c:202 -msgid "Remove all principals in this realm" -msgstr "" - -#: client/ipa-rmkeytab.c:202 ipaclient/remote_plugins/2_114/trust.py:111 -msgid "Realm name" -msgstr "" - -#: client/ipa-rmkeytab.c:256 -#, c-format -msgid "Failed to open keytab '%1$s': %2$s\n" -msgstr "" - -#: client/ipa-rmkeytab.c:279 -#, c-format -msgid "Closing keytab failed\n" -msgstr "" - -#: client/ipa-rmkeytab.c:281 -#, c-format -msgid "krb5_kt_close %1$d: %2$s\n" -msgstr "" - #: client/ipa-join.c:67 client/ipa-join.c:422 client/ipa-join.c:442 #: client/ipa-join.c:540 client/ipa-join.c:1067 util/ipa_krb5.c:1024 #: util/ipa_krb5.c:1058 @@ -863,6 +863,26 @@ msgstr "" msgid "Write certificate (chain if --chain used) to file" msgstr "" +#: ipaclient/plugins/cert.py:107 +msgid "Unrevoked" +msgstr "" + +#: ipaclient/plugins/cert.py:110 ipaserver/plugins/internal.py:299 +msgid "Error" +msgstr "" + +#: ipaclient/plugins/cert.py:120 +msgid "Input filename" +msgstr "" + +#: ipaclient/plugins/cert.py:121 +msgid "File to load the certificate from." +msgstr "" + +#: ipaclient/plugins/cert.py:130 ipaclient/plugins/certmap.py:41 +msgid "cannot specify both raw certificate and file" +msgstr "" + #: ipaclient/plugins/certmap.py:19 msgid "Input file" msgstr "" @@ -871,93 +891,11 @@ msgstr "" msgid "File to load the certificate from" msgstr "" -#: ipaclient/plugins/certmap.py:41 ipaclient/plugins/cert.py:130 -msgid "cannot specify both raw certificate and file" -msgstr "" - #: ipaclient/plugins/certprofile.py:25 #, python-format msgid "Profile configuration stored in file '%(file)s'" msgstr "" -#: ipaclient/plugins/host.py:41 ipaclient/plugins/service.py:43 -#: ipaclient/plugins/user.py:75 -#, python-format -msgid "Certificate(s) stored in file '%(file)s'" -msgstr "" - -#: ipaclient/plugins/location.py:23 -msgid "Servers details:" -msgstr "" - -#: ipaclient/plugins/migration.py:37 -msgid "" -"Migration mode is disabled.\n" -"Use 'ipa config-mod --enable-migration=TRUE' to enable it." -msgstr "" - -#: ipaclient/plugins/migration.py:41 -msgid "" -"Passwords have been migrated in pre-hashed format.\n" -"IPA is unable to generate Kerberos keys unless provided\n" -"with clear text passwords. All migrated users need to\n" -"login at https://your.domain/ipa/migration/ before they\n" -"can use their Kerberos accounts." -msgstr "" - -#: ipaclient/plugins/server.py:20 -#, python-format -msgid "Removing %(servers)s from replication topology, please wait..." -msgstr "" - -#: ipaclient/plugins/topology.py:25 -#, python-format -msgid "Replication topology of suffix \"%(suffix)s\" is in order." -msgstr "" - -#: ipaclient/plugins/topology.py:30 -#, python-format -msgid "Replication topology of suffix \"%(suffix)s\" contains errors." -msgstr "" - -#: ipaclient/plugins/topology.py:33 -msgid "Topology is disconnected" -msgstr "" - -#: ipaclient/plugins/topology.py:35 -#, python-format -msgid "Server %(srv)s can't contact servers: %(replicas)s" -msgstr "" - -#: ipaclient/plugins/topology.py:40 -msgid "Recommended maximum number of agreements per replica exceeded" -msgstr "" - -#: ipaclient/plugins/topology.py:43 -msgid "Maximum number of agreements per replica" -msgstr "" - -#: ipaclient/plugins/topology.py:47 -#, python-format -msgid "Server \"%(srv)s\" has %(n)d agreements with servers:" -msgstr "" - -#: ipaclient/plugins/cert.py:107 -msgid "Unrevoked" -msgstr "" - -#: ipaclient/plugins/cert.py:110 ipaserver/plugins/internal.py:299 -msgid "Error" -msgstr "" - -#: ipaclient/plugins/cert.py:120 -msgid "Input filename" -msgstr "" - -#: ipaclient/plugins/cert.py:121 -msgid "File to load the certificate from." -msgstr "" - #: ipaclient/plugins/dns.py:137 ipaserver/plugins/dns.py:3557 msgid "Split DNS record to parts" msgstr "" @@ -1041,24 +979,110 @@ msgstr "" msgid "file to store DNS records in nsupdate format" msgstr "" -#: ipaclient/plugins/sudorule.py:30 +#: ipaclient/plugins/host.py:41 ipaclient/plugins/service.py:43 +#: ipaclient/plugins/user.py:75 #, python-format -msgid "Enabled Sudo Rule \"%s\"" +msgid "Certificate(s) stored in file '%(file)s'" msgstr "" -#: ipaclient/plugins/sudorule.py:36 +#: ipaclient/plugins/location.py:23 +msgid "Servers details:" +msgstr "" + +#: ipaclient/plugins/migration.py:37 +msgid "" +"Migration mode is disabled.\n" +"Use 'ipa config-mod --enable-migration=TRUE' to enable it." +msgstr "" + +#: ipaclient/plugins/migration.py:41 +msgid "" +"Passwords have been migrated in pre-hashed format.\n" +"IPA is unable to generate Kerberos keys unless provided\n" +"with clear text passwords. All migrated users need to\n" +"login at https://your.domain/ipa/migration/ before they\n" +"can use their Kerberos accounts." +msgstr "" + +#: ipaclient/plugins/server.py:20 #, python-format -msgid "Disabled Sudo Rule \"%s\"" +msgid "Removing %(servers)s from replication topology, please wait..." msgstr "" -#: ipaclient/plugins/sudorule.py:44 +#: ipaclient/plugins/topology.py:25 #, python-format -msgid "Added option \"%(option)s\" to Sudo Rule \"%(rule)s\"" +msgid "Replication topology of suffix \"%(suffix)s\" is in order." msgstr "" -#: ipaclient/plugins/sudorule.py:57 +#: ipaclient/plugins/topology.py:30 #, python-format -msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\"" +msgid "Replication topology of suffix \"%(suffix)s\" contains errors." +msgstr "" + +#: ipaclient/plugins/topology.py:33 +msgid "Topology is disconnected" +msgstr "" + +#: ipaclient/plugins/topology.py:35 +#, python-format +msgid "Server %(srv)s can't contact servers: %(replicas)s" +msgstr "" + +#: ipaclient/plugins/topology.py:40 +msgid "Recommended maximum number of agreements per replica exceeded" +msgstr "" + +#: ipaclient/plugins/topology.py:43 +msgid "Maximum number of agreements per replica" +msgstr "" + +#: ipaclient/plugins/topology.py:47 +#, python-format +msgid "Server \"%(srv)s\" has %(n)d agreements with servers:" +msgstr "" + +#: ipaclient/plugins/otptoken.py:67 +msgid "" +"Unable to display QR code using the configured output encoding. Please use " +"the token URI to configure your OTP device" +msgstr "" + +#: ipaclient/plugins/otptoken.py:83 +msgid "" +"QR code width is greater than that of the output tty. Please resize your " +"terminal." +msgstr "" + +#: ipaclient/plugins/otptoken.py:137 +msgid "Synchronize an OTP token." +msgstr "" + +#: ipaclient/plugins/otptoken.py:142 +msgid "User ID" +msgstr "" + +#: ipaclient/plugins/otptoken.py:143 ipaclient/remote_plugins/2_114/host.py:187 +#: ipaserver/plugins/migration.py:534 ipaserver/plugins/baseldap.py:50 +#: ipaserver/plugins/internal.py:194 ipaserver/plugins/internal.py:414 +#: ipaserver/plugins/internal.py:1742 ipaserver/plugins/baseuser.py:331 +msgid "Password" +msgstr "" + +#: ipaclient/plugins/otptoken.py:144 +msgid "First Code" +msgstr "" + +#: ipaclient/plugins/otptoken.py:145 +msgid "Second Code" +msgstr "" + +#: ipaclient/plugins/otptoken.py:149 ipaserver/plugins/internal.py:1752 +msgid "Token ID" +msgstr "" + +#: ipaclient/plugins/otptoken.py:185 +#, python-format +msgid "Unable to synchronize token: %s" msgstr "" #: ipaclient/plugins/automember.py:33 ipaserver/plugins/automember.py:342 @@ -1152,78 +1176,6 @@ msgstr "" msgid "Skipped %(key)s" msgstr "" -#: ipaclient/plugins/baseuser.py:22 -msgid "Register the passkey" -msgstr "" - -#: ipaclient/plugins/baseuser.py:27 -msgid "Require user verification during authentication with the passkey" -msgstr "" - -#: ipaclient/plugins/baseuser.py:33 -msgid "COSE type to use for registration" -msgstr "" - -#: ipaclient/plugins/baseuser.py:39 -msgid "Credential type" -msgstr "" - -#: ipaclient/plugins/baseuser.py:62 -#, python-format -msgid "cannot specify both %s and passkey mapping" -msgstr "" - -#: ipaclient/plugins/baseuser.py:70 -#, python-format -msgid "" -"Missing executable %s, use the command with LOGIN PASSKEY instead of LOGIN --" -"register" -msgstr "" - -#: ipaclient/plugins/otptoken.py:67 -msgid "" -"Unable to display QR code using the configured output encoding. Please use " -"the token URI to configure your OTP device" -msgstr "" - -#: ipaclient/plugins/otptoken.py:83 -msgid "" -"QR code width is greater than that of the output tty. Please resize your " -"terminal." -msgstr "" - -#: ipaclient/plugins/otptoken.py:137 -msgid "Synchronize an OTP token." -msgstr "" - -#: ipaclient/plugins/otptoken.py:142 -msgid "User ID" -msgstr "" - -#: ipaclient/plugins/otptoken.py:143 ipaclient/remote_plugins/2_114/host.py:187 -#: ipaserver/plugins/migration.py:534 ipaserver/plugins/baseldap.py:50 -#: ipaserver/plugins/baseuser.py:331 ipaserver/plugins/internal.py:194 -#: ipaserver/plugins/internal.py:414 ipaserver/plugins/internal.py:1742 -msgid "Password" -msgstr "" - -#: ipaclient/plugins/otptoken.py:144 -msgid "First Code" -msgstr "" - -#: ipaclient/plugins/otptoken.py:145 -msgid "Second Code" -msgstr "" - -#: ipaclient/plugins/otptoken.py:149 ipaserver/plugins/internal.py:1752 -msgid "Token ID" -msgstr "" - -#: ipaclient/plugins/otptoken.py:185 -#, python-format -msgid "Unable to synchronize token: %s" -msgstr "" - #: ipaclient/plugins/otptoken_yubikey.py:35 msgid "python-yubico is not installed." msgstr "" @@ -1248,14 +1200,14 @@ msgid "" msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:47 ipaserver/plugins/dnsserver.py:39 -#: ipaserver/plugins/radiusproxy.py:43 ipaserver/plugins/serverrole.py:19 -#: ipaserver/plugins/automember.py:63 ipaserver/plugins/ca.py:36 -#: ipaserver/plugins/certmap.py:60 ipaserver/plugins/location.py:37 -#: ipaserver/plugins/otptoken.py:49 ipaserver/plugins/cert.py:99 -#: ipaserver/plugins/host.py:104 ipaserver/plugins/idp.py:31 -#: ipaserver/plugins/passkeyconfig.py:30 ipaserver/plugins/permission.py:98 -#: ipaserver/plugins/schema.py:28 ipaserver/plugins/server.py:40 -#: ipaserver/plugins/sudorule.py:76 ipaserver/plugins/vault.py:88 +#: ipaserver/plugins/location.py:37 ipaserver/plugins/radiusproxy.py:43 +#: ipaserver/plugins/serverrole.py:19 ipaserver/plugins/automember.py:63 +#: ipaserver/plugins/certmap.py:60 ipaserver/plugins/permission.py:98 +#: ipaserver/plugins/vault.py:88 ipaserver/plugins/otptoken.py:49 +#: ipaserver/plugins/server.py:40 ipaserver/plugins/ca.py:36 +#: ipaserver/plugins/cert.py:99 ipaserver/plugins/idp.py:31 +#: ipaserver/plugins/schema.py:28 ipaserver/plugins/sudorule.py:76 +#: ipaserver/plugins/host.py:104 ipaserver/plugins/passkeyconfig.py:30 msgid "" "\n" "EXAMPLES:\n" @@ -1280,21 +1232,24 @@ msgstr "" msgid "No free YubiKey slot!" msgstr "" -#: ipaclient/plugins/stageuser.py:14 ipaclient/plugins/user.py:87 -#: ipaserver/plugins/baseuser.py:1084 ipaserver/plugins/user.py:1405 -msgid "Add one or more passkey mappings to the user entry." +#: ipaclient/plugins/sudorule.py:30 +#, python-format +msgid "Enabled Sudo Rule \"%s\"" msgstr "" -#: ipaclient/plugins/user.py:41 -msgid "Delete a user, keeping the entry available for future use" +#: ipaclient/plugins/sudorule.py:36 +#, python-format +msgid "Disabled Sudo Rule \"%s\"" msgstr "" -#: ipaclient/plugins/user.py:46 -msgid "Delete a user" +#: ipaclient/plugins/sudorule.py:44 +#, python-format +msgid "Added option \"%(option)s\" to Sudo Rule \"%(rule)s\"" msgstr "" -#: ipaclient/plugins/user.py:55 -msgid "preserve and no-preserve cannot be both set" +#: ipaclient/plugins/sudorule.py:57 +#, python-format +msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\"" msgstr "" #: ipaclient/plugins/vault.py:68 ipaclient/plugins/vault.py:875 @@ -1463,6 +1418,51 @@ msgstr "" msgid "Missing vault private key" msgstr "" +#: ipaclient/plugins/baseuser.py:22 +msgid "Register the passkey" +msgstr "" + +#: ipaclient/plugins/baseuser.py:27 +msgid "Require user verification during authentication with the passkey" +msgstr "" + +#: ipaclient/plugins/baseuser.py:33 +msgid "COSE type to use for registration" +msgstr "" + +#: ipaclient/plugins/baseuser.py:39 +msgid "Credential type" +msgstr "" + +#: ipaclient/plugins/baseuser.py:62 +#, python-format +msgid "cannot specify both %s and passkey mapping" +msgstr "" + +#: ipaclient/plugins/baseuser.py:70 +#, python-format +msgid "" +"Missing executable %s, use the command with LOGIN PASSKEY instead of LOGIN --" +"register" +msgstr "" + +#: ipaclient/plugins/stageuser.py:14 ipaclient/plugins/user.py:87 +#: ipaserver/plugins/user.py:1405 ipaserver/plugins/baseuser.py:1091 +msgid "Add one or more passkey mappings to the user entry." +msgstr "" + +#: ipaclient/plugins/user.py:41 +msgid "Delete a user, keeping the entry available for future use" +msgstr "" + +#: ipaclient/plugins/user.py:46 +msgid "Delete a user" +msgstr "" + +#: ipaclient/plugins/user.py:55 +msgid "preserve and no-preserve cannot be both set" +msgstr "" + msgid "" "\n" "Directory Server Access Control Instructions (ACIs)\n" @@ -1603,8 +1603,8 @@ msgid "User group ACI grants access to" msgstr "" #: ipaserver/plugins/delegation.py:81 ipaserver/plugins/selfservice.py:84 -#: ipaserver/plugins/aci.py:463 ipaserver/plugins/baseldap.py:74 -#: ipaserver/plugins/permission.py:231 +#: ipaserver/plugins/aci.py:463 ipaserver/plugins/permission.py:231 +#: ipaserver/plugins/baseldap.py:74 msgid "Permissions" msgstr "" @@ -1619,8 +1619,8 @@ msgstr "" msgid "Attributes" msgstr "" -#: ipaserver/plugins/otptoken.py:165 ipaserver/plugins/permission.py:347 -#: ipaserver/plugins/schema.py:448 ipaserver/plugins/vault.py:598 +#: ipaserver/plugins/permission.py:347 ipaserver/plugins/vault.py:598 +#: ipaserver/plugins/otptoken.py:165 ipaserver/plugins/schema.py:448 msgid "Type" msgstr "" @@ -1749,167 +1749,146 @@ msgstr "" msgid "Location of the ACI" msgstr "" -#: ipaserver/plugins/automount.py:41 msgid "" "\n" -"Automount\n" -"\n" -"Stores automount(8) configuration for autofs(8) in IPA.\n" -"\n" -"The base of an automount configuration is the configuration file auto." -"master.\n" -"This is also the base location in IPA. Multiple auto.master configurations\n" -"can be stored in separate locations. A location is implementation-specific\n" -"with the default being a location named 'default'. For example, you can " -"have\n" -"locations by geographic region, by floor, by type, etc.\n" -"\n" -"Automount has three basic object types: locations, maps and keys.\n" +"Auto Membership Rule.\n" "\n" -"A location defines a set of maps anchored in auto.master. This allows you\n" -"to store multiple automount configurations. A location in itself isn't\n" -"very interesting, it is just a point to start a new automount map.\n" +"Bring clarity to the membership of hosts and users by configuring inclusive\n" +"or exclusive regex patterns, you can automatically assign a new entries " +"into\n" +"a group or hostgroup based upon attribute information.\n" "\n" -"A map is roughly equivalent to a discrete automount file and provides\n" -"storage for keys.\n" +"A rule is directly associated with a group by name, so you cannot create\n" +"a rule without an accompanying group or hostgroup.\n" "\n" -"A key is a mount point associated with a map.\n" +"A condition is a regular expression used by 389-ds to match a new incoming\n" +"entry with an automember rule. If it matches an inclusive rule then the\n" +"entry is added to the appropriate group or hostgroup.\n" "\n" -"When a new location is created, two maps are automatically created for\n" -"it: auto.master and auto.direct. auto.master is the root map for all\n" -"automount maps for the location. auto.direct is the default map for\n" -"direct mounts and is mounted on /-.\n" +"A default group or hostgroup could be specified for entries that do not\n" +"match any rule. In case of user entries this group will be a fallback group\n" +"because all users are by default members of group specified in IPA config.\n" "\n" -"An automount map may contain a submount key. This key defines a mount\n" -"location within the map that references another map. This can be done\n" -"either using automountmap-add-indirect --parentmap or manually\n" -"with automountkey-add and setting info to \"-type=autofs :\".\n" +"The automember-rebuild command can be used to retroactively run automember " +"rules\n" +"against existing entries, thus rebuilding their membership.\n" "\n" "EXAMPLES:\n" "\n" -"Locations:\n" -"\n" -" Create a named location, \"Baltimore\":\n" -" ipa automountlocation-add baltimore\n" -"\n" -" Display the new location:\n" -" ipa automountlocation-show baltimore\n" +" Add the initial group or hostgroup:\n" +" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" +" ipa group-add --desc=\"Developers\" devel\n" "\n" -" Find available locations:\n" -" ipa automountlocation-find\n" +" Add the initial rule:\n" +" ipa automember-add --type=hostgroup webservers\n" +" ipa automember-add --type=group devel\n" "\n" -" Remove a named automount location:\n" -" ipa automountlocation-del baltimore\n" +" Add a condition to the rule:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +" ipa automember-add-condition --key=manager --type=group --inclusive-" +"regex=^uid=mscott devel\n" "\n" -" Show what the automount maps would look like if they were in the " -"filesystem:\n" -" ipa automountlocation-tofiles baltimore\n" +" Add an exclusive condition to the rule to prevent auto assignment:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" +"regex=^web5\\.example\\.com webservers\n" "\n" -" Import an existing configuration into a location:\n" -" ipa automountlocation-import baltimore /etc/auto.master\n" +" Add a host:\n" +" ipa host-add web1.example.com\n" "\n" -" The import will fail if any duplicate entries are found. For\n" -" continuous operation where errors are ignored, use the --continue\n" -" option.\n" +" Add a user:\n" +" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" "\n" -"Maps:\n" +" Verify automembership:\n" +" ipa hostgroup-show webservers\n" +" Host-group: webservers\n" +" Description: Web Servers\n" +" Member hosts: web1.example.com\n" "\n" -" Create a new map, \"auto.share\":\n" -" ipa automountmap-add baltimore auto.share\n" +" ipa group-show devel\n" +" Group name: devel\n" +" Description: Developers\n" +" GID: 1004200000\n" +" Member users: tuser\n" "\n" -" Display the new map:\n" -" ipa automountmap-show baltimore auto.share\n" +" Remove a condition from the rule:\n" +" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" "\n" -" Find maps in the location baltimore:\n" -" ipa automountmap-find baltimore\n" +" Modify the automember rule:\n" +" ipa automember-mod\n" "\n" -" Create an indirect map with auto.share as a submount:\n" -" ipa automountmap-add-indirect baltimore --parentmap=auto.share --" -"mount=sub auto.man\n" +" Set the default (fallback) target group:\n" +" ipa automember-default-group-set --default-group=webservers --" +"type=hostgroup\n" +" ipa automember-default-group-set --default-group=ipausers --type=group\n" "\n" -" This is equivalent to:\n" +" Remove the default (fallback) target group:\n" +" ipa automember-default-group-remove --type=hostgroup\n" +" ipa automember-default-group-remove --type=group\n" "\n" -" ipa automountmap-add-indirect baltimore --mount=/man auto.man\n" -" ipa automountkey-add baltimore auto.man --key=sub --info=\"-" -"fstype=autofs ldap:auto.share\"\n" +" Show the default (fallback) target group:\n" +" ipa automember-default-group-show --type=hostgroup\n" +" ipa automember-default-group-show --type=group\n" "\n" -" Remove the auto.share map:\n" -" ipa automountmap-del baltimore auto.share\n" +" Find all of the automember rules:\n" +" ipa automember-find\n" "\n" -"Keys:\n" +" Display a automember rule:\n" +" ipa automember-show --type=hostgroup webservers\n" +" ipa automember-show --type=group devel\n" "\n" -" Create a new key for the auto.share map in location baltimore. This ties\n" -" the map we previously created to auto.master:\n" -" ipa automountkey-add baltimore auto.master --key=/share --info=auto." -"share\n" +" Delete an automember rule:\n" +" ipa automember-del --type=hostgroup webservers\n" +" ipa automember-del --type=group devel\n" "\n" -" Create a new key for our auto.share map, an NFS mount for man pages:\n" -" ipa automountkey-add baltimore auto.share --key=man --info=\"-ro,soft," -"rsize=8192,wsize=8192 ipa.example.com:/shared/man\"\n" +" Rebuild membership for all users:\n" +" ipa automember-rebuild --type=group\n" "\n" -" Find all keys for the auto.share map:\n" -" ipa automountkey-find baltimore auto.share\n" +" Rebuild membership for all hosts:\n" +" ipa automember-rebuild --type=hostgroup\n" "\n" -" Find all direct automount keys:\n" -" ipa automountkey-find baltimore --key=/-\n" +" Rebuild membership for specified users:\n" +" ipa automember-rebuild --users=tuser1 --users=tuser2\n" "\n" -" Remove the man key from the auto.share map:\n" -" ipa automountkey-del baltimore auto.share --key=man\n" -msgstr "" - -#: ipaserver/plugins/otptoken.py:219 ipaserver/plugins/automount.py:465 -#: ipaserver/plugins/automount.py:712 ipaserver/plugins/automount.py:819 -msgid "Key" -msgstr "" - -#: ipaserver/plugins/automount.py:466 ipaserver/plugins/automount.py:713 -#: ipaserver/plugins/automount.py:820 -msgid "Automount key name." -msgstr "" - -#: ipaserver/plugins/automount.py:471 ipaserver/plugins/automount.py:717 -#: ipaserver/plugins/automount.py:824 -msgid "Mount information" -msgstr "" - -#: ipaserver/plugins/automount.py:474 -msgid "description" +" Rebuild membership for specified hosts:\n" +" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." +"com\n" msgstr "" -#: ipaserver/plugins/host.py:502 ipaserver/plugins/server.py:132 -msgid "Location" +#: ipaserver/plugins/hbacsvc.py:108 ipaserver/plugins/hbacsvcgroup.py:120 +#: ipaserver/plugins/hostgroup.py:193 ipaserver/plugins/location.py:111 +#: ipaserver/plugins/netgroup.py:210 ipaserver/plugins/radiusproxy.py:117 +#: ipaserver/plugins/role.py:153 ipaserver/plugins/subid.py:143 +#: ipaserver/plugins/sudocmd.py:128 ipaserver/plugins/sudocmdgroup.py:130 +#: ipaserver/plugins/automember.py:257 ipaserver/plugins/privilege.py:159 +#: ipaserver/plugins/caacl.py:175 ipaserver/plugins/certmap.py:279 +#: ipaserver/plugins/hbacrule.py:253 ipaserver/plugins/selinuxusermap.py:265 +#: ipaserver/plugins/vault.py:592 ipaserver/plugins/otptoken.py:174 +#: ipaserver/plugins/idviews.py:143 ipaserver/plugins/idviews.py:784 +#: ipaserver/plugins/ca.py:91 ipaserver/plugins/group.py:349 +#: ipaserver/plugins/sudorule.py:247 ipaserver/plugins/automount.py:364 +#: ipaserver/plugins/host.py:492 +msgid "Description" msgstr "" -#: ipaserver/plugins/automount.py:253 -msgid "Automount location name." +#: ipaserver/plugins/automember.py:258 +msgid "A description of this auto member rule" msgstr "" -#: ipaserver/plugins/automount.py:358 -msgid "Map" +#: ipaserver/plugins/automember.py:262 ipaserver/plugins/automember.py:585 +msgid "Default (fallback) Group" msgstr "" -#: ipaserver/plugins/automount.py:359 -msgid "Automount map name." +#: ipaserver/plugins/automember.py:263 +msgid "Default group for entries to land" msgstr "" -#: ipaserver/plugins/hbacsvc.py:108 ipaserver/plugins/hbacsvcgroup.py:120 -#: ipaserver/plugins/netgroup.py:210 ipaserver/plugins/radiusproxy.py:117 -#: ipaserver/plugins/sudocmdgroup.py:130 ipaserver/plugins/automember.py:257 -#: ipaserver/plugins/ca.py:91 ipaserver/plugins/caacl.py:175 -#: ipaserver/plugins/certmap.py:279 ipaserver/plugins/hbacrule.py:253 -#: ipaserver/plugins/hostgroup.py:193 ipaserver/plugins/location.py:111 -#: ipaserver/plugins/otptoken.py:174 ipaserver/plugins/privilege.py:159 -#: ipaserver/plugins/role.py:153 ipaserver/plugins/selinuxusermap.py:265 -#: ipaserver/plugins/subid.py:143 ipaserver/plugins/sudocmd.py:128 -#: ipaserver/plugins/automount.py:364 ipaserver/plugins/group.py:349 -#: ipaserver/plugins/host.py:492 ipaserver/plugins/idviews.py:143 -#: ipaserver/plugins/idviews.py:784 ipaserver/plugins/sudorule.py:247 -#: ipaserver/plugins/vault.py:592 -msgid "Description" +msgid "Add an automember rule." msgstr "" -#: ipaserver/plugins/automount.py:623 -msgid "Create a new automount key." +#: ipaserver/plugins/automember.py:249 ipaserver/plugins/automember.py:250 +msgid "Automember Rule" msgstr "" #: ipaserver/plugins/baseldap.py:977 @@ -1924,6607 +1903,6874 @@ msgid "" "must be part of the schema." msgstr "" -#: ipaserver/plugins/automount.py:705 -msgid "Delete an automount key." +#: ipaserver/plugins/automember.py:184 +msgid "Grouping Type" msgstr "" -#: ipaserver/plugins/baseldap.py:1381 -msgid "Continuous mode: Don't stop on errors." +#: ipaserver/plugins/automember.py:185 +msgid "Grouping to which the rule applies" msgstr "" -#: ipalib/output.py:204 -msgid "List of deletions that failed" +msgid "Add conditions to an automember rule." msgstr "" -#: ipaserver/plugins/automount.py:804 -msgid "Search for an automount key." +#: ipaserver/plugins/automember.py:160 ipaserver/plugins/automember.py:161 +msgid "Inclusive Regex" msgstr "" -#: ipaserver/plugins/serverrole.py:123 ipaserver/plugins/baseldap.py:1979 -#: ipaserver/plugins/cert.py:1569 -msgid "Time Limit" +#: ipaserver/plugins/automember.py:167 ipaserver/plugins/automember.py:168 +msgid "Exclusive Regex" msgstr "" -msgid "Time limit of search in seconds" +#: ipaserver/plugins/automember.py:176 +msgid "Attribute Key" msgstr "" -#: ipaserver/plugins/serverrole.py:131 ipaserver/plugins/hbactest.py:304 -#: ipaserver/plugins/baseldap.py:1986 ipaserver/plugins/cert.py:1574 -msgid "Size Limit" +#: ipaserver/plugins/automember.py:177 +msgid "" +"Attribute to filter via regex. For example fqdn for a host, or manager for a " +"user" msgstr "" -msgid "Maximum number of entries returned" +#: ipaserver/plugins/automember.py:357 +msgid "Conditions that could not be added" msgstr "" -#: ipaserver/plugins/automount.py:746 -msgid "Modify an automount key." +#: ipaserver/plugins/automember.py:361 +msgid "Number of conditions added" msgstr "" -#: ipaserver/plugins/baseldap.py:989 -msgid "" -"Delete an attribute/value pair. The option will be evaluated\n" -"last, after all sets and adds." +msgid "Remove default (fallback) group for all unmatched entries." msgstr "" -#: ipaserver/plugins/baseldap.py:1402 ipaserver/plugins/baseldap.py:1477 -msgid "Rights" +msgid "Set default (fallback) group for all unmatched entries." msgstr "" -#: ipaserver/plugins/baseldap.py:1403 ipaserver/plugins/baseldap.py:1478 -msgid "" -"Display the access rights of this entry (requires --all). See ipa man page " -"for details." +#: ipaserver/plugins/automember.py:586 +msgid "Default (fallback) group for entries to land" msgstr "" -#: ipaserver/plugins/automount.py:755 -msgid "New mount information" +msgid "Display information about the default (fallback) automember groups." msgstr "" -#: ipaserver/plugins/baseldap.py:1487 -msgid "Rename" +msgid "Delete an automember rule." msgstr "" -msgid "Rename the automount key object" +#: ipalib/output.py:204 +msgid "List of deletions that failed" msgstr "" -#: ipaserver/plugins/automount.py:814 -msgid "Display an automount key." +msgid "Search for automember rules." msgstr "" -#: ipaserver/plugins/automount.py:261 -msgid "Create a new automount location." +msgid "Modify an automember rule." msgstr "" -#: ipaserver/plugins/automount.py:281 -msgid "Delete an automount location." +#: ipaserver/plugins/baseldap.py:989 +msgid "" +"Delete an attribute/value pair. The option will be evaluated\n" +"last, after all sets and adds." msgstr "" -#: ipaserver/plugins/automount.py:293 -msgid "Search for an automount location." +#: ipaserver/plugins/baseldap.py:1402 ipaserver/plugins/baseldap.py:1477 +msgid "Rights" msgstr "" -msgid "Results should contain primary key attribute only (\"location\")" +#: ipaserver/plugins/baseldap.py:1403 ipaserver/plugins/baseldap.py:1478 +msgid "" +"Display the access rights of this entry (requires --all). See ipa man page " +"for details." msgstr "" -#: ipaserver/plugins/automount.py:288 -msgid "Display an automount location." +#: ipaserver/plugins/automember.py:683 +msgid "Rebuild auto membership." msgstr "" -#: ipaserver/plugins/automount.py:303 -msgid "Generate automount files for a specific location." +#: ipaserver/plugins/automember.py:693 +msgid "Rebuild membership for all members of a grouping" msgstr "" -#: ipaserver/plugins/automount.py:399 -msgid "Create a new automount map." +#: ipaserver/plugins/automember.py:697 ipaserver/plugins/caacl.py:220 +#: ipaserver/plugins/hbacrule.py:260 ipaserver/plugins/selinuxusermap.py:272 +#: ipaserver/plugins/sudorule.py:291 ipaserver/plugins/internal.py:1205 +#: ipaserver/plugins/user.py:179 ipaserver/plugins/baseuser.py:250 +msgid "Users" msgstr "" -#: ipaserver/plugins/automount.py:652 -msgid "Create a new indirect mount point." +#: ipaserver/plugins/automember.py:698 +msgid "Rebuild membership for specified users" msgstr "" -#: ipaserver/plugins/automount.py:659 -msgid "Mount point" +#: ipaserver/plugins/automember.py:702 ipaserver/plugins/caacl.py:228 +#: ipaserver/plugins/hbacrule.py:268 ipaserver/plugins/selinuxusermap.py:280 +#: ipaserver/plugins/sudorule.py:304 ipaserver/plugins/host.py:480 +#: ipaserver/plugins/internal.py:1179 +msgid "Hosts" msgstr "" -#: ipaserver/plugins/automount.py:663 -msgid "Parent map" +#: ipaserver/plugins/automember.py:703 +msgid "Rebuild membership for specified hosts" msgstr "" -#: ipaserver/plugins/automount.py:664 -msgid "Name of parent automount map (default: auto.master)." +#: ipaserver/plugins/automember.py:708 +msgid "No wait" msgstr "" -#: ipaserver/plugins/automount.py:406 -msgid "Delete an automount map." +#: ipaserver/plugins/automember.py:709 +msgid "Don't wait for rebuilding membership" msgstr "" -#: ipaserver/plugins/automount.py:433 -msgid "Search for an automount map." +msgid "Remove conditions from an automember rule." msgstr "" -msgid "Results should contain primary key attribute only (\"map\")" +#: ipaserver/plugins/automember.py:441 +msgid "Conditions that could not be removed" msgstr "" -#: ipaserver/plugins/automount.py:426 -msgid "Modify an automount map." +#: ipaserver/plugins/automember.py:445 +msgid "Number of conditions removed" msgstr "" -#: ipaserver/plugins/automount.py:443 -msgid "Display an automount map." +msgid "Display information about an automember rule." msgstr "" +#: ipaserver/plugins/automount.py:41 msgid "" "\n" -"Plugin to make multiple ipa calls via one remote procedure call\n" +"Automount\n" "\n" -"To run this code in the lite-server\n" +"Stores automount(8) configuration for autofs(8) in IPA.\n" "\n" -"curl -H \"Content-Type:application/json\" -H \"Accept:application/" -"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" -"etc/ipa/ca.crt -d @batch_request.json -X POST http://" -"localhost:8888/ipa/json\n" +"The base of an automount configuration is the configuration file auto." +"master.\n" +"This is also the base location in IPA. Multiple auto.master configurations\n" +"can be stored in separate locations. A location is implementation-specific\n" +"with the default being a location named 'default'. For example, you can " +"have\n" +"locations by geographic region, by floor, by type, etc.\n" "\n" -"where the contents of the file batch_request.json follow the below example\n" +"Automount has three basic object types: locations, maps and keys.\n" "\n" -"{\"method\":\"batch\",\"params\":[[\n" -" {\"method\":\"group_find\",\"params\":[[],{}]},\n" -" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\"," -"\"all\":\"true\"}]},\n" -" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" -" ],{}],\"id\":1}\n" +"A location defines a set of maps anchored in auto.master. This allows you\n" +"to store multiple automount configurations. A location in itself isn't\n" +"very interesting, it is just a point to start a new automount map.\n" "\n" -"The format of the response is nested the same way. At the top you will see\n" -" \"error\": null,\n" -" \"id\": 1,\n" -" \"result\": {\n" -" \"count\": 3,\n" -" \"results\": [\n" +"A map is roughly equivalent to a discrete automount file and provides\n" +"storage for keys.\n" "\n" +"A key is a mount point associated with a map.\n" "\n" -"And then a nested response for each IPA command method sent in the request\n" -msgstr "" - -msgid "Nested Methods to execute" -msgstr "" - -msgid "" +"When a new location is created, two maps are automatically created for\n" +"it: auto.master and auto.direct. auto.master is the root map for all\n" +"automount maps for the location. auto.direct is the default map for\n" +"direct mounts and is mounted on /-.\n" "\n" -"Server configuration\n" +"An automount map may contain a submount key. This key defines a mount\n" +"location within the map that references another map. This can be done\n" +"either using automountmap-add-indirect --parentmap or manually\n" +"with automountkey-add and setting info to \"-type=autofs :\".\n" "\n" -"Manage the default values that IPA uses and some of its tuning parameters.\n" +"EXAMPLES:\n" "\n" -"NOTES:\n" +"Locations:\n" "\n" -"The password notification value (--pwdexpnotify) is stored here so it will\n" -"be replicated. It is not currently used to notify users in advance of an\n" -"expiring password.\n" +" Create a named location, \"Baltimore\":\n" +" ipa automountlocation-add baltimore\n" "\n" -"Some attributes are read-only, provided only for information purposes. " -"These\n" -"include:\n" +" Display the new location:\n" +" ipa automountlocation-show baltimore\n" "\n" -"Certificate Subject base: the configured certificate subject base,\n" -" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" -"Password plug-in features: currently defines additional hashes that the\n" -" password will generate (there may be other conditions).\n" +" Find available locations:\n" +" ipa automountlocation-find\n" "\n" -"When setting the order list for mapping SELinux users you may need to\n" -"quote the value so it isn't interpreted by the shell.\n" +" Remove a named automount location:\n" +" ipa automountlocation-del baltimore\n" "\n" -"EXAMPLES:\n" +" Show what the automount maps would look like if they were in the " +"filesystem:\n" +" ipa automountlocation-tofiles baltimore\n" "\n" -" Show basic server configuration:\n" -" ipa config-show\n" +" Import an existing configuration into a location:\n" +" ipa automountlocation-import baltimore /etc/auto.master\n" "\n" -" Show all configuration options:\n" -" ipa config-show --all\n" +" The import will fail if any duplicate entries are found. For\n" +" continuous operation where errors are ignored, use the --continue\n" +" option.\n" "\n" -" Change maximum username length to 99 characters:\n" -" ipa config-mod --maxusername=99\n" +"Maps:\n" "\n" -" Increase default time and size limits for maximum IPA server search:\n" -" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" +" Create a new map, \"auto.share\":\n" +" ipa automountmap-add baltimore auto.share\n" "\n" -" Set default user e-mail domain:\n" -" ipa config-mod --emaildomain=example.com\n" +" Display the new map:\n" +" ipa automountmap-show baltimore auto.share\n" "\n" -" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" -" ipa config-mod --enable-migration=TRUE\n" +" Find maps in the location baltimore:\n" +" ipa automountmap-find baltimore\n" "\n" -" Define SELinux user map order:\n" -" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" -"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" -msgstr "" - -msgid "Maximum username length" -msgstr "" - -msgid "Home directory base" -msgstr "" - -msgid "Default location of home directories" -msgstr "" - -msgid "Default shell" -msgstr "" - -msgid "Default shell for new users" -msgstr "" - -msgid "Default users group" -msgstr "" - -msgid "Default group for new users" -msgstr "" - -#: ipaserver/plugins/config.py:193 -msgid "Default e-mail domain" -msgstr "" - -msgid "Search time limit" -msgstr "" - -msgid "" -"Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)" -msgstr "" - -msgid "Search size limit" +" Create an indirect map with auto.share as a submount:\n" +" ipa automountmap-add-indirect baltimore --parentmap=auto.share --" +"mount=sub auto.man\n" +"\n" +" This is equivalent to:\n" +"\n" +" ipa automountmap-add-indirect baltimore --mount=/man auto.man\n" +" ipa automountkey-add baltimore auto.man --key=sub --info=\"-" +"fstype=autofs ldap:auto.share\"\n" +"\n" +" Remove the auto.share map:\n" +" ipa automountmap-del baltimore auto.share\n" +"\n" +"Keys:\n" +"\n" +" Create a new key for the auto.share map in location baltimore. This ties\n" +" the map we previously created to auto.master:\n" +" ipa automountkey-add baltimore auto.master --key=/share --info=auto." +"share\n" +"\n" +" Create a new key for our auto.share map, an NFS mount for man pages:\n" +" ipa automountkey-add baltimore auto.share --key=man --info=\"-ro,soft," +"rsize=8192,wsize=8192 ipa.example.com:/shared/man\"\n" +"\n" +" Find all keys for the auto.share map:\n" +" ipa automountkey-find baltimore auto.share\n" +"\n" +" Find all direct automount keys:\n" +" ipa automountkey-find baltimore --key=/-\n" +"\n" +" Remove the man key from the auto.share map:\n" +" ipa automountkey-del baltimore auto.share --key=man\n" msgstr "" -msgid "Maximum number of records to search (-1 is unlimited)" +#: ipaserver/plugins/otptoken.py:219 ipaserver/plugins/automount.py:465 +#: ipaserver/plugins/automount.py:712 ipaserver/plugins/automount.py:819 +msgid "Key" msgstr "" -msgid "User search fields" +#: ipaserver/plugins/automount.py:466 ipaserver/plugins/automount.py:713 +#: ipaserver/plugins/automount.py:820 +msgid "Automount key name." msgstr "" -msgid "A comma-separated list of fields to search in when searching for users" +#: ipaserver/plugins/automount.py:471 ipaserver/plugins/automount.py:717 +#: ipaserver/plugins/automount.py:824 +msgid "Mount information" msgstr "" -msgid "Group search fields" +#: ipaserver/plugins/automount.py:474 +msgid "description" msgstr "" -msgid "A comma-separated list of fields to search in when searching for groups" +#: ipaserver/plugins/automount.py:252 ipaserver/plugins/host.py:502 +msgid "Location" msgstr "" -#: ipaserver/plugins/config.py:220 -msgid "Enable migration mode" +#: ipaserver/plugins/automount.py:253 +msgid "Automount location name." msgstr "" -msgid "Certificate Subject base" +#: ipaserver/plugins/automount.py:358 +msgid "Map" msgstr "" -msgid "Base for certificate subjects (OU=Test,O=Example)" +#: ipaserver/plugins/automount.py:359 +msgid "Automount map name." msgstr "" -msgid "Default group objectclasses" +#: ipaserver/plugins/automount.py:623 +msgid "Create a new automount key." msgstr "" -msgid "Default group objectclasses (comma-separated list)" +#: ipaserver/plugins/automount.py:705 +msgid "Delete an automount key." msgstr "" -msgid "Default user objectclasses" +#: ipaserver/plugins/baseldap.py:1381 +msgid "Continuous mode: Don't stop on errors." msgstr "" -msgid "Default user objectclasses (comma-separated list)" +#: ipaserver/plugins/automount.py:804 +msgid "Search for an automount key." msgstr "" -msgid "Password Expiration Notification (days)" +#: ipaserver/plugins/serverrole.py:123 ipaserver/plugins/baseldap.py:1979 +#: ipaserver/plugins/cert.py:1569 +msgid "Time Limit" msgstr "" -msgid "Number of days's notice of impending password expiration" +msgid "Time limit of search in seconds" msgstr "" -msgid "Password plugin features" +#: ipaserver/plugins/serverrole.py:131 ipaserver/plugins/hbactest.py:304 +#: ipaserver/plugins/baseldap.py:1986 ipaserver/plugins/cert.py:1574 +msgid "Size Limit" msgstr "" -msgid "Extra hashes to generate in password plug-in" +msgid "Maximum number of entries returned" msgstr "" -msgid "SELinux user map order" +#: ipaserver/plugins/automount.py:746 +msgid "Modify an automount key." msgstr "" -msgid "Order in increasing priority of SELinux users, delimited by $" +#: ipaserver/plugins/automount.py:755 +msgid "New mount information" msgstr "" -msgid "Default SELinux user" +#: ipaserver/plugins/baseldap.py:1487 +msgid "Rename" msgstr "" -msgid "Default SELinux user when no match is found in SELinux map rule" +msgid "Rename the automount key object" msgstr "" -msgid "Default PAC types" +#: ipaserver/plugins/automount.py:814 +msgid "Display an automount key." msgstr "" -msgid "Default types of PAC supported for services" +#: ipaserver/plugins/automount.py:261 +msgid "Create a new automount location." msgstr "" -msgid "Default user authentication types" +#: ipaserver/plugins/automount.py:281 +msgid "Delete an automount location." msgstr "" -msgid "Default types of supported user authentication" +#: ipaserver/plugins/automount.py:293 +msgid "Search for an automount location." msgstr "" -msgid "Modify configuration options." +msgid "Results should contain primary key attribute only (\"location\")" msgstr "" -msgid "Show the current configuration." +#: ipaserver/plugins/automount.py:288 +msgid "Display an automount location." msgstr "" -#: ipaserver/plugins/delegation.py:29 -msgid "" -"\n" -"Group to Group Delegation\n" -"\n" -"A permission enables fine-grained delegation of permissions. Access Control\n" -"Rules, or instructions (ACIs), grant permission to permissions to perform\n" -"given tasks such as adding a user, modifying a group, etc.\n" -"\n" -"Group to Group Delegations grants the members of one group to update a set\n" -"of attributes of members of another group.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a delegation rule to allow managers to edit employee's addresses:\n" -" ipa delegation-add --attrs=street --group=managers --" -"membergroup=employees \"managers edit employees' street\"\n" -"\n" -" When managing the list of attributes you need to include all attributes\n" -" in the list, including existing ones. Add postalCode to the list:\n" -" ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --" -"membergroup=employees \"managers edit employees' street\"\n" -"\n" -" Display our updated rule:\n" -" ipa delegation-show \"managers edit employees' street\"\n" -"\n" -" Delete a rule:\n" -" ipa delegation-del \"managers edit employees' street\"\n" +#: ipaserver/plugins/automount.py:303 +msgid "Generate automount files for a specific location." msgstr "" -#: ipaserver/plugins/delegation.py:75 ipaserver/plugins/delegation.py:76 -#: ipaserver/plugins/servicedelegation.py:162 -msgid "Delegation name" +#: ipaserver/plugins/automount.py:399 +msgid "Create a new automount map." msgstr "" -#: ipaserver/plugins/delegation.py:82 ipaserver/plugins/selfservice.py:85 -msgid "Permissions to grant (read, write). Default is write." +#: ipaserver/plugins/automount.py:652 +msgid "Create a new indirect mount point." msgstr "" -#: ipaserver/plugins/delegation.py:87 -msgid "Attributes to which the delegation applies" +#: ipaserver/plugins/automount.py:659 +msgid "Mount point" msgstr "" -#: ipaserver/plugins/delegation.py:92 -msgid "Member user group" +#: ipaserver/plugins/automount.py:663 +msgid "Parent map" msgstr "" -#: ipaserver/plugins/delegation.py:93 -msgid "User group to apply delegation to" +#: ipaserver/plugins/automount.py:664 +msgid "Name of parent automount map (default: auto.master)." msgstr "" -#: ipaserver/plugins/delegation.py:130 -msgid "Add a new delegation." +#: ipaserver/plugins/automount.py:406 +msgid "Delete an automount map." msgstr "" -#: ipaserver/plugins/delegation.py:150 -msgid "Delete a delegation." +#: ipaserver/plugins/automount.py:433 +msgid "Search for an automount map." msgstr "" -#: ipaserver/plugins/delegation.py:186 -msgid "Search for delegations." +msgid "Results should contain primary key attribute only (\"map\")" msgstr "" -#: ipaserver/plugins/delegation.py:168 -msgid "Modify a delegation." +#: ipaserver/plugins/automount.py:426 +msgid "Modify an automount map." msgstr "" -#: ipaserver/plugins/delegation.py:211 -msgid "Display information about a delegation." +#: ipaserver/plugins/automount.py:443 +msgid "Display an automount map." msgstr "" msgid "" "\n" -"Domain Name System (DNS)\n" +"Plugin to make multiple ipa calls via one remote procedure call\n" "\n" -"Manage DNS zone and resource records.\n" +"To run this code in the lite-server\n" "\n" -"SUPPORTED ZONE TYPES\n" +"curl -H \"Content-Type:application/json\" -H \"Accept:application/" +"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" +"etc/ipa/ca.crt -d @batch_request.json -X POST http://" +"localhost:8888/ipa/json\n" "\n" -" * Master zone (dnszone-*), contains authoritative data.\n" -" * Forward zone (dnsforwardzone-*), forwards queries to configured " -"forwarders\n" -" (a set of DNS servers).\n" +"where the contents of the file batch_request.json follow the below example\n" "\n" -"USING STRUCTURED PER-TYPE OPTIONS\n" +"{\"method\":\"batch\",\"params\":[[\n" +" {\"method\":\"group_find\",\"params\":[[],{}]},\n" +" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\"," +"\"all\":\"true\"}]},\n" +" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" +" ],{}],\"id\":1}\n" "\n" -"There are many structured DNS RR types where DNS data stored in LDAP server\n" -"is not just a scalar value, for example an IP address or a domain name, but\n" -"a data structure which may be often complex. A good example is a LOC record\n" -"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" -"minutes, seconds of latitude and longitude, altitude or precision).\n" +"The format of the response is nested the same way. At the top you will see\n" +" \"error\": null,\n" +" \"id\": 1,\n" +" \"result\": {\n" +" \"count\": 3,\n" +" \"results\": [\n" "\n" -"It may be difficult to manipulate such DNS records without making a mistake\n" -"and entering an invalid value. DNS module provides an abstraction over " -"these\n" -"raw records and allows to manipulate each RR type with specific options. " -"For\n" -"each supported RR type, DNS module provides a standard option to manipulate\n" -"a raw records with format ---rec, e.g. --mx-rec, and special " -"options\n" -"for every part of the RR structure with format ---, e.g.\n" -"--mx-preference and --mx-exchanger.\n" "\n" -"When adding a record, either RR specific options or standard option for a " -"raw\n" -"value can be used, they just should not be combined in one add operation. " -"When\n" -"modifying an existing entry, new RR specific options can be used to change\n" -"one part of a DNS record, where the standard option for raw value is used\n" -"to specify the modified value. The following example demonstrates\n" -"a modification of MX record preference from 0 to 1 in a record without\n" -"modifying the exchanger:\n" -"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +"And then a nested response for each IPA command method sent in the request\n" +msgstr "" + +msgid "Nested Methods to execute" +msgstr "" + +msgid "" "\n" +"IPA certificate operations\n" "\n" -"EXAMPLES:\n" +"Implements a set of commands for managing server SSL certificates.\n" "\n" -" Add new zone:\n" -" ipa dnszone-add example.com --admin-email=admin@example.com\n" +"Certificate requests exist in the form of a Certificate Signing Request " +"(CSR)\n" +"in PEM format.\n" "\n" -" Add system permission that can be used for per-zone privilege delegation:\n" -" ipa dnszone-add-permission example.com\n" -"\n" -" Modify the zone to allow dynamic updates for hosts own records in realm " -"EXAMPLE.COM:\n" -" ipa dnszone-mod example.com --dynamic-update=TRUE\n" -"\n" -" This is the equivalent of:\n" -" ipa dnszone-mod example.com --dynamic-update=TRUE --update-" -"policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * " -"AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" -"\n" -" Modify the zone to allow zone transfers for local network only:\n" -" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" -"\n" -" Add new reverse zone specified by network IP address:\n" -" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" -"\n" -" Add second nameserver for example.com:\n" -" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" -"\n" -" Add a mail server for example.com:\n" -" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" -"\n" -" Add another record using MX record specific options:\n" -" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" -"\n" -" Add another record using interactive mode (started when dnsrecord-add, " -"dnsrecord-mod,\n" -" or dnsrecord-del are executed with no options):\n" -" ipa dnsrecord-add example.com @\n" -" Please choose a type of DNS resource record to be added\n" -" The most common types for this type of zone are: NS, MX, LOC\n" -"\n" -" DNS resource record type: MX\n" -" MX Preference: 30\n" -" MX Exchanger: mail3\n" -" Record name: example.com\n" -" MX record: 10 mail1, 20 mail2, 30 mail3\n" -" NS record: nameserver.example.com., nameserver2.example.com.\n" -"\n" -" Delete previously added nameserver from example.com:\n" -" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" -"\n" -" Add LOC record for example.com:\n" -" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " -"227.64m\"\n" -"\n" -" Add new A record for www.example.com. Create a reverse record in " -"appropriate\n" -" reverse zone as well. In this case a PTR record \"2\" pointing to www." -"example.com\n" -" will be created in zone 2.0.192.in-addr.arpa.\n" -" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" -"\n" -" Add new PTR record for www.example.com\n" -" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" -"\n" -" Add new SRV records for LDAP servers. Three quarters of the requests\n" -" should go to fast.example.com, one quarter to slow.example.com. If neither\n" -" is available, switch to backup.example.com.\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." -"com\"\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." -"com\"\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." -"example.com\"\n" -"\n" -" The interactive mode can be used for easy modification:\n" -" ipa dnsrecord-mod example.com _ldap._tcp\n" -" No option to modify specific record provided.\n" -" Current DNS record contents:\n" -"\n" -" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " -"backup.example.com\n" -"\n" -" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" -" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" -" SRV Priority [0]: (keep the default value)\n" -" SRV Weight [1]: 2 (modified value)\n" -" SRV Port [389]: (keep the default value)\n" -" SRV Target [slow.example.com]: (keep the default value)\n" -" 1 SRV record skipped. Only one value per DNS record type can be modified " -"at one time.\n" -" Record name: _ldap._tcp\n" -" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " -"389 slow.example.com\n" -"\n" -" After this modification, three fifths of the requests should go to\n" -" fast.example.com and two fifths to slow.example.com.\n" -"\n" -" An example of the interactive mode for dnsrecord-del command:\n" -" ipa dnsrecord-del example.com www\n" -" No option to delete specific record provided.\n" -" Delete all? Yes/No (default No): (do not delete all records)\n" -" Current DNS record contents:\n" -"\n" -" A record: 192.0.2.2, 192.0.2.3\n" -"\n" -" Delete A record '192.0.2.2'? Yes/No (default No):\n" -" Delete A record '192.0.2.3'? Yes/No (default No): y\n" -" Record name: www\n" -" A record: 192.0.2.2 (A record 192.0.2.3 has been " -"deleted)\n" -"\n" -" Show zone example.com:\n" -" ipa dnszone-show example.com\n" -"\n" -" Find zone with \"example\" in its domain name:\n" -" ipa dnszone-find example\n" +"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" +"subject to values configured in the server.\n" "\n" -" Find records for resources with \"www\" in their name in zone example.com:\n" -" ipa dnsrecord-find example.com www\n" +"A certificate is stored with a service principal and a service principal\n" +"needs a host.\n" "\n" -" Find A records with value 192.0.2.2 in zone example.com\n" -" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" +"In order to request a certificate:\n" "\n" -" Show records for resource www in zone example.com\n" -" ipa dnsrecord-show example.com www\n" +"* The host must exist\n" +"* The service must exist (or you use the --add option to automatically add " +"it)\n" "\n" -" Delegate zone sub.example to another nameserver:\n" -" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" -" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +"SEARCHING:\n" "\n" -" Delete zone example.com with all resource records:\n" -" ipa dnszone-del example.com\n" +"Certificates may be searched on by certificate subject, serial number,\n" +"revocation reason, validity dates and the issued date.\n" "\n" -" If a global forwarder is configured, all queries for which this server is " -"not\n" -" authoritative (e.g. sub.example.com) will be routed to the global " -"forwarder.\n" -" Global forwarding configuration can be overridden per-zone.\n" +"When searching on dates the _from date does a >= search and the _to date\n" +"does a <= search. When combined these are done as an AND.\n" "\n" -" Semantics of forwarding in IPA matches BIND semantics and depends on the " -"type\n" -" of zone:\n" -" * Master zone: local BIND replies authoritatively to queries for data in\n" -" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" -" affects only queries for names below zone cuts (NS records) of locally\n" -" served zones.\n" +"Dates are treated as GMT to match the dates in the certificates.\n" "\n" -" * Forward zone: forward zone contains no authoritative data. BIND " -"forwards\n" -" queries, which cannot be answered from its local cache, to configured\n" -" forwarders.\n" +"The date format is YYYY-mm-dd.\n" "\n" -" Semantics of the --forward-policy option:\n" -" * none - disable forwarding for the given zone.\n" -" * first - forward all queries to configured forwarders. If they fail,\n" -" do resolution using DNS root servers.\n" -" * only - forward all queries to configured forwarders and if they fail,\n" -" return failure.\n" +"EXAMPLES:\n" "\n" -" Disable global forwarding for given sub-tree:\n" -" ipa dnszone-mod example.com --forward-policy=none\n" +" Request a new certificate and add the principal:\n" +" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" "\n" -" This configuration forwards all queries for names outside the example.com\n" -" sub-tree to global forwarders. Normal recursive resolution process is used\n" -" for names inside the example.com sub-tree (i.e. NS records are followed " -"etc.).\n" +" Retrieve an existing certificate:\n" +" ipa cert-show 1032\n" "\n" -" Forward all requests for the zone external.example.com to another " -"forwarder\n" -" using a \"first\" policy (it will send the queries to the selected " -"forwarder\n" -" and if not answered it will use global root servers):\n" -" ipa dnsforwardzone-add external.example.com --forward-" -"policy=first --forwarder=203.0.113.1\n" +" Revoke a certificate (see RFC 5280 for reason details):\n" +" ipa cert-revoke --revocation-reason=6 1032\n" "\n" -" Change forward-policy for external.example.com:\n" -" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" +" Remove a certificate from revocation hold status:\n" +" ipa cert-remove-hold 1032\n" "\n" -" Show forward zone external.example.com:\n" -" ipa dnsforwardzone-show external.example.com\n" +" Check the status of a signing request:\n" +" ipa cert-status 10\n" "\n" -" List all forward zones:\n" -" ipa dnsforwardzone-find\n" +" Search for certificates by hostname:\n" +" ipa cert-find --subject=ipaserver.example.com\n" "\n" -" Delete forward zone external.example.com:\n" -" ipa dnsforwardzone-del external.example.com\n" +" Search for revoked certificates by reason:\n" +" ipa cert-find --revocation-reason=5\n" "\n" -" Resolve a host name to see if it exists (will add default IPA domain\n" -" if one is not included):\n" -" ipa dns-resolve www.example.com\n" -" ipa dns-resolve www\n" +" Search for certificates based on issuance date\n" +" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" "\n" +"IPA currently immediately issues (or declines) all certificate requests so\n" +"the status of a request is not normally useful. This is for future use\n" +"or the case where a CA does not immediately issue a certificate.\n" "\n" -"GLOBAL DNS CONFIGURATION\n" +"The following revocation reasons are supported:\n" "\n" -"DNS configuration passed to command line install script is stored in a " -"local\n" -"configuration file on each IPA server where DNS service is configured. " -"These\n" -"local settings can be overridden with a common configuration stored in LDAP\n" -"server:\n" +" * 0 - unspecified\n" +" * 1 - keyCompromise\n" +" * 2 - cACompromise\n" +" * 3 - affiliationChanged\n" +" * 4 - superseded\n" +" * 5 - cessationOfOperation\n" +" * 6 - certificateHold\n" +" * 8 - removeFromCRL\n" +" * 9 - privilegeWithdrawn\n" +" * 10 - aACompromise\n" "\n" -" Show global DNS configuration:\n" -" ipa dnsconfig-show\n" +"Note that reason code 7 is not used. See RFC 5280 for more details:\n" "\n" -" Modify global DNS configuration and set a list of global forwarders:\n" -" ipa dnsconfig-mod --forwarder=203.0.113.113\n" +"http://www.ietf.org/rfc/rfc5280.txt\n" msgstr "" -msgid "Global forwarders" +msgid "Checks if any of the servers has the CA service enabled." msgstr "" -msgid "" -"Global forwarders. A custom port can be specified for each forwarder using a " -"standard format \"IP_ADDRESS port PORT\"" +msgid "Search for existing certificates." msgstr "" -#: ipaserver/plugins/dns.py:2049 ipaserver/plugins/dns.py:4105 -msgid "Forward policy" +msgid "Match cn attribute in subject" msgstr "" -msgid "" -"Global forwarding policy. Set to \"none\" to disable any configured global " -"forwarders." +msgid "Reason" msgstr "" -#: ipaserver/plugins/dns.py:4112 -msgid "Allow PTR sync" +msgid "Reason for revoking the certificate (0-10)" msgstr "" -msgid "Allow synchronization of forward (A, AAAA) and reverse (PTR) records" +msgid "minimum serial number" msgstr "" -msgid "Zone refresh interval" +msgid "maximum serial number" msgstr "" -msgid "Zone name" +msgid "match the common name exactly" msgstr "" -msgid "Zone name (FQDN)" +msgid "Valid not after from this date (YYYY-mm-dd)" msgstr "" -msgid "Reverse zone IP network" +msgid "Valid not after to this date (YYYY-mm-dd)" msgstr "" -msgid "IP network to create reverse zone name from" +msgid "Valid not before from this date (YYYY-mm-dd)" msgstr "" -msgid "Active zone" -msgstr "" - -msgid "Is zone active?" -msgstr "" - -msgid "Zone forwarders" -msgstr "" - -msgid "" -"Per-zone forwarders. A custom port can be specified for each forwarder using " -"a standard format \"IP_ADDRESS port PORT\"" -msgstr "" - -msgid "" -"Per-zone conditional forwarding policy. Set to \"none\" to disable " -"forwarding to global forwarder for this zone. In that case, conditional zone " -"forwarders are disregarded." -msgstr "" - -#: ipaserver/plugins/dns.py:3040 -msgid "Record name" +msgid "Valid not before to this date (YYYY-mm-dd)" msgstr "" -#: ipaserver/plugins/dns.py:3045 ipaserver/plugins/dns.py:3046 -msgid "Time to live" +msgid "Issued on from this date (YYYY-mm-dd)" msgstr "" -msgid "Records" +msgid "Issued on to this date (YYYY-mm-dd)" msgstr "" -msgid "Record type" +msgid "Revoked on from this date (YYYY-mm-dd)" msgstr "" -#: ipaserver/plugins/dns.py:1556 -msgid "Record data" +msgid "Revoked on to this date (YYYY-mm-dd)" msgstr "" -msgid "A record" +msgid "Maximum number of certs returned" msgstr "" -msgid "Raw A records" +msgid "Take a revoked certificate off hold." msgstr "" -msgid "A IP Address" +msgid "Serial number" msgstr "" -#: ipaserver/plugins/dns.py:983 ipaserver/plugins/host.py:711 -msgid "IP Address" +msgid "Serial number in decimal or if prefixed with 0x in hexadecimal" msgstr "" -msgid "A Create reverse" +msgid "Submit a certificate signing request." msgstr "" -msgid "Create reverse record for this IP Address" +msgid "CSR" msgstr "" -msgid "AAAA record" +msgid "Principal" msgstr "" -msgid "Raw AAAA records" +msgid "Service principal for this certificate (e.g. HTTP/test.example.com)" msgstr "" -msgid "AAAA IP Address" +msgid "automatically add the principal if it doesn't exist" msgstr "" -msgid "AAAA Create reverse" +msgid "Dictionary mapping variable name to value" msgstr "" -msgid "A6 record" +msgid "Revoke a certificate." msgstr "" -msgid "Raw A6 records" +msgid "Retrieve an existing certificate." msgstr "" -msgid "A6 Record data" +msgid "Output filename" msgstr "" -msgid "AFSDB record" +msgid "File to store the certificate in." msgstr "" -msgid "Raw AFSDB records" +msgid "Check the status of a certificate signing request." msgstr "" -msgid "AFSDB Subtype" +msgid "Request id" msgstr "" -msgid "Subtype" +msgid "" +"\n" +"Server configuration\n" +"\n" +"Manage the default values that IPA uses and some of its tuning parameters.\n" +"\n" +"NOTES:\n" +"\n" +"The password notification value (--pwdexpnotify) is stored here so it will\n" +"be replicated. It is not currently used to notify users in advance of an\n" +"expiring password.\n" +"\n" +"Some attributes are read-only, provided only for information purposes. " +"These\n" +"include:\n" +"\n" +"Certificate Subject base: the configured certificate subject base,\n" +" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" +"Password plug-in features: currently defines additional hashes that the\n" +" password will generate (there may be other conditions).\n" +"\n" +"When setting the order list for mapping SELinux users you may need to\n" +"quote the value so it isn't interpreted by the shell.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Show basic server configuration:\n" +" ipa config-show\n" +"\n" +" Show all configuration options:\n" +" ipa config-show --all\n" +"\n" +" Change maximum username length to 99 characters:\n" +" ipa config-mod --maxusername=99\n" +"\n" +" Increase default time and size limits for maximum IPA server search:\n" +" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" +"\n" +" Set default user e-mail domain:\n" +" ipa config-mod --emaildomain=example.com\n" +"\n" +" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +" Define SELinux user map order:\n" +" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" +"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" msgstr "" -msgid "AFSDB Hostname" +msgid "Maximum username length" msgstr "" -#: ipaserver/plugins/dns.py:1034 ipaserver/plugins/dns.py:1283 -#: ipaserver/plugins/dns.py:1346 -msgid "Hostname" +msgid "Home directory base" msgstr "" -msgid "APL record" +msgid "Default location of home directories" msgstr "" -msgid "Raw APL records" +msgid "Default shell" msgstr "" -msgid "CERT record" +msgid "Default shell for new users" msgstr "" -msgid "Raw CERT records" +msgid "Default users group" msgstr "" -msgid "CERT Certificate Type" +msgid "Default group for new users" msgstr "" -msgid "Certificate Type" +#: ipaserver/plugins/config.py:193 +msgid "Default e-mail domain" msgstr "" -msgid "CERT Key Tag" +msgid "Search time limit" msgstr "" -#: ipaserver/plugins/dns.py:1058 -msgid "Key Tag" +msgid "" +"Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)" msgstr "" -msgid "CERT Algorithm" +msgid "Search size limit" msgstr "" -#: ipaserver/plugins/dns.py:1020 ipaserver/plugins/dns.py:1063 -#: ipaserver/plugins/dns.py:1412 -msgid "Algorithm" +msgid "Maximum number of records to search (-1 is unlimited)" msgstr "" -msgid "CERT Certificate/CRL" +msgid "User search fields" msgstr "" -msgid "Certificate/CRL" +msgid "A comma-separated list of fields to search in when searching for users" msgstr "" -msgid "CNAME record" +msgid "Group search fields" msgstr "" -msgid "Raw CNAME records" +msgid "A comma-separated list of fields to search in when searching for groups" msgstr "" -msgid "CNAME Hostname" +#: ipaserver/plugins/config.py:220 +msgid "Enable migration mode" msgstr "" -msgid "A hostname which this alias hostname points to" +msgid "Certificate Subject base" msgstr "" -msgid "DHCID record" +msgid "Base for certificate subjects (OU=Test,O=Example)" msgstr "" -msgid "Raw DHCID records" +msgid "Default group objectclasses" msgstr "" -msgid "DLV record" +msgid "Default group objectclasses (comma-separated list)" msgstr "" -msgid "Raw DLV records" +msgid "Default user objectclasses" msgstr "" -msgid "DLV Key Tag" +msgid "Default user objectclasses (comma-separated list)" msgstr "" -msgid "DLV Algorithm" +msgid "Password Expiration Notification (days)" msgstr "" -msgid "DLV Digest Type" +msgid "Number of days's notice of impending password expiration" msgstr "" -msgid "Digest Type" +msgid "Password plugin features" msgstr "" -msgid "DLV Digest" +msgid "Extra hashes to generate in password plug-in" msgstr "" -msgid "Digest" +msgid "SELinux user map order" msgstr "" -msgid "DNAME record" +msgid "Order in increasing priority of SELinux users, delimited by $" msgstr "" -msgid "Raw DNAME records" +msgid "Default SELinux user" msgstr "" -msgid "DNAME Target" +msgid "Default SELinux user when no match is found in SELinux map rule" msgstr "" -#: ipaserver/plugins/dns.py:1379 ipaserver/plugins/internal.py:1245 -msgid "Target" +msgid "Default PAC types" msgstr "" -msgid "DNSKEY record" +msgid "Default types of PAC supported for services" msgstr "" -msgid "Raw DNSKEY records" +msgid "Default user authentication types" msgstr "" -msgid "DS record" +msgid "Default types of supported user authentication" msgstr "" -msgid "Raw DS records" +msgid "Modify configuration options." msgstr "" -msgid "DS Key Tag" +msgid "Show the current configuration." msgstr "" -msgid "DS Algorithm" +#: ipaserver/plugins/delegation.py:29 +msgid "" +"\n" +"Group to Group Delegation\n" +"\n" +"A permission enables fine-grained delegation of permissions. Access Control\n" +"Rules, or instructions (ACIs), grant permission to permissions to perform\n" +"given tasks such as adding a user, modifying a group, etc.\n" +"\n" +"Group to Group Delegations grants the members of one group to update a set\n" +"of attributes of members of another group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a delegation rule to allow managers to edit employee's addresses:\n" +" ipa delegation-add --attrs=street --group=managers --" +"membergroup=employees \"managers edit employees' street\"\n" +"\n" +" When managing the list of attributes you need to include all attributes\n" +" in the list, including existing ones. Add postalCode to the list:\n" +" ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --" +"membergroup=employees \"managers edit employees' street\"\n" +"\n" +" Display our updated rule:\n" +" ipa delegation-show \"managers edit employees' street\"\n" +"\n" +" Delete a rule:\n" +" ipa delegation-del \"managers edit employees' street\"\n" msgstr "" -msgid "DS Digest Type" +#: ipaserver/plugins/delegation.py:75 ipaserver/plugins/delegation.py:76 +#: ipaserver/plugins/servicedelegation.py:162 +msgid "Delegation name" msgstr "" -msgid "DS Digest" +#: ipaserver/plugins/delegation.py:82 ipaserver/plugins/selfservice.py:85 +msgid "Permissions to grant (read, write). Default is write." msgstr "" -msgid "HIP record" +#: ipaserver/plugins/delegation.py:87 +msgid "Attributes to which the delegation applies" msgstr "" -msgid "Raw HIP records" +#: ipaserver/plugins/delegation.py:92 +msgid "Member user group" msgstr "" -msgid "IPSECKEY record" +#: ipaserver/plugins/delegation.py:93 +msgid "User group to apply delegation to" msgstr "" -msgid "Raw IPSECKEY records" +#: ipaserver/plugins/delegation.py:130 +msgid "Add a new delegation." msgstr "" -msgid "KEY record" +#: ipaserver/plugins/delegation.py:150 +msgid "Delete a delegation." msgstr "" -msgid "Raw KEY records" +#: ipaserver/plugins/delegation.py:186 +msgid "Search for delegations." msgstr "" -msgid "KX record" +#: ipaserver/plugins/delegation.py:168 +msgid "Modify a delegation." msgstr "" -msgid "Raw KX records" -msgstr "" - -msgid "KX Preference" -msgstr "" - -#: ipaserver/plugins/dns.py:1267 -msgid "Preference given to this exchanger. Lower values are more preferred" -msgstr "" - -msgid "KX Exchanger" -msgstr "" - -msgid "A host willing to act as a key exchanger" -msgstr "" - -msgid "LOC record" -msgstr "" - -msgid "Raw LOC records" -msgstr "" - -msgid "LOC Degrees Latitude" -msgstr "" - -msgid "Degrees Latitude" -msgstr "" - -msgid "LOC Minutes Latitude" -msgstr "" - -msgid "Minutes Latitude" -msgstr "" - -msgid "LOC Seconds Latitude" -msgstr "" - -msgid "Seconds Latitude" -msgstr "" - -msgid "LOC Direction Latitude" -msgstr "" - -msgid "Direction Latitude" -msgstr "" - -msgid "LOC Degrees Longitude" -msgstr "" - -msgid "Degrees Longitude" -msgstr "" - -msgid "LOC Minutes Longitude" -msgstr "" - -msgid "Minutes Longitude" -msgstr "" - -msgid "LOC Seconds Longitude" -msgstr "" - -msgid "Seconds Longitude" -msgstr "" - -msgid "LOC Direction Longitude" -msgstr "" - -msgid "Direction Longitude" -msgstr "" - -msgid "LOC Altitude" -msgstr "" - -msgid "Altitude" -msgstr "" - -msgid "LOC Size" -msgstr "" - -msgid "Size" -msgstr "" - -msgid "LOC Horizontal Precision" -msgstr "" - -msgid "Horizontal Precision" -msgstr "" - -msgid "LOC Vertical Precision" -msgstr "" - -msgid "Vertical Precision" -msgstr "" - -msgid "MX record" -msgstr "" - -msgid "Raw MX records" -msgstr "" - -msgid "MX Preference" -msgstr "" - -msgid "MX Exchanger" -msgstr "" - -msgid "A host willing to act as a mail exchanger" -msgstr "" - -msgid "NAPTR record" -msgstr "" - -msgid "Raw NAPTR records" -msgstr "" - -msgid "NAPTR Order" -msgstr "" - -msgid "Order" -msgstr "" - -msgid "NAPTR Preference" -msgstr "" - -#: ipaserver/plugins/dns.py:1266 ipaserver/plugins/dns.py:1314 -msgid "Preference" -msgstr "" - -msgid "NAPTR Flags" -msgstr "" - -msgid "Flags" -msgstr "" - -msgid "NAPTR Service" -msgstr "" - -#: ipaserver/plugins/hbactest.py:285 ipaserver/plugins/dns.py:1324 -#: ipaserver/plugins/internal.py:1360 ipaserver/plugins/internal.py:1704 -#: ipaserver/plugins/service.py:523 -msgid "Service" -msgstr "" - -msgid "NAPTR Regular Expression" -msgstr "" - -msgid "Regular Expression" -msgstr "" - -msgid "NAPTR Replacement" -msgstr "" - -msgid "Replacement" -msgstr "" - -msgid "NS record" -msgstr "" - -msgid "Raw NS records" -msgstr "" - -msgid "NS Hostname" -msgstr "" - -msgid "NSEC record" -msgstr "" - -msgid "Raw NSEC records" -msgstr "" - -msgid "NSEC3 record" -msgstr "" - -msgid "Raw NSEC3 records" -msgstr "" - -msgid "PTR record" -msgstr "" - -msgid "Raw PTR records" -msgstr "" - -msgid "PTR Hostname" -msgstr "" - -msgid "The hostname this reverse record points to" -msgstr "" - -msgid "RRSIG record" -msgstr "" - -msgid "Raw RRSIG records" -msgstr "" - -msgid "RP record" -msgstr "" - -msgid "Raw RP records" -msgstr "" - -msgid "SIG record" -msgstr "" - -msgid "Raw SIG records" -msgstr "" - -msgid "SPF record" -msgstr "" - -msgid "Raw SPF records" -msgstr "" - -msgid "SRV record" -msgstr "" - -msgid "Raw SRV records" -msgstr "" - -msgid "SRV Priority" -msgstr "" - -#: ipaserver/plugins/certmap.py:304 ipaserver/plugins/pwpolicy.py:345 -msgid "Priority" -msgstr "" - -msgid "SRV Weight" -msgstr "" - -#: ipaserver/plugins/dns.py:1498 -msgid "Weight" -msgstr "" - -msgid "SRV Port" -msgstr "" - -msgid "Port" -msgstr "" - -msgid "SRV Target" -msgstr "" - -msgid "" -"The domain name of the target host or '.' if the service is decidedly not " -"available at this domain" -msgstr "" - -msgid "SSHFP record" -msgstr "" - -msgid "Raw SSHFP records" -msgstr "" - -msgid "SSHFP Algorithm" -msgstr "" - -msgid "SSHFP Fingerprint Type" -msgstr "" - -msgid "Fingerprint Type" -msgstr "" - -msgid "SSHFP Fingerprint" -msgstr "" - -msgid "Fingerprint" -msgstr "" - -msgid "TA record" -msgstr "" - -msgid "Raw TA records" -msgstr "" - -msgid "TLSA record" -msgstr "" - -msgid "Raw TLSA records" -msgstr "" - -msgid "TLSA Certificate Usage" -msgstr "" - -msgid "Certificate Usage" -msgstr "" - -msgid "TLSA Selector" -msgstr "" - -msgid "Selector" -msgstr "" - -msgid "TLSA Matching Type" -msgstr "" - -msgid "Matching Type" -msgstr "" - -msgid "TLSA Certificate Association Data" -msgstr "" - -msgid "Certificate Association Data" -msgstr "" - -msgid "TKEY record" -msgstr "" - -msgid "Raw TKEY records" -msgstr "" - -msgid "TSIG record" -msgstr "" - -msgid "Raw TSIG records" -msgstr "" - -msgid "TXT record" -msgstr "" - -msgid "Raw TXT records" -msgstr "" - -msgid "TXT Text Data" -msgstr "" - -msgid "Text Data" -msgstr "" - -msgid "Authoritative nameserver" -msgstr "" - -msgid "Authoritative nameserver domain name" -msgstr "" - -#: ipaserver/plugins/dns.py:2429 -msgid "Administrator e-mail address" -msgstr "" - -msgid "SOA serial" -msgstr "" - -msgid "SOA record serial number" -msgstr "" - -msgid "SOA refresh" -msgstr "" - -msgid "SOA record refresh time" -msgstr "" - -msgid "SOA retry" -msgstr "" - -msgid "SOA record retry time" -msgstr "" - -msgid "SOA expire" -msgstr "" - -msgid "SOA record expire time" -msgstr "" - -msgid "SOA minimum" -msgstr "" - -msgid "How long should negative responses be cached" -msgstr "" - -msgid "Time to live for records at zone apex" -msgstr "" - -#: ipaserver/plugins/dns.py:2503 -msgid "BIND update policy" -msgstr "" - -msgid "Dynamic update" -msgstr "" - -msgid "Allow dynamic updates." -msgstr "" - -msgid "Allow query" +#: ipaserver/plugins/delegation.py:211 +msgid "Display information about a delegation." msgstr "" msgid "" -"Semicolon separated list of IP addresses or networks which are allowed to " -"issue queries" -msgstr "" - -msgid "Allow transfer" +"\n" +"Domain Name System (DNS)\n" +"\n" +"Manage DNS zone and resource records.\n" +"\n" +"SUPPORTED ZONE TYPES\n" +"\n" +" * Master zone (dnszone-*), contains authoritative data.\n" +" * Forward zone (dnsforwardzone-*), forwards queries to configured " +"forwarders\n" +" (a set of DNS servers).\n" +"\n" +"USING STRUCTURED PER-TYPE OPTIONS\n" +"\n" +"There are many structured DNS RR types where DNS data stored in LDAP server\n" +"is not just a scalar value, for example an IP address or a domain name, but\n" +"a data structure which may be often complex. A good example is a LOC record\n" +"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" +"minutes, seconds of latitude and longitude, altitude or precision).\n" +"\n" +"It may be difficult to manipulate such DNS records without making a mistake\n" +"and entering an invalid value. DNS module provides an abstraction over " +"these\n" +"raw records and allows to manipulate each RR type with specific options. " +"For\n" +"each supported RR type, DNS module provides a standard option to manipulate\n" +"a raw records with format ---rec, e.g. --mx-rec, and special " +"options\n" +"for every part of the RR structure with format ---, e.g.\n" +"--mx-preference and --mx-exchanger.\n" +"\n" +"When adding a record, either RR specific options or standard option for a " +"raw\n" +"value can be used, they just should not be combined in one add operation. " +"When\n" +"modifying an existing entry, new RR specific options can be used to change\n" +"one part of a DNS record, where the standard option for raw value is used\n" +"to specify the modified value. The following example demonstrates\n" +"a modification of MX record preference from 0 to 1 in a record without\n" +"modifying the exchanger:\n" +"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add new zone:\n" +" ipa dnszone-add example.com --admin-email=admin@example.com\n" +"\n" +" Add system permission that can be used for per-zone privilege delegation:\n" +" ipa dnszone-add-permission example.com\n" +"\n" +" Modify the zone to allow dynamic updates for hosts own records in realm " +"EXAMPLE.COM:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE\n" +"\n" +" This is the equivalent of:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE --update-" +"policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * " +"AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" +"\n" +" Modify the zone to allow zone transfers for local network only:\n" +" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" +"\n" +" Add new reverse zone specified by network IP address:\n" +" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" +"\n" +" Add second nameserver for example.com:\n" +" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" +"\n" +" Add a mail server for example.com:\n" +" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" +"\n" +" Add another record using MX record specific options:\n" +" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" +"\n" +" Add another record using interactive mode (started when dnsrecord-add, " +"dnsrecord-mod,\n" +" or dnsrecord-del are executed with no options):\n" +" ipa dnsrecord-add example.com @\n" +" Please choose a type of DNS resource record to be added\n" +" The most common types for this type of zone are: NS, MX, LOC\n" +"\n" +" DNS resource record type: MX\n" +" MX Preference: 30\n" +" MX Exchanger: mail3\n" +" Record name: example.com\n" +" MX record: 10 mail1, 20 mail2, 30 mail3\n" +" NS record: nameserver.example.com., nameserver2.example.com.\n" +"\n" +" Delete previously added nameserver from example.com:\n" +" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" +"\n" +" Add LOC record for example.com:\n" +" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " +"227.64m\"\n" +"\n" +" Add new A record for www.example.com. Create a reverse record in " +"appropriate\n" +" reverse zone as well. In this case a PTR record \"2\" pointing to www." +"example.com\n" +" will be created in zone 2.0.192.in-addr.arpa.\n" +" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" +"\n" +" Add new PTR record for www.example.com\n" +" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" +"\n" +" Add new SRV records for LDAP servers. Three quarters of the requests\n" +" should go to fast.example.com, one quarter to slow.example.com. If neither\n" +" is available, switch to backup.example.com.\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." +"example.com\"\n" +"\n" +" The interactive mode can be used for easy modification:\n" +" ipa dnsrecord-mod example.com _ldap._tcp\n" +" No option to modify specific record provided.\n" +" Current DNS record contents:\n" +"\n" +" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " +"backup.example.com\n" +"\n" +" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" +" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" +" SRV Priority [0]: (keep the default value)\n" +" SRV Weight [1]: 2 (modified value)\n" +" SRV Port [389]: (keep the default value)\n" +" SRV Target [slow.example.com]: (keep the default value)\n" +" 1 SRV record skipped. Only one value per DNS record type can be modified " +"at one time.\n" +" Record name: _ldap._tcp\n" +" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " +"389 slow.example.com\n" +"\n" +" After this modification, three fifths of the requests should go to\n" +" fast.example.com and two fifths to slow.example.com.\n" +"\n" +" An example of the interactive mode for dnsrecord-del command:\n" +" ipa dnsrecord-del example.com www\n" +" No option to delete specific record provided.\n" +" Delete all? Yes/No (default No): (do not delete all records)\n" +" Current DNS record contents:\n" +"\n" +" A record: 192.0.2.2, 192.0.2.3\n" +"\n" +" Delete A record '192.0.2.2'? Yes/No (default No):\n" +" Delete A record '192.0.2.3'? Yes/No (default No): y\n" +" Record name: www\n" +" A record: 192.0.2.2 (A record 192.0.2.3 has been " +"deleted)\n" +"\n" +" Show zone example.com:\n" +" ipa dnszone-show example.com\n" +"\n" +" Find zone with \"example\" in its domain name:\n" +" ipa dnszone-find example\n" +"\n" +" Find records for resources with \"www\" in their name in zone example.com:\n" +" ipa dnsrecord-find example.com www\n" +"\n" +" Find A records with value 192.0.2.2 in zone example.com\n" +" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" +"\n" +" Show records for resource www in zone example.com\n" +" ipa dnsrecord-show example.com www\n" +"\n" +" Delegate zone sub.example to another nameserver:\n" +" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" +" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +"\n" +" Delete zone example.com with all resource records:\n" +" ipa dnszone-del example.com\n" +"\n" +" If a global forwarder is configured, all queries for which this server is " +"not\n" +" authoritative (e.g. sub.example.com) will be routed to the global " +"forwarder.\n" +" Global forwarding configuration can be overridden per-zone.\n" +"\n" +" Semantics of forwarding in IPA matches BIND semantics and depends on the " +"type\n" +" of zone:\n" +" * Master zone: local BIND replies authoritatively to queries for data in\n" +" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" +" affects only queries for names below zone cuts (NS records) of locally\n" +" served zones.\n" +"\n" +" * Forward zone: forward zone contains no authoritative data. BIND " +"forwards\n" +" queries, which cannot be answered from its local cache, to configured\n" +" forwarders.\n" +"\n" +" Semantics of the --forward-policy option:\n" +" * none - disable forwarding for the given zone.\n" +" * first - forward all queries to configured forwarders. If they fail,\n" +" do resolution using DNS root servers.\n" +" * only - forward all queries to configured forwarders and if they fail,\n" +" return failure.\n" +"\n" +" Disable global forwarding for given sub-tree:\n" +" ipa dnszone-mod example.com --forward-policy=none\n" +"\n" +" This configuration forwards all queries for names outside the example.com\n" +" sub-tree to global forwarders. Normal recursive resolution process is used\n" +" for names inside the example.com sub-tree (i.e. NS records are followed " +"etc.).\n" +"\n" +" Forward all requests for the zone external.example.com to another " +"forwarder\n" +" using a \"first\" policy (it will send the queries to the selected " +"forwarder\n" +" and if not answered it will use global root servers):\n" +" ipa dnsforwardzone-add external.example.com --forward-" +"policy=first --forwarder=203.0.113.1\n" +"\n" +" Change forward-policy for external.example.com:\n" +" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" +"\n" +" Show forward zone external.example.com:\n" +" ipa dnsforwardzone-show external.example.com\n" +"\n" +" List all forward zones:\n" +" ipa dnsforwardzone-find\n" +"\n" +" Delete forward zone external.example.com:\n" +" ipa dnsforwardzone-del external.example.com\n" +"\n" +" Resolve a host name to see if it exists (will add default IPA domain\n" +" if one is not included):\n" +" ipa dns-resolve www.example.com\n" +" ipa dns-resolve www\n" +"\n" +"\n" +"GLOBAL DNS CONFIGURATION\n" +"\n" +"DNS configuration passed to command line install script is stored in a " +"local\n" +"configuration file on each IPA server where DNS service is configured. " +"These\n" +"local settings can be overridden with a common configuration stored in LDAP\n" +"server:\n" +"\n" +" Show global DNS configuration:\n" +" ipa dnsconfig-show\n" +"\n" +" Modify global DNS configuration and set a list of global forwarders:\n" +" ipa dnsconfig-mod --forwarder=203.0.113.113\n" msgstr "" -msgid "" -"Semicolon separated list of IP addresses or networks which are allowed to " -"transfer the zone" +msgid "Global forwarders" msgstr "" msgid "" -"Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the " -"zone" -msgstr "" - -msgid "Allow in-line DNSSEC signing" -msgstr "" - -msgid "Allow inline DNSSEC signing of records in the zone" +"Global forwarders. A custom port can be specified for each forwarder using a " +"standard format \"IP_ADDRESS port PORT\"" msgstr "" -msgid "NSEC3PARAM record" +#: ipaserver/plugins/dns.py:2049 ipaserver/plugins/dns.py:4105 +msgid "Forward policy" msgstr "" msgid "" -"NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt" -msgstr "" - -msgid "Checks if any of the servers has the DNS service enabled." -msgstr "" - -msgid "Resolve a host name in DNS." -msgstr "" - -msgid "Modify global DNS configuration." -msgstr "" - -msgid "Show the current global DNS configuration." -msgstr "" - -msgid "Create new DNS forward zone." -msgstr "" - -msgid "Add a permission for per-forward zone access delegation." -msgstr "" - -msgid "Permission value" -msgstr "" - -msgid "Delete DNS forward zone." -msgstr "" - -msgid "Disable DNS Forward Zone." -msgstr "" - -msgid "Enable DNS Forward Zone." -msgstr "" - -msgid "Search for DNS forward zones." -msgstr "" - -msgid "Modify DNS forward zone." -msgstr "" - -msgid "Remove a permission for per-forward zone access delegation." -msgstr "" - -msgid "Display information about a DNS forward zone." -msgstr "" - -msgid "Add new DNS resource record." -msgstr "" - -#: ipaserver/plugins/realmdomains.py:151 ipaserver/plugins/dns.py:2890 -#: ipaserver/plugins/dns.py:3578 ipaserver/plugins/host.py:703 -#: ipaserver/plugins/permission.py:1096 ipaserver/plugins/service.py:697 -msgid "Force" -msgstr "" - -msgid "force NS record creation even if its hostname is not in DNS" -msgstr "" - -msgid "Structured" -msgstr "" - -msgid "Parse all raw DNS records and return them in a structured way" -msgstr "" - -msgid "Delete DNS resource record." -msgstr "" - -msgid "Delete all associated records" -msgstr "" - -msgid "Delete DNS record entry." -msgstr "" - -msgid "Search for DNS resources." -msgstr "" - -msgid "Modify a DNS resource record." -msgstr "" - -msgid "Rename the DNS resource record object" -msgstr "" - -msgid "Display DNS resource." -msgstr "" - -msgid "Create new DNS zone (SOA record)." -msgstr "" - -msgid "Force DNS zone creation even if nameserver is not resolvable." -msgstr "" - -msgid "Add a permission for per-zone access delegation." +"Global forwarding policy. Set to \"none\" to disable any configured global " +"forwarders." msgstr "" -msgid "Delete DNS zone (SOA record)." +#: ipaserver/plugins/dns.py:4112 +msgid "Allow PTR sync" msgstr "" -msgid "Disable DNS Zone." +msgid "Allow synchronization of forward (A, AAAA) and reverse (PTR) records" msgstr "" -msgid "Enable DNS Zone." +msgid "Zone refresh interval" msgstr "" -#: ipaserver/plugins/dns.py:2929 -msgid "Search for DNS zones (SOA records)." +msgid "Zone name" msgstr "" -msgid "Forward zones only" +msgid "Zone name (FQDN)" msgstr "" -msgid "Search for forward zones only" +msgid "Reverse zone IP network" msgstr "" -msgid "Modify DNS zone (SOA record)." +msgid "IP network to create reverse zone name from" msgstr "" -msgid "Force nameserver change even if nameserver not in DNS" +msgid "Active zone" msgstr "" -msgid "Remove a permission for per-zone access delegation." +msgid "Is zone active?" msgstr "" -msgid "Display information about a DNS zone (SOA record)." +msgid "Zone forwarders" msgstr "" -#: ipaserver/plugins/hbacrule.py:39 msgid "" -"\n" -"Host-based access control\n" -"\n" -"Control who can access what services on what hosts. You\n" -"can use HBAC to control which users or groups can\n" -"access a service, or group of services, on a target host.\n" -"\n" -"You can also specify a category of users and target hosts.\n" -"This is currently limited to \"all\", but might be expanded in the\n" -"future.\n" -"\n" -"Target hosts in HBAC rules must be hosts managed by IPA.\n" -"\n" -"The available services and groups of services are controlled by the\n" -"hbacsvc and hbacsvcgroup plug-ins respectively.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Create a rule, \"test1\", that grants all users access to the host " -"\"server\" from\n" -" anywhere:\n" -" ipa hbacrule-add --usercat=all test1\n" -" ipa hbacrule-add-host --hosts=server.example.com test1\n" -"\n" -" Display the properties of a named HBAC rule:\n" -" ipa hbacrule-show test1\n" -"\n" -" Create a rule for a specific service. This lets the user john access\n" -" the sshd service on any machine from any machine:\n" -" ipa hbacrule-add --hostcat=all john_sshd\n" -" ipa hbacrule-add-user --users=john john_sshd\n" -" ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n" -"\n" -" Create a rule for a new service group. This lets the user john access\n" -" the FTP service on any machine from any machine:\n" -" ipa hbacsvcgroup-add ftpers\n" -" ipa hbacsvc-add sftp\n" -" ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers\n" -" ipa hbacrule-add --hostcat=all john_ftp\n" -" ipa hbacrule-add-user --users=john john_ftp\n" -" ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n" -"\n" -" Disable a named HBAC rule:\n" -" ipa hbacrule-disable test1\n" -"\n" -" Remove a named HBAC rule:\n" -" ipa hbacrule-del allow_server\n" +"Per-zone forwarders. A custom port can be specified for each forwarder using " +"a standard format \"IP_ADDRESS port PORT\"" msgstr "" -#: ipaserver/plugins/certmap.py:273 ipaserver/plugins/hbacrule.py:207 -#: ipaserver/plugins/selinuxusermap.py:239 ipaserver/plugins/sudorule.py:242 -msgid "Rule name" +msgid "" +"Per-zone conditional forwarding policy. Set to \"none\" to disable " +"forwarding to global forwarder for this zone. In that case, conditional zone " +"forwarders are disregarded." msgstr "" -#: ipaserver/plugins/hbacrule.py:213 -msgid "Rule type" +#: ipaserver/plugins/dns.py:3040 +msgid "Record name" msgstr "" -#: ipaserver/plugins/hbacrule.py:212 -msgid "Rule type (allow)" +#: ipaserver/plugins/dns.py:3045 ipaserver/plugins/dns.py:3046 +msgid "Time to live" msgstr "" -#: ipaserver/plugins/netgroup.py:227 ipaserver/plugins/caacl.py:195 -#: ipaserver/plugins/hbacrule.py:223 ipaserver/plugins/selinuxusermap.py:253 -#: ipaserver/plugins/sudorule.py:255 -msgid "User category" +msgid "Records" msgstr "" -#: ipaserver/plugins/netgroup.py:228 ipaserver/plugins/hbacrule.py:224 -#: ipaserver/plugins/selinuxusermap.py:254 ipaserver/plugins/sudorule.py:256 -msgid "User category the rule applies to" +msgid "Record type" msgstr "" -#: ipaserver/plugins/netgroup.py:233 ipaserver/plugins/caacl.py:201 -#: ipaserver/plugins/hbacrule.py:229 ipaserver/plugins/selinuxusermap.py:259 -#: ipaserver/plugins/sudorule.py:261 -msgid "Host category" +#: ipaserver/plugins/dns.py:1556 +msgid "Record data" msgstr "" -#: ipaserver/plugins/netgroup.py:234 ipaserver/plugins/hbacrule.py:230 -#: ipaserver/plugins/selinuxusermap.py:260 ipaserver/plugins/sudorule.py:262 -msgid "Host category the rule applies to" +msgid "A record" msgstr "" -#: ipaserver/plugins/hbacrule.py:243 -msgid "Service category" +msgid "Raw A records" msgstr "" -#: ipaserver/plugins/hbacrule.py:244 -msgid "Service category the rule applies to" +msgid "A IP Address" msgstr "" -#: ipaserver/plugins/certmap.py:310 ipaserver/plugins/hbacrule.py:256 -#: ipaserver/plugins/selinuxusermap.py:268 ipaserver/plugins/internal.py:1963 -#: ipaserver/plugins/sudorule.py:250 -msgid "Enabled" +#: ipaserver/plugins/dns.py:983 ipaserver/plugins/host.py:711 +msgid "IP Address" msgstr "" -#: ipaserver/plugins/automember.py:697 ipaserver/plugins/caacl.py:220 -#: ipaserver/plugins/hbacrule.py:260 ipaserver/plugins/selinuxusermap.py:272 -#: ipaserver/plugins/baseuser.py:250 ipaserver/plugins/internal.py:1205 -#: ipaserver/plugins/sudorule.py:291 ipaserver/plugins/user.py:179 -msgid "Users" +msgid "A Create reverse" msgstr "" -#: ipaserver/plugins/hbacrule.py:264 ipaserver/plugins/selinuxusermap.py:276 -#: ipaserver/plugins/group.py:334 ipaserver/plugins/internal.py:884 -#: ipaserver/plugins/internal.py:1204 ipaserver/plugins/sudorule.py:295 -msgid "User Groups" +msgid "Create reverse record for this IP Address" msgstr "" -#: ipaserver/plugins/automember.py:702 ipaserver/plugins/caacl.py:228 -#: ipaserver/plugins/hbacrule.py:268 ipaserver/plugins/selinuxusermap.py:280 -#: ipaserver/plugins/host.py:480 ipaserver/plugins/internal.py:1179 -#: ipaserver/plugins/sudorule.py:304 -msgid "Hosts" +msgid "AAAA record" msgstr "" -#: ipaserver/plugins/hbacrule.py:272 ipaserver/plugins/hostgroup.py:178 -#: ipaserver/plugins/selinuxusermap.py:284 ipaserver/plugins/internal.py:1078 -#: ipaserver/plugins/internal.py:1178 ipaserver/plugins/sudorule.py:308 -msgid "Host Groups" +msgid "Raw AAAA records" msgstr "" -#: ipaserver/plugins/internal.py:961 ipaserver/plugins/service.py:522 -msgid "Services" +msgid "AAAA IP Address" msgstr "" -msgid "Service Groups" +msgid "AAAA Create reverse" msgstr "" -#: ipaserver/plugins/baseldap.py:333 -msgid "External host" +msgid "A6 record" msgstr "" -#: ipaserver/plugins/hbacrule.py:300 -msgid "Create a new HBAC rule." +msgid "Raw A6 records" msgstr "" -#: ipaserver/plugins/baseldap.py:1227 ipaserver/plugins/cert.py:1341 -msgid "Suppress processing of membership attributes." +msgid "A6 Record data" msgstr "" -#: ipaserver/plugins/hbacrule.py:534 -msgid "Add target hosts and hostgroups to an HBAC rule." +msgid "AFSDB record" msgstr "" -msgid "member host" +msgid "Raw AFSDB records" msgstr "" -msgid "hosts to add" +msgid "AFSDB Subtype" msgstr "" -msgid "member host group" +msgid "Subtype" msgstr "" -msgid "host groups to add" +msgid "AFSDB Hostname" msgstr "" -#: ipaserver/plugins/privilege.py:226 ipaserver/plugins/privilege.py:257 -#: ipaserver/plugins/role.py:231 ipaserver/plugins/role.py:255 -#: ipaserver/plugins/baseldap.py:1770 ipaserver/plugins/baseldap.py:2257 -msgid "Members that could not be added" +#: ipaserver/plugins/dns.py:1034 ipaserver/plugins/dns.py:1283 +#: ipaserver/plugins/dns.py:1346 +msgid "Hostname" msgstr "" -#: ipaserver/plugins/baseldap.py:1774 ipaserver/plugins/baseldap.py:2261 -msgid "Number of members added" +msgid "APL record" msgstr "" -#: ipaserver/plugins/hbacrule.py:591 -msgid "Add services to an HBAC rule." +msgid "Raw APL records" msgstr "" -msgid "member HBAC service" +msgid "CERT record" msgstr "" -msgid "HBAC services to add" +msgid "Raw CERT records" msgstr "" -msgid "member HBAC service group" +msgid "CERT Certificate Type" msgstr "" -msgid "HBAC service groups to add" +msgid "Certificate Type" msgstr "" -#: ipaserver/plugins/hbacrule.py:503 -msgid "Add users and groups to an HBAC rule." +msgid "CERT Key Tag" msgstr "" -msgid "member user" +#: ipaserver/plugins/dns.py:1058 +msgid "Key Tag" msgstr "" -msgid "users to add" +msgid "CERT Algorithm" msgstr "" -msgid "member group" +#: ipaserver/plugins/dns.py:1063 ipaserver/plugins/dns.py:1412 +#: ipaserver/plugins/otptoken.py:229 +msgid "Algorithm" msgstr "" -msgid "groups to add" +msgid "CERT Certificate/CRL" msgstr "" -#: ipaserver/plugins/hbacrule.py:314 -msgid "Delete an HBAC rule." +msgid "Certificate/CRL" msgstr "" -#: ipaserver/plugins/hbacrule.py:411 -msgid "Disable an HBAC rule." +msgid "CNAME record" msgstr "" -#: ipaserver/plugins/hbacrule.py:381 -msgid "Enable an HBAC rule." +msgid "Raw CNAME records" msgstr "" -#: ipaserver/plugins/hbacrule.py:365 -msgid "Search for HBAC rules." +msgid "CNAME Hostname" msgstr "" -#: ipaserver/plugins/hbacrule.py:331 -msgid "Modify an HBAC rule." +msgid "A hostname which this alias hostname points to" msgstr "" -#: ipaserver/plugins/hbacrule.py:556 -msgid "Remove target hosts and hostgroups from an HBAC rule." +msgid "DHCID record" msgstr "" -msgid "hosts to remove" +msgid "Raw DHCID records" msgstr "" -msgid "host groups to remove" +msgid "DLV record" msgstr "" -#: ipaserver/plugins/baseldap.py:1868 ipaserver/plugins/baseldap.py:2356 -msgid "Members that could not be removed" +msgid "Raw DLV records" msgstr "" -#: ipaserver/plugins/baseldap.py:1872 ipaserver/plugins/baseldap.py:2360 -msgid "Number of members removed" +msgid "DLV Key Tag" msgstr "" -#: ipaserver/plugins/hbacrule.py:613 -msgid "Remove service and service groups from an HBAC rule." +msgid "DLV Algorithm" msgstr "" -msgid "HBAC services to remove" +msgid "DLV Digest Type" msgstr "" -msgid "HBAC service groups to remove" +msgid "Digest Type" msgstr "" -#: ipaserver/plugins/hbacrule.py:525 -msgid "Remove users and groups from an HBAC rule." +msgid "DLV Digest" msgstr "" -msgid "users to remove" +msgid "Digest" msgstr "" -msgid "groups to remove" +msgid "DNAME record" msgstr "" -#: ipaserver/plugins/hbacrule.py:375 -msgid "Display the properties of an HBAC rule." +msgid "Raw DNAME records" msgstr "" -msgid "" -"\n" -"HBAC Services\n" -"\n" -"The PAM services that HBAC can control access to. The name used here\n" -"must match the service name that PAM is evaluating.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new HBAC service:\n" -" ipa hbacsvc-add tftp\n" -"\n" -" Modify an existing HBAC service:\n" -" ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n" -"\n" -" Search for HBAC services. This example will return two results, the FTP\n" -" service and the newly-added tftp service:\n" -" ipa hbacsvc-find ftp\n" -"\n" -" Delete an HBAC service:\n" -" ipa hbacsvc-del tftp\n" +msgid "DNAME Target" msgstr "" -#: ipaserver/plugins/hbacsvc.py:101 -msgid "Service name" +#: ipaserver/plugins/dns.py:1379 ipaserver/plugins/internal.py:1245 +msgid "Target" msgstr "" -#: ipaserver/plugins/hbacsvc.py:102 -msgid "HBAC service" +msgid "DNSKEY record" msgstr "" -#: ipaserver/plugins/hbacsvc.py:109 -msgid "HBAC service description" +msgid "Raw DNSKEY records" msgstr "" -msgid "Member of HBAC service groups" +msgid "DS record" msgstr "" -msgid "Add a new HBAC service." +msgid "Raw DS records" msgstr "" -#: ipaserver/plugins/hbacsvc.py:125 -msgid "Delete an existing HBAC service." +msgid "DS Key Tag" msgstr "" -#: ipaserver/plugins/hbacsvc.py:141 -msgid "Search for HBAC services." +msgid "DS Algorithm" +msgstr "" + +msgid "DS Digest Type" msgstr "" -msgid "Results should contain primary key attribute only (\"service\")" +msgid "DS Digest" msgstr "" -#: ipaserver/plugins/hbacsvc.py:133 -msgid "Modify an HBAC service." +msgid "HIP record" msgstr "" -#: ipaserver/plugins/hbacsvc.py:151 -msgid "Display information about an HBAC service." +msgid "Raw HIP records" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:33 -msgid "" -"\n" -"HBAC Service Groups\n" -"\n" -"HBAC service groups can contain any number of individual services,\n" -"or \"members\". Every group must have a description.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new HBAC service group:\n" -" ipa hbacsvcgroup-add --desc=\"login services\" login\n" -"\n" -" Add members to an HBAC service group:\n" -" ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login\n" -"\n" -" Display information about a named group:\n" -" ipa hbacsvcgroup-show login\n" -"\n" -" Delete an HBAC service group:\n" -" ipa hbacsvcgroup-del login\n" +msgid "IPSECKEY record" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:114 -msgid "Service group name" +msgid "Raw IPSECKEY records" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:121 -msgid "HBAC service group description" +msgid "KEY record" msgstr "" -#: ipaserver/plugins/baseldap.py:107 -msgid "Member HBAC service" +msgid "Raw KEY records" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:129 -msgid "Add a new HBAC service group." +msgid "KX record" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:169 -msgid "Add members to an HBAC service group." +msgid "Raw KX records" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:137 -msgid "Delete an HBAC service group." +msgid "KX Preference" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:153 -msgid "Search for an HBAC service group." +#: ipaserver/plugins/dns.py:1267 +msgid "Preference given to this exchanger. Lower values are more preferred" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:145 -msgid "Modify an HBAC service group." +msgid "KX Exchanger" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:175 -msgid "Remove members from an HBAC service group." +msgid "A host willing to act as a key exchanger" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:163 -msgid "Display information about an HBAC service group." +msgid "LOC record" msgstr "" -msgid "" -"\n" -"Hosts/Machines\n" -"\n" -"A host represents a machine. It can be used in a number of contexts:\n" -"- service entries are associated with a host\n" -"- a host stores the host/ service principal\n" -"- a host can be used in Host-based Access Control (HBAC) rules\n" -"- every enrolled client generates a host entry\n" -"\n" -"ENROLLMENT:\n" -"\n" -"There are three enrollment scenarios when enrolling a new client:\n" -"\n" -"1. You are enrolling as a full administrator. The host entry may exist\n" -" or not. A full administrator is a member of the hostadmin role\n" -" or the admins group.\n" -"2. You are enrolling as a limited administrator. The host must already\n" -" exist. A limited administrator is a member a role with the\n" -" Host Enrollment privilege.\n" -"3. The host has been created with a one-time password.\n" -"\n" -"RE-ENROLLMENT:\n" -"\n" -"Host that has been enrolled at some point, and lost its configuration (e.g. " -"VM\n" -"destroyed) can be re-enrolled.\n" -"\n" -"For more information, consult the manual pages for ipa-client-install.\n" -"\n" -"A host can optionally store information such as where it is located,\n" -"the OS that it runs, etc.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new host:\n" -" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." -"com\n" -"\n" -" Delete a host:\n" -" ipa host-del test.example.com\n" -"\n" -" Add a new host with a one-time password:\n" -" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" -"\n" -" Add a new host with a random one-time password:\n" -" ipa host-add --os='Fedora 12' --random test.example.com\n" -"\n" -" Modify information about a host:\n" -" ipa host-mod --os='Fedora 12' test.example.com\n" -"\n" -" Remove SSH public keys of a host and update DNS to reflect this change:\n" -" ipa host-mod --sshpubkey= --updatedns test.example.com\n" -"\n" -" Disable the host Kerberos key, SSL certificate and all of its services:\n" -" ipa host-disable test.example.com\n" -"\n" -" Add a host that can manage this host's keytab and certificate:\n" -" ipa host-add-managedby --hosts=test2 test\n" -"\n" -" Allow user to create a keytab:\n" -" ipa host-allow-create-keytab test2 --users=tuser1\n" +msgid "Raw LOC records" msgstr "" -#: ipaserver/plugins/service.py:767 -msgid "Host name" +msgid "LOC Degrees Latitude" msgstr "" -msgid "A description of this host" +msgid "Degrees Latitude" msgstr "" -msgid "Locality" +msgid "LOC Minutes Latitude" msgstr "" -msgid "Host locality (e.g. \"Baltimore, MD\")" +msgid "Minutes Latitude" msgstr "" -msgid "Host location (e.g. \"Lab 2\")" +msgid "LOC Seconds Latitude" msgstr "" -msgid "Platform" +msgid "Seconds Latitude" msgstr "" -msgid "Host hardware platform (e.g. \"Lenovo T61\")" +msgid "LOC Direction Latitude" msgstr "" -msgid "Operating system" +msgid "Direction Latitude" msgstr "" -msgid "Host operating system and version (e.g. \"Fedora 9\")" +msgid "LOC Degrees Longitude" msgstr "" -msgid "User password" +msgid "Degrees Longitude" msgstr "" -msgid "Password used in bulk enrollment" +msgid "LOC Minutes Longitude" msgstr "" -msgid "Generate a random password to be used in bulk enrollment" +msgid "Minutes Longitude" msgstr "" -#: ipaserver/plugins/host.py:527 -msgid "Random password" +msgid "LOC Seconds Longitude" msgstr "" -#: ipaserver/plugins/certmap.py:605 ipaserver/plugins/baseuser.py:462 -#: ipaserver/plugins/baseuser.py:949 ipaserver/plugins/cert.py:353 -#: ipaserver/plugins/host.py:532 ipaserver/plugins/idviews.py:1068 -#: ipaserver/plugins/internal.py:644 ipaserver/plugins/internal.py:728 -#: ipaserver/plugins/service.py:556 -msgid "Certificate" +msgid "Seconds Longitude" msgstr "" -msgid "Base-64 encoded server certificate" +msgid "LOC Direction Longitude" msgstr "" -#: ipaserver/plugins/host.py:574 ipaserver/plugins/service.py:530 -msgid "Principal name" +msgid "Direction Longitude" msgstr "" -msgid "MAC address" +msgid "LOC Altitude" msgstr "" -msgid "Hardware MAC address(es) on this host" +msgid "Altitude" msgstr "" -#: ipaserver/plugins/host.py:603 ipaserver/plugins/idviews.py:1062 -msgid "SSH public key" +msgid "LOC Size" msgstr "" -#: ipaserver/plugins/host.py:613 -msgid "Class" +msgid "Size" msgstr "" -msgid "" -"Host category (semantics placed on this attribute are for local " -"interpretation)" +msgid "LOC Horizontal Precision" msgstr "" -#: ipaserver/plugins/internal.py:1136 -msgid "Assigned ID View" +msgid "Horizontal Precision" msgstr "" -#: ipaserver/plugins/service.py:176 -msgid "Requires pre-authentication" +msgid "LOC Vertical Precision" msgstr "" -#: ipaserver/plugins/service.py:177 -msgid "Pre-authentication is required for the service" +msgid "Vertical Precision" msgstr "" -#: ipaserver/plugins/service.py:182 -msgid "Trusted for delegation" +msgid "MX record" msgstr "" -#: ipaserver/plugins/service.py:183 -msgid "Client credentials may be delegated to the service" +msgid "Raw MX records" msgstr "" -#: ipaserver/plugins/baseldap.py:71 -msgid "Member of host-groups" +msgid "MX Preference" msgstr "" -#: ipaserver/plugins/baseldap.py:80 -msgid "Roles" +msgid "MX Exchanger" msgstr "" -msgid "Member of netgroups" +msgid "A host willing to act as a mail exchanger" msgstr "" -msgid "Member of Sudo rule" +msgid "NAPTR record" msgstr "" -msgid "Member of HBAC rule" +msgid "Raw NAPTR records" msgstr "" -msgid "Indirect Member of netgroup" +msgid "NAPTR Order" msgstr "" -msgid "Indirect Member of host-group" +msgid "Order" msgstr "" -msgid "Indirect Member of role" +msgid "NAPTR Preference" msgstr "" -msgid "Indirect Member of Sudo rule" +#: ipaserver/plugins/dns.py:1266 ipaserver/plugins/dns.py:1314 +msgid "Preference" msgstr "" -msgid "Indirect Member of HBAC rule" +msgid "NAPTR Flags" msgstr "" -#: ipaserver/plugins/service.py:128 -msgid "Keytab" +msgid "Flags" msgstr "" -msgid "Managed by" +msgid "NAPTR Service" msgstr "" -msgid "Managing" +#: ipaserver/plugins/hbactest.py:285 ipaserver/plugins/dns.py:1324 +#: ipaserver/plugins/internal.py:1360 ipaserver/plugins/internal.py:1704 +#: ipaserver/plugins/service.py:523 +msgid "Service" msgstr "" -#: ipaserver/plugins/service.py:134 -msgid "Users allowed to retrieve keytab" +msgid "NAPTR Regular Expression" msgstr "" -#: ipaserver/plugins/service.py:137 -msgid "Groups allowed to retrieve keytab" +msgid "Regular Expression" msgstr "" -#: ipaserver/plugins/service.py:140 -msgid "Hosts allowed to retrieve keytab" +msgid "NAPTR Replacement" msgstr "" -#: ipaserver/plugins/service.py:143 -msgid "Host Groups allowed to retrieve keytab" +msgid "Replacement" msgstr "" -#: ipaserver/plugins/service.py:146 -msgid "Users allowed to create keytab" +msgid "NS record" msgstr "" -#: ipaserver/plugins/service.py:149 -msgid "Groups allowed to create keytab" +msgid "Raw NS records" msgstr "" -#: ipaserver/plugins/service.py:152 -msgid "Hosts allowed to create keytab" +msgid "NS Hostname" msgstr "" -#: ipaserver/plugins/service.py:155 -msgid "Host Groups allowed to create keytab" +msgid "NSEC record" msgstr "" -msgid "Add a new host." +msgid "Raw NSEC records" msgstr "" -msgid "force host name even if not in DNS" +msgid "NSEC3 record" msgstr "" -msgid "skip reverse DNS detection" +msgid "Raw NSEC3 records" msgstr "" -msgid "Add the host to DNS with this IP address" +msgid "PTR record" msgstr "" -msgid "Add hosts that can manage this host." +msgid "Raw PTR records" msgstr "" -msgid "" -"Allow users, groups, hosts or host groups to create a keytab of this host." +msgid "PTR Hostname" msgstr "" -msgid "" -"Allow users, groups, hosts or host groups to retrieve a keytab of this host." +msgid "The hostname this reverse record points to" msgstr "" -msgid "Delete a host." +msgid "RRSIG record" msgstr "" -msgid "Remove entries from DNS" +msgid "Raw RRSIG records" msgstr "" -msgid "Disable the Kerberos key, SSL certificate and all services of a host." +msgid "RP record" msgstr "" -msgid "" -"Disallow users, groups, hosts or host groups to create a keytab of this host." +msgid "Raw RP records" msgstr "" -msgid "" -"Disallow users, groups, hosts or host groups to retrieve a keytab of this " -"host." +msgid "SIG record" msgstr "" -msgid "Search for hosts." +msgid "Raw SIG records" msgstr "" -msgid "Results should contain primary key attribute only (\"hostname\")" +msgid "SPF record" msgstr "" -#: ipaserver/plugins/hostgroup.py:106 -msgid "host group" +msgid "Raw SPF records" msgstr "" -msgid "Search for hosts with these member of host groups." +msgid "SRV record" msgstr "" -msgid "Search for hosts without these member of host groups." +msgid "Raw SRV records" msgstr "" -msgid "netgroup" +msgid "SRV Priority" msgstr "" -msgid "Search for hosts with these member of netgroups." +#: ipaserver/plugins/certmap.py:304 ipaserver/plugins/pwpolicy.py:345 +msgid "Priority" msgstr "" -msgid "Search for hosts without these member of netgroups." +msgid "SRV Weight" msgstr "" -#: ipaserver/plugins/serverrole.py:185 ipaserver/plugins/role.py:81 -msgid "role" +#: ipaserver/plugins/dns.py:1498 +msgid "Weight" msgstr "" -msgid "Search for hosts with these member of roles." +msgid "SRV Port" msgstr "" -msgid "Search for hosts without these member of roles." +msgid "Port" msgstr "" -msgid "HBAC rule" +msgid "SRV Target" msgstr "" -msgid "Search for hosts with these member of HBAC rules." +msgid "" +"The domain name of the target host or '.' if the service is decidedly not " +"available at this domain" msgstr "" -msgid "Search for hosts without these member of HBAC rules." +msgid "SSHFP record" msgstr "" -msgid "sudo rule" +msgid "Raw SSHFP records" msgstr "" -msgid "Search for hosts with these member of sudo rules." +msgid "SSHFP Algorithm" msgstr "" -msgid "Search for hosts without these member of sudo rules." +msgid "SSHFP Fingerprint Type" msgstr "" -#: ipaserver/plugins/sudorule.py:442 ipaserver/plugins/user.py:155 -#: ipaserver/plugins/user.py:181 ipaserver/plugins/user.py:893 -msgid "user" +msgid "Fingerprint Type" msgstr "" -msgid "Search for hosts with these enrolled by users." +msgid "SSHFP Fingerprint" msgstr "" -msgid "Search for hosts without these enrolled by users." +msgid "Fingerprint" msgstr "" -#: ipaserver/plugins/host.py:292 ipaserver/plugins/sudorule.py:447 -msgid "host" +msgid "TA record" msgstr "" -msgid "Search for hosts with these managed by hosts." +msgid "Raw TA records" msgstr "" -msgid "Search for hosts without these managed by hosts." +msgid "TLSA record" msgstr "" -msgid "Search for hosts with these managing hosts." +msgid "Raw TLSA records" msgstr "" -msgid "Search for hosts without these managing hosts." +msgid "TLSA Certificate Usage" msgstr "" -msgid "Modify information about a host." +msgid "Certificate Usage" msgstr "" -msgid "Kerberos principal name for this host" +msgid "TLSA Selector" msgstr "" -msgid "Update DNS entries" +msgid "Selector" msgstr "" -msgid "Remove hosts that can manage this host." +msgid "TLSA Matching Type" msgstr "" -msgid "Display information about a host." +msgid "Matching Type" msgstr "" -#: ipaserver/plugins/service.py:1029 ipaserver/plugins/user.py:976 -msgid "file to store certificate in" +msgid "TLSA Certificate Association Data" msgstr "" -msgid "" -"\n" -"Groups of hosts.\n" -"\n" -"Manage groups of hosts. This is useful for applying access control to a\n" -"number of hosts by using Host-based Access Control.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new host group:\n" -" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" -"\n" -" Add another new host group:\n" -" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" -"\n" -" Add members to the hostgroup (using Bash brace expansion):\n" -" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" -"\n" -" Add a hostgroup as a member of another hostgroup:\n" -" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" -"\n" -" Remove a host from the hostgroup:\n" -" ipa hostgroup-remove-member --hosts=box2 baltimore\n" -"\n" -" Display a host group:\n" -" ipa hostgroup-show baltimore\n" -"\n" -" Delete a hostgroup:\n" -" ipa hostgroup-del baltimore\n" +msgid "Certificate Association Data" msgstr "" -#: ipaserver/plugins/hostgroup.py:186 -msgid "Host-group" +msgid "TKEY record" msgstr "" -#: ipaserver/plugins/hostgroup.py:187 -msgid "Name of host-group" +msgid "Raw TKEY records" msgstr "" -#: ipaserver/plugins/hostgroup.py:194 -msgid "A description of this host-group" +msgid "TSIG record" msgstr "" -msgid "Member hosts" +msgid "Raw TSIG records" msgstr "" -msgid "Member host-groups" +msgid "TXT record" msgstr "" -#: ipaserver/plugins/baseldap.py:137 -msgid "Indirect Member hosts" +msgid "Raw TXT records" msgstr "" -#: ipaserver/plugins/baseldap.py:140 -msgid "Indirect Member host-groups" +msgid "TXT Text Data" msgstr "" -#: ipaserver/plugins/hostgroup.py:220 -msgid "Add a new hostgroup." +msgid "Text Data" msgstr "" -#: ipaserver/plugins/hostgroup.py:330 -msgid "Add members to a hostgroup." +msgid "Authoritative nameserver" msgstr "" -#: ipaserver/plugins/hostgroup.py:260 -msgid "Delete a hostgroup." +msgid "Authoritative nameserver domain name" msgstr "" -#: ipaserver/plugins/hostgroup.py:298 -msgid "Search for hostgroups." +#: ipaserver/plugins/dns.py:2429 +msgid "Administrator e-mail address" msgstr "" -msgid "Results should contain primary key attribute only (\"hostgroup-name\")" +msgid "SOA serial" msgstr "" -msgid "Search for host groups with these member hosts." +msgid "SOA record serial number" msgstr "" -msgid "Search for host groups without these member hosts." +msgid "SOA refresh" msgstr "" -msgid "Search for host groups with these member host groups." +msgid "SOA record refresh time" msgstr "" -msgid "Search for host groups without these member host groups." +msgid "SOA retry" msgstr "" -msgid "Search for host groups with these member of host groups." +msgid "SOA record retry time" msgstr "" -msgid "Search for host groups without these member of host groups." +msgid "SOA expire" msgstr "" -msgid "Search for host groups with these member of netgroups." +msgid "SOA record expire time" msgstr "" -msgid "Search for host groups without these member of netgroups." +msgid "SOA minimum" msgstr "" -msgid "Search for host groups with these member of HBAC rules." +msgid "How long should negative responses be cached" msgstr "" -msgid "Search for host groups without these member of HBAC rules." +msgid "Time to live for records at zone apex" msgstr "" -msgid "Search for host groups with these member of sudo rules." +#: ipaserver/plugins/dns.py:2503 +msgid "BIND update policy" msgstr "" -msgid "Search for host groups without these member of sudo rules." +msgid "Dynamic update" msgstr "" -#: ipaserver/plugins/hostgroup.py:275 -msgid "Modify a hostgroup." +msgid "Allow dynamic updates." msgstr "" -#: ipaserver/plugins/hostgroup.py:340 -msgid "Remove members from a hostgroup." +msgid "Allow query" msgstr "" -#: ipaserver/plugins/hostgroup.py:316 -msgid "Display information about a hostgroup." +msgid "" +"Semicolon separated list of IP addresses or networks which are allowed to " +"issue queries" msgstr "" -msgid "" -"\n" -"ID Views\n" -"\n" -"Manage ID Views\n" -"\n" -"IPA allows to override certain properties of users and groups per each " -"host.\n" -"This functionality is primarily used to allow migration from older systems " -"or\n" -"other Identity Management solutions.\n" +msgid "Allow transfer" msgstr "" -#: ipaserver/plugins/idviews.py:780 -msgid "Anchor to override" +msgid "" +"Semicolon separated list of IP addresses or networks which are allowed to " +"transfer the zone" msgstr "" -#: ipaserver/plugins/idviews.py:1135 -msgid "Group name" +msgid "" +"Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the " +"zone" msgstr "" -#: ipaserver/plugins/group.py:354 ipaserver/plugins/idviews.py:1045 -#: ipaserver/plugins/idviews.py:1140 -msgid "GID" +msgid "Allow in-line DNSSEC signing" msgstr "" -#: ipaserver/plugins/idviews.py:1046 ipaserver/plugins/idviews.py:1141 -msgid "Group ID Number" +msgid "Allow inline DNSSEC signing of records in the zone" msgstr "" -#: ipaserver/plugins/idviews.py:1032 -msgid "User login" +msgid "NSEC3PARAM record" msgstr "" -#: ipaserver/plugins/idviews.py:1037 -msgid "UID" +msgid "" +"NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt" msgstr "" -#: ipaserver/plugins/idviews.py:1038 -msgid "User ID Number" +msgid "Checks if any of the servers has the DNS service enabled." msgstr "" -#: ipaserver/plugins/baseuser.py:292 ipaserver/plugins/idviews.py:1042 -msgid "GECOS" +msgid "Resolve a host name in DNS." msgstr "" -#: ipaserver/plugins/idviews.py:1051 -msgid "Home directory" +msgid "Modify global DNS configuration." msgstr "" -#: ipaserver/plugins/idviews.py:1055 -msgid "Login shell" +msgid "Show the current global DNS configuration." msgstr "" -#: ipaserver/plugins/idviews.py:137 -msgid "ID View Name" +msgid "Create new DNS forward zone." msgstr "" -#: ipaserver/plugins/idviews.py:1296 -msgid "Add a new Group ID override." +msgid "Add a permission for per-forward zone access delegation." msgstr "" -#: ipaserver/plugins/idviews.py:1302 -msgid "Delete an Group ID override." +msgid "Permission value" msgstr "" -#: ipaserver/plugins/idviews.py:1314 -msgid "Search for an Group ID override." +msgid "Delete DNS forward zone." msgstr "" -msgid "Results should contain primary key attribute only (\"anchor\")" +msgid "Disable DNS Forward Zone." msgstr "" -#: ipaserver/plugins/idviews.py:1308 -msgid "Modify an Group ID override." +msgid "Enable DNS Forward Zone." msgstr "" -msgid "Rename the Group ID override object" +msgid "Search for DNS forward zones." msgstr "" -#: ipaserver/plugins/idviews.py:1330 -msgid "Display information about an Group ID override." +msgid "Modify DNS forward zone." msgstr "" -#: ipaserver/plugins/idviews.py:1197 -msgid "Add a new User ID override." +msgid "Remove a permission for per-forward zone access delegation." msgstr "" -#: ipaserver/plugins/idviews.py:1222 -msgid "Delete an User ID override." +msgid "Display information about a DNS forward zone." msgstr "" -#: ipaserver/plugins/idviews.py:1260 -msgid "Search for an User ID override." +msgid "Add new DNS resource record." msgstr "" -#: ipaserver/plugins/idviews.py:1228 -msgid "Modify an User ID override." +#: ipaserver/plugins/realmdomains.py:151 ipaserver/plugins/dns.py:2890 +#: ipaserver/plugins/dns.py:3578 ipaserver/plugins/permission.py:1096 +#: ipaserver/plugins/host.py:703 ipaserver/plugins/service.py:697 +msgid "Force" msgstr "" -msgid "Rename the User ID override object" +msgid "force NS record creation even if its hostname is not in DNS" msgstr "" -#: ipaserver/plugins/idviews.py:1284 -msgid "Display information about an User ID override." +msgid "Structured" msgstr "" -#: ipaserver/plugins/idviews.py:197 -msgid "Add a new ID View." +msgid "Parse all raw DNS records and return them in a structured way" msgstr "" -msgid "" -"Applies ID View to specified hosts or current members of specified " -"hostgroups. If any other ID View is applied to the host, it is overriden." +msgid "Delete DNS resource record." msgstr "" -#: ipaserver/plugins/idviews.py:462 ipaserver/plugins/idviews.py:505 -#: ipaserver/plugins/sudorule.py:447 -msgid "hosts" +msgid "Delete all associated records" msgstr "" -#: ipaserver/plugins/idviews.py:461 -msgid "Hosts to apply the ID View to" +msgid "Delete DNS record entry." msgstr "" -#: ipaserver/plugins/idviews.py:469 ipaserver/plugins/idviews.py:512 -msgid "hostgroups" +msgid "Search for DNS resources." msgstr "" -#: ipaserver/plugins/idviews.py:466 -msgid "" -"Hostgroups to whose hosts apply the ID View to. Please note that view is not " -"applied automatically to any hosts added to the hostgroup after running the " -"idview-apply command." +msgid "Modify a DNS resource record." msgstr "" -#: ipaserver/plugins/idviews.py:477 -msgid "Hosts that this ID View was applied to." +msgid "Rename the DNS resource record object" msgstr "" -#: ipaserver/plugins/idviews.py:481 -msgid "Hosts or hostgroups that this ID View could not be applied to." +msgid "Display DNS resource." msgstr "" -#: ipaserver/plugins/idviews.py:486 -msgid "Number of hosts the ID View was applied to:" +msgid "Create new DNS zone (SOA record)." msgstr "" -#: ipaserver/plugins/idviews.py:214 -msgid "Delete an ID View." +msgid "Force DNS zone creation even if nameserver is not resolvable." msgstr "" -#: ipaserver/plugins/idviews.py:243 -msgid "Search for an ID View." +msgid "Add a permission for per-zone access delegation." msgstr "" -#: ipaserver/plugins/idviews.py:227 -msgid "Modify an ID View." +msgid "Delete DNS zone (SOA record)." msgstr "" -msgid "Rename the ID View object" +msgid "Disable DNS Zone." msgstr "" -#: ipaserver/plugins/idviews.py:250 -msgid "Display information about an ID View." +msgid "Enable DNS Zone." msgstr "" -#: ipaserver/plugins/idviews.py:255 -msgid "Enumerate all the hosts the view applies to." +#: ipaserver/plugins/dns.py:2929 +msgid "Search for DNS zones (SOA records)." msgstr "" -#: ipaserver/plugins/idviews.py:493 -msgid "" -"Clears ID View from specified hosts or current members of specified " -"hostgroups." +msgid "Forward zones only" msgstr "" -#: ipaserver/plugins/idviews.py:504 -msgid "Hosts to clear (any) ID View from." +msgid "Search for forward zones only" msgstr "" -#: ipaserver/plugins/idviews.py:509 -msgid "" -"Hostgroups whose hosts should have ID Views cleared. Note that view is not " -"cleared automatically from any host added to the hostgroup after running " -"idview-unapply command." +msgid "Modify DNS zone (SOA record)." msgstr "" -#: ipaserver/plugins/idviews.py:520 -msgid "Hosts that ID View was cleared from." +msgid "Force nameserver change even if nameserver not in DNS" msgstr "" -#: ipaserver/plugins/idviews.py:524 -msgid "Hosts or hostgroups that ID View could not be cleared from." +msgid "Remove a permission for per-zone access delegation." msgstr "" -#: ipaserver/plugins/idviews.py:529 -msgid "Number of hosts that had a ID View was unset:" +msgid "Display information about a DNS zone (SOA record)." msgstr "" -#: ipaserver/plugins/internal.py:30 msgid "" "\n" -"Plugins not accessible directly through the CLI, commands used internally\n" +"Groups of users\n" +"\n" +"Manage groups of users. By default, new groups are POSIX groups. You\n" +"can add the --nonposix option to the group-add command to mark a new group\n" +"as non-POSIX. You can use the --posix argument with the group-mod command\n" +"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add multiple users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1 --users=test2 localadmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\\name, or name@domain format. IPA will " +"attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" msgstr "" -#: ipaserver/plugins/internal.py:2035 -msgid "Dict of I18N messages" +#: ipaserver/plugins/group.py:343 +msgid "Group name" msgstr "" -#: ipaserver/plugins/internal.py:38 -msgid "Export plugin meta-data for the webUI." +#: ipaserver/plugins/sudocmdgroup.py:131 ipaserver/plugins/group.py:350 +msgid "Group description" msgstr "" -#: ipaserver/plugins/internal.py:44 ipaserver/plugins/internal.py:53 -msgid "Name of object to export" +#: ipaserver/plugins/idviews.py:1140 ipaserver/plugins/group.py:354 +#: ipaserver/plugins/baseuser.py:353 +msgid "GID" msgstr "" -#: ipaserver/plugins/internal.py:47 ipaserver/plugins/internal.py:56 -msgid "Name of method to export" +msgid "GID (use this option to set it manually)" msgstr "" -#: ipaserver/plugins/internal.py:59 -msgid "Name of command to export" +msgid "Member users" msgstr "" -#: ipaserver/plugins/internal.py:64 -msgid "Dict of JSON encoded IPA Objects" +msgid "Member groups" msgstr "" -#: ipaserver/plugins/internal.py:65 -msgid "Dict of JSON encoded IPA Methods" +msgid "Member of groups" msgstr "" -#: ipaserver/plugins/internal.py:66 -msgid "Dict of JSON encoded IPA Commands" +#: ipaserver/plugins/baseldap.py:80 +msgid "Roles" msgstr "" -msgid "" -"\n" -"Joining an IPA domain\n" +msgid "Member of netgroups" msgstr "" -msgid "Join an IPA domain" +msgid "Member of Sudo rule" msgstr "" -msgid "The hostname to register as" +msgid "Member of HBAC rule" msgstr "" -msgid "The IPA realm" +msgid "Indirect Member users" msgstr "" -msgid "Hardware platform of the host (e.g. Lenovo T61)" +msgid "Indirect Member groups" msgstr "" -msgid "Operating System and version of the host (e.g. Fedora 9)" +msgid "Indirect Member of group" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:27 -msgid "" -"\n" -"Kerberos ticket policy\n" -"\n" -"There is a single Kerberos ticket policy. This policy defines the\n" -"maximum ticket lifetime and the maximum renewal age, the period during\n" -"which the ticket is renewable.\n" -"\n" -"You can also create a per-user ticket policy by specifying the user login.\n" -"\n" -"For changes to the global policy to take effect, restarting the KDC service\n" -"is required, which can be achieved using:\n" -"\n" -"service krb5kdc restart\n" -"\n" -"Changes to per-user policies take effect immediately for newly requested\n" -"tickets (e.g. when the user next runs kinit).\n" -"\n" -"EXAMPLES:\n" -"\n" -" Display the current Kerberos ticket policy:\n" -" ipa krbtpolicy-show\n" -"\n" -" Reset the policy to the default:\n" -" ipa krbtpolicy-reset\n" -"\n" -" Modify the policy to 8 hours max life, 1-day max renewal:\n" -" ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400\n" -"\n" -" Display effective Kerberos ticket policy for user 'admin':\n" -" ipa krbtpolicy-show admin\n" -"\n" -" Reset per-user policy for user 'admin':\n" -" ipa krbtpolicy-reset admin\n" -"\n" -" Modify per-user policy for user 'admin':\n" -" ipa krbtpolicy-mod admin --maxlife=3600\n" +msgid "Indirect Member of netgroup" +msgstr "" + +msgid "Indirect Member of role" +msgstr "" + +msgid "Indirect Member of Sudo rule" +msgstr "" + +msgid "Indirect Member of HBAC rule" msgstr "" -#: ipaserver/plugins/passwd.py:94 ipaserver/plugins/krbtpolicy.py:134 -msgid "User name" +msgid "Create a new group." msgstr "" -#: ipaserver/plugins/krbtpolicy.py:135 -msgid "Manage ticket policy for specific user" +msgid "Create as a non-POSIX group" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:140 -msgid "Max life" +msgid "Allow adding external non-IPA members from trusted domains" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:141 -msgid "Maximum ticket life (seconds)" +#: ipaserver/plugins/baseldap.py:1227 ipaserver/plugins/cert.py:1341 +msgid "Suppress processing of membership attributes." msgstr "" -#: ipaserver/plugins/krbtpolicy.py:146 -msgid "Max renew" +msgid "Add members to a group." msgstr "" -#: ipaserver/plugins/krbtpolicy.py:147 -msgid "Maximum renewable age (seconds)" +msgid "External member" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:243 -msgid "Modify Kerberos ticket policy." +msgid "Members of a trusted domain in DOM\\name or name@domain form" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:322 -msgid "Reset Kerberos ticket policy to the default values." +msgid "member user" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:268 -msgid "Display the current Kerberos ticket policy." +msgid "users to add" +msgstr "" + +msgid "member group" +msgstr "" + +msgid "groups to add" +msgstr "" + +#: ipaserver/plugins/role.py:255 ipaserver/plugins/privilege.py:226 +#: ipaserver/plugins/privilege.py:257 ipaserver/plugins/baseldap.py:1770 +#: ipaserver/plugins/baseldap.py:2257 +msgid "Members that could not be added" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1774 ipaserver/plugins/baseldap.py:2261 +msgid "Number of members added" +msgstr "" + +msgid "Delete group." +msgstr "" + +msgid "Detach a managed group from a user." +msgstr "" + +msgid "Search for groups." +msgstr "" + +msgid "search for private groups" +msgstr "" + +msgid "search for POSIX groups" msgstr "" msgid "" -"\n" -"Migration to IPA\n" -"\n" -"Migrate users and groups from an LDAP server to IPA.\n" -"\n" -"This performs an LDAP query against the remote server searching for\n" -"users and groups in a container. In order to migrate passwords you need\n" -"to bind as a user that can read the userPassword attribute on the remote\n" -"server. This is generally restricted to high-level admins such as\n" -"cn=Directory Manager in 389-ds (this is the default bind user).\n" -"\n" -"The default user container is ou=People.\n" -"\n" -"The default group container is ou=Groups.\n" -"\n" -"Users and groups that already exist on the IPA server are skipped.\n" -"\n" -"Two LDAP schemas define how group members are stored: RFC2307 and\n" -"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" -"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" -"\n" -"The schema compat feature allows IPA to reformat data for systems that\n" -"do not support RFC2307bis. It is recommended that this feature is disabled\n" -"during migration to reduce system overhead. It can be re-enabled after\n" -"migration. To migrate with it enabled use the \"--with-compat\" option.\n" -"\n" -"Migrated users do not have Kerberos credentials, they have only their\n" -"LDAP password. To complete the migration process, users need to go\n" -"to http://ipa.example.com/ipa/migration and authenticate using their\n" -"LDAP password in order to generate their Kerberos credentials.\n" -"\n" -"Migration is disabled by default. Use the command ipa config-mod to\n" -"enable it:\n" -"\n" -" ipa config-mod --enable-migration=TRUE\n" -"\n" -"If a base DN is not provided with --basedn then IPA will use either\n" -"the value of defaultNamingContext if it is set or the first value\n" -"in namingContexts set in the root of the remote LDAP server.\n" -"\n" -"Users are added as members to the default user group. This can be a\n" -"time-intensive task so during migration this is done in a batch\n" -"mode for every 100 users. As a result there will be a window in which\n" -"users will be added to IPA but will not be members of the default\n" -"user group.\n" -"\n" -"EXAMPLES:\n" -"\n" -" The simplest migration, accepting all defaults:\n" -" ipa migrate-ds ldap://ds.example.com:389\n" -"\n" -" Specify the user and group container. This can be used to migrate user\n" -" and group data from an IPA v1 server:\n" -" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" -"container='cn=groups,cn=accounts' ldap://ds.example.com:389\n" -"\n" -" Since IPA v2 server already contain predefined groups that may collide " -"with\n" -" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" -" having colliding group as their primary group may happen to belong to\n" -" an unknown group on new IPA v2 server.\n" -" Use --group-overwrite-gid option to overwrite GID of already existing " -"groups\n" -" to prevent this issue:\n" -" ipa migrate-ds --group-overwrite-gid --user-container='cn=users," -"cn=accounts' --group-container='cn=groups,cn=accounts' " -"ldap://ds.example.com:389\n" -"\n" -" Migrated users or groups may have object class and accompanied attributes\n" -" unknown to the IPA v2 server. These object classes and attributes may be\n" -" left out of the migration process:\n" -" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" -"container='cn=groups,cn=accounts' --user-ignore-" -"objectclass=radiusprofile --user-ignore-" -"attribute=radiusgroupname ldap://ds.example.com:389\n" -"\n" -"LOGGING\n" -"\n" -"Migration will log warnings and errors to the Apache error log. This\n" -"file should be evaluated post-migration to correct or investigate any\n" -"issues that were discovered.\n" -"\n" -"For every 100 users migrated an info-level message will be displayed to\n" -"give the current progress and duration to make it possible to track\n" -"the progress of migration.\n" -"\n" -"If the log level is debug, either by setting debug = True in\n" -"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " -"printed\n" -"for each user added plus a summary when the default user group is\n" -"updated.\n" +"search for groups with support of external non-IPA members from trusted " +"domains" msgstr "" -#: ipaserver/plugins/migration.py:482 -msgid "Migrate users and groups from DS to IPA." +msgid "search for non-POSIX groups" msgstr "" -#: ipaserver/plugins/migration.py:529 -msgid "LDAP URI" +msgid "Results should contain primary key attribute only (\"group-name\")" msgstr "" -#: ipaserver/plugins/migration.py:530 -msgid "LDAP URI of DS server to migrate from" +#: ipaserver/plugins/sudorule.py:442 ipaserver/plugins/user.py:155 +#: ipaserver/plugins/user.py:181 ipaserver/plugins/user.py:893 +msgid "user" msgstr "" -#: ipaserver/plugins/migration.py:536 -msgid "bind password" +msgid "Search for groups with these member users." msgstr "" -#: ipaserver/plugins/migration.py:543 -msgid "Bind DN" +msgid "Search for groups without these member users." msgstr "" -#: ipaserver/plugins/migration.py:549 -msgid "User container" +#: ipaserver/plugins/group.py:424 ipaserver/plugins/group.py:698 +#: ipaserver/plugins/user.py:169 +msgid "group" msgstr "" -#: ipaserver/plugins/migration.py:550 -msgid "DN of container for users in DS relative to base DN" +msgid "Search for groups with these member groups." msgstr "" -#: ipaserver/plugins/migration.py:556 -msgid "Group container" +msgid "Search for groups without these member groups." msgstr "" -#: ipaserver/plugins/migration.py:557 -msgid "DN of container for groups in DS relative to base DN" +msgid "Search for groups with these member of groups." msgstr "" -#: ipaserver/plugins/migration.py:563 -msgid "User object class" +msgid "Search for groups without these member of groups." msgstr "" -#: ipaserver/plugins/migration.py:564 -msgid "Objectclasses used to search for user entries in DS" +msgid "netgroup" msgstr "" -#: ipaserver/plugins/migration.py:570 -msgid "Group object class" +msgid "Search for groups with these member of netgroups." msgstr "" -#: ipaserver/plugins/migration.py:571 -msgid "Objectclasses used to search for group entries in DS" +msgid "Search for groups without these member of netgroups." msgstr "" -#: ipaserver/plugins/migration.py:577 -msgid "Ignore user object class" +#: ipaserver/plugins/serverrole.py:185 +msgid "role" msgstr "" -#: ipaserver/plugins/migration.py:578 -msgid "Objectclasses to be ignored for user entries in DS" +msgid "Search for groups with these member of roles." msgstr "" -#: ipaserver/plugins/migration.py:584 -msgid "Ignore user attribute" +msgid "Search for groups without these member of roles." msgstr "" -#: ipaserver/plugins/migration.py:585 -msgid "Attributes to be ignored for user entries in DS" +msgid "HBAC rule" msgstr "" -#: ipaserver/plugins/migration.py:591 -msgid "Ignore group object class" +msgid "Search for groups with these member of HBAC rules." msgstr "" -#: ipaserver/plugins/migration.py:592 -msgid "Objectclasses to be ignored for group entries in DS" +msgid "Search for groups without these member of HBAC rules." msgstr "" -#: ipaserver/plugins/migration.py:598 -msgid "Ignore group attribute" +msgid "sudo rule" msgstr "" -#: ipaserver/plugins/migration.py:599 -msgid "Attributes to be ignored for group entries in DS" +msgid "Search for groups with these member of sudo rules." msgstr "" -#: ipaserver/plugins/migration.py:605 -msgid "Overwrite GID" +msgid "Search for groups without these member of sudo rules." msgstr "" -#: ipaserver/plugins/migration.py:606 -msgid "" -"When migrating a group already existing in IPA domain overwrite the group " -"GID and report as success" +msgid "Modify a group." msgstr "" -#: ipaserver/plugins/migration.py:611 -msgid "LDAP schema" +msgid "change to a POSIX group" msgstr "" -#: ipaserver/plugins/migration.py:612 -msgid "" -"The schema used on the LDAP server. Supported values are RFC2307 and " -"RFC2307bis. The default is RFC2307bis" +msgid "change to support external non-IPA members from trusted domains" msgstr "" -#: ipaserver/plugins/migration.py:618 -msgid "Continue" +msgid "Rename the group object" msgstr "" -#: ipaserver/plugins/migration.py:619 -msgid "" -"Continuous operation mode. Errors are reported but the process continues" +msgid "Remove members from a group." msgstr "" -#: ipaserver/plugins/migration.py:624 -msgid "Base DN" +msgid "users to remove" msgstr "" -#: ipaserver/plugins/migration.py:625 -msgid "Base DN on remote LDAP server" +msgid "groups to remove" msgstr "" -#: ipaserver/plugins/migration.py:629 -msgid "Ignore compat plugin" +#: ipaserver/plugins/baseldap.py:1868 ipaserver/plugins/baseldap.py:2356 +msgid "Members that could not be removed" msgstr "" -#: ipaserver/plugins/migration.py:630 -msgid "Allows migration despite the usage of compat plugin" +#: ipaserver/plugins/baseldap.py:1872 ipaserver/plugins/baseldap.py:2360 +msgid "Number of members removed" msgstr "" -#: ipaserver/plugins/migration.py:635 -msgid "CA certificate" +msgid "Display information about a named group." msgstr "" -#: ipaserver/plugins/migration.py:636 -msgid "Load CA certificate of LDAP server from FILE" +#: ipaserver/plugins/hbacrule.py:39 +msgid "" +"\n" +"Host-based access control\n" +"\n" +"Control who can access what services on what hosts. You\n" +"can use HBAC to control which users or groups can\n" +"access a service, or group of services, on a target host.\n" +"\n" +"You can also specify a category of users and target hosts.\n" +"This is currently limited to \"all\", but might be expanded in the\n" +"future.\n" +"\n" +"Target hosts in HBAC rules must be hosts managed by IPA.\n" +"\n" +"The available services and groups of services are controlled by the\n" +"hbacsvc and hbacsvcgroup plug-ins respectively.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a rule, \"test1\", that grants all users access to the host " +"\"server\" from\n" +" anywhere:\n" +" ipa hbacrule-add --usercat=all test1\n" +" ipa hbacrule-add-host --hosts=server.example.com test1\n" +"\n" +" Display the properties of a named HBAC rule:\n" +" ipa hbacrule-show test1\n" +"\n" +" Create a rule for a specific service. This lets the user john access\n" +" the sshd service on any machine from any machine:\n" +" ipa hbacrule-add --hostcat=all john_sshd\n" +" ipa hbacrule-add-user --users=john john_sshd\n" +" ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n" +"\n" +" Create a rule for a new service group. This lets the user john access\n" +" the FTP service on any machine from any machine:\n" +" ipa hbacsvcgroup-add ftpers\n" +" ipa hbacsvc-add sftp\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers\n" +" ipa hbacrule-add --hostcat=all john_ftp\n" +" ipa hbacrule-add-user --users=john john_ftp\n" +" ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n" +"\n" +" Disable a named HBAC rule:\n" +" ipa hbacrule-disable test1\n" +"\n" +" Remove a named HBAC rule:\n" +" ipa hbacrule-del allow_server\n" msgstr "" -msgid "groups to exclude from migration" +#: ipaserver/plugins/certmap.py:273 ipaserver/plugins/hbacrule.py:207 +#: ipaserver/plugins/selinuxusermap.py:239 ipaserver/plugins/sudorule.py:242 +msgid "Rule name" msgstr "" -msgid "users to exclude from migration" +#: ipaserver/plugins/hbacrule.py:213 +msgid "Rule type" msgstr "" -#: ipaserver/plugins/migration.py:662 -msgid "Lists of objects migrated; categorized by type." +#: ipaserver/plugins/hbacrule.py:212 +msgid "Rule type (allow)" msgstr "" -#: ipaserver/plugins/migration.py:666 -msgid "Lists of objects that could not be migrated; categorized by type." +#: ipaserver/plugins/netgroup.py:227 ipaserver/plugins/caacl.py:195 +#: ipaserver/plugins/hbacrule.py:223 ipaserver/plugins/selinuxusermap.py:253 +#: ipaserver/plugins/sudorule.py:255 +msgid "User category" msgstr "" -#: ipaserver/plugins/migration.py:670 -msgid "False if migration mode was disabled." +#: ipaserver/plugins/netgroup.py:228 ipaserver/plugins/hbacrule.py:224 +#: ipaserver/plugins/selinuxusermap.py:254 ipaserver/plugins/sudorule.py:256 +msgid "User category the rule applies to" msgstr "" -#: ipaserver/plugins/migration.py:674 -msgid "False if migration fails because the compatibility plug-in is enabled." +#: ipaserver/plugins/netgroup.py:233 ipaserver/plugins/caacl.py:201 +#: ipaserver/plugins/hbacrule.py:229 ipaserver/plugins/selinuxusermap.py:259 +#: ipaserver/plugins/sudorule.py:261 +msgid "Host category" msgstr "" -msgid "" -"\n" -"Misc plug-ins\n" +#: ipaserver/plugins/netgroup.py:234 ipaserver/plugins/hbacrule.py:230 +#: ipaserver/plugins/selinuxusermap.py:260 ipaserver/plugins/sudorule.py:262 +msgid "Host category the rule applies to" msgstr "" -msgid "Show environment variables." +#: ipaserver/plugins/hbacrule.py:243 +msgid "Service category" msgstr "" -msgid "Forward to server instead of running locally" +#: ipaserver/plugins/hbacrule.py:244 +msgid "Service category the rule applies to" msgstr "" -#: ipalib/misc.py:103 -msgid "" -"retrieve and print all attributes from the server. Affects command output." +#: ipaserver/plugins/certmap.py:310 ipaserver/plugins/hbacrule.py:256 +#: ipaserver/plugins/selinuxusermap.py:268 ipaserver/plugins/sudorule.py:250 +#: ipaserver/plugins/internal.py:1963 +msgid "Enabled" msgstr "" -msgid "Dictionary mapping variable name to value" +#: ipaserver/plugins/hbacrule.py:264 ipaserver/plugins/selinuxusermap.py:276 +#: ipaserver/plugins/group.py:334 ipaserver/plugins/sudorule.py:295 +#: ipaserver/plugins/internal.py:884 ipaserver/plugins/internal.py:1204 +msgid "User Groups" msgstr "" -msgid "Total number of variables env (>= count)" +#: ipaserver/plugins/hostgroup.py:178 ipaserver/plugins/caacl.py:232 +#: ipaserver/plugins/hbacrule.py:272 ipaserver/plugins/selinuxusermap.py:284 +#: ipaserver/plugins/sudorule.py:308 ipaserver/plugins/internal.py:1078 +#: ipaserver/plugins/internal.py:1178 +msgid "Host Groups" msgstr "" -msgid "Number of variables returned (<= total)" +#: ipaserver/plugins/internal.py:961 ipaserver/plugins/service.py:522 +msgid "Services" msgstr "" -msgid "Show all loaded plugins." +msgid "Service Groups" msgstr "" -msgid "Dictionary mapping plugin names to bases" +#: ipaserver/plugins/baseldap.py:333 +msgid "External host" msgstr "" -msgid "Number of plugins loaded" +#: ipaserver/plugins/hbacrule.py:300 +msgid "Create a new HBAC rule." msgstr "" -#: ipaserver/plugins/netgroup.py:46 -msgid "" -"\n" -"Netgroups\n" -"\n" -"A netgroup is a group used for permission checking. It can contain both\n" -"user and host values.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new netgroup:\n" -" ipa netgroup-add --desc=\"NFS admins\" admins\n" -"\n" -" Add members to the netgroup:\n" -" ipa netgroup-add-member --users=tuser1 --users=tuser2 admins\n" -"\n" -" Remove a member from the netgroup:\n" -" ipa netgroup-remove-member --users=tuser2 admins\n" -"\n" -" Display information about a netgroup:\n" -" ipa netgroup-show admins\n" -"\n" -" Delete a netgroup:\n" -" ipa netgroup-del admins\n" +#: ipaserver/plugins/hbacrule.py:534 +msgid "Add target hosts and hostgroups to an HBAC rule." msgstr "" -#: ipaserver/plugins/netgroup.py:204 -msgid "Netgroup name" +msgid "member host" msgstr "" -#: ipaserver/plugins/netgroup.py:211 -msgid "Netgroup description" +msgid "hosts to add" msgstr "" -#: ipaserver/plugins/netgroup.py:217 -msgid "NIS domain name" +msgid "member host group" msgstr "" -#: ipaserver/plugins/netgroup.py:222 -msgid "IPA unique ID" +msgid "host groups to add" msgstr "" -#: ipaserver/plugins/baseldap.py:92 -msgid "Member netgroups" +#: ipaserver/plugins/hbacrule.py:591 +msgid "Add services to an HBAC rule." msgstr "" -#: ipaserver/plugins/baseldap.py:155 -msgid "Indirect Member netgroups" +msgid "member HBAC service" msgstr "" -msgid "Member User" +msgid "HBAC services to add" msgstr "" -msgid "Member Group" +msgid "member HBAC service group" msgstr "" -#: ipaserver/plugins/netgroup.py:88 -msgid "Member Host" +msgid "HBAC service groups to add" msgstr "" -msgid "Member Hostgroup" +#: ipaserver/plugins/hbacrule.py:503 +msgid "Add users and groups to an HBAC rule." msgstr "" -#: ipaserver/plugins/netgroup.py:263 -msgid "Add a new netgroup." +#: ipaserver/plugins/hbacrule.py:314 +msgid "Delete an HBAC rule." msgstr "" -#: ipaserver/plugins/netgroup.py:378 -msgid "Add members to a netgroup." +#: ipaserver/plugins/hbacrule.py:411 +msgid "Disable an HBAC rule." msgstr "" -msgid "member netgroup" +#: ipaserver/plugins/hbacrule.py:381 +msgid "Enable an HBAC rule." msgstr "" -msgid "netgroups to add" +#: ipaserver/plugins/hbacrule.py:365 +msgid "Search for HBAC rules." msgstr "" -#: ipaserver/plugins/netgroup.py:299 -msgid "Delete a netgroup." +#: ipaserver/plugins/hbacrule.py:331 +msgid "Modify an HBAC rule." msgstr "" -#: ipaserver/plugins/netgroup.py:334 -msgid "Search for a netgroup." +#: ipaserver/plugins/hbacrule.py:556 +msgid "Remove target hosts and hostgroups from an HBAC rule." msgstr "" -#: ipaserver/plugins/netgroup.py:349 -msgid "search for managed groups" +msgid "hosts to remove" msgstr "" -msgid "Search for netgroups with these member netgroups." +msgid "host groups to remove" msgstr "" -msgid "Search for netgroups without these member netgroups." +#: ipaserver/plugins/hbacrule.py:613 +msgid "Remove service and service groups from an HBAC rule." msgstr "" -msgid "Search for netgroups with these member users." +msgid "HBAC services to remove" msgstr "" -msgid "Search for netgroups without these member users." +msgid "HBAC service groups to remove" msgstr "" -#: ipaserver/plugins/group.py:424 ipaserver/plugins/group.py:698 -#: ipaserver/plugins/user.py:169 -msgid "group" +#: ipaserver/plugins/hbacrule.py:525 +msgid "Remove users and groups from an HBAC rule." msgstr "" -msgid "Search for netgroups with these member groups." +#: ipaserver/plugins/hbacrule.py:375 +msgid "Display the properties of an HBAC rule." msgstr "" -msgid "Search for netgroups without these member groups." +msgid "" +"\n" +"HBAC Services\n" +"\n" +"The PAM services that HBAC can control access to. The name used here\n" +"must match the service name that PAM is evaluating.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new HBAC service:\n" +" ipa hbacsvc-add tftp\n" +"\n" +" Modify an existing HBAC service:\n" +" ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n" +"\n" +" Search for HBAC services. This example will return two results, the FTP\n" +" service and the newly-added tftp service:\n" +" ipa hbacsvc-find ftp\n" +"\n" +" Delete an HBAC service:\n" +" ipa hbacsvc-del tftp\n" msgstr "" -msgid "Search for netgroups with these member hosts." +#: ipaserver/plugins/hbacsvc.py:101 +msgid "Service name" msgstr "" -msgid "Search for netgroups without these member hosts." +#: ipaserver/plugins/hbacsvc.py:102 +msgid "HBAC service" msgstr "" -msgid "Search for netgroups with these member host groups." +#: ipaserver/plugins/hbacsvc.py:109 +msgid "HBAC service description" msgstr "" -msgid "Search for netgroups without these member host groups." +msgid "Member of HBAC service groups" msgstr "" -msgid "Search for netgroups with these member of netgroups." +msgid "Add a new HBAC service." msgstr "" -msgid "Search for netgroups without these member of netgroups." +#: ipaserver/plugins/hbacsvc.py:125 +msgid "Delete an existing HBAC service." msgstr "" -#: ipaserver/plugins/netgroup.py:307 -msgid "Modify a netgroup." +#: ipaserver/plugins/hbacsvc.py:141 +msgid "Search for HBAC services." msgstr "" -#: ipaserver/plugins/netgroup.py:400 -msgid "Remove members from a netgroup." +msgid "Results should contain primary key attribute only (\"service\")" msgstr "" -msgid "netgroups to remove" +#: ipaserver/plugins/hbacsvc.py:133 +msgid "Modify an HBAC service." msgstr "" -#: ipaserver/plugins/netgroup.py:371 -msgid "Display information about a netgroup." +#: ipaserver/plugins/hbacsvc.py:151 +msgid "Display information about an HBAC service." msgstr "" -#: ipaserver/plugins/otpconfig.py:24 +#: ipaserver/plugins/hbacsvcgroup.py:33 msgid "" "\n" -"OTP configuration\n" +"HBAC Service Groups\n" "\n" -"Manage the default values that IPA uses for OTP tokens.\n" +"HBAC service groups can contain any number of individual services,\n" +"or \"members\". Every group must have a description.\n" "\n" "EXAMPLES:\n" "\n" -" Show basic OTP configuration:\n" -" ipa otpconfig-show\n" -"\n" -" Show all OTP configuration options:\n" -" ipa otpconfig-show --all\n" -"\n" -" Change maximum TOTP authentication window to 10 minutes:\n" -" ipa otpconfig-mod --totp-auth-window=600\n" +" Add a new HBAC service group:\n" +" ipa hbacsvcgroup-add --desc=\"login services\" login\n" "\n" -" Change maximum TOTP synchronization window to 12 hours:\n" -" ipa otpconfig-mod --totp-sync-window=43200\n" +" Add members to an HBAC service group:\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login\n" "\n" -" Change maximum HOTP authentication window to 5:\n" -" ipa hotpconfig-mod --hotp-auth-window=5\n" +" Display information about a named group:\n" +" ipa hbacsvcgroup-show login\n" "\n" -" Change maximum HOTP synchronization window to 50:\n" -" ipa hotpconfig-mod --hotp-sync-window=50\n" +" Delete an HBAC service group:\n" +" ipa hbacsvcgroup-del login\n" msgstr "" -#: ipaserver/plugins/otpconfig.py:86 -msgid "TOTP authentication Window" +#: ipaserver/plugins/hbacsvcgroup.py:114 +msgid "Service group name" msgstr "" -#: ipaserver/plugins/otpconfig.py:87 -msgid "TOTP authentication time variance (seconds)" +#: ipaserver/plugins/hbacsvcgroup.py:121 +msgid "HBAC service group description" msgstr "" -#: ipaserver/plugins/otpconfig.py:92 -msgid "TOTP Synchronization Window" +#: ipaserver/plugins/baseldap.py:107 +msgid "Member HBAC service" msgstr "" -#: ipaserver/plugins/otpconfig.py:93 -msgid "TOTP synchronization time variance (seconds)" +#: ipaserver/plugins/hbacsvcgroup.py:129 +msgid "Add a new HBAC service group." msgstr "" -#: ipaserver/plugins/otpconfig.py:98 -msgid "HOTP Authentication Window" +#: ipaserver/plugins/hbacsvcgroup.py:169 +msgid "Add members to an HBAC service group." msgstr "" -#: ipaserver/plugins/otpconfig.py:99 -msgid "HOTP authentication skip-ahead" +#: ipaserver/plugins/hbacsvcgroup.py:137 +msgid "Delete an HBAC service group." msgstr "" -#: ipaserver/plugins/otpconfig.py:104 -msgid "HOTP Synchronization Window" +#: ipaserver/plugins/hbacsvcgroup.py:153 +msgid "Search for an HBAC service group." msgstr "" -#: ipaserver/plugins/otpconfig.py:105 -msgid "HOTP synchronization skip-ahead" +#: ipaserver/plugins/hbacsvcgroup.py:145 +msgid "Modify an HBAC service group." msgstr "" -#: ipaserver/plugins/otpconfig.py:116 -msgid "Modify OTP configuration options." +#: ipaserver/plugins/hbacsvcgroup.py:175 +msgid "Remove members from an HBAC service group." msgstr "" -#: ipaserver/plugins/otpconfig.py:121 -msgid "Show the current OTP configuration." +#: ipaserver/plugins/hbacsvcgroup.py:163 +msgid "Display information about an HBAC service group." msgstr "" msgid "" "\n" -"YubiKey Tokens\n" +"Simulate use of Host-based access controls\n" "\n" -"Manage YubiKey tokens.\n" +"HBAC rules control who can access what services on what hosts.\n" +"You can use HBAC to control which users or groups can access a service,\n" +"or group of services, on a target host.\n" "\n" -"This code is an extension to the otptoken plugin and provides support for\n" -"reading/writing YubiKey tokens directly.\n" +"Since applying HBAC rules implies use of a production environment,\n" +"this plugin aims to provide simulation of HBAC rules evaluation without\n" +"having access to the production environment.\n" "\n" -"EXAMPLES:\n" +" Test user coming to a service on a named host against\n" +" existing enabled rules.\n" "\n" -" Add a new token:\n" -" ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n" -msgstr "" - -msgid "" +" ipa hbactest --user= --host= --service=\n" +" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" +" [--sizelimit= ]\n" "\n" -"Set a user's password\n" +" --user, --host, and --service are mandatory, others are optional.\n" "\n" -"If someone other than a user changes that user's password (e.g., Helpdesk\n" -"resets it) then the password will need to be changed the first time it\n" -"is used. This is so the end-user is the only one who knows the password.\n" +" If --rules is specified simulate enabling of the specified rules and test\n" +" the login of the user using only these rules.\n" "\n" -"The IPA password policy controls how often a password may be changed,\n" -"what strength requirements exist, and the length of the password history.\n" +" If --enabled is specified, all enabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --disabled is specified, all disabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --nodetail is specified, do not return information about rules matched/" +"not matched.\n" +"\n" +" If both --rules and --enabled are specified, apply simulation to --rules " +"_and_\n" +" all IPA enabled rules.\n" +"\n" +" If no --rules specified, simulation is run against all IPA enabled rules.\n" +" By default there is a IPA-wide limit to number of entries fetched, you can " +"change it\n" +" with --sizelimit option.\n" "\n" "EXAMPLES:\n" "\n" -" To reset your own password:\n" -" ipa passwd\n" +" 1. Use all enabled HBAC rules in IPA database to simulate:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" "\n" -" To change another user's password:\n" -" ipa passwd tuser1\n" -msgstr "" - -msgid "Set a user's password." -msgstr "" - -#: ipaserver/plugins/internal.py:1726 -msgid "New Password" -msgstr "" - -#: ipaserver/plugins/internal.py:1720 -msgid "Current Password" -msgstr "" - -#: ipaserver/plugins/internal.py:192 ipaserver/plugins/internal.py:1728 -msgid "OTP" -msgstr "" - -msgid "One Time Password" -msgstr "" - -msgid "" +" 2. Disable detailed summary of how rules were applied:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" "\n" -"Permissions\n" +" 3. Test explicitly specified HBAC rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --rules=myrule --rules=my-second-rule\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: myrule\n" "\n" -"A permission enables fine-grained delegation of rights. A permission is\n" -"a human-readable wrapper around a 389-ds Access Control Rule,\n" -"or instruction (ACI).\n" -"A permission grants the right to perform a specific task such as adding a\n" -"user, modifying a group, etc.\n" +" 4. Use all enabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --rules=myrule --rules=my-second-rule --enabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" "\n" -"A permission may not contain other permissions.\n" +" 5. Test all disabled HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: new-rule\n" "\n" -"* A permission grants access to read, write, add, delete, read, search,\n" -" or compare.\n" -"* A privilege combines similar permissions (for example all the permissions\n" -" needed to add a user).\n" -"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +" 6. Test all disabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --rules=myrule --rules=my-second-rule --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" "\n" -"A permission is made up of a number of different parts:\n" +" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --enabled --disabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Not matched rules: new-rule\n" +" Matched rules: allow_all\n" "\n" -"1. The name of the permission.\n" -"2. The target of the permission.\n" -"3. The rights granted by the permission.\n" "\n" -"Rights define what operations are allowed, and may be one or more\n" -"of the following:\n" -"1. write - write one or more attributes\n" -"2. read - read one or more attributes\n" -"3. search - search on one or more attributes\n" -"4. compare - compare one or more attributes\n" -"5. add - add a new entry to the tree\n" -"6. delete - delete an existing entry\n" -"7. all - all permissions are granted\n" +"HBACTEST AND TRUSTED DOMAINS\n" +"\n" +"When an external trusted domain is configured in IPA, HBAC rules are also " +"applied\n" +"on users accessing IPA resources from the trusted domain. Trusted domain " +"users and\n" +"groups (and their SIDs) can be then assigned to external groups which can " +"be\n" +"members of POSIX groups in IPA which can be used in HBAC rules and thus " +"allowing\n" +"access to resources protected by the HBAC system.\n" +"\n" +"hbactest plugin is capable of testing access for both local IPA users and " +"users\n" +"from the trusted domains, either by a fully qualified user name or by user " +"SID.\n" +"Such user names need to have a trusted domain specified as a short name\n" +"(DOMAIN\\Administrator) or with a user principal name (UPN), " +"Administrator@ad.test.\n" +"\n" +"Please note that hbactest executed with a trusted domain user as --user " +"parameter\n" +"can be only run by members of \"trust admins\" group.\n" "\n" -"Note the distinction between attributes and entries. The permissions are\n" -"independent, so being able to add a user does not mean that the user will\n" -"be editable.\n" +"EXAMPLES:\n" "\n" -"There are a number of allowed targets:\n" -"1. subtree: a DN; the permission applies to the subtree under this DN\n" -"2. target filter: an LDAP filter\n" -"3. target: DN with possible wildcards, specifies entries permission applies " -"to\n" +" 1. Test if a user from a trusted domain specified by its shortname " +"matches any\n" +" rule:\n" "\n" -"Additionally, there are the following convenience options.\n" -"Setting one of these options will set the corresponding attribute(s).\n" -"1. type: a type of object (user, group, etc); sets subtree and target " -"filter.\n" -"2. memberof: apply to members of a group; sets target filter\n" -"3. targetgroup: grant access to modify a specific group (such as granting\n" -" the rights to manage group membership); sets target.\n" +" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" "\n" -"Managed permissions\n" +" 2. Test if a user from a trusted domain specified by its domain name " +"matches\n" +" any rule:\n" "\n" -"Permissions that come with IPA by default can be so-called \"managed\"\n" -"permissions. These have a default set of attributes they apply to,\n" -"but the administrator can add/remove individual attributes to/from the set.\n" +" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" "\n" -"Deleting or renaming a managed permission, as well as changing its target,\n" -"is not allowed.\n" +" 3. Test if a user from a trusted domain specified by its SID matches any " +"rule:\n" "\n" -"EXAMPLES:\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" "\n" -" Add a permission that grants the creation of users:\n" -" ipa permission-add --type=user --permissions=add \"Add Users\"\n" +" 4. Test if other user from a trusted domain specified by its SID matches " +"any rule:\n" "\n" -" Add a permission that grants the ability to manage group membership:\n" -" ipa permission-add --attrs=member --permissions=write --type=group " -"\"Manage Group Members\"\n" -msgstr "" - -#: ipaserver/plugins/permission.py:237 -msgid "Permission name" -msgstr "" - -#: ipaserver/plugins/permission.py:246 -msgid "Granted rights" -msgstr "" - -#: ipaserver/plugins/permission.py:247 -msgid "Rights to grant (read, search, compare, write, add, delete, all)" -msgstr "" - -#: ipaserver/plugins/permission.py:254 -msgid "Effective attributes" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +"\n" +" 5. Test if other user from a trusted domain specified by its shortname " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " +"sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" msgstr "" -#: ipaserver/plugins/permission.py:255 -msgid "All attributes to which the permission applies" +#: ipaserver/plugins/hbactest.py:256 +msgid "Simulate use of Host-based access controls" msgstr "" -#: ipaserver/plugins/permission.py:260 -msgid "Included attributes" +#: ipaserver/plugins/hbactest.py:270 ipaserver/plugins/krbtpolicy.py:134 +msgid "User name" msgstr "" -#: ipaserver/plugins/permission.py:261 -msgid "User-specified attributes to which the permission applies" +#: ipaserver/plugins/hbactest.py:281 +msgid "Target host" msgstr "" -#: ipaserver/plugins/permission.py:266 -msgid "Excluded attributes" +#: ipaserver/plugins/hbactest.py:289 +msgid "Rules to test. If not specified, --enabled is assumed" msgstr "" -#: ipaserver/plugins/permission.py:267 -msgid "" -"User-specified attributes to which the permission explicitly does not apply" +#: ipaserver/plugins/hbactest.py:293 +msgid "Hide details which rules are matched, not matched, or invalid" msgstr "" -#: ipaserver/plugins/permission.py:273 -msgid "Default attributes" +#: ipaserver/plugins/hbactest.py:297 +msgid "Include all enabled IPA rules into test [default]" msgstr "" -#: ipaserver/plugins/permission.py:274 -msgid "Attributes to which the permission applies by default" +#: ipaserver/plugins/hbactest.py:301 +msgid "Include all disabled IPA rules into test" msgstr "" -#: ipaserver/plugins/permission.py:280 ipaserver/plugins/permission.py:281 -msgid "Bind rule type" +#: ipaserver/plugins/hbactest.py:305 +msgid "Maximum number of rules to process when no --rules is specified" msgstr "" -#: ipaserver/plugins/permission.py:291 -msgid "Subtree to apply permissions to" +#: ipaserver/plugins/hbactest.py:260 +msgid "Warning" msgstr "" -#: ipaserver/plugins/permission.py:299 ipaserver/plugins/permission.py:300 -msgid "Extra target filter" +#: ipaserver/plugins/hbactest.py:261 +msgid "Matched rules" msgstr "" -#: ipaserver/plugins/permission.py:306 -msgid "Raw target filter" +#: ipaserver/plugins/hbactest.py:262 +msgid "Not matched rules" msgstr "" -#: ipaserver/plugins/permission.py:307 -msgid "All target filters, including those implied by type and memberof" +#: ipaserver/plugins/hbactest.py:263 +msgid "Non-existent or invalid rules" msgstr "" -#: ipaserver/plugins/permission.py:314 -msgid "Target DN" +#: ipaserver/plugins/hbactest.py:264 +msgid "Result of simulation" msgstr "" -#: ipaserver/plugins/permission.py:315 msgid "" -"Optional DN to apply the permission to (must be in the subtree, but may not " -"yet exist)" +"\n" +"Hosts/Machines\n" +"\n" +"A host represents a machine. It can be used in a number of contexts:\n" +"- service entries are associated with a host\n" +"- a host stores the host/ service principal\n" +"- a host can be used in Host-based Access Control (HBAC) rules\n" +"- every enrolled client generates a host entry\n" +"\n" +"ENROLLMENT:\n" +"\n" +"There are three enrollment scenarios when enrolling a new client:\n" +"\n" +"1. You are enrolling as a full administrator. The host entry may exist\n" +" or not. A full administrator is a member of the hostadmin role\n" +" or the admins group.\n" +"2. You are enrolling as a limited administrator. The host must already\n" +" exist. A limited administrator is a member a role with the\n" +" Host Enrollment privilege.\n" +"3. The host has been created with a one-time password.\n" +"\n" +"RE-ENROLLMENT:\n" +"\n" +"Host that has been enrolled at some point, and lost its configuration (e.g. " +"VM\n" +"destroyed) can be re-enrolled.\n" +"\n" +"For more information, consult the manual pages for ipa-client-install.\n" +"\n" +"A host can optionally store information such as where it is located,\n" +"the OS that it runs, etc.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host:\n" +" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." +"com\n" +"\n" +" Delete a host:\n" +" ipa host-del test.example.com\n" +"\n" +" Add a new host with a one-time password:\n" +" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" +"\n" +" Add a new host with a random one-time password:\n" +" ipa host-add --os='Fedora 12' --random test.example.com\n" +"\n" +" Modify information about a host:\n" +" ipa host-mod --os='Fedora 12' test.example.com\n" +"\n" +" Remove SSH public keys of a host and update DNS to reflect this change:\n" +" ipa host-mod --sshpubkey= --updatedns test.example.com\n" +"\n" +" Disable the host Kerberos key, SSL certificate and all of its services:\n" +" ipa host-disable test.example.com\n" +"\n" +" Add a host that can manage this host's keytab and certificate:\n" +" ipa host-add-managedby --hosts=test2 test\n" +"\n" +" Allow user to create a keytab:\n" +" ipa host-allow-create-keytab test2 --users=tuser1\n" msgstr "" -#: ipaserver/plugins/permission.py:336 -msgid "Member of group" +#: ipaserver/plugins/service.py:767 +msgid "Host name" msgstr "" -#: ipaserver/plugins/permission.py:337 -msgid "Target members of a group (sets memberOf targetfilter)" +msgid "A description of this host" msgstr "" -#: ipaserver/plugins/permission.py:342 -msgid "User group to apply permissions to (sets target)" +msgid "Locality" msgstr "" -#: ipaserver/plugins/permission.py:348 -msgid "Type of IPA object (sets subtree and objectClass targetfilter)" +msgid "Host locality (e.g. \"Baltimore, MD\")" msgstr "" -msgid "Deprecated; use extratargetfilter" +msgid "Host location (e.g. \"Lab 2\")" msgstr "" -msgid "Deprecated; use ipapermlocation" +msgid "Platform" msgstr "" -msgid "Deprecated; use ipapermright" +msgid "Host hardware platform (e.g. \"Lenovo T61\")" msgstr "" -msgid "Granted to Privilege" +msgid "Operating system" msgstr "" -#: ipaserver/plugins/baseldap.py:143 -msgid "Indirect Member of roles" +msgid "Host operating system and version (e.g. \"Fedora 9\")" msgstr "" -#: ipaserver/plugins/permission.py:1020 -msgid "Add a new permission." +msgid "User password" msgstr "" -#: ipaserver/plugins/permission.py:1442 -msgid "Add members to a permission." +msgid "Password used in bulk enrollment" msgstr "" -msgid "member privilege" +msgid "Generate a random password to be used in bulk enrollment" msgstr "" -msgid "privileges to add" +#: ipaserver/plugins/baseuser.py:343 +msgid "Random password" msgstr "" -#: ipaserver/plugins/permission.py:992 -msgid "Add a system permission without an ACI (internal command)" +#: ipaserver/plugins/certmap.py:605 ipaserver/plugins/idviews.py:1068 +#: ipaserver/plugins/ca.py:114 ipaserver/plugins/cert.py:353 +#: ipaserver/plugins/host.py:532 ipaserver/plugins/internal.py:644 +#: ipaserver/plugins/internal.py:728 ipaserver/plugins/service.py:556 +#: ipaserver/plugins/baseuser.py:462 ipaserver/plugins/baseuser.py:956 +msgid "Certificate" msgstr "" -#: ipaserver/plugins/permission.py:170 -msgid "Permission flags" +msgid "Base-64 encoded server certificate" msgstr "" -#: ipaserver/plugins/permission.py:1090 -msgid "Delete a permission." +#: ipaserver/plugins/service.py:530 ipaserver/plugins/baseuser.py:303 +msgid "Principal name" msgstr "" -#: ipaserver/plugins/permission.py:1098 -msgid "force delete of SYSTEM permissions" +msgid "MAC address" msgstr "" -#: ipaserver/plugins/permission.py:1299 -msgid "Search for permissions." +msgid "Hardware MAC address(es) on this host" msgstr "" -#: ipaserver/plugins/permission.py:1125 -msgid "Modify a permission." +#: ipaserver/plugins/host.py:603 ipaserver/plugins/baseuser.py:402 +msgid "SSH public key" msgstr "" -msgid "Rename the permission object" +#: ipaserver/plugins/baseuser.py:420 +msgid "Class" msgstr "" -#: ipaserver/plugins/permission.py:1454 -msgid "Remove members from a permission." +msgid "" +"Host category (semantics placed on this attribute are for local " +"interpretation)" msgstr "" -msgid "privileges to remove" +#: ipaserver/plugins/internal.py:1136 +msgid "Assigned ID View" msgstr "" -#: ipaserver/plugins/permission.py:1432 -msgid "Display information about a permission." +#: ipaserver/plugins/service.py:176 +msgid "Requires pre-authentication" msgstr "" -msgid "" -"\n" -"Ping the remote IPA server to ensure it is running.\n" -"\n" -"The ping command sends an echo request to an IPA server. The server\n" -"returns its version information. This is used by an IPA client\n" -"to confirm that the server is available and accepting requests.\n" -"\n" -"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n" -"If it does not respond then the client will contact any servers defined\n" -"by ldap SRV records in DNS.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Ping an IPA server:\n" -" ipa ping\n" -" ------------------------------------------\n" -" IPA server version 2.1.9. API version 2.20\n" -" ------------------------------------------\n" -"\n" -" Ping an IPA server verbosely:\n" -" ipa -v ping\n" -" ipa: INFO: trying https://ipa.example.com/ipa/xml\n" -" ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'\n" -" -----------------------------------------------------\n" -" IPA server version 2.1.9. API version 2.20\n" -" -----------------------------------------------------\n" +#: ipaserver/plugins/service.py:177 +msgid "Pre-authentication is required for the service" msgstr "" -msgid "Ping a remote server." +#: ipaserver/plugins/service.py:182 +msgid "Trusted for delegation" msgstr "" -msgid "" -"\n" -"Kerberos pkinit options\n" -"\n" -"Enable or disable anonymous pkinit using the principal\n" -"WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with\n" -"pkinit support.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Enable anonymous pkinit:\n" -" ipa pkinit-anonymous enable\n" -"\n" -" Disable anonymous pkinit:\n" -" ipa pkinit-anonymous disable\n" -"\n" -"For more information on anonymous pkinit see:\n" -"\n" -"http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit\n" +#: ipaserver/plugins/service.py:183 +msgid "Client credentials may be delegated to the service" msgstr "" -msgid "Enable or Disable Anonymous PKINIT." +#: ipaserver/plugins/baseldap.py:71 +msgid "Member of host-groups" msgstr "" -#: ipaserver/plugins/privilege.py:37 -msgid "" -"\n" -"Privileges\n" -"\n" -"A privilege combines permissions into a logical task. A permission provides\n" -"the rights to do a single task. There are some IPA operations that require\n" -"multiple permissions to succeed. A privilege is where permissions are\n" -"combined in order to perform a specific task.\n" -"\n" -"For example, adding a user requires the following permissions:\n" -" * Creating a new user entry\n" -" * Resetting a user password\n" -" * Adding the new user to the default IPA users group\n" -"\n" -"Combining these three low-level tasks into a higher level task in the\n" -"form of a privilege named \"Add User\" makes it easier to manage Roles.\n" -"\n" -"A privilege may not contain other privileges.\n" -"\n" -"See role and permission for additional information.\n" +msgid "Indirect Member of host-group" msgstr "" -#: ipaserver/plugins/privilege.py:154 -msgid "Privilege name" +#: ipaserver/plugins/service.py:128 +msgid "Keytab" msgstr "" -#: ipaserver/plugins/privilege.py:160 -msgid "Privilege description" +msgid "Managed by" msgstr "" -#: ipaserver/plugins/baseldap.py:89 -msgid "Granting privilege to roles" +msgid "Managing" msgstr "" -#: ipaserver/plugins/privilege.py:167 -msgid "Add a new privilege." +#: ipaserver/plugins/service.py:134 +msgid "Users allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/privilege.py:202 -msgid "Add members to a privilege." +#: ipaserver/plugins/service.py:137 +msgid "Groups allowed to retrieve keytab" msgstr "" -msgid "member role" +#: ipaserver/plugins/service.py:140 +msgid "Hosts allowed to retrieve keytab" msgstr "" -msgid "roles to add" +#: ipaserver/plugins/service.py:143 +msgid "Host Groups allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/privilege.py:215 -msgid "Add permissions to a privilege." +#: ipaserver/plugins/service.py:146 +msgid "Users allowed to create keytab" msgstr "" -#: ipaserver/plugins/permission.py:181 -msgid "permission" +#: ipaserver/plugins/service.py:149 +msgid "Groups allowed to create keytab" msgstr "" -#: ipaserver/plugins/permission.py:182 -msgid "permissions" +#: ipaserver/plugins/service.py:152 +msgid "Hosts allowed to create keytab" msgstr "" -#: ipaserver/plugins/privilege.py:230 -msgid "Number of permissions added" +#: ipaserver/plugins/service.py:155 +msgid "Host Groups allowed to create keytab" msgstr "" -#: ipaserver/plugins/privilege.py:174 -msgid "Delete a privilege." +msgid "Add a new host." msgstr "" -#: ipaserver/plugins/privilege.py:188 -msgid "Search for privileges." +msgid "force host name even if not in DNS" msgstr "" -#: ipaserver/plugins/privilege.py:181 -msgid "Modify a privilege." +msgid "skip reverse DNS detection" msgstr "" -msgid "Rename the privilege object" +msgid "Add the host to DNS with this IP address" msgstr "" -#: ipaserver/plugins/privilege.py:209 -msgid "Remove members from a privilege" +msgid "Add hosts that can manage this host." msgstr "" -msgid "roles to remove" +msgid "" +"Allow users, groups, hosts or host groups to create a keytab of this host." msgstr "" -#: ipaserver/plugins/privilege.py:244 -msgid "Remove permissions from a privilege." +msgid "" +"Allow users, groups, hosts or host groups to retrieve a keytab of this host." msgstr "" -#: ipaserver/plugins/privilege.py:262 -msgid "Number of permissions removed" +msgid "Delete a host." msgstr "" -#: ipaserver/plugins/privilege.py:197 -msgid "Display information about a privilege." +msgid "Remove entries from DNS" msgstr "" -msgid "" -"\n" -"Password policy\n" -"\n" -"A password policy sets limitations on IPA passwords, including maximum\n" -"lifetime, minimum lifetime, the number of passwords to save in\n" -"history, the number of character classes required (for stronger passwords)\n" -"and the minimum password length.\n" -"\n" -"By default there is a single, global policy for all users. You can also\n" -"create a password policy to apply to a group. Each user is only subject\n" -"to one password policy, either the group policy or the global policy. A\n" -"group policy stands alone; it is not a super-set of the global policy plus\n" -"custom settings.\n" -"\n" -"Each group password policy requires a unique priority setting. If a user\n" -"is in multiple groups that have password policies, this priority determines\n" -"which password policy is applied. A lower value indicates a higher priority\n" -"policy.\n" -"\n" -"Group password policies are automatically removed when the groups they\n" -"are associated with are removed.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Modify the global policy:\n" -" ipa pwpolicy-mod --minlength=10\n" -"\n" -" Add a new group password policy:\n" -" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" -"minlength=8 --priority=10 localadmins\n" -"\n" -" Display the global password policy:\n" -" ipa pwpolicy-show\n" -"\n" -" Display a group password policy:\n" -" ipa pwpolicy-show localadmins\n" -"\n" -" Display the policy that would be applied to a given user:\n" -" ipa pwpolicy-show --user=tuser1\n" -"\n" -" Modify a group password policy:\n" -" ipa pwpolicy-mod --minclasses=2 localadmins\n" +msgid "Disable the Kerberos key, SSL certificate and all services of a host." msgstr "" -#: ipaserver/plugins/internal.py:1681 ipaserver/plugins/pwpolicy.py:307 -msgid "Group" +msgid "" +"Disallow users, groups, hosts or host groups to create a keytab of this host." msgstr "" -#: ipaserver/plugins/pwpolicy.py:308 -msgid "Manage password policy for specific group" +msgid "" +"Disallow users, groups, hosts or host groups to retrieve a keytab of this " +"host." msgstr "" -#: ipaserver/plugins/pwpolicy.py:313 -msgid "Max lifetime (days)" +msgid "Search for hosts." msgstr "" -#: ipaserver/plugins/pwpolicy.py:314 -msgid "Maximum password lifetime (in days)" +msgid "Results should contain primary key attribute only (\"hostname\")" msgstr "" -#: ipaserver/plugins/pwpolicy.py:320 -msgid "Min lifetime (hours)" +#: ipaserver/plugins/hostgroup.py:106 +msgid "host group" msgstr "" -#: ipaserver/plugins/pwpolicy.py:321 -msgid "Minimum password lifetime (in hours)" +msgid "Search for hosts with these member of host groups." msgstr "" -#: ipaserver/plugins/pwpolicy.py:326 -msgid "History size" +msgid "Search for hosts without these member of host groups." msgstr "" -#: ipaserver/plugins/pwpolicy.py:327 -msgid "Password history size" +msgid "Search for hosts with these member of netgroups." msgstr "" -#: ipaserver/plugins/pwpolicy.py:332 -msgid "Character classes" +msgid "Search for hosts without these member of netgroups." msgstr "" -#: ipaserver/plugins/pwpolicy.py:333 -msgid "Minimum number of character classes" +msgid "Search for hosts with these member of roles." msgstr "" -#: ipaserver/plugins/pwpolicy.py:339 -msgid "Min length" +msgid "Search for hosts without these member of roles." msgstr "" -#: ipaserver/plugins/pwpolicy.py:340 -msgid "Minimum length of password" +msgid "Search for hosts with these member of HBAC rules." msgstr "" -#: ipaserver/plugins/pwpolicy.py:346 -msgid "Priority of the policy (higher number means lower priority" +msgid "Search for hosts without these member of HBAC rules." msgstr "" -#: ipaserver/plugins/pwpolicy.py:353 -msgid "Max failures" +msgid "Search for hosts with these member of sudo rules." msgstr "" -#: ipaserver/plugins/pwpolicy.py:354 -msgid "Consecutive failures before lockout" +msgid "Search for hosts without these member of sudo rules." msgstr "" -#: ipaserver/plugins/pwpolicy.py:360 -msgid "Failure reset interval" +msgid "Search for hosts with these enrolled by users." msgstr "" -#: ipaserver/plugins/pwpolicy.py:361 -msgid "Period after which failure count will be reset (seconds)" +msgid "Search for hosts without these enrolled by users." msgstr "" -#: ipaserver/plugins/pwpolicy.py:367 -msgid "Lockout duration" +#: ipaserver/plugins/sudorule.py:447 ipaserver/plugins/host.py:292 +msgid "host" msgstr "" -#: ipaserver/plugins/pwpolicy.py:368 -msgid "Period for which lockout is enforced (seconds)" +msgid "Search for hosts with these managed by hosts." msgstr "" -msgid "Results should contain primary key attribute only (\"cn\")" +msgid "Search for hosts without these managed by hosts." msgstr "" -#: ipaserver/plugins/pwpolicy.py:529 -msgid "Add a new group password policy." +msgid "Search for hosts with these managing hosts." msgstr "" -#: ipaserver/plugins/pwpolicy.py:557 -msgid "Delete a group password policy." +msgid "Search for hosts without these managing hosts." msgstr "" -#: ipaserver/plugins/pwpolicy.py:669 -msgid "Search for group password policies." +msgid "Modify information about a host." msgstr "" -msgid "Results should contain primary key attribute only (\"group\")" +msgid "Kerberos principal name for this host" msgstr "" -#: ipaserver/plugins/pwpolicy.py:584 -msgid "Modify a group password policy." +msgid "Update DNS entries" msgstr "" -#: ipaserver/plugins/pwpolicy.py:637 -msgid "Display information about password policy." +msgid "Remove hosts that can manage this host." msgstr "" -#: ipaserver/plugins/baseuser.py:251 ipaserver/plugins/internal.py:1203 -#: ipaserver/plugins/internal.py:1327 ipaserver/plugins/internal.py:1715 -#: ipaserver/plugins/pwpolicy.py:641 ipaserver/plugins/user.py:180 -msgid "User" +msgid "Display information about a host." msgstr "" -#: ipaserver/plugins/pwpolicy.py:642 -msgid "Display effective policy for a specific user" +#: ipaserver/plugins/service.py:1029 ipaserver/plugins/user.py:976 +msgid "file to store certificate in" msgstr "" msgid "" "\n" -"RADIUS Proxy Servers\n" -"\n" -"Manage RADIUS Proxy Servers.\n" +"Groups of hosts.\n" "\n" -"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n" -"authentications. This permits a great deal of flexibility when\n" -"integrating with third-party authentication services.\n" +"Manage groups of hosts. This is useful for applying access control to a\n" +"number of hosts by using Host-based Access Control.\n" "\n" "EXAMPLES:\n" "\n" -" Add a new server:\n" -" ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n" +" Add a new host group:\n" +" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" "\n" -" Find all servers whose entries include the string \"example.com\":\n" -" ipa radiusproxy-find example.com\n" +" Add another new host group:\n" +" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" "\n" -" Examine the configuration:\n" -" ipa radiusproxy-show MyRADIUS\n" +" Add members to the hostgroup (using Bash brace expansion):\n" +" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" "\n" -" Change the secret:\n" -" ipa radiusproxy-mod MyRADIUS --secret\n" +" Add a hostgroup as a member of another hostgroup:\n" +" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" "\n" -" Delete a configuration:\n" -" ipa radiusproxy-del MyRADIUS\n" +" Remove a host from the hostgroup:\n" +" ipa hostgroup-remove-member --hosts=box2 baltimore\n" +"\n" +" Display a host group:\n" +" ipa hostgroup-show baltimore\n" +"\n" +" Delete a hostgroup:\n" +" ipa hostgroup-del baltimore\n" msgstr "" -#: ipaserver/plugins/radiusproxy.py:112 -msgid "RADIUS proxy server name" +#: ipaserver/plugins/hostgroup.py:186 +msgid "Host-group" msgstr "" -#: ipaserver/plugins/radiusproxy.py:118 -msgid "A description of this RADIUS proxy server" +#: ipaserver/plugins/hostgroup.py:187 +msgid "Name of host-group" msgstr "" -#: ipaserver/plugins/radiusproxy.py:122 ipaserver/plugins/user.py:1221 -msgid "Server" +#: ipaserver/plugins/hostgroup.py:194 +msgid "A description of this host-group" msgstr "" -#: ipaserver/plugins/radiusproxy.py:123 -msgid "The hostname or IP (with or without port)" +msgid "Member hosts" msgstr "" -#: ipaserver/plugins/radiusproxy.py:127 ipaserver/plugins/idp.py:152 -msgid "Secret" +msgid "Member host-groups" msgstr "" -#: ipaserver/plugins/radiusproxy.py:128 -msgid "The secret used to encrypt data" +#: ipaserver/plugins/baseldap.py:137 +msgid "Indirect Member hosts" msgstr "" -#: ipaserver/plugins/radiusproxy.py:133 -msgid "Timeout" +#: ipaserver/plugins/baseldap.py:140 +msgid "Indirect Member host-groups" msgstr "" -#: ipaserver/plugins/radiusproxy.py:134 -msgid "The total timeout across all retries (in seconds)" +#: ipaserver/plugins/hostgroup.py:220 +msgid "Add a new hostgroup." msgstr "" -#: ipaserver/plugins/radiusproxy.py:139 -msgid "Retries" +#: ipaserver/plugins/hostgroup.py:330 +msgid "Add members to a hostgroup." msgstr "" -#: ipaserver/plugins/radiusproxy.py:140 -msgid "The number of times to retry authentication" +#: ipaserver/plugins/hostgroup.py:260 +msgid "Delete a hostgroup." msgstr "" -#: ipaserver/plugins/radiusproxy.py:146 -msgid "User attribute" +#: ipaserver/plugins/hostgroup.py:298 +msgid "Search for hostgroups." msgstr "" -#: ipaserver/plugins/radiusproxy.py:147 -msgid "The username attribute on the user object" +msgid "Results should contain primary key attribute only (\"hostgroup-name\")" msgstr "" -#: ipaserver/plugins/radiusproxy.py:171 -msgid "Add a new RADIUS proxy server." +msgid "Search for host groups with these member hosts." msgstr "" -#: ipaserver/plugins/radiusproxy.py:176 -msgid "Delete a RADIUS proxy server." +msgid "Search for host groups without these member hosts." msgstr "" -#: ipaserver/plugins/radiusproxy.py:186 -msgid "Search for RADIUS proxy servers." +msgid "Search for host groups with these member host groups." msgstr "" -#: ipaserver/plugins/radiusproxy.py:181 -msgid "Modify a RADIUS proxy server." +msgid "Search for host groups without these member host groups." msgstr "" -msgid "Rename the RADIUS proxy server object" +msgid "Search for host groups with these member of host groups." msgstr "" -#: ipaserver/plugins/radiusproxy.py:201 -msgid "Display information about a RADIUS proxy server." +msgid "Search for host groups without these member of host groups." +msgstr "" + +msgid "Search for host groups with these member of netgroups." +msgstr "" + +msgid "Search for host groups without these member of netgroups." +msgstr "" + +msgid "Search for host groups with these member of HBAC rules." +msgstr "" + +msgid "Search for host groups without these member of HBAC rules." +msgstr "" + +msgid "Search for host groups with these member of sudo rules." +msgstr "" + +msgid "Search for host groups without these member of sudo rules." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:275 +msgid "Modify a hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:340 +msgid "Remove members from a hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:316 +msgid "Display information about a hostgroup." msgstr "" msgid "" "\n" -"Realm domains\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=1000 --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" "\n" -"Manage the list of domains associated with IPA realm.\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" "\n" -"EXAMPLES:\n" +" Add an additional ID range for the local domain\n" "\n" -" Display the current list of realm domains:\n" -" ipa realmdomains-show\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" "\n" -" Replace the list of realm domains:\n" -" ipa realmdomains-mod --domain=example.com\n" -" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" "\n" -" Add a domain to the list of realm domains:\n" -" ipa realmdomains-mod --add-domain=newdomain.com\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" "\n" -" Delete a domain from the list of realm domains:\n" -" ipa realmdomains-mod --del-domain=olddomain.com\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:115 ipaserver/plugins/internal.py:720 -#: ipaserver/plugins/internal.py:1562 ipaserver/plugins/trust.py:1249 -msgid "Domain" +#: ipaserver/plugins/idrange.py:220 +msgid "Range name" msgstr "" -#: ipaserver/plugins/realmdomains.py:121 -msgid "Add domain" +#: ipaserver/plugins/idrange.py:225 +msgid "First Posix ID of the range" msgstr "" -#: ipaserver/plugins/realmdomains.py:127 -msgid "Delete domain" +#: ipaserver/plugins/idrange.py:231 +msgid "Number of IDs in the range" msgstr "" -msgid "Modify realm domains." +#: ipaserver/plugins/idrange.py:237 +msgid "First RID of the corresponding RID range" msgstr "" -#: ipaserver/plugins/realmdomains.py:152 -msgid "Force adding domain even if not in DNS" +#: ipaserver/plugins/idrange.py:241 +msgid "First RID of the secondary RID range" msgstr "" -#: ipaserver/plugins/realmdomains.py:361 -msgid "Display the list of realm domains." +#: ipaserver/plugins/idrange.py:246 ipaserver/plugins/idrange.py:657 +msgid "Domain SID of the trusted domain" +msgstr "" + +#: ipaserver/plugins/idrange.py:251 ipaserver/plugins/idrange.py:665 +msgid "Name of the trusted domain" +msgstr "" + +#: ipaserver/plugins/idrange.py:254 ipaserver/plugins/internal.py:1274 +msgid "Range type" +msgstr "" + +msgid "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local" msgstr "" msgid "" "\n" -"Roles\n" +"Add new ID range.\n" "\n" -"A role is used for fine-grained delegation. A permission grants the ability\n" -"to perform given low-level tasks (add a user, modify a group, etc.). A\n" -"privilege combines one or more permissions into a higher-level abstraction\n" -"such as useradmin. A useradmin would be able to add, delete and modify " -"users.\n" +" To add a new ID range you always have to specify\n" "\n" -"Privileges are assigned to Roles.\n" +" --base-id\n" +" --range-size\n" "\n" -"Users, groups, hosts and hostgroups may be members of a Role.\n" +" Additionally\n" "\n" -"Roles can not contain other roles.\n" +" --rid-base\n" +" --secondary-rid-base\n" "\n" -"EXAMPLES:\n" +" may be given for a new ID range for the local domain while\n" "\n" -" Add a new role:\n" -" ipa role-add --desc=\"Junior-level admin\" junioradmin\n" +" --rid-base\n" +" --dom-sid\n" "\n" -" Add some privileges to this role:\n" -" ipa role-add-privilege --privileges=addusers junioradmin\n" -" ipa role-add-privilege --privileges=change_password junioradmin\n" -" ipa role-add-privilege --privileges=add_user_to_default_group " -"junioradmin\n" +" must be given to add a new range for a trusted AD domain.\n" "\n" -" Add a group of users to this role:\n" -" ipa group-add --desc=\"User admins\" useradmins\n" -" ipa role-add-member --groups=useradmins junioradmin\n" +" WARNING:\n" "\n" -" Display information about a role:\n" -" ipa role-show junioradmin\n" +" DNA plugin in 389-ds will allocate IDs based on the ranges configured " +"for the\n" +" local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +" on the local ranges set via this family of commands.\n" "\n" -" The result of this is that any users in the group 'junioradmin' can\n" -" add users, reset passwords or add a user to the default IPA user group.\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:191 ipaserver/plugins/role.py:148 -msgid "Role name" -msgstr "" - -msgid "A description of this role-group" -msgstr "" - -msgid "Member users" -msgstr "" - -msgid "Member groups" +" Manual configuration change has to be done in the DNA plugin " +"configuration for\n" +" the new local range. Specifically, The dnaNextRange attribute of " +"'cn=Posix\n" +" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " +"to be\n" +" modified to match the new range.\n" +" " msgstr "" -msgid "Privileges" +#: ipaserver/plugins/idrange.py:558 +msgid "Delete an ID range." msgstr "" -msgid "Member services" +#: ipaserver/plugins/idrange.py:606 +msgid "Search for ranges." msgstr "" -msgid "Add a new role." +msgid "Modify ID range." msgstr "" -msgid "Add members to a role." +#: ipaserver/plugins/idrange.py:629 +msgid "Display information about a range." msgstr "" -msgid "member service" +msgid "" +"\n" +"ID Views\n" +"\n" +"Manage ID Views\n" +"\n" +"IPA allows to override certain properties of users and groups per each " +"host.\n" +"This functionality is primarily used to allow migration from older systems " +"or\n" +"other Identity Management solutions.\n" msgstr "" -msgid "services to add" +#: ipaserver/plugins/idviews.py:780 +msgid "Anchor to override" msgstr "" -msgid "Add privileges to a role." +#: ipaserver/plugins/idviews.py:1141 ipaserver/plugins/baseuser.py:354 +msgid "Group ID Number" msgstr "" -msgid "privilege" +#: ipaserver/plugins/baseuser.py:259 +msgid "User login" msgstr "" -#: ipaserver/plugins/privilege.py:107 -msgid "privileges" +#: ipaserver/plugins/baseuser.py:348 +msgid "UID" msgstr "" -msgid "Number of privileges added" +#: ipaserver/plugins/idviews.py:1038 +msgid "User ID Number" msgstr "" -msgid "Delete a role." +#: ipaserver/plugins/idviews.py:1042 ipaserver/plugins/baseuser.py:292 +msgid "GECOS" msgstr "" -msgid "Search for roles." +#: ipaserver/plugins/baseuser.py:289 +msgid "Home directory" msgstr "" -msgid "Modify a role." +#: ipaserver/plugins/baseuser.py:298 +msgid "Login shell" msgstr "" -msgid "Rename the role object" +#: ipaserver/plugins/idviews.py:137 +msgid "ID View Name" msgstr "" -msgid "Remove members from a role." +#: ipaserver/plugins/idviews.py:1296 +msgid "Add a new Group ID override." msgstr "" -msgid "services to remove" +#: ipaserver/plugins/idviews.py:1302 +msgid "Delete an Group ID override." msgstr "" -msgid "Remove privileges from a role." +#: ipaserver/plugins/idviews.py:1314 +msgid "Search for an Group ID override." msgstr "" -msgid "Number of privileges removed" +msgid "Results should contain primary key attribute only (\"anchor\")" msgstr "" -msgid "Display information about a role." +#: ipaserver/plugins/idviews.py:1308 +msgid "Modify an Group ID override." msgstr "" -#: ipaserver/plugins/selfservice.py:28 -msgid "" -"\n" -"Self-service Permissions\n" -"\n" -"A permission enables fine-grained delegation of permissions. Access Control\n" -"Rules, or instructions (ACIs), grant permission to permissions to perform\n" -"given tasks such as adding a user, modifying a group, etc.\n" -"\n" -"A Self-service permission defines what an object can change in its own " -"entry.\n" -"\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a self-service rule to allow users to manage their address (using Bash\n" -" brace expansion):\n" -" ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c," -"st} \"Users manage their own address\"\n" -"\n" -" When managing the list of attributes you need to include all attributes\n" -" in the list, including existing ones.\n" -" Add telephoneNumber to the list (using Bash brace expansion):\n" -" ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} " -"\"Users manage their own address\"\n" -"\n" -" Display our updated rule:\n" -" ipa selfservice-show \"Users manage their own address\"\n" -"\n" -" Delete a rule:\n" -" ipa selfservice-del \"Users manage their own address\"\n" +msgid "Rename the Group ID override object" msgstr "" -#: ipaserver/plugins/selfservice.py:76 ipaserver/plugins/selfservice.py:77 -msgid "Self-service name" +#: ipaserver/plugins/idviews.py:1330 +msgid "Display information about an Group ID override." msgstr "" -#: ipaserver/plugins/selfservice.py:90 -msgid "Attributes to which the permission applies." +#: ipaserver/plugins/idviews.py:1197 +msgid "Add a new User ID override." msgstr "" -#: ipaserver/plugins/selfservice.py:122 -msgid "Add a new self-service permission." +#: ipaserver/plugins/idviews.py:1222 +msgid "Delete an User ID override." msgstr "" -#: ipaserver/plugins/selfservice.py:143 -msgid "Delete a self-service permission." +#: ipaserver/plugins/idviews.py:1260 +msgid "Search for an User ID override." msgstr "" -#: ipaserver/plugins/selfservice.py:182 -msgid "Search for a self-service permission." +#: ipaserver/plugins/idviews.py:1228 +msgid "Modify an User ID override." msgstr "" -#: ipaserver/plugins/selfservice.py:161 -msgid "Modify a self-service permission." +msgid "Rename the User ID override object" msgstr "" -#: ipaserver/plugins/selfservice.py:208 -msgid "Display information about a self-service permission." +#: ipaserver/plugins/idviews.py:1284 +msgid "Display information about an User ID override." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:42 -msgid "" -"\n" -"SELinux User Mapping\n" -"\n" -"Map IPA users to SELinux users by host.\n" -"\n" -"Hosts, hostgroups, users and groups can be either defined within\n" -"the rule or it may point to an existing HBAC rule. When using\n" -"--hbacrule option to selinuxusermap-find an exact match is made on the\n" -"HBAC rule name, so only one or zero entries will be returned.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Create a rule, \"test1\", that sets all users to xguest_u:s0 on the host " -"\"server\":\n" -" ipa selinuxusermap-add --usercat=all --selinuxuser=xguest_u:s0 test1\n" -" ipa selinuxusermap-add-host --hosts=server.example.com test1\n" -"\n" -" Create a rule, \"test2\", that sets all users to guest_u:s0 and uses an " -"existing HBAC rule for users and hosts:\n" -" ipa selinuxusermap-add --usercat=all --hbacrule=webserver --" -"selinuxuser=guest_u:s0 test2\n" -"\n" -" Display the properties of a rule:\n" -" ipa selinuxusermap-show test2\n" -"\n" -" Create a rule for a specific user. This sets the SELinux context for\n" -" user john to unconfined_u:s0-s0:c0.c1023 on any machine:\n" -" ipa selinuxusermap-add --hostcat=all --selinuxuser=unconfined_u:s0-s0:c0." -"c1023 john_unconfined\n" -" ipa selinuxusermap-add-user --users=john john_unconfined\n" -"\n" -" Disable a rule:\n" -" ipa selinuxusermap-disable test1\n" -"\n" -" Enable a rule:\n" -" ipa selinuxusermap-enable test1\n" -"\n" -" Find a rule referencing a specific HBAC rule:\n" -" ipa selinuxusermap-find --hbacrule=allow_some\n" -"\n" -" Remove a rule:\n" -" ipa selinuxusermap-del john_unconfined\n" -"\n" -"SEEALSO:\n" -"\n" -" The list controlling the order in which the SELinux user map is applied\n" -" and the default SELinux user are available in the config-show command.\n" +#: ipaserver/plugins/idviews.py:197 +msgid "Add a new ID View." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:244 -msgid "SELinux User" +msgid "" +"Applies ID View to specified hosts or current members of specified " +"hostgroups. If any other ID View is applied to the host, it is overriden." msgstr "" -#: ipaserver/plugins/hbacrule.py:202 ipaserver/plugins/selinuxusermap.py:248 -msgid "HBAC Rule" +#: ipaserver/plugins/idviews.py:462 ipaserver/plugins/idviews.py:505 +#: ipaserver/plugins/sudorule.py:447 ipaserver/plugins/host.py:293 +msgid "hosts" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:249 -msgid "HBAC Rule that defines the users, groups and hostgroups" +#: ipaserver/plugins/idviews.py:461 +msgid "Hosts to apply the ID View to" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:328 -msgid "Create a new SELinux User Map." +#: ipaserver/plugins/idviews.py:469 ipaserver/plugins/idviews.py:512 +msgid "hostgroups" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:590 -msgid "Add target hosts and hostgroups to an SELinux User Map rule." +#: ipaserver/plugins/idviews.py:466 +msgid "" +"Hostgroups to whose hosts apply the ID View to. Please note that view is not " +"applied automatically to any hosts added to the hostgroup after running the " +"idview-apply command." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:557 -msgid "Add users and groups to an SELinux User Map rule." +#: ipaserver/plugins/idviews.py:477 +msgid "Hosts that this ID View was applied to." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:366 -msgid "Delete a SELinux User Map." +#: ipaserver/plugins/idviews.py:481 +msgid "Hosts or hostgroups that this ID View could not be applied to." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:527 -msgid "Disable an SELinux User Map rule." +#: ipaserver/plugins/idviews.py:486 +msgid "Number of hosts the ID View was applied to:" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:497 -msgid "Enable an SELinux User Map rule." +#: ipaserver/plugins/idviews.py:214 +msgid "Delete an ID View." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:446 -msgid "Search for SELinux User Maps." +#: ipaserver/plugins/idviews.py:243 +msgid "Search for an ID View." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:374 -msgid "Modify a SELinux User Map." +#: ipaserver/plugins/idviews.py:227 +msgid "Modify an ID View." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:614 -msgid "Remove target hosts and hostgroups from an SELinux User Map rule." +msgid "Rename the ID View object" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:581 -msgid "Remove users and groups from an SELinux User Map rule." +#: ipaserver/plugins/idviews.py:250 +msgid "Display information about an ID View." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:486 -msgid "Display the properties of a SELinux User Map rule." +#: ipaserver/plugins/idviews.py:255 +msgid "Enumerate all the hosts the view applies to." msgstr "" +#: ipaserver/plugins/idviews.py:493 msgid "" -"\n" -"Services\n" -"\n" -"A IPA service represents a service that runs on a host. The IPA service\n" -"record can store a Kerberos principal, an SSL certificate, or both.\n" -"\n" -"An IPA service can be managed directly from a machine, provided that\n" -"machine has been given the correct permission. This is true even for\n" -"machines other than the one the service is associated with. For example,\n" -"requesting an SSL certificate using the host service principal credentials\n" -"of the host. To manage a service using host credentials you need to\n" -"kinit as the host:\n" -"\n" -" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" -"\n" -"Adding an IPA service allows the associated service to request an SSL\n" -"certificate or keytab, but this is performed as a separate step; they\n" -"are not produced as a result of adding the service.\n" -"\n" -"Only the public aspect of a certificate is stored in a service record;\n" -"the private key is not stored.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new IPA service:\n" -" ipa service-add HTTP/web.example.com\n" -"\n" -" Allow a host to manage an IPA service certificate:\n" -" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" -" ipa role-add-member --hosts=web.example.com certadmin\n" -"\n" -" Override a default list of supported PAC types for the service:\n" -" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" -"\n" -" A typical use case where overriding the PAC type is needed is NFS.\n" -" Currently the related code in the Linux kernel can only handle Kerberos\n" -" tickets up to a maximal size. Since the PAC data can become quite large " -"it\n" -" is recommended to set --pac-type=NONE for NFS services.\n" -"\n" -" Delete an IPA service:\n" -" ipa service-del HTTP/web.example.com\n" -"\n" -" Find all IPA services associated with a host:\n" -" ipa service-find web.example.com\n" -"\n" -" Find all HTTP services:\n" -" ipa service-find HTTP\n" -"\n" -" Disable the service Kerberos key and SSL certificate:\n" -" ipa service-disable HTTP/web.example.com\n" -"\n" -" Request a certificate for an IPA service:\n" -" ipa cert-request --principal=HTTP/web.example.com example.csr\n" -"\n" -" Allow user to create a keytab:\n" -" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" -"\n" -" Generate and retrieve a keytab for an IPA service:\n" -" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" -"httpd.keytab\n" +"Clears ID View from specified hosts or current members of specified " +"hostgroups." msgstr "" -msgid "Principal" +#: ipaserver/plugins/idviews.py:504 +msgid "Hosts to clear (any) ID View from." msgstr "" -#: ipaserver/plugins/service.py:531 -msgid "Service principal" +#: ipaserver/plugins/idviews.py:509 +msgid "" +"Hostgroups whose hosts should have ID Views cleared. Note that view is not " +"cleared automatically from any host added to the hostgroup after running " +"idview-unapply command." msgstr "" -#: ipaserver/plugins/service.py:598 -msgid "PAC type" +#: ipaserver/plugins/idviews.py:520 +msgid "Hosts that ID View was cleared from." msgstr "" -#: ipaserver/plugins/service.py:599 -msgid "" -"Override default list of supported PAC types. Use 'NONE' to disable PAC " -"support for this service, e.g. this might be necessary for NFS services." +#: ipaserver/plugins/idviews.py:524 +msgid "Hosts or hostgroups that ID View could not be cleared from." msgstr "" -msgid "Add a new IPA new service." +#: ipaserver/plugins/idviews.py:529 +msgid "Number of hosts that had a ID View was unset:" msgstr "" -msgid "force principal name even if not in DNS" +#: ipaserver/plugins/internal.py:30 +msgid "" +"\n" +"Plugins not accessible directly through the CLI, commands used internally\n" msgstr "" -#: ipaserver/plugins/service.py:1061 -msgid "Add hosts that can manage this service." +#: ipaserver/plugins/internal.py:2035 +msgid "Dict of I18N messages" msgstr "" -#: ipaserver/plugins/service.py:1117 -msgid "" -"Allow users, groups, hosts or host groups to create a keytab of this service." +#: ipaserver/plugins/internal.py:38 +msgid "Export plugin meta-data for the webUI." msgstr "" -#: ipaserver/plugins/service.py:1078 -msgid "" -"Allow users, groups, hosts or host groups to retrieve a keytab of this " -"service." +#: ipaserver/plugins/internal.py:44 ipaserver/plugins/internal.py:53 +msgid "Name of object to export" msgstr "" -#: ipaserver/plugins/service.py:887 -msgid "Delete an IPA service." +#: ipaserver/plugins/internal.py:47 ipaserver/plugins/internal.py:56 +msgid "Name of method to export" msgstr "" -#: ipaserver/plugins/service.py:1156 -msgid "Disable the Kerberos key and SSL certificate of a service." +#: ipaserver/plugins/internal.py:59 +msgid "Name of command to export" msgstr "" -#: ipaserver/plugins/service.py:1137 -msgid "" -"Disallow users, groups, hosts or host groups to create a keytab of this " -"service." +#: ipaserver/plugins/internal.py:64 +msgid "Dict of JSON encoded IPA Objects" msgstr "" -#: ipaserver/plugins/service.py:1098 -msgid "" -"Disallow users, groups, hosts or host groups to retrieve a keytab of this " -"service." +#: ipaserver/plugins/internal.py:65 +msgid "Dict of JSON encoded IPA Methods" msgstr "" -#: ipaserver/plugins/service.py:957 -msgid "Search for IPA services." +#: ipaserver/plugins/internal.py:66 +msgid "Dict of JSON encoded IPA Commands" msgstr "" -msgid "Results should contain primary key attribute only (\"principal\")" +msgid "" +"\n" +"Joining an IPA domain\n" msgstr "" -msgid "Search for services with these managed by hosts." +msgid "Join an IPA domain" msgstr "" -msgid "Search for services without these managed by hosts." +msgid "The hostname to register as" msgstr "" -#: ipaserver/plugins/service.py:907 -msgid "Modify an existing IPA service." +msgid "The IPA realm" msgstr "" -#: ipaserver/plugins/service.py:1070 -msgid "Remove hosts that can manage this service." +msgid "Hardware platform of the host (e.g. Lenovo T61)" msgstr "" -#: ipaserver/plugins/service.py:1024 -msgid "Display information about an IPA service." +msgid "Operating System and version of the host (e.g. Fedora 9)" msgstr "" +#: ipaserver/plugins/krbtpolicy.py:27 msgid "" "\n" -"Session Support for IPA\n" -"John Dennis \n" -"\n" -"Goals\n" -"=====\n" -"\n" -"Provide per-user session data caching which persists between\n" -"requests. Desired features are:\n" -"\n" -"* Integrates cleanly with minimum impact on existing infrastructure.\n" -"\n" -"* Provides maximum security balanced against real-world performance\n" -" demands.\n" -"\n" -"* Sessions must be able to be revoked (flushed).\n" -"\n" -"* Should be flexible and easy to use for developers.\n" -"\n" -"* Should leverage existing technology and code to the maximum extent\n" -" possible to avoid re-invention, excessive implementation time and to\n" -" benefit from robustness in field proven components commonly shared\n" -" in the open source community.\n" -"\n" -"* Must support multiple independent processes which share session\n" -" data.\n" -"\n" -"* System must function correctly if session data is available or not.\n" -"\n" -"* Must be high performance.\n" -"\n" -"* Should not be tied to specific web servers or browsers. Should\n" -" integrate with our chosen WSGI model.\n" -"\n" -"Issues\n" -"======\n" -"\n" -"Cookies\n" -"-------\n" -"\n" -"Most session implementations are based on the use of cookies. Cookies\n" -"have some inherent problems.\n" -"\n" -"* User has the option to disable cookies.\n" -"\n" -"* User stored cookie data is not secure. Can be mitigated by setting\n" -" flags indicating the cookie is only to be used with SSL secured HTTP\n" -" connections to specific web resources and setting the cookie to\n" -" expire at session termination. Most modern browsers enforce these.\n" -"\n" -"Where to store session data?\n" -"----------------------------\n" -"\n" -"Session data may be stored on either on the client or on the\n" -"server. Storing session data on the client addresses the problem of\n" -"session data availability when requests are serviced by independent web\n" -"servers because the session data travels with the request. However\n" -"there are data size limitations. Storing session data on the client\n" -"also exposes sensitive data but this can be mitigated by encrypting\n" -"the session data such that only the server can decrypt it.\n" -"\n" -"The more conventional approach is to bind session data to a unique\n" -"name, the session ID. The session ID is transmitted to the client and\n" -"the session data is paired with the session ID on the server in a\n" -"associative data store. The session data is retrieved by the server\n" -"using the session ID when the receiving the request. This eliminates\n" -"exposing sensitive session data on the client along with limitations\n" -"on data size. It however introduces the issue of session data\n" -"availability when requests are serviced by more than one server\n" -"process.\n" -"\n" -"Multi-process session data availability\n" -"---------------------------------------\n" -"\n" -"Apache (and other web servers) fork child processes to handle requests\n" -"in parallel. Also web servers may be deployed in a farm where requests\n" -"are load balanced in round robin fashion across different nodes. In\n" -"both cases session data cannot be stored in the memory of a server\n" -"process because it is not available to other processes, either sibling\n" -"children of a master server process or server processes on distinct\n" -"nodes.\n" -"\n" -"Typically this is addressed by storing session data in a SQL\n" -"database. When a request is received by a server process containing a\n" -"session ID in it's cookie data the session ID is used to perform a SQL\n" -"query and the resulting data is then attached to the request as it\n" -"proceeds through the request processing pipeline. This of course\n" -"introduces coherency issues.\n" -"\n" -"For IPA the introduction of a SQL database dependency is undesired and\n" -"should be avoided.\n" -"\n" -"Session data may also be shared by independent processes by storing\n" -"the session data in files.\n" -"\n" -"An alternative solution which has gained considerable popularity\n" -"recently is the use of a fast memory based caching server. Data is\n" -"stored in a single process memory and may be queried and set via a\n" -"light weight protocol using standard socket mechanisms, memcached is\n" -"one example. A typical use is to optimize SQL queries by storing a SQL\n" -"result in shared memory cache avoiding the more expensive SQL\n" -"operation. But the memory cache has distinct advantages in non-SQL\n" -"situations as well.\n" -"\n" -"Possible implementations for use by IPA\n" -"=======================================\n" -"\n" -"Apache Sessions\n" -"---------------\n" -"\n" -"Apache has 2.3 has implemented session support via these modules:\n" -"\n" -" mod_session\n" -" Overarching session support based on cookies.\n" -"\n" -" See: http://httpd.apache.org/docs/2.3/mod/mod_session.html\n" -"\n" -" mod_session_cookie\n" -" Stores session data in the client.\n" -"\n" -" See: http://httpd.apache.org/docs/2.3/mod/mod_session_cookie.html\n" -"\n" -" mod_session_crypto\n" -" Encrypts session data for security. Encryption key is shared\n" -" configuration parameter visible to all Apache processes and is\n" -" stored in a configuration file.\n" -"\n" -" See: http://httpd.apache.org/docs/2.3/mod/mod_session_crypto.html\n" -"\n" -" mod_session_dbd\n" -" Stores session data in a SQL database permitting multiple\n" -" processes to access and share the same session data.\n" -"\n" -" See: http://httpd.apache.org/docs/2.3/mod/mod_session_dbd.html\n" -"\n" -"Issues with Apache sessions\n" -"~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" +"Kerberos ticket policy\n" "\n" -"Although Apache has implemented generic session support and Apache is\n" -"our web server of preference it nonetheless introduces issues for IPA.\n" +"There is a single Kerberos ticket policy. This policy defines the\n" +"maximum ticket lifetime and the maximum renewal age, the period during\n" +"which the ticket is renewable.\n" "\n" -" * Session support is only available in httpd >= 2.3 which at the\n" -" time of this writing is currently only available as a Beta release\n" -" from upstream. We currently only ship httpd 2.2, the same is true\n" -" for other distributions.\n" +"You can also create a per-user ticket policy by specifying the user login.\n" "\n" -" * We could package and ship the sessions modules as a temporary\n" -" package in httpd 2.2 environments. But this has the following\n" -" consequences:\n" +"For changes to the global policy to take effect, restarting the KDC service\n" +"is required, which can be achieved using:\n" "\n" -" - The code has to be backported. the module API has changed\n" -" slightly between httpd 2.2 and 2.3. The backporting is not\n" -" terribly difficult and a proof of concept has been\n" -" implemented.\n" +"service krb5kdc restart\n" "\n" -" - We would then be on the hook to package and maintain a special\n" -" case Apache package. This is maintenance burden as well as a\n" -" distribution packaging burden. Both of which would be best\n" -" avoided if possible.\n" +"Changes to per-user policies take effect immediately for newly requested\n" +"tickets (e.g. when the user next runs kinit).\n" "\n" -" * The design of the Apache session modules is such that they can\n" -" only be manipulated by other Apache modules. The ability of\n" -" consumers of the session data to control the session data is\n" -" simplistic, constrained and static during the period the request\n" -" is processed. Request handlers which are not native Apache modules\n" -" (e.g. IPA via WSGI) can only examine the session data\n" -" via request headers and reset it in response headers.\n" +"EXAMPLES:\n" "\n" -" * Shared session data is available exclusively via SQL.\n" +" Display the current Kerberos ticket policy:\n" +" ipa krbtpolicy-show\n" "\n" -"However using the 2.3 Apache session modules would give us robust\n" -"session support implemented in C based on standardized Apache\n" -"interfaces which are widely used.\n" +" Reset the policy to the default:\n" +" ipa krbtpolicy-reset\n" "\n" -"Python Web Frameworks\n" -"---------------------\n" +" Modify the policy to 8 hours max life, 1-day max renewal:\n" +" ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400\n" "\n" -"Virtually every Python web framework supports cookie based sessions,\n" -"e.g. Django, Twisted, Zope, Turbogears etc. Early on in IPA we decided\n" -"to avoid the use of these frameworks. Trying to pull in just one part\n" -"of these frameworks just to get session support would be problematic\n" -"because the code does not function outside it's framework.\n" +" Display effective Kerberos ticket policy for user 'admin':\n" +" ipa krbtpolicy-show admin\n" "\n" -"IPA implemented sessions\n" -"------------------------\n" +" Reset per-user policy for user 'admin':\n" +" ipa krbtpolicy-reset admin\n" "\n" -"Originally it was believed the path of least effort was to utilize\n" -"existing session support, most likely what would be provided by\n" -"Apache. However there are enough basic modular components available in\n" -"native Python and other standard packages it should be possible to\n" -"provide session support meeting the aforementioned goals with a modest\n" -"implementation effort. Because we're leveraging existing components\n" -"the implementation difficulties are subsumed by other components which\n" -"have already been field proven and have community support. This is a\n" -"smart strategy.\n" +" Modify per-user policy for user 'admin':\n" +" ipa krbtpolicy-mod admin --maxlife=3600\n" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:135 +msgid "Manage ticket policy for specific user" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:140 +msgid "Max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:141 +msgid "Maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:146 +msgid "Max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:147 +msgid "Maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:243 +msgid "Modify Kerberos ticket policy." +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:322 +msgid "Reset Kerberos ticket policy to the default values." +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:268 +msgid "Display the current Kerberos ticket policy." +msgstr "" + +msgid "" "\n" -"Proposed Solution\n" -"=================\n" +"Migration to IPA\n" "\n" -"Our interface to the web server is via WSGI which invokes a callback\n" -"per request passing us an environmental context for the request. For\n" -"this discussion we'll name the WSGI callback \"application()\", a\n" -"conventional name in WSGI parlance.\n" +"Migrate users and groups from an LDAP server to IPA.\n" "\n" -"Shared session data will be handled by memcached. We will create one\n" -"instance of memcached on each server node dedicated to IPA\n" -"exclusively. Communication with memcached will be via a UNIX socket\n" -"located in the file system under /var/run/ipa_memcached. It will be\n" -"protected by file permissions and optionally SELinux policy.\n" +"This performs an LDAP query against the remote server searching for\n" +"users and groups in a container. In order to migrate passwords you need\n" +"to bind as a user that can read the userPassword attribute on the remote\n" +"server. This is generally restricted to high-level admins such as\n" +"cn=Directory Manager in 389-ds (this is the default bind user).\n" "\n" -"In application() we examine the request cookies and if there is an IPA\n" -"session cookie with a session ID we retrieve the session data from our\n" -"memcached instance.\n" +"The default user container is ou=People.\n" "\n" -"The session data will be a Python dict. IPA components will read or\n" -"write their session information by using a pre-agreed upon name\n" -"(e.g. key) in the dict. This is a very flexible system and consistent\n" -"with how we pass data in most parts of IPA.\n" +"The default group container is ou=Groups.\n" "\n" -"If the session data is not available an empty session data dict will\n" -"be created.\n" +"Users and groups that already exist on the IPA server are skipped.\n" "\n" -"How does this session data travel with the request in the IPA\n" -"pipeline? In IPA we use the HTTP request/response to implement RPC. In\n" -"application() we convert the request into a procedure call passing it\n" -"arguments derived from the HTTP request. The passed parameters are\n" -"specific to the RPC method being invoked. The context the RPC call is\n" -"executing in is not passed as an RPC parameter.\n" +"Two LDAP schemas define how group members are stored: RFC2307 and\n" +"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" +"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" "\n" -"How would the contextual information such as session data be bound to\n" -"the request and hence the RPC call?\n" +"The schema compat feature allows IPA to reformat data for systems that\n" +"do not support RFC2307bis. It is recommended that this feature is disabled\n" +"during migration to reduce system overhead. It can be re-enabled after\n" +"migration. To migrate with it enabled use the \"--with-compat\" option.\n" "\n" -"In IPA when a RPC invocation is being prepared from a request we\n" -"recognize this will only ever be processed serially by one Python\n" -"thread. A thread local dict called \"context\" is allocated for each\n" -"thread. The context dict is cleared in between requests (e.g. RPC method\n" -"invocations). The per-thread context dict is populated during the\n" -"lifetime of the request and is used as a global data structure unique to\n" -"the request that various IPA component can read from and write to with\n" -"the assurance the data is unique to the current request and/or method\n" -"call.\n" +"Migrated users do not have Kerberos credentials, they have only their\n" +"LDAP password. To complete the migration process, users need to go\n" +"to http://ipa.example.com/ipa/migration and authenticate using their\n" +"LDAP password in order to generate their Kerberos credentials.\n" "\n" -"The session data dict will be written into the context dict under the\n" -"session key before the RPC method begins execution. Thus session data\n" -"can be read and written by any IPA component by accessing\n" -"``context.session``.\n" +"Migration is disabled by default. Use the command ipa config-mod to\n" +"enable it:\n" "\n" -"When the RPC method finishes execution the session data bound to the\n" -"request/method is retrieved from the context and written back to the\n" -"memcached instance. The session ID is set in the response sent back to\n" -"the client in the ``Set-Cookie`` header along with the flags\n" -"controlling it's usage.\n" +" ipa config-mod --enable-migration=TRUE\n" "\n" -"Issues and details\n" -"------------------\n" +"If a base DN is not provided with --basedn then IPA will use either\n" +"the value of defaultNamingContext if it is set or the first value\n" +"in namingContexts set in the root of the remote LDAP server.\n" "\n" -"IPA code cannot depend on session data being present, however it\n" -"should always update session data with the hope it will be available\n" -"in the future. Session data may not be available because:\n" +"Users are added as members to the default user group. This can be a\n" +"time-intensive task so during migration this is done in a batch\n" +"mode for every 100 users. As a result there will be a window in which\n" +"users will be added to IPA but will not be members of the default\n" +"user group.\n" "\n" -" * This is the first request from the user and no session data has\n" -" been created yet.\n" +"EXAMPLES:\n" "\n" -" * The user may have cookies disabled.\n" +" The simplest migration, accepting all defaults:\n" +" ipa migrate-ds ldap://ds.example.com:389\n" "\n" -" * The session data may have been flushed. memcached operates with\n" -" a fixed memory allocation and will flush entries on a LRU basis,\n" -" like with any cache there is no guarantee of persistence.\n" +" Specify the user and group container. This can be used to migrate user\n" +" and group data from an IPA v1 server:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" +"container='cn=groups,cn=accounts' ldap://ds.example.com:389\n" "\n" -" Also we may have have deliberately expired or deleted session\n" -" data, see below.\n" +" Since IPA v2 server already contain predefined groups that may collide " +"with\n" +" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" +" having colliding group as their primary group may happen to belong to\n" +" an unknown group on new IPA v2 server.\n" +" Use --group-overwrite-gid option to overwrite GID of already existing " +"groups\n" +" to prevent this issue:\n" +" ipa migrate-ds --group-overwrite-gid --user-container='cn=users," +"cn=accounts' --group-container='cn=groups,cn=accounts' " +"ldap://ds.example.com:389\n" "\n" -"Cookie manipulation is done via the standard Python Cookie module.\n" +" Migrated users or groups may have object class and accompanied attributes\n" +" unknown to the IPA v2 server. These object classes and attributes may be\n" +" left out of the migration process:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" +"container='cn=groups,cn=accounts' --user-ignore-" +"objectclass=radiusprofile --user-ignore-" +"attribute=radiusgroupname ldap://ds.example.com:389\n" "\n" -"Session cookies will be set to only persist as long as the browser has\n" -"the session open. They will be tagged so the browser only returns\n" -"the session ID on SSL secured HTTP requests. They will not be visible\n" -"to Javascript in the browser.\n" +"LOGGING\n" +"\n" +"Migration will log warnings and errors to the Apache error log. This\n" +"file should be evaluated post-migration to correct or investigate any\n" +"issues that were discovered.\n" +"\n" +"For every 100 users migrated an info-level message will be displayed to\n" +"give the current progress and duration to make it possible to track\n" +"the progress of migration.\n" +"\n" +"If the log level is debug, either by setting debug = True in\n" +"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " +"printed\n" +"for each user added plus a summary when the default user group is\n" +"updated.\n" +msgstr "" + +#: ipaserver/plugins/migration.py:482 +msgid "Migrate users and groups from DS to IPA." +msgstr "" + +#: ipaserver/plugins/migration.py:529 +msgid "LDAP URI" +msgstr "" + +#: ipaserver/plugins/migration.py:530 +msgid "LDAP URI of DS server to migrate from" +msgstr "" + +#: ipaserver/plugins/migration.py:536 +msgid "bind password" +msgstr "" + +#: ipaserver/plugins/migration.py:543 +msgid "Bind DN" +msgstr "" + +#: ipaserver/plugins/migration.py:549 +msgid "User container" +msgstr "" + +#: ipaserver/plugins/migration.py:550 +msgid "DN of container for users in DS relative to base DN" +msgstr "" + +#: ipaserver/plugins/migration.py:556 +msgid "Group container" +msgstr "" + +#: ipaserver/plugins/migration.py:557 +msgid "DN of container for groups in DS relative to base DN" +msgstr "" + +#: ipaserver/plugins/migration.py:563 +msgid "User object class" +msgstr "" + +#: ipaserver/plugins/migration.py:564 +msgid "Objectclasses used to search for user entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:570 +msgid "Group object class" +msgstr "" + +#: ipaserver/plugins/migration.py:571 +msgid "Objectclasses used to search for group entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:577 +msgid "Ignore user object class" +msgstr "" + +#: ipaserver/plugins/migration.py:578 +msgid "Objectclasses to be ignored for user entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:584 +msgid "Ignore user attribute" +msgstr "" + +#: ipaserver/plugins/migration.py:585 +msgid "Attributes to be ignored for user entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:591 +msgid "Ignore group object class" +msgstr "" + +#: ipaserver/plugins/migration.py:592 +msgid "Objectclasses to be ignored for group entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:598 +msgid "Ignore group attribute" +msgstr "" + +#: ipaserver/plugins/migration.py:599 +msgid "Attributes to be ignored for group entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:605 +msgid "Overwrite GID" +msgstr "" + +#: ipaserver/plugins/migration.py:606 +msgid "" +"When migrating a group already existing in IPA domain overwrite the group " +"GID and report as success" +msgstr "" + +#: ipaserver/plugins/migration.py:611 +msgid "LDAP schema" +msgstr "" + +#: ipaserver/plugins/migration.py:612 +msgid "" +"The schema used on the LDAP server. Supported values are RFC2307 and " +"RFC2307bis. The default is RFC2307bis" +msgstr "" + +#: ipaserver/plugins/migration.py:618 +msgid "Continue" +msgstr "" + +#: ipaserver/plugins/migration.py:619 +msgid "" +"Continuous operation mode. Errors are reported but the process continues" +msgstr "" + +#: ipaserver/plugins/migration.py:624 +msgid "Base DN" +msgstr "" + +#: ipaserver/plugins/migration.py:625 +msgid "Base DN on remote LDAP server" +msgstr "" + +#: ipaserver/plugins/migration.py:629 +msgid "Ignore compat plugin" +msgstr "" + +#: ipaserver/plugins/migration.py:630 +msgid "Allows migration despite the usage of compat plugin" +msgstr "" + +#: ipaserver/plugins/migration.py:635 +msgid "CA certificate" +msgstr "" + +#: ipaserver/plugins/migration.py:636 +msgid "Load CA certificate of LDAP server from FILE" +msgstr "" + +msgid "groups to exclude from migration" +msgstr "" + +msgid "users to exclude from migration" +msgstr "" + +#: ipaserver/plugins/migration.py:662 +msgid "Lists of objects migrated; categorized by type." +msgstr "" + +#: ipaserver/plugins/migration.py:666 +msgid "Lists of objects that could not be migrated; categorized by type." +msgstr "" + +#: ipaserver/plugins/migration.py:670 +msgid "False if migration mode was disabled." +msgstr "" + +#: ipaserver/plugins/migration.py:674 +msgid "False if migration fails because the compatibility plug-in is enabled." +msgstr "" + +msgid "" "\n" -"Session ID's will be created by using 48 bits of random data and\n" -"converted to 12 hexadecimal digits. Newly generated session ID's will\n" -"be checked for prior existence to handle the unlikely case the random\n" -"number repeats.\n" +"Misc plug-ins\n" +msgstr "" + +msgid "Show environment variables." +msgstr "" + +msgid "Forward to server instead of running locally" +msgstr "" + +#: ipalib/misc.py:103 +msgid "" +"retrieve and print all attributes from the server. Affects command output." +msgstr "" + +msgid "Total number of variables env (>= count)" +msgstr "" + +msgid "Number of variables returned (<= total)" +msgstr "" + +msgid "Show all loaded plugins." +msgstr "" + +msgid "Dictionary mapping plugin names to bases" +msgstr "" + +msgid "Number of plugins loaded" +msgstr "" + +#: ipaserver/plugins/netgroup.py:46 +msgid "" "\n" -"memcached will have significantly higher performance than a SQL or file\n" -"based storage solution. Communication is effectively though a pipe\n" -"(UNIX socket) using a very simple protocol and the data is held\n" -"entirely in process memory. memcached also scales easily, it is easy\n" -"to add more memcached processes and distribute the load across them.\n" -"At this point in time we don't anticipate the need for this.\n" +"Netgroups\n" "\n" -"A very nice feature of the Python memcached module is that when a data\n" -"item is written to the cache it is done with standard Python pickling\n" -"(pickling is a standard Python mechanism to marshal and unmarshal\n" -"Python objects). We adopt the convention the object written to cache\n" -"will be a dict to meet our internal data handling conventions. The\n" -"pickling code will recursively handle nested objects in the dict. Thus\n" -"we gain a lot of flexibility using standard Python data structures to\n" -"store and retrieve our session data without having to author and debug\n" -"code to marshal and unmarshal the data if some other storage mechanism\n" -"had been used. This is a significant implementation win. Of course\n" -"some common sense limitations need to observed when deciding on what\n" -"is written to the session cache keeping in mind the data is shared\n" -"between processes and it should not be excessively large (a\n" -"configurable option)\n" +"A netgroup is a group used for permission checking. It can contain both\n" +"user and host values.\n" "\n" -"We can set an expiration on memcached entries. We may elect to do that\n" -"to force session data to be refreshed periodically. For example we may\n" -"wish the client to present fresh credentials on a periodic basis even\n" -"if the cached credentials are otherwise within their validity period.\n" +"EXAMPLES:\n" "\n" -"We can explicitly delete session data if for some reason we believe it\n" -"is stale, invalid or compromised.\n" +" Add a new netgroup:\n" +" ipa netgroup-add --desc=\"NFS admins\" admins\n" "\n" -"memcached also gives us certain facilities to prevent race conditions\n" -"between different processes utilizing the cache. For example you can\n" -"check of the entry has been modified since you last read it or use CAS\n" -"(Check And Set) semantics. What has to be protected in terms of cache\n" -"coherency will likely have to be determined as the session support is\n" -"utilized and different data items are added to the cache. This is very\n" -"much data and context specific. Fortunately memcached operations are\n" -"atomic.\n" +" Add members to the netgroup:\n" +" ipa netgroup-add-member --users=tuser1 --users=tuser2 admins\n" "\n" -"Controlling the memcached process\n" -"---------------------------------\n" +" Remove a member from the netgroup:\n" +" ipa netgroup-remove-member --users=tuser2 admins\n" "\n" -"We need a mechanism to start the memcached process and secure it so\n" -"that only IPA components can access it.\n" +" Display information about a netgroup:\n" +" ipa netgroup-show admins\n" "\n" -"Although memcached ships with both an initscript and systemd unit\n" -"files those are for generic instances. We want a memcached instance\n" -"dedicated exclusively to IPA usage. To accomplish this we would install\n" -"a systemd unit file or an SysV initscript to control the IPA specific\n" -"memcached service. ipactl would be extended to know about this\n" -"additional service. systemd's cgroup facility would give us additional\n" -"mechanisms to integrate the IPA memcached service within a larger IPA\n" -"process group.\n" +" Delete a netgroup:\n" +" ipa netgroup-del admins\n" +msgstr "" + +#: ipaserver/plugins/netgroup.py:204 +msgid "Netgroup name" +msgstr "" + +#: ipaserver/plugins/netgroup.py:211 +msgid "Netgroup description" +msgstr "" + +#: ipaserver/plugins/netgroup.py:217 +msgid "NIS domain name" +msgstr "" + +#: ipaserver/plugins/netgroup.py:222 +msgid "IPA unique ID" +msgstr "" + +#: ipaserver/plugins/baseldap.py:92 +msgid "Member netgroups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:155 +msgid "Indirect Member netgroups" +msgstr "" + +msgid "Member User" +msgstr "" + +msgid "Member Group" +msgstr "" + +#: ipaserver/plugins/netgroup.py:88 +msgid "Member Host" +msgstr "" + +msgid "Member Hostgroup" +msgstr "" + +#: ipaserver/plugins/netgroup.py:263 +msgid "Add a new netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:378 +msgid "Add members to a netgroup." +msgstr "" + +msgid "member netgroup" +msgstr "" + +msgid "netgroups to add" +msgstr "" + +#: ipaserver/plugins/netgroup.py:299 +msgid "Delete a netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:334 +msgid "Search for a netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:349 +msgid "search for managed groups" +msgstr "" + +msgid "Search for netgroups with these member netgroups." +msgstr "" + +msgid "Search for netgroups without these member netgroups." +msgstr "" + +msgid "Search for netgroups with these member users." +msgstr "" + +msgid "Search for netgroups without these member users." +msgstr "" + +msgid "Search for netgroups with these member groups." +msgstr "" + +msgid "Search for netgroups without these member groups." +msgstr "" + +msgid "Search for netgroups with these member hosts." +msgstr "" + +msgid "Search for netgroups without these member hosts." +msgstr "" + +msgid "Search for netgroups with these member host groups." +msgstr "" + +msgid "Search for netgroups without these member host groups." +msgstr "" + +msgid "Search for netgroups with these member of netgroups." +msgstr "" + +msgid "Search for netgroups without these member of netgroups." +msgstr "" + +#: ipaserver/plugins/netgroup.py:307 +msgid "Modify a netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:400 +msgid "Remove members from a netgroup." +msgstr "" + +msgid "netgroups to remove" +msgstr "" + +#: ipaserver/plugins/netgroup.py:371 +msgid "Display information about a netgroup." +msgstr "" + +#: ipaserver/plugins/otpconfig.py:24 +msgid "" "\n" -"Protecting the memcached data would be done via file permissions (and\n" -"optionally SELinux policy) on the UNIX domain socket. Although recent\n" -"implementations of memcached support authentication via SASL this\n" -"introduces a performance and complexity burden not warranted when\n" -"cached is dedicated to our exclusive use and access controlled by OS\n" -"mechanisms.\n" +"OTP configuration\n" "\n" -"Conventionally daemons are protected by assigning a system uid and/or\n" -"gid to the daemon. A daemon launched by root will drop it's privileges\n" -"by assuming the effective uid:gid assigned to it. File system access\n" -"is controlled by the OS via the effective identity and SELinux policy\n" -"can be crafted based on the identity. Thus the memcached UNIX socket\n" -"would be protected by having it owned by a specific system user and/or\n" -"membership in a restricted system group (discounting for the moment\n" -"SELinux).\n" +"Manage the default values that IPA uses for OTP tokens.\n" "\n" -"Unfortunately we currently do not have an IPA system uid whose\n" -"identity our processes operate under nor do we have an IPA system\n" -"group. IPA does manage a collection of related processes (daemons) and\n" -"historically each has been assigned their own uid. When these\n" -"unrelated processes communicate they mutually authenticate via other\n" -"mechanisms. We do not have much of a history of using shared file\n" -"system objects across identities. When file objects are created they\n" -"are typically assigned the identity of daemon needing to access the\n" -"object and are not accessed by other daemons, or they carry root\n" -"identity.\n" +"EXAMPLES:\n" "\n" -"When our WSGI application runs in Apache it is run as a WSGI\n" -"daemon. This means when Apache starts up it forks off WSGI processes\n" -"for us and we are independent of other Apache processes. When WSGI is\n" -"run in this mode there is the ability to set the uid:gid of the WSGI\n" -"process hosting us, however we currently do not take advantage of this\n" -"option. WSGI can be run in other modes as well, only in daemon mode\n" -"can the uid:gid be independently set from the rest of Apache. All\n" -"processes started by Apache can be set to a common uid:gid specified\n" -"in the global Apache configuration, by default it's\n" -"apache:apache. Thus when our IPA code executes it is running as\n" -"apache:apache.\n" +" Show basic OTP configuration:\n" +" ipa otpconfig-show\n" "\n" -"To protect our memcached UNIX socket we can do one of two things:\n" +" Show all OTP configuration options:\n" +" ipa otpconfig-show --all\n" "\n" -"1. Assign it's uid:gid as apache:apache. This would limit access to\n" -" our cache only to processes running under httpd. It's somewhat\n" -" restricted but far from ideal. Any code running in the web server\n" -" could potentially access our cache. It's difficult to control what the\n" -" web server runs and admins may not understand the consequences of\n" -" configuring httpd to serve other things besides IPA.\n" +" Change maximum TOTP authentication window to 10 minutes:\n" +" ipa otpconfig-mod --totp-auth-window=600\n" "\n" -"2. Create an IPA specific uid:gid, for example ipa:ipa. We then configure\n" -" our WSGI application to run as the ipa:ipa user and group. We also\n" -" configure our memcached instance to run as the ipa:ipa user and\n" -" group. In this configuration we are now fully protected, only our WSGI\n" -" code can read & write to our memcached UNIX socket.\n" +" Change maximum TOTP synchronization window to 12 hours:\n" +" ipa otpconfig-mod --totp-sync-window=43200\n" "\n" -"However there may be unforeseen issues by converting our code to run as\n" -"something other than apache:apache. This would require some\n" -"investigation and testing.\n" +" Change maximum HOTP authentication window to 5:\n" +" ipa hotpconfig-mod --hotp-auth-window=5\n" "\n" -"IPA is dependent on other system daemons, specifically Directory\n" -"Server (ds) and Certificate Server (cs). Currently we configure ds to\n" -"run under the dirsrv:dirsrv user and group, an identity of our\n" -"creation. We allow cs to default to it's pkiuser:pkiuser user and\n" -"group. Should these other cooperating daemons also run under the\n" -"common ipa:ipa user and group identities? At first blush there would\n" -"seem to be an advantage to coalescing all process identities under a\n" -"common IPA user and group identity. However these other processes do\n" -"not depend on user and group permissions when working with external\n" -"agents, processes, etc. Rather they are designed to be stand-alone\n" -"network services which authenticate their clients via other\n" -"mechanisms. They do depend on user and group permission to manage\n" -"their own file system objects. If somehow the ipa user and/or group\n" -"were compromised or malicious code somehow executed under the ipa\n" -"identity there would be an advantage in having the cooperating\n" -"processes cordoned off under their own identities providing one extra\n" -"layer of protection. (Note, these cooperating daemons may not even be\n" -"co-located on the same node in which case the issue is moot)\n" +" Change maximum HOTP synchronization window to 50:\n" +" ipa hotpconfig-mod --hotp-sync-window=50\n" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:86 +msgid "TOTP authentication Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:87 +msgid "TOTP authentication time variance (seconds)" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:92 +msgid "TOTP Synchronization Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:93 +msgid "TOTP synchronization time variance (seconds)" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:98 +msgid "HOTP Authentication Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:99 +msgid "HOTP authentication skip-ahead" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:104 +msgid "HOTP Synchronization Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:105 +msgid "HOTP synchronization skip-ahead" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:116 +msgid "Modify OTP configuration options." +msgstr "" + +#: ipaserver/plugins/otpconfig.py:121 +msgid "Show the current OTP configuration." +msgstr "" + +msgid "" "\n" -"The UNIX socket behavior (ldapi) with Directory Server is as follows:\n" +"OTP Tokens\n" "\n" -" * The socket ownership is: root:root\n" +"Manage OTP tokens.\n" "\n" -" * The socket permissions are: 0666\n" +"IPA supports the use of OTP tokens for multi-factor authentication. This\n" +"code enables the management of OTP tokens.\n" "\n" -" * When connecting via ldapi you must authenticate as you would\n" -" normally with a TCP socket, except ...\n" +"EXAMPLES:\n" "\n" -" * If autobind is enabled and the uid:gid is available via\n" -" SO_PEERCRED and the uid:gid can be found in the set of users known\n" -" to the Directory Server then that connection will be bound as that\n" -" user.\n" +" Add a new token:\n" +" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" "\n" -" * Otherwise an anonymous bind will occur.\n" +" Examine the token:\n" +" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" "\n" -"memcached UNIX socket behavior is as follows:\n" +" Change the vendor:\n" +" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red " +"Hat\"\n" +"\n" +" Delete a token:\n" +" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +msgstr "" + +#: ipaserver/plugins/subid.py:136 ipaserver/plugins/otptoken.py:160 +msgid "Unique ID" +msgstr "" + +#: ipaserver/plugins/otptoken.py:166 +msgid "Type of the token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:175 +msgid "Token description (informational only)" +msgstr "" + +#: ipaserver/plugins/subid.py:149 ipaserver/plugins/subid.py:467 +#: ipaserver/plugins/otptoken.py:179 ipaserver/plugins/internal.py:1400 +msgid "Owner" +msgstr "" + +#: ipaserver/plugins/otptoken.py:180 +msgid "Assigned user of the token (default: self)" +msgstr "" + +#: ipaserver/plugins/baseuser.py:395 +msgid "Manager" +msgstr "" + +#: ipaserver/plugins/otptoken.py:184 +msgid "Assigned manager of the token (default: self)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:189 ipaserver/plugins/internal.py:1961 +msgid "Disabled" +msgstr "" + +#: ipaserver/plugins/otptoken.py:190 +msgid "Mark the token as disabled (default: false)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:194 +msgid "Validity start" +msgstr "" + +#: ipaserver/plugins/otptoken.py:195 +msgid "First date/time the token can be used" +msgstr "" + +#: ipaserver/plugins/otptoken.py:199 +msgid "Validity end" +msgstr "" + +#: ipaserver/plugins/otptoken.py:200 +msgid "Last date/time the token can be used" +msgstr "" + +#: ipaserver/plugins/otptoken.py:204 +msgid "Vendor" +msgstr "" + +#: ipaserver/plugins/otptoken.py:205 +msgid "Token vendor name (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:209 +msgid "Model" +msgstr "" + +#: ipaserver/plugins/otptoken.py:210 +msgid "Token model (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:214 +msgid "Serial" +msgstr "" + +#: ipaserver/plugins/otptoken.py:215 +msgid "Token serial (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:220 +msgid "Token secret (Base32; default: random)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:230 +msgid "Token hash algorithm" +msgstr "" + +#: ipaserver/plugins/otptoken.py:238 +msgid "Digits" +msgstr "" + +#: ipaserver/plugins/otptoken.py:239 +msgid "Number of digits each token code will have" +msgstr "" + +#: ipaserver/plugins/otptoken.py:247 +msgid "Clock offset" +msgstr "" + +#: ipaserver/plugins/otptoken.py:248 +msgid "TOTP token / IPA server time difference" +msgstr "" + +#: ipaserver/plugins/otptoken.py:255 +msgid "Clock interval" +msgstr "" + +#: ipaserver/plugins/otptoken.py:256 +msgid "Length of TOTP token code validity" +msgstr "" + +#: ipaserver/plugins/otptoken.py:264 +msgid "Counter" +msgstr "" + +#: ipaserver/plugins/otptoken.py:265 +msgid "Initial counter for the HOTP token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:280 +msgid "Add a new OTP token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:284 +msgid "(deprecated)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:285 +msgid "Do not display QR code" +msgstr "" + +#: ipaserver/plugins/otptoken.py:463 +msgid "Add users that can manage this token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:366 +msgid "Delete an OTP token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:421 +msgid "Search for OTP token." +msgstr "" + +msgid "Results should contain primary key attribute only (\"id\")" +msgstr "" + +#: ipaserver/plugins/otptoken.py:372 +msgid "Modify a OTP token." +msgstr "" + +msgid "Rename the OTP token object" +msgstr "" + +#: ipaserver/plugins/otptoken.py:450 +msgid "Display information about an OTP token." +msgstr "" + +msgid "" "\n" -" * memcached can be invoked with a user argument, no group may be\n" -" specified. The effective uid is the uid of the user argument and\n" -" the effective gid is the primary group of the user, let's call\n" -" this euid:egid\n" +"YubiKey Tokens\n" "\n" -" * The socket ownership is: euid:egid\n" +"Manage YubiKey tokens.\n" "\n" -" * The socket permissions are 0700 by default, but this can be\n" -" modified by the -a mask command line arg which sets the umask\n" -" (defaults to 0700).\n" +"This code is an extension to the otptoken plugin and provides support for\n" +"reading/writing YubiKey tokens directly.\n" "\n" -"Overview of authentication in IPA\n" -"=================================\n" +"EXAMPLES:\n" "\n" -"This describes how we currently authenticate and how we plan to\n" -"improve authentication performance. First some definitions.\n" +" Add a new token:\n" +" ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n" +msgstr "" + +msgid "" "\n" -"There are 4 major players:\n" +"Set a user's password\n" "\n" -" 1. client\n" -" 2. mod_auth_kerb (in Apache process)\n" -" 3. wsgi handler (in IPA wsgi python process)\n" -" 4. ds (directory server)\n" +"If someone other than a user changes that user's password (e.g., Helpdesk\n" +"resets it) then the password will need to be changed the first time it\n" +"is used. This is so the end-user is the only one who knows the password.\n" "\n" -"There are several resources:\n" +"The IPA password policy controls how often a password may be changed,\n" +"what strength requirements exist, and the length of the password history.\n" "\n" -" 1. /ipa/ui (unprotected, web UI static resources)\n" -" 2. /ipa/xml (protected, xmlrpc RPC used by command line clients)\n" -" 3. /ipa/json (protected, json RPC used by javascript in web UI)\n" -" 4. ds (protected, wsgi acts as proxy, our LDAP server)\n" +"EXAMPLES:\n" "\n" -"Current Model\n" -"-------------\n" +" To reset your own password:\n" +" ipa passwd\n" "\n" -"This describes how things work in our current system for the web UI.\n" +" To change another user's password:\n" +" ipa passwd tuser1\n" +msgstr "" + +msgid "Set a user's password." +msgstr "" + +#: ipaserver/plugins/internal.py:1726 +msgid "New Password" +msgstr "" + +#: ipaserver/plugins/internal.py:1720 +msgid "Current Password" +msgstr "" + +#: ipaserver/plugins/internal.py:192 ipaserver/plugins/internal.py:1728 +msgid "OTP" +msgstr "" + +msgid "One Time Password" +msgstr "" + +msgid "" "\n" -" 1. Client requests /ipa/ui, this is unprotected, is static and\n" -" contains no sensitive information. Apache replies with html and\n" -" javascript. The javascript requests /ipa/json.\n" +"Permissions\n" "\n" -" 2. Client sends post to /ipa/json.\n" +"A permission enables fine-grained delegation of rights. A permission is\n" +"a human-readable wrapper around a 389-ds Access Control Rule,\n" +"or instruction (ACI).\n" +"A permission grants the right to perform a specific task such as adding a\n" +"user, modifying a group, etc.\n" "\n" -" 3. mod_auth_kerb is configured to protect /ipa/json, replies 401\n" -" authenticate negotiate.\n" +"A permission may not contain other permissions.\n" "\n" -" 4. Client resends with credentials\n" +"* A permission grants access to read, write, add, delete, read, search,\n" +" or compare.\n" +"* A privilege combines similar permissions (for example all the permissions\n" +" needed to add a user).\n" +"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" "\n" -" 5. mod_auth_kerb validates credentials\n" +"A permission is made up of a number of different parts:\n" "\n" -" a. if invalid replies 403 access denied (stops here)\n" +"1. The name of the permission.\n" +"2. The target of the permission.\n" +"3. The rights granted by the permission.\n" "\n" -" b. if valid creates temporary ccache, adds KRB5CCNAME to request\n" -" headers\n" +"Rights define what operations are allowed, and may be one or more\n" +"of the following:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. search - search on one or more attributes\n" +"4. compare - compare one or more attributes\n" +"5. add - add a new entry to the tree\n" +"6. delete - delete an existing entry\n" +"7. all - all permissions are granted\n" "\n" -" 6. Request passed to wsgi handler\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" "\n" -" a. validates request, KRB5CCNAME must be present, referrer, etc.\n" +"There are a number of allowed targets:\n" +"1. subtree: a DN; the permission applies to the subtree under this DN\n" +"2. target filter: an LDAP filter\n" +"3. target: DN with possible wildcards, specifies entries permission applies " +"to\n" "\n" -" b. ccache saved and used to bind to ds\n" +"Additionally, there are the following convenience options.\n" +"Setting one of these options will set the corresponding attribute(s).\n" +"1. type: a type of object (user, group, etc); sets subtree and target " +"filter.\n" +"2. memberof: apply to members of a group; sets target filter\n" +"3. targetgroup: grant access to modify a specific group (such as granting\n" +" the rights to manage group membership); sets target.\n" "\n" -" c. routes to specified RPC handler.\n" +"Managed permissions\n" "\n" -" 7. wsgi handler replies to client\n" +"Permissions that come with IPA by default can be so-called \"managed\"\n" +"permissions. These have a default set of attributes they apply to,\n" +"but the administrator can add/remove individual attributes to/from the set.\n" "\n" -"Proposed new session based optimization\n" -"---------------------------------------\n" +"Deleting or renaming a managed permission, as well as changing its target,\n" +"is not allowed.\n" "\n" -"The round trip negotiate and credential validation in steps 3,4,5 is\n" -"expensive. This can be avoided if we can cache the client\n" -"credentials. With client sessions we can store the client credentials\n" -"in the session bound to the client.\n" +"EXAMPLES:\n" "\n" -"A few notes about the session implementation.\n" +" Add a permission that grants the creation of users:\n" +" ipa permission-add --type=user --permissions=add \"Add Users\"\n" "\n" -" * based on session cookies, cookies must be enabled\n" +" Add a permission that grants the ability to manage group membership:\n" +" ipa permission-add --attrs=member --permissions=write --type=group " +"\"Manage Group Members\"\n" +msgstr "" + +#: ipaserver/plugins/permission.py:237 +msgid "Permission name" +msgstr "" + +#: ipaserver/plugins/permission.py:246 +msgid "Granted rights" +msgstr "" + +#: ipaserver/plugins/permission.py:247 +msgid "Rights to grant (read, search, compare, write, add, delete, all)" +msgstr "" + +#: ipaserver/plugins/permission.py:254 +msgid "Effective attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:255 +msgid "All attributes to which the permission applies" +msgstr "" + +#: ipaserver/plugins/permission.py:260 +msgid "Included attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:261 +msgid "User-specified attributes to which the permission applies" +msgstr "" + +#: ipaserver/plugins/permission.py:266 +msgid "Excluded attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:267 +msgid "" +"User-specified attributes to which the permission explicitly does not apply" +msgstr "" + +#: ipaserver/plugins/permission.py:273 +msgid "Default attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:274 +msgid "Attributes to which the permission applies by default" +msgstr "" + +#: ipaserver/plugins/permission.py:280 ipaserver/plugins/permission.py:281 +msgid "Bind rule type" +msgstr "" + +#: ipaserver/plugins/permission.py:291 +msgid "Subtree to apply permissions to" +msgstr "" + +#: ipaserver/plugins/permission.py:299 ipaserver/plugins/permission.py:300 +msgid "Extra target filter" +msgstr "" + +#: ipaserver/plugins/permission.py:306 +msgid "Raw target filter" +msgstr "" + +#: ipaserver/plugins/permission.py:307 +msgid "All target filters, including those implied by type and memberof" +msgstr "" + +#: ipaserver/plugins/permission.py:314 +msgid "Target DN" +msgstr "" + +#: ipaserver/plugins/permission.py:315 +msgid "" +"Optional DN to apply the permission to (must be in the subtree, but may not " +"yet exist)" +msgstr "" + +#: ipaserver/plugins/permission.py:336 +msgid "Member of group" +msgstr "" + +#: ipaserver/plugins/permission.py:337 +msgid "Target members of a group (sets memberOf targetfilter)" +msgstr "" + +#: ipaserver/plugins/permission.py:342 +msgid "User group to apply permissions to (sets target)" +msgstr "" + +#: ipaserver/plugins/permission.py:348 +msgid "Type of IPA object (sets subtree and objectClass targetfilter)" +msgstr "" + +msgid "Deprecated; use extratargetfilter" +msgstr "" + +msgid "Deprecated; use ipapermlocation" +msgstr "" + +msgid "Deprecated; use ipapermright" +msgstr "" + +msgid "Granted to Privilege" +msgstr "" + +#: ipaserver/plugins/baseldap.py:143 +msgid "Indirect Member of roles" +msgstr "" + +#: ipaserver/plugins/permission.py:1020 +msgid "Add a new permission." +msgstr "" + +#: ipaserver/plugins/permission.py:1442 +msgid "Add members to a permission." +msgstr "" + +msgid "member privilege" +msgstr "" + +msgid "privileges to add" +msgstr "" + +#: ipaserver/plugins/permission.py:992 +msgid "Add a system permission without an ACI (internal command)" +msgstr "" + +#: ipaserver/plugins/permission.py:170 +msgid "Permission flags" +msgstr "" + +#: ipaserver/plugins/permission.py:1090 +msgid "Delete a permission." +msgstr "" + +#: ipaserver/plugins/permission.py:1098 +msgid "force delete of SYSTEM permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1299 +msgid "Search for permissions." +msgstr "" + +#: ipaserver/plugins/permission.py:1125 +msgid "Modify a permission." +msgstr "" + +msgid "Rename the permission object" +msgstr "" + +#: ipaserver/plugins/permission.py:1454 +msgid "Remove members from a permission." +msgstr "" + +msgid "privileges to remove" +msgstr "" + +#: ipaserver/plugins/permission.py:1432 +msgid "Display information about a permission." +msgstr "" + +msgid "" "\n" -" * session cookie is secure, only passed on secure connections, only\n" -" passed to our URL resource, never visible to client javascript\n" -" etc.\n" +"Ping the remote IPA server to ensure it is running.\n" "\n" -" * session cookie has a session id which is used by wsgi handler to\n" -" retrieve client session data from shared multi-process cache.\n" +"The ping command sends an echo request to an IPA server. The server\n" +"returns its version information. This is used by an IPA client\n" +"to confirm that the server is available and accepting requests.\n" "\n" -"Changes to Apache's resource protection\n" -"---------------------------------------\n" +"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n" +"If it does not respond then the client will contact any servers defined\n" +"by ldap SRV records in DNS.\n" "\n" -" * /ipa/json is no longer protected by mod_auth_kerb. This is\n" -" necessary to avoid the negotiate expense in steps 3,4,5\n" -" above. Instead the /ipa/json resource will be protected in our wsgi\n" -" handler via the session cookie.\n" +"EXAMPLES:\n" "\n" -" * A new protected URI is introduced, /ipa/login. This resource\n" -" does no serve any data, it is used exclusively for authentication.\n" +" Ping an IPA server:\n" +" ipa ping\n" +" ------------------------------------------\n" +" IPA server version 2.1.9. API version 2.20\n" +" ------------------------------------------\n" "\n" -"The new sequence is:\n" +" Ping an IPA server verbosely:\n" +" ipa -v ping\n" +" ipa: INFO: trying https://ipa.example.com/ipa/xml\n" +" ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'\n" +" -----------------------------------------------------\n" +" IPA server version 2.1.9. API version 2.20\n" +" -----------------------------------------------------\n" +msgstr "" + +msgid "Ping a remote server." +msgstr "" + +msgid "" "\n" -" 1. Client requests /ipa/ui, this is unprotected. Apache replies with\n" -" html and javascript. The javascript requests /ipa/json.\n" +"Kerberos pkinit options\n" "\n" -" 2. Client sends post to /ipa/json, which is unprotected.\n" +"Enable or disable anonymous pkinit using the principal\n" +"WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with\n" +"pkinit support.\n" "\n" -" 3. wsgi handler obtains session data from session cookie.\n" +"EXAMPLES:\n" "\n" -" a. if ccache is present in session data and is valid\n" +" Enable anonymous pkinit:\n" +" ipa pkinit-anonymous enable\n" "\n" -" - request is further validated\n" +" Disable anonymous pkinit:\n" +" ipa pkinit-anonymous disable\n" "\n" -" - ccache is established for bind to ds\n" +"For more information on anonymous pkinit see:\n" "\n" -" - request is routed to RPC handler\n" +"http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit\n" +msgstr "" + +msgid "Enable or Disable Anonymous PKINIT." +msgstr "" + +#: ipaserver/plugins/privilege.py:37 +msgid "" "\n" -" - wsgi handler eventually replies to client\n" +"Privileges\n" "\n" -" b. if ccache is not present or not valid processing continues ...\n" +"A privilege combines permissions into a logical task. A permission provides\n" +"the rights to do a single task. There are some IPA operations that require\n" +"multiple permissions to succeed. A privilege is where permissions are\n" +"combined in order to perform a specific task.\n" "\n" -" 4. wsgi handler replies with 401 Unauthorized\n" +"For example, adding a user requires the following permissions:\n" +" * Creating a new user entry\n" +" * Resetting a user password\n" +" * Adding the new user to the default IPA users group\n" "\n" -" 5. client sends request to /ipa/login to obtain session credentials\n" +"Combining these three low-level tasks into a higher level task in the\n" +"form of a privilege named \"Add User\" makes it easier to manage Roles.\n" "\n" -" 6. mod_auth_kerb replies 401 negotiate on /ipa/login\n" +"A privilege may not contain other privileges.\n" "\n" -" 7. client sends credentials to /ipa/login\n" +"See role and permission for additional information.\n" +msgstr "" + +#: ipaserver/plugins/privilege.py:154 +msgid "Privilege name" +msgstr "" + +#: ipaserver/plugins/privilege.py:160 +msgid "Privilege description" +msgstr "" + +#: ipaserver/plugins/baseldap.py:89 +msgid "Granting privilege to roles" +msgstr "" + +#: ipaserver/plugins/privilege.py:167 +msgid "Add a new privilege." +msgstr "" + +#: ipaserver/plugins/privilege.py:202 +msgid "Add members to a privilege." +msgstr "" + +msgid "member role" +msgstr "" + +msgid "roles to add" +msgstr "" + +#: ipaserver/plugins/privilege.py:215 +msgid "Add permissions to a privilege." +msgstr "" + +#: ipaserver/plugins/permission.py:181 +msgid "permission" +msgstr "" + +#: ipaserver/plugins/permission.py:182 +msgid "permissions" +msgstr "" + +#: ipaserver/plugins/privilege.py:230 +msgid "Number of permissions added" +msgstr "" + +#: ipaserver/plugins/privilege.py:174 +msgid "Delete a privilege." +msgstr "" + +#: ipaserver/plugins/privilege.py:188 +msgid "Search for privileges." +msgstr "" + +#: ipaserver/plugins/privilege.py:181 +msgid "Modify a privilege." +msgstr "" + +msgid "Rename the privilege object" +msgstr "" + +#: ipaserver/plugins/privilege.py:209 +msgid "Remove members from a privilege" +msgstr "" + +msgid "roles to remove" +msgstr "" + +#: ipaserver/plugins/privilege.py:244 +msgid "Remove permissions from a privilege." +msgstr "" + +#: ipaserver/plugins/privilege.py:262 +msgid "Number of permissions removed" +msgstr "" + +#: ipaserver/plugins/privilege.py:197 +msgid "Display information about a privilege." +msgstr "" + +msgid "" "\n" -" 8. mod_auth_kerb validates credentials\n" +"Password policy\n" "\n" -" a. if valid\n" +"A password policy sets limitations on IPA passwords, including maximum\n" +"lifetime, minimum lifetime, the number of passwords to save in\n" +"history, the number of character classes required (for stronger passwords)\n" +"and the minimum password length.\n" "\n" -" - mod_auth_kerb permits access to /ipa/login. wsgi handler is\n" -" invoked and does the following:\n" +"By default there is a single, global policy for all users. You can also\n" +"create a password policy to apply to a group. Each user is only subject\n" +"to one password policy, either the group policy or the global policy. A\n" +"group policy stands alone; it is not a super-set of the global policy plus\n" +"custom settings.\n" "\n" -" * establishes session for client\n" +"Each group password policy requires a unique priority setting. If a user\n" +"is in multiple groups that have password policies, this priority determines\n" +"which password policy is applied. A lower value indicates a higher priority\n" +"policy.\n" "\n" -" * retrieves the ccache from KRB5CCNAME and stores it\n" +"Group password policies are automatically removed when the groups they\n" +"are associated with are removed.\n" "\n" -" a. if invalid\n" +"EXAMPLES:\n" "\n" -" - mod_auth_kerb sends 403 access denied (processing stops)\n" +" Modify the global policy:\n" +" ipa pwpolicy-mod --minlength=10\n" "\n" -" 9. client now posts the same data again to /ipa/json including\n" -" session cookie. Processing repeats starting at step 2 and since\n" -" the session data now contains a valid ccache step 3a executes, a\n" -" successful reply is sent to client.\n" +" Add a new group password policy:\n" +" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" +"minlength=8 --priority=10 localadmins\n" "\n" -"Command line client using xmlrpc\n" -"--------------------------------\n" +" Display the global password policy:\n" +" ipa pwpolicy-show\n" "\n" -"The above describes the web UI utilizing the json RPC mechanism. The\n" -"IPA command line tools utilize a xmlrpc RPC mechanism on the same\n" -"HTTP server. Access to the xmlrpc is via the /ipa/xml URI. The json\n" -"and xmlrpc API's are the same, they differ only on how their procedure\n" -"calls are marshalled and unmarshalled.\n" +" Display a group password policy:\n" +" ipa pwpolicy-show localadmins\n" "\n" -"Under the new scheme /ipa/xml will continue to be Kerberos protected\n" -"at all times. Apache's mod_auth_kerb will continue to require the\n" -"client provides valid Kerberos credentials.\n" +" Display the policy that would be applied to a given user:\n" +" ipa pwpolicy-show --user=tuser1\n" "\n" -"When the WSGI handler routes to /ipa/xml the Kerberos credentials will\n" -"be extracted from the KRB5CCNAME environment variable as provided by\n" -"mod_auth_kerb. Everything else remains the same.\n" +" Modify a group password policy:\n" +" ipa pwpolicy-mod --minclasses=2 localadmins\n" msgstr "" -msgid "RPC command used to log the current user out of their session." +#: ipaserver/plugins/pwpolicy.py:307 ipaserver/plugins/internal.py:1681 +msgid "Group" msgstr "" -msgid "" -"\n" -"Sudo Commands\n" -"\n" -"Commands used as building blocks for sudo\n" -"\n" -"EXAMPLES:\n" -"\n" -" Create a new command\n" -" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" -"\n" -" Remove a command\n" -" ipa sudocmd-del /usr/bin/less\n" +#: ipaserver/plugins/pwpolicy.py:308 +msgid "Manage password policy for specific group" msgstr "" -#: ipaserver/plugins/sudocmd.py:118 ipaserver/plugins/sudocmd.py:123 -msgid "Sudo Command" +#: ipaserver/plugins/pwpolicy.py:313 +msgid "Max lifetime (days)" msgstr "" -#: ipaserver/plugins/sudocmd.py:129 -msgid "A description of this command" +#: ipaserver/plugins/pwpolicy.py:314 +msgid "Maximum password lifetime (in days)" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:118 ipaserver/plugins/sudocmdgroup.py:138 -#: ipaserver/plugins/baseldap.py:83 -msgid "Sudo Command Groups" +#: ipaserver/plugins/pwpolicy.py:320 +msgid "Min lifetime (hours)" msgstr "" -msgid "Create new Sudo Command." +#: ipaserver/plugins/pwpolicy.py:321 +msgid "Minimum password lifetime (in hours)" msgstr "" -#: ipaserver/plugins/sudocmd.py:158 -msgid "Delete Sudo Command." +#: ipaserver/plugins/pwpolicy.py:326 +msgid "History size" msgstr "" -#: ipaserver/plugins/sudocmd.py:198 -msgid "Search for Sudo Commands." +#: ipaserver/plugins/pwpolicy.py:327 +msgid "Password history size" msgstr "" -msgid "Results should contain primary key attribute only (\"command\")" +#: ipaserver/plugins/pwpolicy.py:332 +msgid "Character classes" msgstr "" -#: ipaserver/plugins/sudocmd.py:191 -msgid "Modify Sudo Command." +#: ipaserver/plugins/pwpolicy.py:333 +msgid "Minimum number of character classes" msgstr "" -#: ipaserver/plugins/sudocmd.py:207 -msgid "Display Sudo Command." +#: ipaserver/plugins/pwpolicy.py:339 +msgid "Min length" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:340 +msgid "Minimum length of password" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:346 +msgid "Priority of the policy (higher number means lower priority" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:353 +msgid "Max failures" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:354 +msgid "Consecutive failures before lockout" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:360 +msgid "Failure reset interval" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:361 +msgid "Period after which failure count will be reset (seconds)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:367 +msgid "Lockout duration" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:368 +msgid "Period for which lockout is enforced (seconds)" +msgstr "" + +msgid "Results should contain primary key attribute only (\"cn\")" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:529 +msgid "Add a new group password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:557 +msgid "Delete a group password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:669 +msgid "Search for group password policies." +msgstr "" + +msgid "Results should contain primary key attribute only (\"group\")" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:584 +msgid "Modify a group password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:637 +msgid "Display information about password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:641 ipaserver/plugins/internal.py:1203 +#: ipaserver/plugins/internal.py:1327 ipaserver/plugins/internal.py:1715 +#: ipaserver/plugins/user.py:180 ipaserver/plugins/baseuser.py:251 +msgid "User" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:642 +msgid "Display effective policy for a specific user" msgstr "" msgid "" "\n" -"Groups of Sudo Commands\n" +"RADIUS Proxy Servers\n" "\n" -"Manage groups of Sudo Commands.\n" +"Manage RADIUS Proxy Servers.\n" +"\n" +"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n" +"authentications. This permits a great deal of flexibility when\n" +"integrating with third-party authentication services.\n" "\n" "EXAMPLES:\n" "\n" -" Add a new Sudo Command Group:\n" -" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" +" Add a new server:\n" +" ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n" "\n" -" Remove a Sudo Command Group:\n" -" ipa sudocmdgroup-del admincmds\n" +" Find all servers whose entries include the string \"example.com\":\n" +" ipa radiusproxy-find example.com\n" "\n" -" Manage Sudo Command Group membership, commands:\n" -" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" -"vim admincmds\n" +" Examine the configuration:\n" +" ipa radiusproxy-show MyRADIUS\n" "\n" -" Manage Sudo Command Group membership, commands:\n" -" ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n" +" Change the secret:\n" +" ipa radiusproxy-mod MyRADIUS --secret\n" "\n" -" Show a Sudo Command Group:\n" -" ipa group-show localadmins\n" +" Delete a configuration:\n" +" ipa radiusproxy-del MyRADIUS\n" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:119 ipaserver/plugins/sudocmdgroup.py:124 -msgid "Sudo Command Group" +#: ipaserver/plugins/radiusproxy.py:112 +msgid "RADIUS proxy server name" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:131 ipaserver/plugins/group.py:350 -msgid "Group description" +#: ipaserver/plugins/radiusproxy.py:118 +msgid "A description of this RADIUS proxy server" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:122 ipaserver/plugins/user.py:1221 +msgid "Server" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:123 +msgid "The hostname or IP (with or without port)" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:127 ipaserver/plugins/idp.py:152 +msgid "Secret" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:128 +msgid "The secret used to encrypt data" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:133 +msgid "Timeout" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:134 +msgid "The total timeout across all retries (in seconds)" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:139 +msgid "Retries" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:140 +msgid "The number of times to retry authentication" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:146 +msgid "User attribute" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:147 +msgid "The username attribute on the user object" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:134 ipaserver/plugins/internal.py:1428 -msgid "Commands" +#: ipaserver/plugins/radiusproxy.py:171 +msgid "Add a new RADIUS proxy server." msgstr "" -msgid "Member Sudo commands" +#: ipaserver/plugins/radiusproxy.py:176 +msgid "Delete a RADIUS proxy server." msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:147 -msgid "Create new Sudo Command Group." +#: ipaserver/plugins/radiusproxy.py:186 +msgid "Search for RADIUS proxy servers." msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:188 -msgid "Add members to Sudo Command Group." +#: ipaserver/plugins/radiusproxy.py:181 +msgid "Modify a RADIUS proxy server." msgstr "" -msgid "member sudo command" +msgid "Rename the RADIUS proxy server object" msgstr "" -msgid "sudo commands to add" +#: ipaserver/plugins/radiusproxy.py:201 +msgid "Display information about a RADIUS proxy server." msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:155 -msgid "Delete Sudo Command Group." +msgid "" +"\n" +"Realm domains\n" +"\n" +"Manage the list of domains associated with IPA realm.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Display the current list of realm domains:\n" +" ipa realmdomains-show\n" +"\n" +" Replace the list of realm domains:\n" +" ipa realmdomains-mod --domain=example.com\n" +" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" +"\n" +" Add a domain to the list of realm domains:\n" +" ipa realmdomains-mod --add-domain=newdomain.com\n" +"\n" +" Delete a domain from the list of realm domains:\n" +" ipa realmdomains-mod --del-domain=olddomain.com\n" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:171 -msgid "Search for Sudo Command Groups." +#: ipaserver/plugins/realmdomains.py:115 ipaserver/plugins/certmap.py:566 +#: ipaserver/plugins/trust.py:1249 ipaserver/plugins/internal.py:720 +#: ipaserver/plugins/internal.py:1562 +msgid "Domain" msgstr "" -msgid "" -"Results should contain primary key attribute only (\"sudocmdgroup-name\")" +#: ipaserver/plugins/realmdomains.py:121 +msgid "Add domain" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:163 -msgid "Modify Sudo Command Group." +#: ipaserver/plugins/realmdomains.py:127 +msgid "Delete domain" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:194 -msgid "Remove members from Sudo Command Group." +msgid "Modify realm domains." msgstr "" -msgid "sudo commands to remove" +#: ipaserver/plugins/realmdomains.py:152 +msgid "Force adding domain even if not in DNS" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:182 -msgid "Display Sudo Command Group." +#: ipaserver/plugins/realmdomains.py:361 +msgid "Display the list of realm domains." msgstr "" msgid "" "\n" -"Users\n" -"\n" -"Manage user entries. All users are POSIX users.\n" +"Roles\n" "\n" -"IPA supports a wide range of username formats, but you need to be aware of " -"any\n" -"restrictions that may apply to your particular environment. For example,\n" -"usernames that start with a digit or usernames that exceed a certain length\n" -"may cause problems for some UNIX systems.\n" -"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" +"A role is used for fine-grained delegation. A permission grants the ability\n" +"to perform given low-level tasks (add a user, modify a group, etc.). A\n" +"privilege combines one or more permissions into a higher-level abstraction\n" +"such as useradmin. A useradmin would be able to add, delete and modify " +"users.\n" "\n" -"Disabling a user account prevents that user from obtaining new Kerberos\n" -"credentials. It does not invalidate any credentials that have already\n" -"been issued.\n" +"Privileges are assigned to Roles.\n" "\n" -"Password management is not a part of this module. For more information\n" -"about this topic please see: ipa help passwd\n" +"Users, groups, hosts and hostgroups may be members of a Role.\n" "\n" -"Account lockout on password failure happens per IPA master. The user-status\n" -"command can be used to identify which master the user is locked out on.\n" -"It is on that master the administrator must unlock the user.\n" +"Roles can not contain other roles.\n" "\n" "EXAMPLES:\n" "\n" -" Add a new user:\n" -" ipa user-add --first=Tim --last=User --password tuser1\n" -"\n" -" Find all users whose entries include the string \"Tim\":\n" -" ipa user-find Tim\n" +" Add a new role:\n" +" ipa role-add --desc=\"Junior-level admin\" junioradmin\n" "\n" -" Find all users with \"Tim\" as the first name:\n" -" ipa user-find --first=Tim\n" +" Add some privileges to this role:\n" +" ipa role-add-privilege --privileges=addusers junioradmin\n" +" ipa role-add-privilege --privileges=change_password junioradmin\n" +" ipa role-add-privilege --privileges=add_user_to_default_group " +"junioradmin\n" "\n" -" Disable a user account:\n" -" ipa user-disable tuser1\n" +" Add a group of users to this role:\n" +" ipa group-add --desc=\"User admins\" useradmins\n" +" ipa role-add-member --groups=useradmins junioradmin\n" "\n" -" Enable a user account:\n" -" ipa user-enable tuser1\n" +" Display information about a role:\n" +" ipa role-show junioradmin\n" "\n" -" Delete a user:\n" -" ipa user-del tuser1\n" +" The result of this is that any users in the group 'junioradmin' can\n" +" add users, reset passwords or add a user to the default IPA user group.\n" msgstr "" -msgid "First name" +#: ipaserver/plugins/serverrole.py:64 ipaserver/plugins/serverrole.py:191 +msgid "Role name" msgstr "" -msgid "Last name" +msgid "A description of this role-group" msgstr "" -#: ipaserver/plugins/schema.py:152 -msgid "Full name" +msgid "Privileges" msgstr "" -msgid "Display name" +msgid "Member services" msgstr "" -msgid "Initials" +msgid "Add a new role." msgstr "" -msgid "Kerberos principal" +msgid "Add members to a role." msgstr "" -#: ipaserver/plugins/baseuser.py:319 -msgid "Kerberos principal expiration" +msgid "member service" msgstr "" -msgid "Email address" +msgid "services to add" msgstr "" -msgid "Prompt to set the user password" +msgid "Add privileges to a role." msgstr "" -msgid "Generate a random user password" +msgid "privilege" msgstr "" -msgid "User ID Number (system will assign one if not provided)" +#: ipaserver/plugins/privilege.py:107 +msgid "privileges" msgstr "" -msgid "Street address" +msgid "Number of privileges added" msgstr "" -msgid "City" +msgid "Delete a role." msgstr "" -msgid "State/Province" +msgid "Search for roles." msgstr "" -msgid "ZIP" +msgid "Modify a role." msgstr "" -msgid "Telephone Number" +msgid "Rename the role object" msgstr "" -msgid "Mobile Telephone Number" +msgid "Remove members from a role." msgstr "" -msgid "Pager Number" +msgid "services to remove" msgstr "" -msgid "Fax Number" +msgid "Remove privileges from a role." msgstr "" -msgid "Org. Unit" +msgid "Number of privileges removed" msgstr "" -msgid "Job Title" +msgid "Display information about a role." msgstr "" -#: ipaserver/plugins/baseuser.py:395 -msgid "Manager" +#: ipaserver/plugins/selfservice.py:28 +msgid "" +"\n" +"Self-service Permissions\n" +"\n" +"A permission enables fine-grained delegation of permissions. Access Control\n" +"Rules, or instructions (ACIs), grant permission to permissions to perform\n" +"given tasks such as adding a user, modifying a group, etc.\n" +"\n" +"A Self-service permission defines what an object can change in its own " +"entry.\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a self-service rule to allow users to manage their address (using Bash\n" +" brace expansion):\n" +" ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c," +"st} \"Users manage their own address\"\n" +"\n" +" When managing the list of attributes you need to include all attributes\n" +" in the list, including existing ones.\n" +" Add telephoneNumber to the list (using Bash brace expansion):\n" +" ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} " +"\"Users manage their own address\"\n" +"\n" +" Display our updated rule:\n" +" ipa selfservice-show \"Users manage their own address\"\n" +"\n" +" Delete a rule:\n" +" ipa selfservice-del \"Users manage their own address\"\n" msgstr "" -msgid "Car License" +#: ipaserver/plugins/selfservice.py:76 ipaserver/plugins/selfservice.py:77 +msgid "Self-service name" msgstr "" -msgid "Account disabled" +#: ipaserver/plugins/selfservice.py:90 +msgid "Attributes to which the permission applies." +msgstr "" + +#: ipaserver/plugins/selfservice.py:122 +msgid "Add a new self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:143 +msgid "Delete a self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:182 +msgid "Search for a self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:161 +msgid "Modify a self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:208 +msgid "Display information about a self-service permission." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:42 +msgid "" +"\n" +"SELinux User Mapping\n" +"\n" +"Map IPA users to SELinux users by host.\n" +"\n" +"Hosts, hostgroups, users and groups can be either defined within\n" +"the rule or it may point to an existing HBAC rule. When using\n" +"--hbacrule option to selinuxusermap-find an exact match is made on the\n" +"HBAC rule name, so only one or zero entries will be returned.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a rule, \"test1\", that sets all users to xguest_u:s0 on the host " +"\"server\":\n" +" ipa selinuxusermap-add --usercat=all --selinuxuser=xguest_u:s0 test1\n" +" ipa selinuxusermap-add-host --hosts=server.example.com test1\n" +"\n" +" Create a rule, \"test2\", that sets all users to guest_u:s0 and uses an " +"existing HBAC rule for users and hosts:\n" +" ipa selinuxusermap-add --usercat=all --hbacrule=webserver --" +"selinuxuser=guest_u:s0 test2\n" +"\n" +" Display the properties of a rule:\n" +" ipa selinuxusermap-show test2\n" +"\n" +" Create a rule for a specific user. This sets the SELinux context for\n" +" user john to unconfined_u:s0-s0:c0.c1023 on any machine:\n" +" ipa selinuxusermap-add --hostcat=all --selinuxuser=unconfined_u:s0-s0:c0." +"c1023 john_unconfined\n" +" ipa selinuxusermap-add-user --users=john john_unconfined\n" +"\n" +" Disable a rule:\n" +" ipa selinuxusermap-disable test1\n" +"\n" +" Enable a rule:\n" +" ipa selinuxusermap-enable test1\n" +"\n" +" Find a rule referencing a specific HBAC rule:\n" +" ipa selinuxusermap-find --hbacrule=allow_some\n" +"\n" +" Remove a rule:\n" +" ipa selinuxusermap-del john_unconfined\n" +"\n" +"SEEALSO:\n" +"\n" +" The list controlling the order in which the SELinux user map is applied\n" +" and the default SELinux user are available in the config-show command.\n" msgstr "" -#: ipaserver/plugins/baseuser.py:413 -msgid "User authentication types" +#: ipaserver/plugins/selinuxusermap.py:244 +msgid "SELinux User" msgstr "" -#: ipaserver/plugins/baseuser.py:414 -msgid "Types of supported user authentication" +#: ipaserver/plugins/hbacrule.py:202 ipaserver/plugins/selinuxusermap.py:248 +msgid "HBAC Rule" msgstr "" -#: ipaserver/plugins/baseuser.py:421 -msgid "" -"User category (semantics placed on this attribute are for local " -"interpretation)" +#: ipaserver/plugins/selinuxusermap.py:249 +msgid "HBAC Rule that defines the users, groups and hostgroups" msgstr "" -#: ipaserver/plugins/baseuser.py:426 -msgid "RADIUS proxy configuration" +#: ipaserver/plugins/selinuxusermap.py:328 +msgid "Create a new SELinux User Map." msgstr "" -#: ipaserver/plugins/baseuser.py:430 -msgid "RADIUS proxy username" +#: ipaserver/plugins/selinuxusermap.py:590 +msgid "Add target hosts and hostgroups to an SELinux User Map rule." msgstr "" -#: ipaserver/plugins/baseuser.py:442 -msgid "Department Number" +#: ipaserver/plugins/selinuxusermap.py:557 +msgid "Add users and groups to an SELinux User Map rule." msgstr "" -#: ipaserver/plugins/baseuser.py:445 -msgid "Employee Number" +#: ipaserver/plugins/selinuxusermap.py:366 +msgid "Delete a SELinux User Map." msgstr "" -#: ipaserver/plugins/baseuser.py:448 -msgid "Employee Type" +#: ipaserver/plugins/selinuxusermap.py:527 +msgid "Disable an SELinux User Map rule." msgstr "" -#: ipaserver/plugins/baseuser.py:451 -msgid "Preferred Language" +#: ipaserver/plugins/selinuxusermap.py:497 +msgid "Enable an SELinux User Map rule." msgstr "" -msgid "Member of groups" +#: ipaserver/plugins/selinuxusermap.py:446 +msgid "Search for SELinux User Maps." msgstr "" -msgid "Indirect Member of group" +#: ipaserver/plugins/selinuxusermap.py:374 +msgid "Modify a SELinux User Map." msgstr "" -msgid "Kerberos keys available" +#: ipaserver/plugins/selinuxusermap.py:614 +msgid "Remove target hosts and hostgroups from an SELinux User Map rule." msgstr "" -msgid "Add a new user." +#: ipaserver/plugins/selinuxusermap.py:581 +msgid "Remove users and groups from an SELinux User Map rule." msgstr "" -msgid "Don't create user private group" +#: ipaserver/plugins/selinuxusermap.py:486 +msgid "Display the properties of a SELinux User Map rule." msgstr "" -msgid "Delete a user." +msgid "" +"\n" +"Services\n" +"\n" +"A IPA service represents a service that runs on a host. The IPA service\n" +"record can store a Kerberos principal, an SSL certificate, or both.\n" +"\n" +"An IPA service can be managed directly from a machine, provided that\n" +"machine has been given the correct permission. This is true even for\n" +"machines other than the one the service is associated with. For example,\n" +"requesting an SSL certificate using the host service principal credentials\n" +"of the host. To manage a service using host credentials you need to\n" +"kinit as the host:\n" +"\n" +" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" +"\n" +"Adding an IPA service allows the associated service to request an SSL\n" +"certificate or keytab, but this is performed as a separate step; they\n" +"are not produced as a result of adding the service.\n" +"\n" +"Only the public aspect of a certificate is stored in a service record;\n" +"the private key is not stored.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new IPA service:\n" +" ipa service-add HTTP/web.example.com\n" +"\n" +" Allow a host to manage an IPA service certificate:\n" +" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" +" ipa role-add-member --hosts=web.example.com certadmin\n" +"\n" +" Override a default list of supported PAC types for the service:\n" +" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" +"\n" +" A typical use case where overriding the PAC type is needed is NFS.\n" +" Currently the related code in the Linux kernel can only handle Kerberos\n" +" tickets up to a maximal size. Since the PAC data can become quite large " +"it\n" +" is recommended to set --pac-type=NONE for NFS services.\n" +"\n" +" Delete an IPA service:\n" +" ipa service-del HTTP/web.example.com\n" +"\n" +" Find all IPA services associated with a host:\n" +" ipa service-find web.example.com\n" +"\n" +" Find all HTTP services:\n" +" ipa service-find HTTP\n" +"\n" +" Disable the service Kerberos key and SSL certificate:\n" +" ipa service-disable HTTP/web.example.com\n" +"\n" +" Request a certificate for an IPA service:\n" +" ipa cert-request --principal=HTTP/web.example.com example.csr\n" +"\n" +" Allow user to create a keytab:\n" +" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" +"\n" +" Generate and retrieve a keytab for an IPA service:\n" +" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" +"httpd.keytab\n" msgstr "" -msgid "Disable a user account." +#: ipaserver/plugins/service.py:531 +msgid "Service principal" msgstr "" -msgid "Enable a user account." +#: ipaserver/plugins/service.py:598 +msgid "PAC type" msgstr "" -msgid "Search for users." +#: ipaserver/plugins/service.py:599 +msgid "" +"Override default list of supported PAC types. Use 'NONE' to disable PAC " +"support for this service, e.g. this might be necessary for NFS services." msgstr "" -msgid "Self" +msgid "Add a new IPA new service." msgstr "" -msgid "Display user record for current Kerberos principal" +msgid "force principal name even if not in DNS" msgstr "" -msgid "Results should contain primary key attribute only (\"login\")" +#: ipaserver/plugins/service.py:1061 +msgid "Add hosts that can manage this service." msgstr "" -msgid "Search for users with these member of groups." +#: ipaserver/plugins/service.py:1117 +msgid "" +"Allow users, groups, hosts or host groups to create a keytab of this service." msgstr "" -msgid "Search for users without these member of groups." +#: ipaserver/plugins/service.py:1078 +msgid "" +"Allow users, groups, hosts or host groups to retrieve a keytab of this " +"service." msgstr "" -msgid "Search for users with these member of netgroups." +#: ipaserver/plugins/service.py:887 +msgid "Delete an IPA service." msgstr "" -msgid "Search for users without these member of netgroups." +#: ipaserver/plugins/service.py:1156 +msgid "Disable the Kerberos key and SSL certificate of a service." msgstr "" -msgid "Search for users with these member of roles." +#: ipaserver/plugins/service.py:1137 +msgid "" +"Disallow users, groups, hosts or host groups to create a keytab of this " +"service." msgstr "" -msgid "Search for users without these member of roles." +#: ipaserver/plugins/service.py:1098 +msgid "" +"Disallow users, groups, hosts or host groups to retrieve a keytab of this " +"service." msgstr "" -msgid "Search for users with these member of HBAC rules." +#: ipaserver/plugins/service.py:957 +msgid "Search for IPA services." msgstr "" -msgid "Search for users without these member of HBAC rules." +msgid "Results should contain primary key attribute only (\"principal\")" msgstr "" -msgid "Search for users with these member of sudo rules." +msgid "Search for services with these managed by hosts." msgstr "" -msgid "Search for users without these member of sudo rules." +msgid "Search for services without these managed by hosts." msgstr "" -msgid "Modify a user." +#: ipaserver/plugins/service.py:907 +msgid "Modify an existing IPA service." msgstr "" -msgid "Rename the user object" +#: ipaserver/plugins/service.py:1070 +msgid "Remove hosts that can manage this service." msgstr "" -msgid "Display information about a user." +#: ipaserver/plugins/service.py:1024 +msgid "Display information about an IPA service." msgstr "" msgid "" "\n" -"Lockout status of a user account\n" +"Session Support for IPA\n" +"John Dennis \n" +"\n" +"Goals\n" +"=====\n" +"\n" +"Provide per-user session data caching which persists between\n" +"requests. Desired features are:\n" +"\n" +"* Integrates cleanly with minimum impact on existing infrastructure.\n" +"\n" +"* Provides maximum security balanced against real-world performance\n" +" demands.\n" +"\n" +"* Sessions must be able to be revoked (flushed).\n" +"\n" +"* Should be flexible and easy to use for developers.\n" +"\n" +"* Should leverage existing technology and code to the maximum extent\n" +" possible to avoid re-invention, excessive implementation time and to\n" +" benefit from robustness in field proven components commonly shared\n" +" in the open source community.\n" +"\n" +"* Must support multiple independent processes which share session\n" +" data.\n" +"\n" +"* System must function correctly if session data is available or not.\n" +"\n" +"* Must be high performance.\n" +"\n" +"* Should not be tied to specific web servers or browsers. Should\n" +" integrate with our chosen WSGI model.\n" +"\n" +"Issues\n" +"======\n" +"\n" +"Cookies\n" +"-------\n" +"\n" +"Most session implementations are based on the use of cookies. Cookies\n" +"have some inherent problems.\n" +"\n" +"* User has the option to disable cookies.\n" +"\n" +"* User stored cookie data is not secure. Can be mitigated by setting\n" +" flags indicating the cookie is only to be used with SSL secured HTTP\n" +" connections to specific web resources and setting the cookie to\n" +" expire at session termination. Most modern browsers enforce these.\n" +"\n" +"Where to store session data?\n" +"----------------------------\n" +"\n" +"Session data may be stored on either on the client or on the\n" +"server. Storing session data on the client addresses the problem of\n" +"session data availability when requests are serviced by independent web\n" +"servers because the session data travels with the request. However\n" +"there are data size limitations. Storing session data on the client\n" +"also exposes sensitive data but this can be mitigated by encrypting\n" +"the session data such that only the server can decrypt it.\n" +"\n" +"The more conventional approach is to bind session data to a unique\n" +"name, the session ID. The session ID is transmitted to the client and\n" +"the session data is paired with the session ID on the server in a\n" +"associative data store. The session data is retrieved by the server\n" +"using the session ID when the receiving the request. This eliminates\n" +"exposing sensitive session data on the client along with limitations\n" +"on data size. It however introduces the issue of session data\n" +"availability when requests are serviced by more than one server\n" +"process.\n" +"\n" +"Multi-process session data availability\n" +"---------------------------------------\n" "\n" -" An account may become locked if the password is entered incorrectly too\n" -" many times within a specific time period as controlled by password\n" -" policy. A locked account is a temporary condition and may be unlocked " -"by\n" -" an administrator.\n" +"Apache (and other web servers) fork child processes to handle requests\n" +"in parallel. Also web servers may be deployed in a farm where requests\n" +"are load balanced in round robin fashion across different nodes. In\n" +"both cases session data cannot be stored in the memory of a server\n" +"process because it is not available to other processes, either sibling\n" +"children of a master server process or server processes on distinct\n" +"nodes.\n" "\n" -" This connects to each IPA master and displays the lockout status on\n" -" each one.\n" +"Typically this is addressed by storing session data in a SQL\n" +"database. When a request is received by a server process containing a\n" +"session ID in it's cookie data the session ID is used to perform a SQL\n" +"query and the resulting data is then attached to the request as it\n" +"proceeds through the request processing pipeline. This of course\n" +"introduces coherency issues.\n" "\n" -" To determine whether an account is locked on a given server you need\n" -" to compare the number of failed logins and the time of the last " -"failure.\n" -" For an account to be locked it must exceed the maxfail failures within\n" -" the failinterval duration as specified in the password policy " -"associated\n" -" with the user.\n" +"For IPA the introduction of a SQL database dependency is undesired and\n" +"should be avoided.\n" "\n" -" The failed login counter is modified only when a user attempts a log in\n" -" so it is possible that an account may appear locked but the last failed\n" -" login attempt is older than the lockouttime of the password policy. " -"This\n" -" means that the user may attempt a login again.\n" -" " -msgstr "" - -msgid "" +"Session data may also be shared by independent processes by storing\n" +"the session data in files.\n" "\n" -"Unlock a user account\n" +"An alternative solution which has gained considerable popularity\n" +"recently is the use of a fast memory based caching server. Data is\n" +"stored in a single process memory and may be queried and set via a\n" +"light weight protocol using standard socket mechanisms, memcached is\n" +"one example. A typical use is to optimize SQL queries by storing a SQL\n" +"result in shared memory cache avoiding the more expensive SQL\n" +"operation. But the memory cache has distinct advantages in non-SQL\n" +"situations as well.\n" "\n" -" An account may become locked if the password is entered incorrectly too\n" -" many times within a specific time period as controlled by password\n" -" policy. A locked account is a temporary condition and may be unlocked " -"by\n" -" an administrator.\n" -" " -msgstr "" - -msgid "" +"Possible implementations for use by IPA\n" +"=======================================\n" "\n" -"Auto Membership Rule.\n" +"Apache Sessions\n" +"---------------\n" "\n" -"Bring clarity to the membership of hosts and users by configuring inclusive\n" -"or exclusive regex patterns, you can automatically assign a new entries " -"into\n" -"a group or hostgroup based upon attribute information.\n" +"Apache has 2.3 has implemented session support via these modules:\n" "\n" -"A rule is directly associated with a group by name, so you cannot create\n" -"a rule without an accompanying group or hostgroup.\n" +" mod_session\n" +" Overarching session support based on cookies.\n" "\n" -"A condition is a regular expression used by 389-ds to match a new incoming\n" -"entry with an automember rule. If it matches an inclusive rule then the\n" -"entry is added to the appropriate group or hostgroup.\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session.html\n" "\n" -"A default group or hostgroup could be specified for entries that do not\n" -"match any rule. In case of user entries this group will be a fallback group\n" -"because all users are by default members of group specified in IPA config.\n" +" mod_session_cookie\n" +" Stores session data in the client.\n" "\n" -"The automember-rebuild command can be used to retroactively run automember " -"rules\n" -"against existing entries, thus rebuilding their membership.\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session_cookie.html\n" "\n" -"EXAMPLES:\n" +" mod_session_crypto\n" +" Encrypts session data for security. Encryption key is shared\n" +" configuration parameter visible to all Apache processes and is\n" +" stored in a configuration file.\n" "\n" -" Add the initial group or hostgroup:\n" -" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" -" ipa group-add --desc=\"Developers\" devel\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session_crypto.html\n" "\n" -" Add the initial rule:\n" -" ipa automember-add --type=hostgroup webservers\n" -" ipa automember-add --type=group devel\n" +" mod_session_dbd\n" +" Stores session data in a SQL database permitting multiple\n" +" processes to access and share the same session data.\n" "\n" -" Add a condition to the rule:\n" -" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" -"regex=^web[1-9]+\\.example\\.com webservers\n" -" ipa automember-add-condition --key=manager --type=group --inclusive-" -"regex=^uid=mscott devel\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session_dbd.html\n" "\n" -" Add an exclusive condition to the rule to prevent auto assignment:\n" -" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" -"regex=^web5\\.example\\.com webservers\n" +"Issues with Apache sessions\n" +"~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" +"\n" +"Although Apache has implemented generic session support and Apache is\n" +"our web server of preference it nonetheless introduces issues for IPA.\n" +"\n" +" * Session support is only available in httpd >= 2.3 which at the\n" +" time of this writing is currently only available as a Beta release\n" +" from upstream. We currently only ship httpd 2.2, the same is true\n" +" for other distributions.\n" +"\n" +" * We could package and ship the sessions modules as a temporary\n" +" package in httpd 2.2 environments. But this has the following\n" +" consequences:\n" +"\n" +" - The code has to be backported. the module API has changed\n" +" slightly between httpd 2.2 and 2.3. The backporting is not\n" +" terribly difficult and a proof of concept has been\n" +" implemented.\n" +"\n" +" - We would then be on the hook to package and maintain a special\n" +" case Apache package. This is maintenance burden as well as a\n" +" distribution packaging burden. Both of which would be best\n" +" avoided if possible.\n" +"\n" +" * The design of the Apache session modules is such that they can\n" +" only be manipulated by other Apache modules. The ability of\n" +" consumers of the session data to control the session data is\n" +" simplistic, constrained and static during the period the request\n" +" is processed. Request handlers which are not native Apache modules\n" +" (e.g. IPA via WSGI) can only examine the session data\n" +" via request headers and reset it in response headers.\n" +"\n" +" * Shared session data is available exclusively via SQL.\n" +"\n" +"However using the 2.3 Apache session modules would give us robust\n" +"session support implemented in C based on standardized Apache\n" +"interfaces which are widely used.\n" +"\n" +"Python Web Frameworks\n" +"---------------------\n" +"\n" +"Virtually every Python web framework supports cookie based sessions,\n" +"e.g. Django, Twisted, Zope, Turbogears etc. Early on in IPA we decided\n" +"to avoid the use of these frameworks. Trying to pull in just one part\n" +"of these frameworks just to get session support would be problematic\n" +"because the code does not function outside it's framework.\n" +"\n" +"IPA implemented sessions\n" +"------------------------\n" +"\n" +"Originally it was believed the path of least effort was to utilize\n" +"existing session support, most likely what would be provided by\n" +"Apache. However there are enough basic modular components available in\n" +"native Python and other standard packages it should be possible to\n" +"provide session support meeting the aforementioned goals with a modest\n" +"implementation effort. Because we're leveraging existing components\n" +"the implementation difficulties are subsumed by other components which\n" +"have already been field proven and have community support. This is a\n" +"smart strategy.\n" +"\n" +"Proposed Solution\n" +"=================\n" +"\n" +"Our interface to the web server is via WSGI which invokes a callback\n" +"per request passing us an environmental context for the request. For\n" +"this discussion we'll name the WSGI callback \"application()\", a\n" +"conventional name in WSGI parlance.\n" +"\n" +"Shared session data will be handled by memcached. We will create one\n" +"instance of memcached on each server node dedicated to IPA\n" +"exclusively. Communication with memcached will be via a UNIX socket\n" +"located in the file system under /var/run/ipa_memcached. It will be\n" +"protected by file permissions and optionally SELinux policy.\n" +"\n" +"In application() we examine the request cookies and if there is an IPA\n" +"session cookie with a session ID we retrieve the session data from our\n" +"memcached instance.\n" +"\n" +"The session data will be a Python dict. IPA components will read or\n" +"write their session information by using a pre-agreed upon name\n" +"(e.g. key) in the dict. This is a very flexible system and consistent\n" +"with how we pass data in most parts of IPA.\n" +"\n" +"If the session data is not available an empty session data dict will\n" +"be created.\n" +"\n" +"How does this session data travel with the request in the IPA\n" +"pipeline? In IPA we use the HTTP request/response to implement RPC. In\n" +"application() we convert the request into a procedure call passing it\n" +"arguments derived from the HTTP request. The passed parameters are\n" +"specific to the RPC method being invoked. The context the RPC call is\n" +"executing in is not passed as an RPC parameter.\n" +"\n" +"How would the contextual information such as session data be bound to\n" +"the request and hence the RPC call?\n" +"\n" +"In IPA when a RPC invocation is being prepared from a request we\n" +"recognize this will only ever be processed serially by one Python\n" +"thread. A thread local dict called \"context\" is allocated for each\n" +"thread. The context dict is cleared in between requests (e.g. RPC method\n" +"invocations). The per-thread context dict is populated during the\n" +"lifetime of the request and is used as a global data structure unique to\n" +"the request that various IPA component can read from and write to with\n" +"the assurance the data is unique to the current request and/or method\n" +"call.\n" +"\n" +"The session data dict will be written into the context dict under the\n" +"session key before the RPC method begins execution. Thus session data\n" +"can be read and written by any IPA component by accessing\n" +"``context.session``.\n" +"\n" +"When the RPC method finishes execution the session data bound to the\n" +"request/method is retrieved from the context and written back to the\n" +"memcached instance. The session ID is set in the response sent back to\n" +"the client in the ``Set-Cookie`` header along with the flags\n" +"controlling it's usage.\n" +"\n" +"Issues and details\n" +"------------------\n" +"\n" +"IPA code cannot depend on session data being present, however it\n" +"should always update session data with the hope it will be available\n" +"in the future. Session data may not be available because:\n" +"\n" +" * This is the first request from the user and no session data has\n" +" been created yet.\n" +"\n" +" * The user may have cookies disabled.\n" +"\n" +" * The session data may have been flushed. memcached operates with\n" +" a fixed memory allocation and will flush entries on a LRU basis,\n" +" like with any cache there is no guarantee of persistence.\n" +"\n" +" Also we may have have deliberately expired or deleted session\n" +" data, see below.\n" "\n" -" Add a host:\n" -" ipa host-add web1.example.com\n" +"Cookie manipulation is done via the standard Python Cookie module.\n" "\n" -" Add a user:\n" -" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" +"Session cookies will be set to only persist as long as the browser has\n" +"the session open. They will be tagged so the browser only returns\n" +"the session ID on SSL secured HTTP requests. They will not be visible\n" +"to Javascript in the browser.\n" "\n" -" Verify automembership:\n" -" ipa hostgroup-show webservers\n" -" Host-group: webservers\n" -" Description: Web Servers\n" -" Member hosts: web1.example.com\n" +"Session ID's will be created by using 48 bits of random data and\n" +"converted to 12 hexadecimal digits. Newly generated session ID's will\n" +"be checked for prior existence to handle the unlikely case the random\n" +"number repeats.\n" "\n" -" ipa group-show devel\n" -" Group name: devel\n" -" Description: Developers\n" -" GID: 1004200000\n" -" Member users: tuser\n" +"memcached will have significantly higher performance than a SQL or file\n" +"based storage solution. Communication is effectively though a pipe\n" +"(UNIX socket) using a very simple protocol and the data is held\n" +"entirely in process memory. memcached also scales easily, it is easy\n" +"to add more memcached processes and distribute the load across them.\n" +"At this point in time we don't anticipate the need for this.\n" "\n" -" Remove a condition from the rule:\n" -" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" -"regex=^web[1-9]+\\.example\\.com webservers\n" +"A very nice feature of the Python memcached module is that when a data\n" +"item is written to the cache it is done with standard Python pickling\n" +"(pickling is a standard Python mechanism to marshal and unmarshal\n" +"Python objects). We adopt the convention the object written to cache\n" +"will be a dict to meet our internal data handling conventions. The\n" +"pickling code will recursively handle nested objects in the dict. Thus\n" +"we gain a lot of flexibility using standard Python data structures to\n" +"store and retrieve our session data without having to author and debug\n" +"code to marshal and unmarshal the data if some other storage mechanism\n" +"had been used. This is a significant implementation win. Of course\n" +"some common sense limitations need to observed when deciding on what\n" +"is written to the session cache keeping in mind the data is shared\n" +"between processes and it should not be excessively large (a\n" +"configurable option)\n" "\n" -" Modify the automember rule:\n" -" ipa automember-mod\n" +"We can set an expiration on memcached entries. We may elect to do that\n" +"to force session data to be refreshed periodically. For example we may\n" +"wish the client to present fresh credentials on a periodic basis even\n" +"if the cached credentials are otherwise within their validity period.\n" "\n" -" Set the default (fallback) target group:\n" -" ipa automember-default-group-set --default-group=webservers --" -"type=hostgroup\n" -" ipa automember-default-group-set --default-group=ipausers --type=group\n" +"We can explicitly delete session data if for some reason we believe it\n" +"is stale, invalid or compromised.\n" "\n" -" Remove the default (fallback) target group:\n" -" ipa automember-default-group-remove --type=hostgroup\n" -" ipa automember-default-group-remove --type=group\n" +"memcached also gives us certain facilities to prevent race conditions\n" +"between different processes utilizing the cache. For example you can\n" +"check of the entry has been modified since you last read it or use CAS\n" +"(Check And Set) semantics. What has to be protected in terms of cache\n" +"coherency will likely have to be determined as the session support is\n" +"utilized and different data items are added to the cache. This is very\n" +"much data and context specific. Fortunately memcached operations are\n" +"atomic.\n" "\n" -" Show the default (fallback) target group:\n" -" ipa automember-default-group-show --type=hostgroup\n" -" ipa automember-default-group-show --type=group\n" +"Controlling the memcached process\n" +"---------------------------------\n" "\n" -" Find all of the automember rules:\n" -" ipa automember-find\n" +"We need a mechanism to start the memcached process and secure it so\n" +"that only IPA components can access it.\n" "\n" -" Display a automember rule:\n" -" ipa automember-show --type=hostgroup webservers\n" -" ipa automember-show --type=group devel\n" +"Although memcached ships with both an initscript and systemd unit\n" +"files those are for generic instances. We want a memcached instance\n" +"dedicated exclusively to IPA usage. To accomplish this we would install\n" +"a systemd unit file or an SysV initscript to control the IPA specific\n" +"memcached service. ipactl would be extended to know about this\n" +"additional service. systemd's cgroup facility would give us additional\n" +"mechanisms to integrate the IPA memcached service within a larger IPA\n" +"process group.\n" "\n" -" Delete an automember rule:\n" -" ipa automember-del --type=hostgroup webservers\n" -" ipa automember-del --type=group devel\n" +"Protecting the memcached data would be done via file permissions (and\n" +"optionally SELinux policy) on the UNIX domain socket. Although recent\n" +"implementations of memcached support authentication via SASL this\n" +"introduces a performance and complexity burden not warranted when\n" +"cached is dedicated to our exclusive use and access controlled by OS\n" +"mechanisms.\n" "\n" -" Rebuild membership for all users:\n" -" ipa automember-rebuild --type=group\n" +"Conventionally daemons are protected by assigning a system uid and/or\n" +"gid to the daemon. A daemon launched by root will drop it's privileges\n" +"by assuming the effective uid:gid assigned to it. File system access\n" +"is controlled by the OS via the effective identity and SELinux policy\n" +"can be crafted based on the identity. Thus the memcached UNIX socket\n" +"would be protected by having it owned by a specific system user and/or\n" +"membership in a restricted system group (discounting for the moment\n" +"SELinux).\n" "\n" -" Rebuild membership for all hosts:\n" -" ipa automember-rebuild --type=hostgroup\n" +"Unfortunately we currently do not have an IPA system uid whose\n" +"identity our processes operate under nor do we have an IPA system\n" +"group. IPA does manage a collection of related processes (daemons) and\n" +"historically each has been assigned their own uid. When these\n" +"unrelated processes communicate they mutually authenticate via other\n" +"mechanisms. We do not have much of a history of using shared file\n" +"system objects across identities. When file objects are created they\n" +"are typically assigned the identity of daemon needing to access the\n" +"object and are not accessed by other daemons, or they carry root\n" +"identity.\n" "\n" -" Rebuild membership for specified users:\n" -" ipa automember-rebuild --users=tuser1 --users=tuser2\n" +"When our WSGI application runs in Apache it is run as a WSGI\n" +"daemon. This means when Apache starts up it forks off WSGI processes\n" +"for us and we are independent of other Apache processes. When WSGI is\n" +"run in this mode there is the ability to set the uid:gid of the WSGI\n" +"process hosting us, however we currently do not take advantage of this\n" +"option. WSGI can be run in other modes as well, only in daemon mode\n" +"can the uid:gid be independently set from the rest of Apache. All\n" +"processes started by Apache can be set to a common uid:gid specified\n" +"in the global Apache configuration, by default it's\n" +"apache:apache. Thus when our IPA code executes it is running as\n" +"apache:apache.\n" "\n" -" Rebuild membership for specified hosts:\n" -" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." -"com\n" -msgstr "" - -#: ipaserver/plugins/automember.py:258 -msgid "A description of this auto member rule" -msgstr "" - -#: ipaserver/plugins/automember.py:262 ipaserver/plugins/automember.py:585 -msgid "Default (fallback) Group" -msgstr "" - -#: ipaserver/plugins/automember.py:263 -msgid "Default group for entries to land" -msgstr "" - -msgid "Add an automember rule." -msgstr "" - -#: ipaserver/plugins/automember.py:249 ipaserver/plugins/automember.py:250 -msgid "Automember Rule" -msgstr "" - -#: ipaserver/plugins/automember.py:184 -msgid "Grouping Type" -msgstr "" - -#: ipaserver/plugins/automember.py:185 -msgid "Grouping to which the rule applies" -msgstr "" - -msgid "Add conditions to an automember rule." -msgstr "" - -#: ipaserver/plugins/automember.py:160 ipaserver/plugins/automember.py:161 -msgid "Inclusive Regex" -msgstr "" - -#: ipaserver/plugins/automember.py:167 ipaserver/plugins/automember.py:168 -msgid "Exclusive Regex" -msgstr "" - -#: ipaserver/plugins/automember.py:176 -msgid "Attribute Key" -msgstr "" - -#: ipaserver/plugins/automember.py:177 -msgid "" -"Attribute to filter via regex. For example fqdn for a host, or manager for a " -"user" -msgstr "" - -#: ipaserver/plugins/automember.py:357 -msgid "Conditions that could not be added" -msgstr "" - -#: ipaserver/plugins/automember.py:361 -msgid "Number of conditions added" -msgstr "" - -msgid "Remove default (fallback) group for all unmatched entries." -msgstr "" - -msgid "Set default (fallback) group for all unmatched entries." -msgstr "" - -#: ipaserver/plugins/automember.py:586 -msgid "Default (fallback) group for entries to land" -msgstr "" - -msgid "Display information about the default (fallback) automember groups." -msgstr "" - -msgid "Delete an automember rule." -msgstr "" - -msgid "Search for automember rules." -msgstr "" - -msgid "Modify an automember rule." -msgstr "" - -#: ipaserver/plugins/automember.py:683 -msgid "Rebuild auto membership." -msgstr "" - -#: ipaserver/plugins/automember.py:693 -msgid "Rebuild membership for all members of a grouping" -msgstr "" - -#: ipaserver/plugins/automember.py:698 -msgid "Rebuild membership for specified users" -msgstr "" - -#: ipaserver/plugins/automember.py:703 -msgid "Rebuild membership for specified hosts" -msgstr "" - -#: ipaserver/plugins/automember.py:708 -msgid "No wait" -msgstr "" - -#: ipaserver/plugins/automember.py:709 -msgid "Don't wait for rebuilding membership" -msgstr "" - -msgid "Remove conditions from an automember rule." -msgstr "" - -#: ipaserver/plugins/automember.py:441 -msgid "Conditions that could not be removed" -msgstr "" - -#: ipaserver/plugins/automember.py:445 -msgid "Number of conditions removed" -msgstr "" - -msgid "Display information about an automember rule." -msgstr "" - -msgid "" +"To protect our memcached UNIX socket we can do one of two things:\n" "\n" -"IPA certificate operations\n" +"1. Assign it's uid:gid as apache:apache. This would limit access to\n" +" our cache only to processes running under httpd. It's somewhat\n" +" restricted but far from ideal. Any code running in the web server\n" +" could potentially access our cache. It's difficult to control what the\n" +" web server runs and admins may not understand the consequences of\n" +" configuring httpd to serve other things besides IPA.\n" "\n" -"Implements a set of commands for managing server SSL certificates.\n" +"2. Create an IPA specific uid:gid, for example ipa:ipa. We then configure\n" +" our WSGI application to run as the ipa:ipa user and group. We also\n" +" configure our memcached instance to run as the ipa:ipa user and\n" +" group. In this configuration we are now fully protected, only our WSGI\n" +" code can read & write to our memcached UNIX socket.\n" "\n" -"Certificate requests exist in the form of a Certificate Signing Request " -"(CSR)\n" -"in PEM format.\n" +"However there may be unforeseen issues by converting our code to run as\n" +"something other than apache:apache. This would require some\n" +"investigation and testing.\n" "\n" -"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" -"subject to values configured in the server.\n" +"IPA is dependent on other system daemons, specifically Directory\n" +"Server (ds) and Certificate Server (cs). Currently we configure ds to\n" +"run under the dirsrv:dirsrv user and group, an identity of our\n" +"creation. We allow cs to default to it's pkiuser:pkiuser user and\n" +"group. Should these other cooperating daemons also run under the\n" +"common ipa:ipa user and group identities? At first blush there would\n" +"seem to be an advantage to coalescing all process identities under a\n" +"common IPA user and group identity. However these other processes do\n" +"not depend on user and group permissions when working with external\n" +"agents, processes, etc. Rather they are designed to be stand-alone\n" +"network services which authenticate their clients via other\n" +"mechanisms. They do depend on user and group permission to manage\n" +"their own file system objects. If somehow the ipa user and/or group\n" +"were compromised or malicious code somehow executed under the ipa\n" +"identity there would be an advantage in having the cooperating\n" +"processes cordoned off under their own identities providing one extra\n" +"layer of protection. (Note, these cooperating daemons may not even be\n" +"co-located on the same node in which case the issue is moot)\n" "\n" -"A certificate is stored with a service principal and a service principal\n" -"needs a host.\n" +"The UNIX socket behavior (ldapi) with Directory Server is as follows:\n" "\n" -"In order to request a certificate:\n" +" * The socket ownership is: root:root\n" "\n" -"* The host must exist\n" -"* The service must exist (or you use the --add option to automatically add " -"it)\n" +" * The socket permissions are: 0666\n" "\n" -"SEARCHING:\n" +" * When connecting via ldapi you must authenticate as you would\n" +" normally with a TCP socket, except ...\n" "\n" -"Certificates may be searched on by certificate subject, serial number,\n" -"revocation reason, validity dates and the issued date.\n" +" * If autobind is enabled and the uid:gid is available via\n" +" SO_PEERCRED and the uid:gid can be found in the set of users known\n" +" to the Directory Server then that connection will be bound as that\n" +" user.\n" "\n" -"When searching on dates the _from date does a >= search and the _to date\n" -"does a <= search. When combined these are done as an AND.\n" +" * Otherwise an anonymous bind will occur.\n" "\n" -"Dates are treated as GMT to match the dates in the certificates.\n" +"memcached UNIX socket behavior is as follows:\n" "\n" -"The date format is YYYY-mm-dd.\n" +" * memcached can be invoked with a user argument, no group may be\n" +" specified. The effective uid is the uid of the user argument and\n" +" the effective gid is the primary group of the user, let's call\n" +" this euid:egid\n" "\n" -"EXAMPLES:\n" +" * The socket ownership is: euid:egid\n" "\n" -" Request a new certificate and add the principal:\n" -" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" +" * The socket permissions are 0700 by default, but this can be\n" +" modified by the -a mask command line arg which sets the umask\n" +" (defaults to 0700).\n" "\n" -" Retrieve an existing certificate:\n" -" ipa cert-show 1032\n" +"Overview of authentication in IPA\n" +"=================================\n" "\n" -" Revoke a certificate (see RFC 5280 for reason details):\n" -" ipa cert-revoke --revocation-reason=6 1032\n" +"This describes how we currently authenticate and how we plan to\n" +"improve authentication performance. First some definitions.\n" "\n" -" Remove a certificate from revocation hold status:\n" -" ipa cert-remove-hold 1032\n" +"There are 4 major players:\n" "\n" -" Check the status of a signing request:\n" -" ipa cert-status 10\n" +" 1. client\n" +" 2. mod_auth_kerb (in Apache process)\n" +" 3. wsgi handler (in IPA wsgi python process)\n" +" 4. ds (directory server)\n" "\n" -" Search for certificates by hostname:\n" -" ipa cert-find --subject=ipaserver.example.com\n" +"There are several resources:\n" "\n" -" Search for revoked certificates by reason:\n" -" ipa cert-find --revocation-reason=5\n" +" 1. /ipa/ui (unprotected, web UI static resources)\n" +" 2. /ipa/xml (protected, xmlrpc RPC used by command line clients)\n" +" 3. /ipa/json (protected, json RPC used by javascript in web UI)\n" +" 4. ds (protected, wsgi acts as proxy, our LDAP server)\n" "\n" -" Search for certificates based on issuance date\n" -" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +"Current Model\n" +"-------------\n" "\n" -"IPA currently immediately issues (or declines) all certificate requests so\n" -"the status of a request is not normally useful. This is for future use\n" -"or the case where a CA does not immediately issue a certificate.\n" +"This describes how things work in our current system for the web UI.\n" "\n" -"The following revocation reasons are supported:\n" +" 1. Client requests /ipa/ui, this is unprotected, is static and\n" +" contains no sensitive information. Apache replies with html and\n" +" javascript. The javascript requests /ipa/json.\n" "\n" -" * 0 - unspecified\n" -" * 1 - keyCompromise\n" -" * 2 - cACompromise\n" -" * 3 - affiliationChanged\n" -" * 4 - superseded\n" -" * 5 - cessationOfOperation\n" -" * 6 - certificateHold\n" -" * 8 - removeFromCRL\n" -" * 9 - privilegeWithdrawn\n" -" * 10 - aACompromise\n" +" 2. Client sends post to /ipa/json.\n" "\n" -"Note that reason code 7 is not used. See RFC 5280 for more details:\n" +" 3. mod_auth_kerb is configured to protect /ipa/json, replies 401\n" +" authenticate negotiate.\n" "\n" -"http://www.ietf.org/rfc/rfc5280.txt\n" -msgstr "" - -msgid "Checks if any of the servers has the CA service enabled." -msgstr "" - -msgid "Search for existing certificates." -msgstr "" - -msgid "Match cn attribute in subject" -msgstr "" - -msgid "Reason" -msgstr "" - -msgid "Reason for revoking the certificate (0-10)" -msgstr "" - -msgid "minimum serial number" -msgstr "" - -msgid "maximum serial number" -msgstr "" - -msgid "match the common name exactly" -msgstr "" - -msgid "Valid not after from this date (YYYY-mm-dd)" -msgstr "" - -msgid "Valid not after to this date (YYYY-mm-dd)" -msgstr "" - -msgid "Valid not before from this date (YYYY-mm-dd)" -msgstr "" - -msgid "Valid not before to this date (YYYY-mm-dd)" -msgstr "" - -msgid "Issued on from this date (YYYY-mm-dd)" -msgstr "" - -msgid "Issued on to this date (YYYY-mm-dd)" -msgstr "" - -msgid "Revoked on from this date (YYYY-mm-dd)" -msgstr "" - -msgid "Revoked on to this date (YYYY-mm-dd)" -msgstr "" - -msgid "Maximum number of certs returned" -msgstr "" - -msgid "Take a revoked certificate off hold." -msgstr "" - -msgid "Serial number" -msgstr "" - -msgid "Serial number in decimal or if prefixed with 0x in hexadecimal" -msgstr "" - -msgid "Submit a certificate signing request." -msgstr "" - -msgid "CSR" -msgstr "" - -msgid "Service principal for this certificate (e.g. HTTP/test.example.com)" -msgstr "" - -msgid "automatically add the principal if it doesn't exist" -msgstr "" - -msgid "Revoke a certificate." -msgstr "" - -msgid "Retrieve an existing certificate." -msgstr "" - -msgid "Output filename" -msgstr "" - -msgid "File to store the certificate in." -msgstr "" - -msgid "Check the status of a certificate signing request." -msgstr "" - -msgid "Request id" -msgstr "" - -msgid "" +" 4. Client resends with credentials\n" +"\n" +" 5. mod_auth_kerb validates credentials\n" +"\n" +" a. if invalid replies 403 access denied (stops here)\n" +"\n" +" b. if valid creates temporary ccache, adds KRB5CCNAME to request\n" +" headers\n" +"\n" +" 6. Request passed to wsgi handler\n" +"\n" +" a. validates request, KRB5CCNAME must be present, referrer, etc.\n" +"\n" +" b. ccache saved and used to bind to ds\n" +"\n" +" c. routes to specified RPC handler.\n" +"\n" +" 7. wsgi handler replies to client\n" +"\n" +"Proposed new session based optimization\n" +"---------------------------------------\n" +"\n" +"The round trip negotiate and credential validation in steps 3,4,5 is\n" +"expensive. This can be avoided if we can cache the client\n" +"credentials. With client sessions we can store the client credentials\n" +"in the session bound to the client.\n" +"\n" +"A few notes about the session implementation.\n" +"\n" +" * based on session cookies, cookies must be enabled\n" +"\n" +" * session cookie is secure, only passed on secure connections, only\n" +" passed to our URL resource, never visible to client javascript\n" +" etc.\n" +"\n" +" * session cookie has a session id which is used by wsgi handler to\n" +" retrieve client session data from shared multi-process cache.\n" "\n" -"Groups of users\n" +"Changes to Apache's resource protection\n" +"---------------------------------------\n" "\n" -"Manage groups of users. By default, new groups are POSIX groups. You\n" -"can add the --nonposix option to the group-add command to mark a new group\n" -"as non-POSIX. You can use the --posix argument with the group-mod command\n" -"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" -"converted to non-POSIX groups.\n" +" * /ipa/json is no longer protected by mod_auth_kerb. This is\n" +" necessary to avoid the negotiate expense in steps 3,4,5\n" +" above. Instead the /ipa/json resource will be protected in our wsgi\n" +" handler via the session cookie.\n" "\n" -"Every group must have a description.\n" +" * A new protected URI is introduced, /ipa/login. This resource\n" +" does no serve any data, it is used exclusively for authentication.\n" "\n" -"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" -"supported but can have an impact on your file permissions. It is not " -"necessary\n" -"to supply a GID when creating a group. IPA will generate one automatically\n" -"if it is not provided.\n" +"The new sequence is:\n" "\n" -"EXAMPLES:\n" +" 1. Client requests /ipa/ui, this is unprotected. Apache replies with\n" +" html and javascript. The javascript requests /ipa/json.\n" "\n" -" Add a new group:\n" -" ipa group-add --desc='local administrators' localadmins\n" +" 2. Client sends post to /ipa/json, which is unprotected.\n" "\n" -" Add a new non-POSIX group:\n" -" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +" 3. wsgi handler obtains session data from session cookie.\n" "\n" -" Convert a non-POSIX group to posix:\n" -" ipa group-mod --posix remoteadmins\n" +" a. if ccache is present in session data and is valid\n" "\n" -" Add a new POSIX group with a specific Group ID number:\n" -" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +" - request is further validated\n" "\n" -" Add a new POSIX group and let IPA assign a Group ID number:\n" -" ipa group-add --desc='printer admins' printeradmins\n" +" - ccache is established for bind to ds\n" "\n" -" Remove a group:\n" -" ipa group-del unixadmins\n" +" - request is routed to RPC handler\n" "\n" -" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" -" ipa group-add-member --groups=remoteadmins localadmins\n" +" - wsgi handler eventually replies to client\n" "\n" -" Add multiple users to the \"localadmins\" group:\n" -" ipa group-add-member --users=test1 --users=test2 localadmins\n" +" b. if ccache is not present or not valid processing continues ...\n" "\n" -" Remove a user from the \"localadmins\" group:\n" -" ipa group-remove-member --users=test2 localadmins\n" +" 4. wsgi handler replies with 401 Unauthorized\n" "\n" -" Display information about a named group.\n" -" ipa group-show localadmins\n" +" 5. client sends request to /ipa/login to obtain session credentials\n" "\n" -"External group membership is designed to allow users from trusted domains\n" -"to be mapped to local POSIX groups in order to actually use IPA resources.\n" -"External members should be added to groups that specifically created as\n" -"external and non-POSIX. Such group later should be included into one of " -"POSIX\n" -"groups.\n" +" 6. mod_auth_kerb replies 401 negotiate on /ipa/login\n" "\n" -"An external group member is currently a Security Identifier (SID) as defined " -"by\n" -"the trusted domain. When adding external group members, it is possible to\n" -"specify them in either SID, or DOM\\name, or name@domain format. IPA will " -"attempt\n" -"to resolve passed name to SID with the use of Global Catalog of the trusted " -"domain.\n" +" 7. client sends credentials to /ipa/login\n" "\n" -"Example:\n" +" 8. mod_auth_kerb validates credentials\n" "\n" -"1. Create group for the trusted domain admins' mapping and their local POSIX " -"group:\n" +" a. if valid\n" "\n" -" ipa group-add --desc=' admins external map' ad_admins_external " -"--external\n" -" ipa group-add --desc=' admins' ad_admins\n" +" - mod_auth_kerb permits access to /ipa/login. wsgi handler is\n" +" invoked and does the following:\n" "\n" -"2. Add security identifier of Domain Admins of the to the " -"ad_admins_external\n" -" group:\n" +" * establishes session for client\n" "\n" -" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +" * retrieves the ccache from KRB5CCNAME and stores it\n" "\n" -"3. Allow members of ad_admins_external group to be associated with ad_admins " -"POSIX group:\n" +" a. if invalid\n" "\n" -" ipa group-add-member ad_admins --groups ad_admins_external\n" +" - mod_auth_kerb sends 403 access denied (processing stops)\n" "\n" -"4. List members of external members of ad_admins_external group to see their " -"SIDs:\n" +" 9. client now posts the same data again to /ipa/json including\n" +" session cookie. Processing repeats starting at step 2 and since\n" +" the session data now contains a valid ccache step 3a executes, a\n" +" successful reply is sent to client.\n" "\n" -" ipa group-show ad_admins_external\n" -msgstr "" - -msgid "GID (use this option to set it manually)" -msgstr "" - -msgid "Indirect Member users" -msgstr "" - -msgid "Indirect Member groups" +"Command line client using xmlrpc\n" +"--------------------------------\n" +"\n" +"The above describes the web UI utilizing the json RPC mechanism. The\n" +"IPA command line tools utilize a xmlrpc RPC mechanism on the same\n" +"HTTP server. Access to the xmlrpc is via the /ipa/xml URI. The json\n" +"and xmlrpc API's are the same, they differ only on how their procedure\n" +"calls are marshalled and unmarshalled.\n" +"\n" +"Under the new scheme /ipa/xml will continue to be Kerberos protected\n" +"at all times. Apache's mod_auth_kerb will continue to require the\n" +"client provides valid Kerberos credentials.\n" +"\n" +"When the WSGI handler routes to /ipa/xml the Kerberos credentials will\n" +"be extracted from the KRB5CCNAME environment variable as provided by\n" +"mod_auth_kerb. Everything else remains the same.\n" msgstr "" -msgid "Create a new group." +msgid "RPC command used to log the current user out of their session." msgstr "" -msgid "Create as a non-POSIX group" +msgid "" +"\n" +"Sudo Commands\n" +"\n" +"Commands used as building blocks for sudo\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a new command\n" +" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" +"\n" +" Remove a command\n" +" ipa sudocmd-del /usr/bin/less\n" msgstr "" -msgid "Allow adding external non-IPA members from trusted domains" +#: ipaserver/plugins/sudocmd.py:118 ipaserver/plugins/sudocmd.py:123 +msgid "Sudo Command" msgstr "" -msgid "Add members to a group." +#: ipaserver/plugins/sudocmd.py:129 +msgid "A description of this command" msgstr "" -msgid "External member" +#: ipaserver/plugins/sudocmdgroup.py:118 ipaserver/plugins/sudocmdgroup.py:138 +#: ipaserver/plugins/baseldap.py:83 +msgid "Sudo Command Groups" msgstr "" -msgid "Members of a trusted domain in DOM\\name or name@domain form" +msgid "Create new Sudo Command." msgstr "" -msgid "Delete group." +#: ipaserver/plugins/sudocmd.py:158 +msgid "Delete Sudo Command." msgstr "" -msgid "Detach a managed group from a user." +#: ipaserver/plugins/sudocmd.py:198 +msgid "Search for Sudo Commands." msgstr "" -msgid "Search for groups." +msgid "Results should contain primary key attribute only (\"command\")" msgstr "" -msgid "search for private groups" +#: ipaserver/plugins/sudocmd.py:191 +msgid "Modify Sudo Command." msgstr "" -msgid "search for POSIX groups" +#: ipaserver/plugins/sudocmd.py:207 +msgid "Display Sudo Command." msgstr "" msgid "" -"search for groups with support of external non-IPA members from trusted " -"domains" -msgstr "" - -msgid "search for non-POSIX groups" -msgstr "" - -msgid "Results should contain primary key attribute only (\"group-name\")" -msgstr "" - -msgid "Search for groups with these member users." -msgstr "" - -msgid "Search for groups without these member users." -msgstr "" - -msgid "Search for groups with these member groups." -msgstr "" - -msgid "Search for groups without these member groups." -msgstr "" - -msgid "Search for groups with these member of groups." -msgstr "" - -msgid "Search for groups without these member of groups." +"\n" +"Groups of Sudo Commands\n" +"\n" +"Manage groups of Sudo Commands.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new Sudo Command Group:\n" +" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" +"\n" +" Remove a Sudo Command Group:\n" +" ipa sudocmdgroup-del admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" +"vim admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n" +"\n" +" Show a Sudo Command Group:\n" +" ipa group-show localadmins\n" msgstr "" -msgid "Search for groups with these member of netgroups." +#: ipaserver/plugins/sudocmdgroup.py:119 ipaserver/plugins/sudocmdgroup.py:124 +msgid "Sudo Command Group" msgstr "" -msgid "Search for groups without these member of netgroups." +#: ipaserver/plugins/sudocmdgroup.py:134 ipaserver/plugins/internal.py:1428 +msgid "Commands" msgstr "" -msgid "Search for groups with these member of roles." +msgid "Member Sudo commands" msgstr "" -msgid "Search for groups without these member of roles." +#: ipaserver/plugins/sudocmdgroup.py:147 +msgid "Create new Sudo Command Group." msgstr "" -msgid "Search for groups with these member of HBAC rules." +#: ipaserver/plugins/sudocmdgroup.py:188 +msgid "Add members to Sudo Command Group." msgstr "" -msgid "Search for groups without these member of HBAC rules." +msgid "member sudo command" msgstr "" -msgid "Search for groups with these member of sudo rules." +msgid "sudo commands to add" msgstr "" -msgid "Search for groups without these member of sudo rules." +#: ipaserver/plugins/sudocmdgroup.py:155 +msgid "Delete Sudo Command Group." msgstr "" -msgid "Modify a group." +#: ipaserver/plugins/sudocmdgroup.py:171 +msgid "Search for Sudo Command Groups." msgstr "" -msgid "change to a POSIX group" +msgid "" +"Results should contain primary key attribute only (\"sudocmdgroup-name\")" msgstr "" -msgid "change to support external non-IPA members from trusted domains" +#: ipaserver/plugins/sudocmdgroup.py:163 +msgid "Modify Sudo Command Group." msgstr "" -msgid "Rename the group object" +#: ipaserver/plugins/sudocmdgroup.py:194 +msgid "Remove members from Sudo Command Group." msgstr "" -msgid "Remove members from a group." +msgid "sudo commands to remove" msgstr "" -msgid "Display information about a named group." +#: ipaserver/plugins/sudocmdgroup.py:182 +msgid "Display Sudo Command Group." msgstr "" msgid "" "\n" -"Simulate use of Host-based access controls\n" +"Cross-realm trusts\n" "\n" -"HBAC rules control who can access what services on what hosts.\n" -"You can use HBAC to control which users or groups can access a service,\n" -"or group of services, on a target host.\n" +"Manage trust relationship between IPA and Active Directory domains.\n" "\n" -"Since applying HBAC rules implies use of a production environment,\n" -"this plugin aims to provide simulation of HBAC rules evaluation without\n" -"having access to the production environment.\n" +"In order to allow users from a remote domain to access resources in IPA\n" +"domain, trust relationship needs to be established. Currently IPA supports\n" +"only trusts between IPA and Active Directory domains under control of " +"Windows\n" +"Server 2008 or later, with functional level 2008 or later.\n" "\n" -" Test user coming to a service on a named host against\n" -" existing enabled rules.\n" +"Please note that DNS on both IPA and Active Directory domain sides should " +"be\n" +"configured properly to discover each other. Trust relationship relies on\n" +"ability to discover special resources in the other domain via DNS records.\n" "\n" -" ipa hbactest --user= --host= --service=\n" -" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" -" [--sizelimit= ]\n" +"Examples:\n" "\n" -" --user, --host, and --service are mandatory, others are optional.\n" +"1. Establish cross-realm trust with Active Directory using AD administrator\n" +" credentials:\n" "\n" -" If --rules is specified simulate enabling of the specified rules and test\n" -" the login of the user using only these rules.\n" +" ipa trust-add --type=ad --admin --" +"password\n" "\n" -" If --enabled is specified, all enabled HBAC rules will be added to " -"simulation\n" +"2. List all existing trust relationships:\n" "\n" -" If --disabled is specified, all disabled HBAC rules will be added to " -"simulation\n" +" ipa trust-find\n" "\n" -" If --nodetail is specified, do not return information about rules matched/" -"not matched.\n" +"3. Show details of the specific trust relationship:\n" "\n" -" If both --rules and --enabled are specified, apply simulation to --rules " -"_and_\n" -" all IPA enabled rules.\n" +" ipa trust-show \n" "\n" -" If no --rules specified, simulation is run against all IPA enabled rules.\n" -" By default there is a IPA-wide limit to number of entries fetched, you can " -"change it\n" -" with --sizelimit option.\n" +"4. Delete existing trust relationship:\n" "\n" -"EXAMPLES:\n" +" ipa trust-del \n" "\n" -" 1. Use all enabled HBAC rules in IPA database to simulate:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" -" Matched rules: allow_all\n" +"Once trust relationship is established, remote users will need to be mapped\n" +"to local POSIX groups in order to actually use IPA resources. The mapping " +"should\n" +"be done via use of external membership of non-POSIX group and then this " +"group\n" +"should be included into one of local POSIX groups.\n" "\n" -" 2. Disable detailed summary of how rules were applied:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" +"Example:\n" "\n" -" 3. Test explicitly specified HBAC rules:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" -" --rules=myrule --rules=my-second-rule\n" -" ---------------------\n" -" Access granted: False\n" -" ---------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: myrule\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" "\n" -" 4. Use all enabled HBAC rules in IPA database + explicitly specified " -"rules:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" -" --rules=myrule --rules=my-second-rule --enabled\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" -" Matched rules: allow_all\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" "\n" -" 5. Test all disabled HBAC rules in IPA database:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" -" ---------------------\n" -" Access granted: False\n" -" ---------------------\n" -" Not matched rules: new-rule\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" "\n" -" 6. Test all disabled HBAC rules in IPA database + explicitly specified " -"rules:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" -" --rules=myrule --rules=my-second-rule --disabled\n" -" ---------------------\n" -" Access granted: False\n" -" ---------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" -" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" -" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" -" --enabled --disabled\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Not matched rules: my-second-rule\n" -" Not matched rules: my-third-rule\n" -" Not matched rules: myrule\n" -" Not matched rules: new-rule\n" -" Matched rules: allow_all\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" "\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" -"HBACTEST AND TRUSTED DOMAINS\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" "\n" -"When an external trusted domain is configured in IPA, HBAC rules are also " -"applied\n" -"on users accessing IPA resources from the trusted domain. Trusted domain " -"users and\n" -"groups (and their SIDs) can be then assigned to external groups which can " -"be\n" -"members of POSIX groups in IPA which can be used in HBAC rules and thus " -"allowing\n" -"access to resources protected by the HBAC system.\n" +" ipa group-show ad_admins_external\n" "\n" -"hbactest plugin is capable of testing access for both local IPA users and " -"users\n" -"from the trusted domains, either by a fully qualified user name or by user " -"SID.\n" -"Such user names need to have a trusted domain specified as a short name\n" -"(DOMAIN\\Administrator) or with a user principal name (UPN), " -"Administrator@ad.test.\n" "\n" -"Please note that hbactest executed with a trusted domain user as --user " -"parameter\n" -"can be only run by members of \"trust admins\" group.\n" +"GLOBAL TRUST CONFIGURATION\n" "\n" -"EXAMPLES:\n" +"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n" +"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" +"identifiers are then used when communicating with a trusted domain of the\n" +"particular type.\n" "\n" -" 1. Test if a user from a trusted domain specified by its shortname " -"matches any\n" -" rule:\n" +"1. Show global trust configuration for Active Directory type of trusts:\n" "\n" -" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" -"service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Matched rules: can_login\n" +" ipa trustconfig-show --type ad\n" "\n" -" 2. Test if a user from a trusted domain specified by its domain name " -"matches\n" -" any rule:\n" +"2. Modify global configuration for all trusts of Active Directory type and " +"set\n" +" a different fallback primary group (fallback primary group GID is used " +"as\n" +" a primary user GID if user authenticating to IPA domain does not have any " +"other\n" +" primary GID already set):\n" "\n" -" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" -"service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Matched rules: can_login\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD " +"group\"\n" "\n" -" 3. Test if a user from a trusted domain specified by its SID matches any " -"rule:\n" +"3. Change primary fallback group back to default hidden group (any group " +"with\n" +" posixGroup object class is allowed):\n" "\n" -" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n" -" --host `hostname` --service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Matched rules: can_login\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB " +"Group\"\n" +msgstr "" + +#: ipaserver/plugins/trust.py:1589 ipaserver/plugins/internal.py:1565 +msgid "Domain NetBIOS name" +msgstr "" + +#: ipaserver/plugins/trust.py:1592 ipaserver/plugins/internal.py:1566 +msgid "Domain Security Identifier" +msgstr "" + +msgid "SID blacklist incoming" +msgstr "" + +msgid "SID blacklist outgoing" +msgstr "" + +msgid "Security Identifier" +msgstr "" + +msgid "NetBIOS name" +msgstr "" + +msgid "Domain GUID" +msgstr "" + +msgid "Fallback primary group" +msgstr "" + +#: ipaserver/plugins/certmap.py:298 ipaserver/plugins/trust.py:1584 +msgid "Domain name" +msgstr "" + +msgid "Trusted domain partner" +msgstr "" + +msgid "Determine whether ipa-adtrust-install has been run on this system" +msgstr "" + +msgid "" +"Determine whether Schema Compatibility plugin is configured to serve trusted " +"domain users and groups" +msgstr "" + +msgid "Determine whether ipa-adtrust-install has been run with sidgen task" +msgstr "" + +msgid "" "\n" -" 4. Test if other user from a trusted domain specified by its SID matches " -"any rule:\n" +"Add new trust to use.\n" "\n" -" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n" -" --host `hostname` --service sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Not matched rules: can_login\n" +"This command establishes trust relationship to another domain\n" +"which becomes 'trusted'. As result, users of the trusted domain\n" +"may access resources of this domain.\n" "\n" -" 5. Test if other user from a trusted domain specified by its shortname " -"matches\n" -" any rule:\n" +"Only trusts to Active Directory domains are supported right now.\n" "\n" -" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " -"sshd\n" -" --------------------\n" -" Access granted: True\n" -" --------------------\n" -" Matched rules: allow_all\n" -" Not matched rules: can_login\n" +"The command can be safely run multiple times against the same domain,\n" +"this will cause change to trust relationship credentials on both\n" +"sides.\n" +" " msgstr "" -#: ipaserver/plugins/hbactest.py:256 -msgid "Simulate use of Host-based access controls" +msgid "Trust type (ad for Active Directory, default)" msgstr "" -#: ipaserver/plugins/hbactest.py:281 -msgid "Target host" +#: ipaserver/plugins/trust.py:1802 +msgid "Active Directory domain administrator" msgstr "" -#: ipaserver/plugins/hbactest.py:289 -msgid "Rules to test. If not specified, --enabled is assumed" +#: ipaserver/plugins/trust.py:1806 +msgid "Active Directory domain administrator's password" msgstr "" -#: ipaserver/plugins/hbactest.py:293 -msgid "Hide details which rules are matched, not matched, or invalid" +#: ipaserver/plugins/trust.py:1811 +msgid "Domain controller for the Active Directory domain (optional)" msgstr "" -#: ipaserver/plugins/hbactest.py:297 -msgid "Include all enabled IPA rules into test [default]" +msgid "Shared secret for the trust" msgstr "" -#: ipaserver/plugins/hbactest.py:301 -msgid "Include all disabled IPA rules into test" +msgid "First Posix ID of the range reserved for the trusted domain" msgstr "" -#: ipaserver/plugins/hbactest.py:305 -msgid "Maximum number of rules to process when no --rules is specified" +msgid "Size of the ID range reserved for the trusted domain" msgstr "" -#: ipaserver/plugins/hbactest.py:260 -msgid "Warning" +msgid "" +"Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust" msgstr "" -#: ipaserver/plugins/hbactest.py:261 -msgid "Matched rules" +msgid "Delete a trust." msgstr "" -#: ipaserver/plugins/hbactest.py:262 -msgid "Not matched rules" +msgid "Refresh list of the domains associated with the trust" msgstr "" -#: ipaserver/plugins/hbactest.py:263 -msgid "Non-existent or invalid rules" +msgid "Search for trusts." msgstr "" -#: ipaserver/plugins/hbactest.py:264 -msgid "Result of simulation" +msgid "Results should contain primary key attribute only (\"realm\")" msgstr "" msgid "" "\n" -"ID ranges\n" -"\n" -"Manage ID ranges used to map Posix IDs to SIDs and back.\n" -"\n" -"There are two type of ID ranges which are both handled by this utility:\n" -"\n" -" - the ID ranges of the local domain\n" -" - the ID ranges of trusted remote domains\n" -"\n" -"Both types have the following attributes in common:\n" -"\n" -" - base-id: the first ID of the Posix ID range\n" -" - range-size: the size of the range\n" -"\n" -"With those two attributes a range object can reserve the Posix IDs starting\n" -"with base-id up to but not including base-id+range-size exclusively.\n" -"\n" -"Additionally an ID range of the local domain may set\n" -" - rid-base: the first RID(*) of the corresponding RID range\n" -" - secondary-rid-base: first RID of the secondary RID range\n" -"\n" -"and an ID range of a trusted domain must set\n" -" - rid-base: the first RID of the corresponding RID range\n" -" - sid: domain SID of the trusted domain\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for a trusted domain\n" -"\n" -"Since there might be more than one trusted domain the domain SID must be " -"given\n" -"while creating the ID range.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" -"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" -"\n" -"This ID range is then used by the IPA server and the SSSD IPA provider to\n" -"assign Posix UIDs to users from the trusted domain.\n" -"\n" -"If e.g. a range for a trusted domain is configured with the following " -"values:\n" -" base-id = 1200000\n" -" range-size = 200000\n" -" rid-base = 0\n" -"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " -"So\n" -"RID 1000 <-> Posix ID 1201000\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for the local domain\n" -"\n" -"To create an ID range for the local domain it is not necessary to specify a\n" -"domain SID. But since it is possible that a user and a group can have the " -"same\n" -"value as Posix ID a second RID interval is needed to handle conflicts.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" -"base=1000 --secondary-rid-base=1000000 local_range\n" +"Modify a trust (for future use).\n" "\n" -"The data from the ID ranges of the local domain are used by the IPA server\n" -"internally to assign SIDs to IPA users and groups. The SID will then be " -"stored\n" -"in the user or group objects.\n" +" Currently only the default option to modify the LDAP attributes is\n" +" available. More specific options will be added in coming releases.\n" +" " +msgstr "" + +msgid "Resolve security identifiers of users and groups in trusted domains" +msgstr "" + +msgid "Security Identifiers (SIDs)" +msgstr "" + +msgid "Display information about a trust." +msgstr "" + +msgid "Modify global trust configuration." +msgstr "" + +msgid "Show global trust configuration." +msgstr "" + +msgid "Allow access from the trusted domain" +msgstr "" + +msgid "Remove information about the domain associated with the trust." +msgstr "" + +msgid "Disable use of IPA resources by the domain of the trust" +msgstr "" + +msgid "Allow use of IPA resources by the domain of the trust" +msgstr "" + +msgid "Search domains of the trust" +msgstr "" + +msgid "Results should contain primary key attribute only (\"domain\")" +msgstr "" + +msgid "Modify trustdomain of the trust" +msgstr "" + +msgid "" "\n" -"If e.g. the ID range for the local domain is configured with the values " -"from\n" -"the example above then a new user with the UID 1200007 will get the RID " -"1007.\n" -"If this RID is already used by a group the RID will be 1000007. This can " -"only\n" -"happen if a user or a group object was created with a fixed ID because the\n" -"automatic assignment will not assign the same ID twice. Since there are " -"only\n" -"users and groups sharing the same ID namespace it is sufficient to have " -"only\n" -"one fallback range to handle conflicts.\n" +"Users\n" "\n" -"To find the Posix ID for a given RID from the local domain it has to be\n" -"checked first if the RID falls in the primary or secondary RID range and\n" -"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" -"and the base-id has to be added to get the Posix ID.\n" +"Manage user entries. All users are POSIX users.\n" "\n" -"Typically the creation of ID ranges happens behind the scenes and this CLI\n" -"must not be used at all. The ID range for the local domain will be created\n" -"during installation or upgrade from an older version. The ID range for a\n" -"trusted domain will be created together with the trust by 'ipa trust-" -"add ...'.\n" +"IPA supports a wide range of username formats, but you need to be aware of " +"any\n" +"restrictions that may apply to your particular environment. For example,\n" +"usernames that start with a digit or usernames that exceed a certain length\n" +"may cause problems for some UNIX systems.\n" +"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" "\n" -"USE CASES:\n" +"Disabling a user account prevents that user from obtaining new Kerberos\n" +"credentials. It does not invalidate any credentials that have already\n" +"been issued.\n" "\n" -" Add an ID range from a transitively trusted domain\n" +"Password management is not a part of this module. For more information\n" +"about this topic please see: ipa help passwd\n" "\n" -" If the trusted domain (A) trusts another domain (B) as well and this " -"trust\n" -" is transitive 'ipa trust-add domain-A' will only create a range for\n" -" domain A. The ID range for domain B must be added manually.\n" +"Account lockout on password failure happens per IPA master. The user-status\n" +"command can be used to identify which master the user is locked out on.\n" +"It is on that master the administrator must unlock the user.\n" "\n" -" Add an additional ID range for the local domain\n" +"EXAMPLES:\n" "\n" -" If the ID range of the local domain is exhausted, i.e. no new IDs can " -"be\n" -" assigned to Posix users or groups by the DNA plugin, a new range has to " -"be\n" -" created to allow new users and groups to be added. (Currently there is " -"no\n" -" connection between this range CLI and the DNA plugin, but a future " -"version\n" -" might be able to modify the configuration of the DNS plugin as well)\n" +" Add a new user:\n" +" ipa user-add --first=Tim --last=User --password tuser1\n" "\n" -"In general it is not necessary to modify or delete ID ranges. If there is " -"no\n" -"other way to achieve a certain configuration than to modify or delete an ID\n" -"range it should be done with great care. Because UIDs are stored in the " -"file\n" -"system and are used for access control it might be possible that users are\n" -"allowed to access files of other users if an ID range got deleted and " -"reused\n" -"for a different domain.\n" +" Find all users whose entries include the string \"Tim\":\n" +" ipa user-find Tim\n" "\n" -"(*) The RID is typically the last integer of a user or group SID which " -"follows\n" -"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " -"from\n" -"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " -"the\n" -"user. RIDs are unique in a domain, 32bit values and are used for users and\n" -"groups.\n" +" Find all users with \"Tim\" as the first name:\n" +" ipa user-find --first=Tim\n" "\n" -"WARNING:\n" +" Disable a user account:\n" +" ipa user-disable tuser1\n" "\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" +" Enable a user account:\n" +" ipa user-enable tuser1\n" "\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" +" Delete a user:\n" +" ipa user-del tuser1\n" msgstr "" -#: ipaserver/plugins/idrange.py:220 -msgid "Range name" +msgid "First name" msgstr "" -#: ipaserver/plugins/idrange.py:225 -msgid "First Posix ID of the range" +msgid "Last name" msgstr "" -#: ipaserver/plugins/idrange.py:231 -msgid "Number of IDs in the range" +#: ipaserver/plugins/baseuser.py:273 +msgid "Full name" msgstr "" -#: ipaserver/plugins/idrange.py:237 -msgid "First RID of the corresponding RID range" +msgid "Display name" msgstr "" -#: ipaserver/plugins/idrange.py:241 -msgid "First RID of the secondary RID range" +msgid "Initials" msgstr "" -#: ipaserver/plugins/idrange.py:246 ipaserver/plugins/idrange.py:657 -msgid "Domain SID of the trusted domain" +msgid "Kerberos principal" msgstr "" -#: ipaserver/plugins/idrange.py:251 ipaserver/plugins/idrange.py:665 -msgid "Name of the trusted domain" +#: ipaserver/plugins/baseuser.py:319 +msgid "Kerberos principal expiration" msgstr "" -#: ipaserver/plugins/idrange.py:254 ipaserver/plugins/internal.py:1274 -#: ipaserver/plugins/trust.py:714 -msgid "Range type" +msgid "Email address" msgstr "" -msgid "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local" +msgid "Prompt to set the user password" msgstr "" -msgid "" -"\n" -"Add new ID range.\n" -"\n" -" To add a new ID range you always have to specify\n" -"\n" -" --base-id\n" -" --range-size\n" -"\n" -" Additionally\n" -"\n" -" --rid-base\n" -" --secondary-rid-base\n" -"\n" -" may be given for a new ID range for the local domain while\n" -"\n" -" --rid-base\n" -" --dom-sid\n" -"\n" -" must be given to add a new range for a trusted AD domain.\n" -"\n" -" WARNING:\n" -"\n" -" DNA plugin in 389-ds will allocate IDs based on the ranges configured " -"for the\n" -" local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -" on the local ranges set via this family of commands.\n" -"\n" -" Manual configuration change has to be done in the DNA plugin " -"configuration for\n" -" the new local range. Specifically, The dnaNextRange attribute of " -"'cn=Posix\n" -" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " -"to be\n" -" modified to match the new range.\n" -" " +msgid "Generate a random user password" msgstr "" -#: ipaserver/plugins/idrange.py:558 -msgid "Delete an ID range." +msgid "User ID Number (system will assign one if not provided)" msgstr "" -#: ipaserver/plugins/idrange.py:606 -msgid "Search for ranges." +msgid "Street address" msgstr "" -msgid "Modify ID range." +msgid "City" msgstr "" -#: ipaserver/plugins/idrange.py:629 -msgid "Display information about a range." +msgid "State/Province" msgstr "" -msgid "" -"\n" -"OTP Tokens\n" -"\n" -"Manage OTP tokens.\n" -"\n" -"IPA supports the use of OTP tokens for multi-factor authentication. This\n" -"code enables the management of OTP tokens.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new token:\n" -" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" -"\n" -" Examine the token:\n" -" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" -"\n" -" Change the vendor:\n" -" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red " -"Hat\"\n" -"\n" -" Delete a token:\n" -" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +msgid "ZIP" msgstr "" -#: ipaserver/plugins/otptoken.py:160 ipaserver/plugins/subid.py:136 -msgid "Unique ID" +msgid "Telephone Number" msgstr "" -#: ipaserver/plugins/otptoken.py:166 -msgid "Type of the token" +msgid "Mobile Telephone Number" msgstr "" -#: ipaserver/plugins/otptoken.py:175 -msgid "Token description (informational only)" +msgid "Pager Number" msgstr "" -#: ipaserver/plugins/otptoken.py:179 ipaserver/plugins/subid.py:149 -#: ipaserver/plugins/subid.py:467 ipaserver/plugins/internal.py:1400 -msgid "Owner" +msgid "Fax Number" msgstr "" -#: ipaserver/plugins/otptoken.py:180 -msgid "Assigned user of the token (default: self)" +msgid "Org. Unit" msgstr "" -#: ipaserver/plugins/otptoken.py:184 -msgid "Assigned manager of the token (default: self)" +msgid "Job Title" msgstr "" -#: ipaserver/plugins/otptoken.py:189 ipaserver/plugins/internal.py:1961 -msgid "Disabled" +msgid "Car License" msgstr "" -#: ipaserver/plugins/otptoken.py:190 -msgid "Mark the token as disabled (default: false)" +msgid "Account disabled" msgstr "" -#: ipaserver/plugins/otptoken.py:194 -msgid "Validity start" +#: ipaserver/plugins/baseuser.py:413 +msgid "User authentication types" msgstr "" -#: ipaserver/plugins/otptoken.py:195 -msgid "First date/time the token can be used" +#: ipaserver/plugins/baseuser.py:414 +msgid "Types of supported user authentication" msgstr "" -#: ipaserver/plugins/otptoken.py:199 -msgid "Validity end" +#: ipaserver/plugins/baseuser.py:421 +msgid "" +"User category (semantics placed on this attribute are for local " +"interpretation)" msgstr "" -#: ipaserver/plugins/otptoken.py:200 -msgid "Last date/time the token can be used" +#: ipaserver/plugins/baseuser.py:426 +msgid "RADIUS proxy configuration" msgstr "" -#: ipaserver/plugins/otptoken.py:204 -msgid "Vendor" +#: ipaserver/plugins/baseuser.py:430 +msgid "RADIUS proxy username" msgstr "" -#: ipaserver/plugins/otptoken.py:205 -msgid "Token vendor name (informational only)" +#: ipaserver/plugins/baseuser.py:442 +msgid "Department Number" msgstr "" -#: ipaserver/plugins/otptoken.py:209 -msgid "Model" +#: ipaserver/plugins/baseuser.py:445 +msgid "Employee Number" msgstr "" -#: ipaserver/plugins/otptoken.py:210 -msgid "Token model (informational only)" +#: ipaserver/plugins/baseuser.py:448 +msgid "Employee Type" msgstr "" -#: ipaserver/plugins/otptoken.py:214 -msgid "Serial" +#: ipaserver/plugins/baseuser.py:451 +msgid "Preferred Language" msgstr "" -#: ipaserver/plugins/otptoken.py:215 -msgid "Token serial (informational only)" +msgid "Kerberos keys available" msgstr "" -#: ipaserver/plugins/otptoken.py:220 -msgid "Token secret (Base32; default: random)" +msgid "Add a new user." msgstr "" -#: ipaserver/plugins/otptoken.py:230 -msgid "Token hash algorithm" +msgid "Don't create user private group" msgstr "" -#: ipaserver/plugins/otptoken.py:238 -msgid "Digits" +msgid "Delete a user." msgstr "" -#: ipaserver/plugins/otptoken.py:239 -msgid "Number of digits each token code will have" +msgid "Disable a user account." msgstr "" -#: ipaserver/plugins/otptoken.py:247 -msgid "Clock offset" +msgid "Enable a user account." msgstr "" -#: ipaserver/plugins/otptoken.py:248 -msgid "TOTP token / IPA server time difference" +msgid "Search for users." msgstr "" -#: ipaserver/plugins/otptoken.py:255 -msgid "Clock interval" +msgid "Self" msgstr "" -#: ipaserver/plugins/otptoken.py:256 -msgid "Length of TOTP token code validity" +msgid "Display user record for current Kerberos principal" msgstr "" -#: ipaserver/plugins/otptoken.py:264 -msgid "Counter" +msgid "Results should contain primary key attribute only (\"login\")" msgstr "" -#: ipaserver/plugins/otptoken.py:265 -msgid "Initial counter for the HOTP token" +msgid "Search for users with these member of groups." msgstr "" -#: ipaserver/plugins/otptoken.py:280 -msgid "Add a new OTP token." +msgid "Search for users without these member of groups." msgstr "" -#: ipaserver/plugins/otptoken.py:284 -msgid "(deprecated)" +msgid "Search for users with these member of netgroups." msgstr "" -#: ipaserver/plugins/otptoken.py:285 -msgid "Do not display QR code" +msgid "Search for users without these member of netgroups." msgstr "" -#: ipaserver/plugins/otptoken.py:463 -msgid "Add users that can manage this token." +msgid "Search for users with these member of roles." msgstr "" -#: ipaserver/plugins/otptoken.py:366 -msgid "Delete an OTP token." +msgid "Search for users without these member of roles." msgstr "" -#: ipaserver/plugins/otptoken.py:421 -msgid "Search for OTP token." +msgid "Search for users with these member of HBAC rules." msgstr "" -msgid "Results should contain primary key attribute only (\"id\")" +msgid "Search for users without these member of HBAC rules." msgstr "" -#: ipaserver/plugins/otptoken.py:372 -msgid "Modify a OTP token." +msgid "Search for users with these member of sudo rules." msgstr "" -msgid "Rename the OTP token object" +msgid "Search for users without these member of sudo rules." +msgstr "" + +msgid "Modify a user." +msgstr "" + +msgid "Rename the user object" +msgstr "" + +msgid "Display information about a user." +msgstr "" + +msgid "" +"\n" +"Lockout status of a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator.\n" +"\n" +" This connects to each IPA master and displays the lockout status on\n" +" each one.\n" +"\n" +" To determine whether an account is locked on a given server you need\n" +" to compare the number of failed logins and the time of the last " +"failure.\n" +" For an account to be locked it must exceed the maxfail failures within\n" +" the failinterval duration as specified in the password policy " +"associated\n" +" with the user.\n" +"\n" +" The failed login counter is modified only when a user attempts a log in\n" +" so it is possible that an account may appear locked but the last failed\n" +" login attempt is older than the lockouttime of the password policy. " +"This\n" +" means that the user may attempt a login again.\n" +" " msgstr "" -#: ipaserver/plugins/otptoken.py:450 -msgid "Display information about an OTP token." +msgid "" +"\n" +"Unlock a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator.\n" +" " msgstr "" msgid "" @@ -8786,407 +9032,490 @@ msgstr "" msgid "Display Sudo Rule." msgstr "" +#: ipaserver/plugins/pkinit.py:72 ipaserver/plugins/serverrole.py:124 +#: ipaserver/plugins/baseldap.py:1980 ipaserver/plugins/cert.py:1570 +msgid "Time limit of search in seconds (0 is unlimited)" +msgstr "" + +#: ipaserver/plugins/pkinit.py:80 ipaserver/plugins/serverrole.py:132 +#: ipaserver/plugins/baseldap.py:1987 ipaserver/plugins/cert.py:1575 +msgid "Maximum number of entries returned (0 is unlimited)" +msgstr "" + msgid "" "\n" -"Cross-realm trusts\n" -"\n" -"Manage trust relationship between IPA and Active Directory domains.\n" -"\n" -"In order to allow users from a remote domain to access resources in IPA\n" -"domain, trust relationship needs to be established. Currently IPA supports\n" -"only trusts between IPA and Active Directory domains under control of " -"Windows\n" -"Server 2008 or later, with functional level 2008 or later.\n" -"\n" -"Please note that DNS on both IPA and Active Directory domain sides should " -"be\n" -"configured properly to discover each other. Trust relationship relies on\n" -"ability to discover special resources in the other domain via DNS records.\n" -"\n" -"Examples:\n" -"\n" -"1. Establish cross-realm trust with Active Directory using AD administrator\n" -" credentials:\n" -"\n" -" ipa trust-add --type=ad --admin --" -"password\n" -"\n" -"2. List all existing trust relationships:\n" -"\n" -" ipa trust-find\n" -"\n" -"3. Show details of the specific trust relationship:\n" -"\n" -" ipa trust-show \n" -"\n" -"4. Delete existing trust relationship:\n" -"\n" -" ipa trust-del \n" -"\n" -"Once trust relationship is established, remote users will need to be mapped\n" -"to local POSIX groups in order to actually use IPA resources. The mapping " -"should\n" -"be done via use of external membership of non-POSIX group and then this " -"group\n" -"should be included into one of local POSIX groups.\n" -"\n" -"Example:\n" -"\n" -"1. Create group for the trusted domain admins' mapping and their local POSIX " -"group:\n" -"\n" -" ipa group-add --desc=' admins external map' ad_admins_external " -"--external\n" -" ipa group-add --desc=' admins' ad_admins\n" -"\n" -"2. Add security identifier of Domain Admins of the to the " -"ad_admins_external\n" -" group:\n" -"\n" -" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" -"\n" -"3. Allow members of ad_admins_external group to be associated with ad_admins " -"POSIX group:\n" -"\n" -" ipa group-add-member ad_admins --groups ad_admins_external\n" -"\n" -"4. List members of external members of ad_admins_external group to see their " -"SIDs:\n" -"\n" -" ipa group-show ad_admins_external\n" +"Manage CA ACL rules.\n" "\n" +"This plugin is used to define rules governing which principals are\n" +"permitted to have certificates issued using a given certificate\n" +"profile.\n" "\n" -"GLOBAL TRUST CONFIGURATION\n" +"PROFILE ID SYNTAX:\n" "\n" -"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n" -"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" -"identifiers are then used when communicating with a trusted domain of the\n" -"particular type.\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" "\n" -"1. Show global trust configuration for Active Directory type of trusts:\n" +"EXAMPLES:\n" "\n" -" ipa trustconfig-show --type ad\n" +" Create a CA ACL \"test\" that grants all users access to the\n" +" \"UserCert\" profile:\n" +" ipa caacl-add test --usercat=all\n" +" ipa caacl-add-profile test --certprofiles UserCert\n" "\n" -"2. Modify global configuration for all trusts of Active Directory type and " -"set\n" -" a different fallback primary group (fallback primary group GID is used " -"as\n" -" a primary user GID if user authenticating to IPA domain does not have any " -"other\n" -" primary GID already set):\n" +" Display the properties of a named CA ACL:\n" +" ipa caacl-show test\n" "\n" -" ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD " -"group\"\n" +" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n" +" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" +" ipa caacl-add-user alice_dnp3 --user=alice\n" "\n" -"3. Change primary fallback group back to default hidden group (any group " -"with\n" -" posixGroup object class is allowed):\n" +" Disable a CA ACL:\n" +" ipa caacl-disable test\n" "\n" -" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB " -"Group\"\n" +" Remove a CA ACL:\n" +" ipa caacl-del test\n" msgstr "" -#: ipaserver/plugins/internal.py:1565 ipaserver/plugins/trust.py:544 -#: ipaserver/plugins/trust.py:1589 -msgid "Domain NetBIOS name" +msgid "ACL name" msgstr "" -#: ipaserver/plugins/internal.py:1566 ipaserver/plugins/trust.py:548 -#: ipaserver/plugins/trust.py:1592 -msgid "Domain Security Identifier" +msgid "Profile category" msgstr "" -msgid "SID blacklist incoming" +msgid "Profile category the ACL applies to" msgstr "" -msgid "SID blacklist outgoing" +msgid "User category the ACL applies to" msgstr "" -msgid "Security Identifier" +msgid "Host category the ACL applies to" msgstr "" -msgid "NetBIOS name" +msgid "Service category the ACL applies to" msgstr "" -msgid "Domain GUID" +#: ipaserver/plugins/internal.py:604 +msgid "Profiles" msgstr "" -msgid "Fallback primary group" +msgid "Create a new CA ACL." msgstr "" -#: ipaserver/plugins/certmap.py:298 ipaserver/plugins/trust.py:1584 -msgid "Domain name" +msgid "Add target hosts and hostgroups to a CA ACL." msgstr "" -msgid "Trusted domain partner" +msgid "Add profiles to a CA ACL." msgstr "" -msgid "Determine whether ipa-adtrust-install has been run on this system" +msgid "member Certificate Profile" msgstr "" -msgid "" -"Determine whether Schema Compatibility plugin is configured to serve trusted " -"domain users and groups" +msgid "Certificate Profiles to add" msgstr "" -msgid "Determine whether ipa-adtrust-install has been run with sidgen task" +msgid "Add services to a CA ACL." +msgstr "" + +msgid "Add users and groups to a CA ACL." +msgstr "" + +msgid "Delete a CA ACL." +msgstr "" + +msgid "Disable a CA ACL." +msgstr "" + +msgid "Enable a CA ACL." +msgstr "" + +msgid "Search for CA ACLs." +msgstr "" + +msgid "Modify a CA ACL." +msgstr "" + +msgid "Remove target hosts and hostgroups from a CA ACL." +msgstr "" + +msgid "Remove profiles from a CA ACL." +msgstr "" + +msgid "Certificate Profiles to remove" +msgstr "" + +msgid "Remove services from a CA ACL." +msgstr "" + +msgid "Remove users and groups from a CA ACL." +msgstr "" + +msgid "Display the properties of a CA ACL." +msgstr "" + +msgid "Principal for this certificate (e.g. HTTP/test.example.com)" +msgstr "" + +#: ipaserver/plugins/certprofile.py:122 ipaserver/plugins/cert.py:575 +msgid "Profile ID" +msgstr "" + +msgid "Certificate Profile to use" msgstr "" msgid "" "\n" -"Add new trust to use.\n" +"Manage Certificate Profiles\n" "\n" -"This command establishes trust relationship to another domain\n" -"which becomes 'trusted'. As result, users of the trusted domain\n" -"may access resources of this domain.\n" +"Certificate Profiles are used by Certificate Authority (CA) in the signing " +"of\n" +"certificates to determine if a Certificate Signing Request (CSR) is " +"acceptable,\n" +"and if so what features and extensions will be present on the certificate.\n" +"\n" +"The Certificate Profile format is the property-list format understood by " +"the\n" +"Dogtag or Red Hat Certificate System CA.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Import a profile that will not store issued certificates:\n" +" ipa certprofile-import ShortLivedUserCert --file UserCert.profile " +"--desc \"User Certificates\" --store=false\n" +"\n" +" Delete a certificate profile:\n" +" ipa certprofile-del ShortLivedUserCert\n" +"\n" +" Show information about a profile:\n" +" ipa certprofile-show ShortLivedUserCert\n" +"\n" +" Save profile configuration to a file:\n" +" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" +"\n" +" Search for profiles that do not store certificates:\n" +" ipa certprofile-find --store=false\n" +"\n" +"PROFILE CONFIGURATION FORMAT:\n" +"\n" +"The profile configuration format is the raw property-list format\n" +"used by Dogtag Certificate System. The XML format is not supported.\n" +"\n" +"The following restrictions apply to profiles managed by IPA:\n" +"\n" +"- When importing a profile the \"profileId\" field, if present, must\n" +" match the ID given on the command line.\n" "\n" -"Only trusts to Active Directory domains are supported right now.\n" +"- The \"classId\" field must be set to \"caEnrollImpl\"\n" "\n" -"The command can be safely run multiple times against the same domain,\n" -"this will cause change to trust relationship credentials on both\n" -"sides.\n" -" " -msgstr "" - -msgid "Trust type (ad for Active Directory, default)" -msgstr "" - -#: ipaserver/plugins/trust.py:1802 -msgid "Active Directory domain administrator" -msgstr "" - -#: ipaserver/plugins/trust.py:1806 -msgid "Active Directory domain administrator's password" -msgstr "" - -#: ipaserver/plugins/trust.py:1811 -msgid "Domain controller for the Active Directory domain (optional)" +"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" +"\n" +"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" +" class must be used.\n" msgstr "" -msgid "Shared secret for the trust" +#: ipaserver/plugins/certprofile.py:123 +msgid "Profile ID for referring to this profile" msgstr "" -msgid "First Posix ID of the range reserved for the trusted domain" +#: ipaserver/plugins/certprofile.py:132 +msgid "Profile description" msgstr "" -msgid "Size of the ID range reserved for the trusted domain" +#: ipaserver/plugins/certprofile.py:133 +msgid "Brief description of this profile" msgstr "" -msgid "" -"Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust" +#: ipaserver/plugins/certprofile.py:138 +msgid "Store issued certificates" msgstr "" -msgid "Delete a trust." +#: ipaserver/plugins/certprofile.py:139 +msgid "Whether to store certs issued using this profile" msgstr "" -msgid "Refresh list of the domains associated with the trust" +#: ipaserver/plugins/certprofile.py:281 +msgid "Delete a Certificate Profile." msgstr "" -msgid "Search for trusts." +#: ipaserver/plugins/certprofile.py:188 +msgid "Search for Certificate Profiles." msgstr "" -msgid "Results should contain primary key attribute only (\"realm\")" +#: ipaserver/plugins/certprofile.py:221 +msgid "Import a Certificate Profile." msgstr "" -msgid "" -"\n" -"Modify a trust (for future use).\n" -"\n" -" Currently only the default option to modify the LDAP attributes is\n" -" available. More specific options will be added in coming releases.\n" -" " +#: ipaserver/plugins/certprofile.py:226 +msgid "Filename of a raw profile. The XML format is not supported." msgstr "" -msgid "Resolve security identifiers of users and groups in trusted domains" +#: ipaserver/plugins/certprofile.py:304 +msgid "Modify Certificate Profile configuration." msgstr "" -msgid "Security Identifiers (SIDs)" +#: ipaserver/plugins/certprofile.py:310 +msgid "File containing profile configuration" msgstr "" -msgid "Display information about a trust." +#: ipaserver/plugins/certprofile.py:200 +msgid "Display the properties of a Certificate Profile." msgstr "" -msgid "Modify global trust configuration." +#: ipaserver/plugins/certprofile.py:204 +msgid "Write profile configuration to file" msgstr "" -msgid "Show global trust configuration." +msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)" msgstr "" -msgid "Allow access from the trusted domain" +msgid "Maximum number of records to search (-1 or 0 is unlimited)" msgstr "" -msgid "Remove information about the domain associated with the trust." +#: ipaserver/plugins/domainlevel.py:18 +msgid "" +"\n" +"Raise the IPA Domain Level.\n" msgstr "" -msgid "Disable use of IPA resources by the domain of the trust" +#: ipaserver/plugins/domainlevel.py:93 +msgid "Query current Domain Level." msgstr "" -msgid "Allow use of IPA resources by the domain of the trust" +#: ipaserver/plugins/domainlevel.py:27 +msgid "Current domain level:" msgstr "" -msgid "Search domains of the trust" +#: ipaserver/plugins/domainlevel.py:117 +msgid "Change current Domain Level." msgstr "" -msgid "Results should contain primary key attribute only (\"domain\")" +#: ipaserver/plugins/domainlevel.py:124 ipaserver/plugins/internal.py:797 +#: ipaserver/plugins/internal.py:798 +msgid "Domain Level" msgstr "" -msgid "Modify trustdomain of the trust" +msgid "Add certificates to host entry" msgstr "" -#: ipaserver/plugins/pkinit.py:72 ipaserver/plugins/serverrole.py:124 -#: ipaserver/plugins/baseldap.py:1980 ipaserver/plugins/cert.py:1570 -msgid "Time limit of search in seconds (0 is unlimited)" +msgid "Remove certificates from host entry" msgstr "" -#: ipaserver/plugins/pkinit.py:80 ipaserver/plugins/serverrole.py:132 -#: ipaserver/plugins/baseldap.py:1987 ipaserver/plugins/cert.py:1575 -msgid "Maximum number of entries returned (0 is unlimited)" +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=1000 --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" msgstr "" msgid "" "\n" -"Manage CA ACL rules.\n" +"Add new ID range.\n" "\n" -"This plugin is used to define rules governing which principals are\n" -"permitted to have certificates issued using a given certificate\n" -"profile.\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" "\n" -"PROFILE ID SYNTAX:\n" +" Additionally\n" "\n" -"A Profile ID is a string without spaces or punctuation starting with a " -"letter\n" -"and followed by a sequence of letters, digits or underscore (\"_\").\n" +" --rid-base\n" +" --secondary-rid-base\n" "\n" -"EXAMPLES:\n" +" may be given for a new ID range for the local domain while\n" "\n" -" Create a CA ACL \"test\" that grants all users access to the\n" -" \"UserCert\" profile:\n" -" ipa caacl-add test --usercat=all\n" -" ipa caacl-add-profile test --certprofiles UserCert\n" +" --rid-base\n" +" --dom-sid\n" "\n" -" Display the properties of a named CA ACL:\n" -" ipa caacl-show test\n" +" must be given to add a new range for a trusted AD domain.\n" "\n" -" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n" -" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" -" ipa caacl-add-user alice_dnp3 --user=alice\n" +"=======\n" +"WARNING:\n" "\n" -" Disable a CA ACL:\n" -" ipa caacl-disable test\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" "\n" -" Remove a CA ACL:\n" -" ipa caacl-del test\n" -msgstr "" - -msgid "ACL name" -msgstr "" - -msgid "Profile category" -msgstr "" - -msgid "Profile category the ACL applies to" -msgstr "" - -msgid "User category the ACL applies to" -msgstr "" - -msgid "Host category the ACL applies to" -msgstr "" - -msgid "Service category the ACL applies to" -msgstr "" - -#: ipaserver/plugins/internal.py:604 -msgid "Profiles" -msgstr "" - -msgid "Create a new CA ACL." -msgstr "" - -msgid "Add target hosts and hostgroups to a CA ACL." -msgstr "" - -msgid "Add profiles to a CA ACL." -msgstr "" - -msgid "member Certificate Profile" -msgstr "" - -msgid "Certificate Profiles to add" -msgstr "" - -msgid "Add services to a CA ACL." -msgstr "" - -msgid "Add users and groups to a CA ACL." -msgstr "" - -msgid "Delete a CA ACL." -msgstr "" - -msgid "Disable a CA ACL." -msgstr "" - -msgid "Enable a CA ACL." -msgstr "" - -msgid "Search for CA ACLs." -msgstr "" - -msgid "Modify a CA ACL." -msgstr "" - -msgid "Remove target hosts and hostgroups from a CA ACL." -msgstr "" - -msgid "Remove profiles from a CA ACL." -msgstr "" - -msgid "Certificate Profiles to remove" -msgstr "" - -msgid "Remove services from a CA ACL." -msgstr "" - -msgid "Remove users and groups from a CA ACL." -msgstr "" - -msgid "Display the properties of a CA ACL." -msgstr "" - -msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)" -msgstr "" - -msgid "Maximum number of records to search (-1 or 0 is unlimited)" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +" " msgstr "" -#: ipaserver/plugins/domainlevel.py:18 msgid "" "\n" -"Raise the IPA Domain Level.\n" -msgstr "" - -#: ipaserver/plugins/domainlevel.py:93 -msgid "Query current Domain Level." -msgstr "" - -#: ipaserver/plugins/domainlevel.py:27 -msgid "Current domain level:" -msgstr "" - -#: ipaserver/plugins/domainlevel.py:117 -msgid "Change current Domain Level." -msgstr "" - -#: ipaserver/plugins/domainlevel.py:124 ipaserver/plugins/internal.py:797 -#: ipaserver/plugins/internal.py:798 -msgid "Domain Level" -msgstr "" - -msgid "Add certificates to host entry" -msgstr "" - -msgid "Remove certificates from host entry" +"Modify ID range.\n" +"\n" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +" " msgstr "" #: ipaserver/plugins/idviews.py:81 @@ -9223,6 +9552,10 @@ msgid "" "to onelevel" msgstr "" +#: ipaserver/plugins/otptoken.py:469 +msgid "Remove users that can manage this token." +msgstr "" + #: ipaserver/plugins/permission.py:322 msgid "Target DN subtree" msgstr "" @@ -9715,6 +10048,14 @@ msgid "" " " msgstr "" +#: ipaserver/plugins/trust.py:721 +msgid "Two-way trust" +msgstr "" + +msgid "" +"Establish bi-directional trust. By default trust is inbound one-way only." +msgstr "" + #: ipaserver/plugins/user.py:1217 msgid "Preserved user" msgstr "" @@ -9941,426 +10282,84 @@ msgstr "" msgid "Username of the user vault" msgstr "" -msgid "Add members to a vault." -msgstr "" - -msgid "Add owners to a vault." -msgstr "" - -msgid "owner user" -msgstr "" - -msgid "owner group" -msgstr "" - -msgid "owner service" -msgstr "" - -#: ipaserver/plugins/vault.py:1211 -msgid "Owners that could not be added" -msgstr "" - -#: ipaserver/plugins/vault.py:1216 -msgid "Number of owners added" -msgstr "" - -#: ipaserver/plugins/vault.py:1127 -msgid "Session key wrapped with transport certificate" -msgstr "" - -msgid "Vault data encrypted with session key" -msgstr "" - -msgid "Nonce" -msgstr "" - -msgid "Delete a vault." -msgstr "" - -msgid "Search for vaults." -msgstr "" - -msgid "List all service vaults" -msgstr "" - -msgid "List all user vaults" -msgstr "" - -msgid "Remove members from a vault." -msgstr "" - -msgid "Remove owners from a vault." -msgstr "" - -#: ipaserver/plugins/vault.py:1236 -msgid "Owners that could not be removed" -msgstr "" - -#: ipaserver/plugins/vault.py:1241 -msgid "Number of owners removed" -msgstr "" - -msgid "Display information about a vault." -msgstr "" - -msgid "Show vault configuration." -msgstr "" - -msgid "Output file to store the transport certificate" -msgstr "" - -msgid "Add owners to a vault container." -msgstr "" - -msgid "Delete a vault container." -msgstr "" - -msgid "Remove owners from a vault container." -msgstr "" - -msgid "Display information about a vault container." +msgid "Add members to a vault." msgstr "" -msgid "Principal for this certificate (e.g. HTTP/test.example.com)" +msgid "Add owners to a vault." msgstr "" -#: ipaserver/plugins/certprofile.py:122 ipaserver/plugins/cert.py:575 -msgid "Profile ID" +msgid "owner user" msgstr "" -msgid "Certificate Profile to use" +msgid "owner group" msgstr "" -msgid "" -"\n" -"Manage Certificate Profiles\n" -"\n" -"Certificate Profiles are used by Certificate Authority (CA) in the signing " -"of\n" -"certificates to determine if a Certificate Signing Request (CSR) is " -"acceptable,\n" -"and if so what features and extensions will be present on the certificate.\n" -"\n" -"The Certificate Profile format is the property-list format understood by " -"the\n" -"Dogtag or Red Hat Certificate System CA.\n" -"\n" -"PROFILE ID SYNTAX:\n" -"\n" -"A Profile ID is a string without spaces or punctuation starting with a " -"letter\n" -"and followed by a sequence of letters, digits or underscore (\"_\").\n" -"\n" -"EXAMPLES:\n" -"\n" -" Import a profile that will not store issued certificates:\n" -" ipa certprofile-import ShortLivedUserCert --file UserCert.profile " -"--desc \"User Certificates\" --store=false\n" -"\n" -" Delete a certificate profile:\n" -" ipa certprofile-del ShortLivedUserCert\n" -"\n" -" Show information about a profile:\n" -" ipa certprofile-show ShortLivedUserCert\n" -"\n" -" Save profile configuration to a file:\n" -" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" -"\n" -" Search for profiles that do not store certificates:\n" -" ipa certprofile-find --store=false\n" -"\n" -"PROFILE CONFIGURATION FORMAT:\n" -"\n" -"The profile configuration format is the raw property-list format\n" -"used by Dogtag Certificate System. The XML format is not supported.\n" -"\n" -"The following restrictions apply to profiles managed by IPA:\n" -"\n" -"- When importing a profile the \"profileId\" field, if present, must\n" -" match the ID given on the command line.\n" -"\n" -"- The \"classId\" field must be set to \"caEnrollImpl\"\n" -"\n" -"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" -"\n" -"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" -" class must be used.\n" +msgid "owner service" msgstr "" -#: ipaserver/plugins/certprofile.py:123 -msgid "Profile ID for referring to this profile" +#: ipaserver/plugins/vault.py:1211 +msgid "Owners that could not be added" msgstr "" -#: ipaserver/plugins/certprofile.py:132 -msgid "Profile description" +#: ipaserver/plugins/vault.py:1216 +msgid "Number of owners added" msgstr "" -#: ipaserver/plugins/certprofile.py:133 -msgid "Brief description of this profile" +#: ipaserver/plugins/vault.py:1127 +msgid "Session key wrapped with transport certificate" msgstr "" -#: ipaserver/plugins/certprofile.py:138 -msgid "Store issued certificates" +msgid "Vault data encrypted with session key" msgstr "" -#: ipaserver/plugins/certprofile.py:139 -msgid "Whether to store certs issued using this profile" +msgid "Nonce" msgstr "" -#: ipaserver/plugins/certprofile.py:281 -msgid "Delete a Certificate Profile." +msgid "Delete a vault." msgstr "" -#: ipaserver/plugins/certprofile.py:188 -msgid "Search for Certificate Profiles." +msgid "Search for vaults." msgstr "" -#: ipaserver/plugins/certprofile.py:221 -msgid "Import a Certificate Profile." +msgid "List all service vaults" msgstr "" -#: ipaserver/plugins/certprofile.py:226 -msgid "Filename of a raw profile. The XML format is not supported." +msgid "List all user vaults" msgstr "" -#: ipaserver/plugins/certprofile.py:304 -msgid "Modify Certificate Profile configuration." +msgid "Remove members from a vault." msgstr "" -#: ipaserver/plugins/certprofile.py:310 -msgid "File containing profile configuration" +msgid "Remove owners from a vault." msgstr "" -#: ipaserver/plugins/certprofile.py:200 -msgid "Display the properties of a Certificate Profile." +#: ipaserver/plugins/vault.py:1236 +msgid "Owners that could not be removed" msgstr "" -#: ipaserver/plugins/certprofile.py:204 -msgid "Write profile configuration to file" +#: ipaserver/plugins/vault.py:1241 +msgid "Number of owners removed" msgstr "" -msgid "" -"\n" -"ID ranges\n" -"\n" -"Manage ID ranges used to map Posix IDs to SIDs and back.\n" -"\n" -"There are two type of ID ranges which are both handled by this utility:\n" -"\n" -" - the ID ranges of the local domain\n" -" - the ID ranges of trusted remote domains\n" -"\n" -"Both types have the following attributes in common:\n" -"\n" -" - base-id: the first ID of the Posix ID range\n" -" - range-size: the size of the range\n" -"\n" -"With those two attributes a range object can reserve the Posix IDs starting\n" -"with base-id up to but not including base-id+range-size exclusively.\n" -"\n" -"Additionally an ID range of the local domain may set\n" -" - rid-base: the first RID(*) of the corresponding RID range\n" -" - secondary-rid-base: first RID of the secondary RID range\n" -"\n" -"and an ID range of a trusted domain must set\n" -" - rid-base: the first RID of the corresponding RID range\n" -" - sid: domain SID of the trusted domain\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for a trusted domain\n" -"\n" -"Since there might be more than one trusted domain the domain SID must be " -"given\n" -"while creating the ID range.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" -"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" -"\n" -"This ID range is then used by the IPA server and the SSSD IPA provider to\n" -"assign Posix UIDs to users from the trusted domain.\n" -"\n" -"If e.g. a range for a trusted domain is configured with the following " -"values:\n" -" base-id = 1200000\n" -" range-size = 200000\n" -" rid-base = 0\n" -"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " -"So\n" -"RID 1000 <-> Posix ID 1201000\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for the local domain\n" -"\n" -"To create an ID range for the local domain it is not necessary to specify a\n" -"domain SID. But since it is possible that a user and a group can have the " -"same\n" -"value as Posix ID a second RID interval is needed to handle conflicts.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" -"base=1000 --secondary-rid-base=1000000 local_range\n" -"\n" -"The data from the ID ranges of the local domain are used by the IPA server\n" -"internally to assign SIDs to IPA users and groups. The SID will then be " -"stored\n" -"in the user or group objects.\n" -"\n" -"If e.g. the ID range for the local domain is configured with the values " -"from\n" -"the example above then a new user with the UID 1200007 will get the RID " -"1007.\n" -"If this RID is already used by a group the RID will be 1000007. This can " -"only\n" -"happen if a user or a group object was created with a fixed ID because the\n" -"automatic assignment will not assign the same ID twice. Since there are " -"only\n" -"users and groups sharing the same ID namespace it is sufficient to have " -"only\n" -"one fallback range to handle conflicts.\n" -"\n" -"To find the Posix ID for a given RID from the local domain it has to be\n" -"checked first if the RID falls in the primary or secondary RID range and\n" -"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" -"and the base-id has to be added to get the Posix ID.\n" -"\n" -"Typically the creation of ID ranges happens behind the scenes and this CLI\n" -"must not be used at all. The ID range for the local domain will be created\n" -"during installation or upgrade from an older version. The ID range for a\n" -"trusted domain will be created together with the trust by 'ipa trust-" -"add ...'.\n" -"\n" -"USE CASES:\n" -"\n" -" Add an ID range from a transitively trusted domain\n" -"\n" -" If the trusted domain (A) trusts another domain (B) as well and this " -"trust\n" -" is transitive 'ipa trust-add domain-A' will only create a range for\n" -" domain A. The ID range for domain B must be added manually.\n" -"\n" -" Add an additional ID range for the local domain\n" -"\n" -" If the ID range of the local domain is exhausted, i.e. no new IDs can " -"be\n" -" assigned to Posix users or groups by the DNA plugin, a new range has to " -"be\n" -" created to allow new users and groups to be added. (Currently there is " -"no\n" -" connection between this range CLI and the DNA plugin, but a future " -"version\n" -" might be able to modify the configuration of the DNS plugin as well)\n" -"\n" -"In general it is not necessary to modify or delete ID ranges. If there is " -"no\n" -"other way to achieve a certain configuration than to modify or delete an ID\n" -"range it should be done with great care. Because UIDs are stored in the " -"file\n" -"system and are used for access control it might be possible that users are\n" -"allowed to access files of other users if an ID range got deleted and " -"reused\n" -"for a different domain.\n" -"\n" -"(*) The RID is typically the last integer of a user or group SID which " -"follows\n" -"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " -"from\n" -"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " -"the\n" -"user. RIDs are unique in a domain, 32bit values and are used for users and\n" -"groups.\n" -"\n" -"=======\n" -"WARNING:\n" -"\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" -"\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" -"=======\n" +msgid "Display information about a vault." msgstr "" -msgid "" -"\n" -"Add new ID range.\n" -"\n" -" To add a new ID range you always have to specify\n" -"\n" -" --base-id\n" -" --range-size\n" -"\n" -" Additionally\n" -"\n" -" --rid-base\n" -" --secondary-rid-base\n" -"\n" -" may be given for a new ID range for the local domain while\n" -"\n" -" --rid-base\n" -" --dom-sid\n" -"\n" -" must be given to add a new range for a trusted AD domain.\n" -"\n" -"=======\n" -"WARNING:\n" -"\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" -"\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" -"=======\n" -" " +msgid "Show vault configuration." msgstr "" -msgid "" -"\n" -"Modify ID range.\n" -"\n" -"=======\n" -"WARNING:\n" -"\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" -"\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" -"=======\n" -" " +msgid "Output file to store the transport certificate" msgstr "" -#: ipaserver/plugins/otptoken.py:469 -msgid "Remove users that can manage this token." +msgid "Add owners to a vault container." msgstr "" -#: ipaserver/dcerpc_common.py:22 -msgid "Two-way trust" +msgid "Delete a vault container." msgstr "" -msgid "" -"Establish bi-directional trust. By default trust is inbound one-way only." +msgid "Remove owners from a vault container." +msgstr "" + +msgid "Display information about a vault container." msgstr "" msgid "Resolve a host name in DNS. (Deprecated)" @@ -10672,11 +10671,11 @@ msgstr "" msgid "Check connection to remote IPA server." msgstr "" -#: ipaserver/plugins/trust.py:1852 +#: ipaserver/plugins/server.py:916 msgid "Remote server name" msgstr "" -#: ipaserver/plugins/trust.py:1853 +#: ipaserver/plugins/server.py:917 msgid "Remote IPA server hostname" msgstr "" @@ -12056,6 +12055,192 @@ msgid "" msgstr "" msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - dom_sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=1000 --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +msgstr "" + +msgid "" +"\n" +"Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --rid-bas\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" +" WARNING:\n" +"\n" +" DNA plugin in 389-ds will allocate IDs based on the ranges configured " +"for the\n" +" local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +" on the local ranges set via this family of commands.\n" +"\n" +" Manual configuration change has to be done in the DNA plugin " +"configuration for\n" +" the new local range. Specifically, The dnaNextRange attribute of " +"'cn=Posix\n" +" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " +"to be\n" +" modified to match the new range.\n" +" " +msgstr "" + +msgid "" "Comma-separated list of objectclasses used to search for user entries in DS" msgstr "" @@ -12369,192 +12554,6 @@ msgstr "" msgid "" "\n" -"ID ranges\n" -"\n" -"Manage ID ranges used to map Posix IDs to SIDs and back.\n" -"\n" -"There are two type of ID ranges which are both handled by this utility:\n" -"\n" -" - the ID ranges of the local domain\n" -" - the ID ranges of trusted remote domains\n" -"\n" -"Both types have the following attributes in common:\n" -"\n" -" - base-id: the first ID of the Posix ID range\n" -" - range-size: the size of the range\n" -"\n" -"With those two attributes a range object can reserve the Posix IDs starting\n" -"with base-id up to but not including base-id+range-size exclusively.\n" -"\n" -"Additionally an ID range of the local domain may set\n" -" - rid-base: the first RID(*) of the corresponding RID range\n" -" - secondary-rid-base: first RID of the secondary RID range\n" -"\n" -"and an ID range of a trusted domain must set\n" -" - rid-base: the first RID of the corresponding RID range\n" -" - dom_sid: domain SID of the trusted domain\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for a trusted domain\n" -"\n" -"Since there might be more than one trusted domain the domain SID must be " -"given\n" -"while creating the ID range.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" -"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" -"\n" -"This ID range is then used by the IPA server and the SSSD IPA provider to\n" -"assign Posix UIDs to users from the trusted domain.\n" -"\n" -"If e.g. a range for a trusted domain is configured with the following " -"values:\n" -" base-id = 1200000\n" -" range-size = 200000\n" -" rid-base = 0\n" -"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " -"So\n" -"RID 1000 <-> Posix ID 1201000\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for the local domain\n" -"\n" -"To create an ID range for the local domain it is not necessary to specify a\n" -"domain SID. But since it is possible that a user and a group can have the " -"same\n" -"value as Posix ID a second RID interval is needed to handle conflicts.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" -"base=1000 --secondary-rid-base=1000000 local_range\n" -"\n" -"The data from the ID ranges of the local domain are used by the IPA server\n" -"internally to assign SIDs to IPA users and groups. The SID will then be " -"stored\n" -"in the user or group objects.\n" -"\n" -"If e.g. the ID range for the local domain is configured with the values " -"from\n" -"the example above then a new user with the UID 1200007 will get the RID " -"1007.\n" -"If this RID is already used by a group the RID will be 1000007. This can " -"only\n" -"happen if a user or a group object was created with a fixed ID because the\n" -"automatic assignment will not assign the same ID twice. Since there are " -"only\n" -"users and groups sharing the same ID namespace it is sufficient to have " -"only\n" -"one fallback range to handle conflicts.\n" -"\n" -"To find the Posix ID for a given RID from the local domain it has to be\n" -"checked first if the RID falls in the primary or secondary RID range and\n" -"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" -"and the base-id has to be added to get the Posix ID.\n" -"\n" -"Typically the creation of ID ranges happens behind the scenes and this CLI\n" -"must not be used at all. The ID range for the local domain will be created\n" -"during installation or upgrade from an older version. The ID range for a\n" -"trusted domain will be created together with the trust by 'ipa trust-" -"add ...'.\n" -"\n" -"USE CASES:\n" -"\n" -" Add an ID range from a transitively trusted domain\n" -"\n" -" If the trusted domain (A) trusts another domain (B) as well and this " -"trust\n" -" is transitive 'ipa trust-add domain-A' will only create a range for\n" -" domain A. The ID range for domain B must be added manually.\n" -"\n" -" Add an additional ID range for the local domain\n" -"\n" -" If the ID range of the local domain is exhausted, i.e. no new IDs can " -"be\n" -" assigned to Posix users or groups by the DNA plugin, a new range has to " -"be\n" -" created to allow new users and groups to be added. (Currently there is " -"no\n" -" connection between this range CLI and the DNA plugin, but a future " -"version\n" -" might be able to modify the configuration of the DNS plugin as well)\n" -"\n" -"In general it is not necessary to modify or delete ID ranges. If there is " -"no\n" -"other way to achieve a certain configuration than to modify or delete an ID\n" -"range it should be done with great care. Because UIDs are stored in the " -"file\n" -"system and are used for access control it might be possible that users are\n" -"allowed to access files of other users if an ID range got deleted and " -"reused\n" -"for a different domain.\n" -"\n" -"(*) The RID is typically the last integer of a user or group SID which " -"follows\n" -"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " -"from\n" -"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " -"the\n" -"user. RIDs are unique in a domain, 32bit values and are used for users and\n" -"groups.\n" -"\n" -"WARNING:\n" -"\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" -"\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" -msgstr "" - -msgid "" -"\n" -"Add new ID range.\n" -"\n" -" To add a new ID range you always have to specify\n" -"\n" -" --base-id\n" -" --range-size\n" -"\n" -" Additionally\n" -"\n" -" --rid-base\n" -" --secondary-rid-base\n" -"\n" -" may be given for a new ID range for the local domain while\n" -"\n" -" --rid-bas\n" -" --dom-sid\n" -"\n" -" must be given to add a new range for a trusted AD domain.\n" -"\n" -" WARNING:\n" -"\n" -" DNA plugin in 389-ds will allocate IDs based on the ranges configured " -"for the\n" -" local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -" on the local ranges set via this family of commands.\n" -"\n" -" Manual configuration change has to be done in the DNA plugin " -"configuration for\n" -" the new local range. Specifically, The dnaNextRange attribute of " -"'cn=Posix\n" -" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " -"to be\n" -" modified to match the new range.\n" -" " -msgstr "" - -msgid "" -"\n" "Sudo Rules\n" "\n" "Sudo (su \"do\") allows a system administrator to delegate authority to\n" @@ -12627,101 +12626,35 @@ msgstr "" msgid "Failed RunAsGroup" msgstr "" -#: ipaclient/frontend.py:62 ipaserver/plugins/caacl.py:473 -msgid "Failed profiles" -msgstr "" - -#: ipaclient/frontend.py:66 ipaserver/plugins/caacl.py:476 -msgid "Failed CAs" -msgstr "" - -#: ipaclient/frontend.py:71 ipaserver/plugins/hostgroup.py:95 -#: ipaserver/plugins/group.py:190 -msgid "Failed member manager" -msgstr "" - -#: ipaclient/frontend.py:76 ipaserver/plugins/host.py:209 -msgid "Failed managedby" -msgstr "" - -#: ipaclient/frontend.py:81 ipaserver/plugins/host.py:236 -#: ipaserver/plugins/service.py:158 -msgid "Failed allowed to retrieve keytab" -msgstr "" - -#: ipaclient/frontend.py:85 ipaserver/plugins/host.py:239 -#: ipaserver/plugins/service.py:161 -msgid "Failed allowed to create keytab" -msgstr "" - -#: ipaclient/frontend.py:94 -msgid "Failed targets" -msgstr "" - -#: ipalib/output.py:110 -msgid "A dictionary representing an LDAP entry" -msgstr "" - -#: ipalib/output.py:118 -msgid "A list of LDAP entries" -msgstr "" - -#: ipalib/output.py:170 -msgid "All commands should at least have a result" -msgstr "" - -#: ipalib/cli.py:630 -#, python-format -msgid "Enter %(label)s again to verify: " -msgstr "" - -#: ipalib/cli.py:639 -msgid "Passwords do not match!" -msgstr "" - -#: ipalib/cli.py:662 -msgid "No matching entries found" -msgstr "" - -#: ipalib/cli.py:737 -msgid "Topic or Command" -msgstr "" - -#: ipalib/cli.py:738 -msgid "The topic or command name." -msgstr "" - -#: ipalib/cli.py:910 -msgid "Topic commands:" -msgstr "" - -#: ipalib/cli.py:916 -msgid "To get command help, use:" +#: ipaclient/frontend.py:62 ipaserver/plugins/caacl.py:473 +msgid "Failed profiles" msgstr "" -#: ipalib/cli.py:917 -msgid " ipa --help" +#: ipaclient/frontend.py:66 ipaserver/plugins/caacl.py:476 +msgid "Failed CAs" msgstr "" -#: ipalib/cli.py:928 -msgid "Command name" +#: ipaclient/frontend.py:71 ipaserver/plugins/hostgroup.py:95 +#: ipaserver/plugins/group.py:190 +msgid "Failed member manager" msgstr "" -#: ipalib/cli.py:1151 -msgid "Positional arguments" +#: ipaclient/frontend.py:76 ipaserver/plugins/host.py:209 +msgid "Failed managedby" msgstr "" -#: ipalib/cli.py:1297 -#, python-format -msgid "Same as --%s" +#: ipaclient/frontend.py:81 ipaserver/plugins/host.py:236 +#: ipaserver/plugins/service.py:158 +msgid "Failed allowed to retrieve keytab" msgstr "" -#: ipalib/cli.py:1300 -msgid "Deprecated options" +#: ipaclient/frontend.py:85 ipaserver/plugins/host.py:239 +#: ipaserver/plugins/service.py:161 +msgid "Failed allowed to create keytab" msgstr "" -#: ipalib/cli.py:1429 -msgid "No file to read" +#: ipaclient/frontend.py:94 +msgid "Failed targets" msgstr "" #: ipalib/errors.py:296 @@ -13189,17 +13122,70 @@ msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" -#: ipalib/frontend.py:425 -msgid "Results are truncated, try a more specific search" +#: ipalib/output.py:110 +msgid "A dictionary representing an LDAP entry" msgstr "" -#: ipalib/frontend.py:584 ipatests/test_xmlrpc/test_ping_plugin.py:52 +#: ipalib/output.py:118 +msgid "A list of LDAP entries" +msgstr "" + +#: ipalib/output.py:170 +msgid "All commands should at least have a result" +msgstr "" + +#: ipalib/cli.py:630 #, python-format -msgid "Unknown option: %(option)s" +msgid "Enter %(label)s again to verify: " msgstr "" -#: ipalib/frontend.py:981 ipaserver/plugins/batch.py:83 -msgid "Client version. Used to determine if server will accept request." +#: ipalib/cli.py:639 +msgid "Passwords do not match!" +msgstr "" + +#: ipalib/cli.py:662 +msgid "No matching entries found" +msgstr "" + +#: ipalib/cli.py:737 +msgid "Topic or Command" +msgstr "" + +#: ipalib/cli.py:738 +msgid "The topic or command name." +msgstr "" + +#: ipalib/cli.py:910 +msgid "Topic commands:" +msgstr "" + +#: ipalib/cli.py:916 +msgid "To get command help, use:" +msgstr "" + +#: ipalib/cli.py:917 +msgid " ipa --help" +msgstr "" + +#: ipalib/cli.py:928 +msgid "Command name" +msgstr "" + +#: ipalib/cli.py:1151 +msgid "Positional arguments" +msgstr "" + +#: ipalib/cli.py:1297 +#, python-format +msgid "Same as --%s" +msgstr "" + +#: ipalib/cli.py:1300 +msgid "Deprecated options" +msgstr "" + +#: ipalib/cli.py:1429 +msgid "No file to read" msgstr "" #: ipalib/messages.py:84 @@ -13359,38 +13345,194 @@ msgid "" "system records manually to get list of missing records." msgstr "" -#: ipalib/messages.py:436 +#: ipalib/messages.py:436 +#, python-format +msgid "" +"Service %(service)s requires restart on IPA server %(server)s to apply " +"configuration changes." +msgstr "" + +#: ipalib/messages.py:448 +#, python-format +msgid "" +"No DNS servers in IPA location %(location)s. Without DNS servers location is " +"not working as expected." +msgstr "" + +#: ipalib/messages.py:475 +#, python-format +msgid "%(subject)s: Malformed certificate. %(reason)s" +msgstr "" + +#: ipalib/messages.py:486 +#, python-format +msgid "The host was added but the DNS update failed with: %(reason)s" +msgstr "" + +#: ipalib/messages.py:496 +#, python-format +msgid "The certificate for %(ca)s is not available on this server." +msgstr "" + +#: ipalib/messages.py:505 +#, python-format +msgid "The permission has %(right)s rights but no attributes are set." +msgstr "" + +#: ipalib/frontend.py:425 +msgid "Results are truncated, try a more specific search" +msgstr "" + +#: ipalib/frontend.py:584 ipatests/test_xmlrpc/test_ping_plugin.py:52 +#, python-format +msgid "Unknown option: %(option)s" +msgstr "" + +#: ipalib/frontend.py:981 ipaserver/plugins/batch.py:83 +msgid "Client version. Used to determine if server will accept request." +msgstr "" + +#: ipalib/plugable.py:534 +#, python-format +msgid "%(filename)s: file not found" +msgstr "" + +#: ipalib/plugable.py:607 +#, python-brace-format +msgid "Unable to parse option {item}" +msgstr "" + +#: ipalib/util.py:214 +msgid "Filename is empty" +msgstr "" + +#: ipalib/util.py:218 +#, python-format +msgid "Permission denied: %(file)s" +msgstr "" + +#: ipalib/util.py:413 ipalib/util.py:945 +msgid "empty DNS label" +msgstr "" + +#: ipalib/util.py:416 +msgid "DNS label cannot be longer that 63 characters" +msgstr "" + +#: ipalib/util.py:421 +#, python-format +msgid "" +"only letters, numbers, %(chars)s are allowed. DNS label may not start or end " +"with %(chars2)s" +msgstr "" + +#: ipalib/util.py:437 +msgid "single label {}s are not supported" +msgstr "" + +#: ipalib/util.py:447 +msgid "too many '@' characters" +msgstr "" + +#: ipalib/util.py:476 +msgid "cannot be longer that {} characters" +msgstr "" + +#: ipalib/util.py:483 +msgid "hostname contains empty label (consecutive dots)" +msgstr "" + +#: ipalib/util.py:487 +msgid "not fully qualified" +msgstr "" + +#: ipalib/util.py:500 ipalib/util.py:509 +msgid "invalid SSH public key" +msgstr "" + +#: ipalib/util.py:512 +msgid "options are not allowed" +msgstr "" + +#: ipalib/util.py:748 +msgid "invalid hostmask" +msgstr "" + +#: ipalib/util.py:762 +#, python-format +msgid "query '%(owner)s %(rtype)s': %(error)s" +msgstr "" + +#: ipalib/util.py:766 +#, python-format +msgid "query '%(owner)s %(rtype)s' with EDNS0: %(error)s" +msgstr "" + +#: ipalib/util.py:770 +#, python-format +msgid "" +"answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG " +"data)" +msgstr "" + +#: ipalib/util.py:775 +#, python-format +msgid "record '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)s" +msgstr "" + +#: ipalib/util.py:943 +msgid "invalid escape code in domain name" +msgstr "" + +#: ipalib/util.py:947 +msgid "domain name cannot be longer than 255 characters" +msgstr "" + +#: ipalib/util.py:949 +msgid "DNS label cannot be longer than 63 characters" +msgstr "" + +#: ipalib/util.py:951 +msgid "invalid domain name" +msgstr "" + +#: ipalib/util.py:964 +#, python-format +msgid "domain name '%(domain)s' should be normalized to: %(normalized)s" +msgstr "" + +#: ipalib/util.py:1113 +#, python-format +msgid "invalid domain-name: %s" +msgstr "" + +#: ipalib/util.py:1125 #, python-format -msgid "" -"Service %(service)s requires restart on IPA server %(server)s to apply " -"configuration changes." +msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!" msgstr "" -#: ipalib/messages.py:448 -#, python-format -msgid "" -"No DNS servers in IPA location %(location)s. Without DNS servers location is " -"not working as expected." +#: ipalib/util.py:1131 +msgid "invalid IP address format" msgstr "" -#: ipalib/messages.py:475 +#: ipalib/util.py:1149 #, python-format -msgid "%(subject)s: Malformed certificate. %(reason)s" +msgid "%(port)s is not a valid port" msgstr "" -#: ipalib/messages.py:486 -#, python-format -msgid "The host was added but the DNS update failed with: %(reason)s" +#: ipalib/util.py:1182 +msgid "" +"at least one value equal to the canonical principal name must be present" msgstr "" -#: ipalib/messages.py:496 -#, python-format -msgid "The certificate for %(ca)s is not available on this server." +#: ipalib/util.py:1290 +msgid "realm or UPN suffix overlaps with trusted domain namespace" msgstr "" -#: ipalib/messages.py:505 -#, python-format -msgid "The permission has %(right)s rights but no attributes are set." +#: ipalib/util.py:1320 +msgid "" +"realm or UPN suffix outside of supported realm domains or trusted domains " +"namespace" msgstr "" #: ipalib/parameters.py:415 @@ -13572,194 +13714,216 @@ msgstr "" msgid "invalid serial number 0" msgstr "" -#: ipalib/plugable.py:534 -#, python-format -msgid "%(filename)s: file not found" -msgstr "" - -#: ipalib/plugable.py:607 -#, python-brace-format -msgid "Unable to parse option {item}" -msgstr "" - -#: ipalib/rpc.py:1109 +#: ipalib/rpc.py:1110 msgid "any of the configured servers" msgstr "" -#: ipalib/rpc.py:1192 +#: ipalib/rpc.py:1193 msgid "Exceeded number of tries to forward a request." msgstr "" -#: ipalib/util.py:214 -msgid "Filename is empty" -msgstr "" - -#: ipalib/util.py:218 +#: ipapython/dogtag.py:113 #, python-format -msgid "Permission denied: %(file)s" -msgstr "" - -#: ipalib/util.py:413 ipalib/util.py:945 -msgid "empty DNS label" +msgid "Retrieving CA cert chain failed: %s" msgstr "" -#: ipalib/util.py:416 -msgid "DNS label cannot be longer that 63 characters" +#: ipapython/dogtag.py:119 +#, python-format +msgid "request failed with HTTP status %d" msgstr "" -#: ipalib/util.py:421 +#: ipapython/dogtag.py:136 #, python-format -msgid "" -"only letters, numbers, %(chars)s are allowed. DNS label may not start or end " -"with %(chars2)s" +msgid "Retrieving CA status failed: %s" msgstr "" -#: ipalib/util.py:437 -msgid "single label {}s are not supported" +#: ipapython/dogtag.py:158 +#, python-format +msgid "Retrieving CA status failed with status %d" msgstr "" -#: ipalib/util.py:447 -msgid "too many '@' characters" +#: ipapython/ipaldap.py:1198 +#, python-format +msgid "objectclass %s not found" msgstr "" -#: ipalib/util.py:476 -msgid "cannot be longer that {} characters" +#: ipaserver/dcerpc_common.py:20 +msgid "Trusting forest" msgstr "" -#: ipalib/util.py:483 -msgid "hostname contains empty label (consecutive dots)" +#: ipaserver/dcerpc_common.py:21 +msgid "Trusted forest" msgstr "" -#: ipalib/util.py:487 -msgid "not fully qualified" +#: ipaserver/dcerpc_common.py:26 +msgid "Established and verified" msgstr "" -#: ipalib/util.py:500 ipalib/util.py:509 -msgid "invalid SSH public key" +#: ipaserver/dcerpc_common.py:27 +msgid "Waiting for confirmation by remote side" msgstr "" -#: ipalib/util.py:512 -msgid "options are not allowed" +#: ipaserver/dcerpc_common.py:30 +msgid "Unknown" msgstr "" -#: ipalib/util.py:748 -msgid "invalid hostmask" +#: ipaserver/dcerpc_common.py:36 +msgid "Non-Active Directory domain" msgstr "" -#: ipalib/util.py:762 -#, python-format -msgid "query '%(owner)s %(rtype)s': %(error)s" +#: ipaserver/dcerpc_common.py:37 ipaserver/plugins/internal.py:1275 +msgid "Active Directory domain" msgstr "" -#: ipalib/util.py:766 -#, python-format -msgid "query '%(owner)s %(rtype)s' with EDNS0: %(error)s" +#: ipaserver/dcerpc_common.py:38 +msgid "RFC4120-compliant Kerberos realm" msgstr "" -#: ipalib/util.py:770 -#, python-format +#: ipaserver/dcerpc_common.py:39 msgid "" -"answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG " -"data)" -msgstr "" - -#: ipalib/util.py:775 -#, python-format -msgid "record '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)s" -msgstr "" - -#: ipalib/util.py:943 -msgid "invalid escape code in domain name" +"Non-transitive external trust to a domain in another Active Directory forest" msgstr "" -#: ipalib/util.py:947 -msgid "domain name cannot be longer than 255 characters" +#: ipaserver/dcerpc_common.py:41 +msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm" msgstr "" -#: ipalib/util.py:949 -msgid "DNS label cannot be longer than 63 characters" +#: ipaserver/install/replication.py:1787 ipaserver/install/replication.py:1806 +#, python-format +msgid "Replication agreement for %(hostname)s not found" msgstr "" -#: ipalib/util.py:951 -msgid "invalid domain name" +#: ipaserver/install/ipa_acme_manage.py:104 ipaserver/plugins/dogtag.py:610 +msgid "Failed to authenticate to CA REST API" msgstr "" -#: ipalib/util.py:964 +#: ipaserver/install/certs.py:494 #, python-format -msgid "domain name '%(domain)s' should be normalized to: %(normalized)s" +msgid "Unable to communicate with CMS (status %d)" msgstr "" -#: ipalib/util.py:1113 -#, python-format -msgid "invalid domain-name: %s" +#: ipaserver/plugins/certprofile.py:21 +msgid "" +"\n" +"Manage Certificate Profiles\n" +"\n" +"Certificate Profiles are used by Certificate Authority (CA) in the signing " +"of\n" +"certificates to determine if a Certificate Signing Request (CSR) is " +"acceptable,\n" +"and if so what features and extensions will be present on the certificate.\n" +"\n" +"The Certificate Profile format is the property-list format understood by " +"the\n" +"Dogtag or Red Hat Certificate System CA.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Import a profile that will not store issued certificates:\n" +" ipa certprofile-import ShortLivedUserCert \\\n" +" --file UserCert.profile --desc \"User Certificates\" \\\n" +" --store=false\n" +"\n" +" Delete a certificate profile:\n" +" ipa certprofile-del ShortLivedUserCert\n" +"\n" +" Show information about a profile:\n" +" ipa certprofile-show ShortLivedUserCert\n" +"\n" +" Save profile configuration to a file:\n" +" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" +"\n" +" Search for profiles that do not store certificates:\n" +" ipa certprofile-find --store=false\n" +"\n" +"PROFILE CONFIGURATION FORMAT:\n" +"\n" +"The profile configuration format is the raw property-list format\n" +"used by Dogtag Certificate System. The XML format is not supported.\n" +"\n" +"The following restrictions apply to profiles managed by IPA:\n" +"\n" +"- When importing a profile the \"profileId\" field, if present, must\n" +" match the ID given on the command line.\n" +"\n" +"- The \"classId\" field must be set to \"caEnrollImpl\"\n" +"\n" +"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" +"\n" +"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" +" class must be used.\n" +"\n" msgstr "" -#: ipalib/util.py:1125 -#, python-format -msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!" +#: ipaserver/plugins/certprofile.py:86 ipaserver/plugins/cert.py:283 +msgid "CA is not configured" msgstr "" -#: ipalib/util.py:1131 -msgid "invalid IP address format" +#: ipaserver/plugins/certprofile.py:95 +msgid "invalid Profile ID" msgstr "" -#: ipalib/util.py:1149 -#, python-format -msgid "%(port)s is not a valid port" +#: ipaserver/plugins/certprofile.py:106 ipaserver/plugins/certprofile.py:116 +msgid "Certificate Profile" msgstr "" -#: ipalib/util.py:1182 -msgid "" -"at least one value equal to the canonical principal name must be present" +#: ipaserver/plugins/certprofile.py:107 ipaserver/plugins/certprofile.py:115 +msgid "Certificate Profiles" msgstr "" -#: ipalib/util.py:1290 -msgid "realm or UPN suffix overlaps with trusted domain namespace" +#: ipaserver/plugins/certprofile.py:126 +msgid "Profile configuration" msgstr "" -#: ipalib/util.py:1320 -msgid "" -"realm or UPN suffix outside of supported realm domains or trusted domains " -"namespace" -msgstr "" +#: ipaserver/plugins/certprofile.py:190 +#, python-format +msgid "%(count)d profile matched" +msgid_plural "%(count)d profiles matched" +msgstr[0] "" +msgstr[1] "" -#: ipapython/dogtag.py:113 +#: ipaserver/plugins/certprofile.py:222 #, python-format -msgid "Retrieving CA cert chain failed: %s" +msgid "Imported profile \"%(value)s\"" msgstr "" -#: ipapython/dogtag.py:119 +#: ipaserver/plugins/certprofile.py:247 #, python-format -msgid "request failed with HTTP status %d" +msgid "Profile data specifies profileId multiple times: %(values)s" msgstr "" -#: ipapython/dogtag.py:136 +#: ipaserver/plugins/certprofile.py:255 #, python-format -msgid "Retrieving CA status failed: %s" +msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'" msgstr "" -#: ipapython/dogtag.py:158 +#: ipaserver/plugins/certprofile.py:282 #, python-format -msgid "Retrieving CA status failed with status %d" +msgid "Deleted profile \"%(value)s\"" msgstr "" -#: ipapython/ipaldap.py:1190 +#: ipaserver/plugins/certprofile.py:289 #, python-format -msgid "objectclass %s not found" +msgid "Predefined profile '%(profile_id)s' cannot be deleted" msgstr "" -#: ipaserver/install/certs.py:494 +#: ipaserver/plugins/certprofile.py:305 #, python-format -msgid "Unable to communicate with CMS (status %d)" +msgid "Modified Certificate Profile \"%(value)s\"" msgstr "" -#: ipaserver/install/ipa_acme_manage.py:104 ipaserver/plugins/dogtag.py:1211 -msgid "Failed to authenticate to CA REST API" +#: ipaserver/plugins/certprofile.py:322 +msgid "Certificate profiles cannot be renamed" msgstr "" -#: ipaserver/install/replication.py:1787 ipaserver/install/replication.py:1806 -#, python-format -msgid "Replication agreement for %(hostname)s not found" +#: ipaserver/plugins/certprofile.py:327 +msgid "Insufficient privilege to modify a certificate profile." msgstr "" #: ipaserver/plugins/delegation.py:67 @@ -13928,6 +14092,26 @@ msgstr "" msgid "Deleted DNS server \"%(value)s\"" msgstr "" +#: ipaserver/plugins/domainlevel.py:69 +#, python-brace-format +msgid "" +"Domain Level cannot be raised to {0}, existing replication conflicts have to " +"be resolved." +msgstr "" + +#: ipaserver/plugins/domainlevel.py:112 +msgid "Server does not support domain level functionality" +msgstr "" + +#: ipaserver/plugins/domainlevel.py:147 +msgid "Domain Level cannot be lowered." +msgstr "" + +#: ipaserver/plugins/domainlevel.py:155 +#, python-brace-format +msgid "Domain Level cannot be raised to {0}, server {1} does not support it." +msgstr "" + #: ipaserver/plugins/hbac.py:7 msgid "Host-based access control commands" msgstr "" @@ -13995,40 +14179,274 @@ msgstr[1] "" msgid "HBAC service group" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:65 -msgid "HBAC service groups" +#: ipaserver/plugins/hbacsvcgroup.py:65 +msgid "HBAC service groups" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:108 ipaserver/plugins/hbacrule.py:290 +msgid "HBAC Service Groups" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:109 +msgid "HBAC Service Group" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:131 +#, python-format +msgid "Added HBAC service group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:139 +#, python-format +msgid "Deleted HBAC service group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:147 +#, python-format +msgid "Modified HBAC service group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:156 +#, python-format +msgid "%(count)d HBAC service group matched" +msgid_plural "%(count)d HBAC service groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hostgroup.py:35 +msgid "" +"\n" +"Groups of hosts.\n" +"\n" +"Manage groups of hosts. This is useful for applying access control to a\n" +"number of hosts by using Host-based Access Control.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host group:\n" +" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" +"\n" +" Add another new host group:\n" +" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" +"\n" +" Add members to the hostgroup (using Bash brace expansion):\n" +" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" +"\n" +" Add a hostgroup as a member of another hostgroup:\n" +" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" +"\n" +" Remove a host from the hostgroup:\n" +" ipa hostgroup-remove-member --hosts=box2 baltimore\n" +"\n" +" Display a host group:\n" +" ipa hostgroup-show baltimore\n" +"\n" +" Add a member manager:\n" +" ipa hostgroup-add-member-manager --users=user1 baltimore\n" +"\n" +" Remove a member manager\n" +" ipa hostgroup-remove-member-manager --users=user1 baltimore\n" +"\n" +" Delete a hostgroup:\n" +" ipa hostgroup-del baltimore\n" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:107 +msgid "host groups" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:179 +msgid "Host Group" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:223 +#, python-format +msgid "Added hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:239 +#, python-format +msgid "" +"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a " +"common namespace" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:262 +#, python-format +msgid "Deleted hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:266 ipaserver/plugins/hostgroup.py:284 +#: ipaserver/plugins/hostgroup.py:349 +msgid "hostgroup" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:268 ipaserver/plugins/hostgroup.py:286 +msgid "privileged hostgroup" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:278 +#, python-format +msgid "Modified hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:303 +#, python-format +msgid "%(count)d hostgroup matched" +msgid_plural "%(count)d hostgroups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hostgroup.py:362 +msgid "Add users that can manage members of this hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:372 +msgid "Remove users that can manage members of this hostgroup." +msgstr "" + +#: ipaserver/plugins/join.py:125 +#, python-format +msgid "" +"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry " +"'%s'." +msgstr "" + +#: ipaserver/plugins/location.py:33 +msgid "" +"\n" +"IPA locations\n" +msgstr "" + +#: ipaserver/plugins/location.py:35 +msgid "" +"\n" +"Manipulate DNS locations\n" +msgstr "" + +#: ipaserver/plugins/location.py:39 +msgid "" +"\n" +" Find all locations:\n" +" ipa location-find\n" +msgstr "" + +#: ipaserver/plugins/location.py:42 +msgid "" +"\n" +" Show specific location:\n" +" ipa location-show location\n" +msgstr "" + +#: ipaserver/plugins/location.py:45 +msgid "" +"\n" +" Add location:\n" +" ipa location-add location --description 'My location'\n" +msgstr "" + +#: ipaserver/plugins/location.py:48 +msgid "" +"\n" +" Delete location:\n" +" ipa location-del location\n" +msgstr "" + +#: ipaserver/plugins/location.py:62 +msgid "location" +msgstr "" + +#: ipaserver/plugins/location.py:63 +msgid "locations" +msgstr "" + +#: ipaserver/plugins/location.py:69 +msgid "IPA Locations" +msgstr "" + +#: ipaserver/plugins/location.py:70 +msgid "IPA Location" +msgstr "" + +#: ipaserver/plugins/location.py:103 +msgid "Location name" +msgstr "" + +#: ipaserver/plugins/location.py:104 +msgid "IPA location name" +msgstr "" + +#: ipaserver/plugins/location.py:112 +msgid "IPA Location description" +msgstr "" + +#: ipaserver/plugins/location.py:116 +msgid "Servers" +msgstr "" + +#: ipaserver/plugins/location.py:117 +msgid "Servers that belongs to the IPA location" +msgstr "" + +#: ipaserver/plugins/location.py:122 +msgid "Advertised by servers" +msgstr "" + +#: ipaserver/plugins/location.py:123 +msgid "List of servers which advertise the given location" +msgstr "" + +#: ipaserver/plugins/location.py:138 +msgid "Add a new IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:140 +#, python-format +msgid "Added IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:145 +msgid "Delete an IPA location." msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:108 ipaserver/plugins/hbacrule.py:290 -msgid "HBAC Service Groups" +#: ipaserver/plugins/location.py:147 +#, python-format +msgid "Deleted IPA location \"%(value)s\"" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:109 -msgid "HBAC Service Group" +#: ipaserver/plugins/location.py:157 ipaserver/plugins/server.py:71 +#: ipaserver/plugins/internal.py:1976 +msgid "IPA Server" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:131 -#, python-format -msgid "Added HBAC service group \"%(value)s\"" +#: ipaserver/plugins/location.py:170 +msgid "Modify information about an IPA location." msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:139 +#: ipaserver/plugins/location.py:172 #, python-format -msgid "Deleted HBAC service group \"%(value)s\"" +msgid "Modified IPA location \"%(value)s\"" msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:147 -#, python-format -msgid "Modified HBAC service group \"%(value)s\"" +#: ipaserver/plugins/location.py:177 +msgid "Search for IPA locations." msgstr "" -#: ipaserver/plugins/hbacsvcgroup.py:156 +#: ipaserver/plugins/location.py:180 #, python-format -msgid "%(count)d HBAC service group matched" -msgid_plural "%(count)d HBAC service groups matched" +msgid "%(count)d IPA location matched" +msgid_plural "%(count)d IPA locations matched" msgstr[0] "" msgstr[1] "" +#: ipaserver/plugins/location.py:187 +msgid "Display information about an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:193 +msgid "Servers in location" +msgstr "" + #: ipaserver/plugins/netgroup.py:103 msgid "netgroups" msgstr "" @@ -14092,6 +14510,43 @@ msgstr "" msgid "OTP Configuration" msgstr "" +#: ipaserver/plugins/passwd.py:40 +msgid "" +"\n" +"Set a user's password\n" +"\n" +"If someone other than a user changes that user's password (e.g., Helpdesk\n" +"resets it) then the password will need to be changed the first time it\n" +"is used. This is so the end-user is the only one who knows the password.\n" +"\n" +"The IPA password policy controls how often a password may be changed,\n" +"what strength requirements exist, and the length of the password history.\n" +"\n" +"If the user authentication method is set to password+OTP, the user should\n" +"pass the --otp option when resetting the password.\n" +"\n" +"EXAMPLES:\n" +"\n" +" To reset your own password:\n" +" ipa passwd\n" +"\n" +" To reset your own password when password+OTP is set as authentication " +"method:\n" +" ipa passwd --otp\n" +"\n" +" To change another user's password:\n" +" ipa passwd tuser1\n" +msgstr "" + +#: ipaserver/plugins/passwd.py:114 +msgid "The OTP if the user has a token configured" +msgstr "" + +#: ipaserver/plugins/passwd.py:120 +#, python-format +msgid "Changed password for \"%(value)s\"" +msgstr "" + #: ipaserver/plugins/pkinit.py:13 msgid "" "\n" @@ -14208,1835 +14663,1652 @@ msgstr "" msgid "RADIUS proxy server" msgstr "" -#: ipaserver/plugins/radiusproxy.py:99 -msgid "RADIUS proxy servers" -msgstr "" - -#: ipaserver/plugins/radiusproxy.py:106 -msgid "RADIUS Servers" -msgstr "" - -#: ipaserver/plugins/radiusproxy.py:107 -msgid "RADIUS Server" -msgstr "" - -#: ipaserver/plugins/radiusproxy.py:172 -#, python-format -msgid "Added RADIUS proxy server \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/radiusproxy.py:177 -#, python-format -msgid "Deleted RADIUS proxy server \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/radiusproxy.py:182 -#, python-format -msgid "Modified RADIUS proxy server \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/radiusproxy.py:188 -#, python-format -msgid "%(count)d RADIUS proxy server matched" -msgid_plural "%(count)d RADIUS proxy servers matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/selfservice.py:68 -msgid "self service permission" -msgstr "" - -#: ipaserver/plugins/selfservice.py:69 -msgid "self service permissions" -msgstr "" - -#: ipaserver/plugins/selfservice.py:70 -msgid "Self Service Permissions" -msgstr "" - -#: ipaserver/plugins/selfservice.py:71 -msgid "Self Service Permission" -msgstr "" - -#: ipaserver/plugins/selfservice.py:124 -#, python-format -msgid "Added selfservice \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selfservice.py:146 -#, python-format -msgid "Deleted selfservice \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selfservice.py:163 -#, python-format -msgid "Modified selfservice \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/selfservice.py:185 -#, python-format -msgid "%(count)d selfservice matched" -msgid_plural "%(count)d selfservices matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/serverrole.py:13 -msgid "" -"\n" -"IPA server roles\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:15 -msgid "" -"\n" -"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:17 -msgid "" -"\n" -"The status of a role is either enabled, configured, or absent.\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:21 -msgid "" -"\n" -" Show status of 'DNS server' role on a server:\n" -" ipa server-role-show ipa.example.com \"DNS server\"\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:24 -msgid "" -"\n" -" Show status of all roles containing 'AD' on a server:\n" -" ipa server-role-find --server ipa.example.com --role=\"AD trust " -"controller\"\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:27 -msgid "" -"\n" -" Show status of all configured roles on a server:\n" -" ipa server-role-find ipa.example.com\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:30 -msgid "" -"\n" -" Show implicit IPA master role:\n" -" ipa server-role-find --include-master\n" -msgstr "" - -#: ipaserver/plugins/serverrole.py:46 -msgid "server role" -msgstr "" - -#: ipaserver/plugins/serverrole.py:47 -msgid "server roles" -msgstr "" - -#: ipaserver/plugins/serverrole.py:51 -msgid "IPA Server Roles" -msgstr "" - -#: ipaserver/plugins/serverrole.py:52 -msgid "IPA Server Role" -msgstr "" - -#: ipaserver/plugins/serverrole.py:65 -msgid "IPA server role name" -msgstr "" - -#: ipaserver/plugins/serverrole.py:71 -msgid "Role status" -msgstr "" - -#: ipaserver/plugins/serverrole.py:72 -msgid "Status of the role" -msgstr "" - -#: ipaserver/plugins/serverrole.py:89 -msgid "Show role status on a server" -msgstr "" - -#: ipaserver/plugins/serverrole.py:113 -msgid "Find a server role on a server(s)" -msgstr "" - -#: ipaserver/plugins/serverrole.py:118 -#, python-format -msgid "%(count)s server role matched" -msgid_plural "%(count)s server roles matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/serverrole.py:139 -msgid "Include IPA master entries" -msgstr "" - -#: ipaserver/plugins/serverrole.py:186 ipaserver/plugins/role.py:82 -msgid "roles" -msgstr "" - -#: ipaserver/plugins/serverrole.py:192 -msgid "IPA role name" -msgstr "" - -#: ipaserver/plugins/sudo.py:7 -msgid "commands for controlling sudo configuration" -msgstr "" - -#: ipaserver/plugins/sudocmdgroup.py:34 -msgid "" -"\n" -"Groups of Sudo Commands\n" -"\n" -"Manage groups of Sudo Commands.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new Sudo Command Group:\n" -" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" -"\n" -" Remove a Sudo Command Group:\n" -" ipa sudocmdgroup-del admincmds\n" -"\n" -" Manage Sudo Command Group membership, commands:\n" -" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" -"vim admincmds\n" -"\n" -" Manage Sudo Command Group membership, commands:\n" -" ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n" -"\n" -" Show a Sudo Command Group:\n" -" ipa sudocmdgroup-show admincmds\n" +#: ipaserver/plugins/radiusproxy.py:99 +msgid "RADIUS proxy servers" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:67 -msgid "sudo command group" +#: ipaserver/plugins/radiusproxy.py:106 +msgid "RADIUS Servers" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:68 -msgid "sudo command groups" +#: ipaserver/plugins/radiusproxy.py:107 +msgid "RADIUS Server" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:149 +#: ipaserver/plugins/radiusproxy.py:172 #, python-format -msgid "Added Sudo Command Group \"%(value)s\"" +msgid "Added RADIUS proxy server \"%(value)s\"" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:157 +#: ipaserver/plugins/radiusproxy.py:177 #, python-format -msgid "Deleted Sudo Command Group \"%(value)s\"" +msgid "Deleted RADIUS proxy server \"%(value)s\"" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:165 +#: ipaserver/plugins/radiusproxy.py:182 #, python-format -msgid "Modified Sudo Command Group \"%(value)s\"" +msgid "Modified RADIUS proxy server \"%(value)s\"" msgstr "" -#: ipaserver/plugins/sudocmdgroup.py:174 +#: ipaserver/plugins/radiusproxy.py:188 #, python-format -msgid "%(count)d Sudo Command Group matched" -msgid_plural "%(count)d Sudo Command Groups matched" +msgid "%(count)d RADIUS proxy server matched" +msgid_plural "%(count)d RADIUS proxy servers matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/whoami.py:15 +#: ipaserver/plugins/realmdomains.py:34 msgid "" "\n" -"Return information about currently authenticated identity\n" +"Realm domains\n" "\n" -"Who am I command returns information on how to get\n" -"more details about the identity authenticated for this\n" -"request. The information includes:\n" +"Manage the list of domains associated with IPA realm.\n" "\n" -" * type of object\n" -" * command to retrieve details of the object\n" -" * arguments and options to pass to the command\n" +"This list is useful for Domain Controllers from other realms which have\n" +"established trust with this IPA realm. They need the information to know\n" +"which request should be forwarded to KDC of this IPA realm.\n" "\n" -"The information is returned as a dictionary. Examples below use\n" -"'key: value' output for illustrative purposes.\n" +"Automatic management: a domain is automatically added to the realm domains\n" +"list when a new DNS Zone managed by IPA is created. Same applies for " +"deletion.\n" +"\n" +"Externally managed DNS: domains which are not managed in IPA server DNS\n" +"need to be manually added to the list using ipa realmdomains-mod command.\n" "\n" "EXAMPLES:\n" "\n" -" Look up as IPA user:\n" -" kinit admin\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: user\n" -" command: user_show/1\n" -" arguments: admin\n" -" ------------------------------------------\n" +" Display the current list of realm domains:\n" +" ipa realmdomains-show\n" "\n" -" Look up as a user from a trusted domain:\n" -" kinit user@AD.DOMAIN\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: idoverrideuser\n" -" command: idoverrideuser_show/1\n" -" arguments: ('default trust view', 'user@ad.domain')\n" -" ------------------------------------------\n" +" Replace the list of realm domains:\n" +" ipa realmdomains-mod --domain=example.com\n" +" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" "\n" -" Look up as a host:\n" -" kinit -k\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: host\n" -" command: host_show/1\n" -" arguments: ipa.example.com\n" -" ------------------------------------------\n" +" Add a domain to the list of realm domains:\n" +" ipa realmdomains-mod --add-domain=newdomain.com\n" "\n" -" Look up as a Kerberos service:\n" -" kinit -k -t /path/to/keytab HTTP/ipa.example.com\n" -" ipa console\n" -" >> api.Command.whoami()\n" -" ------------------------------------------\n" -" object: service\n" -" command: service_show/1\n" -" arguments: HTTP/ipa.example.com\n" -" ------------------------------------------\n" -msgstr "" - -#: ipaserver/plugins/whoami.py:77 -msgid "Describe currently authenticated identity." +" Delete a domain from the list of realm domains:\n" +" ipa realmdomains-mod --del-domain=olddomain.com\n" msgstr "" -#: ipaserver/plugins/whoami.py:82 ipaserver/plugins/whoami.py:88 -msgid "Object class name" +#: ipaserver/plugins/realmdomains.py:85 +msgid "Realm domains" msgstr "" -#: ipaserver/plugins/whoami.py:83 ipaserver/plugins/whoami.py:89 -msgid "Function to get details" +#: ipaserver/plugins/realmdomains.py:107 ipaserver/plugins/realmdomains.py:108 +#: ipaserver/plugins/internal.py:1288 +msgid "Realm Domains" msgstr "" -#: ipaserver/plugins/whoami.py:84 ipaserver/plugins/whoami.py:91 -msgid "Arguments to details function" +#: ipaserver/plugins/realmdomains.py:134 +msgid "" +"\n" +" Modify realm domains\n" +"\n" +" DNS check: When manually adding a domain to the list, a DNS check is\n" +" performed by default. It ensures that the domain is associated with\n" +" the IPA realm, by checking whether the domain has a _kerberos TXT " +"record\n" +" containing the IPA realm name. This check can be skipped by specifying\n" +" --force option.\n" +"\n" +" Removal: when a realm domain which has a matching DNS zone managed by\n" +" IPA is being removed, a corresponding _kerberos TXT record in the zone " +"is\n" +" removed automatically as well. Other records in the zone or the zone\n" +" itself are not affected.\n" +" " msgstr "" -#: ipaserver/plugins/whoami.py:111 -msgid "Cannot query Directory Manager with API" +#: ipaserver/plugins/realmdomains.py:177 +#, python-format +msgid "" +"DNS zone for each realmdomain must contain SOA or NS records. No records " +"found for: %s" msgstr "" -#: ipaserver/plugins/aci.py:165 -msgid "A list of ACI values" +#: ipaserver/plugins/realmdomains.py:203 +#, python-format +msgid "The following domains do not belong to this realm: %(domains)s" msgstr "" -#: ipaserver/plugins/aci.py:229 -msgid "type, filter, subtree and targetgroup are mutually exclusive" +#: ipaserver/plugins/realmdomains.py:218 +#, python-format +msgid "" +"The realm of the following domains could not be detected: %(domains)s. If " +"these are domains that belong to the this realm, please create a _kerberos " +"TXT record containing \"%(realm)s\" in each of them." msgstr "" -#: ipaserver/plugins/aci.py:232 -msgid "ACI prefix is required" +#: ipaserver/plugins/realmdomains.py:241 +msgid "" +"The --domain option cannot be used together with --add-domain or --del-" +"domain. Use --domain to specify the whole realm domain list explicitly, to " +"add/remove individual domains, use --add-domain/del-domain." msgstr "" -#: ipaserver/plugins/aci.py:235 -msgid "" -"at least one of: type, filter, subtree, targetgroup, attrs or memberof are " -"required" +#: ipaserver/plugins/realmdomains.py:252 +msgid "IPA server domain cannot be omitted" msgstr "" -#: ipaserver/plugins/aci.py:238 -msgid "filter and memberof are mutually exclusive" +#: ipaserver/plugins/realmdomains.py:274 +msgid "IPA server domain cannot be deleted" msgstr "" -#: ipaserver/plugins/aci.py:244 -msgid "group, permission and self are mutually exclusive" +#: ipaserver/plugins/role.py:82 ipaserver/plugins/serverrole.py:186 +msgid "roles" msgstr "" -#: ipaserver/plugins/aci.py:246 -msgid "One of group, permission or self is required" +#: ipaserver/plugins/role.py:143 +msgid "Role" msgstr "" -#: ipaserver/plugins/aci.py:269 +#: ipaserver/plugins/role.py:164 #, python-format -msgid "Group '%s' does not exist" +msgid "Added role \"%(value)s\"" msgstr "" -#: ipaserver/plugins/aci.py:295 -msgid "empty filter" +#: ipaserver/plugins/role.py:172 +#, python-format +msgid "Deleted role \"%(value)s\"" msgstr "" -#: ipaserver/plugins/aci.py:316 +#: ipaserver/plugins/role.py:180 #, python-format -msgid "Syntax Error: %(error)s" +msgid "Modified role \"%(value)s\"" msgstr "" -#: ipaserver/plugins/aci.py:361 +#: ipaserver/plugins/role.py:189 #, python-format -msgid "invalid DN (%s)" +msgid "%(count)d role matched" +msgid_plural "%(count)d roles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/selfservice.py:68 +msgid "self service permission" msgstr "" -#: ipaserver/plugins/aci.py:408 -#, python-format -msgid "ACI with name \"%s\" not found" +#: ipaserver/plugins/selfservice.py:69 +msgid "self service permissions" msgstr "" -#: ipaserver/plugins/aci.py:437 -msgid "ACI object." +#: ipaserver/plugins/selfservice.py:70 +msgid "Self Service Permissions" msgstr "" -#: ipaserver/plugins/aci.py:440 -msgid "ACIs" +#: ipaserver/plugins/selfservice.py:71 +msgid "Self Service Permission" msgstr "" -#: ipaserver/plugins/aci.py:524 +#: ipaserver/plugins/selfservice.py:124 #, python-format -msgid "Created ACI \"%(value)s\"" +msgid "Added selfservice \"%(value)s\"" msgstr "" -#: ipaserver/plugins/aci.py:577 +#: ipaserver/plugins/selfservice.py:146 #, python-format -msgid "Deleted ACI \"%(value)s\"" +msgid "Deleted selfservice \"%(value)s\"" msgstr "" -#: ipaserver/plugins/aci.py:620 +#: ipaserver/plugins/selfservice.py:163 #, python-format -msgid "Modified ACI \"%(value)s\"" +msgid "Modified selfservice \"%(value)s\"" msgstr "" -#: ipaserver/plugins/aci.py:694 +#: ipaserver/plugins/selfservice.py:185 #, python-format -msgid "%(count)d ACI matched" -msgid_plural "%(count)d ACIs matched" +msgid "%(count)d selfservice matched" +msgid_plural "%(count)d selfservices matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/aci.py:929 -#, python-format -msgid "Renamed ACI to \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/automember.py:43 +#: ipaserver/plugins/serverrole.py:13 msgid "" "\n" -"Auto Membership Rule.\n" +"IPA server roles\n" msgstr "" -#: ipaserver/plugins/automember.py:45 +#: ipaserver/plugins/serverrole.py:15 msgid "" "\n" -"Bring clarity to the membership of hosts and users by configuring inclusive\n" -"or exclusive regex patterns, you can automatically assign a new entries " -"into\n" -"a group or hostgroup based upon attribute information.\n" +"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n" msgstr "" -#: ipaserver/plugins/automember.py:49 +#: ipaserver/plugins/serverrole.py:17 msgid "" "\n" -"A rule is directly associated with a group by name, so you cannot create\n" -"a rule without an accompanying group or hostgroup.\n" +"The status of a role is either enabled, configured, or absent.\n" msgstr "" -#: ipaserver/plugins/automember.py:52 +#: ipaserver/plugins/serverrole.py:21 msgid "" "\n" -"A condition is a regular expression used by 389-ds to match a new incoming\n" -"entry with an automember rule. If it matches an inclusive rule then the\n" -"entry is added to the appropriate group or hostgroup.\n" +" Show status of 'DNS server' role on a server:\n" +" ipa server-role-show ipa.example.com \"DNS server\"\n" msgstr "" -#: ipaserver/plugins/automember.py:56 +#: ipaserver/plugins/serverrole.py:24 msgid "" "\n" -"A default group or hostgroup could be specified for entries that do not\n" -"match any rule. In case of user entries this group will be a fallback group\n" -"because all users are by default members of group specified in IPA config.\n" +" Show status of all roles containing 'AD' on a server:\n" +" ipa server-role-find --server ipa.example.com --role=\"AD trust " +"controller\"\n" msgstr "" -#: ipaserver/plugins/automember.py:60 +#: ipaserver/plugins/serverrole.py:27 msgid "" "\n" -"The automember-rebuild command can be used to retroactively run automember " -"rules\n" -"against existing entries, thus rebuilding their membership.\n" +" Show status of all configured roles on a server:\n" +" ipa server-role-find ipa.example.com\n" msgstr "" -#: ipaserver/plugins/automember.py:65 +#: ipaserver/plugins/serverrole.py:30 msgid "" "\n" -" Add the initial group or hostgroup:\n" -" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" -" ipa group-add --desc=\"Developers\" devel\n" +" Show implicit IPA master role:\n" +" ipa server-role-find --include-master\n" msgstr "" -#: ipaserver/plugins/automember.py:69 -msgid "" -"\n" -" Add the initial rule:\n" -" ipa automember-add --type=hostgroup webservers\n" -" ipa automember-add --type=group devel\n" +#: ipaserver/plugins/serverrole.py:46 +msgid "server role" msgstr "" -#: ipaserver/plugins/automember.py:73 -msgid "" -"\n" -" Add a condition to the rule:\n" -" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" -"regex=^web[1-9]+\\.example\\.com webservers\n" -" ipa automember-add-condition --key=manager --type=group --inclusive-" -"regex=^uid=mscott devel\n" +#: ipaserver/plugins/serverrole.py:47 +msgid "server roles" msgstr "" -#: ipaserver/plugins/automember.py:77 -msgid "" -"\n" -" Add an exclusive condition to the rule to prevent auto assignment:\n" -" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" -"regex=^web5\\.example\\.com webservers\n" +#: ipaserver/plugins/serverrole.py:51 +msgid "IPA Server Roles" msgstr "" -#: ipaserver/plugins/automember.py:80 -msgid "" -"\n" -" Add a host:\n" -" ipa host-add web1.example.com\n" +#: ipaserver/plugins/serverrole.py:52 +msgid "IPA Server Role" msgstr "" -#: ipaserver/plugins/automember.py:83 -msgid "" -"\n" -" Add a user:\n" -" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" +#: ipaserver/plugins/serverrole.py:65 +msgid "IPA server role name" msgstr "" -#: ipaserver/plugins/automember.py:86 -msgid "" -"\n" -" Verify automembership:\n" -" ipa hostgroup-show webservers\n" -" Host-group: webservers\n" -" Description: Web Servers\n" -" Member hosts: web1.example.com\n" -"\n" -" ipa group-show devel\n" -" Group name: devel\n" -" Description: Developers\n" -" GID: 1004200000\n" -" Member users: tuser\n" +#: ipaserver/plugins/serverrole.py:71 +msgid "Role status" msgstr "" -#: ipaserver/plugins/automember.py:98 -msgid "" -"\n" -" Remove a condition from the rule:\n" -" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" -"regex=^web[1-9]+\\.example\\.com webservers\n" +#: ipaserver/plugins/serverrole.py:72 +msgid "Status of the role" msgstr "" -#: ipaserver/plugins/automember.py:101 -msgid "" -"\n" -" Modify the automember rule:\n" -" ipa automember-mod\n" +#: ipaserver/plugins/serverrole.py:89 +msgid "Show role status on a server" msgstr "" -#: ipaserver/plugins/automember.py:104 -msgid "" -"\n" -" Set the default (fallback) target group:\n" -" ipa automember-default-group-set --default-group=webservers --" -"type=hostgroup\n" -" ipa automember-default-group-set --default-group=ipausers --type=group\n" +#: ipaserver/plugins/serverrole.py:113 +msgid "Find a server role on a server(s)" msgstr "" -#: ipaserver/plugins/automember.py:108 -msgid "" -"\n" -" Remove the default (fallback) target group:\n" -" ipa automember-default-group-remove --type=hostgroup\n" -" ipa automember-default-group-remove --type=group\n" +#: ipaserver/plugins/serverrole.py:118 +#, python-format +msgid "%(count)s server role matched" +msgid_plural "%(count)s server roles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/serverrole.py:139 +msgid "Include IPA master entries" msgstr "" -#: ipaserver/plugins/automember.py:112 -msgid "" -"\n" -" Show the default (fallback) target group:\n" -" ipa automember-default-group-show --type=hostgroup\n" -" ipa automember-default-group-show --type=group\n" +#: ipaserver/plugins/serverrole.py:192 +msgid "IPA role name" msgstr "" -#: ipaserver/plugins/automember.py:116 +#: ipaserver/plugins/servicedelegation.py:26 msgid "" "\n" -" Find all of the automember rules:\n" -" ipa automember-find\n" +"Service Constrained Delegation\n" +"\n" +"Manage rules to allow constrained delegation of credentials so\n" +"that a service can impersonate a user when communicating with another\n" +"service without requiring the user to actually forward their TGT.\n" +"This makes for a much better method of delegating credentials as it\n" +"prevents exposure of the short term secret of the user.\n" +"\n" +"The naming convention is to append the word \"target\" or \"targets\" to\n" +"a matching rule name. This is not mandatory but helps conceptually\n" +"to associate rules and targets.\n" +"\n" +"A rule consists of two things:\n" +" - A list of targets the rule applies to\n" +" - A list of memberPrincipals that are allowed to delegate for\n" +" those targets\n" +"\n" +"A target consists of a list of principals that can be delegated.\n" +"\n" +"In English, a rule says that this principal can delegate as this\n" +"list of principals, as defined by these targets.\n" +"\n" +"In both a rule and a target Kerberos principals may be specified\n" +"by their name or an alias and the realm can be omitted. Additionally,\n" +"hosts can be specified by their names. If Kerberos principal specified\n" +"has a single component and does not end with '$' sign, it will be treated\n" +"as a host name. Kerberos principal names ending with '$' are typically\n" +"used as aliases for Active Directory-related services.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new constrained delegation rule:\n" +" ipa servicedelegationrule-add ftp-delegation\n" +"\n" +" Add a new constrained delegation target:\n" +" ipa servicedelegationtarget-add ftp-delegation-target\n" +"\n" +" Add a principal to the rule:\n" +" ipa servicedelegationrule-add-member --principals=ftp/ipa.example." +"com ftp-delegation\n" +"\n" +" Add a host principal of the host 'ipa.example.com' to the rule:\n" +" ipa servicedelegationrule-add-member --principals=ipa.example.com " +"ftp-delegation\n" +"\n" +" Add our target to the rule:\n" +" ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-" +"delegation-target ftp-delegation\n" +"\n" +" Add a principal to the target:\n" +" ipa servicedelegationtarget-add-member --principals=ldap/ipa.example." +"com ftp-delegation-target\n" +"\n" +" Display information about a named delegation rule and target:\n" +" ipa servicedelegationrule_show ftp-delegation\n" +" ipa servicedelegationtarget_show ftp-delegation-target\n" +"\n" +" Remove a constrained delegation:\n" +" ipa servicedelegationrule-del ftp-delegation-target\n" +" ipa servicedelegationtarget-del ftp-delegation\n" +"\n" +"In this example the ftp service can get a TGT for the ldap service on\n" +"the bound user's behalf.\n" +"\n" +"It is strongly discouraged to modify the delegations that ship with\n" +"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n" +"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n" +"to delegate, causing the framework to stop functioning.\n" msgstr "" -#: ipaserver/plugins/automember.py:119 -msgid "" -"\n" -" Find all of the orphan automember rules:\n" -" ipa automember-find-orphans --type=hostgroup\n" -" Find all of the orphan automember rules and remove them:\n" -" ipa automember-find-orphans --type=hostgroup --remove\n" +#: ipaserver/plugins/servicedelegation.py:172 +msgid "Allowed to Impersonate" msgstr "" -#: ipaserver/plugins/automember.py:124 -msgid "" -"\n" -" Display a automember rule:\n" -" ipa automember-show --type=hostgroup webservers\n" -" ipa automember-show --type=group devel\n" +#: ipaserver/plugins/servicedelegation.py:177 +msgid "Member principals" msgstr "" -#: ipaserver/plugins/automember.py:128 -msgid "" -"\n" -" Delete an automember rule:\n" -" ipa automember-del --type=hostgroup webservers\n" -" ipa automember-del --type=group devel\n" +#: ipaserver/plugins/servicedelegation.py:189 +#, python-format +msgid "Malformed principal: %(error)s" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:199 +msgid "Add target to a named service delegation." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:213 +#: ipaserver/plugins/servicedelegation.py:303 +#: ipaserver/plugins/baseldap.py:1720 +#, python-format +msgid "member %s" msgstr "" -#: ipaserver/plugins/automember.py:132 -msgid "" -"\n" -" Rebuild membership for all users:\n" -" ipa automember-rebuild --type=group\n" +#: ipaserver/plugins/servicedelegation.py:287 +msgid "Remove member from a named service delegation." msgstr "" -#: ipaserver/plugins/automember.py:135 -msgid "" -"\n" -" Rebuild membership for all hosts:\n" -" ipa automember-rebuild --type=hostgroup\n" +#: ipaserver/plugins/servicedelegation.py:378 +#: ipaserver/plugins/servicedelegation.py:411 +msgid "service delegation rule" msgstr "" -#: ipaserver/plugins/automember.py:138 -msgid "" -"\n" -" Rebuild membership for specified users:\n" -" ipa automember-rebuild --users=tuser1 --users=tuser2\n" +#: ipaserver/plugins/servicedelegation.py:379 +msgid "service delegation rules" msgstr "" -#: ipaserver/plugins/automember.py:141 -msgid "" -"\n" -" Rebuild membership for specified hosts:\n" -" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." -"com\n" +#: ipaserver/plugins/servicedelegation.py:390 +msgid "Service delegation rules" msgstr "" -#: ipaserver/plugins/automember.py:244 -msgid "Auto Membership Rule" +#: ipaserver/plugins/servicedelegation.py:391 +msgid "Service delegation rule" msgstr "" -#: ipaserver/plugins/automember.py:275 +#: ipaserver/plugins/servicedelegation.py:398 #, python-format -msgid "%(otype)s \"%(oname)s\" not found" +msgid "Added service delegation rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/automember.py:301 +#: ipaserver/plugins/servicedelegation.py:405 #, python-format -msgid "%s is not a valid attribute." +msgid "Deleted service delegation \"%(value)s\"" msgstr "" -#: ipaserver/plugins/automember.py:314 -msgid "" -"\n" -" Add an automember rule.\n" -" " +#: ipaserver/plugins/servicedelegation.py:413 +msgid "privileged service delegation rule" msgstr "" -#: ipaserver/plugins/automember.py:318 +#: ipaserver/plugins/servicedelegation.py:423 #, python-format -msgid "Added automember rule \"%(value)s\"" +msgid "%(count)d service delegation rule matched" +msgid_plural "%(count)d service delegation rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/servicedelegation.py:471 +#: ipaserver/plugins/servicedelegation.py:500 +msgid "service delegation target" msgstr "" -#: ipaserver/plugins/automember.py:325 -msgid "Auto Membership is not configured" +#: ipaserver/plugins/servicedelegation.py:472 +msgid "service delegation targets" msgstr "" -#: ipaserver/plugins/automember.py:337 -msgid "" -"\n" -" Add conditions to an automember rule.\n" -" " +#: ipaserver/plugins/servicedelegation.py:479 +msgid "Service delegation targets" msgstr "" -#: ipaserver/plugins/automember.py:348 +#: ipaserver/plugins/servicedelegation.py:480 +msgid "Service delegation target" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:487 #, python-format -msgid "Added condition(s) to \"%(value)s\"" +msgid "Added service delegation target \"%(value)s\"" msgstr "" -#: ipaserver/plugins/automember.py:371 ipaserver/plugins/automember.py:455 +#: ipaserver/plugins/servicedelegation.py:494 #, python-format -msgid "Auto member rule: %s not found!" +msgid "Deleted service delegation target \"%(value)s\"" msgstr "" -#: ipaserver/plugins/automember.py:413 +#: ipaserver/plugins/servicedelegation.py:502 +msgid "privileged service delegation target" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:512 +#, python-format +msgid "%(count)d service delegation target matched" +msgid_plural "%(count)d service delegation targets matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/session.py:12 msgid "" "\n" -" Override this so we can add completed and failed to the return " -"result.\n" -" " +"Session Support for IPA\n" msgstr "" -#: ipaserver/plugins/automember.py:428 +#: ipaserver/plugins/subid.py:29 msgid "" "\n" -" Remove conditions from an automember rule.\n" -" " +"Subordinate ids\n" +"\n" +"Manage subordinate user and group ids for users\n" +"\n" +"EXAMPLES:\n" +"\n" +" Auto-assign a subordinate id range to current user\n" +" ipa subid-generate\n" +"\n" +" Auto-assign a subordinate id range to user alice:\n" +" ipa subid-generate --owner=alice\n" +"\n" +" Find subordinate ids for user alice:\n" +" ipa subid-find --owner=alice\n" +"\n" +" Match entry by any subordinate uid in range:\n" +" ipa subid-match --subuid=2147483649\n" msgstr "" -#: ipaserver/plugins/automember.py:432 -#, python-format -msgid "Removed condition(s) from \"%(value)s\"" +#: ipaserver/plugins/subid.py:59 ipaserver/plugins/subid.py:62 +msgid "Subordinate id" msgstr "" -#: ipaserver/plugins/automember.py:496 -msgid "" -"\n" -" Override this so we can set completed and failed.\n" -" " +#: ipaserver/plugins/subid.py:60 ipaserver/plugins/subid.py:61 +msgid "Subordinate ids" msgstr "" -#: ipaserver/plugins/automember.py:511 -msgid "" -"\n" -" Modify an automember rule.\n" -" " +#: ipaserver/plugins/subid.py:144 +msgid "Subordinate id description" msgstr "" -#: ipaserver/plugins/automember.py:515 -#, python-format -msgid "Modified automember rule \"%(value)s\"" +#: ipaserver/plugins/subid.py:150 ipaserver/plugins/subid.py:468 +msgid "Owning user of subordinate id entry" msgstr "" -#: ipaserver/plugins/automember.py:525 -msgid "" -"\n" -" Delete an automember rule.\n" -" " +#: ipaserver/plugins/subid.py:155 ipaserver/plugins/internal.py:1404 +msgid "SubUID range start" msgstr "" -#: ipaserver/plugins/automember.py:529 -#, python-format -msgid "Deleted automember rule \"%(value)s\"" +#: ipaserver/plugins/subid.py:157 +msgid "Start value for subordinate user ID (subuid) range" msgstr "" -#: ipaserver/plugins/automember.py:534 -msgid "" -"\n" -" Search for automember rules.\n" -" " +#: ipaserver/plugins/subid.py:164 ipaserver/plugins/internal.py:1403 +msgid "SubUID range size" msgstr "" -#: ipaserver/plugins/automember.py:540 ipaserver/plugins/automember.py:840 -#, python-format -msgid "%(count)d rules matched" -msgid_plural "%(count)d rules matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/subid.py:166 +msgid "Subordinate user ID count" +msgstr "" -#: ipaserver/plugins/automember.py:552 -msgid "" -"\n" -" Display information about an automember rule.\n" -" " +#: ipaserver/plugins/subid.py:173 ipaserver/plugins/internal.py:1402 +msgid "SubGID range start" msgstr "" -#: ipaserver/plugins/automember.py:576 -msgid "" -"\n" -" Set default (fallback) group for all unmatched entries.\n" -" " +#: ipaserver/plugins/subid.py:175 +msgid "Start value for subordinate group ID (subgid) range" msgstr "" -#: ipaserver/plugins/automember.py:590 -#, python-format -msgid "Set default (fallback) group for automember \"%(value)s\"" +#: ipaserver/plugins/subid.py:182 ipaserver/plugins/internal.py:1401 +msgid "SubGID range size" msgstr "" -#: ipaserver/plugins/automember.py:607 +#: ipaserver/plugins/subid.py:184 +msgid "Subordinate group ID count" +msgstr "" + +#: ipaserver/plugins/subid.py:213 +#, python-format msgid "" -"\n" -" Remove default (fallback) group for all unmatched entries.\n" -" " +"%(oname)s with with name \"%(pkey)s\" or for user \"%(uid)s\" already exists." msgstr "" -#: ipaserver/plugins/automember.py:614 +#: ipaserver/plugins/subid.py:246 #, python-format -msgid "Removed default (fallback) group for automember \"%(value)s\"" +msgid "'%(dn)s is not a valid user" msgstr "" -#: ipaserver/plugins/automember.py:625 ipaserver/plugins/automember.py:633 -#: ipaserver/plugins/automember.py:661 -msgid "No default (fallback) group set" +#: ipaserver/plugins/subid.py:278 +msgid "subgidnumber must be equal to subuidnumber" msgstr "" -#: ipaserver/plugins/automember.py:644 -msgid "" -"\n" -" Display information about the default (fallback) automember groups.\n" -" " +#: ipaserver/plugins/subid.py:351 +msgid "Add a new subordinate id." msgstr "" -#: ipaserver/plugins/automember.py:675 -msgid "Task DN" +#: ipaserver/plugins/subid.py:352 +#, python-format +msgid "Added subordinate id \"%(value)s\"" msgstr "" -#: ipaserver/plugins/automember.py:676 -msgid "DN of the started task" +#: ipaserver/plugins/subid.py:384 +msgid "Delete a subordinate id." msgstr "" -#: ipaserver/plugins/automember.py:727 -msgid "at least one of options: type, users, hosts must be specified" +#: ipaserver/plugins/subid.py:385 +#, python-format +msgid "Deleted subordinate id \"%(value)s\"" msgstr "" -#: ipaserver/plugins/automember.py:733 -msgid "users and hosts cannot both be set" +#: ipaserver/plugins/subid.py:393 +msgid "Modify a subordinate id." msgstr "" -#: ipaserver/plugins/automember.py:737 -msgid "hosts cannot be set when type is 'group'" +#: ipaserver/plugins/subid.py:394 +#, python-format +msgid "Modified subordinate id \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/subid.py:405 +msgid "Search for subordinate id." +msgstr "" + +#: ipaserver/plugins/subid.py:407 +#, python-format +msgid "%(count)d subordinate id matched" +msgid_plural "%(count)d subordinate ids matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/subid.py:440 +msgid "Display information about a subordinate id." msgstr "" -#: ipaserver/plugins/automember.py:741 -msgid "users cannot be set when type is 'hostgroup'" +#: ipaserver/plugins/subid.py:458 +msgid "Generate and auto-assign subuid and subgid range to user entry" msgstr "" -#: ipaserver/plugins/automember.py:795 -msgid "Automember rebuild membership task started" +#: ipaserver/plugins/subid.py:493 +msgid "Match users by any subordinate uid in their range" msgstr "" -#: ipaserver/plugins/automember.py:799 ipaserver/plugins/internal.py:168 -msgid "Automember rebuild membership task completed" +#: ipaserver/plugins/subid.py:500 +msgid "SubUID match" msgstr "" -#: ipaserver/plugins/automember.py:815 -#, python-format -msgid "Task DN = '%s'" +#: ipaserver/plugins/subid.py:501 +msgid "Match value for subordinate user ID" msgstr "" -#: ipaserver/plugins/automember.py:818 ipaserver/plugins/internal.py:1970 -msgid "Automember" +#: ipaserver/plugins/subid.py:542 +msgid "Subordinate id statistics" msgstr "" -#: ipaserver/plugins/automember.py:828 -msgid "" -"\n" -" Search for orphan automember rules. The command might need to be run as\n" -" a privileged user user to get all orphan rules.\n" -" " +#: ipaserver/plugins/subid.py:586 +#, python-format +msgid "%(remaining)i remaining subordinate id ranges" msgstr "" -#: ipaserver/plugins/automember.py:835 -msgid "Remove orphan automember rules" +#: ipaserver/plugins/sudo.py:7 +msgid "commands for controlling sudo configuration" msgstr "" -#: ipaserver/plugins/batch.py:35 +#: ipaserver/plugins/sudocmd.py:33 msgid "" "\n" -"Plugin to make multiple ipa calls via one remote procedure call\n" -"\n" -"To run this code in the lite-server\n" -"\n" -"curl -H \"Content-Type:application/json\" -H \"Accept:application/" -"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" -"etc/ipa/ca.crt -d @batch_request.json -X POST http://" -"localhost:8888/ipa/json\n" -"\n" -"where the contents of the file batch_request.json follow the below example\n" +"Sudo Commands\n" "\n" -"{\"method\":\"batch\",\"params\":[[\n" -" {\"method\":\"group_find\",\"params\":[[],{}]},\n" -" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\"," -"\"all\":\"true\"}]},\n" -" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" -" ],{}],\"id\":1}\n" +"Commands used as building blocks for sudo\n" "\n" -"The format of the response is nested the same way. At the top you will see\n" -" \"error\": null,\n" -" \"id\": 1,\n" -" \"result\": {\n" -" \"count\": 3,\n" -" \"results\": [\n" +"EXAMPLES:\n" "\n" +" Create a new command\n" +" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" "\n" -"And then a nested response for each IPA command method sent in the request\n" +" Remove a command\n" +" ipa sudocmd-del /usr/bin/less\n" "\n" msgstr "" -#: ipaserver/plugins/batch.py:71 -msgid "Make multiple ipa calls via one remote procedure call" +#: ipaserver/plugins/sudocmd.py:55 +#, python-format +msgid "must not contain trailing dot: %s" msgstr "" -#: ipaserver/plugins/batch.py:122 -msgid "must contain a tuple (list, dict)" +#: ipaserver/plugins/sudocmd.py:64 +msgid "sudo command" msgstr "" -#: ipaserver/plugins/ca.py:21 -msgid "" -"\n" -"Manage Certificate Authorities\n" +#: ipaserver/plugins/sudocmd.py:65 +msgid "sudo commands" msgstr "" -#: ipaserver/plugins/ca.py:23 -msgid "" -"\n" -"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped " -"issuance\n" -"of X.509 certificates.\n" +#: ipaserver/plugins/sudocmd.py:117 +msgid "Sudo Commands" msgstr "" -#: ipaserver/plugins/ca.py:26 -msgid "" -"\n" -"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n" -"operator has permission to bypass CA ACLs.\n" +#: ipaserver/plugins/sudocmd.py:154 +#, python-format +msgid "Added Sudo Command \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:29 -msgid "" -"\n" -"All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n" -"prevents it from issuing certificates but does not affect the validity of " -"its\n" -"certificate.\n" +#: ipaserver/plugins/sudocmd.py:160 +#, python-format +msgid "Deleted Sudo Command \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:33 -msgid "" -"\n" -"CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its " -"signing\n" -"certificate to be revoked and its private key deleted.\n" +#: ipaserver/plugins/sudocmd.py:193 +#, python-format +msgid "Modified Sudo Command \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:38 +#: ipaserver/plugins/sudocmd.py:201 +#, python-format +msgid "%(count)d Sudo Command matched" +msgid_plural "%(count)d Sudo Commands matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/sudocmdgroup.py:34 msgid "" "\n" -" Create new CA, subordinate to the IPA CA (requires permission\n" -" \"System: Add CA\"):\n" +"Groups of Sudo Commands\n" "\n" -" ipa ca-add puppet --desc \"Puppet\" \\\n" -" --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n" -msgstr "" - -#: ipaserver/plugins/ca.py:44 -msgid "" +"Manage groups of Sudo Commands.\n" "\n" -" Disable a CA (requires permission \"System: Modify CA\"):\n" +"EXAMPLES:\n" "\n" -" ipa ca-disable puppet\n" -msgstr "" - -#: ipaserver/plugins/ca.py:48 -msgid "" +" Add a new Sudo Command Group:\n" +" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" "\n" -" Re-enable a CA (requires permission \"System: Modify CA\"):\n" +" Remove a Sudo Command Group:\n" +" ipa sudocmdgroup-del admincmds\n" "\n" -" ipa ca-enable puppet\n" -msgstr "" - -#: ipaserver/plugins/ca.py:52 -msgid "" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" +"vim admincmds\n" "\n" -" Delete a CA (requires permission \"System: Delete CA\"; also requires\n" -" CA to be disabled first):\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n" "\n" -" ipa ca-del puppet\n" +" Show a Sudo Command Group:\n" +" ipa sudocmdgroup-show admincmds\n" msgstr "" -#: ipaserver/plugins/ca.py:69 ipaserver/plugins/ca.py:80 -msgid "Certificate Authority" +#: ipaserver/plugins/sudocmdgroup.py:67 +msgid "sudo command group" msgstr "" -#: ipaserver/plugins/ca.py:70 ipaserver/plugins/ca.py:79 -msgid "Certificate Authorities" +#: ipaserver/plugins/sudocmdgroup.py:68 +msgid "sudo command groups" msgstr "" -#: ipaserver/plugins/ca.py:86 ipaserver/plugins/schema.py:48 -#: ipaserver/plugins/trust.py:1422 -msgid "Name" +#: ipaserver/plugins/sudocmdgroup.py:149 +#, python-format +msgid "Added Sudo Command Group \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:87 -msgid "Name for referencing the CA" +#: ipaserver/plugins/sudocmdgroup.py:157 +#, python-format +msgid "Deleted Sudo Command Group \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:92 -msgid "Description of the purpose of the CA" +#: ipaserver/plugins/sudocmdgroup.py:165 +#, python-format +msgid "Modified Sudo Command Group \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:96 -msgid "Authority ID" +#: ipaserver/plugins/sudocmdgroup.py:174 +#, python-format +msgid "%(count)d Sudo Command Group matched" +msgid_plural "%(count)d Sudo Command Groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/topology.py:24 +msgid "" +"\n" +"Topology\n" +"\n" +"Management of a replication topology at domain level 1.\n" msgstr "" -#: ipaserver/plugins/ca.py:97 -msgid "Dogtag Authority ID" +#: ipaserver/plugins/topology.py:28 +msgid "" +"\n" +"IPA server's data is stored in LDAP server in two suffixes:\n" +"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " +"data\n" +"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" +" contains data for Certificate Server component\n" msgstr "" -#: ipaserver/plugins/ca.py:102 ipaserver/plugins/ca.py:296 -msgid "Subject DN" +#: ipaserver/plugins/topology.py:33 +msgid "" +"\n" +"Data stored on IPA servers is replicated to other IPA servers. The way it " +"is\n" +"replicated is defined by replication agreements. Replication agreements " +"needs\n" +"to be set for both suffixes separately. On domain level 0 they are managed\n" +"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " +"1\n" +"they are managed centrally using `ipa topology*` commands.\n" msgstr "" -#: ipaserver/plugins/ca.py:103 -msgid "Subject Distinguished Name" +#: ipaserver/plugins/topology.py:39 +msgid "" +"\n" +"Agreements are represented by topology segments. By default topology " +"segment\n" +"represents 2 replication agreements - one for each direction, e.g., A to B " +"and\n" +"B to A. Creation of unidirectional segments is not allowed.\n" msgstr "" -#: ipaserver/plugins/ca.py:108 ipaserver/plugins/cert.py:426 -msgid "Issuer DN" +#: ipaserver/plugins/topology.py:43 +msgid "" +"\n" +"To verify that no server is disconnected in the topology of the given " +"suffix,\n" +"use:\n" +" ipa topologysuffix-verify $suffix\n" msgstr "" -#: ipaserver/plugins/ca.py:109 -msgid "Issuer Distinguished Name" +#: ipaserver/plugins/topology.py:47 +msgid "" +"\n" +"\n" +"Examples:\n" +" Find all IPA servers:\n" +" ipa server-find\n" msgstr "" -#: ipaserver/plugins/ca.py:115 ipaserver/plugins/cert.py:354 -msgid "Base-64 encoded certificate." +#: ipaserver/plugins/topology.py:52 +msgid "" +"\n" +" Find all suffixes:\n" +" ipa topologysuffix-find\n" msgstr "" -#: ipaserver/plugins/ca.py:120 ipaserver/plugins/cert.py:359 -msgid "Certificate chain" +#: ipaserver/plugins/topology.py:55 +msgid "" +"\n" +" Add topology segment to 'domain' suffix:\n" +" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" msgstr "" -#: ipaserver/plugins/ca.py:121 ipaserver/plugins/cert.py:360 -msgid "X.509 certificate chain" +#: ipaserver/plugins/topology.py:58 +msgid "" +"\n" +" Add topology segment to 'ca' suffix:\n" +" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" msgstr "" -#: ipaserver/plugins/ca.py:127 -msgid "RSN Version" +#: ipaserver/plugins/topology.py:61 +msgid "" +"\n" +" List all topology segments in 'domain' suffix:\n" +" ipa topologysegment-find domain\n" msgstr "" -#: ipaserver/plugins/ca.py:128 -msgid "Random Serial Number Version" +#: ipaserver/plugins/topology.py:64 +msgid "" +"\n" +" List all topology segments in 'ca' suffix:\n" +" ipa topologysegment-find ca\n" msgstr "" -#: ipaserver/plugins/ca.py:228 -msgid "Search for CAs." +#: ipaserver/plugins/topology.py:67 +msgid "" +"\n" +" Delete topology segment in 'domain' suffix:\n" +" ipa topologysegment-del domain segment_name\n" msgstr "" -#: ipaserver/plugins/ca.py:230 -#, python-format -msgid "%(count)d CA matched" -msgid_plural "%(count)d CAs matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/ca.py:247 ipaserver/plugins/cert.py:596 -msgid "Include certificate chain in output" +#: ipaserver/plugins/topology.py:70 +msgid "" +"\n" +" Delete topology segment in 'ca' suffix:\n" +" ipa topologysegment-del ca segment_name\n" msgstr "" -#: ipaserver/plugins/ca.py:253 -msgid "Display the properties of a CA." +#: ipaserver/plugins/topology.py:73 +msgid "" +"\n" +" Verify topology of 'domain' suffix:\n" +" ipa topologysuffix-verify domain\n" msgstr "" -#: ipaserver/plugins/ca.py:270 -msgid "Create a CA." +#: ipaserver/plugins/topology.py:76 +msgid "" +"\n" +" Verify topology of 'ca' suffix:\n" +" ipa topologysuffix-verify ca\n" msgstr "" -#: ipaserver/plugins/ca.py:271 -#, python-format -msgid "Created CA \"%(value)s\"" +#: ipaserver/plugins/topology.py:92 +#, python-brace-format +msgid "Topology management requires minimum domain level {0} " msgstr "" -#: ipaserver/plugins/ca.py:281 -#, python-format -msgid "Insufficient 'add' privilege for entry '%s'." +#: ipaserver/plugins/topology.py:104 +msgid "segment" msgstr "" -#: ipaserver/plugins/ca.py:297 -#, python-format -msgid "Unrecognized attributes: %(attrs)s" +#: ipaserver/plugins/topology.py:105 +msgid "segments" msgstr "" -#: ipaserver/plugins/ca.py:312 -#, python-format -msgid "Subject DN is already used by CA '%s'" +#: ipaserver/plugins/topology.py:119 +msgid "Topology Segments" msgstr "" -#: ipaserver/plugins/ca.py:336 -msgid "Delete a CA (must be disabled first)." +#: ipaserver/plugins/topology.py:120 +msgid "Topology Segment" msgstr "" -#: ipaserver/plugins/ca.py:338 +#: ipaserver/plugins/topology.py:226 #, python-format -msgid "Deleted CA \"%(value)s\"" +msgid "left node is not a topology node: %(leftnode)s" msgstr "" -#: ipaserver/plugins/ca.py:347 -msgid "Insufficient privilege to delete a CA." +#: ipaserver/plugins/topology.py:233 +#, python-format +msgid "right node is not a topology node: %(rightnode)s" msgstr "" -#: ipaserver/plugins/ca.py:351 ipaserver/plugins/ca.py:360 -#: ipaserver/plugins/ca.py:379 ipaserver/plugins/ca.py:419 -#: ipaserver/plugins/internal.py:642 -msgid "CA" +#: ipaserver/plugins/topology.py:250 +msgid "left node and right node must not be the same" msgstr "" -#: ipaserver/plugins/ca.py:353 -msgid "IPA CA cannot be deleted" +#: ipaserver/plugins/topology.py:261 +#, python-brace-format +msgid "left node ({host}) does not support suffix '{suff}'" msgstr "" -#: ipaserver/plugins/ca.py:362 -msgid "Must be disabled first" +#: ipaserver/plugins/topology.py:269 +#, python-brace-format +msgid "right node ({host}) does not support suffix '{suff}'" msgstr "" -#: ipaserver/plugins/ca.py:370 -msgid "Modify CA configuration." -msgstr "" +#: ipaserver/plugins/topology.py:280 +#, python-format +msgid "%(count)d segment matched" +msgid_plural "%(count)d segments matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/ca.py:371 +#: ipaserver/plugins/topology.py:289 #, python-format -msgid "Modified CA \"%(value)s\"" +msgid "Added segment \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:397 -msgid "Insufficient privilege to modify a CA." +#: ipaserver/plugins/topology.py:302 +#, python-format +msgid "Deleted segment \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:413 -msgid "Disable a CA." +#: ipaserver/plugins/topology.py:314 +#, python-format +msgid "Modified segment \"%(value)s\"" msgstr "" -#: ipaserver/plugins/ca.py:414 +#: ipaserver/plugins/topology.py:329 #, python-format -msgid "Disabled CA \"%(value)s\"" +msgid "%(value)s" msgstr "" -#: ipaserver/plugins/ca.py:421 -msgid "IPA CA cannot be disabled" +#: ipaserver/plugins/topology.py:365 +msgid "left or right node has to be specified" msgstr "" -#: ipaserver/plugins/ca.py:431 -msgid "Enable a CA." +#: ipaserver/plugins/topology.py:370 +msgid "only one node can be specified" msgstr "" -#: ipaserver/plugins/ca.py:432 +#: ipaserver/plugins/topology.py:374 #, python-format -msgid "Enabled CA \"%(value)s\"" +msgid "Replication refresh for segment: \"%(pkey)s\" requested." msgstr "" -#: ipaserver/plugins/caacl.py:21 -msgid "" -"\n" -"Manage CA ACL rules.\n" -"\n" -"This plugin is used to define rules governing which CAs and profiles\n" -"may be used to issue certificates to particular principals or groups\n" -"of principals.\n" -"\n" -"SUBJECT PRINCIPAL SCOPE:\n" -"\n" -"For a certificate request to be allowed, the principal(s) that are\n" -"the subject of a certificate request (not necessarily the principal\n" -"actually requesting the certificate) must be included in the scope\n" -"of a CA ACL that also includes the target CA and profile.\n" -"\n" -"Users can be included by name, group or the \"all users\" category.\n" -"Hosts can be included by name, hostgroup or the \"all hosts\"\n" -"category. Services can be included by service name or the \"all\n" -"services\" category. CA ACLs may be associated with a single type of\n" -"principal, or multiple types.\n" -"\n" -"CERTIFICATE AUTHORITY SCOPE:\n" -"\n" -"A CA ACL can be associated with one or more CAs by name, or by the\n" -"\"all CAs\" category. For compatibility reasons, a CA ACL with no CA\n" -"association implies an association with the 'ipa' CA (and only this\n" -"CA).\n" -"\n" -"PROFILE SCOPE:\n" -"\n" -"A CA ACL can be associated with one or more profiles by Profile ID.\n" -"The Profile ID is a string without spaces or punctuation starting\n" -"with a letter and followed by a sequence of letters, digits or\n" -"underscore (\"_\").\n" -"\n" -"EXAMPLES:\n" -"\n" -" Create a CA ACL \"test\" that grants all users access to the\n" -" \"UserCert\" profile on all CAs:\n" -" ipa caacl-add test --usercat=all --cacat=all\n" -" ipa caacl-add-profile test --certprofiles UserCert\n" -"\n" -" Display the properties of a named CA ACL:\n" -" ipa caacl-show test\n" -"\n" -" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile on \"DNP3-" -"CA\":\n" -" ipa caacl-add alice_dnp3\n" -" ipa caacl-add-ca alice_dnp3 --cas DNP3-CA\n" -" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" -" ipa caacl-add-user alice_dnp3 --user=alice\n" -"\n" -" Disable a CA ACL:\n" -" ipa caacl-disable test\n" -"\n" -" Remove a CA ACL:\n" -" ipa caacl-del test\n" +#: ipaserver/plugins/topology.py:377 +#, python-format +msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested." msgstr "" -#: ipaserver/plugins/caacl.py:87 ipaserver/plugins/caacl.py:165 -#: ipaserver/plugins/caacl.py:263 -msgid "CA ACL" +#: ipaserver/plugins/topology.py:408 +msgid "suffixes" msgstr "" -#: ipaserver/plugins/caacl.py:88 ipaserver/plugins/caacl.py:164 -msgid "CA ACLs" +#: ipaserver/plugins/topology.py:412 +msgid "Topology suffixes" msgstr "" -#: ipaserver/plugins/caacl.py:183 -msgid "CA category" +#: ipaserver/plugins/topology.py:413 +msgid "Topology suffix" msgstr "" -#: ipaserver/plugins/caacl.py:184 -msgid "CA category the ACL applies to" -msgstr "" +#: ipaserver/plugins/topology.py:435 +#, python-format +msgid "%(count)d topology suffix matched" +msgid_plural "%(count)d topology suffixes matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/caacl.py:212 -msgid "CAs" +#: ipaserver/plugins/topology.py:446 +#, python-format +msgid "Deleted topology suffix \"%(value)s\"" msgstr "" -#: ipaserver/plugins/caacl.py:246 +#: ipaserver/plugins/topology.py:460 #, python-format -msgid "Added CA ACL \"%(value)s\"" +msgid "Added topology suffix \"%(value)s\"" msgstr "" -#: ipaserver/plugins/caacl.py:258 +#: ipaserver/plugins/topology.py:474 #, python-format -msgid "Deleted CA ACL \"%(value)s\"" +msgid "Modified topology suffix \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:489 +msgid "" +"\n" +"Verify replication topology for suffix.\n" +"\n" +"Checks done:\n" +" 1. check if a topology is not disconnected. In other words if there are\n" +" replication paths between all servers.\n" +" 2. check if servers don't have more than the recommended number of\n" +" replication agreements\n" msgstr "" -#: ipaserver/plugins/caacl.py:265 -msgid "default CA ACL can be only disabled" +#: ipaserver/plugins/virtual.py:57 +msgid "operation not defined" msgstr "" -#: ipaserver/plugins/caacl.py:273 +#: ipaserver/plugins/virtual.py:82 #, python-format -msgid "Modified CA ACL \"%(value)s\"" +msgid "not allowed to perform operation: %s" msgstr "" -#: ipaserver/plugins/caacl.py:285 -msgid "CA category cannot be set to 'all' while there are allowed CAs" +#: ipaserver/plugins/virtual.py:84 +msgid "No such virtual command" msgstr "" -#: ipaserver/plugins/caacl.py:290 +#: ipaserver/plugins/whoami.py:15 msgid "" -"profile category cannot be set to 'all' while there are allowed profiles" +"\n" +"Return information about currently authenticated identity\n" +"\n" +"Who am I command returns information on how to get\n" +"more details about the identity authenticated for this\n" +"request. The information includes:\n" +"\n" +" * type of object\n" +" * command to retrieve details of the object\n" +" * arguments and options to pass to the command\n" +"\n" +"The information is returned as a dictionary. Examples below use\n" +"'key: value' output for illustrative purposes.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Look up as IPA user:\n" +" kinit admin\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: user\n" +" command: user_show/1\n" +" arguments: admin\n" +" ------------------------------------------\n" +"\n" +" Look up as a user from a trusted domain:\n" +" kinit user@AD.DOMAIN\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: idoverrideuser\n" +" command: idoverrideuser_show/1\n" +" arguments: ('default trust view', 'user@ad.domain')\n" +" ------------------------------------------\n" +"\n" +" Look up as a host:\n" +" kinit -k\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: host\n" +" command: host_show/1\n" +" arguments: ipa.example.com\n" +" ------------------------------------------\n" +"\n" +" Look up as a Kerberos service:\n" +" kinit -k -t /path/to/keytab HTTP/ipa.example.com\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: service\n" +" command: service_show/1\n" +" arguments: HTTP/ipa.example.com\n" +" ------------------------------------------\n" msgstr "" -#: ipaserver/plugins/caacl.py:302 ipaserver/plugins/hbacrule.py:356 -msgid "" -"service category cannot be set to 'all' while there are allowed services" +#: ipaserver/plugins/whoami.py:77 +msgid "Describe currently authenticated identity." msgstr "" -#: ipaserver/plugins/caacl.py:312 -#, python-format -msgid "%(count)d CA ACL matched" -msgid_plural "%(count)d CA ACLs matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/whoami.py:82 ipaserver/plugins/whoami.py:88 +msgid "Object class name" +msgstr "" -#: ipaserver/plugins/caacl.py:325 -#, python-format -msgid "Enabled CA ACL \"%(value)s\"" +#: ipaserver/plugins/whoami.py:83 ipaserver/plugins/whoami.py:89 +msgid "Function to get details" msgstr "" -#: ipaserver/plugins/caacl.py:354 -#, python-format -msgid "Disabled CA ACL \"%(value)s\"" +#: ipaserver/plugins/whoami.py:84 ipaserver/plugins/whoami.py:91 +msgid "Arguments to details function" msgstr "" -#: ipaserver/plugins/caacl.py:385 -#, python-format -msgid "%i user or group added." +#: ipaserver/plugins/whoami.py:111 +msgid "Cannot query Directory Manager with API" msgstr "" -#: ipaserver/plugins/caacl.py:386 -#, python-format -msgid "%i users or groups added." +#: ipaserver/plugins/aci.py:165 +msgid "A list of ACI values" msgstr "" -#: ipaserver/plugins/caacl.py:397 ipaserver/plugins/hbacrule.py:518 -#: ipaserver/plugins/selinuxusermap.py:572 ipaserver/plugins/sudorule.py:607 -msgid "users cannot be added when user category='all'" +#: ipaserver/plugins/aci.py:229 +msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" -#: ipaserver/plugins/caacl.py:407 -#, python-format -msgid "%i user or group removed." +#: ipaserver/plugins/aci.py:232 +msgid "ACI prefix is required" msgstr "" -#: ipaserver/plugins/caacl.py:408 -#, python-format -msgid "%i users or groups removed." +#: ipaserver/plugins/aci.py:235 +msgid "" +"at least one of: type, filter, subtree, targetgroup, attrs or memberof are " +"required" msgstr "" -#: ipaserver/plugins/caacl.py:417 -#, python-format -msgid "%i host or hostgroup added." +#: ipaserver/plugins/aci.py:238 +msgid "filter and memberof are mutually exclusive" msgstr "" -#: ipaserver/plugins/caacl.py:418 -#, python-format -msgid "%i hosts or hostgroups added." +#: ipaserver/plugins/aci.py:244 +msgid "group, permission and self are mutually exclusive" msgstr "" -#: ipaserver/plugins/caacl.py:429 ipaserver/plugins/hbacrule.py:549 -#: ipaserver/plugins/selinuxusermap.py:605 ipaserver/plugins/sudorule.py:710 -msgid "hosts cannot be added when host category='all'" +#: ipaserver/plugins/aci.py:246 +msgid "One of group, permission or self is required" msgstr "" -#: ipaserver/plugins/caacl.py:439 +#: ipaserver/plugins/aci.py:269 #, python-format -msgid "%i host or hostgroup removed." +msgid "Group '%s' does not exist" msgstr "" -#: ipaserver/plugins/caacl.py:440 -#, python-format -msgid "%i hosts or hostgroups removed." +#: ipaserver/plugins/aci.py:295 +msgid "empty filter" msgstr "" -#: ipaserver/plugins/caacl.py:448 +#: ipaserver/plugins/aci.py:316 #, python-format -msgid "%i service added." +msgid "Syntax Error: %(error)s" msgstr "" -#: ipaserver/plugins/caacl.py:448 +#: ipaserver/plugins/aci.py:361 #, python-format -msgid "%i services added." +msgid "invalid DN (%s)" msgstr "" -#: ipaserver/plugins/caacl.py:459 ipaserver/plugins/hbacrule.py:606 -msgid "services cannot be added when service category='all'" +#: ipaserver/plugins/aci.py:408 +#, python-format +msgid "ACI with name \"%s\" not found" msgstr "" -#: ipaserver/plugins/caacl.py:468 -#, python-format -msgid "%i service removed." +#: ipaserver/plugins/aci.py:437 +msgid "ACI object." msgstr "" -#: ipaserver/plugins/caacl.py:468 -#, python-format -msgid "%i services removed." +#: ipaserver/plugins/aci.py:440 +msgid "ACIs" msgstr "" -#: ipaserver/plugins/caacl.py:488 +#: ipaserver/plugins/aci.py:524 #, python-format -msgid "%i profile added." +msgid "Created ACI \"%(value)s\"" msgstr "" -#: ipaserver/plugins/caacl.py:488 +#: ipaserver/plugins/aci.py:577 #, python-format -msgid "%i profiles added." +msgid "Deleted ACI \"%(value)s\"" msgstr "" -#: ipaserver/plugins/caacl.py:499 -msgid "profiles cannot be added when profile category='all'" +#: ipaserver/plugins/aci.py:620 +#, python-format +msgid "Modified ACI \"%(value)s\"" msgstr "" -#: ipaserver/plugins/caacl.py:510 +#: ipaserver/plugins/aci.py:694 #, python-format -msgid "%i profile removed." -msgstr "" +msgid "%(count)d ACI matched" +msgid_plural "%(count)d ACIs matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/caacl.py:510 +#: ipaserver/plugins/aci.py:929 #, python-format -msgid "%i profiles removed." +msgid "Renamed ACI to \"%(value)s\"" msgstr "" -#: ipaserver/plugins/caacl.py:515 -msgid "Add CAs to a CA ACL." +#: ipaserver/plugins/automember.py:43 +msgid "" +"\n" +"Auto Membership Rule.\n" msgstr "" -#: ipaserver/plugins/caacl.py:520 -#, python-format -msgid "%i CA added." +#: ipaserver/plugins/automember.py:45 +msgid "" +"\n" +"Bring clarity to the membership of hosts and users by configuring inclusive\n" +"or exclusive regex patterns, you can automatically assign a new entries " +"into\n" +"a group or hostgroup based upon attribute information.\n" msgstr "" -#: ipaserver/plugins/caacl.py:520 -#, python-format -msgid "%i CAs added." +#: ipaserver/plugins/automember.py:49 +msgid "" +"\n" +"A rule is directly associated with a group by name, so you cannot create\n" +"a rule without an accompanying group or hostgroup.\n" msgstr "" -#: ipaserver/plugins/caacl.py:531 -msgid "CAs cannot be added when CA category='all'" +#: ipaserver/plugins/automember.py:52 +msgid "" +"\n" +"A condition is a regular expression used by 389-ds to match a new incoming\n" +"entry with an automember rule. If it matches an inclusive rule then the\n" +"entry is added to the appropriate group or hostgroup.\n" msgstr "" -#: ipaserver/plugins/caacl.py:537 -msgid "Remove CAs from a CA ACL." +#: ipaserver/plugins/automember.py:56 +msgid "" +"\n" +"A default group or hostgroup could be specified for entries that do not\n" +"match any rule. In case of user entries this group will be a fallback group\n" +"because all users are by default members of group specified in IPA config.\n" msgstr "" -#: ipaserver/plugins/caacl.py:542 -#, python-format -msgid "%i CA removed." +#: ipaserver/plugins/automember.py:60 +msgid "" +"\n" +"The automember-rebuild command can be used to retroactively run automember " +"rules\n" +"against existing entries, thus rebuilding their membership.\n" msgstr "" -#: ipaserver/plugins/caacl.py:542 -#, python-format -msgid "%i CAs removed." +#: ipaserver/plugins/automember.py:65 +msgid "" +"\n" +" Add the initial group or hostgroup:\n" +" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" +" ipa group-add --desc=\"Developers\" devel\n" msgstr "" -#: ipaserver/plugins/certmap.py:50 +#: ipaserver/plugins/automember.py:69 msgid "" "\n" -"Certificate Identity Mapping\n" +" Add the initial rule:\n" +" ipa automember-add --type=hostgroup webservers\n" +" ipa automember-add --type=group devel\n" msgstr "" -#: ipaserver/plugins/certmap.py:52 +#: ipaserver/plugins/automember.py:73 msgid "" "\n" -"Manage Certificate Identity Mapping configuration and rules.\n" +" Add a condition to the rule:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +" ipa automember-add-condition --key=manager --type=group --inclusive-" +"regex=^uid=mscott devel\n" msgstr "" -#: ipaserver/plugins/certmap.py:54 +#: ipaserver/plugins/automember.py:77 msgid "" "\n" -"IPA supports the use of certificates for authentication. Certificates can\n" -"either be stored in the user entry (full certificate in the usercertificate\n" -"attribute), or simply linked to the user entry through a mapping.\n" -"This code enables the management of the rules allowing to link a\n" -"certificate to a user entry.\n" +" Add an exclusive condition to the rule to prevent auto assignment:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" +"regex=^web5\\.example\\.com webservers\n" msgstr "" -#: ipaserver/plugins/certmap.py:62 +#: ipaserver/plugins/automember.py:80 msgid "" "\n" -" Display the Certificate Identity Mapping global configuration:\n" -" ipa certmapconfig-show\n" +" Add a host:\n" +" ipa host-add web1.example.com\n" msgstr "" -#: ipaserver/plugins/certmap.py:65 +#: ipaserver/plugins/automember.py:83 msgid "" "\n" -" Modify Certificate Identity Mapping global configuration:\n" -" ipa certmapconfig-mod --promptusername=TRUE\n" +" Add a user:\n" +" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" msgstr "" -#: ipaserver/plugins/certmap.py:68 +#: ipaserver/plugins/automember.py:86 msgid "" "\n" -" Create a new Certificate Identity Mapping Rule:\n" -" ipa certmaprule-add rule1 --desc=\"Link certificate with subject and " -"issuer\"\n" +" Verify automembership:\n" +" ipa hostgroup-show webservers\n" +" Host-group: webservers\n" +" Description: Web Servers\n" +" Member hosts: web1.example.com\n" +"\n" +" ipa group-show devel\n" +" Group name: devel\n" +" Description: Developers\n" +" GID: 1004200000\n" +" Member users: tuser\n" msgstr "" -#: ipaserver/plugins/certmap.py:71 +#: ipaserver/plugins/automember.py:98 msgid "" "\n" -" Modify a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-mod rule1 --maprule=\"\"\n" +" Remove a condition from the rule:\n" +" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" msgstr "" -#: ipaserver/plugins/certmap.py:74 +#: ipaserver/plugins/automember.py:101 msgid "" "\n" -" Disable a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-disable rule1\n" +" Modify the automember rule:\n" +" ipa automember-mod\n" msgstr "" -#: ipaserver/plugins/certmap.py:77 +#: ipaserver/plugins/automember.py:104 msgid "" "\n" -" Enable a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-enable rule1\n" +" Set the default (fallback) target group:\n" +" ipa automember-default-group-set --default-group=webservers --" +"type=hostgroup\n" +" ipa automember-default-group-set --default-group=ipausers --type=group\n" msgstr "" -#: ipaserver/plugins/certmap.py:80 +#: ipaserver/plugins/automember.py:108 msgid "" "\n" -" Display information about a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-show rule1\n" +" Remove the default (fallback) target group:\n" +" ipa automember-default-group-remove --type=hostgroup\n" +" ipa automember-default-group-remove --type=group\n" msgstr "" -#: ipaserver/plugins/certmap.py:83 +#: ipaserver/plugins/automember.py:112 msgid "" "\n" -" Find all Certificate Identity Mapping Rules with the specified domain:\n" -" ipa certmaprule-find --domain example.com\n" +" Show the default (fallback) target group:\n" +" ipa automember-default-group-show --type=hostgroup\n" +" ipa automember-default-group-show --type=group\n" msgstr "" -#: ipaserver/plugins/certmap.py:86 +#: ipaserver/plugins/automember.py:116 msgid "" "\n" -" Delete a Certificate Identity Mapping Rule:\n" -" ipa certmaprule-del rule1\n" -msgstr "" - -#: ipaserver/plugins/certmap.py:141 ipaserver/plugins/certmap.py:148 -#: ipaserver/plugins/certmap.py:175 ipaserver/plugins/trust.py:852 -msgid "domain" +" Find all of the automember rules:\n" +" ipa automember-find\n" msgstr "" -#: ipaserver/plugins/certmap.py:142 -#, python-format +#: ipaserver/plugins/automember.py:119 msgid "" -"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check." +"\n" +" Find all of the orphan automember rules:\n" +" ipa automember-find-orphans --type=hostgroup\n" +" Find all of the orphan automember rules and remove them:\n" +" ipa automember-find-orphans --type=hostgroup --remove\n" msgstr "" -#: ipaserver/plugins/certmap.py:149 +#: ipaserver/plugins/automember.py:124 msgid "" -"The mapping rule with altSecurityIdentities should be applied to a trusted " -"Active Directory domain but no domain was associated with the rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:176 -#, python-format -msgid "The domain %s is neither IPA domain nor a trusteddomain." -msgstr "" - -#: ipaserver/plugins/certmap.py:186 -msgid "Certificate Identity Mapping configuration options" -msgstr "" - -#: ipaserver/plugins/certmap.py:191 ipaserver/plugins/certmap.py:192 -msgid "Certificate Identity Mapping Global Configuration" -msgstr "" - -#: ipaserver/plugins/certmap.py:198 -msgid "Prompt for the username" +"\n" +" Display a automember rule:\n" +" ipa automember-show --type=hostgroup webservers\n" +" ipa automember-show --type=group devel\n" msgstr "" -#: ipaserver/plugins/certmap.py:199 +#: ipaserver/plugins/automember.py:128 msgid "" -"Prompt for the username when multiple identities are mapped to a certificate" -msgstr "" - -#: ipaserver/plugins/certmap.py:229 -msgid "Modify Certificate Identity Mapping configuration." -msgstr "" - -#: ipaserver/plugins/certmap.py:234 -msgid "Show the current Certificate Identity Mapping configuration." -msgstr "" - -#: ipaserver/plugins/certmap.py:243 ipaserver/plugins/certmap.py:247 -msgid "Certificate Identity Mapping Rules" -msgstr "" - -#: ipaserver/plugins/certmap.py:244 ipaserver/plugins/certmap.py:246 -msgid "Certificate Identity Mapping Rule" -msgstr "" - -#: ipaserver/plugins/certmap.py:274 -msgid "Certificate Identity Mapping Rule name" -msgstr "" - -#: ipaserver/plugins/certmap.py:280 -msgid "Certificate Identity Mapping Rule description" -msgstr "" - -#: ipaserver/plugins/certmap.py:285 -msgid "Mapping rule" -msgstr "" - -#: ipaserver/plugins/certmap.py:286 -msgid "Rule used to map the certificate with a user entry" -msgstr "" - -#: ipaserver/plugins/certmap.py:291 -msgid "Matching rule" -msgstr "" - -#: ipaserver/plugins/certmap.py:292 -msgid "Rule used to check if a certificate can be used for authentication" -msgstr "" - -#: ipaserver/plugins/certmap.py:299 -msgid "Domain where the user entry will be searched" -msgstr "" - -#: ipaserver/plugins/certmap.py:305 -msgid "Priority of the rule (higher number means lower priority" +"\n" +" Delete an automember rule:\n" +" ipa automember-del --type=hostgroup webservers\n" +" ipa automember-del --type=group devel\n" msgstr "" -#: ipaserver/plugins/certmap.py:356 -msgid "Create a new Certificate Identity Mapping Rule." +#: ipaserver/plugins/automember.py:132 +msgid "" +"\n" +" Rebuild membership for all users:\n" +" ipa automember-rebuild --type=group\n" msgstr "" -#: ipaserver/plugins/certmap.py:358 -#, python-format -msgid "Added Certificate Identity Mapping Rule \"%(value)s\"" +#: ipaserver/plugins/automember.py:135 +msgid "" +"\n" +" Rebuild membership for all hosts:\n" +" ipa automember-rebuild --type=hostgroup\n" msgstr "" -#: ipaserver/plugins/certmap.py:369 -msgid "Modify a Certificate Identity Mapping Rule." +#: ipaserver/plugins/automember.py:138 +msgid "" +"\n" +" Rebuild membership for specified users:\n" +" ipa automember-rebuild --users=tuser1 --users=tuser2\n" msgstr "" -#: ipaserver/plugins/certmap.py:371 -#, python-format -msgid "Modified Certificate Identity Mapping Rule \"%(value)s\"" +#: ipaserver/plugins/automember.py:141 +msgid "" +"\n" +" Rebuild membership for specified hosts:\n" +" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." +"com\n" msgstr "" -#: ipaserver/plugins/certmap.py:392 -msgid "Search for Certificate Identity Mapping Rules." +#: ipaserver/plugins/automember.py:244 +msgid "Auto Membership Rule" msgstr "" -#: ipaserver/plugins/certmap.py:395 +#: ipaserver/plugins/automember.py:275 #, python-format -msgid "%(count)d Certificate Identity Mapping Rule matched" -msgid_plural "%(count)d Certificate Identity Mapping Rules matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/certmap.py:402 -msgid "Display information about a Certificate Identity Mapping Rule." -msgstr "" - -#: ipaserver/plugins/certmap.py:408 -msgid "Delete a Certificate Identity Mapping Rule." +msgid "%(otype)s \"%(oname)s\" not found" msgstr "" -#: ipaserver/plugins/certmap.py:410 +#: ipaserver/plugins/automember.py:301 #, python-format -msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\"" +msgid "%s is not a valid attribute." msgstr "" -#: ipaserver/plugins/certmap.py:415 -msgid "Enable a Certificate Identity Mapping Rule." +#: ipaserver/plugins/automember.py:314 +msgid "" +"\n" +" Add an automember rule.\n" +" " msgstr "" -#: ipaserver/plugins/certmap.py:417 +#: ipaserver/plugins/automember.py:318 #, python-format -msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/certmap.py:444 -msgid "Disable a Certificate Identity Mapping Rule." +msgid "Added automember rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certmap.py:446 -#, python-format -msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\"" +#: ipaserver/plugins/automember.py:325 +msgid "Auto Membership is not configured" msgstr "" -#: ipaserver/plugins/certmap.py:500 -msgid "Failed to connect to sssd over SystemBus. See details in the error_log" +#: ipaserver/plugins/automember.py:337 +msgid "" +"\n" +" Add conditions to an automember rule.\n" +" " msgstr "" -#: ipaserver/plugins/certmap.py:554 -msgid "Failed to find users over SystemBus. See details in the error_log" +#: ipaserver/plugins/automember.py:348 +#, python-format +msgid "Added condition(s) to \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certmap.py:571 -msgid "User logins" +#: ipaserver/plugins/automember.py:371 ipaserver/plugins/automember.py:455 +#, python-format +msgid "Auto member rule: %s not found!" msgstr "" -#: ipaserver/plugins/certmap.py:579 +#: ipaserver/plugins/automember.py:413 msgid "" "\n" -" Search for users matching the provided certificate.\n" +" Override this so we can add completed and failed to the return " +"result.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:428 +msgid "" "\n" -" This command relies on SSSD to retrieve the list of matching users and\n" -" may return cached data. For more information on purging SSSD cache,\n" -" please refer to sss_cache documentation.\n" +" Remove conditions from an automember rule.\n" " " msgstr "" -#: ipaserver/plugins/certmap.py:587 +#: ipaserver/plugins/automember.py:432 #, python-format -msgid "%(count)s user matched" -msgid_plural "%(count)s users matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/certmap.py:606 ipaserver/plugins/baseuser.py:463 -#: ipaserver/plugins/baseuser.py:950 ipaserver/plugins/idviews.py:1069 -msgid "Base-64 encoded user certificate" +msgid "Removed condition(s) from \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certprofile.py:21 +#: ipaserver/plugins/automember.py:496 msgid "" "\n" -"Manage Certificate Profiles\n" -"\n" -"Certificate Profiles are used by Certificate Authority (CA) in the signing " -"of\n" -"certificates to determine if a Certificate Signing Request (CSR) is " -"acceptable,\n" -"and if so what features and extensions will be present on the certificate.\n" -"\n" -"The Certificate Profile format is the property-list format understood by " -"the\n" -"Dogtag or Red Hat Certificate System CA.\n" -"\n" -"PROFILE ID SYNTAX:\n" -"\n" -"A Profile ID is a string without spaces or punctuation starting with a " -"letter\n" -"and followed by a sequence of letters, digits or underscore (\"_\").\n" -"\n" -"EXAMPLES:\n" -"\n" -" Import a profile that will not store issued certificates:\n" -" ipa certprofile-import ShortLivedUserCert \\\n" -" --file UserCert.profile --desc \"User Certificates\" \\\n" -" --store=false\n" -"\n" -" Delete a certificate profile:\n" -" ipa certprofile-del ShortLivedUserCert\n" -"\n" -" Show information about a profile:\n" -" ipa certprofile-show ShortLivedUserCert\n" -"\n" -" Save profile configuration to a file:\n" -" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" -"\n" -" Search for profiles that do not store certificates:\n" -" ipa certprofile-find --store=false\n" -"\n" -"PROFILE CONFIGURATION FORMAT:\n" -"\n" -"The profile configuration format is the raw property-list format\n" -"used by Dogtag Certificate System. The XML format is not supported.\n" -"\n" -"The following restrictions apply to profiles managed by IPA:\n" -"\n" -"- When importing a profile the \"profileId\" field, if present, must\n" -" match the ID given on the command line.\n" -"\n" -"- The \"classId\" field must be set to \"caEnrollImpl\"\n" -"\n" -"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" -"\n" -"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" -" class must be used.\n" -"\n" +" Override this so we can set completed and failed.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:86 ipaserver/plugins/cert.py:283 -msgid "CA is not configured" +#: ipaserver/plugins/automember.py:511 +msgid "" +"\n" +" Modify an automember rule.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:95 -msgid "invalid Profile ID" +#: ipaserver/plugins/automember.py:515 +#, python-format +msgid "Modified automember rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certprofile.py:106 ipaserver/plugins/certprofile.py:116 -msgid "Certificate Profile" +#: ipaserver/plugins/automember.py:525 +msgid "" +"\n" +" Delete an automember rule.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:107 ipaserver/plugins/certprofile.py:115 -msgid "Certificate Profiles" +#: ipaserver/plugins/automember.py:529 +#, python-format +msgid "Deleted automember rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certprofile.py:126 -msgid "Profile configuration" +#: ipaserver/plugins/automember.py:534 +msgid "" +"\n" +" Search for automember rules.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:190 +#: ipaserver/plugins/automember.py:540 ipaserver/plugins/automember.py:840 #, python-format -msgid "%(count)d profile matched" -msgid_plural "%(count)d profiles matched" +msgid "%(count)d rules matched" +msgid_plural "%(count)d rules matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/certprofile.py:222 -#, python-format -msgid "Imported profile \"%(value)s\"" +#: ipaserver/plugins/automember.py:552 +msgid "" +"\n" +" Display information about an automember rule.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:247 -#, python-format -msgid "Profile data specifies profileId multiple times: %(values)s" +#: ipaserver/plugins/automember.py:576 +msgid "" +"\n" +" Set default (fallback) group for all unmatched entries.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:255 +#: ipaserver/plugins/automember.py:590 #, python-format -msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'" +msgid "Set default (fallback) group for automember \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certprofile.py:282 -#, python-format -msgid "Deleted profile \"%(value)s\"" +#: ipaserver/plugins/automember.py:607 +msgid "" +"\n" +" Remove default (fallback) group for all unmatched entries.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:289 +#: ipaserver/plugins/automember.py:614 #, python-format -msgid "Predefined profile '%(profile_id)s' cannot be deleted" +msgid "Removed default (fallback) group for automember \"%(value)s\"" msgstr "" -#: ipaserver/plugins/certprofile.py:305 -#, python-format -msgid "Modified Certificate Profile \"%(value)s\"" +#: ipaserver/plugins/automember.py:625 ipaserver/plugins/automember.py:633 +#: ipaserver/plugins/automember.py:661 +msgid "No default (fallback) group set" msgstr "" -#: ipaserver/plugins/certprofile.py:322 -msgid "Certificate profiles cannot be renamed" +#: ipaserver/plugins/automember.py:644 +msgid "" +"\n" +" Display information about the default (fallback) automember groups.\n" +" " msgstr "" -#: ipaserver/plugins/certprofile.py:327 -msgid "Insufficient privilege to modify a certificate profile." +#: ipaserver/plugins/automember.py:675 +msgid "Task DN" msgstr "" -#: ipaserver/plugins/domainlevel.py:69 -#, python-brace-format -msgid "" -"Domain Level cannot be raised to {0}, existing replication conflicts have to " -"be resolved." +#: ipaserver/plugins/automember.py:676 +msgid "DN of the started task" msgstr "" -#: ipaserver/plugins/domainlevel.py:112 -msgid "Server does not support domain level functionality" +#: ipaserver/plugins/automember.py:727 +msgid "at least one of options: type, users, hosts must be specified" msgstr "" -#: ipaserver/plugins/domainlevel.py:147 -msgid "Domain Level cannot be lowered." +#: ipaserver/plugins/automember.py:733 +msgid "users and hosts cannot both be set" msgstr "" -#: ipaserver/plugins/domainlevel.py:155 -#, python-brace-format -msgid "Domain Level cannot be raised to {0}, server {1} does not support it." +#: ipaserver/plugins/automember.py:737 +msgid "hosts cannot be set when type is 'group'" msgstr "" -#: ipaserver/plugins/hbacrule.py:108 -msgid "The deny type has been deprecated." +#: ipaserver/plugins/automember.py:741 +msgid "users cannot be set when type is 'hostgroup'" msgstr "" -#: ipaserver/plugins/hbacrule.py:131 -msgid "HBAC rules" +#: ipaserver/plugins/automember.py:795 +msgid "Automember rebuild membership task started" msgstr "" -#: ipaserver/plugins/hbacrule.py:201 -msgid "HBAC Rules" +#: ipaserver/plugins/automember.py:799 ipaserver/plugins/internal.py:168 +msgid "Automember rebuild membership task completed" msgstr "" -#: ipaserver/plugins/hbacrule.py:302 +#: ipaserver/plugins/automember.py:815 #, python-format -msgid "Added HBAC rule \"%(value)s\"" +msgid "Task DN = '%s'" msgstr "" -#: ipaserver/plugins/hbacrule.py:316 -#, python-format -msgid "Deleted HBAC rule \"%(value)s\"" +#: ipaserver/plugins/automember.py:818 ipaserver/plugins/internal.py:1970 +msgid "Automember" msgstr "" -#: ipaserver/plugins/hbacrule.py:333 -#, python-format -msgid "Modified HBAC rule \"%(value)s\"" +#: ipaserver/plugins/automember.py:828 +msgid "" +"\n" +" Search for orphan automember rules. The command might need to be run as\n" +" a privileged user user to get all orphan rules.\n" +" " msgstr "" -#: ipaserver/plugins/hbacrule.py:368 -#, python-format -msgid "%(count)d HBAC rule matched" -msgid_plural "%(count)d HBAC rules matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/hbacrule.py:383 -#, python-format -msgid "Enabled HBAC rule \"%(value)s\"" +#: ipaserver/plugins/automember.py:835 +msgid "Remove orphan automember rules" msgstr "" - -#: ipaserver/plugins/hbacrule.py:413 -#, python-format -msgid "Disabled HBAC rule \"%(value)s\"" + +#: ipaserver/plugins/batch.py:35 +msgid "" +"\n" +"Plugin to make multiple ipa calls via one remote procedure call\n" +"\n" +"To run this code in the lite-server\n" +"\n" +"curl -H \"Content-Type:application/json\" -H \"Accept:application/" +"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" +"etc/ipa/ca.crt -d @batch_request.json -X POST http://" +"localhost:8888/ipa/json\n" +"\n" +"where the contents of the file batch_request.json follow the below example\n" +"\n" +"{\"method\":\"batch\",\"params\":[[\n" +" {\"method\":\"group_find\",\"params\":[[],{}]},\n" +" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\"," +"\"all\":\"true\"}]},\n" +" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" +" ],{}],\"id\":1}\n" +"\n" +"The format of the response is nested the same way. At the top you will see\n" +" \"error\": null,\n" +" \"id\": 1,\n" +" \"result\": {\n" +" \"count\": 3,\n" +" \"results\": [\n" +"\n" +"\n" +"And then a nested response for each IPA command method sent in the request\n" +"\n" msgstr "" -#: ipaserver/plugins/hbacrule.py:447 ipaserver/plugins/hbacrule.py:478 -msgid "Access time" +#: ipaserver/plugins/batch.py:71 +msgid "Make multiple ipa calls via one remote procedure call" msgstr "" -#: ipaserver/plugins/hbacrule.py:565 -msgid "Add source hosts and hostgroups to an HBAC rule." +#: ipaserver/plugins/batch.py:122 +msgid "must contain a tuple (list, dict)" msgstr "" #: ipaserver/plugins/hbactest.py:39 ipaserver/plugins/cert.py:64 @@ -16264,10987 +16536,11027 @@ msgstr "" msgid "Access granted: %s" msgstr "" -#: ipaserver/plugins/hostgroup.py:35 -msgid "" -"\n" -"Groups of hosts.\n" -"\n" -"Manage groups of hosts. This is useful for applying access control to a\n" -"number of hosts by using Host-based Access Control.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new host group:\n" -" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" -"\n" -" Add another new host group:\n" -" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" -"\n" -" Add members to the hostgroup (using Bash brace expansion):\n" -" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" -"\n" -" Add a hostgroup as a member of another hostgroup:\n" -" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" -"\n" -" Remove a host from the hostgroup:\n" -" ipa hostgroup-remove-member --hosts=box2 baltimore\n" -"\n" -" Display a host group:\n" -" ipa hostgroup-show baltimore\n" -"\n" -" Add a member manager:\n" -" ipa hostgroup-add-member-manager --users=user1 baltimore\n" -"\n" -" Remove a member manager\n" -" ipa hostgroup-remove-member-manager --users=user1 baltimore\n" -"\n" -" Delete a hostgroup:\n" -" ipa hostgroup-del baltimore\n" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:107 -msgid "host groups" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:179 -msgid "Host Group" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:223 -#, python-format -msgid "Added hostgroup \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:239 -#, python-format -msgid "" -"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a " -"common namespace" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:262 -#, python-format -msgid "Deleted hostgroup \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:266 ipaserver/plugins/hostgroup.py:284 -#: ipaserver/plugins/hostgroup.py:349 -msgid "hostgroup" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:268 ipaserver/plugins/hostgroup.py:286 -msgid "privileged hostgroup" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:278 -#, python-format -msgid "Modified hostgroup \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/hostgroup.py:303 -#, python-format -msgid "%(count)d hostgroup matched" -msgid_plural "%(count)d hostgroups matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/hostgroup.py:362 -msgid "Add users that can manage members of this hostgroup." -msgstr "" - -#: ipaserver/plugins/hostgroup.py:372 -msgid "Remove users that can manage members of this hostgroup." -msgstr "" - -#: ipaserver/plugins/join.py:125 +#: ipaserver/plugins/privilege.py:76 #, python-format msgid "" -"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry " -"'%s'." -msgstr "" - -#: ipaserver/plugins/ldap2.py:278 -msgid "Could not read UPG Definition originfilter. Check your permissions." -msgstr "" - -#: ipaserver/plugins/location.py:33 -msgid "" -"\n" -"IPA locations\n" -msgstr "" - -#: ipaserver/plugins/location.py:35 -msgid "" -"\n" -"Manipulate DNS locations\n" -msgstr "" - -#: ipaserver/plugins/location.py:39 -msgid "" -"\n" -" Find all locations:\n" -" ipa location-find\n" -msgstr "" - -#: ipaserver/plugins/location.py:42 -msgid "" -"\n" -" Show specific location:\n" -" ipa location-show location\n" -msgstr "" - -#: ipaserver/plugins/location.py:45 -msgid "" -"\n" -" Add location:\n" -" ipa location-add location --description 'My location'\n" -msgstr "" - -#: ipaserver/plugins/location.py:48 -msgid "" -"\n" -" Delete location:\n" -" ipa location-del location\n" -msgstr "" - -#: ipaserver/plugins/location.py:62 -msgid "location" -msgstr "" - -#: ipaserver/plugins/location.py:63 -msgid "locations" -msgstr "" - -#: ipaserver/plugins/location.py:69 -msgid "IPA Locations" -msgstr "" - -#: ipaserver/plugins/location.py:70 -msgid "IPA Location" -msgstr "" - -#: ipaserver/plugins/location.py:103 -msgid "Location name" -msgstr "" - -#: ipaserver/plugins/location.py:104 -msgid "IPA location name" -msgstr "" - -#: ipaserver/plugins/location.py:112 -msgid "IPA Location description" -msgstr "" - -#: ipaserver/plugins/location.py:116 -msgid "Servers" -msgstr "" - -#: ipaserver/plugins/location.py:117 -msgid "Servers that belongs to the IPA location" -msgstr "" - -#: ipaserver/plugins/location.py:122 -msgid "Advertised by servers" -msgstr "" - -#: ipaserver/plugins/location.py:123 -msgid "List of servers which advertise the given location" -msgstr "" - -#: ipaserver/plugins/location.py:138 -msgid "Add a new IPA location." -msgstr "" - -#: ipaserver/plugins/location.py:140 -#, python-format -msgid "Added IPA location \"%(value)s\"" +"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a " +"privilege" msgstr "" -#: ipaserver/plugins/location.py:145 -msgid "Delete an IPA location." +#: ipaserver/plugins/privilege.py:149 +msgid "Privilege" msgstr "" -#: ipaserver/plugins/location.py:147 +#: ipaserver/plugins/privilege.py:169 #, python-format -msgid "Deleted IPA location \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/location.py:157 ipaserver/plugins/internal.py:1976 -#: ipaserver/plugins/server.py:71 -msgid "IPA Server" -msgstr "" - -#: ipaserver/plugins/location.py:170 -msgid "Modify information about an IPA location." +msgid "Added privilege \"%(value)s\"" msgstr "" -#: ipaserver/plugins/location.py:172 +#: ipaserver/plugins/privilege.py:176 #, python-format -msgid "Modified IPA location \"%(value)s\"" +msgid "Deleted privilege \"%(value)s\"" msgstr "" -#: ipaserver/plugins/location.py:177 -msgid "Search for IPA locations." +#: ipaserver/plugins/privilege.py:183 +#, python-format +msgid "Modified privilege \"%(value)s\"" msgstr "" -#: ipaserver/plugins/location.py:180 +#: ipaserver/plugins/privilege.py:191 #, python-format -msgid "%(count)d IPA location matched" -msgid_plural "%(count)d IPA locations matched" +msgid "%(count)d privilege matched" +msgid_plural "%(count)d privileges matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/location.py:187 -msgid "Display information about an IPA location." -msgstr "" - -#: ipaserver/plugins/location.py:193 -msgid "Servers in location" -msgstr "" - -#: ipaserver/plugins/migration.py:46 +#: ipaserver/plugins/caacl.py:21 msgid "" "\n" -"Migration to IPA\n" -"\n" -"Migrate users and groups from an LDAP server to IPA.\n" -"\n" -"This performs an LDAP query against the remote server searching for\n" -"users and groups in a container. In order to migrate passwords you need\n" -"to bind as a user that can read the userPassword attribute on the remote\n" -"server. This is generally restricted to high-level admins such as\n" -"cn=Directory Manager in 389-ds (this is the default bind user).\n" -"\n" -"The default user container is ou=People.\n" -"\n" -"The default group container is ou=Groups.\n" +"Manage CA ACL rules.\n" "\n" -"Users and groups that already exist on the IPA server are skipped.\n" +"This plugin is used to define rules governing which CAs and profiles\n" +"may be used to issue certificates to particular principals or groups\n" +"of principals.\n" "\n" -"Two LDAP schemas define how group members are stored: RFC2307 and\n" -"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" -"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" +"SUBJECT PRINCIPAL SCOPE:\n" "\n" -"The schema compat feature allows IPA to reformat data for systems that\n" -"do not support RFC2307bis. It is recommended that this feature is disabled\n" -"during migration to reduce system overhead. It can be re-enabled after\n" -"migration. To migrate with it enabled use the \"--with-compat\" option.\n" +"For a certificate request to be allowed, the principal(s) that are\n" +"the subject of a certificate request (not necessarily the principal\n" +"actually requesting the certificate) must be included in the scope\n" +"of a CA ACL that also includes the target CA and profile.\n" "\n" -"Migrated users do not have Kerberos credentials, they have only their\n" -"LDAP password. To complete the migration process, users need to go\n" -"to http://ipa.example.com/ipa/migration and authenticate using their\n" -"LDAP password in order to generate their Kerberos credentials.\n" +"Users can be included by name, group or the \"all users\" category.\n" +"Hosts can be included by name, hostgroup or the \"all hosts\"\n" +"category. Services can be included by service name or the \"all\n" +"services\" category. CA ACLs may be associated with a single type of\n" +"principal, or multiple types.\n" "\n" -"Migration is disabled by default. Use the command ipa config-mod to\n" -"enable it:\n" +"CERTIFICATE AUTHORITY SCOPE:\n" "\n" -" ipa config-mod --enable-migration=TRUE\n" +"A CA ACL can be associated with one or more CAs by name, or by the\n" +"\"all CAs\" category. For compatibility reasons, a CA ACL with no CA\n" +"association implies an association with the 'ipa' CA (and only this\n" +"CA).\n" "\n" -"If a base DN is not provided with --basedn then IPA will use either\n" -"the value of defaultNamingContext if it is set or the first value\n" -"in namingContexts set in the root of the remote LDAP server.\n" +"PROFILE SCOPE:\n" "\n" -"Users are added as members to the default user group. This can be a\n" -"time-intensive task so during migration this is done in a batch\n" -"mode for every 100 users. As a result there will be a window in which\n" -"users will be added to IPA but will not be members of the default\n" -"user group.\n" +"A CA ACL can be associated with one or more profiles by Profile ID.\n" +"The Profile ID is a string without spaces or punctuation starting\n" +"with a letter and followed by a sequence of letters, digits or\n" +"underscore (\"_\").\n" "\n" "EXAMPLES:\n" "\n" -" The simplest migration, accepting all defaults:\n" -" ipa migrate-ds ldap://ds.example.com:389\n" -"\n" -" Specify the user and group container. This can be used to migrate user\n" -" and group data from an IPA v1 server:\n" -" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" -" --group-container='cn=groups,cn=accounts' \\\n" -" ldap://ds.example.com:389\n" -"\n" -" Since IPA v2 server already contain predefined groups that may collide " -"with\n" -" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" -" having colliding group as their primary group may happen to belong to\n" -" an unknown group on new IPA v2 server.\n" -" Use --group-overwrite-gid option to overwrite GID of already existing " -"groups\n" -" to prevent this issue:\n" -" ipa migrate-ds --group-overwrite-gid \\\n" -" --user-container='cn=users,cn=accounts' \\\n" -" --group-container='cn=groups,cn=accounts' \\\n" -" ldap://ds.example.com:389\n" -"\n" -" Migrated users or groups may have object class and accompanied attributes\n" -" unknown to the IPA v2 server. These object classes and attributes may be\n" -" left out of the migration process:\n" -" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" -" --group-container='cn=groups,cn=accounts' \\\n" -" --user-ignore-objectclass=radiusprofile \\\n" -" --user-ignore-attribute=radiusgroupname \\\n" -" ldap://ds.example.com:389\n" +" Create a CA ACL \"test\" that grants all users access to the\n" +" \"UserCert\" profile on all CAs:\n" +" ipa caacl-add test --usercat=all --cacat=all\n" +" ipa caacl-add-profile test --certprofiles UserCert\n" "\n" -"LOGGING\n" +" Display the properties of a named CA ACL:\n" +" ipa caacl-show test\n" "\n" -"Migration will log warnings and errors to the Apache error log. This\n" -"file should be evaluated post-migration to correct or investigate any\n" -"issues that were discovered.\n" +" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile on \"DNP3-" +"CA\":\n" +" ipa caacl-add alice_dnp3\n" +" ipa caacl-add-ca alice_dnp3 --cas DNP3-CA\n" +" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" +" ipa caacl-add-user alice_dnp3 --user=alice\n" "\n" -"For every 100 users migrated an info-level message will be displayed to\n" -"give the current progress and duration to make it possible to track\n" -"the progress of migration.\n" +" Disable a CA ACL:\n" +" ipa caacl-disable test\n" "\n" -"If the log level is debug, either by setting debug = True in\n" -"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " -"printed\n" -"for each user added plus a summary when the default user group is\n" -"updated.\n" +" Remove a CA ACL:\n" +" ipa caacl-del test\n" msgstr "" -#: ipaserver/plugins/migration.py:145 -#, python-format -msgid "" -"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." +#: ipaserver/plugins/caacl.py:87 ipaserver/plugins/caacl.py:165 +#: ipaserver/plugins/caacl.py:263 +msgid "CA ACL" msgstr "" -#: ipaserver/plugins/migration.py:146 -#, python-format -msgid "" -"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-" -"mod' to set it manually." +#: ipaserver/plugins/caacl.py:88 ipaserver/plugins/caacl.py:164 +msgid "CA ACLs" msgstr "" -#: ipaserver/plugins/migration.py:147 -msgid "" -"Failed to add user to the default group. Use 'ipa group-add-member' to add " -"manually." +#: ipaserver/plugins/caacl.py:183 +msgid "CA category" msgstr "" -#: ipaserver/plugins/migration.py:148 -msgid "Migration of LDAP search reference is not supported." +#: ipaserver/plugins/caacl.py:184 +msgid "CA category the ACL applies to" msgstr "" -#: ipaserver/plugins/migration.py:149 -msgid "Malformed DN" +#: ipaserver/plugins/caacl.py:212 +msgid "CAs" msgstr "" -#: ipaserver/plugins/migration.py:194 +#: ipaserver/plugins/caacl.py:246 #, python-format -msgid "%(user)s is not a POSIX user" +msgid "Added CA ACL \"%(value)s\"" msgstr "" -#: ipaserver/plugins/migration.py:461 -msgid "" -". Check GID of the existing group. Use --group-overwrite-gid option to " -"overwrite the GID" +#: ipaserver/plugins/caacl.py:258 +#, python-format +msgid "Deleted CA ACL \"%(value)s\"" msgstr "" -#: ipaserver/plugins/migration.py:476 -msgid "Invalid LDAP URI." +#: ipaserver/plugins/caacl.py:265 +msgid "default CA ACL can be only disabled" msgstr "" -#: ipaserver/plugins/migration.py:678 +#: ipaserver/plugins/caacl.py:273 #, python-format -msgid "%s to exclude from migration" +msgid "Modified CA ACL \"%(value)s\"" msgstr "" -#: ipaserver/plugins/migration.py:680 -msgid "" -"search results for objects to be migrated\n" -"have been truncated by the server;\n" -"migration process might be incomplete\n" +#: ipaserver/plugins/caacl.py:285 +msgid "CA category cannot be set to 'all' while there are allowed CAs" msgstr "" -#: ipaserver/plugins/migration.py:769 -#, python-format +#: ipaserver/plugins/caacl.py:290 msgid "" -"%(container)s LDAP search did not return any result (search base: " -"%(search_base)s, objectclass: %(objectclass)s)" +"profile category cannot be set to 'all' while there are allowed profiles" msgstr "" -#: ipaserver/plugins/migration.py:804 ipaserver/plugins/user.py:619 -msgid "Default group for new users not found" +#: ipaserver/plugins/caacl.py:302 ipaserver/plugins/hbacrule.py:356 +msgid "" +"service category cannot be set to 'all' while there are allowed services" msgstr "" -#: ipaserver/plugins/otptoken.py:42 -msgid "" -"\n" -"OTP Tokens\n" +#: ipaserver/plugins/caacl.py:312 +#, python-format +msgid "%(count)d CA ACL matched" +msgid_plural "%(count)d CA ACLs matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/caacl.py:325 +#, python-format +msgid "Enabled CA ACL \"%(value)s\"" msgstr "" -#: ipaserver/plugins/otptoken.py:44 -msgid "" -"\n" -"Manage OTP tokens.\n" +#: ipaserver/plugins/caacl.py:354 +#, python-format +msgid "Disabled CA ACL \"%(value)s\"" msgstr "" -#: ipaserver/plugins/otptoken.py:46 -msgid "" -"\n" -"IPA supports the use of OTP tokens for multi-factor authentication. This\n" -"code enables the management of OTP tokens.\n" +#: ipaserver/plugins/caacl.py:385 +#, python-format +msgid "%i user or group added." msgstr "" -#: ipaserver/plugins/otptoken.py:51 -msgid "" -"\n" -" Add a new token:\n" -" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" +#: ipaserver/plugins/caacl.py:386 +#, python-format +msgid "%i users or groups added." msgstr "" -#: ipaserver/plugins/otptoken.py:54 -msgid "" -"\n" -" Examine the token:\n" -" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" +#: ipaserver/plugins/caacl.py:397 ipaserver/plugins/hbacrule.py:518 +#: ipaserver/plugins/selinuxusermap.py:572 ipaserver/plugins/sudorule.py:607 +msgid "users cannot be added when user category='all'" msgstr "" -#: ipaserver/plugins/otptoken.py:57 -msgid "" -"\n" -" Change the vendor:\n" -" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red " -"Hat\"\n" +#: ipaserver/plugins/caacl.py:407 +#, python-format +msgid "%i user or group removed." msgstr "" -#: ipaserver/plugins/otptoken.py:60 -msgid "" -"\n" -" Delete a token:\n" -" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +#: ipaserver/plugins/caacl.py:408 +#, python-format +msgid "%i users or groups removed." msgstr "" -#: ipaserver/plugins/otptoken.py:137 -msgid "OTP token" +#: ipaserver/plugins/caacl.py:417 +#, python-format +msgid "%i host or hostgroup added." msgstr "" -#: ipaserver/plugins/otptoken.py:138 -msgid "OTP tokens" +#: ipaserver/plugins/caacl.py:418 +#, python-format +msgid "%i hosts or hostgroups added." msgstr "" -#: ipaserver/plugins/otptoken.py:154 -msgid "OTP Tokens" +#: ipaserver/plugins/caacl.py:429 ipaserver/plugins/hbacrule.py:549 +#: ipaserver/plugins/selinuxusermap.py:605 ipaserver/plugins/sudorule.py:710 +msgid "hosts cannot be added when host category='all'" msgstr "" -#: ipaserver/plugins/otptoken.py:155 -msgid "OTP Token" +#: ipaserver/plugins/caacl.py:439 +#, python-format +msgid "%i host or hostgroup removed." msgstr "" -#: ipaserver/plugins/otptoken.py:272 -msgid "URI" +#: ipaserver/plugins/caacl.py:440 +#, python-format +msgid "%i hosts or hostgroups removed." msgstr "" -#: ipaserver/plugins/otptoken.py:281 +#: ipaserver/plugins/caacl.py:448 #, python-format -msgid "Added OTP token \"%(value)s\"" +msgid "%i service added." msgstr "" -#: ipaserver/plugins/otptoken.py:335 -msgid "cannot be empty" +#: ipaserver/plugins/caacl.py:448 +#, python-format +msgid "%i services added." msgstr "" -#: ipaserver/plugins/otptoken.py:367 +#: ipaserver/plugins/caacl.py:459 ipaserver/plugins/hbacrule.py:606 +msgid "services cannot be added when service category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:468 #, python-format -msgid "Deleted OTP token \"%(value)s\"" +msgid "%i service removed." msgstr "" -#: ipaserver/plugins/otptoken.py:373 +#: ipaserver/plugins/caacl.py:468 #, python-format -msgid "Modified OTP token \"%(value)s\"" +msgid "%i services removed." msgstr "" -#: ipaserver/plugins/otptoken.py:422 +#: ipaserver/plugins/caacl.py:488 #, python-format -msgid "%(count)d OTP token matched" -msgid_plural "%(count)d OTP tokens matched" -msgstr[0] "" -msgstr[1] "" +msgid "%i profile added." +msgstr "" -#: ipaserver/plugins/passwd.py:40 -msgid "" -"\n" -"Set a user's password\n" -"\n" -"If someone other than a user changes that user's password (e.g., Helpdesk\n" -"resets it) then the password will need to be changed the first time it\n" -"is used. This is so the end-user is the only one who knows the password.\n" -"\n" -"The IPA password policy controls how often a password may be changed,\n" -"what strength requirements exist, and the length of the password history.\n" -"\n" -"If the user authentication method is set to password+OTP, the user should\n" -"pass the --otp option when resetting the password.\n" -"\n" -"EXAMPLES:\n" -"\n" -" To reset your own password:\n" -" ipa passwd\n" -"\n" -" To reset your own password when password+OTP is set as authentication " -"method:\n" -" ipa passwd --otp\n" -"\n" -" To change another user's password:\n" -" ipa passwd tuser1\n" +#: ipaserver/plugins/caacl.py:488 +#, python-format +msgid "%i profiles added." msgstr "" -#: ipaserver/plugins/passwd.py:114 -msgid "The OTP if the user has a token configured" +#: ipaserver/plugins/caacl.py:499 +msgid "profiles cannot be added when profile category='all'" msgstr "" -#: ipaserver/plugins/passwd.py:120 +#: ipaserver/plugins/caacl.py:510 #, python-format -msgid "Changed password for \"%(value)s\"" +msgid "%i profile removed." msgstr "" -#: ipaserver/plugins/privilege.py:76 +#: ipaserver/plugins/caacl.py:510 #, python-format -msgid "" -"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a " -"privilege" +msgid "%i profiles removed." msgstr "" -#: ipaserver/plugins/privilege.py:149 -msgid "Privilege" +#: ipaserver/plugins/caacl.py:515 +msgid "Add CAs to a CA ACL." msgstr "" -#: ipaserver/plugins/privilege.py:169 +#: ipaserver/plugins/caacl.py:520 #, python-format -msgid "Added privilege \"%(value)s\"" +msgid "%i CA added." msgstr "" -#: ipaserver/plugins/privilege.py:176 +#: ipaserver/plugins/caacl.py:520 #, python-format -msgid "Deleted privilege \"%(value)s\"" +msgid "%i CAs added." msgstr "" -#: ipaserver/plugins/privilege.py:183 +#: ipaserver/plugins/caacl.py:531 +msgid "CAs cannot be added when CA category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:537 +msgid "Remove CAs from a CA ACL." +msgstr "" + +#: ipaserver/plugins/caacl.py:542 #, python-format -msgid "Modified privilege \"%(value)s\"" +msgid "%i CA removed." msgstr "" -#: ipaserver/plugins/privilege.py:191 +#: ipaserver/plugins/caacl.py:542 #, python-format -msgid "%(count)d privilege matched" -msgid_plural "%(count)d privileges matched" -msgstr[0] "" -msgstr[1] "" +msgid "%i CAs removed." +msgstr "" -#: ipaserver/plugins/realmdomains.py:34 +#: ipaserver/plugins/certmap.py:50 msgid "" "\n" -"Realm domains\n" -"\n" -"Manage the list of domains associated with IPA realm.\n" -"\n" -"This list is useful for Domain Controllers from other realms which have\n" -"established trust with this IPA realm. They need the information to know\n" -"which request should be forwarded to KDC of this IPA realm.\n" -"\n" -"Automatic management: a domain is automatically added to the realm domains\n" -"list when a new DNS Zone managed by IPA is created. Same applies for " -"deletion.\n" -"\n" -"Externally managed DNS: domains which are not managed in IPA server DNS\n" -"need to be manually added to the list using ipa realmdomains-mod command.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Display the current list of realm domains:\n" -" ipa realmdomains-show\n" -"\n" -" Replace the list of realm domains:\n" -" ipa realmdomains-mod --domain=example.com\n" -" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" -"\n" -" Add a domain to the list of realm domains:\n" -" ipa realmdomains-mod --add-domain=newdomain.com\n" -"\n" -" Delete a domain from the list of realm domains:\n" -" ipa realmdomains-mod --del-domain=olddomain.com\n" +"Certificate Identity Mapping\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:85 -msgid "Realm domains" +#: ipaserver/plugins/certmap.py:52 +msgid "" +"\n" +"Manage Certificate Identity Mapping configuration and rules.\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:107 ipaserver/plugins/realmdomains.py:108 -#: ipaserver/plugins/internal.py:1288 -msgid "Realm Domains" +#: ipaserver/plugins/certmap.py:54 +msgid "" +"\n" +"IPA supports the use of certificates for authentication. Certificates can\n" +"either be stored in the user entry (full certificate in the usercertificate\n" +"attribute), or simply linked to the user entry through a mapping.\n" +"This code enables the management of the rules allowing to link a\n" +"certificate to a user entry.\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:134 +#: ipaserver/plugins/certmap.py:62 msgid "" "\n" -" Modify realm domains\n" +" Display the Certificate Identity Mapping global configuration:\n" +" ipa certmapconfig-show\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:65 +msgid "" "\n" -" DNS check: When manually adding a domain to the list, a DNS check is\n" -" performed by default. It ensures that the domain is associated with\n" -" the IPA realm, by checking whether the domain has a _kerberos TXT " -"record\n" -" containing the IPA realm name. This check can be skipped by specifying\n" -" --force option.\n" +" Modify Certificate Identity Mapping global configuration:\n" +" ipa certmapconfig-mod --promptusername=TRUE\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:68 +msgid "" "\n" -" Removal: when a realm domain which has a matching DNS zone managed by\n" -" IPA is being removed, a corresponding _kerberos TXT record in the zone " -"is\n" -" removed automatically as well. Other records in the zone or the zone\n" -" itself are not affected.\n" -" " +" Create a new Certificate Identity Mapping Rule:\n" +" ipa certmaprule-add rule1 --desc=\"Link certificate with subject and " +"issuer\"\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:177 -#, python-format +#: ipaserver/plugins/certmap.py:71 msgid "" -"DNS zone for each realmdomain must contain SOA or NS records. No records " -"found for: %s" +"\n" +" Modify a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-mod rule1 --maprule=\"\"\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:203 -#, python-format -msgid "The following domains do not belong to this realm: %(domains)s" +#: ipaserver/plugins/certmap.py:74 +msgid "" +"\n" +" Disable a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-disable rule1\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:218 -#, python-format +#: ipaserver/plugins/certmap.py:77 msgid "" -"The realm of the following domains could not be detected: %(domains)s. If " -"these are domains that belong to the this realm, please create a _kerberos " -"TXT record containing \"%(realm)s\" in each of them." +"\n" +" Enable a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-enable rule1\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:241 +#: ipaserver/plugins/certmap.py:80 msgid "" -"The --domain option cannot be used together with --add-domain or --del-" -"domain. Use --domain to specify the whole realm domain list explicitly, to " -"add/remove individual domains, use --add-domain/del-domain." +"\n" +" Display information about a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-show rule1\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:252 -msgid "IPA server domain cannot be omitted" +#: ipaserver/plugins/certmap.py:83 +msgid "" +"\n" +" Find all Certificate Identity Mapping Rules with the specified domain:\n" +" ipa certmaprule-find --domain example.com\n" msgstr "" -#: ipaserver/plugins/realmdomains.py:274 -msgid "IPA server domain cannot be deleted" +#: ipaserver/plugins/certmap.py:86 +msgid "" +"\n" +" Delete a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-del rule1\n" msgstr "" -#: ipaserver/plugins/role.py:143 -msgid "Role" +#: ipaserver/plugins/certmap.py:141 ipaserver/plugins/certmap.py:148 +#: ipaserver/plugins/certmap.py:175 ipaserver/plugins/trust.py:852 +msgid "domain" msgstr "" -#: ipaserver/plugins/role.py:164 +#: ipaserver/plugins/certmap.py:142 #, python-format -msgid "Added role \"%(value)s\"" +msgid "" +"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check." msgstr "" -#: ipaserver/plugins/role.py:172 -#, python-format -msgid "Deleted role \"%(value)s\"" +#: ipaserver/plugins/certmap.py:149 +msgid "" +"The mapping rule with altSecurityIdentities should be applied to a trusted " +"Active Directory domain but no domain was associated with the rule." msgstr "" -#: ipaserver/plugins/role.py:180 +#: ipaserver/plugins/certmap.py:176 #, python-format -msgid "Modified role \"%(value)s\"" +msgid "The domain %s is neither IPA domain nor a trusteddomain." msgstr "" -#: ipaserver/plugins/role.py:189 -#, python-format -msgid "%(count)d role matched" -msgid_plural "%(count)d roles matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/selinuxusermap.py:89 -msgid "HBAC rule and local members cannot both be set" +#: ipaserver/plugins/certmap.py:186 +msgid "Certificate Identity Mapping configuration options" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:128 -msgid "Invalid SELinux user name, must match {}" +#: ipaserver/plugins/certmap.py:191 ipaserver/plugins/certmap.py:192 +msgid "Certificate Identity Mapping Global Configuration" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:142 -#, python-brace-format -msgid "Invalid MLS value, must match {mls}, where max level {mls_max}" +#: ipaserver/plugins/certmap.py:198 +msgid "Prompt for the username" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:147 -#, python-brace-format -msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}" +#: ipaserver/plugins/certmap.py:199 +msgid "" +"Prompt for the username when multiple identities are mapped to a certificate" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:161 -msgid "SELinux user map list not found in configuration" +#: ipaserver/plugins/certmap.py:229 +msgid "Modify Certificate Identity Mapping configuration." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:166 -#, python-format -msgid "SELinux user %(user)s not found in ordering list (in config)" +#: ipaserver/plugins/certmap.py:234 +msgid "Show the current Certificate Identity Mapping configuration." msgstr "" -#: ipaserver/plugins/selinuxusermap.py:176 -msgid "SELinux User Map rule" +#: ipaserver/plugins/certmap.py:243 ipaserver/plugins/certmap.py:247 +msgid "Certificate Identity Mapping Rules" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:177 -msgid "SELinux User Map rules" +#: ipaserver/plugins/certmap.py:244 ipaserver/plugins/certmap.py:246 +msgid "Certificate Identity Mapping Rule" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:233 -msgid "SELinux User Maps" +#: ipaserver/plugins/certmap.py:274 +msgid "Certificate Identity Mapping Rule name" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:234 -msgid "SELinux User Map" +#: ipaserver/plugins/certmap.py:280 +msgid "Certificate Identity Mapping Rule description" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:309 -#, python-format -msgid "HBAC rule %(rule)s not found" +#: ipaserver/plugins/certmap.py:285 +msgid "Mapping rule" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:330 -#, python-format -msgid "Added SELinux User Map \"%(value)s\"" +#: ipaserver/plugins/certmap.py:286 +msgid "Rule used to map the certificate with a user entry" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:368 -#, python-format -msgid "Deleted SELinux User Map \"%(value)s\"" +#: ipaserver/plugins/certmap.py:291 +msgid "Matching rule" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:376 -#, python-format -msgid "Modified SELinux User Map \"%(value)s\"" +#: ipaserver/plugins/certmap.py:292 +msgid "Rule used to check if a certificate can be used for authentication" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:449 -#, python-format -msgid "%(count)d SELinux User Map matched" -msgid_plural "%(count)d SELinux User Maps matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/selinuxusermap.py:499 -#, python-format -msgid "Enabled SELinux User Map \"%(value)s\"" +#: ipaserver/plugins/certmap.py:299 +msgid "Domain where the user entry will be searched" msgstr "" -#: ipaserver/plugins/selinuxusermap.py:529 -#, python-format -msgid "Disabled SELinux User Map \"%(value)s\"" +#: ipaserver/plugins/certmap.py:305 +msgid "Priority of the rule (higher number means lower priority" msgstr "" -#: ipaserver/plugins/serverroles.py:84 -#, python-brace-format -msgid "{role}: role not found" +#: ipaserver/plugins/certmap.py:356 +msgid "Create a new Certificate Identity Mapping Rule." msgstr "" -#: ipaserver/plugins/serverroles.py:178 -#, python-brace-format -msgid "{attr}: no such attribute" +#: ipaserver/plugins/certmap.py:358 +#, python-format +msgid "Added Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:26 -msgid "" -"\n" -"Service Constrained Delegation\n" -"\n" -"Manage rules to allow constrained delegation of credentials so\n" -"that a service can impersonate a user when communicating with another\n" -"service without requiring the user to actually forward their TGT.\n" -"This makes for a much better method of delegating credentials as it\n" -"prevents exposure of the short term secret of the user.\n" -"\n" -"The naming convention is to append the word \"target\" or \"targets\" to\n" -"a matching rule name. This is not mandatory but helps conceptually\n" -"to associate rules and targets.\n" -"\n" -"A rule consists of two things:\n" -" - A list of targets the rule applies to\n" -" - A list of memberPrincipals that are allowed to delegate for\n" -" those targets\n" -"\n" -"A target consists of a list of principals that can be delegated.\n" -"\n" -"In English, a rule says that this principal can delegate as this\n" -"list of principals, as defined by these targets.\n" -"\n" -"In both a rule and a target Kerberos principals may be specified\n" -"by their name or an alias and the realm can be omitted. Additionally,\n" -"hosts can be specified by their names. If Kerberos principal specified\n" -"has a single component and does not end with '$' sign, it will be treated\n" -"as a host name. Kerberos principal names ending with '$' are typically\n" -"used as aliases for Active Directory-related services.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new constrained delegation rule:\n" -" ipa servicedelegationrule-add ftp-delegation\n" -"\n" -" Add a new constrained delegation target:\n" -" ipa servicedelegationtarget-add ftp-delegation-target\n" -"\n" -" Add a principal to the rule:\n" -" ipa servicedelegationrule-add-member --principals=ftp/ipa.example." -"com ftp-delegation\n" -"\n" -" Add a host principal of the host 'ipa.example.com' to the rule:\n" -" ipa servicedelegationrule-add-member --principals=ipa.example.com " -"ftp-delegation\n" -"\n" -" Add our target to the rule:\n" -" ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-" -"delegation-target ftp-delegation\n" -"\n" -" Add a principal to the target:\n" -" ipa servicedelegationtarget-add-member --principals=ldap/ipa.example." -"com ftp-delegation-target\n" -"\n" -" Display information about a named delegation rule and target:\n" -" ipa servicedelegationrule_show ftp-delegation\n" -" ipa servicedelegationtarget_show ftp-delegation-target\n" -"\n" -" Remove a constrained delegation:\n" -" ipa servicedelegationrule-del ftp-delegation-target\n" -" ipa servicedelegationtarget-del ftp-delegation\n" -"\n" -"In this example the ftp service can get a TGT for the ldap service on\n" -"the bound user's behalf.\n" -"\n" -"It is strongly discouraged to modify the delegations that ship with\n" -"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n" -"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n" -"to delegate, causing the framework to stop functioning.\n" +#: ipaserver/plugins/certmap.py:369 +msgid "Modify a Certificate Identity Mapping Rule." msgstr "" -#: ipaserver/plugins/servicedelegation.py:172 -msgid "Allowed to Impersonate" +#: ipaserver/plugins/certmap.py:371 +#, python-format +msgid "Modified Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:177 -msgid "Member principals" +#: ipaserver/plugins/certmap.py:392 +msgid "Search for Certificate Identity Mapping Rules." msgstr "" -#: ipaserver/plugins/servicedelegation.py:189 +#: ipaserver/plugins/certmap.py:395 #, python-format -msgid "Malformed principal: %(error)s" +msgid "%(count)d Certificate Identity Mapping Rule matched" +msgid_plural "%(count)d Certificate Identity Mapping Rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certmap.py:402 +msgid "Display information about a Certificate Identity Mapping Rule." msgstr "" -#: ipaserver/plugins/servicedelegation.py:199 -msgid "Add target to a named service delegation." +#: ipaserver/plugins/certmap.py:408 +msgid "Delete a Certificate Identity Mapping Rule." msgstr "" -#: ipaserver/plugins/servicedelegation.py:213 -#: ipaserver/plugins/servicedelegation.py:303 -#: ipaserver/plugins/baseldap.py:1720 +#: ipaserver/plugins/certmap.py:410 #, python-format -msgid "member %s" +msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:287 -msgid "Remove member from a named service delegation." +#: ipaserver/plugins/certmap.py:415 +msgid "Enable a Certificate Identity Mapping Rule." msgstr "" -#: ipaserver/plugins/servicedelegation.py:378 -#: ipaserver/plugins/servicedelegation.py:411 -msgid "service delegation rule" +#: ipaserver/plugins/certmap.py:417 +#, python-format +msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:379 -msgid "service delegation rules" +#: ipaserver/plugins/certmap.py:444 +msgid "Disable a Certificate Identity Mapping Rule." msgstr "" -#: ipaserver/plugins/servicedelegation.py:390 -msgid "Service delegation rules" +#: ipaserver/plugins/certmap.py:446 +#, python-format +msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:391 -msgid "Service delegation rule" +#: ipaserver/plugins/certmap.py:500 +msgid "Failed to connect to sssd over SystemBus. See details in the error_log" msgstr "" -#: ipaserver/plugins/servicedelegation.py:398 -#, python-format -msgid "Added service delegation rule \"%(value)s\"" +#: ipaserver/plugins/certmap.py:554 +msgid "Failed to find users over SystemBus. See details in the error_log" msgstr "" -#: ipaserver/plugins/servicedelegation.py:405 -#, python-format -msgid "Deleted service delegation \"%(value)s\"" +#: ipaserver/plugins/certmap.py:571 +msgid "User logins" msgstr "" -#: ipaserver/plugins/servicedelegation.py:413 -msgid "privileged service delegation rule" +#: ipaserver/plugins/certmap.py:579 +msgid "" +"\n" +" Search for users matching the provided certificate.\n" +"\n" +" This command relies on SSSD to retrieve the list of matching users and\n" +" may return cached data. For more information on purging SSSD cache,\n" +" please refer to sss_cache documentation.\n" +" " msgstr "" -#: ipaserver/plugins/servicedelegation.py:423 +#: ipaserver/plugins/certmap.py:587 #, python-format -msgid "%(count)d service delegation rule matched" -msgid_plural "%(count)d service delegation rules matched" +msgid "%(count)s user matched" +msgid_plural "%(count)s users matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/servicedelegation.py:471 -#: ipaserver/plugins/servicedelegation.py:500 -msgid "service delegation target" +#: ipaserver/plugins/certmap.py:606 ipaserver/plugins/idviews.py:1069 +#: ipaserver/plugins/baseuser.py:463 ipaserver/plugins/baseuser.py:957 +msgid "Base-64 encoded user certificate" msgstr "" -#: ipaserver/plugins/servicedelegation.py:472 -msgid "service delegation targets" +#: ipaserver/plugins/hbacrule.py:108 +msgid "The deny type has been deprecated." msgstr "" -#: ipaserver/plugins/servicedelegation.py:479 -msgid "Service delegation targets" +#: ipaserver/plugins/hbacrule.py:131 +msgid "HBAC rules" msgstr "" -#: ipaserver/plugins/servicedelegation.py:480 -msgid "Service delegation target" +#: ipaserver/plugins/hbacrule.py:201 +msgid "HBAC Rules" msgstr "" -#: ipaserver/plugins/servicedelegation.py:487 +#: ipaserver/plugins/hbacrule.py:302 #, python-format -msgid "Added service delegation target \"%(value)s\"" +msgid "Added HBAC rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:494 +#: ipaserver/plugins/hbacrule.py:316 #, python-format -msgid "Deleted service delegation target \"%(value)s\"" +msgid "Deleted HBAC rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:502 -msgid "privileged service delegation target" +#: ipaserver/plugins/hbacrule.py:333 +#, python-format +msgid "Modified HBAC rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/servicedelegation.py:512 +#: ipaserver/plugins/hbacrule.py:368 #, python-format -msgid "%(count)d service delegation target matched" -msgid_plural "%(count)d service delegation targets matched" +msgid "%(count)d HBAC rule matched" +msgid_plural "%(count)d HBAC rules matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/session.py:12 -msgid "" -"\n" -"Session Support for IPA\n" +#: ipaserver/plugins/hbacrule.py:383 +#, python-format +msgid "Enabled HBAC rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/subid.py:29 +#: ipaserver/plugins/hbacrule.py:413 +#, python-format +msgid "Disabled HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:447 ipaserver/plugins/hbacrule.py:478 +msgid "Access time" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:565 +msgid "Add source hosts and hostgroups to an HBAC rule." +msgstr "" + +#: ipaserver/plugins/migration.py:46 msgid "" "\n" -"Subordinate ids\n" +"Migration to IPA\n" "\n" -"Manage subordinate user and group ids for users\n" +"Migrate users and groups from an LDAP server to IPA.\n" +"\n" +"This performs an LDAP query against the remote server searching for\n" +"users and groups in a container. In order to migrate passwords you need\n" +"to bind as a user that can read the userPassword attribute on the remote\n" +"server. This is generally restricted to high-level admins such as\n" +"cn=Directory Manager in 389-ds (this is the default bind user).\n" +"\n" +"The default user container is ou=People.\n" +"\n" +"The default group container is ou=Groups.\n" +"\n" +"Users and groups that already exist on the IPA server are skipped.\n" +"\n" +"Two LDAP schemas define how group members are stored: RFC2307 and\n" +"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" +"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" +"\n" +"The schema compat feature allows IPA to reformat data for systems that\n" +"do not support RFC2307bis. It is recommended that this feature is disabled\n" +"during migration to reduce system overhead. It can be re-enabled after\n" +"migration. To migrate with it enabled use the \"--with-compat\" option.\n" +"\n" +"Migrated users do not have Kerberos credentials, they have only their\n" +"LDAP password. To complete the migration process, users need to go\n" +"to http://ipa.example.com/ipa/migration and authenticate using their\n" +"LDAP password in order to generate their Kerberos credentials.\n" +"\n" +"Migration is disabled by default. Use the command ipa config-mod to\n" +"enable it:\n" +"\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +"If a base DN is not provided with --basedn then IPA will use either\n" +"the value of defaultNamingContext if it is set or the first value\n" +"in namingContexts set in the root of the remote LDAP server.\n" +"\n" +"Users are added as members to the default user group. This can be a\n" +"time-intensive task so during migration this is done in a batch\n" +"mode for every 100 users. As a result there will be a window in which\n" +"users will be added to IPA but will not be members of the default\n" +"user group.\n" "\n" "EXAMPLES:\n" "\n" -" Auto-assign a subordinate id range to current user\n" -" ipa subid-generate\n" +" The simplest migration, accepting all defaults:\n" +" ipa migrate-ds ldap://ds.example.com:389\n" "\n" -" Auto-assign a subordinate id range to user alice:\n" -" ipa subid-generate --owner=alice\n" +" Specify the user and group container. This can be used to migrate user\n" +" and group data from an IPA v1 server:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" ldap://ds.example.com:389\n" "\n" -" Find subordinate ids for user alice:\n" -" ipa subid-find --owner=alice\n" +" Since IPA v2 server already contain predefined groups that may collide " +"with\n" +" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" +" having colliding group as their primary group may happen to belong to\n" +" an unknown group on new IPA v2 server.\n" +" Use --group-overwrite-gid option to overwrite GID of already existing " +"groups\n" +" to prevent this issue:\n" +" ipa migrate-ds --group-overwrite-gid \\\n" +" --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" ldap://ds.example.com:389\n" "\n" -" Match entry by any subordinate uid in range:\n" -" ipa subid-match --subuid=2147483649\n" +" Migrated users or groups may have object class and accompanied attributes\n" +" unknown to the IPA v2 server. These object classes and attributes may be\n" +" left out of the migration process:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" --user-ignore-objectclass=radiusprofile \\\n" +" --user-ignore-attribute=radiusgroupname \\\n" +" ldap://ds.example.com:389\n" +"\n" +"LOGGING\n" +"\n" +"Migration will log warnings and errors to the Apache error log. This\n" +"file should be evaluated post-migration to correct or investigate any\n" +"issues that were discovered.\n" +"\n" +"For every 100 users migrated an info-level message will be displayed to\n" +"give the current progress and duration to make it possible to track\n" +"the progress of migration.\n" +"\n" +"If the log level is debug, either by setting debug = True in\n" +"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " +"printed\n" +"for each user added plus a summary when the default user group is\n" +"updated.\n" msgstr "" -#: ipaserver/plugins/subid.py:59 ipaserver/plugins/subid.py:62 -msgid "Subordinate id" +#: ipaserver/plugins/migration.py:145 +#, python-format +msgid "" +"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." msgstr "" -#: ipaserver/plugins/subid.py:60 ipaserver/plugins/subid.py:61 -msgid "Subordinate ids" +#: ipaserver/plugins/migration.py:146 +#, python-format +msgid "" +"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-" +"mod' to set it manually." msgstr "" -#: ipaserver/plugins/subid.py:144 -msgid "Subordinate id description" +#: ipaserver/plugins/migration.py:147 +msgid "" +"Failed to add user to the default group. Use 'ipa group-add-member' to add " +"manually." msgstr "" -#: ipaserver/plugins/subid.py:150 ipaserver/plugins/subid.py:468 -msgid "Owning user of subordinate id entry" +#: ipaserver/plugins/migration.py:148 +msgid "Migration of LDAP search reference is not supported." msgstr "" -#: ipaserver/plugins/subid.py:155 ipaserver/plugins/internal.py:1404 -msgid "SubUID range start" +#: ipaserver/plugins/migration.py:149 +msgid "Malformed DN" msgstr "" -#: ipaserver/plugins/subid.py:157 -msgid "Start value for subordinate user ID (subuid) range" +#: ipaserver/plugins/migration.py:194 +#, python-format +msgid "%(user)s is not a POSIX user" msgstr "" -#: ipaserver/plugins/subid.py:164 ipaserver/plugins/internal.py:1403 -msgid "SubUID range size" +#: ipaserver/plugins/migration.py:461 +msgid "" +". Check GID of the existing group. Use --group-overwrite-gid option to " +"overwrite the GID" msgstr "" -#: ipaserver/plugins/subid.py:166 -msgid "Subordinate user ID count" +#: ipaserver/plugins/migration.py:476 +msgid "Invalid LDAP URI." msgstr "" -#: ipaserver/plugins/subid.py:173 ipaserver/plugins/internal.py:1402 -msgid "SubGID range start" +#: ipaserver/plugins/migration.py:678 +#, python-format +msgid "%s to exclude from migration" msgstr "" -#: ipaserver/plugins/subid.py:175 -msgid "Start value for subordinate group ID (subgid) range" +#: ipaserver/plugins/migration.py:680 +msgid "" +"search results for objects to be migrated\n" +"have been truncated by the server;\n" +"migration process might be incomplete\n" msgstr "" -#: ipaserver/plugins/subid.py:182 ipaserver/plugins/internal.py:1401 -msgid "SubGID range size" +#: ipaserver/plugins/migration.py:769 +#, python-format +msgid "" +"%(container)s LDAP search did not return any result (search base: " +"%(search_base)s, objectclass: %(objectclass)s)" msgstr "" -#: ipaserver/plugins/subid.py:184 -msgid "Subordinate group ID count" +#: ipaserver/plugins/migration.py:804 ipaserver/plugins/user.py:619 +msgid "Default group for new users not found" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:89 +msgid "HBAC rule and local members cannot both be set" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:128 +msgid "Invalid SELinux user name, must match {}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:142 +#, python-brace-format +msgid "Invalid MLS value, must match {mls}, where max level {mls_max}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:147 +#, python-brace-format +msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}" msgstr "" -#: ipaserver/plugins/subid.py:213 -#, python-format -msgid "" -"%(oname)s with with name \"%(pkey)s\" or for user \"%(uid)s\" already exists." +#: ipaserver/plugins/selinuxusermap.py:161 +msgid "SELinux user map list not found in configuration" msgstr "" -#: ipaserver/plugins/subid.py:246 +#: ipaserver/plugins/selinuxusermap.py:166 #, python-format -msgid "'%(dn)s is not a valid user" +msgid "SELinux user %(user)s not found in ordering list (in config)" msgstr "" -#: ipaserver/plugins/subid.py:278 -msgid "subgidnumber must be equal to subuidnumber" +#: ipaserver/plugins/selinuxusermap.py:176 +msgid "SELinux User Map rule" msgstr "" -#: ipaserver/plugins/subid.py:351 -msgid "Add a new subordinate id." +#: ipaserver/plugins/selinuxusermap.py:177 +msgid "SELinux User Map rules" msgstr "" -#: ipaserver/plugins/subid.py:352 -#, python-format -msgid "Added subordinate id \"%(value)s\"" +#: ipaserver/plugins/selinuxusermap.py:233 +msgid "SELinux User Maps" msgstr "" -#: ipaserver/plugins/subid.py:384 -msgid "Delete a subordinate id." +#: ipaserver/plugins/selinuxusermap.py:234 +msgid "SELinux User Map" msgstr "" -#: ipaserver/plugins/subid.py:385 +#: ipaserver/plugins/selinuxusermap.py:309 #, python-format -msgid "Deleted subordinate id \"%(value)s\"" +msgid "HBAC rule %(rule)s not found" msgstr "" -#: ipaserver/plugins/subid.py:393 -msgid "Modify a subordinate id." +#: ipaserver/plugins/selinuxusermap.py:330 +#, python-format +msgid "Added SELinux User Map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/subid.py:394 +#: ipaserver/plugins/selinuxusermap.py:368 #, python-format -msgid "Modified subordinate id \"%(value)s\"" +msgid "Deleted SELinux User Map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/subid.py:405 -msgid "Search for subordinate id." +#: ipaserver/plugins/selinuxusermap.py:376 +#, python-format +msgid "Modified SELinux User Map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/subid.py:407 +#: ipaserver/plugins/selinuxusermap.py:449 #, python-format -msgid "%(count)d subordinate id matched" -msgid_plural "%(count)d subordinate ids matched" +msgid "%(count)d SELinux User Map matched" +msgid_plural "%(count)d SELinux User Maps matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/subid.py:440 -msgid "Display information about a subordinate id." +#: ipaserver/plugins/selinuxusermap.py:499 +#, python-format +msgid "Enabled SELinux User Map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/subid.py:458 -msgid "Generate and auto-assign subuid and subgid range to user entry" +#: ipaserver/plugins/selinuxusermap.py:529 +#, python-format +msgid "Disabled SELinux User Map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/subid.py:493 -msgid "Match users by any subordinate uid in their range" +#: ipaserver/plugins/ldap2.py:278 +msgid "Could not read UPG Definition originfilter. Check your permissions." msgstr "" -#: ipaserver/plugins/subid.py:500 -msgid "SubUID match" +#: ipaserver/plugins/serverroles.py:84 +#, python-brace-format +msgid "{role}: role not found" msgstr "" -#: ipaserver/plugins/subid.py:501 -msgid "Match value for subordinate user ID" +#: ipaserver/plugins/serverroles.py:178 +#, python-brace-format +msgid "{attr}: no such attribute" msgstr "" -#: ipaserver/plugins/subid.py:542 -msgid "Subordinate id statistics" +#: ipaserver/plugins/dns.py:100 +msgid "" +"\n" +"Domain Name System (DNS)\n" msgstr "" -#: ipaserver/plugins/subid.py:586 -#, python-format -msgid "%(remaining)i remaining subordinate id ranges" +#: ipaserver/plugins/dns.py:102 +msgid "" +"\n" +"Manage DNS zone and resource records.\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:33 +#: ipaserver/plugins/dns.py:104 msgid "" "\n" -"Sudo Commands\n" -"\n" -"Commands used as building blocks for sudo\n" -"\n" -"EXAMPLES:\n" +"SUPPORTED ZONE TYPES\n" "\n" -" Create a new command\n" -" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" +" * Master zone (dnszone-*), contains authoritative data.\n" +" * Forward zone (dnsforwardzone-*), forwards queries to configured " +"forwarders\n" +" (a set of DNS servers).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:110 +msgid "" "\n" -" Remove a command\n" -" ipa sudocmd-del /usr/bin/less\n" +"USING STRUCTURED PER-TYPE OPTIONS\n" +msgstr "" + +#: ipaserver/plugins/dns.py:112 +msgid "" "\n" +"There are many structured DNS RR types where DNS data stored in LDAP server\n" +"is not just a scalar value, for example an IP address or a domain name, but\n" +"a data structure which may be often complex. A good example is a LOC record\n" +"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" +"minutes, seconds of latitude and longitude, altitude or precision).\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:55 -#, python-format -msgid "must not contain trailing dot: %s" +#: ipaserver/plugins/dns.py:118 +msgid "" +"\n" +"It may be difficult to manipulate such DNS records without making a mistake\n" +"and entering an invalid value. DNS module provides an abstraction over " +"these\n" +"raw records and allows to manipulate each RR type with specific options. " +"For\n" +"each supported RR type, DNS module provides a standard option to manipulate\n" +"a raw records with format ---rec, e.g. --mx-rec, and special " +"options\n" +"for every part of the RR structure with format ---, e.g.\n" +"--mx-preference and --mx-exchanger.\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:64 -msgid "sudo command" +#: ipaserver/plugins/dns.py:126 +msgid "" +"\n" +"When adding a record, either RR specific options or standard option for a " +"raw\n" +"value can be used, they just should not be combined in one add operation. " +"When\n" +"modifying an existing entry, new RR specific options can be used to change\n" +"one part of a DNS record, where the standard option for raw value is used\n" +"to specify the modified value. The following example demonstrates\n" +"a modification of MX record preference from 0 to 1 in a record without\n" +"modifying the exchanger:\n" +"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:65 -msgid "sudo commands" +#: ipaserver/plugins/dns.py:135 +msgid "" +"\n" +"\n" +"EXAMPLES:\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:117 -msgid "Sudo Commands" +#: ipaserver/plugins/dns.py:138 +msgid "" +"\n" +" Add new zone:\n" +" ipa dnszone-add example.com --admin-email=admin@example.com\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:154 -#, python-format -msgid "Added Sudo Command \"%(value)s\"" +#: ipaserver/plugins/dns.py:141 +msgid "" +"\n" +" Add system permission that can be used for per-zone privilege delegation:\n" +" ipa dnszone-add-permission example.com\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:160 -#, python-format -msgid "Deleted Sudo Command \"%(value)s\"" +#: ipaserver/plugins/dns.py:144 +msgid "" +"\n" +" Modify the zone to allow dynamic updates for hosts own records in realm " +"EXAMPLE.COM:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:193 -#, python-format -msgid "Modified Sudo Command \"%(value)s\"" +#: ipaserver/plugins/dns.py:147 +msgid "" +"\n" +" This is the equivalent of:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE \\\n" +" --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM " +"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" msgstr "" -#: ipaserver/plugins/sudocmd.py:201 -#, python-format -msgid "%(count)d Sudo Command matched" -msgid_plural "%(count)d Sudo Commands matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/dns.py:151 +msgid "" +"\n" +" Modify the zone to allow zone transfers for local network only:\n" +" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" +msgstr "" -#: ipaserver/plugins/topology.py:24 +#: ipaserver/plugins/dns.py:154 msgid "" "\n" -"Topology\n" +" Add new reverse zone specified by network IP address:\n" +" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" +msgstr "" + +#: ipaserver/plugins/dns.py:157 +msgid "" "\n" -"Management of a replication topology at domain level 1.\n" +" Add second nameserver for example.com:\n" +" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" msgstr "" -#: ipaserver/plugins/topology.py:28 +#: ipaserver/plugins/dns.py:160 msgid "" "\n" -"IPA server's data is stored in LDAP server in two suffixes:\n" -"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " -"data\n" -"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" -" contains data for Certificate Server component\n" +" Add a mail server for example.com:\n" +" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" msgstr "" -#: ipaserver/plugins/topology.py:33 +#: ipaserver/plugins/dns.py:163 msgid "" "\n" -"Data stored on IPA servers is replicated to other IPA servers. The way it " -"is\n" -"replicated is defined by replication agreements. Replication agreements " -"needs\n" -"to be set for both suffixes separately. On domain level 0 they are managed\n" -"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " -"1\n" -"they are managed centrally using `ipa topology*` commands.\n" +" Add another record using MX record specific options:\n" +" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" msgstr "" -#: ipaserver/plugins/topology.py:39 +#: ipaserver/plugins/dns.py:166 msgid "" "\n" -"Agreements are represented by topology segments. By default topology " -"segment\n" -"represents 2 replication agreements - one for each direction, e.g., A to B " -"and\n" -"B to A. Creation of unidirectional segments is not allowed.\n" +" Add another record using interactive mode (started when dnsrecord-add, " +"dnsrecord-mod,\n" +" or dnsrecord-del are executed with no options):\n" +" ipa dnsrecord-add example.com @\n" +" Please choose a type of DNS resource record to be added\n" +" The most common types for this type of zone are: NS, MX, LOC\n" +"\n" +" DNS resource record type: MX\n" +" MX Preference: 30\n" +" MX Exchanger: mail3\n" +" Record name: example.com\n" +" MX record: 10 mail1, 20 mail2, 30 mail3\n" +" NS record: nameserver.example.com., nameserver2.example.com.\n" msgstr "" -#: ipaserver/plugins/topology.py:43 +#: ipaserver/plugins/dns.py:179 msgid "" "\n" -"To verify that no server is disconnected in the topology of the given " -"suffix,\n" -"use:\n" -" ipa topologysuffix-verify $suffix\n" +" Delete previously added nameserver from example.com:\n" +" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" msgstr "" -#: ipaserver/plugins/topology.py:47 +#: ipaserver/plugins/dns.py:182 msgid "" "\n" -"\n" -"Examples:\n" -" Find all IPA servers:\n" -" ipa server-find\n" +" Add LOC record for example.com:\n" +" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " +"227.64m\"\n" msgstr "" -#: ipaserver/plugins/topology.py:52 +#: ipaserver/plugins/dns.py:185 msgid "" "\n" -" Find all suffixes:\n" -" ipa topologysuffix-find\n" +" Add new A record for www.example.com. Create a reverse record in " +"appropriate\n" +" reverse zone as well. In this case a PTR record \"2\" pointing to www." +"example.com\n" +" will be created in zone 2.0.192.in-addr.arpa.\n" +" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" msgstr "" -#: ipaserver/plugins/topology.py:55 +#: ipaserver/plugins/dns.py:190 msgid "" "\n" -" Add topology segment to 'domain' suffix:\n" -" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" +" Add new PTR record for www.example.com\n" +" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" msgstr "" -#: ipaserver/plugins/topology.py:58 +#: ipaserver/plugins/dns.py:193 msgid "" "\n" -" Add topology segment to 'ca' suffix:\n" -" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" +" Add new SRV records for LDAP servers. Three quarters of the requests\n" +" should go to fast.example.com, one quarter to slow.example.com. If neither\n" +" is available, switch to backup.example.com.\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." +"example.com\"\n" msgstr "" -#: ipaserver/plugins/topology.py:61 +#: ipaserver/plugins/dns.py:200 msgid "" "\n" -" List all topology segments in 'domain' suffix:\n" -" ipa topologysegment-find domain\n" +" The interactive mode can be used for easy modification:\n" +" ipa dnsrecord-mod example.com _ldap._tcp\n" +" No option to modify specific record provided.\n" +" Current DNS record contents:\n" +"\n" +" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " +"backup.example.com\n" +"\n" +" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" +" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" +" SRV Priority [0]: (keep the default value)\n" +" SRV Weight [1]: 2 (modified value)\n" +" SRV Port [389]: (keep the default value)\n" +" SRV Target [slow.example.com]: (keep the default value)\n" +" 1 SRV record skipped. Only one value per DNS record type can be modified " +"at one time.\n" +" Record name: _ldap._tcp\n" +" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " +"389 slow.example.com\n" msgstr "" -#: ipaserver/plugins/topology.py:64 +#: ipaserver/plugins/dns.py:217 msgid "" "\n" -" List all topology segments in 'ca' suffix:\n" -" ipa topologysegment-find ca\n" +" After this modification, three fifths of the requests should go to\n" +" fast.example.com and two fifths to slow.example.com.\n" msgstr "" -#: ipaserver/plugins/topology.py:67 +#: ipaserver/plugins/dns.py:220 msgid "" "\n" -" Delete topology segment in 'domain' suffix:\n" -" ipa topologysegment-del domain segment_name\n" +" An example of the interactive mode for dnsrecord-del command:\n" +" ipa dnsrecord-del example.com www\n" +" No option to delete specific record provided.\n" +" Delete all? Yes/No (default No): (do not delete all records)\n" +" Current DNS record contents:\n" +"\n" +" A record: 192.0.2.2, 192.0.2.3\n" +"\n" +" Delete A record '192.0.2.2'? Yes/No (default No):\n" +" Delete A record '192.0.2.3'? Yes/No (default No): y\n" +" Record name: www\n" +" A record: 192.0.2.2 (A record 192.0.2.3 has been " +"deleted)\n" msgstr "" -#: ipaserver/plugins/topology.py:70 +#: ipaserver/plugins/dns.py:233 msgid "" "\n" -" Delete topology segment in 'ca' suffix:\n" -" ipa topologysegment-del ca segment_name\n" +" Show zone example.com:\n" +" ipa dnszone-show example.com\n" msgstr "" -#: ipaserver/plugins/topology.py:73 +#: ipaserver/plugins/dns.py:236 msgid "" "\n" -" Verify topology of 'domain' suffix:\n" -" ipa topologysuffix-verify domain\n" +" Find zone with \"example\" in its domain name:\n" +" ipa dnszone-find example\n" msgstr "" -#: ipaserver/plugins/topology.py:76 +#: ipaserver/plugins/dns.py:239 msgid "" "\n" -" Verify topology of 'ca' suffix:\n" -" ipa topologysuffix-verify ca\n" -msgstr "" - -#: ipaserver/plugins/topology.py:92 -#, python-brace-format -msgid "Topology management requires minimum domain level {0} " -msgstr "" - -#: ipaserver/plugins/topology.py:104 -msgid "segment" -msgstr "" - -#: ipaserver/plugins/topology.py:105 -msgid "segments" -msgstr "" - -#: ipaserver/plugins/topology.py:119 -msgid "Topology Segments" -msgstr "" - -#: ipaserver/plugins/topology.py:120 -msgid "Topology Segment" -msgstr "" - -#: ipaserver/plugins/topology.py:226 -#, python-format -msgid "left node is not a topology node: %(leftnode)s" -msgstr "" - -#: ipaserver/plugins/topology.py:233 -#, python-format -msgid "right node is not a topology node: %(rightnode)s" -msgstr "" - -#: ipaserver/plugins/topology.py:250 -msgid "left node and right node must not be the same" -msgstr "" - -#: ipaserver/plugins/topology.py:261 -#, python-brace-format -msgid "left node ({host}) does not support suffix '{suff}'" +" Find records for resources with \"www\" in their name in zone example.com:\n" +" ipa dnsrecord-find example.com www\n" msgstr "" -#: ipaserver/plugins/topology.py:269 -#, python-brace-format -msgid "right node ({host}) does not support suffix '{suff}'" +#: ipaserver/plugins/dns.py:242 +msgid "" +"\n" +" Find A records with value 192.0.2.2 in zone example.com\n" +" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" msgstr "" -#: ipaserver/plugins/topology.py:280 -#, python-format -msgid "%(count)d segment matched" -msgid_plural "%(count)d segments matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/topology.py:289 -#, python-format -msgid "Added segment \"%(value)s\"" +#: ipaserver/plugins/dns.py:245 +msgid "" +"\n" +" Show records for resource www in zone example.com\n" +" ipa dnsrecord-show example.com www\n" msgstr "" -#: ipaserver/plugins/topology.py:302 -#, python-format -msgid "Deleted segment \"%(value)s\"" +#: ipaserver/plugins/dns.py:248 +msgid "" +"\n" +" Delegate zone sub.example to another nameserver:\n" +" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" +" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" msgstr "" -#: ipaserver/plugins/topology.py:314 -#, python-format -msgid "Modified segment \"%(value)s\"" +#: ipaserver/plugins/dns.py:252 +msgid "" +"\n" +" Delete zone example.com with all resource records:\n" +" ipa dnszone-del example.com\n" msgstr "" -#: ipaserver/plugins/topology.py:329 -#, python-format -msgid "%(value)s" +#: ipaserver/plugins/dns.py:255 +msgid "" +"\n" +" If a global forwarder is configured, all queries for which this server is " +"not\n" +" authoritative (e.g. sub.example.com) will be routed to the global " +"forwarder.\n" +" Global forwarding configuration can be overridden per-zone.\n" msgstr "" -#: ipaserver/plugins/topology.py:365 -msgid "left or right node has to be specified" +#: ipaserver/plugins/dns.py:259 +msgid "" +"\n" +" Semantics of forwarding in IPA matches BIND semantics and depends on the " +"type\n" +" of zone:\n" +" * Master zone: local BIND replies authoritatively to queries for data in\n" +" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" +" affects only queries for names below zone cuts (NS records) of locally\n" +" served zones.\n" +"\n" +" * Forward zone: forward zone contains no authoritative data. BIND " +"forwards\n" +" queries, which cannot be answered from its local cache, to configured\n" +" forwarders.\n" msgstr "" -#: ipaserver/plugins/topology.py:370 -msgid "only one node can be specified" +#: ipaserver/plugins/dns.py:270 +msgid "" +"\n" +" Semantics of the --forward-policy option:\n" +" * none - disable forwarding for the given zone.\n" +" * first - forward all queries to configured forwarders. If they fail,\n" +" do resolution using DNS root servers.\n" +" * only - forward all queries to configured forwarders and if they fail,\n" +" return failure.\n" msgstr "" -#: ipaserver/plugins/topology.py:374 -#, python-format -msgid "Replication refresh for segment: \"%(pkey)s\" requested." +#: ipaserver/plugins/dns.py:277 +msgid "" +"\n" +" Disable global forwarding for given sub-tree:\n" +" ipa dnszone-mod example.com --forward-policy=none\n" msgstr "" -#: ipaserver/plugins/topology.py:377 -#, python-format -msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested." +#: ipaserver/plugins/dns.py:280 +msgid "" +"\n" +" This configuration forwards all queries for names outside the example.com\n" +" sub-tree to global forwarders. Normal recursive resolution process is used\n" +" for names inside the example.com sub-tree (i.e. NS records are followed " +"etc.).\n" msgstr "" -#: ipaserver/plugins/topology.py:408 -msgid "suffixes" +#: ipaserver/plugins/dns.py:284 +msgid "" +"\n" +" Forward all requests for the zone external.example.com to another " +"forwarder\n" +" using a \"first\" policy (it will send the queries to the selected " +"forwarder\n" +" and if not answered it will use global root servers):\n" +" ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n" +" --forwarder=203.0.113.1\n" msgstr "" -#: ipaserver/plugins/topology.py:412 -msgid "Topology suffixes" +#: ipaserver/plugins/dns.py:290 +msgid "" +"\n" +" Change forward-policy for external.example.com:\n" +" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" msgstr "" -#: ipaserver/plugins/topology.py:413 -msgid "Topology suffix" +#: ipaserver/plugins/dns.py:293 +msgid "" +"\n" +" Show forward zone external.example.com:\n" +" ipa dnsforwardzone-show external.example.com\n" msgstr "" -#: ipaserver/plugins/topology.py:435 -#, python-format -msgid "%(count)d topology suffix matched" -msgid_plural "%(count)d topology suffixes matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/topology.py:446 -#, python-format -msgid "Deleted topology suffix \"%(value)s\"" +#: ipaserver/plugins/dns.py:296 +msgid "" +"\n" +" List all forward zones:\n" +" ipa dnsforwardzone-find\n" msgstr "" -#: ipaserver/plugins/topology.py:460 -#, python-format -msgid "Added topology suffix \"%(value)s\"" +#: ipaserver/plugins/dns.py:299 +msgid "" +"\n" +" Delete forward zone external.example.com:\n" +" ipa dnsforwardzone-del external.example.com\n" msgstr "" -#: ipaserver/plugins/topology.py:474 -#, python-format -msgid "Modified topology suffix \"%(value)s\"" +#: ipaserver/plugins/dns.py:302 +msgid "" +"\n" +" Resolve a host name to see if it exists (will add default IPA domain\n" +" if one is not included):\n" +" ipa dns-resolve www.example.com\n" +" ipa dns-resolve www\n" msgstr "" -#: ipaserver/plugins/topology.py:489 +#: ipaserver/plugins/dns.py:307 msgid "" "\n" -"Verify replication topology for suffix.\n" "\n" -"Checks done:\n" -" 1. check if a topology is not disconnected. In other words if there are\n" -" replication paths between all servers.\n" -" 2. check if servers don't have more than the recommended number of\n" -" replication agreements\n" +"GLOBAL DNS CONFIGURATION\n" msgstr "" -#: ipaserver/plugins/virtual.py:57 -msgid "operation not defined" +#: ipaserver/plugins/dns.py:310 +msgid "" +"\n" +"DNS configuration passed to command line install script is stored in a " +"local\n" +"configuration file on each IPA server where DNS service is configured. " +"These\n" +"local settings can be overridden with a common configuration stored in LDAP\n" +"server:\n" msgstr "" -#: ipaserver/plugins/virtual.py:82 -#, python-format -msgid "not allowed to perform operation: %s" +#: ipaserver/plugins/dns.py:315 +msgid "" +"\n" +" Show global DNS configuration:\n" +" ipa dnsconfig-show\n" msgstr "" -#: ipaserver/plugins/virtual.py:84 -msgid "No such virtual command" +#: ipaserver/plugins/dns.py:318 +msgid "" +"\n" +" Modify global DNS configuration and set a list of global forwarders:\n" +" ipa dnsconfig-mod --forwarder=203.0.113.113\n" msgstr "" -#: ipaserver/plugins/automount.py:218 -msgid "automount location" +#: ipaserver/plugins/dns.py:406 +msgid "invalid IP network format" msgstr "" -#: ipaserver/plugins/automount.py:219 -msgid "automount locations" +#: ipaserver/plugins/dns.py:415 +msgid "each ACL element must be terminated with a semicolon" msgstr "" -#: ipaserver/plugins/automount.py:222 -msgid "Automount Locations" +#: ipaserver/plugins/dns.py:431 +msgid "invalid address format" msgstr "" -#: ipaserver/plugins/automount.py:223 -msgid "Automount Location" +#: ipaserver/plugins/dns.py:475 +msgid "" +"expected format: <0-255> <0-255> <0-65535> even-" +"length_hexadecimal_digits_or_hyphen" msgstr "" -#: ipaserver/plugins/automount.py:263 -#, python-format -msgid "Added automount location \"%(value)s\"" +#: ipaserver/plugins/dns.py:484 +msgid "algorithm value: allowed interval 0-255" msgstr "" -#: ipaserver/plugins/automount.py:283 -#, python-format -msgid "Deleted automount location \"%(value)s\"" +#: ipaserver/plugins/dns.py:487 +msgid "flags value: allowed interval 0-255" msgstr "" -#: ipaserver/plugins/automount.py:296 -#, python-format -msgid "%(count)d automount location matched" -msgid_plural "%(count)d automount locations matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/automount.py:349 -msgid "automount map" +#: ipaserver/plugins/dns.py:490 +msgid "iterations value: allowed interval 0-65535" msgstr "" -#: ipaserver/plugins/automount.py:350 -msgid "automount maps" +#: ipaserver/plugins/dns.py:498 +#, python-format +msgid "salt value: %(err)s" msgstr "" -#: ipaserver/plugins/automount.py:393 -msgid "Automount Maps" +#: ipaserver/plugins/dns.py:505 +msgid "invalid domain-name: not fully qualified" msgstr "" -#: ipaserver/plugins/automount.py:394 -msgid "Automount Map" +#: ipaserver/plugins/dns.py:514 +msgid "should not be a wildcard domain name (RFC 4592 section 4)" msgstr "" -#: ipaserver/plugins/automount.py:401 +#: ipaserver/plugins/dns.py:555 #, python-format -msgid "Added automount map \"%(value)s\"" +msgid "" +"All nameservers failed to answer the query for DNS reverse zone %(revdns)s" msgstr "" -#: ipaserver/plugins/automount.py:408 +#: ipaserver/plugins/dns.py:561 #, python-format -msgid "Deleted automount map \"%(value)s\"" +msgid "" +"No answers could be found in the specified lifetime for DNS reverse zone " +"%(revdns)s" msgstr "" -#: ipaserver/plugins/automount.py:428 +#: ipaserver/plugins/dns.py:571 #, python-format -msgid "Modified automount map \"%(value)s\"" +msgid "" +"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this " +"server" msgstr "" -#: ipaserver/plugins/automount.py:436 +#: ipaserver/plugins/dns.py:588 #, python-format -msgid "%(count)d automount map matched" -msgid_plural "%(count)d automount maps matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/automount.py:448 -msgid "Automount key object." +msgid "DNS zone %(zone)s not found" msgstr "" -#: ipaserver/plugins/automount.py:452 -msgid "automount key" +#: ipaserver/plugins/dns.py:603 +#, python-format +msgid "IP address %(ip)s is already assigned in domain %(domain)s." msgstr "" -#: ipaserver/plugins/automount.py:453 -msgid "automount keys" +#: ipaserver/plugins/dns.py:613 +#, python-format +msgid "" +"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s." msgstr "" -#: ipaserver/plugins/automount.py:512 -msgid "Automount Keys" +#: ipaserver/plugins/dns.py:688 +#, python-format +msgid "%s record" msgstr "" -#: ipaserver/plugins/automount.py:513 -msgid "Automount Key" +#: ipaserver/plugins/dns.py:690 +#, python-format +msgid "Raw %s records" msgstr "" -#: ipaserver/plugins/automount.py:514 +#: ipaserver/plugins/dns.py:691 #, python-format -msgid "" -"The key,info pair must be unique. A key named %(key)s with info %(info)s " -"already exists" +msgid "%s Record" msgstr "" -#: ipaserver/plugins/automount.py:515 +#: ipaserver/plugins/dns.py:692 #, python-format -msgid "key named %(key)s already exists" +msgid "(see RFC %s for details)" msgstr "" -#: ipaserver/plugins/automount.py:516 +#: ipaserver/plugins/dns.py:754 #, python-format -msgid "The automount key %(key)s with info %(info)s does not exist" +msgid "'%s' is a required part of DNS record" msgstr "" -#: ipaserver/plugins/automount.py:566 -#, python-format -msgid "" -"More than one entry with key %(key)s found, use --info to select specific " -"entry." +#: ipaserver/plugins/dns.py:761 +msgid "Invalid number of parts!" msgstr "" -#: ipaserver/plugins/automount.py:625 +#: ipaserver/plugins/dns.py:813 #, python-format -msgid "Added automount key \"%(value)s\"" +msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin" msgstr "" -#: ipaserver/plugins/automount.py:654 +#: ipaserver/plugins/dns.py:829 #, python-format -msgid "Added automount indirect map \"%(value)s\"" +msgid "format must be specified as \"%(format)s\" %(rfcs)s" msgstr "" -#: ipaserver/plugins/automount.py:678 -msgid "mount point is relative to parent map, cannot begin with /" +#: ipaserver/plugins/dns.py:904 +msgid "Create reverse" msgstr "" -#: ipaserver/plugins/automount.py:707 +#: ipaserver/plugins/dns.py:940 #, python-format -msgid "Deleted automount key \"%(value)s\"" +msgid "Cannot create reverse record for \"%(value)s\": %(exc)s" msgstr "" -#: ipaserver/plugins/automount.py:748 -#, python-format -msgid "Modified automount key \"%(value)s\"" +#: ipaserver/plugins/dns.py:1115 ipaserver/plugins/dns.py:1272 +msgid "Exchanger" msgstr "" -#: ipaserver/plugins/automount.py:807 +#: ipaserver/plugins/dns.py:1190 +msgid "" +"format must be specified as\n" +" \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] " +"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n" +" where:\n" +" d1: [0 .. 90] (degrees latitude)\n" +" d2: [0 .. 180] (degrees longitude)\n" +" m1, m2: [0 .. 59] (minutes latitude/longitude)\n" +" s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n" +" alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n" +" siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n" +" See RFC 1876 for details" +msgstr "" + +#: ipaserver/plugins/dns.py:1244 #, python-format -msgid "%(count)d automount key matched" -msgid_plural "%(count)d automount keys matched" -msgstr[0] "" -msgstr[1] "" +msgid "'%(required)s' must not be empty when '%(name)s' is set" +msgstr "" -#: ipaserver/plugins/baseldap.py:101 -msgid "Member service groups" +#: ipaserver/plugins/dns.py:1299 +msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\"" msgstr "" -#: ipaserver/plugins/baseldap.py:110 -msgid "Member HBAC service groups" +#: ipaserver/plugins/dns.py:1360 ipaserver/plugins/dns.py:1490 +msgid "Priority (order)" msgstr "" -#: ipaserver/plugins/baseldap.py:127 -msgid "Member ID user overrides" +#: ipaserver/plugins/dns.py:1361 +msgid "" +"Lower number means higher priority. Clients will attempt to contact the " +"server with the lowest-numbered priority they can reach." msgstr "" -#: ipaserver/plugins/baseldap.py:129 -msgid "Indirect Member ID user overrides" +#: ipaserver/plugins/dns.py:1369 ipaserver/plugins/dns.py:1499 +msgid "Relative weight for entries with the same priority." msgstr "" -#: ipaserver/plugins/baseldap.py:146 -msgid "Indirect Member permissions" +#: ipaserver/plugins/dns.py:1389 +msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format" msgstr "" -#: ipaserver/plugins/baseldap.py:149 -msgid "Indirect Member HBAC service" +#: ipaserver/plugins/dns.py:1491 +msgid "" +"Lower number means higher priority. Clients will attempt to contact the URI " +"with the lowest-numbered priority they can reach." msgstr "" -#: ipaserver/plugins/baseldap.py:152 -msgid "Indirect Member HBAC service group" +#: ipaserver/plugins/dns.py:1504 +msgid "Target Uniform Resource Identifier" msgstr "" -#: ipaserver/plugins/baseldap.py:213 -msgid "Invalid format. Should be name=value" +#: ipaserver/plugins/dns.py:1505 +msgid "Target Uniform Resource Identifier according to RFC 3986" msgstr "" -#: ipaserver/plugins/baseldap.py:584 -msgid "An IPA master host cannot be deleted or disabled" +#: ipaserver/plugins/dns.py:1587 +#, python-format +msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record" msgstr "" -#: ipaserver/plugins/baseldap.py:615 -msgid "entry" +#: ipaserver/plugins/dns.py:2056 +msgid "Managedby permission" msgstr "" -#: ipaserver/plugins/baseldap.py:616 -msgid "entries" +#: ipaserver/plugins/dns.py:2157 +msgid "cannot be used when a zone is specified" msgstr "" -#: ipaserver/plugins/baseldap.py:654 ipaserver/plugins/baseldap.py:655 -msgid "Entry" +#: ipaserver/plugins/dns.py:2169 +msgid "Only one zone type is allowed per zone name" msgstr "" -#: ipaserver/plugins/baseldap.py:658 +#: ipaserver/plugins/dns.py:2312 #, python-format -msgid "container entry (%(container)s) not found" +msgid "Added system permission \"%(value)s\"" msgstr "" -#: ipaserver/plugins/baseldap.py:659 +#: ipaserver/plugins/dns.py:2342 #, python-format -msgid "%(parent)s: %(oname)s not found" +msgid "permission \"%(value)s\" already exists" msgstr "" -#: ipaserver/plugins/baseldap.py:660 ipaserver/plugins/schema.py:257 -#: ipaserver/plugins/schema.py:333 ipaserver/plugins/schema.py:424 -#: ipaserver/plugins/schema.py:663 ipaserver/plugins/schema.py:756 +#: ipaserver/plugins/dns.py:2370 #, python-format -msgid "%(pkey)s: %(oname)s not found" +msgid "Removed system permission \"%(value)s\"" msgstr "" -#: ipaserver/plugins/baseldap.py:661 -#, python-format -msgid "%(oname)s with name \"%(pkey)s\" already exists" +#: ipaserver/plugins/dns.py:2406 +msgid "DNS zone" msgstr "" -#: ipaserver/plugins/baseldap.py:954 ipaserver/plugins/baseldap.py:962 -#, python-format -msgid "attribute \"%(attribute)s\" not allowed" +#: ipaserver/plugins/dns.py:2407 +msgid "DNS zones" msgstr "" -#: ipaserver/plugins/baseldap.py:967 -#, python-format -msgid "these attributes are not allowed: %(attrs)s" +#: ipaserver/plugins/dns.py:2415 +msgid "DNS Zones" msgstr "" -#: ipaserver/plugins/baseldap.py:1025 -msgid "attribute is not configurable" +#: ipaserver/plugins/dns.py:2416 +msgid "DNS Zone" msgstr "" -#: ipaserver/plugins/baseldap.py:1128 -msgid "No such attribute on this entry" +#: ipaserver/plugins/dns.py:2489 +msgid "Default time to live" msgstr "" -#: ipaserver/plugins/baseldap.py:1488 -#, python-format -msgid "Rename the %(ldap_obj_name)s object" +#: ipaserver/plugins/dns.py:2490 +msgid "Time to live for records without explicit TTL definition" msgstr "" -#: ipaserver/plugins/baseldap.py:1586 ipaserver/plugins/baseldap.py:2494 -msgid "the entry was deleted while being modified" +#: ipaserver/plugins/dns.py:2705 +msgid "setting Authoritative nameserver" msgstr "" -#: ipaserver/plugins/baseldap.py:1719 ipaserver/plugins/baseldap.py:2221 -#, python-format -msgid "%s" +#: ipaserver/plugins/dns.py:2706 +msgid "It is used only for setting the SOA MNAME attribute." msgstr "" -#: ipaserver/plugins/baseldap.py:1762 ipaserver/plugins/baseldap.py:2245 -#, python-format -msgid "%s to add" +#: ipaserver/plugins/dns.py:2708 +msgid "NS record(s) can be edited in zone apex - '@'. " msgstr "" -#: ipaserver/plugins/baseldap.py:1861 ipaserver/plugins/baseldap.py:2344 -#, python-format -msgid "%s to remove" +#: ipaserver/plugins/dns.py:2743 +msgid "" msgstr "" -#: ipaserver/plugins/baseldap.py:1961 ipaserver/plugins/schema.py:122 -#, python-format -msgid "Results should contain primary key attribute only (\"%s\")" +#: ipaserver/plugins/dns.py:2799 +msgid "Nameserver for reverse zone cannot be a relative DNS name" msgstr "" -#: ipaserver/plugins/baseldap.py:1969 +#: ipaserver/plugins/dns.py:2855 #, python-format -msgid "" -"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s." +msgid "Deleted DNS zone \"%(value)s\"" msgstr "" -#: ipaserver/plugins/baseldap.py:1970 -#, python-format -msgid "" -"Search for %(searched_object)s without these %(relationship)s " -"%(ldap_object)s." +#: ipaserver/plugins/dns.py:2908 +msgid "is required" msgstr "" -#: ipaserver/plugins/baseldap.py:2525 +#: ipaserver/plugins/dns.py:2989 #, python-format -msgid "added attribute value to entry %(value)s" +msgid "Disabled DNS zone \"%(value)s\"" msgstr "" -#: ipaserver/plugins/baseldap.py:2539 +#: ipaserver/plugins/dns.py:3000 #, python-format -msgid "removed attribute values from entry %(value)s" +msgid "Enabled DNS zone \"%(value)s\"" msgstr "" -#: ipaserver/plugins/baseldap.py:2548 -msgid "one or more values to remove" +#: ipaserver/plugins/dns.py:3025 +msgid "DNS resource record" msgstr "" -#: ipaserver/plugins/baseuser.py:61 -msgid "" -"\n" -"Baseuser\n" -"\n" -"This contains common definitions for user/stageuser\n" +#: ipaserver/plugins/dns.py:3026 +msgid "DNS resource records" msgstr "" -#: ipaserver/plugins/baseuser.py:92 -msgid "must be TRUE or FALSE" +#: ipaserver/plugins/dns.py:3033 +msgid "DNS Resource Records" msgstr "" -#: ipaserver/plugins/baseuser.py:158 -msgid "" -"Object class ipaNTUserAttrs is missing, user entry cannot have SMB " -"attributes." +#: ipaserver/plugins/dns.py:3034 +msgid "DNS Resource Record" msgstr "" -#: ipaserver/plugins/baseuser.py:311 ipaserver/plugins/host.py:581 -#: ipaserver/plugins/service.py:540 -msgid "Principal alias" +#: ipaserver/plugins/dns.py:3069 +msgid "DS record must not be in zone apex (RFC 4035 section 2.4)" msgstr "" -#: ipaserver/plugins/baseuser.py:323 -msgid "User password expiration" +#: ipaserver/plugins/dns.py:3086 +msgid "" +"out-of-zone data: record name must be a subdomain of the zone or a relative " +"name" msgstr "" -#: ipaserver/plugins/baseuser.py:407 ipaserver/plugins/host.py:608 -msgid "SSH public key fingerprint" +#: ipaserver/plugins/dns.py:3097 +#, python-format +msgid "" +"owner of %(types)s records should not be a wildcard domain name (RFC 4592 " +"section 4)" msgstr "" -#: ipaserver/plugins/baseuser.py:434 -msgid "External IdP configuration" +#: ipaserver/plugins/dns.py:3142 +#, python-format +msgid "" +"Reverse zone %(name)s requires exactly %(count)d IP address components, " +"%(user_count)d given" msgstr "" -#: ipaserver/plugins/baseuser.py:438 -msgid "External IdP user identifier" +#: ipaserver/plugins/dns.py:3184 +msgid "only master zones can contain records" msgstr "" -#: ipaserver/plugins/baseuser.py:439 -msgid "A string that identifies the user at external IdP" +#: ipaserver/plugins/dns.py:3282 +msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)" msgstr "" -#: ipaserver/plugins/baseuser.py:468 ipaserver/plugins/baseuser.py:469 -#: ipaserver/plugins/internal.py:727 -msgid "Certificate mapping data" +#: ipaserver/plugins/dns.py:3288 +msgid "" +"CNAME record is not allowed to coexist with any other record (RFC 1034, " +"section 3.6.2)" msgstr "" -#: ipaserver/plugins/baseuser.py:474 -msgid "SMB logon script path" +#: ipaserver/plugins/dns.py:3296 +msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)" msgstr "" -#: ipaserver/plugins/baseuser.py:479 -msgid "SMB profile path" +#: ipaserver/plugins/dns.py:3312 +#, python-format +msgid "" +"NS record is not allowed to coexist with an %(type)s record except when " +"located in a zone root record (RFC 2181, section 6.1)" msgstr "" -#: ipaserver/plugins/baseuser.py:484 -msgid "SMB Home Directory" +#: ipaserver/plugins/dns.py:3328 +msgid "" +"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC " +"4035 section 2.4)" msgstr "" -#: ipaserver/plugins/baseuser.py:489 -msgid "SMB Home Directory Drive" +#: ipaserver/plugins/dns.py:3609 +#, python-format +msgid "Raw value of a DNS record was already set by \"%(name)s\" option" msgstr "" -#: ipaserver/plugins/baseuser.py:498 ipaserver/plugins/baseuser.py:499 -msgid "Passkey mapping" +#: ipaserver/plugins/dns.py:3735 +msgid "DNS zone root record cannot be renamed" msgstr "" -#: ipaserver/plugins/baseuser.py:519 ipaserver/plugins/baseuser.py:523 -#, python-format -msgid "invalid e-mail format: %(email)s" +#: ipaserver/plugins/dns.py:3753 +msgid "DNS records can be only updated one at a time" msgstr "" -#: ipaserver/plugins/baseuser.py:550 +#: ipaserver/plugins/dns.py:3846 #, python-format -msgid "manager %(manager)s not found" +msgid "Deleted record \"%(value)s\"" msgstr "" -#: ipaserver/plugins/baseuser.py:648 ipaserver/plugins/host.py:723 -#: ipaserver/plugins/stageuser.py:337 ipaserver/plugins/stageuser.py:558 -#: ipaserver/plugins/user.py:589 +#: ipaserver/plugins/dns.py:3939 #, python-format -msgid "can be at most %(len)d characters" +msgid "Zone record '%s' cannot be deleted" msgstr "" -#: ipaserver/plugins/baseuser.py:935 ipaserver/plugins/cert.py:425 -#: ipaserver/plugins/host.py:548 ipaserver/plugins/internal.py:732 -#: ipaserver/plugins/service.py:573 -msgid "Issuer" +#: ipaserver/plugins/dns.py:4041 +#, python-format +msgid "Found '%(value)s'" msgstr "" -#: ipaserver/plugins/baseuser.py:936 -msgid "Issuer of the certificate" +#: ipaserver/plugins/dns.py:4056 +#, python-format +msgid "Host '%(host)s' not found" msgstr "" -#: ipaserver/plugins/baseuser.py:942 ipaserver/plugins/cert.py:365 -#: ipaserver/plugins/cert.py:1501 ipaserver/plugins/host.py:536 -#: ipaserver/plugins/internal.py:659 ipaserver/plugins/internal.py:735 -#: ipaserver/plugins/service.py:561 -msgid "Subject" +#: ipaserver/plugins/dns.py:4087 +msgid "DNS configuration options" msgstr "" -#: ipaserver/plugins/baseuser.py:943 -msgid "Subject of the certificate" +#: ipaserver/plugins/dns.py:4092 ipaserver/plugins/dns.py:4093 +msgid "DNS Global Configuration" msgstr "" -#: ipaserver/plugins/baseuser.py:988 -msgid "cannot have an empty subject" +#: ipaserver/plugins/dns.py:4124 +msgid "IPA DNS version" msgstr "" -#: ipaserver/plugins/baseuser.py:1028 -msgid "cannot specify both subject/issuer and certificate" +#: ipaserver/plugins/dns.py:4128 ipaserver/plugins/config.py:336 +msgid "IPA DNS servers" msgstr "" -#: ipaserver/plugins/baseuser.py:1032 -msgid "cannot specify both subject/issuer and ipacertmapdata" +#: ipaserver/plugins/dns.py:4129 +msgid "List of IPA masters configured as DNS servers" msgstr "" -#: ipaserver/plugins/baseuser.py:1056 ipaserver/plugins/user.py:1373 -msgid "Add one or more certificate mappings to the user entry." +#: ipaserver/plugins/dns.py:4134 ipaserver/plugins/config.py:348 +msgid "IPA DNSSec key master" msgstr "" -#: ipaserver/plugins/baseuser.py:1057 -#, python-format -msgid "Added certificate mappings to user \"%(value)s\"" +#: ipaserver/plugins/dns.py:4135 +msgid "IPA server configured as DNSSec key master" msgstr "" -#: ipaserver/plugins/baseuser.py:1075 ipaserver/plugins/user.py:1378 -msgid "Remove one or more certificate mappings from the user entry." +#: ipaserver/plugins/dns.py:4186 +msgid "Global DNS configuration is empty" msgstr "" -#: ipaserver/plugins/baseuser.py:1076 -#, python-format -msgid "Removed certificate mappings from user \"%(value)s\"" +#: ipaserver/plugins/dns.py:4267 +msgid "DNS forward zone" msgstr "" -#: ipaserver/plugins/baseuser.py:1085 -#, python-format -msgid "Added passkey mappings to user \"%(value)s\"" +#: ipaserver/plugins/dns.py:4268 +msgid "DNS forward zones" msgstr "" -#: ipaserver/plugins/baseuser.py:1102 ipaserver/plugins/user.py:1410 -msgid "Remove one or more passkey mappings from the user entry." +#: ipaserver/plugins/dns.py:4270 +msgid "DNS Forward Zones" msgstr "" -#: ipaserver/plugins/baseuser.py:1103 -#, python-format -msgid "Removed passkey mappings from user \"%(value)s\"" +#: ipaserver/plugins/dns.py:4271 +msgid "DNS Forward Zone" msgstr "" -#: ipaserver/plugins/cert.py:69 -msgid "" -"\n" -"IPA certificate operations\n" +#: ipaserver/plugins/dns.py:4378 ipaserver/plugins/dns.py:4428 +msgid "Please specify forwarders." msgstr "" -#: ipaserver/plugins/cert.py:71 -msgid "" -"\n" -"Implements a set of commands for managing server SSL certificates.\n" +#: ipaserver/plugins/dns.py:4397 +#, python-format +msgid "Deleted DNS forward zone \"%(value)s\"" msgstr "" -#: ipaserver/plugins/cert.py:73 -msgid "" -"\n" -"Certificate requests exist in the form of a Certificate Signing Request " -"(CSR)\n" -"in PEM format.\n" +#: ipaserver/plugins/dns.py:4454 +#, python-format +msgid "Disabled DNS forward zone \"%(value)s\"" msgstr "" -#: ipaserver/plugins/cert.py:76 -msgid "" -"\n" -"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" -"subject to values configured in the server.\n" +#: ipaserver/plugins/dns.py:4460 +#, python-format +msgid "Enabled DNS forward zone \"%(value)s\"" msgstr "" -#: ipaserver/plugins/cert.py:79 -msgid "" -"\n" -"A certificate is stored with a service principal and a service principal\n" -"needs a host.\n" +#: ipaserver/plugins/dns.py:4483 +msgid "IPA DNS records" msgstr "" -#: ipaserver/plugins/cert.py:82 -msgid "" -"\n" -"In order to request a certificate:\n" +#: ipaserver/plugins/dns.py:4487 +msgid "IPA location records" msgstr "" -#: ipaserver/plugins/cert.py:84 -msgid "" -"\n" -"* The host must exist\n" -"* The service must exist (or you use the --add option to automatically add " -"it)\n" +#: ipaserver/plugins/dns.py:4494 +msgid "Update location and IPA server DNS records" msgstr "" -#: ipaserver/plugins/cert.py:87 -msgid "" -"\n" -"SEARCHING:\n" +#: ipaserver/plugins/dns.py:4505 +msgid "Result of the command" msgstr "" -#: ipaserver/plugins/cert.py:89 -msgid "" -"\n" -"Certificates may be searched on by certificate subject, serial number,\n" -"revocation reason, validity dates and the issued date.\n" +#: ipaserver/plugins/dns.py:4512 +msgid "Dry run" msgstr "" -#: ipaserver/plugins/cert.py:92 -msgid "" -"\n" -"When searching on dates the _from date does a >= search and the _to date\n" -"does a <= search. When combined these are done as an AND.\n" +#: ipaserver/plugins/dns.py:4513 +msgid "Do not update records only return expected records" msgstr "" -#: ipaserver/plugins/cert.py:95 +#: ipaserver/plugins/permission.py:41 msgid "" "\n" -"Dates are treated as GMT to match the dates in the certificates.\n" +"Permissions\n" msgstr "" -#: ipaserver/plugins/cert.py:97 +#: ipaserver/plugins/permission.py:43 msgid "" "\n" -"The date format is YYYY-mm-dd.\n" +"A permission enables fine-grained delegation of rights. A permission is\n" +"a human-readable wrapper around a 389-ds Access Control Rule,\n" +"or instruction (ACI).\n" +"A permission grants the right to perform a specific task such as adding a\n" +"user, modifying a group, etc.\n" msgstr "" -#: ipaserver/plugins/cert.py:101 +#: ipaserver/plugins/permission.py:49 msgid "" "\n" -" Request a new certificate and add the principal:\n" -" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" +"A permission may not contain other permissions.\n" msgstr "" -#: ipaserver/plugins/cert.py:104 +#: ipaserver/plugins/permission.py:51 msgid "" "\n" -" Retrieve an existing certificate:\n" -" ipa cert-show 1032\n" +"* A permission grants access to read, write, add, delete, read, search,\n" +" or compare.\n" +"* A privilege combines similar permissions (for example all the permissions\n" +" needed to add a user).\n" +"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" msgstr "" -#: ipaserver/plugins/cert.py:107 +#: ipaserver/plugins/permission.py:57 msgid "" "\n" -" Revoke a certificate (see RFC 5280 for reason details):\n" -" ipa cert-revoke --revocation-reason=6 1032\n" -msgstr "" - -#: ipaserver/plugins/cert.py:110 -msgid "" +"A permission is made up of a number of different parts:\n" "\n" -" Remove a certificate from revocation hold status:\n" -" ipa cert-remove-hold 1032\n" +"1. The name of the permission.\n" +"2. The target of the permission.\n" +"3. The rights granted by the permission.\n" msgstr "" -#: ipaserver/plugins/cert.py:113 +#: ipaserver/plugins/permission.py:63 msgid "" "\n" -" Check the status of a signing request:\n" -" ipa cert-status 10\n" +"Rights define what operations are allowed, and may be one or more\n" +"of the following:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. search - search on one or more attributes\n" +"4. compare - compare one or more attributes\n" +"5. add - add a new entry to the tree\n" +"6. delete - delete an existing entry\n" +"7. all - all permissions are granted\n" msgstr "" -#: ipaserver/plugins/cert.py:116 +#: ipaserver/plugins/permission.py:73 msgid "" "\n" -" Search for certificates by hostname:\n" -" ipa cert-find --subject=ipaserver.example.com\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" msgstr "" -#: ipaserver/plugins/cert.py:119 +#: ipaserver/plugins/permission.py:77 msgid "" "\n" -" Search for revoked certificates by reason:\n" -" ipa cert-find --revocation-reason=5\n" +"There are a number of allowed targets:\n" +"1. subtree: a DN; the permission applies to the subtree under this DN\n" +"2. target filter: an LDAP filter\n" +"3. target: DN with possible wildcards, specifies entries permission applies " +"to\n" msgstr "" -#: ipaserver/plugins/cert.py:122 +#: ipaserver/plugins/permission.py:82 msgid "" "\n" -" Search for certificates based on issuance date\n" -" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +"Additionally, there are the following convenience options.\n" +"Setting one of these options will set the corresponding attribute(s).\n" +"1. type: a type of object (user, group, etc); sets subtree and target " +"filter.\n" +"2. memberof: apply to members of a group; sets target filter\n" +"3. targetgroup: grant access to modify a specific group (such as granting\n" +" the rights to manage group membership); sets target.\n" msgstr "" -#: ipaserver/plugins/cert.py:125 +#: ipaserver/plugins/permission.py:89 msgid "" "\n" -" Search for certificates owned by a specific user:\n" -" ipa cert-find --user=user\n" +"Managed permissions\n" msgstr "" -#: ipaserver/plugins/cert.py:128 +#: ipaserver/plugins/permission.py:91 msgid "" "\n" -" Examine a certificate:\n" -" ipa cert-find --file=cert.pem --all\n" +"Permissions that come with IPA by default can be so-called \"managed\"\n" +"permissions. These have a default set of attributes they apply to,\n" +"but the administrator can add/remove individual attributes to/from the set.\n" msgstr "" -#: ipaserver/plugins/cert.py:131 +#: ipaserver/plugins/permission.py:95 msgid "" "\n" -" Verify that a certificate is owned by a specific user:\n" -" ipa cert-find --file=cert.pem --user=user\n" +"Deleting or renaming a managed permission, as well as changing its target,\n" +"is not allowed.\n" msgstr "" -#: ipaserver/plugins/cert.py:134 +#: ipaserver/plugins/permission.py:100 msgid "" "\n" -"IPA currently immediately issues (or declines) all certificate requests so\n" -"the status of a request is not normally useful. This is for future use\n" -"or the case where a CA does not immediately issue a certificate.\n" +" Add a permission that grants the creation of users:\n" +" ipa permission-add --type=user --permissions=add \"Add Users\"\n" msgstr "" -#: ipaserver/plugins/cert.py:138 +#: ipaserver/plugins/permission.py:103 msgid "" "\n" -"The following revocation reasons are supported:\n" -"\n" -msgstr "" - -#: ipaserver/plugins/cert.py:141 -msgid " * 0 - unspecified\n" -msgstr "" - -#: ipaserver/plugins/cert.py:142 -msgid " * 1 - keyCompromise\n" -msgstr "" - -#: ipaserver/plugins/cert.py:143 -msgid " * 2 - cACompromise\n" +" Add a permission that grants the ability to manage group membership:\n" +" ipa permission-add --attrs=member --permissions=write --type=group " +"\"Manage Group Members\"\n" msgstr "" -#: ipaserver/plugins/cert.py:144 -msgid " * 3 - affiliationChanged\n" +#: ipaserver/plugins/permission.py:130 +msgid "must be enclosed in parentheses" msgstr "" -#: ipaserver/plugins/cert.py:145 -msgid " * 4 - superseded\n" +#: ipaserver/plugins/permission.py:150 +#, python-format +msgid "\"%s\" is not an object type" msgstr "" -#: ipaserver/plugins/cert.py:146 -msgid " * 5 - cessationOfOperation\n" +#: ipaserver/plugins/permission.py:152 ipaserver/plugins/permission.py:930 +#, python-format +msgid "\"%s\" is not a valid permission type" msgstr "" -#: ipaserver/plugins/cert.py:147 -msgid " * 6 - certificateHold\n" +#: ipaserver/plugins/permission.py:354 +#, python-format +msgid "Deprecated; use %s" msgstr "" -#: ipaserver/plugins/cert.py:148 -msgid " * 8 - removeFromCRL\n" +#: ipaserver/plugins/permission.py:371 +#, python-format +msgid "Permission with unknown flag %s may not be modified or removed" msgstr "" -#: ipaserver/plugins/cert.py:149 -msgid " * 9 - privilegeWithdrawn\n" +#: ipaserver/plugins/permission.py:375 +msgid "A SYSTEM permission may not be modified or removed" msgstr "" -#: ipaserver/plugins/cert.py:150 -msgid " * 10 - aACompromise\n" +#: ipaserver/plugins/permission.py:638 +#, python-format +msgid "Entry %s not found" msgstr "" -#: ipaserver/plugins/cert.py:151 -msgid "" -"\n" -"Note that reason code 7 is not used. See RFC 5280 for more details:\n" +#: ipaserver/plugins/permission.py:749 +#, python-format +msgid "The ACI for permission %(name)s was not found in %(dn)s " msgstr "" -#: ipaserver/plugins/cert.py:153 +#: ipaserver/plugins/permission.py:853 msgid "" -"\n" -"http://www.ietf.org/rfc/rfc5280.txt\n" -"\n" +"cannot specify full target filter and extra target filter simultaneously" msgstr "" -#: ipaserver/plugins/cert.py:289 +#: ipaserver/plugins/permission.py:876 #, python-format -msgid "" -"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile " -"'%(profile_id)s' for certificate issuance." +msgid "option was renamed; use %s" msgstr "" -#: ipaserver/plugins/cert.py:309 -msgid "enabledService/configuredService not in ipaConfigString kdc entry" +#: ipaserver/plugins/permission.py:880 +#, python-format +msgid "Cannot use %(old_name)s with %(new_name)s" msgstr "" -#: ipaserver/plugins/cert.py:313 +#: ipaserver/plugins/permission.py:894 ipaserver/plugins/permission.py:909 #, python-format -msgid "Host '%(hostname)s' is not an active KDC" +msgid "%s: group not found" msgstr "" -#: ipaserver/plugins/cert.py:347 -msgid "Issuing CA" +#: ipaserver/plugins/permission.py:904 +msgid "target and targetgroup are mutually exclusive" msgstr "" -#: ipaserver/plugins/cert.py:348 -msgid "Name of issuing CA" +#: ipaserver/plugins/permission.py:925 +msgid "subtree and type are mutually exclusive" msgstr "" -#: ipaserver/plugins/cert.py:370 -msgid "Subject email address" +#: ipaserver/plugins/permission.py:963 +msgid "Bad search filter" msgstr "" -#: ipaserver/plugins/cert.py:375 -msgid "Subject DNS name" +#: ipaserver/plugins/permission.py:973 +#, python-format +msgid "Entry %s does not exist" msgstr "" -#: ipaserver/plugins/cert.py:380 -msgid "Subject X.400 address" +#: ipaserver/plugins/permission.py:982 +msgid "" +"there must be at least one target entry specifier (e.g. target, " +"targetfilter, attrs)" msgstr "" -#: ipaserver/plugins/cert.py:385 -msgid "Subject directory name" +#: ipaserver/plugins/permission.py:994 ipaserver/plugins/permission.py:1022 +#, python-format +msgid "Added permission \"%(value)s\"" msgstr "" -#: ipaserver/plugins/cert.py:390 -msgid "Subject EDI Party name" +#: ipaserver/plugins/permission.py:1049 +msgid "attrs and included attributes are mutually exclusive" msgstr "" -#: ipaserver/plugins/cert.py:395 -msgid "Subject URI" +#: ipaserver/plugins/permission.py:1081 +#, python-format +msgid "Cannot store permission ACI to %s" msgstr "" -#: ipaserver/plugins/cert.py:400 -msgid "Subject IP Address" +#: ipaserver/plugins/permission.py:1092 +#, python-format +msgid "Deleted permission \"%(value)s\"" msgstr "" -#: ipaserver/plugins/cert.py:405 -msgid "Subject OID" +#: ipaserver/plugins/permission.py:1112 +msgid "cannot delete managed permissions" msgstr "" -#: ipaserver/plugins/cert.py:410 -msgid "Subject UPN" +#: ipaserver/plugins/permission.py:1118 +#, python-format +msgid "ACI of permission %s was not found" msgstr "" -#: ipaserver/plugins/cert.py:415 -msgid "Subject Kerberos principal name" +#: ipaserver/plugins/permission.py:1127 +#, python-format +msgid "Modified permission \"%(value)s\"" msgstr "" -#: ipaserver/plugins/cert.py:420 -msgid "Subject Other Name" +#: ipaserver/plugins/permission.py:1162 +msgid "cannot rename managed permissions" msgstr "" -#: ipaserver/plugins/cert.py:431 ipaserver/plugins/host.py:552 -#: ipaserver/plugins/service.py:577 -msgid "Not Before" +#: ipaserver/plugins/permission.py:1169 ipaserver/plugins/permission.py:1173 +msgid "not modifiable on managed permissions" msgstr "" -#: ipaserver/plugins/cert.py:436 ipaserver/plugins/host.py:556 -#: ipaserver/plugins/service.py:581 -msgid "Not After" +#: ipaserver/plugins/permission.py:1180 +msgid "only available on managed permissions" msgstr "" -#: ipaserver/plugins/cert.py:441 ipaserver/plugins/host.py:560 -#: ipaserver/plugins/service.py:585 -msgid "Fingerprint (SHA1)" +#: ipaserver/plugins/permission.py:1187 ipaserver/plugins/permission.py:1313 +msgid "attrs and included/excluded attributes are mutually exclusive" msgstr "" -#: ipaserver/plugins/cert.py:446 ipaserver/plugins/host.py:564 -#: ipaserver/plugins/service.py:589 -msgid "Fingerprint (SHA256)" +#: ipaserver/plugins/permission.py:1198 +msgid "cannot set bindtype for a permission that is assigned to a privilege" msgstr "" -#: ipaserver/plugins/cert.py:458 -msgid "Serial number (hex)" -msgstr "" +#: ipaserver/plugins/permission.py:1302 +#, python-format +msgid "%(count)d permission matched" +msgid_plural "%(count)d permissions matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/cert.py:581 -msgid "Request status" +#: ipaserver/plugins/pwpolicy.py:43 +msgid "" +"\n" +"Password policy\n" +"\n" +"A password policy sets limitations on IPA passwords, including maximum\n" +"lifetime, minimum lifetime, the number of passwords to save in\n" +"history, the number of character classes required (for stronger passwords)\n" +"and the minimum password length.\n" +"\n" +"By default there is a single, global policy for all users. You can also\n" +"create a password policy to apply to a group. Each user is only subject\n" +"to one password policy, either the group policy or the global policy. A\n" +"group policy stands alone; it is not a super-set of the global policy plus\n" +"custom settings.\n" +"\n" +"Each group password policy requires a unique priority setting. If a user\n" +"is in multiple groups that have password policies, this priority determines\n" +"which password policy is applied. A lower value indicates a higher priority\n" +"policy.\n" +"\n" +"Group password policies are automatically removed when the groups they\n" +"are associated with are removed.\n" +"\n" +"Grace period defines the number of LDAP logins allowed after expiration.\n" +"-1 means do not enforce expiration to match previous behavior. 0 allows\n" +"no additional logins after expiration.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Modify the global policy:\n" +" ipa pwpolicy-mod --minlength=10\n" +"\n" +" Add a new group password policy:\n" +" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" +"minlength=8 --priority=10 localadmins\n" +"\n" +" Display the global password policy:\n" +" ipa pwpolicy-show\n" +"\n" +" Display a group password policy:\n" +" ipa pwpolicy-show localadmins\n" +"\n" +" Display the policy that would be applied to a given user:\n" +" ipa pwpolicy-show --user=tuser1\n" +"\n" +" Modify a group password policy:\n" +" ipa pwpolicy-mod --minclasses=2 localadmins\n" msgstr "" -#: ipaserver/plugins/cert.py:627 -msgid "" -"automatically add the principal if it doesn't exist (service principals only)" +#: ipaserver/plugins/pwpolicy.py:96 +msgid "Class of Service object used for linking policies with groups" msgstr "" -#: ipaserver/plugins/cert.py:676 +#: ipaserver/plugins/pwpolicy.py:147 #, python-format -msgid "krbtgt certs can use only the %s profile" +msgid "priority must be a unique value (%(prio)d already used by %(gname)s)" msgstr "" -#: ipaserver/plugins/cert.py:728 -msgid "No Common Name was found in subject of request." +#: ipaserver/plugins/pwpolicy.py:175 +msgid "Add Class of Service entry" msgstr "" -#: ipaserver/plugins/cert.py:736 -#, python-format -msgid "" -"hostname in subject of request '%(cn)s' does not match name or aliases of " -"principal '%(principal)s'" +#: ipaserver/plugins/pwpolicy.py:198 +msgid "Delete Class of Service entry" msgstr "" -#: ipaserver/plugins/cert.py:742 -#, python-format -msgid "" -"hostname in subject of request '%(cn)s' does not match principal hostname " -"'%(hostname)s'" +#: ipaserver/plugins/pwpolicy.py:204 +msgid "Modify Class of Service entry" msgstr "" -#: ipaserver/plugins/cert.py:751 -msgid "DN commonName does not match user's login" +#: ipaserver/plugins/pwpolicy.py:222 +msgid "Display Class of Service entry" msgstr "" -#: ipaserver/plugins/cert.py:765 -msgid "DN emailAddress does not match any of user's email addresses" +#: ipaserver/plugins/pwpolicy.py:228 +msgid "Search for Class of Service entry" msgstr "" -#: ipaserver/plugins/cert.py:774 -#, python-format -msgid "" -"Insufficient 'write' privilege to the 'userCertificate' attribute of entry " -"'%s'." +#: ipaserver/plugins/pwpolicy.py:241 +msgid "password policy" msgstr "" -#: ipaserver/plugins/cert.py:795 ipaserver/plugins/cert.py:913 -#, python-format -msgid "subject alt name type %s is forbidden for user principals" +#: ipaserver/plugins/pwpolicy.py:242 +msgid "password policies" msgstr "" -#: ipaserver/plugins/cert.py:840 -#, python-format -msgid "" -"The service principal for subject alt name %s in certificate request does " -"not exist" +#: ipaserver/plugins/pwpolicy.py:301 +msgid "Password Policies" msgstr "" -#: ipaserver/plugins/cert.py:871 -#, python-format -msgid "" -"Insufficient privilege to create a certificate with subject alt name '%s'." +#: ipaserver/plugins/pwpolicy.py:302 ipaserver/plugins/internal.py:1261 +msgid "Password Policy" msgstr "" -#: ipaserver/plugins/cert.py:889 -#, python-format -msgid "Principal '%s' in subject alt name does not match requested principal" +#: ipaserver/plugins/pwpolicy.py:374 +msgid "Max repeat" msgstr "" -#: ipaserver/plugins/cert.py:898 -msgid "RFC822Name does not match any of user's email addresses" +#: ipaserver/plugins/pwpolicy.py:375 +msgid "Maximum number of same consecutive characters" msgstr "" -#: ipaserver/plugins/cert.py:905 -#, python-format -msgid "subject alt name type %s is forbidden for non-user principals" +#: ipaserver/plugins/pwpolicy.py:383 +msgid "Max sequence" msgstr "" -#: ipaserver/plugins/cert.py:922 -#, python-format -msgid "Subject alt name type %s is forbidden" +#: ipaserver/plugins/pwpolicy.py:384 +msgid "The max. length of monotonic character sequences (abcd)" msgstr "" -#: ipaserver/plugins/cert.py:940 -#, python-format -msgid "CA '%s' is disabled" +#: ipaserver/plugins/pwpolicy.py:392 +msgid "Dictionary check" msgstr "" -#: ipaserver/plugins/cert.py:1027 -msgid "'add' option" +#: ipaserver/plugins/pwpolicy.py:393 +msgid "Check if the password is a dictionary word" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:399 +msgid "User check" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:400 +msgid "Check if the password contains the username" msgstr "" -#: ipaserver/plugins/cert.py:1031 -msgid "The principal for this request doesn't exist." +#: ipaserver/plugins/pwpolicy.py:406 +msgid "Grace login limit" msgstr "" -#: ipaserver/plugins/cert.py:1147 -#, python-format -msgid "IP address in subjectAltName (%s) unreachable from DNS names" +#: ipaserver/plugins/pwpolicy.py:407 +msgid "Number of LDAP authentications allowed after expiration" msgstr "" -#: ipaserver/plugins/cert.py:1164 -#, python-format -msgid "IP address in subjectAltName (%s) does not have PTR record" +#: ipaserver/plugins/pwpolicy.py:483 +msgid "" +"Minimum length must be >= 6 if maxrepeat, maxsequence, dictcheck or " +"usercheck are defined" msgstr "" -#: ipaserver/plugins/cert.py:1176 -#, python-format -msgid "PTR record for SAN IP (%s) does not match A/AAAA records" +#: ipaserver/plugins/pwpolicy.py:509 +msgid "Maximum password life must be equal to or greater than the minimum." msgstr "" -#: ipaserver/plugins/cert.py:1270 ipaserver/plugins/internal.py:706 -#: ipaserver/plugins/internal.py:1036 ipaserver/plugins/internal.py:1361 -#: ipaserver/plugins/internal.py:1964 -msgid "Status" +#: ipaserver/plugins/pwpolicy.py:569 +msgid "cannot delete global password policy" msgstr "" -#: ipaserver/plugins/cert.py:1275 -msgid "Revoked" +#: ipaserver/plugins/pwpolicy.py:605 +msgid "priority cannot be set on global policy" msgstr "" -#: ipaserver/plugins/cert.py:1280 ipaserver/plugins/host.py:568 -#: ipaserver/plugins/internal.py:656 ipaserver/plugins/internal.py:697 -#: ipaserver/plugins/service.py:593 -msgid "Revocation reason" +#: ipaserver/plugins/vault.py:52 +msgid "" +"\n" +"Vaults\n" msgstr "" -#: ipaserver/plugins/cert.py:1281 +#: ipaserver/plugins/vault.py:54 msgid "" -"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for " -"revocation reason details. " +"\n" +"Manage vaults.\n" msgstr "" -#: ipaserver/plugins/cert.py:1303 -#, python-format -msgid "Owner %s" +#: ipaserver/plugins/vault.py:56 +msgid "" +"\n" +"Vault is a secure place to store a secret. One vault can only\n" +"store one secret. When archiving a secret in a vault, the\n" +"existing secret (if any) is overwritten.\n" msgstr "" -#: ipaserver/plugins/cert.py:1390 -#, python-format +#: ipaserver/plugins/vault.py:60 msgid "" -"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found" +"\n" +"Based on the ownership there are three vault categories:\n" +"* user/private vault\n" +"* service vault\n" +"* shared vault\n" msgstr "" -#: ipaserver/plugins/cert.py:1459 -msgid "7 is not a valid revocation reason" +#: ipaserver/plugins/vault.py:65 +msgid "" +"\n" +"User vaults are vaults owned used by a particular user. Private\n" +"vaults are vaults owned the current user. Service vaults are\n" +"vaults owned by a service. Shared vaults are owned by the admin\n" +"but they can be used by other users or services.\n" msgstr "" -#: ipaserver/plugins/cert.py:1559 -msgid "Status of the certificate" +#: ipaserver/plugins/vault.py:70 +msgid "" +"\n" +"Based on the security mechanism there are three types of\n" +"vaults:\n" +"* standard vault\n" +"* symmetric vault\n" +"* asymmetric vault\n" msgstr "" -#: ipaserver/plugins/cert.py:1565 -msgid "Results should contain primary key attribute only (\"certificate\")" +#: ipaserver/plugins/vault.py:76 +msgid "" +"\n" +"Standard vault uses a secure mechanism to transport and\n" +"store the secret. The secret can only be retrieved by users\n" +"that have access to the vault.\n" msgstr "" -#: ipaserver/plugins/cert.py:1581 -#, python-format -msgid "%(count)d certificate matched" -msgid_plural "%(count)d certificates matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/cert.py:1603 -#, python-format -msgid "Search for certificates with these owner %s." +#: ipaserver/plugins/vault.py:80 +msgid "" +"\n" +"Symmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a password before transport.\n" +"The secret can only be retrieved using the same password.\n" msgstr "" -#: ipaserver/plugins/cert.py:1614 -#, python-format -msgid "Search for certificates without these owner %s." +#: ipaserver/plugins/vault.py:84 +msgid "" +"\n" +"Asymmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a public key before transport.\n" +"The secret can only be retrieved using the private key.\n" msgstr "" -#: ipaserver/plugins/config.py:50 +#: ipaserver/plugins/vault.py:90 msgid "" "\n" -"Server configuration\n" -"\n" -"Manage the default values that IPA uses and some of its tuning parameters.\n" -"\n" -"NOTES:\n" -"\n" -"The password notification value (--pwdexpnotify) is stored here so it will\n" -"be replicated. It is not currently used to notify users in advance of an\n" -"expiring password.\n" -"\n" -"Some attributes are read-only, provided only for information purposes. " -"These\n" -"include:\n" -"\n" -"Certificate Subject base: the configured certificate subject base,\n" -" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" -"Password plug-in features: currently defines additional hashes that the\n" -" password will generate (there may be other conditions).\n" -"\n" -"When setting the order list for mapping SELinux users you may need to\n" -"quote the value so it isn't interpreted by the shell.\n" -"\n" -"The maximum length of a hostname in Linux is controlled by\n" -"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n" -"systems, Solaris for example, allows hostnames up to 255 characters.\n" -"This option will allow flexibility in length but by default limiting\n" -"to the Linux maximum length.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Show basic server configuration:\n" -" ipa config-show\n" -"\n" -" Show all configuration options:\n" -" ipa config-show --all\n" -"\n" -" Change maximum username length to 99 characters:\n" -" ipa config-mod --maxusername=99\n" -"\n" -" Change maximum host name length to 255 characters:\n" -" ipa config-mod --maxhostname=255\n" -"\n" -" Increase default time and size limits for maximum IPA server search:\n" -" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" -"\n" -" Set default user e-mail domain:\n" -" ipa config-mod --emaildomain=example.com\n" +" List vaults:\n" +" ipa vault-find\n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:94 +msgid "" "\n" -" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" -" ipa config-mod --enable-migration=TRUE\n" +" Add a standard vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type standard\n" +msgstr "" + +#: ipaserver/plugins/vault.py:99 +msgid "" "\n" -" Define SELinux user map order:\n" -" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" -"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" +" Add a symmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type symmetric --password-file password.txt\n" msgstr "" -#: ipaserver/plugins/config.py:116 -msgid "must be at least 10" +#: ipaserver/plugins/vault.py:104 +msgid "" +"\n" +" Add an asymmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type asymmetric --public-key-file public.pem\n" msgstr "" -#: ipaserver/plugins/config.py:124 -msgid "configuration options" +#: ipaserver/plugins/vault.py:109 +msgid "" +"\n" +" Show a vault:\n" +" ipa vault-show \n" +" [--user |--service |--shared]\n" msgstr "" -#: ipaserver/plugins/config.py:160 ipaserver/plugins/config.py:161 -msgid "Configuration" +#: ipaserver/plugins/vault.py:113 +msgid "" +"\n" +" Modify vault description:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --desc \n" msgstr "" -#: ipaserver/plugins/config.py:172 -msgid "Maximum hostname length" +#: ipaserver/plugins/vault.py:118 +msgid "" +"\n" +" Modify vault type:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --type \n" +" [old password/private key]\n" +" [new password/public key]\n" msgstr "" -#: ipaserver/plugins/config.py:276 ipaserver/plugins/config.py:277 -msgid "Enable adding subids to new users" +#: ipaserver/plugins/vault.py:125 +msgid "" +"\n" +" Modify symmetric vault password:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --change-password\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password \n" +" --new-password \n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password-file \n" +" --new-password-file \n" msgstr "" -#: ipaserver/plugins/config.py:281 -msgid "IPA masters" +#: ipaserver/plugins/vault.py:138 +msgid "" +"\n" +" Modify asymmetric vault keys:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --private-key-file \n" +" --public-key-file \n" msgstr "" -#: ipaserver/plugins/config.py:282 -msgid "List of all IPA masters" +#: ipaserver/plugins/vault.py:144 +msgid "" +"\n" +" Delete a vault:\n" +" ipa vault-del \n" +" [--user |--service |--shared]\n" msgstr "" -#: ipaserver/plugins/config.py:287 -msgid "Hidden IPA masters" +#: ipaserver/plugins/vault.py:148 +msgid "" +"\n" +" Display vault configuration:\n" +" ipa vaultconfig-show\n" msgstr "" -#: ipaserver/plugins/config.py:288 -msgid "List of all hidden IPA masters" +#: ipaserver/plugins/vault.py:151 +msgid "" +"\n" +" Archive data into standard vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" msgstr "" -#: ipaserver/plugins/config.py:293 -msgid "IPA master capable of PKINIT" +#: ipaserver/plugins/vault.py:156 +msgid "" +"\n" +" Archive data into symmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +" --password-file password.txt\n" msgstr "" -#: ipaserver/plugins/config.py:294 -msgid "IPA master which can process PKINIT requests" +#: ipaserver/plugins/vault.py:162 +msgid "" +"\n" +" Archive data into asymmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" msgstr "" -#: ipaserver/plugins/config.py:299 -msgid "IPA CA servers" +#: ipaserver/plugins/vault.py:167 +msgid "" +"\n" +" Retrieve data from standard vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" msgstr "" -#: ipaserver/plugins/config.py:300 -msgid "IPA servers configured as certificate authority" +#: ipaserver/plugins/vault.py:172 +msgid "" +"\n" +" Retrieve data from symmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +" --password-file password.txt\n" msgstr "" -#: ipaserver/plugins/config.py:305 -msgid "Hidden IPA CA servers" +#: ipaserver/plugins/vault.py:178 +msgid "" +"\n" +" Retrieve data from asymmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out --private-key-file private.pem\n" msgstr "" -#: ipaserver/plugins/config.py:306 -msgid "Hidden IPA servers configured as certificate authority" +#: ipaserver/plugins/vault.py:183 +msgid "" +"\n" +" Add vault owners:\n" +" ipa vault-add-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" msgstr "" -#: ipaserver/plugins/config.py:311 -msgid "IPA CA renewal master" +#: ipaserver/plugins/vault.py:188 +msgid "" +"\n" +" Delete vault owners:\n" +" ipa vault-remove-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" msgstr "" -#: ipaserver/plugins/config.py:312 -msgid "Renewal master for IPA certificate authority" +#: ipaserver/plugins/vault.py:193 +msgid "" +"\n" +" Add vault members:\n" +" ipa vault-add-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" msgstr "" -#: ipaserver/plugins/config.py:317 ipaserver/plugins/vault.py:990 -msgid "IPA KRA servers" +#: ipaserver/plugins/vault.py:198 +msgid "" +"\n" +" Delete vault members:\n" +" ipa vault-remove-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" msgstr "" -#: ipaserver/plugins/config.py:318 -msgid "IPA servers configured as key recovery agent" +#: ipaserver/plugins/vault.py:250 +msgid "" +"\n" +" Vault Container object.\n" +" " msgstr "" -#: ipaserver/plugins/config.py:323 -msgid "Hidden IPA KRA servers" +#: ipaserver/plugins/vault.py:256 +msgid "vaultcontainer" msgstr "" -#: ipaserver/plugins/config.py:324 -msgid "Hidden IPA servers configured as key recovery agent" +#: ipaserver/plugins/vault.py:257 +msgid "vaultcontainers" msgstr "" -#: ipaserver/plugins/config.py:330 ipaserver/plugins/idviews.py:160 -msgid "Domain resolution order" +#: ipaserver/plugins/vault.py:265 +msgid "Vault Containers" msgstr "" -#: ipaserver/plugins/config.py:331 ipaserver/plugins/idviews.py:161 -msgid "colon-separated list of domains used for short name qualification" +#: ipaserver/plugins/vault.py:266 +msgid "Vault Container" msgstr "" -#: ipaserver/plugins/config.py:336 ipaserver/plugins/dns.py:4128 -msgid "IPA DNS servers" +#: ipaserver/plugins/vault.py:355 +msgid "Service, shared and user options cannot be specified simultaneously" msgstr "" -#: ipaserver/plugins/config.py:337 -msgid "IPA servers configured as domain name server" +#: ipaserver/plugins/vault.py:365 ipaserver/plugins/vault.py:695 +msgid "Host is not supported" msgstr "" -#: ipaserver/plugins/config.py:342 -msgid "Hidden IPA DNS servers" +#: ipaserver/plugins/vault.py:407 ipaserver/plugins/vault.py:431 +#: ipaserver/plugins/vault.py:798 ipaserver/plugins/vault.py:836 +#: ipaserver/plugins/vault.py:892 ipaserver/plugins/vault.py:948 +#: ipaserver/plugins/vault.py:970 ipaserver/plugins/vault.py:1011 +#: ipaserver/plugins/vault.py:1067 ipaserver/plugins/vault.py:1146 +msgid "KRA service is not enabled" msgstr "" -#: ipaserver/plugins/config.py:343 -msgid "Hidden IPA servers configured as domain name server" +#: ipaserver/plugins/vault.py:422 +msgid "Deleted vault container" msgstr "" -#: ipaserver/plugins/config.py:348 ipaserver/plugins/dns.py:4134 -msgid "IPA DNSSec key master" +#: ipaserver/plugins/vault.py:447 ipaserver/plugins/vault.py:472 +#: ipaserver/plugins/vault.py:1203 ipaserver/plugins/vault.py:1228 +#, python-format +msgid "owner %s" msgstr "" -#: ipaserver/plugins/config.py:349 -msgid "DNSec key master" +#: ipaserver/plugins/vault.py:492 +msgid "" +"\n" +" Vault object.\n" +" " msgstr "" -#: ipaserver/plugins/config.py:354 -msgid "Setup SID configuration" +#: ipaserver/plugins/vault.py:498 +msgid "vault" msgstr "" -#: ipaserver/plugins/config.py:355 -msgid "New users and groups automatically get a SID assigned" +#: ipaserver/plugins/vault.py:499 +msgid "vaults" msgstr "" -#: ipaserver/plugins/config.py:360 -msgid "Add SIDs" +#: ipaserver/plugins/vault.py:522 +msgid "Vaults" msgstr "" -#: ipaserver/plugins/config.py:361 -msgid "Add SIDs for existing users and groups" +#: ipaserver/plugins/vault.py:523 +msgid "Vault" msgstr "" -#: ipaserver/plugins/config.py:366 ipaserver/plugins/config.py:367 -msgid "NetBIOS name of the IPA domain" +#: ipaserver/plugins/vault.py:680 +msgid "Service, shared, and user options cannot be specified simultaneously" msgstr "" -#: ipaserver/plugins/config.py:444 -msgid "Empty domain is not allowed" +#: ipaserver/plugins/vault.py:784 +msgid "Add a vault." msgstr "" -#: ipaserver/plugins/config.py:452 +#: ipaserver/plugins/vault.py:790 #, python-format -msgid "Invalid domain name '%(domain)s': %(e)s" +msgid "Added vault \"%(value)s\"" msgstr "" -#: ipaserver/plugins/config.py:457 +#: ipaserver/plugins/vault.py:829 #, python-format -msgid "Server has no information about domain '%(domain)s'" +msgid "Deleted vault \"%(value)s\"" msgstr "" -#: ipaserver/plugins/config.py:464 +#: ipaserver/plugins/vault.py:881 #, python-format -msgid "Disabled domain '%(domain)s' is not allowed" -msgstr "" - -#: ipaserver/plugins/config.py:514 -msgid "not allowed to enable SID generation" -msgstr "" +msgid "%(count)d vault matched" +msgid_plural "%(count)d vaults matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/config.py:522 +#: ipaserver/plugins/vault.py:899 msgid "" -"Up to 15 characters and only uppercase ASCII letters, digits and dashes are " -"allowed. Empty string is not allowed." -msgstr "" - -#: ipaserver/plugins/config.py:550 -msgid "Failed to call DBus" -msgstr "" - -#: ipaserver/plugins/config.py:560 -msgid "Configuration of SID failed. See details in the error log" +"Service(s), shared, and user(s) options cannot be specified simultaneously" msgstr "" -#: ipaserver/plugins/config.py:570 -msgid "The group doesn't exist" +#: ipaserver/plugins/vault.py:939 +#, python-format +msgid "Modified vault \"%(value)s\"" msgstr "" -#: ipaserver/plugins/config.py:588 -#, python-format -msgid "attribute \"%s\" not allowed" +#: ipaserver/plugins/vault.py:981 +msgid "Vault configuration" msgstr "" -#: ipaserver/plugins/config.py:608 -msgid "May not be empty" +#: ipaserver/plugins/vault.py:990 ipaserver/plugins/config.py:317 +msgid "IPA KRA servers" msgstr "" -#: ipaserver/plugins/config.py:627 -#, python-format -msgid "%(obj)s default attribute %(attr)s would not be allowed!" +#: ipaserver/plugins/vault.py:991 +msgid "IPA servers configured as key recovery agents" msgstr "" -#: ipaserver/plugins/config.py:659 -msgid "A list of SELinux users delimited by $ expected" +#: ipaserver/plugins/vault.py:1052 ipaserver/plugins/vault.py:1131 +msgid "Key wrapping algorithm" msgstr "" -#: ipaserver/plugins/config.py:663 +#: ipaserver/plugins/vault.py:1061 #, python-format -msgid "SELinux user '%(user)s' is not valid: %(error)s" +msgid "Archived data into vault \"%(value)s\"" msgstr "" -#: ipaserver/plugins/config.py:675 -msgid "SELinux user map default user not in order list" +#: ipaserver/plugins/vault.py:1120 +msgid "Retrieve data from a vault." msgstr "" -#: ipaserver/plugins/config.py:694 +#: ipaserver/plugins/vault.py:1140 #, python-format -msgid "You cannot specify %s without the --enable-sid option" +msgid "Retrieved data from vault \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:100 -msgid "" -"\n" -"Domain Name System (DNS)\n" +#: ipaserver/plugins/vault.py:1169 +msgid "No archived data." msgstr "" -#: ipaserver/plugins/dns.py:102 -msgid "" -"\n" -"Manage DNS zone and resource records.\n" +#: ipaserver/plugins/vault.py:1262 +msgid "Checks if any of the servers has the KRA service enabled" msgstr "" -#: ipaserver/plugins/dns.py:104 +#: ipaserver/plugins/otptoken.py:42 msgid "" "\n" -"SUPPORTED ZONE TYPES\n" -"\n" -" * Master zone (dnszone-*), contains authoritative data.\n" -" * Forward zone (dnsforwardzone-*), forwards queries to configured " -"forwarders\n" -" (a set of DNS servers).\n" +"OTP Tokens\n" msgstr "" -#: ipaserver/plugins/dns.py:110 +#: ipaserver/plugins/otptoken.py:44 msgid "" "\n" -"USING STRUCTURED PER-TYPE OPTIONS\n" +"Manage OTP tokens.\n" msgstr "" -#: ipaserver/plugins/dns.py:112 +#: ipaserver/plugins/otptoken.py:46 msgid "" "\n" -"There are many structured DNS RR types where DNS data stored in LDAP server\n" -"is not just a scalar value, for example an IP address or a domain name, but\n" -"a data structure which may be often complex. A good example is a LOC record\n" -"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" -"minutes, seconds of latitude and longitude, altitude or precision).\n" +"IPA supports the use of OTP tokens for multi-factor authentication. This\n" +"code enables the management of OTP tokens.\n" msgstr "" -#: ipaserver/plugins/dns.py:118 +#: ipaserver/plugins/otptoken.py:51 msgid "" "\n" -"It may be difficult to manipulate such DNS records without making a mistake\n" -"and entering an invalid value. DNS module provides an abstraction over " -"these\n" -"raw records and allows to manipulate each RR type with specific options. " -"For\n" -"each supported RR type, DNS module provides a standard option to manipulate\n" -"a raw records with format ---rec, e.g. --mx-rec, and special " -"options\n" -"for every part of the RR structure with format ---, e.g.\n" -"--mx-preference and --mx-exchanger.\n" +" Add a new token:\n" +" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" msgstr "" -#: ipaserver/plugins/dns.py:126 +#: ipaserver/plugins/otptoken.py:54 msgid "" "\n" -"When adding a record, either RR specific options or standard option for a " -"raw\n" -"value can be used, they just should not be combined in one add operation. " -"When\n" -"modifying an existing entry, new RR specific options can be used to change\n" -"one part of a DNS record, where the standard option for raw value is used\n" -"to specify the modified value. The following example demonstrates\n" -"a modification of MX record preference from 0 to 1 in a record without\n" -"modifying the exchanger:\n" -"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +" Examine the token:\n" +" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" -#: ipaserver/plugins/dns.py:135 +#: ipaserver/plugins/otptoken.py:57 msgid "" "\n" -"\n" -"EXAMPLES:\n" +" Change the vendor:\n" +" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red " +"Hat\"\n" msgstr "" -#: ipaserver/plugins/dns.py:138 +#: ipaserver/plugins/otptoken.py:60 msgid "" "\n" -" Add new zone:\n" -" ipa dnszone-add example.com --admin-email=admin@example.com\n" +" Delete a token:\n" +" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" -#: ipaserver/plugins/dns.py:141 -msgid "" -"\n" -" Add system permission that can be used for per-zone privilege delegation:\n" -" ipa dnszone-add-permission example.com\n" +#: ipaserver/plugins/otptoken.py:137 +msgid "OTP token" msgstr "" -#: ipaserver/plugins/dns.py:144 -msgid "" -"\n" -" Modify the zone to allow dynamic updates for hosts own records in realm " -"EXAMPLE.COM:\n" -" ipa dnszone-mod example.com --dynamic-update=TRUE\n" +#: ipaserver/plugins/otptoken.py:138 +msgid "OTP tokens" msgstr "" -#: ipaserver/plugins/dns.py:147 -msgid "" -"\n" -" This is the equivalent of:\n" -" ipa dnszone-mod example.com --dynamic-update=TRUE \\\n" -" --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM " -"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" +#: ipaserver/plugins/otptoken.py:154 +msgid "OTP Tokens" msgstr "" -#: ipaserver/plugins/dns.py:151 -msgid "" -"\n" -" Modify the zone to allow zone transfers for local network only:\n" -" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" +#: ipaserver/plugins/otptoken.py:155 +msgid "OTP Token" msgstr "" -#: ipaserver/plugins/dns.py:154 -msgid "" -"\n" -" Add new reverse zone specified by network IP address:\n" -" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" +#: ipaserver/plugins/otptoken.py:272 +msgid "URI" msgstr "" -#: ipaserver/plugins/dns.py:157 -msgid "" -"\n" -" Add second nameserver for example.com:\n" -" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" +#: ipaserver/plugins/otptoken.py:281 +#, python-format +msgid "Added OTP token \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:160 -msgid "" -"\n" -" Add a mail server for example.com:\n" -" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" +#: ipaserver/plugins/otptoken.py:335 +msgid "cannot be empty" msgstr "" -#: ipaserver/plugins/dns.py:163 -msgid "" -"\n" -" Add another record using MX record specific options:\n" -" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" +#: ipaserver/plugins/otptoken.py:367 +#, python-format +msgid "Deleted OTP token \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:166 -msgid "" -"\n" -" Add another record using interactive mode (started when dnsrecord-add, " -"dnsrecord-mod,\n" -" or dnsrecord-del are executed with no options):\n" -" ipa dnsrecord-add example.com @\n" -" Please choose a type of DNS resource record to be added\n" -" The most common types for this type of zone are: NS, MX, LOC\n" -"\n" -" DNS resource record type: MX\n" -" MX Preference: 30\n" -" MX Exchanger: mail3\n" -" Record name: example.com\n" -" MX record: 10 mail1, 20 mail2, 30 mail3\n" -" NS record: nameserver.example.com., nameserver2.example.com.\n" +#: ipaserver/plugins/otptoken.py:373 +#, python-format +msgid "Modified OTP token \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:179 -msgid "" -"\n" -" Delete previously added nameserver from example.com:\n" -" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" +#: ipaserver/plugins/otptoken.py:422 +#, python-format +msgid "%(count)d OTP token matched" +msgid_plural "%(count)d OTP tokens matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/baseldap.py:101 +msgid "Member service groups" msgstr "" -#: ipaserver/plugins/dns.py:182 -msgid "" -"\n" -" Add LOC record for example.com:\n" -" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " -"227.64m\"\n" +#: ipaserver/plugins/baseldap.py:110 +msgid "Member HBAC service groups" msgstr "" -#: ipaserver/plugins/dns.py:185 -msgid "" -"\n" -" Add new A record for www.example.com. Create a reverse record in " -"appropriate\n" -" reverse zone as well. In this case a PTR record \"2\" pointing to www." -"example.com\n" -" will be created in zone 2.0.192.in-addr.arpa.\n" -" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" +#: ipaserver/plugins/baseldap.py:127 +msgid "Member ID user overrides" msgstr "" -#: ipaserver/plugins/dns.py:190 -msgid "" -"\n" -" Add new PTR record for www.example.com\n" -" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" +#: ipaserver/plugins/baseldap.py:129 +msgid "Indirect Member ID user overrides" msgstr "" -#: ipaserver/plugins/dns.py:193 -msgid "" -"\n" -" Add new SRV records for LDAP servers. Three quarters of the requests\n" -" should go to fast.example.com, one quarter to slow.example.com. If neither\n" -" is available, switch to backup.example.com.\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." -"com\"\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." -"com\"\n" -" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." -"example.com\"\n" +#: ipaserver/plugins/baseldap.py:146 +msgid "Indirect Member permissions" msgstr "" -#: ipaserver/plugins/dns.py:200 -msgid "" -"\n" -" The interactive mode can be used for easy modification:\n" -" ipa dnsrecord-mod example.com _ldap._tcp\n" -" No option to modify specific record provided.\n" -" Current DNS record contents:\n" -"\n" -" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " -"backup.example.com\n" -"\n" -" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" -" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" -" SRV Priority [0]: (keep the default value)\n" -" SRV Weight [1]: 2 (modified value)\n" -" SRV Port [389]: (keep the default value)\n" -" SRV Target [slow.example.com]: (keep the default value)\n" -" 1 SRV record skipped. Only one value per DNS record type can be modified " -"at one time.\n" -" Record name: _ldap._tcp\n" -" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " -"389 slow.example.com\n" +#: ipaserver/plugins/baseldap.py:149 +msgid "Indirect Member HBAC service" msgstr "" -#: ipaserver/plugins/dns.py:217 -msgid "" -"\n" -" After this modification, three fifths of the requests should go to\n" -" fast.example.com and two fifths to slow.example.com.\n" +#: ipaserver/plugins/baseldap.py:152 +msgid "Indirect Member HBAC service group" msgstr "" -#: ipaserver/plugins/dns.py:220 -msgid "" -"\n" -" An example of the interactive mode for dnsrecord-del command:\n" -" ipa dnsrecord-del example.com www\n" -" No option to delete specific record provided.\n" -" Delete all? Yes/No (default No): (do not delete all records)\n" -" Current DNS record contents:\n" -"\n" -" A record: 192.0.2.2, 192.0.2.3\n" -"\n" -" Delete A record '192.0.2.2'? Yes/No (default No):\n" -" Delete A record '192.0.2.3'? Yes/No (default No): y\n" -" Record name: www\n" -" A record: 192.0.2.2 (A record 192.0.2.3 has been " -"deleted)\n" +#: ipaserver/plugins/baseldap.py:213 +msgid "Invalid format. Should be name=value" +msgstr "" + +#: ipaserver/plugins/baseldap.py:584 +msgid "An IPA master host cannot be deleted or disabled" +msgstr "" + +#: ipaserver/plugins/baseldap.py:615 +msgid "entry" +msgstr "" + +#: ipaserver/plugins/baseldap.py:616 +msgid "entries" msgstr "" -#: ipaserver/plugins/dns.py:233 -msgid "" -"\n" -" Show zone example.com:\n" -" ipa dnszone-show example.com\n" +#: ipaserver/plugins/baseldap.py:654 ipaserver/plugins/baseldap.py:655 +msgid "Entry" msgstr "" -#: ipaserver/plugins/dns.py:236 -msgid "" -"\n" -" Find zone with \"example\" in its domain name:\n" -" ipa dnszone-find example\n" +#: ipaserver/plugins/baseldap.py:658 +#, python-format +msgid "container entry (%(container)s) not found" msgstr "" -#: ipaserver/plugins/dns.py:239 -msgid "" -"\n" -" Find records for resources with \"www\" in their name in zone example.com:\n" -" ipa dnsrecord-find example.com www\n" +#: ipaserver/plugins/baseldap.py:659 +#, python-format +msgid "%(parent)s: %(oname)s not found" msgstr "" -#: ipaserver/plugins/dns.py:242 -msgid "" -"\n" -" Find A records with value 192.0.2.2 in zone example.com\n" -" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" +#: ipaserver/plugins/baseldap.py:660 ipaserver/plugins/schema.py:257 +#: ipaserver/plugins/schema.py:333 ipaserver/plugins/schema.py:424 +#: ipaserver/plugins/schema.py:663 ipaserver/plugins/schema.py:756 +#, python-format +msgid "%(pkey)s: %(oname)s not found" msgstr "" -#: ipaserver/plugins/dns.py:245 -msgid "" -"\n" -" Show records for resource www in zone example.com\n" -" ipa dnsrecord-show example.com www\n" +#: ipaserver/plugins/baseldap.py:661 +#, python-format +msgid "%(oname)s with name \"%(pkey)s\" already exists" msgstr "" -#: ipaserver/plugins/dns.py:248 -msgid "" -"\n" -" Delegate zone sub.example to another nameserver:\n" -" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" -" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +#: ipaserver/plugins/baseldap.py:954 ipaserver/plugins/baseldap.py:962 +#, python-format +msgid "attribute \"%(attribute)s\" not allowed" msgstr "" -#: ipaserver/plugins/dns.py:252 -msgid "" -"\n" -" Delete zone example.com with all resource records:\n" -" ipa dnszone-del example.com\n" +#: ipaserver/plugins/baseldap.py:967 +#, python-format +msgid "these attributes are not allowed: %(attrs)s" msgstr "" -#: ipaserver/plugins/dns.py:255 -msgid "" -"\n" -" If a global forwarder is configured, all queries for which this server is " -"not\n" -" authoritative (e.g. sub.example.com) will be routed to the global " -"forwarder.\n" -" Global forwarding configuration can be overridden per-zone.\n" +#: ipaserver/plugins/baseldap.py:1025 +msgid "attribute is not configurable" msgstr "" -#: ipaserver/plugins/dns.py:259 -msgid "" -"\n" -" Semantics of forwarding in IPA matches BIND semantics and depends on the " -"type\n" -" of zone:\n" -" * Master zone: local BIND replies authoritatively to queries for data in\n" -" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" -" affects only queries for names below zone cuts (NS records) of locally\n" -" served zones.\n" -"\n" -" * Forward zone: forward zone contains no authoritative data. BIND " -"forwards\n" -" queries, which cannot be answered from its local cache, to configured\n" -" forwarders.\n" +#: ipaserver/plugins/baseldap.py:1128 +msgid "No such attribute on this entry" msgstr "" -#: ipaserver/plugins/dns.py:270 -msgid "" -"\n" -" Semantics of the --forward-policy option:\n" -" * none - disable forwarding for the given zone.\n" -" * first - forward all queries to configured forwarders. If they fail,\n" -" do resolution using DNS root servers.\n" -" * only - forward all queries to configured forwarders and if they fail,\n" -" return failure.\n" +#: ipaserver/plugins/baseldap.py:1488 +#, python-format +msgid "Rename the %(ldap_obj_name)s object" msgstr "" -#: ipaserver/plugins/dns.py:277 -msgid "" -"\n" -" Disable global forwarding for given sub-tree:\n" -" ipa dnszone-mod example.com --forward-policy=none\n" +#: ipaserver/plugins/baseldap.py:1586 ipaserver/plugins/baseldap.py:2494 +msgid "the entry was deleted while being modified" msgstr "" -#: ipaserver/plugins/dns.py:280 -msgid "" -"\n" -" This configuration forwards all queries for names outside the example.com\n" -" sub-tree to global forwarders. Normal recursive resolution process is used\n" -" for names inside the example.com sub-tree (i.e. NS records are followed " -"etc.).\n" +#: ipaserver/plugins/baseldap.py:1719 ipaserver/plugins/baseldap.py:2221 +#, python-format +msgid "%s" msgstr "" -#: ipaserver/plugins/dns.py:284 -msgid "" -"\n" -" Forward all requests for the zone external.example.com to another " -"forwarder\n" -" using a \"first\" policy (it will send the queries to the selected " -"forwarder\n" -" and if not answered it will use global root servers):\n" -" ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n" -" --forwarder=203.0.113.1\n" +#: ipaserver/plugins/baseldap.py:1762 ipaserver/plugins/baseldap.py:2245 +#, python-format +msgid "%s to add" msgstr "" -#: ipaserver/plugins/dns.py:290 -msgid "" -"\n" -" Change forward-policy for external.example.com:\n" -" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" +#: ipaserver/plugins/baseldap.py:1861 ipaserver/plugins/baseldap.py:2344 +#, python-format +msgid "%s to remove" msgstr "" -#: ipaserver/plugins/dns.py:293 -msgid "" -"\n" -" Show forward zone external.example.com:\n" -" ipa dnsforwardzone-show external.example.com\n" +#: ipaserver/plugins/baseldap.py:1961 ipaserver/plugins/schema.py:122 +#, python-format +msgid "Results should contain primary key attribute only (\"%s\")" msgstr "" -#: ipaserver/plugins/dns.py:296 +#: ipaserver/plugins/baseldap.py:1969 +#, python-format msgid "" -"\n" -" List all forward zones:\n" -" ipa dnsforwardzone-find\n" +"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s." msgstr "" -#: ipaserver/plugins/dns.py:299 +#: ipaserver/plugins/baseldap.py:1970 +#, python-format msgid "" -"\n" -" Delete forward zone external.example.com:\n" -" ipa dnsforwardzone-del external.example.com\n" +"Search for %(searched_object)s without these %(relationship)s " +"%(ldap_object)s." msgstr "" -#: ipaserver/plugins/dns.py:302 -msgid "" -"\n" -" Resolve a host name to see if it exists (will add default IPA domain\n" -" if one is not included):\n" -" ipa dns-resolve www.example.com\n" -" ipa dns-resolve www\n" +#: ipaserver/plugins/baseldap.py:2525 +#, python-format +msgid "added attribute value to entry %(value)s" msgstr "" -#: ipaserver/plugins/dns.py:307 +#: ipaserver/plugins/baseldap.py:2539 +#, python-format +msgid "removed attribute values from entry %(value)s" +msgstr "" + +#: ipaserver/plugins/baseldap.py:2548 +msgid "one or more values to remove" +msgstr "" + +#: ipaserver/plugins/trust.py:83 msgid "" "\n" +"Cross-realm trusts\n" +"\n" +"Manage trust relationship between IPA and Active Directory domains.\n" +"\n" +"In order to allow users from a remote domain to access resources in IPA " +"domain,\n" +"trust relationship needs to be established. Currently IPA supports only " +"trusts\n" +"between IPA and Active Directory domains under control of Windows Server " +"2008\n" +"or later, with functional level 2008 or later.\n" +"\n" +"Please note that DNS on both IPA and Active Directory domain sides should " +"be\n" +"configured properly to discover each other. Trust relationship relies on\n" +"ability to discover special resources in the other domain via DNS records.\n" +"\n" +"Examples:\n" +"\n" +"1. Establish cross-realm trust with Active Directory using AD administrator\n" +" credentials:\n" +"\n" +" ipa trust-add --type=ad --admin --password\n" +"\n" +"2. List all existing trust relationships:\n" +"\n" +" ipa trust-find\n" +"\n" +"3. Show details of the specific trust relationship:\n" +"\n" +" ipa trust-show \n" +"\n" +"4. Delete existing trust relationship:\n" +"\n" +" ipa trust-del \n" +"\n" +"Once trust relationship is established, remote users will need to be mapped\n" +"to local POSIX groups in order to actually use IPA resources. The mapping\n" +"should be done via use of external membership of non-POSIX group and then\n" +"this group should be included into one of local POSIX groups.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local " +"POSIX\n" +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' " +"ad_admins_external --external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the\n" +" ad_admins_external group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with\n" +" ad_admins POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see\n" +" their SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +"\n" +"\n" +"GLOBAL TRUST CONFIGURATION\n" +"\n" +"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n" +"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" +"identifiers are then used when communicating with a trusted domain of the\n" +"particular type.\n" +"\n" +"1. Show global trust configuration for Active Directory type of trusts:\n" "\n" -"GLOBAL DNS CONFIGURATION\n" -msgstr "" - -#: ipaserver/plugins/dns.py:310 -msgid "" +" ipa trustconfig-show --type ad\n" "\n" -"DNS configuration passed to command line install script is stored in a " -"local\n" -"configuration file on each IPA server where DNS service is configured. " -"These\n" -"local settings can be overridden with a common configuration stored in LDAP\n" -"server:\n" -msgstr "" - -#: ipaserver/plugins/dns.py:315 -msgid "" +"2. Modify global configuration for all trusts of Active Directory type and " +"set\n" +" a different fallback primary group (fallback primary group GID is used as " +"a\n" +" primary user GID if user authenticating to IPA domain does not have any\n" +" other primary GID already set):\n" "\n" -" Show global DNS configuration:\n" -" ipa dnsconfig-show\n" -msgstr "" - -#: ipaserver/plugins/dns.py:318 -msgid "" +" ipa trustconfig-mod --type ad --fallback-primary-group \"another AD " +"group\"\n" "\n" -" Modify global DNS configuration and set a list of global forwarders:\n" -" ipa dnsconfig-mod --forwarder=203.0.113.113\n" -msgstr "" - -#: ipaserver/plugins/dns.py:406 -msgid "invalid IP network format" -msgstr "" - -#: ipaserver/plugins/dns.py:415 -msgid "each ACL element must be terminated with a semicolon" -msgstr "" - -#: ipaserver/plugins/dns.py:431 -msgid "invalid address format" -msgstr "" - -#: ipaserver/plugins/dns.py:475 -msgid "" -"expected format: <0-255> <0-255> <0-65535> even-" -"length_hexadecimal_digits_or_hyphen" -msgstr "" - -#: ipaserver/plugins/dns.py:484 -msgid "algorithm value: allowed interval 0-255" -msgstr "" - -#: ipaserver/plugins/dns.py:487 -msgid "flags value: allowed interval 0-255" -msgstr "" - -#: ipaserver/plugins/dns.py:490 -msgid "iterations value: allowed interval 0-65535" -msgstr "" - -#: ipaserver/plugins/dns.py:498 -#, python-format -msgid "salt value: %(err)s" -msgstr "" - -#: ipaserver/plugins/dns.py:505 -msgid "invalid domain-name: not fully qualified" -msgstr "" - -#: ipaserver/plugins/dns.py:514 -msgid "should not be a wildcard domain name (RFC 4592 section 4)" +"3. Change primary fallback group back to default hidden group (any group " +"with\n" +" posixGroup object class is allowed):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB " +"Group\"\n" msgstr "" -#: ipaserver/plugins/dns.py:555 +#: ipaserver/plugins/trust.py:226 #, python-format msgid "" -"All nameservers failed to answer the query for DNS reverse zone %(revdns)s" +" Alternatively, following servers are capable of running this command: " +"%(masters)s" msgstr "" -#: ipaserver/plugins/dns.py:561 -#, python-format -msgid "" -"No answers could be found in the specified lifetime for DNS reverse zone " -"%(revdns)s" +#: ipaserver/plugins/trust.py:239 ipaserver/plugins/trust.py:875 +#: ipaserver/plugins/trust.py:891 ipaserver/plugins/trust.py:912 +#: ipaserver/plugins/trust.py:922 ipaserver/plugins/trust.py:1075 +#: ipaserver/plugins/trust.py:1110 +msgid "AD Trust setup" msgstr "" -#: ipaserver/plugins/dns.py:571 -#, python-format +#: ipaserver/plugins/trust.py:250 msgid "" -"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this " -"server" -msgstr "" - -#: ipaserver/plugins/dns.py:588 -#, python-format -msgid "DNS zone %(zone)s not found" +"Cannot perform the selected command without Samba 4 support installed. Make " +"sure you have installed server-trust-ad sub-package of IPA." msgstr "" -#: ipaserver/plugins/dns.py:603 -#, python-format -msgid "IP address %(ip)s is already assigned in domain %(domain)s." +#: ipaserver/plugins/trust.py:260 +msgid "" +"Cannot perform the selected command without Samba 4 instance configured on " +"this machine. Make sure you have run ipa-adtrust-install on this server." msgstr "" -#: ipaserver/plugins/dns.py:613 -#, python-format +#: ipaserver/plugins/trust.py:477 msgid "" -"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s." +"Fetching domains from trusted forest failed. See details in the error_log" msgstr "" -#: ipaserver/plugins/dns.py:688 -#, python-format -msgid "%s record" +#: ipaserver/plugins/trust.py:490 +msgid "trust" msgstr "" -#: ipaserver/plugins/dns.py:690 -#, python-format -msgid "Raw %s records" +#: ipaserver/plugins/trust.py:491 +msgid "trusts" msgstr "" -#: ipaserver/plugins/dns.py:691 -#, python-format -msgid "%s Record" +#: ipaserver/plugins/trust.py:533 ipaserver/plugins/internal.py:1983 +msgid "Trusts" msgstr "" -#: ipaserver/plugins/dns.py:692 -#, python-format -msgid "(see RFC %s for details)" +#: ipaserver/plugins/trust.py:534 +msgid "Trust" msgstr "" -#: ipaserver/plugins/dns.py:754 -#, python-format -msgid "'%s' is a required part of DNS record" +#: ipaserver/plugins/trust.py:552 +msgid "SID blocklist incoming" msgstr "" -#: ipaserver/plugins/dns.py:761 -msgid "Invalid number of parts!" +#: ipaserver/plugins/trust.py:556 +msgid "SID blocklist outgoing" msgstr "" -#: ipaserver/plugins/dns.py:813 -#, python-format -msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin" +#: ipaserver/plugins/trust.py:559 ipaserver/plugins/internal.py:1570 +msgid "Trust direction" msgstr "" -#: ipaserver/plugins/dns.py:829 -#, python-format -msgid "format must be specified as \"%(format)s\" %(rfcs)s" +#: ipaserver/plugins/trust.py:563 ipaserver/plugins/internal.py:1572 +msgid "Trust type" msgstr "" -#: ipaserver/plugins/dns.py:904 -msgid "Create reverse" +#: ipaserver/plugins/trust.py:567 ipaserver/plugins/internal.py:1571 +msgid "Trust status" msgstr "" -#: ipaserver/plugins/dns.py:940 -#, python-format -msgid "Cannot create reverse record for \"%(value)s\": %(exc)s" +#: ipaserver/plugins/trust.py:572 +msgid "UPN suffixes" msgstr "" -#: ipaserver/plugins/dns.py:1115 ipaserver/plugins/dns.py:1272 -msgid "Exchanger" +#: ipaserver/plugins/trust.py:589 +#, python-brace-format +msgid "invalid SID: {SID}" msgstr "" -#: ipaserver/plugins/dns.py:1190 +#: ipaserver/plugins/trust.py:658 msgid "" -"format must be specified as\n" -" \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] " -"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n" -" where:\n" -" d1: [0 .. 90] (degrees latitude)\n" -" d2: [0 .. 180] (degrees longitude)\n" -" m1, m2: [0 .. 59] (minutes latitude/longitude)\n" -" s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n" -" alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n" -" siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n" -" See RFC 1876 for details" -msgstr "" - -#: ipaserver/plugins/dns.py:1244 -#, python-format -msgid "'%(required)s' must not be empty when '%(name)s' is set" -msgstr "" - -#: ipaserver/plugins/dns.py:1299 -msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\"" +"\n" +"Add new trust to use.\n" +"\n" +"This command establishes trust relationship to another domain\n" +"which becomes 'trusted'. As result, users of the trusted domain\n" +"may access resources of this domain.\n" +"\n" +"Only trusts to Active Directory domains are supported right now.\n" +"\n" +"The command can be safely run multiple times against the same domain,\n" +"this will cause change to trust relationship credentials on both\n" +"sides.\n" +"\n" +"Note that if the command was previously run with a specific range type,\n" +"or with automatic detection of the range type, and you want to configure a\n" +"different range type, you may need to delete first the ID range using\n" +"ipa idrange-del before retrying the command with the desired range type.\n" +" " msgstr "" -#: ipaserver/plugins/dns.py:1360 ipaserver/plugins/dns.py:1490 -msgid "Priority (order)" +#: ipaserver/plugins/trust.py:678 ipaserver/plugins/idrange.py:211 +msgid "Active Directory domain range" msgstr "" -#: ipaserver/plugins/dns.py:1361 -msgid "" -"Lower number means higher priority. Clients will attempt to contact the " -"server with the lowest-numbered priority they can reach." +#: ipaserver/plugins/trust.py:679 ipaserver/plugins/idrange.py:212 +msgid "Active Directory trust range with POSIX attributes" msgstr "" -#: ipaserver/plugins/dns.py:1369 ipaserver/plugins/dns.py:1499 -msgid "Relative weight for entries with the same priority." +#: ipaserver/plugins/trust.py:716 +msgid "Type of trusted domain ID range, one of allowed values" msgstr "" -#: ipaserver/plugins/dns.py:1389 -msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format" +#: ipaserver/plugins/trust.py:728 +msgid "External trust" msgstr "" -#: ipaserver/plugins/dns.py:1491 +#: ipaserver/plugins/trust.py:730 msgid "" -"Lower number means higher priority. Clients will attempt to contact the URI " -"with the lowest-numbered priority they can reach." -msgstr "" - -#: ipaserver/plugins/dns.py:1504 -msgid "Target Uniform Resource Identifier" +"Establish external trust to a domain in another forest. The trust is not " +"transitive beyond the domain." msgstr "" -#: ipaserver/plugins/dns.py:1505 -msgid "Target Uniform Resource Identifier according to RFC 3986" +#: ipaserver/plugins/trust.py:736 +#, python-format +msgid "Added Active Directory trust for realm \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:1587 +#: ipaserver/plugins/trust.py:737 #, python-format -msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record" +msgid "Re-established trust to domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:2056 -msgid "Managedby permission" +#: ipaserver/plugins/trust.py:833 +msgid "missing base_id" msgstr "" -#: ipaserver/plugins/dns.py:2157 -msgid "cannot be used when a zone is specified" +#: ipaserver/plugins/trust.py:835 +msgid "pysss_murmur is not available on the server and no base-id is given." msgstr "" -#: ipaserver/plugins/dns.py:2169 -msgid "Only one zone type is allowed per zone name" +#: ipaserver/plugins/trust.py:845 +msgid "trust type" msgstr "" -#: ipaserver/plugins/dns.py:2312 -#, python-format -msgid "Added system permission \"%(value)s\"" +#: ipaserver/plugins/trust.py:846 +msgid "only \"ad\" is supported" msgstr "" -#: ipaserver/plugins/dns.py:2342 -#, python-format -msgid "permission \"%(value)s\" already exists" +#: ipaserver/plugins/trust.py:853 +msgid "" +"Cannot establish a trust to AD deployed in the same domain as IPA. Such " +"setup is not supported." msgstr "" -#: ipaserver/plugins/dns.py:2370 -#, python-format -msgid "Removed system permission \"%(value)s\"" +#: ipaserver/plugins/trust.py:866 +msgid "Realm-domain mismatch" msgstr "" -#: ipaserver/plugins/dns.py:2406 -msgid "DNS zone" +#: ipaserver/plugins/trust.py:867 +msgid "" +"To establish trust with Active Directory, the domain name and the realm name " +"of the IPA server must match" msgstr "" -#: ipaserver/plugins/dns.py:2407 -msgid "DNS zones" +#: ipaserver/plugins/trust.py:877 ipaserver/plugins/group.py:654 +#: ipaserver/plugins/group.py:711 +msgid "" +"Cannot perform join operation without own domain configured. Make sure you " +"have run ipa-adtrust-install on the IPA server first" msgstr "" -#: ipaserver/plugins/dns.py:2415 -msgid "DNS Zones" +#: ipaserver/plugins/trust.py:893 +#, python-format +msgid "" +"Trusted domain %(domain)s is included among IPA realm domains. It needs to " +"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --" +"del-domain\" command." msgstr "" -#: ipaserver/plugins/dns.py:2416 -msgid "DNS Zone" +#: ipaserver/plugins/trust.py:914 +msgid "Trusted domain and administrator account use different realms" msgstr "" -#: ipaserver/plugins/dns.py:2489 -msgid "Default time to live" +#: ipaserver/plugins/trust.py:923 +msgid "Realm administrator password should be specified" msgstr "" -#: ipaserver/plugins/dns.py:2490 -msgid "Time to live for records without explicit TTL definition" +#: ipaserver/plugins/trust.py:944 +msgid "id range type" msgstr "" -#: ipaserver/plugins/dns.py:2705 -msgid "setting Authoritative nameserver" +#: ipaserver/plugins/trust.py:946 +msgid "" +"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-" +"type when adding an AD trust." msgstr "" -#: ipaserver/plugins/dns.py:2706 -msgid "It is used only for setting the SOA MNAME attribute." +#: ipaserver/plugins/trust.py:956 +msgid "id range" msgstr "" -#: ipaserver/plugins/dns.py:2708 -msgid "NS record(s) can be edited in zone apex - '@'. " +#: ipaserver/plugins/trust.py:958 +msgid "" +"An id range already exists for this trust. You should either delete the old " +"range, or exclude --base-id/--range-size options from the command." msgstr "" -#: ipaserver/plugins/dns.py:2743 -msgid "" +#: ipaserver/plugins/trust.py:980 +msgid "range exists" msgstr "" -#: ipaserver/plugins/dns.py:2799 -msgid "Nameserver for reverse zone cannot be a relative DNS name" +#: ipaserver/plugins/trust.py:982 +msgid "" +"ID range with the same name but different domain SID already exists. The ID " +"range for the new trusted domain must be created manually." msgstr "" -#: ipaserver/plugins/dns.py:2855 -#, python-format -msgid "Deleted DNS zone \"%(value)s\"" +#: ipaserver/plugins/trust.py:990 +msgid "range type change" msgstr "" -#: ipaserver/plugins/dns.py:2908 -msgid "is required" +#: ipaserver/plugins/trust.py:991 +msgid "" +"ID range for the trusted domain already exists, but it has a different type. " +"Please remove the old range manually, or do not enforce type via --range-" +"type option." msgstr "" -#: ipaserver/plugins/dns.py:2989 -#, python-format -msgid "Disabled DNS zone \"%(value)s\"" +#: ipaserver/plugins/trust.py:1029 +#, python-brace-format +msgid "Unable to resolve domain controller for {domain} domain. " msgstr "" -#: ipaserver/plugins/dns.py:3000 -#, python-format -msgid "Enabled DNS zone \"%(value)s\"" +#: ipaserver/plugins/trust.py:1043 +msgid "" +"Forward policy is defined for it in IPA DNS, perhaps forwarder points to " +"incorrect host?" msgstr "" -#: ipaserver/plugins/dns.py:3025 -msgid "DNS resource record" +#: ipaserver/plugins/trust.py:1049 +#, python-brace-format +msgid "" +"IPA manages DNS, please verify your DNS configuration and make sure that " +"service records of the '{domain}' domain can be resolved. Examples how to " +"configure DNS with CLI commands or the Web UI can be found in the " +"documentation. " msgstr "" -#: ipaserver/plugins/dns.py:3026 -msgid "DNS resource records" +#: ipaserver/plugins/trust.py:1061 +#, python-brace-format +msgid "" +"Since IPA does not manage DNS records, ensure DNS is configured to resolve " +"'{domain}' domain from IPA hosts and back." msgstr "" -#: ipaserver/plugins/dns.py:3033 -msgid "DNS Resource Records" +#: ipaserver/plugins/trust.py:1076 +msgid "Unable to verify write permissions to the AD" msgstr "" -#: ipaserver/plugins/dns.py:3034 -msgid "DNS Resource Record" +#: ipaserver/plugins/trust.py:1111 +msgid "Not enough arguments specified to perform trust setup" msgstr "" -#: ipaserver/plugins/dns.py:3069 -msgid "DS record must not be in zone apex (RFC 4035 section 2.4)" +#: ipaserver/plugins/trust.py:1119 +#, python-format +msgid "Deleted trust \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:3086 +#: ipaserver/plugins/trust.py:1124 msgid "" -"out-of-zone data: record name must be a subdomain of the zone or a relative " -"name" +"\n" +" Modify a trust (for future use).\n" +"\n" +" Currently only the default option to modify the LDAP attributes is\n" +" available. More specific options will be added in coming releases.\n" +" " msgstr "" -#: ipaserver/plugins/dns.py:3097 +#: ipaserver/plugins/trust.py:1131 #, python-format -msgid "" -"owner of %(types)s records should not be a wildcard domain name (RFC 4592 " -"section 4)" +msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)" msgstr "" -#: ipaserver/plugins/dns.py:3142 +#: ipaserver/plugins/trust.py:1149 #, python-format -msgid "" -"Reverse zone %(name)s requires exactly %(count)d IP address components, " -"%(user_count)d given" +msgid "%(count)d trust matched" +msgid_plural "%(count)d trusts matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/trust.py:1238 +msgid "trust configuration" msgstr "" -#: ipaserver/plugins/dns.py:3184 -msgid "only master zones can contain records" +#: ipaserver/plugins/trust.py:1244 ipaserver/plugins/trust.py:1245 +msgid "Global Trust Configuration" msgstr "" -#: ipaserver/plugins/dns.py:3282 -msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)" +#: ipaserver/plugins/trust.py:1270 +msgid "IPA AD trust agents" msgstr "" -#: ipaserver/plugins/dns.py:3288 -msgid "" -"CNAME record is not allowed to coexist with any other record (RFC 1034, " -"section 3.6.2)" +#: ipaserver/plugins/trust.py:1271 +msgid "IPA servers configured as AD trust agents" msgstr "" -#: ipaserver/plugins/dns.py:3296 -msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)" +#: ipaserver/plugins/trust.py:1276 +msgid "IPA AD trust controllers" msgstr "" -#: ipaserver/plugins/dns.py:3312 -#, python-format -msgid "" -"NS record is not allowed to coexist with an %(type)s record except when " -"located in a zone root record (RFC 2181, section 6.1)" +#: ipaserver/plugins/trust.py:1277 +msgid "IPA servers configured as AD trust controllers" msgstr "" -#: ipaserver/plugins/dns.py:3328 -msgid "" -"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC " -"4035 section 2.4)" +#: ipaserver/plugins/trust.py:1291 +msgid "unsupported trust type" msgstr "" -#: ipaserver/plugins/dns.py:3609 +#: ipaserver/plugins/trust.py:1358 #, python-format -msgid "Raw value of a DNS record was already set by \"%(name)s\" option" +msgid "Modified \"%(value)s\" trust configuration" msgstr "" -#: ipaserver/plugins/dns.py:3735 -msgid "DNS zone root record cannot be renamed" +#: ipaserver/plugins/trust.py:1422 ipaserver/plugins/ca.py:86 +#: ipaserver/plugins/schema.py:48 +msgid "Name" msgstr "" -#: ipaserver/plugins/dns.py:3753 -msgid "DNS records can be only updated one at a time" +#: ipaserver/plugins/trust.py:1423 +msgid "SID" msgstr "" -#: ipaserver/plugins/dns.py:3846 -#, python-format -msgid "Deleted record \"%(value)s\"" +#: ipaserver/plugins/trust.py:1549 +msgid "sidgen_was_run" msgstr "" -#: ipaserver/plugins/dns.py:3939 -#, python-format -msgid "Zone record '%s' cannot be deleted" +#: ipaserver/plugins/trust.py:1551 +msgid "" +"This command relies on the existence of the \"editors\" group, but this " +"group was not found." msgstr "" -#: ipaserver/plugins/dns.py:4041 -#, python-format -msgid "Found '%(value)s'" +#: ipaserver/plugins/trust.py:1570 +msgid "trust domain" msgstr "" -#: ipaserver/plugins/dns.py:4056 -#, python-format -msgid "Host '%(host)s' not found" +#: ipaserver/plugins/trust.py:1571 +msgid "trust domains" msgstr "" -#: ipaserver/plugins/dns.py:4087 -msgid "DNS configuration options" +#: ipaserver/plugins/trust.py:1579 +msgid "Trusted domains" msgstr "" -#: ipaserver/plugins/dns.py:4092 ipaserver/plugins/dns.py:4093 -msgid "DNS Global Configuration" +#: ipaserver/plugins/trust.py:1580 +msgid "Trusted domain" msgstr "" -#: ipaserver/plugins/dns.py:4124 -msgid "IPA DNS version" +#: ipaserver/plugins/trust.py:1594 +msgid "Domain enabled" msgstr "" -#: ipaserver/plugins/dns.py:4129 -msgid "List of IPA masters configured as DNS servers" +#: ipaserver/plugins/trust.py:1666 +#, python-format +msgid "Removed information about the trusted domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:4135 -msgid "IPA server configured as DNSSec key master" +#: ipaserver/plugins/trust.py:1684 +msgid "" +"cannot delete root domain of the trust, use trust-del to delete the trust " +"itself" msgstr "" -#: ipaserver/plugins/dns.py:4186 -msgid "Global DNS configuration is empty" +#: ipaserver/plugins/trust.py:1835 +msgid "" +"List of trust domains successfully refreshed. Use trustdomain-find command " +"to list them." msgstr "" -#: ipaserver/plugins/dns.py:4267 -msgid "DNS forward zone" +#: ipaserver/plugins/trust.py:1843 +msgid "Configure this server as a trust agent." +msgstr "" + +#: ipaserver/plugins/trust.py:1859 +msgid "Enable support for trusted domains for old clients" msgstr "" -#: ipaserver/plugins/dns.py:4268 -msgid "DNS forward zones" +#: ipaserver/plugins/trust.py:1869 ipaserver/plugins/server.py:927 +#, python-format +msgid "must be \"%s\"" msgstr "" -#: ipaserver/plugins/dns.py:4270 -msgid "DNS Forward Zones" +#: ipaserver/plugins/trust.py:1875 +msgid "not allowed to remotely add agent" msgstr "" -#: ipaserver/plugins/dns.py:4271 -msgid "DNS Forward Zone" +#: ipaserver/plugins/trust.py:1911 +#, python-format +msgid "Enabled trust domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:4378 ipaserver/plugins/dns.py:4428 -msgid "Please specify forwarders." +#: ipaserver/plugins/trust.py:1920 +msgid "Root domain of the trust is always enabled for the existing trust" msgstr "" -#: ipaserver/plugins/dns.py:4397 +#: ipaserver/plugins/trust.py:1953 #, python-format -msgid "Deleted DNS forward zone \"%(value)s\"" +msgid "Disabled trust domain \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dns.py:4454 -#, python-format -msgid "Disabled DNS forward zone \"%(value)s\"" +#: ipaserver/plugins/trust.py:1962 +msgid "" +"cannot disable root domain of the trust, use trust-del to delete the trust " +"itself" msgstr "" -#: ipaserver/plugins/dns.py:4460 -#, python-format -msgid "Enabled DNS forward zone \"%(value)s\"" +#: ipaserver/plugins/idviews.py:73 ipaserver/plugins/idviews.py:124 +#: ipaserver/plugins/idviews.py:132 ipaserver/plugins/idviews.py:360 +#: ipaserver/plugins/idviews.py:851 +msgid "ID View" msgstr "" -#: ipaserver/plugins/dns.py:4483 -msgid "IPA DNS records" +#: ipaserver/plugins/idviews.py:75 +msgid "system ID View" msgstr "" -#: ipaserver/plugins/dns.py:4487 -msgid "IPA location records" +#: ipaserver/plugins/idviews.py:125 ipaserver/plugins/idviews.py:131 +msgid "ID Views" msgstr "" -#: ipaserver/plugins/dns.py:4494 -msgid "Update location and IPA server DNS records" +#: ipaserver/plugins/idviews.py:146 +msgid "User object overrides" msgstr "" -#: ipaserver/plugins/dns.py:4505 -msgid "Result of the command" +#: ipaserver/plugins/idviews.py:150 +msgid "Group object overrides" msgstr "" -#: ipaserver/plugins/dns.py:4512 -msgid "Dry run" +#: ipaserver/plugins/idviews.py:154 +msgid "Hosts the view applies to" msgstr "" -#: ipaserver/plugins/dns.py:4513 -msgid "Do not update records only return expected records" +#: ipaserver/plugins/idviews.py:160 ipaserver/plugins/config.py:330 +msgid "Domain resolution order" msgstr "" -#: ipaserver/plugins/dogtag.py:1251 -msgid "REST API is not logged in." +#: ipaserver/plugins/idviews.py:161 ipaserver/plugins/config.py:331 +msgid "colon-separated list of domains used for short name qualification" msgstr "" -#: ipaserver/plugins/dogtag.py:1273 +#: ipaserver/plugins/idviews.py:198 #, python-format -msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s" +msgid "Added ID View \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dogtag.py:1299 -msgid "Unable to communicate with CMS" +#: ipaserver/plugins/idviews.py:215 +#, python-format +msgid "Deleted ID View \"%(value)s\"" msgstr "" -#: ipaserver/plugins/dogtag.py:1490 ipaserver/plugins/dogtag.py:1576 -#: ipaserver/plugins/dogtag.py:2098 ipaserver/plugins/dogtag.py:2108 -msgid "Response from CA was not valid JSON" +#: ipaserver/plugins/idviews.py:228 +#, python-format +msgid "Modified an ID View \"%(value)s\"" msgstr "" -#: ipaserver/plugins/group.py:63 -msgid "" -"\n" -"Groups of users\n" -"\n" -"Manage groups of users, groups, or services. By default, new groups are " -"POSIX\n" -"groups. You can add the --nonposix option to the group-add command to mark " -"a\n" -"new group as non-POSIX. You can use the --posix argument with the group-mod\n" -"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot " -"be\n" -"converted to non-POSIX groups.\n" -"\n" -"Every group must have a description.\n" -"\n" -"The group name must follow these rules:\n" -"- cannot contain only numbers\n" -"- must start with a letter, a number, _ or .\n" -"- may contain letters, numbers, _, ., or -\n" -"- may end with a letter, a number, _, ., - or $\n" -"\n" -"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" -"supported but can have an impact on your file permissions. It is not " -"necessary\n" -"to supply a GID when creating a group. IPA will generate one automatically\n" -"if it is not provided.\n" -"\n" -"Groups members can be users, other groups, and Kerberos services. In POSIX\n" -"environments only users will be visible as group members, but nested groups " -"and\n" -"groups of services can be used for IPA management purposes.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new group:\n" -" ipa group-add --desc='local administrators' localadmins\n" -"\n" -" Add a new non-POSIX group:\n" -" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" -"\n" -" Convert a non-POSIX group to posix:\n" -" ipa group-mod --posix remoteadmins\n" -"\n" -" Add a new POSIX group with a specific Group ID number:\n" -" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" -"\n" -" Add a new POSIX group and let IPA assign a Group ID number:\n" -" ipa group-add --desc='printer admins' printeradmins\n" -"\n" -" Remove a group:\n" -" ipa group-del unixadmins\n" -"\n" -" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" -" ipa group-add-member --groups=remoteadmins localadmins\n" -"\n" -" Add multiple users to the \"localadmins\" group:\n" -" ipa group-add-member --users=test1 --users=test2 localadmins\n" -"\n" -" To add Kerberos services to the \"printer admins\" group:\n" -" ipa group-add-member --services=CUPS/some.host printeradmins\n" -"\n" -" Remove a user from the \"localadmins\" group:\n" -" ipa group-remove-member --users=test2 localadmins\n" -"\n" -" Display information about a named group.\n" -" ipa group-show localadmins\n" -"\n" -"Group membership managers are users or groups that can add members to a\n" -"group or remove members from a group.\n" -"\n" -" Allow user \"test2\" to add or remove members from group \"localadmins\":\n" -" ipa group-add-member-manager --users=test2 localadmins\n" -"\n" -" Revoke membership management rights for user \"test2\" from " -"\"localadmins\":\n" -" ipa group-remove-member-manager --users=test2 localadmins\n" -"\n" -"External group membership is designed to allow users from trusted domains\n" -"to be mapped to local POSIX groups in order to actually use IPA resources.\n" -"External members should be added to groups that specifically created as\n" -"external and non-POSIX. Such group later should be included into one of " -"POSIX\n" -"groups.\n" -"\n" -"An external group member is currently a Security Identifier (SID) as defined " -"by\n" -"the trusted domain. When adding external group members, it is possible to\n" -"specify them in either SID, or DOM\\name, or name@domain format. IPA will " -"attempt\n" -"to resolve passed name to SID with the use of Global Catalog of the trusted " -"domain.\n" -"\n" -"Example:\n" -"\n" -"1. Create group for the trusted domain admins' mapping and their local POSIX " -"group:\n" -"\n" -" ipa group-add --desc=' admins external map' ad_admins_external " -"--external\n" -" ipa group-add --desc=' admins' ad_admins\n" -"\n" -"2. Add security identifier of Domain Admins of the to the " -"ad_admins_external\n" -" group:\n" -"\n" -" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" -"\n" -"3. Allow members of ad_admins_external group to be associated with ad_admins " -"POSIX group:\n" -"\n" -" ipa group-add-member ad_admins --groups ad_admins_external\n" -"\n" -"4. List members of external members of ad_admins_external group to see their " -"SIDs:\n" -"\n" -" ipa group-show ad_admins_external\n" +#: ipaserver/plugins/idviews.py:244 +#, python-format +msgid "%(count)d ID View matched" +msgid_plural "%(count)d ID Views matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:361 +msgid "Default Trust View cannot be applied on hosts" msgstr "" -#: ipaserver/plugins/group.py:202 -msgid "groups" +#: ipaserver/plugins/idviews.py:389 ipaserver/plugins/idviews.py:422 +msgid "not found" msgstr "" -#: ipaserver/plugins/group.py:335 -msgid "User Group" +#: ipaserver/plugins/idviews.py:403 +msgid "ID View cannot be applied to IPA master" msgstr "" -#: ipaserver/plugins/group.py:367 -#, python-format -msgid "Added group \"%(value)s\"" +#: ipaserver/plugins/idviews.py:420 +msgid "ID View already applied" msgstr "" -#: ipaserver/plugins/group.py:390 -msgid "gid cannot be set for external group" +#: ipaserver/plugins/idviews.py:440 +msgid "value" msgstr "" -#: ipaserver/plugins/group.py:402 -msgid "attribute \"gidNumber\" not allowed with --nonposix" +#: ipaserver/plugins/idviews.py:453 +#, python-format +msgid "ID View applied to %i host." msgstr "" -#: ipaserver/plugins/group.py:411 +#: ipaserver/plugins/idviews.py:454 #, python-format -msgid "Deleted group \"%(value)s\"" +msgid "ID View applied to %i hosts." msgstr "" -#: ipaserver/plugins/group.py:425 -msgid "privileged group" +#: ipaserver/plugins/idviews.py:496 +#, python-format +msgid "ID View cleared from %i host." msgstr "" -#: ipaserver/plugins/group.py:458 +#: ipaserver/plugins/idviews.py:497 #, python-format -msgid "Modified group \"%(value)s\"" +msgid "ID View cleared from %i hosts." msgstr "" -#: ipaserver/plugins/group.py:520 -msgid "An external group cannot be POSIX" +#: ipaserver/plugins/idviews.py:565 +msgid "" +"You are trying to reference a magic private group which is not allowed to be " +"overridden. Try overriding the GID attribute of the corresponding user " +"instead." msgstr "" -#: ipaserver/plugins/group.py:545 -#, python-format -msgid "%(count)d group matched" -msgid_plural "%(count)d groups matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/idviews.py:603 +msgid "IPA object" +msgstr "" -#: ipaserver/plugins/group.py:654 ipaserver/plugins/group.py:711 -#: ipaserver/plugins/trust.py:877 +#: ipaserver/plugins/idviews.py:604 msgid "" -"Cannot perform join operation without own domain configured. Make sure you " -"have run ipa-adtrust-install on the IPA server first" +"system IPA objects (e.g. system groups, user private groups) cannot be " +"overridden" msgstr "" -#: ipaserver/plugins/group.py:745 +#: ipaserver/plugins/idviews.py:698 #, python-format -msgid "Detached group \"%(value)s\" from user \"%(value)s\"" +msgid "Anchor '%(anchor)s' could not be resolved." msgstr "" -#: ipaserver/plugins/group.py:770 -msgid "not allowed to modify user entries" +#: ipaserver/plugins/idviews.py:852 +msgid "Default Trust View cannot contain IPA users" msgstr "" -#: ipaserver/plugins/group.py:781 -msgid "not allowed to modify group entries" +#: ipaserver/plugins/idviews.py:896 +msgid "Add a new ID override." msgstr "" -#: ipaserver/plugins/group.py:801 -msgid "Not a managed group" +#: ipaserver/plugins/idviews.py:897 +#, python-format +msgid "Added ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/group.py:823 -msgid "Add users that can manage members of this group." +#: ipaserver/plugins/idviews.py:912 +msgid "Delete an ID override." msgstr "" -#: ipaserver/plugins/group.py:831 -msgid "Remove users that can manage members of this group." +#: ipaserver/plugins/idviews.py:913 +#, python-format +msgid "Deleted ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:74 -msgid "" -"\n" -"Hosts/Machines\n" -"\n" -"A host represents a machine. It can be used in a number of contexts:\n" -"- service entries are associated with a host\n" -"- a host stores the host/ service principal\n" -"- a host can be used in Host-based Access Control (HBAC) rules\n" -"- every enrolled client generates a host entry\n" +#: ipaserver/plugins/idviews.py:936 +msgid "Modify an ID override." msgstr "" -#: ipaserver/plugins/host.py:82 -msgid "" -"\n" -"ENROLLMENT:\n" -"\n" -"There are three enrollment scenarios when enrolling a new client:\n" -"\n" -"1. You are enrolling as a full administrator. The host entry may exist\n" -" or not. A full administrator is a member of the hostadmin role\n" -" or the admins group.\n" -"2. You are enrolling as a limited administrator. The host must already\n" -" exist. A limited administrator is a member a role with the\n" -" Host Enrollment privilege.\n" -"3. The host has been created with a one-time password.\n" +#: ipaserver/plugins/idviews.py:937 +#, python-format +msgid "Modified an ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:94 -msgid "" -"\n" -"RE-ENROLLMENT:\n" -"\n" -"Host that has been enrolled at some point, and lost its configuration (e.g. " -"VM\n" -"destroyed) can be re-enrolled.\n" -"\n" -"For more information, consult the manual pages for ipa-client-install.\n" -"\n" -"A host can optionally store information such as where it is located,\n" -"the OS that it runs, etc.\n" +#: ipaserver/plugins/idviews.py:944 +msgid "ID override" msgstr "" -#: ipaserver/plugins/host.py:106 -msgid "" -"\n" -" Add a new host:\n" -" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." -"com\n" +#: ipaserver/plugins/idviews.py:945 +msgid "ID overrides cannot be renamed" msgstr "" -#: ipaserver/plugins/host.py:109 -msgid "" -"\n" -" Delete a host:\n" -" ipa host-del test.example.com\n" +#: ipaserver/plugins/idviews.py:957 +msgid "Search for an ID override." msgstr "" -#: ipaserver/plugins/host.py:112 -msgid "" -"\n" -" Add a new host with a one-time password:\n" -" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" +#: ipaserver/plugins/idviews.py:958 +#, python-format +msgid "%(count)d ID override matched" +msgid_plural "%(count)d ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:970 +msgid "Display information about an ID override." msgstr "" -#: ipaserver/plugins/host.py:115 -msgid "" -"\n" -" Add a new host with a random one-time password:\n" -" ipa host-add --os='Fedora 12' --random test.example.com\n" +#: ipaserver/plugins/idviews.py:982 ipaserver/plugins/idviews.py:986 +msgid "User ID override" msgstr "" -#: ipaserver/plugins/host.py:118 -msgid "" -"\n" -" Modify information about a host:\n" -" ipa host-mod --os='Fedora 12' test.example.com\n" +#: ipaserver/plugins/idviews.py:983 ipaserver/plugins/idviews.py:985 +msgid "User ID overrides" msgstr "" -#: ipaserver/plugins/host.py:121 -msgid "" -"\n" -" Remove SSH public keys of a host and update DNS to reflect this change:\n" -" ipa host-mod --sshpubkey= --updatedns test.example.com\n" +#: ipaserver/plugins/idviews.py:1105 ipaserver/plugins/idviews.py:1109 +msgid "Group ID override" msgstr "" -#: ipaserver/plugins/host.py:124 -msgid "" -"\n" -" Disable the host Kerberos key, SSL certificate and all of its services:\n" -" ipa host-disable test.example.com\n" +#: ipaserver/plugins/idviews.py:1106 ipaserver/plugins/idviews.py:1108 +msgid "Group ID overrides" msgstr "" -#: ipaserver/plugins/host.py:127 -msgid "" -"\n" -" Add a host that can manage this host's keytab and certificate:\n" -" ipa host-add-managedby --hosts=test2 test\n" +#: ipaserver/plugins/idviews.py:1150 +msgid "Add one or more certificates to the idoverrideuser entry" msgstr "" -#: ipaserver/plugins/host.py:130 -msgid "" -"\n" -" Allow user to create a keytab:\n" -" ipa host-allow-create-keytab test2 --users=tuser1\n" +#: ipaserver/plugins/idviews.py:1151 +#, python-format +msgid "Added certificates to idoverrideuser \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:242 ipaserver/plugins/service.py:164 -msgid "Users allowed to add resource delegation" +#: ipaserver/plugins/idviews.py:1173 +msgid "Remove one or more certificates to the idoverrideuser entry" msgstr "" -#: ipaserver/plugins/host.py:244 ipaserver/plugins/service.py:166 -msgid "Groups allowed to add resource delegation" +#: ipaserver/plugins/idviews.py:1174 +#, python-format +msgid "Removed certificates from idoverrideuser \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:246 ipaserver/plugins/service.py:168 -msgid "Hosts allowed to add resource delegation" +#: ipaserver/plugins/idviews.py:1198 +#, python-format +msgid "Added User ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:248 ipaserver/plugins/service.py:170 -msgid "Host Groups allowed to add resource delegation" +#: ipaserver/plugins/idviews.py:1223 +#, python-format +msgid "Deleted User ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:481 ipaserver/plugins/internal.py:1177 -#: ipaserver/plugins/internal.py:1311 -msgid "Host" +#: ipaserver/plugins/idviews.py:1229 +#, python-format +msgid "Modified an User ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:503 -msgid "Host physical location hint (e.g. \"Lab 2\")" +#: ipaserver/plugins/idviews.py:1261 +#, python-format +msgid "%(count)d User ID override matched" +msgid_plural "%(count)d User ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:1297 +#, python-format +msgid "Added Group ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:533 -msgid "Base-64 encoded host certificate" +#: ipaserver/plugins/idviews.py:1303 +#, python-format +msgid "Deleted Group ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:540 ipaserver/plugins/internal.py:702 -#: ipaserver/plugins/service.py:565 -msgid "Serial Number" +#: ipaserver/plugins/idviews.py:1309 +#, python-format +msgid "Modified an Group ID override \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:544 ipaserver/plugins/internal.py:703 -#: ipaserver/plugins/service.py:569 -msgid "Serial Number (hex)" +#: ipaserver/plugins/idviews.py:1315 +#, python-format +msgid "%(count)d Group ID override matched" +msgid_plural "%(count)d Group ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/server.py:36 +msgid "" +"\n" +"IPA servers\n" msgstr "" -#: ipaserver/plugins/host.py:588 ipaserver/plugins/host.py:589 -#: ipaserver/plugins/service.py:549 ipaserver/plugins/service.py:550 -msgid "Delegation principal" +#: ipaserver/plugins/server.py:38 +msgid "" +"\n" +"Get information about installed IPA servers.\n" msgstr "" -#: ipaserver/plugins/host.py:624 ipaserver/plugins/service.py:607 -msgid "Authentication Indicators" +#: ipaserver/plugins/server.py:42 +msgid "" +"\n" +" Find all servers:\n" +" ipa server-find\n" msgstr "" -#: ipaserver/plugins/host.py:625 +#: ipaserver/plugins/server.py:45 msgid "" -"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" -"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " -"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " -"'hardened' to allow brute-force hardened password authentication by SPAKE or " -"FAST. Use 'idp' to allow External Identity Provider authentications. Use " -"'passkey' to allow passkey-based 2FA authentications. With no indicator " -"specified, all authentication mechanisms are allowed." +"\n" +" Show specific server:\n" +" ipa server-show ipa.example.com\n" msgstr "" -#: ipaserver/plugins/host.py:699 -#, python-format -msgid "Added host \"%(value)s\"" +#: ipaserver/plugins/server.py:61 +msgid "server" msgstr "" -#: ipaserver/plugins/host.py:823 -#, python-format -msgid "Deleted host \"%(value)s\"" +#: ipaserver/plugins/server.py:62 +msgid "servers" msgstr "" -#: ipaserver/plugins/host.py:828 -msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS" +#: ipaserver/plugins/server.py:70 +msgid "IPA Servers" msgstr "" -#: ipaserver/plugins/host.py:900 -msgid "No A, AAAA, SSHFP or PTR records found." +#: ipaserver/plugins/server.py:133 +msgid "Server DNS location" msgstr "" -#: ipaserver/plugins/host.py:916 -#, python-format -msgid "Modified host \"%(value)s\"" +#: ipaserver/plugins/server.py:140 +msgid "Service weight" +msgstr "" + +#: ipaserver/plugins/server.py:141 +msgid "Weight for server services" msgstr "" -#: ipaserver/plugins/host.py:937 -msgid "Password cannot be set on enrolled host." +#: ipaserver/plugins/server.py:148 +msgid "Service relative weight" msgstr "" -#: ipaserver/plugins/host.py:941 -msgid "cn is immutable" +#: ipaserver/plugins/server.py:149 +msgid "Relative weight for server services (counts per location)" msgstr "" -#: ipaserver/plugins/host.py:1066 -#, python-format -msgid "%(count)d host matched" -msgid_plural "%(count)d hosts matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/server.py:154 +msgid "Enabled server roles" +msgstr "" -#: ipaserver/plugins/host.py:1221 -#, python-format -msgid "Disabled host \"%(value)s\"" +#: ipaserver/plugins/server.py:155 +msgid "List of enabled roles" msgstr "" -#: ipaserver/plugins/host.py:1390 -#, python-format -msgid "Added certificates to host \"%(value)s\"" +#: ipaserver/plugins/server.py:222 +msgid "Modify information about an IPA server." msgstr "" -#: ipaserver/plugins/host.py:1397 +#: ipaserver/plugins/server.py:224 #, python-format -msgid "Removed certificates from host \"%(value)s\"" +msgid "Modified IPA server \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:1413 -msgid "Add new principal alias to host entry" -msgstr "" +#: ipaserver/plugins/server.py:306 +#, python-format +msgid "%(count)d IPA server matched" +msgid_plural "%(count)d IPA servers matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/host.py:1414 +#: ipaserver/plugins/server.py:444 #, python-format -msgid "Added new aliases to host \"%(value)s\"" +msgid "Deleted IPA server \"%(value)s\"" msgstr "" -#: ipaserver/plugins/host.py:1425 -msgid "Remove principal alias from a host entry" +#: ipaserver/plugins/server.py:449 +msgid "Ignore topology errors" msgstr "" -#: ipaserver/plugins/host.py:1426 -#, python-format -msgid "Removed aliases from host \"%(value)s\"" +#: ipaserver/plugins/server.py:450 +msgid "Ignore topology connectivity problems after removal" msgstr "" -#: ipaserver/plugins/host.py:1436 -msgid "Add new resource delegation to a host" +#: ipaserver/plugins/server.py:455 +msgid "Ignore check for last remaining CA or DNS server" msgstr "" -#: ipaserver/plugins/host.py:1437 -#, python-format -msgid "Added new resource delegation to the host \"%(value)s\"" +#: ipaserver/plugins/server.py:456 +msgid "Skip a check whether the last CA master or DNS server is removed" msgstr "" -#: ipaserver/plugins/host.py:1450 -msgid "Remove resource delegation from a host" +#: ipaserver/plugins/server.py:462 +msgid "Force server removal" msgstr "" -#: ipaserver/plugins/host.py:1451 -#, python-format -msgid "Removed resource delegation from the host \"%(value)s\"" +#: ipaserver/plugins/server.py:463 +msgid "Force server removal even if it does not exist" msgstr "" -#: ipaserver/plugins/host.py:1457 +#: ipaserver/plugins/server.py:500 msgid "" -"Allow users, groups, hosts or host groups to handle a resource delegation of " -"this host." +"Replica is active DNSSEC key master. Uninstall could break your DNS system. " +"Please disable or replace DNSSEC key master first." msgstr "" -#: ipaserver/plugins/host.py:1477 -msgid "" -"Disallow users, groups, hosts or host groups to handle a resource delegation " -"of this host." +#: ipaserver/plugins/server.py:506 +msgid "Deleting this server will leave your installation without a DNS." msgstr "" -#: ipaserver/plugins/idp.py:24 +#: ipaserver/plugins/server.py:520 msgid "" -"\n" -"External Identity Provider References\n" +"Deleting this server is not allowed as it would leave your installation " +"without a KRA." msgstr "" -#: ipaserver/plugins/idp.py:26 +#: ipaserver/plugins/server.py:530 msgid "" -"\n" -"Manage External Identity Provider References.\n" +"Deleting this server is not allowed as it would leave your installation " +"without a CA." msgstr "" -#: ipaserver/plugins/idp.py:28 -msgid "" -"\n" -"IPA supports the use of an external Identity Provider for OAuth2.0 Device " -"Flow\n" -"authentication.\n" +#: ipaserver/plugins/server.py:545 +msgid "Ignoring these warnings and proceeding with removal" msgstr "" -#: ipaserver/plugins/idp.py:33 +#: ipaserver/plugins/server.py:595 +#, python-format msgid "" -"\n" -" Add a new external Identity Provider reference:\n" -" ipa idp-add MyIdP --client-id jhkQty13 --auth-uri https://oauth2." -"idp.com/auth --token-uri https://oauth2.idp.com/token --secret\n" +"Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: " +"%(err)s" msgstr "" -#: ipaserver/plugins/idp.py:38 -msgid "" -"\n" -" Add a new external Identity Provider reference using github predefined\n" -" endpoints:\n" -" ipa idp-add MyIdp --client-id jhkQty13 --provider github --secret\n" +#: ipaserver/plugins/server.py:616 +#, python-format +msgid "Failed to clean up DNA hostname entries for %(master)s: %(err)s" msgstr "" -#: ipaserver/plugins/idp.py:42 -msgid "" -"\n" -" Find all external Identity Provider references whose entries include the " -"string\n" -" \"test.com\":\n" -" ipa idp-find test.com\n" +#: ipaserver/plugins/server.py:637 +#, python-format +msgid "Failed to remove server %(master)s from server list: %(err)s" msgstr "" -#: ipaserver/plugins/idp.py:46 -msgid "" -"\n" -" Examine the configuration of an external Identity Provider reference:\n" -" ipa idp-show MyIdP\n" +#: ipaserver/plugins/server.py:663 +#, python-format +msgid "Failed to clean up Custodia keys for %(master)s: %(err)s" msgstr "" -#: ipaserver/plugins/idp.py:49 -msgid "" -"\n" -" Change the secret:\n" -" ipa idp-mod MyIdP --secret\n" +#: ipaserver/plugins/server.py:701 +#, python-format +msgid "Failed to cleanup server principals/keys: %(err)s" msgstr "" -#: ipaserver/plugins/idp.py:52 -msgid "" -"\n" -" Delete an external Identity Provider reference:\n" -" ipa idp-del MyIdP\n" +#: ipaserver/plugins/server.py:717 +#, python-format +msgid "Failed to cleanup %(hostname)s DNS entries: %(err)s" msgstr "" -#: ipaserver/plugins/idp.py:70 -msgid "Invalid URI: not an https scheme" +#: ipaserver/plugins/server.py:722 +msgid "You may need to manually remove them from the tree" msgstr "" -#: ipaserver/plugins/idp.py:73 -msgid "Invalid URI: missing netloc" +#: ipaserver/plugins/server.py:737 +#, python-format +msgid "Forcing removal of %(hostname)s" msgstr "" -#: ipaserver/plugins/idp.py:84 ipaserver/plugins/idp.py:100 -msgid "Identity Provider reference" +#: ipaserver/plugins/server.py:747 +msgid "Ignoring topology connectivity errors." msgstr "" -#: ipaserver/plugins/idp.py:85 ipaserver/plugins/idp.py:99 -msgid "Identity Provider references" +#: ipaserver/plugins/server.py:766 +#, python-format +msgid "Failed to remove server from security domain: %s" msgstr "" -#: ipaserver/plugins/idp.py:105 -msgid "Identity Provider reference name" +#: ipaserver/plugins/server.py:793 +msgid "Server has already been deleted" msgstr "" -#: ipaserver/plugins/idp.py:111 -msgid "Authorization URI" +#: ipaserver/plugins/server.py:843 +msgid "Agreements deleted" msgstr "" -#: ipaserver/plugins/idp.py:112 -msgid "OAuth 2.0 authorization endpoint" +#: ipaserver/plugins/server.py:854 +msgid "Following segments were not deleted:" msgstr "" -#: ipaserver/plugins/idp.py:117 -msgid "Device authorization URI" +#: ipaserver/plugins/server.py:939 +msgid "not allowed to perform server connection check" msgstr "" -#: ipaserver/plugins/idp.py:118 -msgid "Device authorization endpoint" +#: ipaserver/plugins/server.py:965 +msgid "Set enabled/hidden state of a server." msgstr "" -#: ipaserver/plugins/idp.py:123 -msgid "Token URI" +#: ipaserver/plugins/server.py:971 +msgid "State" msgstr "" -#: ipaserver/plugins/idp.py:124 -msgid "Token endpoint" +#: ipaserver/plugins/server.py:972 +msgid "Server state" msgstr "" -#: ipaserver/plugins/idp.py:129 -msgid "User info URI" +#: ipaserver/plugins/server.py:977 +#, python-format +msgid "Changed server state of \"%(value)s\"." msgstr "" -#: ipaserver/plugins/idp.py:130 -msgid "User information endpoint" +#: ipaserver/plugins/server.py:986 +msgid "Cannot hide CA renewal master." msgstr "" -#: ipaserver/plugins/idp.py:135 -msgid "JWKS URI" +#: ipaserver/plugins/server.py:988 +msgid "Cannot hide DNSSec key master." msgstr "" -#: ipaserver/plugins/idp.py:136 -msgid "JWKS endpoint" +#: ipaserver/plugins/server.py:1000 +#, python-format +msgid "Cannot hide last enabled %(name)s server." msgstr "" -#: ipaserver/plugins/idp.py:140 -msgid "OIDC URL" +#: ipaserver/plugins/ca.py:21 +msgid "" +"\n" +"Manage Certificate Authorities\n" msgstr "" -#: ipaserver/plugins/idp.py:142 -msgid "The Identity Provider OIDC URL" +#: ipaserver/plugins/ca.py:23 +msgid "" +"\n" +"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped " +"issuance\n" +"of X.509 certificates.\n" msgstr "" -#: ipaserver/plugins/idp.py:146 -msgid "Client identifier" +#: ipaserver/plugins/ca.py:26 +msgid "" +"\n" +"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n" +"operator has permission to bypass CA ACLs.\n" msgstr "" -#: ipaserver/plugins/idp.py:148 -msgid "OAuth 2.0 client identifier" +#: ipaserver/plugins/ca.py:29 +msgid "" +"\n" +"All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n" +"prevents it from issuing certificates but does not affect the validity of " +"its\n" +"certificate.\n" msgstr "" -#: ipaserver/plugins/idp.py:153 -msgid "OAuth 2.0 client secret" +#: ipaserver/plugins/ca.py:33 +msgid "" +"\n" +"CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its " +"signing\n" +"certificate to be revoked and its private key deleted.\n" msgstr "" -#: ipaserver/plugins/idp.py:159 -msgid "Scope" +#: ipaserver/plugins/ca.py:38 +msgid "" +"\n" +" Create new CA, subordinate to the IPA CA (requires permission\n" +" \"System: Add CA\"):\n" +"\n" +" ipa ca-add puppet --desc \"Puppet\" \\\n" +" --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n" msgstr "" -#: ipaserver/plugins/idp.py:160 -msgid "OAuth 2.0 scope. Multiple scopes separated by space" +#: ipaserver/plugins/ca.py:44 +msgid "" +"\n" +" Disable a CA (requires permission \"System: Modify CA\"):\n" +"\n" +" ipa ca-disable puppet\n" msgstr "" -#: ipaserver/plugins/idp.py:164 -msgid "External IdP user identifier attribute" +#: ipaserver/plugins/ca.py:48 +msgid "" +"\n" +" Re-enable a CA (requires permission \"System: Modify CA\"):\n" +"\n" +" ipa ca-enable puppet\n" msgstr "" -#: ipaserver/plugins/idp.py:165 -msgid "Attribute for user identity in OAuth 2.0 userinfo" +#: ipaserver/plugins/ca.py:52 +msgid "" +"\n" +" Delete a CA (requires permission \"System: Delete CA\"; also requires\n" +" CA to be disabled first):\n" +"\n" +" ipa ca-del puppet\n" msgstr "" -#: ipaserver/plugins/idp.py:229 -msgid "Add a new Identity Provider reference." +#: ipaserver/plugins/ca.py:69 ipaserver/plugins/ca.py:80 +msgid "Certificate Authority" msgstr "" -#: ipaserver/plugins/idp.py:230 -#, python-format -msgid "Added Identity Provider reference \"%(value)s\"" +#: ipaserver/plugins/ca.py:70 ipaserver/plugins/ca.py:79 +msgid "Certificate Authorities" msgstr "" -#: ipaserver/plugins/idp.py:309 -msgid "IdP provider template" +#: ipaserver/plugins/ca.py:87 +msgid "Name for referencing the CA" msgstr "" -#: ipaserver/plugins/idp.py:310 -msgid "Choose a pre-defined template to use" +#: ipaserver/plugins/ca.py:92 +msgid "Description of the purpose of the CA" msgstr "" -#: ipaserver/plugins/idp.py:316 ipaserver/plugins/internal.py:685 -msgid "Organization" +#: ipaserver/plugins/ca.py:96 +msgid "Authority ID" msgstr "" -#: ipaserver/plugins/idp.py:317 -msgid "Organization ID or Realm name for IdP provider templates" +#: ipaserver/plugins/ca.py:97 +msgid "Dogtag Authority ID" msgstr "" -#: ipaserver/plugins/idp.py:321 -msgid "Base URL" +#: ipaserver/plugins/ca.py:102 ipaserver/plugins/ca.py:296 +msgid "Subject DN" msgstr "" -#: ipaserver/plugins/idp.py:322 -msgid "Base URL for IdP provider templates" +#: ipaserver/plugins/ca.py:103 +msgid "Subject Distinguished Name" msgstr "" -#: ipaserver/plugins/idp.py:336 -msgid "unknown provider" +#: ipaserver/plugins/ca.py:108 ipaserver/plugins/cert.py:426 +msgid "Issuer DN" msgstr "" -#: ipaserver/plugins/idp.py:351 -msgid "value is missing" +#: ipaserver/plugins/ca.py:109 +msgid "Issuer Distinguished Name" msgstr "" -#: ipaserver/plugins/idp.py:385 -msgid "cannot specify both individual endpoints and IdP provider" +#: ipaserver/plugins/ca.py:115 ipaserver/plugins/cert.py:354 +msgid "Base-64 encoded certificate." msgstr "" -#: ipaserver/plugins/idp.py:416 -msgid "Delete an Identity Provider reference." +#: ipaserver/plugins/ca.py:120 ipaserver/plugins/cert.py:359 +msgid "Certificate chain" msgstr "" -#: ipaserver/plugins/idp.py:417 -#, python-format -msgid "Deleted Identity Provider reference \"%(value)s\"" +#: ipaserver/plugins/ca.py:121 ipaserver/plugins/cert.py:360 +msgid "X.509 certificate chain" msgstr "" -#: ipaserver/plugins/idp.py:422 -msgid "Modify an Identity Provider reference." +#: ipaserver/plugins/ca.py:127 +msgid "RSN Version" msgstr "" -#: ipaserver/plugins/idp.py:423 -#, python-format -msgid "Modified Identity Provider reference \"%(value)s\"" +#: ipaserver/plugins/ca.py:128 +msgid "Random Serial Number Version" msgstr "" -#: ipaserver/plugins/idp.py:428 -msgid "Search for Identity Provider references." +#: ipaserver/plugins/ca.py:228 +msgid "Search for CAs." msgstr "" -#: ipaserver/plugins/idp.py:430 +#: ipaserver/plugins/ca.py:230 #, python-format -msgid "%(count)d Identity Provider reference matched" -msgid_plural "%(count)d Identity Provider references matched" +msgid "%(count)d CA matched" +msgid_plural "%(count)d CAs matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/idp.py:445 -msgid "Display information about an Identity Provider reference." +#: ipaserver/plugins/ca.py:247 ipaserver/plugins/cert.py:596 +msgid "Include certificate chain in output" msgstr "" -#: ipaserver/plugins/idrange.py:43 -msgid "" -"-------\n" -"WARNING:\n" -"\n" -"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " -"the\n" -"local domain. Currently the DNA plugin *cannot* be reconfigured itself " -"based\n" -"on the local ranges set via this family of commands.\n" -"\n" -"Manual configuration change has to be done in the DNA plugin configuration " -"for\n" -"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" -"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " -"be\n" -"modified to match the new range.\n" -"\n" -"-------\n" +#: ipaserver/plugins/ca.py:253 +msgid "Display the properties of a CA." msgstr "" -#: ipaserver/plugins/idrange.py:58 -msgid "" -"\n" -"ID ranges\n" -"\n" -"Manage ID ranges used to map Posix IDs to SIDs and back.\n" -"\n" -"There are two type of ID ranges which are both handled by this utility:\n" -"\n" -" - the ID ranges of the local domain\n" -" - the ID ranges of trusted remote domains\n" -"\n" -"Both types have the following attributes in common:\n" -"\n" -" - base-id: the first ID of the Posix ID range\n" -" - range-size: the size of the range\n" -"\n" -"With those two attributes a range object can reserve the Posix IDs starting\n" -"with base-id up to but not including base-id+range-size exclusively.\n" -"\n" -"Additionally an ID range of the local domain may set\n" -" - rid-base: the first RID(*) of the corresponding RID range\n" -" - secondary-rid-base: first RID of the secondary RID range\n" -"\n" -"and an ID range of a trusted domain must set\n" -" - rid-base: the first RID of the corresponding RID range\n" -" - sid: domain SID of the trusted domain\n" -"\n" -"and an ID range of a trusted domain may set\n" -" - auto-private-groups: [true|false|hybrid] automatic creation of private " -"groups\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for a trusted domain\n" -"\n" -"Since there might be more than one trusted domain the domain SID must be " -"given\n" -"while creating the ID range.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n" -" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" -"\n" -"This ID range is then used by the IPA server and the SSSD IPA provider to\n" -"assign Posix UIDs to users from the trusted domain.\n" -"\n" -"If e.g. a range for a trusted domain is configured with the following " -"values:\n" -" base-id = 1200000\n" -" range-size = 200000\n" -" rid-base = 0\n" -"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " -"So\n" -"RID 1000 <-> Posix ID 1201000\n" -"\n" -"\n" -"\n" -"EXAMPLE: Add a new ID range for the local domain\n" -"\n" -"To create an ID range for the local domain it is not necessary to specify a\n" -"domain SID. But since it is possible that a user and a group can have the " -"same\n" -"value as Posix ID a second RID interval is needed to handle conflicts.\n" -"\n" -" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n" -" --secondary-rid-base=1000000 local_range\n" -"\n" -"The data from the ID ranges of the local domain are used by the IPA server\n" -"internally to assign SIDs to IPA users and groups. The SID will then be " -"stored\n" -"in the user or group objects.\n" -"\n" -"If e.g. the ID range for the local domain is configured with the values " -"from\n" -"the example above then a new user with the UID 1200007 will get the RID " -"1007.\n" -"If this RID is already used by a group the RID will be 1000007. This can " -"only\n" -"happen if a user or a group object was created with a fixed ID because the\n" -"automatic assignment will not assign the same ID twice. Since there are " -"only\n" -"users and groups sharing the same ID namespace it is sufficient to have " -"only\n" -"one fallback range to handle conflicts.\n" -"\n" -"To find the Posix ID for a given RID from the local domain it has to be\n" -"checked first if the RID falls in the primary or secondary RID range and\n" -"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" -"and the base-id has to be added to get the Posix ID.\n" -"\n" -"Typically the creation of ID ranges happens behind the scenes and this CLI\n" -"must not be used at all. The ID range for the local domain will be created\n" -"during installation or upgrade from an older version. The ID range for a\n" -"trusted domain will be created together with the trust by 'ipa trust-" -"add ...'.\n" -"\n" -"USE CASES:\n" -"\n" -" Add an ID range from a transitively trusted domain\n" -"\n" -" If the trusted domain (A) trusts another domain (B) as well and this " -"trust\n" -" is transitive 'ipa trust-add domain-A' will only create a range for\n" -" domain A. The ID range for domain B must be added manually.\n" -"\n" -" Add an additional ID range for the local domain\n" -"\n" -" If the ID range of the local domain is exhausted, i.e. no new IDs can " -"be\n" -" assigned to Posix users or groups by the DNA plugin, a new range has to " -"be\n" -" created to allow new users and groups to be added. (Currently there is " -"no\n" -" connection between this range CLI and the DNA plugin, but a future " -"version\n" -" might be able to modify the configuration of the DNS plugin as well)\n" +#: ipaserver/plugins/ca.py:270 +msgid "Create a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:271 +#, python-format +msgid "Created CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:281 +#, python-format +msgid "Insufficient 'add' privilege for entry '%s'." +msgstr "" + +#: ipaserver/plugins/ca.py:297 +#, python-format +msgid "Unrecognized attributes: %(attrs)s" +msgstr "" + +#: ipaserver/plugins/ca.py:312 +#, python-format +msgid "Subject DN is already used by CA '%s'" +msgstr "" + +#: ipaserver/plugins/ca.py:336 +msgid "Delete a CA (must be disabled first)." +msgstr "" + +#: ipaserver/plugins/ca.py:338 +#, python-format +msgid "Deleted CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:347 +msgid "Insufficient privilege to delete a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:351 ipaserver/plugins/ca.py:360 +#: ipaserver/plugins/ca.py:379 ipaserver/plugins/ca.py:419 +#: ipaserver/plugins/internal.py:642 +msgid "CA" +msgstr "" + +#: ipaserver/plugins/ca.py:353 +msgid "IPA CA cannot be deleted" +msgstr "" + +#: ipaserver/plugins/ca.py:362 +msgid "Must be disabled first" +msgstr "" + +#: ipaserver/plugins/ca.py:370 +msgid "Modify CA configuration." +msgstr "" + +#: ipaserver/plugins/ca.py:371 +#, python-format +msgid "Modified CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:397 +msgid "Insufficient privilege to modify a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:413 +msgid "Disable a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:414 +#, python-format +msgid "Disabled CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:421 +msgid "IPA CA cannot be disabled" +msgstr "" + +#: ipaserver/plugins/ca.py:431 +msgid "Enable a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:432 +#, python-format +msgid "Enabled CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/cert.py:69 +msgid "" "\n" -"In general it is not necessary to modify or delete ID ranges. If there is " -"no\n" -"other way to achieve a certain configuration than to modify or delete an ID\n" -"range it should be done with great care. Because UIDs are stored in the " -"file\n" -"system and are used for access control it might be possible that users are\n" -"allowed to access files of other users if an ID range got deleted and " -"reused\n" -"for a different domain.\n" +"IPA certificate operations\n" +msgstr "" + +#: ipaserver/plugins/cert.py:71 +msgid "" "\n" -"(*) The RID is typically the last integer of a user or group SID which " -"follows\n" -"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " -"from\n" -"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " -"the\n" -"user. RIDs are unique in a domain, 32bit values and are used for users and\n" -"groups.\n" +"Implements a set of commands for managing server SSL certificates.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:73 +msgid "" "\n" +"Certificate requests exist in the form of a Certificate Signing Request " +"(CSR)\n" +"in PEM format.\n" msgstr "" -#: ipaserver/plugins/idrange.py:203 -msgid "ID Ranges" +#: ipaserver/plugins/cert.py:76 +msgid "" +"\n" +"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" +"subject to values configured in the server.\n" msgstr "" -#: ipaserver/plugins/idrange.py:204 -msgid "ID Range" +#: ipaserver/plugins/cert.py:79 +msgid "" +"\n" +"A certificate is stored with a service principal and a service principal\n" +"needs a host.\n" msgstr "" -#: ipaserver/plugins/idrange.py:208 -msgid "local domain range" +#: ipaserver/plugins/cert.py:82 +msgid "" +"\n" +"In order to request a certificate:\n" msgstr "" -#: ipaserver/plugins/idrange.py:211 ipaserver/plugins/trust.py:678 -msgid "Active Directory domain range" +#: ipaserver/plugins/cert.py:84 +msgid "" +"\n" +"* The host must exist\n" +"* The service must exist (or you use the --add option to automatically add " +"it)\n" msgstr "" -#: ipaserver/plugins/idrange.py:212 ipaserver/plugins/trust.py:679 -msgid "Active Directory trust range with POSIX attributes" +#: ipaserver/plugins/cert.py:87 +msgid "" +"\n" +"SEARCHING:\n" msgstr "" -#: ipaserver/plugins/idrange.py:256 -msgid "ID range type, one of allowed values" +#: ipaserver/plugins/cert.py:89 +msgid "" +"\n" +"Certificates may be searched on by certificate subject, serial number,\n" +"revocation reason, validity dates and the issued date.\n" msgstr "" -#: ipaserver/plugins/idrange.py:261 ipaserver/plugins/internal.py:1267 -msgid "Auto private groups" +#: ipaserver/plugins/cert.py:92 +msgid "" +"\n" +"When searching on dates the _from date does a >= search and the _to date\n" +"does a <= search. When combined these are done as an AND.\n" msgstr "" -#: ipaserver/plugins/idrange.py:263 -msgid "Auto creation of private groups, one of allowed values" +#: ipaserver/plugins/cert.py:95 +msgid "" +"\n" +"Dates are treated as GMT to match the dates in the certificates.\n" msgstr "" -#: ipaserver/plugins/idrange.py:337 +#: ipaserver/plugins/cert.py:97 msgid "" -"range modification leaving objects with ID out of the defined range is not " -"allowed" +"\n" +"The date format is YYYY-mm-dd.\n" msgstr "" -#: ipaserver/plugins/idrange.py:342 +#: ipaserver/plugins/cert.py:101 msgid "" -"Cannot perform SID validation without Samba 4 support installed. Make sure " -"you have installed server-trust-ad sub-package of IPA on the server" +"\n" +" Request a new certificate and add the principal:\n" +" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" msgstr "" -#: ipaserver/plugins/idrange.py:349 +#: ipaserver/plugins/cert.py:104 msgid "" -"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-" -"install on the IPA server first" +"\n" +" Retrieve an existing certificate:\n" +" ipa cert-show 1032\n" msgstr "" -#: ipaserver/plugins/idrange.py:361 -msgid "SID is not recognized as a valid SID for a trusted domain" +#: ipaserver/plugins/cert.py:107 +msgid "" +"\n" +" Revoke a certificate (see RFC 5280 for reason details):\n" +" ipa cert-revoke --revocation-reason=6 1032\n" msgstr "" -#: ipaserver/plugins/idrange.py:398 +#: ipaserver/plugins/cert.py:110 msgid "" "\n" -" Add new ID range.\n" +" Remove a certificate from revocation hold status:\n" +" ipa cert-remove-hold 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:113 +msgid "" "\n" -" To add a new ID range you always have to specify\n" +" Check the status of a signing request:\n" +" ipa cert-status 10\n" +msgstr "" + +#: ipaserver/plugins/cert.py:116 +msgid "" "\n" -" --base-id\n" -" --range-size\n" +" Search for certificates by hostname:\n" +" ipa cert-find --subject=ipaserver.example.com\n" +msgstr "" + +#: ipaserver/plugins/cert.py:119 +msgid "" "\n" -" Additionally\n" +" Search for revoked certificates by reason:\n" +" ipa cert-find --revocation-reason=5\n" +msgstr "" + +#: ipaserver/plugins/cert.py:122 +msgid "" "\n" -" --rid-base\n" -" --secondary-rid-base\n" +" Search for certificates based on issuance date\n" +" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +msgstr "" + +#: ipaserver/plugins/cert.py:125 +msgid "" "\n" -" may be given for a new ID range for the local domain while\n" +" Search for certificates owned by a specific user:\n" +" ipa cert-find --user=user\n" +msgstr "" + +#: ipaserver/plugins/cert.py:128 +msgid "" "\n" -" --auto-private-groups\n" +" Examine a certificate:\n" +" ipa cert-find --file=cert.pem --all\n" +msgstr "" + +#: ipaserver/plugins/cert.py:131 +msgid "" "\n" -" may be given for a new ID range for a trusted AD domain and\n" +" Verify that a certificate is owned by a specific user:\n" +" ipa cert-find --file=cert.pem --user=user\n" +msgstr "" + +#: ipaserver/plugins/cert.py:134 +msgid "" "\n" -" --rid-base\n" -" --dom-sid\n" +"IPA currently immediately issues (or declines) all certificate requests so\n" +"the status of a request is not normally useful. This is for future use\n" +"or the case where a CA does not immediately issue a certificate.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:138 +msgid "" "\n" -" must be given to add a new range for a trusted AD domain.\n" +"The following revocation reasons are supported:\n" "\n" msgstr "" -#: ipaserver/plugins/idrange.py:424 -#, python-format -msgid "Added ID range \"%(value)s\"" +#: ipaserver/plugins/cert.py:141 +msgid " * 0 - unspecified\n" msgstr "" -#: ipaserver/plugins/idrange.py:437 ipaserver/plugins/idrange.py:702 -msgid "Options dom-sid and dom-name cannot be used together" +#: ipaserver/plugins/cert.py:142 +msgid " * 1 - keyCompromise\n" msgstr "" -#: ipaserver/plugins/idrange.py:448 -msgid "Specified trusted domain name could not be found." +#: ipaserver/plugins/cert.py:143 +msgid " * 2 - cACompromise\n" msgstr "" -#: ipaserver/plugins/idrange.py:463 -msgid "Options dom-sid/dom-name and rid-base must be used together" +#: ipaserver/plugins/cert.py:144 +msgid " * 3 - affiliationChanged\n" msgstr "" -#: ipaserver/plugins/idrange.py:470 ipaserver/plugins/idrange.py:737 -msgid "" -"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix" +#: ipaserver/plugins/cert.py:145 +msgid " * 4 - superseded\n" msgstr "" -#: ipaserver/plugins/idrange.py:477 -msgid "" -"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of " -"the trusted domain is specified" +#: ipaserver/plugins/cert.py:146 +msgid " * 5 - cessationOfOperation\n" msgstr "" -#: ipaserver/plugins/idrange.py:483 -msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together" +#: ipaserver/plugins/cert.py:147 +msgid " * 6 - certificateHold\n" msgstr "" -#: ipaserver/plugins/idrange.py:502 -msgid "" -"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when " -"SID of the trusted domain is not specified." +#: ipaserver/plugins/cert.py:148 +msgid " * 8 - removeFromCRL\n" msgstr "" -#: ipaserver/plugins/idrange.py:512 -msgid "" -"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when auto-" -"private-groups is specified" +#: ipaserver/plugins/cert.py:149 +msgid " * 9 - privilegeWithdrawn\n" msgstr "" -#: ipaserver/plugins/idrange.py:519 ipaserver/plugins/idrange.py:756 -msgid "Options secondary-rid-base and rid-base must be used together" +#: ipaserver/plugins/cert.py:150 +msgid " * 10 - aACompromise\n" msgstr "" -#: ipaserver/plugins/idrange.py:529 ipaserver/plugins/idrange.py:779 -msgid "Primary RID range and secondary RID range cannot overlap" +#: ipaserver/plugins/cert.py:151 +msgid "" +"\n" +"Note that reason code 7 is not used. See RFC 5280 for more details:\n" msgstr "" -#: ipaserver/plugins/idrange.py:541 +#: ipaserver/plugins/cert.py:153 msgid "" -"You must specify both rid-base and secondary-rid-base options, because ipa-" -"adtrust-install has already been run." +"\n" +"http://www.ietf.org/rfc/rfc5280.txt\n" +"\n" msgstr "" -#: ipaserver/plugins/idrange.py:560 +#: ipaserver/plugins/cert.py:289 #, python-format -msgid "Deleted ID range \"%(value)s\"" +msgid "" +"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile " +"'%(profile_id)s' for certificate issuance." msgstr "" -#: ipaserver/plugins/idrange.py:609 +#: ipaserver/plugins/cert.py:309 +msgid "enabledService/configuredService not in ipaConfigString kdc entry" +msgstr "" + +#: ipaserver/plugins/cert.py:313 #, python-format -msgid "%(count)d range matched" -msgid_plural "%(count)d ranges matched" -msgstr[0] "" -msgstr[1] "" +msgid "Host '%(hostname)s' is not an active KDC" +msgstr "" -#: ipaserver/plugins/idrange.py:645 -msgid "" -"Modify ID range.\n" -"\n" +#: ipaserver/plugins/cert.py:347 +msgid "Issuing CA" msgstr "" -#: ipaserver/plugins/idrange.py:649 -#, python-format -msgid "Modified ID range \"%(value)s\"" +#: ipaserver/plugins/cert.py:348 +msgid "Name of issuing CA" msgstr "" -#: ipaserver/plugins/idrange.py:684 -msgid "" -"This command can not be used to change ID allocation for local IPA domain. " -"Run `ipa help idrange` for more information" +#: ipaserver/plugins/cert.py:365 ipaserver/plugins/cert.py:1501 +#: ipaserver/plugins/host.py:536 ipaserver/plugins/internal.py:659 +#: ipaserver/plugins/internal.py:735 ipaserver/plugins/service.py:561 +#: ipaserver/plugins/baseuser.py:949 +msgid "Subject" msgstr "" -#: ipaserver/plugins/idrange.py:714 -msgid "" -"SID for the specified trusted domain name could not be found. Please specify " -"the SID directly using dom-sid option." +#: ipaserver/plugins/cert.py:370 +msgid "Subject email address" msgstr "" -#: ipaserver/plugins/idrange.py:721 -msgid "Options dom-sid and secondary-rid-base cannot be used together" +#: ipaserver/plugins/cert.py:375 +msgid "Subject DNS name" msgstr "" -#: ipaserver/plugins/idrange.py:728 -msgid "Options dom-sid and rid-base must be used together" +#: ipaserver/plugins/cert.py:380 +msgid "Subject X.400 address" msgstr "" -#: ipaserver/plugins/idviews.py:73 ipaserver/plugins/idviews.py:124 -#: ipaserver/plugins/idviews.py:132 ipaserver/plugins/idviews.py:360 -#: ipaserver/plugins/idviews.py:851 -msgid "ID View" +#: ipaserver/plugins/cert.py:385 +msgid "Subject directory name" msgstr "" -#: ipaserver/plugins/idviews.py:75 -msgid "system ID View" +#: ipaserver/plugins/cert.py:390 +msgid "Subject EDI Party name" msgstr "" -#: ipaserver/plugins/idviews.py:125 ipaserver/plugins/idviews.py:131 -msgid "ID Views" +#: ipaserver/plugins/cert.py:395 +msgid "Subject URI" msgstr "" -#: ipaserver/plugins/idviews.py:146 -msgid "User object overrides" +#: ipaserver/plugins/cert.py:400 +msgid "Subject IP Address" msgstr "" -#: ipaserver/plugins/idviews.py:150 -msgid "Group object overrides" +#: ipaserver/plugins/cert.py:405 +msgid "Subject OID" msgstr "" -#: ipaserver/plugins/idviews.py:154 -msgid "Hosts the view applies to" +#: ipaserver/plugins/cert.py:410 +msgid "Subject UPN" msgstr "" -#: ipaserver/plugins/idviews.py:198 -#, python-format -msgid "Added ID View \"%(value)s\"" +#: ipaserver/plugins/cert.py:415 +msgid "Subject Kerberos principal name" msgstr "" -#: ipaserver/plugins/idviews.py:215 -#, python-format -msgid "Deleted ID View \"%(value)s\"" +#: ipaserver/plugins/cert.py:420 +msgid "Subject Other Name" msgstr "" -#: ipaserver/plugins/idviews.py:228 -#, python-format -msgid "Modified an ID View \"%(value)s\"" +#: ipaserver/plugins/cert.py:425 ipaserver/plugins/host.py:548 +#: ipaserver/plugins/internal.py:732 ipaserver/plugins/service.py:573 +#: ipaserver/plugins/baseuser.py:942 +msgid "Issuer" msgstr "" -#: ipaserver/plugins/idviews.py:244 -#, python-format -msgid "%(count)d ID View matched" -msgid_plural "%(count)d ID Views matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/cert.py:431 ipaserver/plugins/host.py:552 +#: ipaserver/plugins/service.py:577 +msgid "Not Before" +msgstr "" -#: ipaserver/plugins/idviews.py:361 -msgid "Default Trust View cannot be applied on hosts" +#: ipaserver/plugins/cert.py:436 ipaserver/plugins/host.py:556 +#: ipaserver/plugins/service.py:581 +msgid "Not After" msgstr "" -#: ipaserver/plugins/idviews.py:389 ipaserver/plugins/idviews.py:422 -msgid "not found" +#: ipaserver/plugins/cert.py:441 ipaserver/plugins/host.py:560 +#: ipaserver/plugins/service.py:585 +msgid "Fingerprint (SHA1)" msgstr "" -#: ipaserver/plugins/idviews.py:403 -msgid "ID View cannot be applied to IPA master" +#: ipaserver/plugins/cert.py:446 ipaserver/plugins/host.py:564 +#: ipaserver/plugins/service.py:589 +msgid "Fingerprint (SHA256)" msgstr "" -#: ipaserver/plugins/idviews.py:420 -msgid "ID View already applied" +#: ipaserver/plugins/cert.py:458 +msgid "Serial number (hex)" msgstr "" -#: ipaserver/plugins/idviews.py:440 -msgid "value" +#: ipaserver/plugins/cert.py:581 +msgid "Request status" msgstr "" -#: ipaserver/plugins/idviews.py:453 -#, python-format -msgid "ID View applied to %i host." +#: ipaserver/plugins/cert.py:627 +msgid "" +"automatically add the principal if it doesn't exist (service principals only)" msgstr "" -#: ipaserver/plugins/idviews.py:454 +#: ipaserver/plugins/cert.py:676 #, python-format -msgid "ID View applied to %i hosts." +msgid "krbtgt certs can use only the %s profile" msgstr "" -#: ipaserver/plugins/idviews.py:496 -#, python-format -msgid "ID View cleared from %i host." +#: ipaserver/plugins/cert.py:728 +msgid "No Common Name was found in subject of request." msgstr "" -#: ipaserver/plugins/idviews.py:497 +#: ipaserver/plugins/cert.py:736 #, python-format -msgid "ID View cleared from %i hosts." +msgid "" +"hostname in subject of request '%(cn)s' does not match name or aliases of " +"principal '%(principal)s'" msgstr "" -#: ipaserver/plugins/idviews.py:565 +#: ipaserver/plugins/cert.py:742 +#, python-format msgid "" -"You are trying to reference a magic private group which is not allowed to be " -"overridden. Try overriding the GID attribute of the corresponding user " -"instead." +"hostname in subject of request '%(cn)s' does not match principal hostname " +"'%(hostname)s'" msgstr "" -#: ipaserver/plugins/idviews.py:603 -msgid "IPA object" +#: ipaserver/plugins/cert.py:751 +msgid "DN commonName does not match user's login" msgstr "" -#: ipaserver/plugins/idviews.py:604 +#: ipaserver/plugins/cert.py:765 +msgid "DN emailAddress does not match any of user's email addresses" +msgstr "" + +#: ipaserver/plugins/cert.py:774 +#, python-format msgid "" -"system IPA objects (e.g. system groups, user private groups) cannot be " -"overridden" +"Insufficient 'write' privilege to the 'userCertificate' attribute of entry " +"'%s'." msgstr "" -#: ipaserver/plugins/idviews.py:698 +#: ipaserver/plugins/cert.py:795 ipaserver/plugins/cert.py:913 #, python-format -msgid "Anchor '%(anchor)s' could not be resolved." +msgid "subject alt name type %s is forbidden for user principals" msgstr "" -#: ipaserver/plugins/idviews.py:852 -msgid "Default Trust View cannot contain IPA users" +#: ipaserver/plugins/cert.py:840 +#, python-format +msgid "" +"The service principal for subject alt name %s in certificate request does " +"not exist" msgstr "" -#: ipaserver/plugins/idviews.py:896 -msgid "Add a new ID override." +#: ipaserver/plugins/cert.py:871 +#, python-format +msgid "" +"Insufficient privilege to create a certificate with subject alt name '%s'." msgstr "" -#: ipaserver/plugins/idviews.py:897 +#: ipaserver/plugins/cert.py:889 #, python-format -msgid "Added ID override \"%(value)s\"" +msgid "Principal '%s' in subject alt name does not match requested principal" msgstr "" -#: ipaserver/plugins/idviews.py:912 -msgid "Delete an ID override." +#: ipaserver/plugins/cert.py:898 +msgid "RFC822Name does not match any of user's email addresses" msgstr "" -#: ipaserver/plugins/idviews.py:913 +#: ipaserver/plugins/cert.py:905 #, python-format -msgid "Deleted ID override \"%(value)s\"" +msgid "subject alt name type %s is forbidden for non-user principals" msgstr "" -#: ipaserver/plugins/idviews.py:936 -msgid "Modify an ID override." +#: ipaserver/plugins/cert.py:922 +#, python-format +msgid "Subject alt name type %s is forbidden" msgstr "" -#: ipaserver/plugins/idviews.py:937 +#: ipaserver/plugins/cert.py:940 #, python-format -msgid "Modified an ID override \"%(value)s\"" +msgid "CA '%s' is disabled" msgstr "" -#: ipaserver/plugins/idviews.py:944 -msgid "ID override" +#: ipaserver/plugins/cert.py:1027 +msgid "'add' option" msgstr "" -#: ipaserver/plugins/idviews.py:945 -msgid "ID overrides cannot be renamed" +#: ipaserver/plugins/cert.py:1031 +msgid "The principal for this request doesn't exist." msgstr "" -#: ipaserver/plugins/idviews.py:957 -msgid "Search for an ID override." +#: ipaserver/plugins/cert.py:1147 +#, python-format +msgid "IP address in subjectAltName (%s) unreachable from DNS names" msgstr "" -#: ipaserver/plugins/idviews.py:958 +#: ipaserver/plugins/cert.py:1164 #, python-format -msgid "%(count)d ID override matched" -msgid_plural "%(count)d ID overrides matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/idviews.py:970 -msgid "Display information about an ID override." +msgid "IP address in subjectAltName (%s) does not have PTR record" msgstr "" -#: ipaserver/plugins/idviews.py:982 ipaserver/plugins/idviews.py:986 -msgid "User ID override" +#: ipaserver/plugins/cert.py:1176 +#, python-format +msgid "PTR record for SAN IP (%s) does not match A/AAAA records" msgstr "" -#: ipaserver/plugins/idviews.py:983 ipaserver/plugins/idviews.py:985 -msgid "User ID overrides" +#: ipaserver/plugins/cert.py:1270 ipaserver/plugins/internal.py:706 +#: ipaserver/plugins/internal.py:1036 ipaserver/plugins/internal.py:1361 +#: ipaserver/plugins/internal.py:1964 +msgid "Status" msgstr "" -#: ipaserver/plugins/idviews.py:1105 ipaserver/plugins/idviews.py:1109 -msgid "Group ID override" +#: ipaserver/plugins/cert.py:1275 +msgid "Revoked" msgstr "" -#: ipaserver/plugins/idviews.py:1106 ipaserver/plugins/idviews.py:1108 -msgid "Group ID overrides" +#: ipaserver/plugins/cert.py:1280 ipaserver/plugins/host.py:568 +#: ipaserver/plugins/internal.py:656 ipaserver/plugins/internal.py:697 +#: ipaserver/plugins/service.py:593 +msgid "Revocation reason" msgstr "" -#: ipaserver/plugins/idviews.py:1150 -msgid "Add one or more certificates to the idoverrideuser entry" +#: ipaserver/plugins/cert.py:1281 +msgid "" +"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for " +"revocation reason details. " msgstr "" -#: ipaserver/plugins/idviews.py:1151 +#: ipaserver/plugins/cert.py:1303 #, python-format -msgid "Added certificates to idoverrideuser \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/idviews.py:1173 -msgid "Remove one or more certificates to the idoverrideuser entry" +msgid "Owner %s" msgstr "" -#: ipaserver/plugins/idviews.py:1174 +#: ipaserver/plugins/cert.py:1390 #, python-format -msgid "Removed certificates from idoverrideuser \"%(value)s\"" +msgid "" +"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found" msgstr "" -#: ipaserver/plugins/idviews.py:1198 -#, python-format -msgid "Added User ID override \"%(value)s\"" +#: ipaserver/plugins/cert.py:1459 +msgid "7 is not a valid revocation reason" msgstr "" -#: ipaserver/plugins/idviews.py:1223 -#, python-format -msgid "Deleted User ID override \"%(value)s\"" +#: ipaserver/plugins/cert.py:1559 +msgid "Status of the certificate" msgstr "" -#: ipaserver/plugins/idviews.py:1229 -#, python-format -msgid "Modified an User ID override \"%(value)s\"" +#: ipaserver/plugins/cert.py:1565 +msgid "Results should contain primary key attribute only (\"certificate\")" msgstr "" -#: ipaserver/plugins/idviews.py:1261 +#: ipaserver/plugins/cert.py:1581 #, python-format -msgid "%(count)d User ID override matched" -msgid_plural "%(count)d User ID overrides matched" +msgid "%(count)d certificate matched" +msgid_plural "%(count)d certificates matched" msgstr[0] "" msgstr[1] "" -#: ipaserver/plugins/idviews.py:1297 +#: ipaserver/plugins/cert.py:1603 #, python-format -msgid "Added Group ID override \"%(value)s\"" +msgid "Search for certificates with these owner %s." msgstr "" -#: ipaserver/plugins/idviews.py:1303 +#: ipaserver/plugins/cert.py:1614 #, python-format -msgid "Deleted Group ID override \"%(value)s\"" +msgid "Search for certificates without these owner %s." msgstr "" -#: ipaserver/plugins/idviews.py:1309 -#, python-format -msgid "Modified an Group ID override \"%(value)s\"" +#: ipaserver/plugins/group.py:63 +msgid "" +"\n" +"Groups of users\n" +"\n" +"Manage groups of users, groups, or services. By default, new groups are " +"POSIX\n" +"groups. You can add the --nonposix option to the group-add command to mark " +"a\n" +"new group as non-POSIX. You can use the --posix argument with the group-mod\n" +"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot " +"be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"The group name must follow these rules:\n" +"- cannot contain only numbers\n" +"- must start with a letter, a number, _ or .\n" +"- may contain letters, numbers, _, ., or -\n" +"- may end with a letter, a number, _, ., - or $\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"Groups members can be users, other groups, and Kerberos services. In POSIX\n" +"environments only users will be visible as group members, but nested groups " +"and\n" +"groups of services can be used for IPA management purposes.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add multiple users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1 --users=test2 localadmins\n" +"\n" +" To add Kerberos services to the \"printer admins\" group:\n" +" ipa group-add-member --services=CUPS/some.host printeradmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"Group membership managers are users or groups that can add members to a\n" +"group or remove members from a group.\n" +"\n" +" Allow user \"test2\" to add or remove members from group \"localadmins\":\n" +" ipa group-add-member-manager --users=test2 localadmins\n" +"\n" +" Revoke membership management rights for user \"test2\" from " +"\"localadmins\":\n" +" ipa group-remove-member-manager --users=test2 localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\\name, or name@domain format. IPA will " +"attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" msgstr "" -#: ipaserver/plugins/idviews.py:1315 +#: ipaserver/plugins/group.py:202 +msgid "groups" +msgstr "" + +#: ipaserver/plugins/group.py:335 +msgid "User Group" +msgstr "" + +#: ipaserver/plugins/group.py:367 #, python-format -msgid "%(count)d Group ID override matched" -msgid_plural "%(count)d Group ID overrides matched" -msgstr[0] "" -msgstr[1] "" +msgid "Added group \"%(value)s\"" +msgstr "" -#: ipaserver/plugins/internal.py:151 -msgid "Internationalization messages" +#: ipaserver/plugins/group.py:390 +msgid "gid cannot be set for external group" msgstr "" -#: ipaserver/plugins/internal.py:157 -msgid "Your session has expired. Please log in again." +#: ipaserver/plugins/group.py:402 +msgid "attribute \"gidNumber\" not allowed with --nonposix" +msgstr "" + +#: ipaserver/plugins/group.py:411 +#, python-format +msgid "Deleted group \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:161 ipaserver/plugins/internal.py:211 -msgid "Apply" +#: ipaserver/plugins/group.py:425 +msgid "privileged group" msgstr "" -#: ipaserver/plugins/internal.py:162 -msgid "Rebuild auto membership" +#: ipaserver/plugins/group.py:458 +#, python-format +msgid "Modified group \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:164 -msgid "" -"Are you sure you want to rebuild auto membership? In case of a high number " -"of users, hosts or groups, the operation may require high CPU usage." +#: ipaserver/plugins/group.py:520 +msgid "An external group cannot be POSIX" msgstr "" -#: ipaserver/plugins/internal.py:169 -msgid "Are you sure you want to proceed with the action?" +#: ipaserver/plugins/group.py:545 +#, python-format +msgid "%(count)d group matched" +msgid_plural "%(count)d groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/group.py:745 +#, python-format +msgid "Detached group \"%(value)s\" from user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:170 -#, python-brace-format -msgid "Are you sure you want to delete ${object}?" +#: ipaserver/plugins/group.py:770 +msgid "not allowed to modify user entries" msgstr "" -#: ipaserver/plugins/internal.py:171 -#, python-brace-format -msgid "Are you sure you want to disable ${object}?" +#: ipaserver/plugins/group.py:781 +msgid "not allowed to modify group entries" msgstr "" -#: ipaserver/plugins/internal.py:172 -#, python-brace-format -msgid "Are you sure you want to enable ${object}?" +#: ipaserver/plugins/group.py:801 +msgid "Not a managed group" msgstr "" -#: ipaserver/plugins/internal.py:173 -msgid "Actions" +#: ipaserver/plugins/group.py:823 +msgid "Add users that can manage members of this group." msgstr "" -#: ipaserver/plugins/internal.py:176 ipaserver/plugins/internal.py:206 -#: ipaserver/plugins/internal.py:268 -msgid "Add" +#: ipaserver/plugins/group.py:831 +msgid "Remove users that can manage members of this group." msgstr "" -#: ipaserver/plugins/internal.py:177 -#, python-brace-format -msgid "${count} item(s) added" +#: ipaserver/plugins/idp.py:24 +msgid "" +"\n" +"External Identity Provider References\n" msgstr "" -#: ipaserver/plugins/internal.py:178 -msgid "Direct Membership" +#: ipaserver/plugins/idp.py:26 +msgid "" +"\n" +"Manage External Identity Provider References.\n" msgstr "" -#: ipaserver/plugins/internal.py:179 -#, python-brace-format -msgid "Filter available ${other_entity}" +#: ipaserver/plugins/idp.py:28 +msgid "" +"\n" +"IPA supports the use of an external Identity Provider for OAuth2.0 Device " +"Flow\n" +"authentication.\n" msgstr "" -#: ipaserver/plugins/internal.py:180 -msgid "Indirect Membership" +#: ipaserver/plugins/idp.py:33 +msgid "" +"\n" +" Add a new external Identity Provider reference:\n" +" ipa idp-add MyIdP --client-id jhkQty13 --auth-uri https://oauth2." +"idp.com/auth --token-uri https://oauth2.idp.com/token --secret\n" msgstr "" -#: ipaserver/plugins/internal.py:181 -msgid "No entries." +#: ipaserver/plugins/idp.py:38 +msgid "" +"\n" +" Add a new external Identity Provider reference using github predefined\n" +" endpoints:\n" +" ipa idp-add MyIdp --client-id jhkQty13 --provider github --secret\n" msgstr "" -#: ipaserver/plugins/internal.py:182 -#, python-brace-format -msgid "Showing ${start} to ${end} of ${total} entries." +#: ipaserver/plugins/idp.py:42 +msgid "" +"\n" +" Find all external Identity Provider references whose entries include the " +"string\n" +" \"test.com\":\n" +" ipa idp-find test.com\n" msgstr "" -#: ipaserver/plugins/internal.py:183 ipaserver/plugins/internal.py:283 -msgid "Remove" +#: ipaserver/plugins/idp.py:46 +msgid "" +"\n" +" Examine the configuration of an external Identity Provider reference:\n" +" ipa idp-show MyIdP\n" msgstr "" -#: ipaserver/plugins/internal.py:184 -#, python-brace-format -msgid "${count} item(s) removed" +#: ipaserver/plugins/idp.py:49 +msgid "" +"\n" +" Change the secret:\n" +" ipa idp-mod MyIdP --secret\n" msgstr "" -#: ipaserver/plugins/internal.py:185 -msgid "Show Results" +#: ipaserver/plugins/idp.py:52 +msgid "" +"\n" +" Delete an external Identity Provider reference:\n" +" ipa idp-del MyIdP\n" msgstr "" -#: ipaserver/plugins/internal.py:188 -msgid "Authentication indicators" +#: ipaserver/plugins/idp.py:70 +msgid "Invalid URI: not an https scheme" msgstr "" -#: ipaserver/plugins/internal.py:189 -msgid "Authentication indicator" +#: ipaserver/plugins/idp.py:73 +msgid "Invalid URI: missing netloc" msgstr "" -#: ipaserver/plugins/internal.py:190 -msgid "" -"

Implicit method (password) will be used if no method is chosen.

Password + Two-factor: LDAP and Kerberos allow " -"authentication with either one of the authentication types but Kerberos uses " -"pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " -"but LDAP never does. LDAP only recognize the password and two-factor " -"authentication options.

" +#: ipaserver/plugins/idp.py:84 ipaserver/plugins/idp.py:100 +msgid "Identity Provider reference" msgstr "" -#: ipaserver/plugins/internal.py:191 -msgid "Add Custom Authentication Indicator" +#: ipaserver/plugins/idp.py:85 ipaserver/plugins/idp.py:99 +msgid "Identity Provider references" msgstr "" -#: ipaserver/plugins/internal.py:193 -msgid "Two factor authentication (password + OTP)" +#: ipaserver/plugins/idp.py:105 +msgid "Identity Provider reference name" msgstr "" -#: ipaserver/plugins/internal.py:195 -msgid "RADIUS" +#: ipaserver/plugins/idp.py:111 +msgid "Authorization URI" msgstr "" -#: ipaserver/plugins/internal.py:197 -msgid "Hardened Password (by SPAKE or FAST)" +#: ipaserver/plugins/idp.py:112 +msgid "OAuth 2.0 authorization endpoint" msgstr "" -#: ipaserver/plugins/internal.py:198 -msgid "External Identity Provider" +#: ipaserver/plugins/idp.py:117 +msgid "Device authorization URI" msgstr "" -#: ipaserver/plugins/internal.py:199 ipaserver/plugins/internal.py:1229 -msgid "Passkey" +#: ipaserver/plugins/idp.py:118 +msgid "Device authorization endpoint" msgstr "" -#: ipaserver/plugins/internal.py:200 -msgid "Disable per-user override" +#: ipaserver/plugins/idp.py:123 +msgid "Token URI" msgstr "" -#: ipaserver/plugins/internal.py:201 -msgid "" -"

Per-user setting, overwrites the global setting if any option is checked." -"

Password + Two-factor: LDAP and Kerberos allow " -"authentication with either one of the authentication types but Kerberos uses " -"pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " -"but LDAP never does. LDAP only recognize the password and two-factor " -"authentication options.

" +#: ipaserver/plugins/idp.py:124 +msgid "Token endpoint" msgstr "" -#: ipaserver/plugins/internal.py:204 ipaserver/plugins/internal.py:278 -#: ipaserver/plugins/internal.py:1756 -msgid "About" +#: ipaserver/plugins/idp.py:129 +msgid "User info URI" msgstr "" -#: ipaserver/plugins/internal.py:205 -msgid "Activate" +#: ipaserver/plugins/idp.py:130 +msgid "User information endpoint" msgstr "" -#: ipaserver/plugins/internal.py:207 -msgid "Add and Add Another" +#: ipaserver/plugins/idp.py:135 +msgid "JWKS URI" msgstr "" -#: ipaserver/plugins/internal.py:208 -msgid "Add and Close" +#: ipaserver/plugins/idp.py:136 +msgid "JWKS endpoint" msgstr "" -#: ipaserver/plugins/internal.py:209 -msgid "Add and Edit" +#: ipaserver/plugins/idp.py:140 +msgid "OIDC URL" msgstr "" -#: ipaserver/plugins/internal.py:210 -msgid "Add Many" +#: ipaserver/plugins/idp.py:142 +msgid "The Identity Provider OIDC URL" msgstr "" -#: ipaserver/plugins/internal.py:212 -msgid "Back" +#: ipaserver/plugins/idp.py:146 +msgid "Client identifier" msgstr "" -#: ipaserver/plugins/internal.py:213 -msgid "Cancel" +#: ipaserver/plugins/idp.py:148 +msgid "OAuth 2.0 client identifier" msgstr "" -#: ipaserver/plugins/internal.py:214 -msgid "Clear" +#: ipaserver/plugins/idp.py:153 +msgid "OAuth 2.0 client secret" msgstr "" -#: ipaserver/plugins/internal.py:215 -msgid "Clear all fields on the page." +#: ipaserver/plugins/idp.py:159 +msgid "Scope" msgstr "" -#: ipaserver/plugins/internal.py:216 -msgid "Close" +#: ipaserver/plugins/idp.py:160 +msgid "OAuth 2.0 scope. Multiple scopes separated by space" msgstr "" -#: ipaserver/plugins/internal.py:217 ipaserver/plugins/internal.py:1960 -msgid "Disable" +#: ipaserver/plugins/idp.py:164 +msgid "External IdP user identifier attribute" msgstr "" -#: ipaserver/plugins/internal.py:218 ipaserver/plugins/internal.py:649 -msgid "Download" +#: ipaserver/plugins/idp.py:165 +msgid "Attribute for user identity in OAuth 2.0 userinfo" msgstr "" -#: ipaserver/plugins/internal.py:219 -msgid "Download certificate as PEM formatted file." +#: ipaserver/plugins/idp.py:229 +msgid "Add a new Identity Provider reference." msgstr "" -#: ipaserver/plugins/internal.py:220 -msgid "Edit" +#: ipaserver/plugins/idp.py:230 +#, python-format +msgid "Added Identity Provider reference \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:221 ipaserver/plugins/internal.py:1962 -msgid "Enable" +#: ipaserver/plugins/idp.py:309 +msgid "IdP provider template" msgstr "" -#: ipaserver/plugins/internal.py:223 -msgid "Find" +#: ipaserver/plugins/idp.py:310 +msgid "Choose a pre-defined template to use" msgstr "" -#: ipaserver/plugins/internal.py:224 -msgid "Get" +#: ipaserver/plugins/idp.py:316 ipaserver/plugins/internal.py:685 +msgid "Organization" msgstr "" -#: ipaserver/plugins/internal.py:225 -msgid "Hide" +#: ipaserver/plugins/idp.py:317 +msgid "Organization ID or Realm name for IdP provider templates" msgstr "" -#: ipaserver/plugins/internal.py:226 -msgid "Issue" +#: ipaserver/plugins/idp.py:321 +msgid "Base URL" msgstr "" -#: ipaserver/plugins/internal.py:227 -msgid "Match" +#: ipaserver/plugins/idp.py:322 +msgid "Base URL for IdP provider templates" msgstr "" -#: ipaserver/plugins/internal.py:228 -msgid "Match users according to certificate." +#: ipaserver/plugins/idp.py:336 +msgid "unknown provider" msgstr "" -#: ipaserver/plugins/internal.py:229 -msgid "Migrate" +#: ipaserver/plugins/idp.py:351 +msgid "value is missing" msgstr "" -#: ipaserver/plugins/internal.py:230 -msgid "OK" +#: ipaserver/plugins/idp.py:385 +msgid "cannot specify both individual endpoints and IdP provider" msgstr "" -#: ipaserver/plugins/internal.py:231 -msgid "Refresh" +#: ipaserver/plugins/idp.py:416 +msgid "Delete an Identity Provider reference." msgstr "" -#: ipaserver/plugins/internal.py:232 -msgid "Reload current settings from the server." +#: ipaserver/plugins/idp.py:417 +#, python-format +msgid "Deleted Identity Provider reference \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:233 -msgid "Delete" +#: ipaserver/plugins/idp.py:422 +msgid "Modify an Identity Provider reference." msgstr "" -#: ipaserver/plugins/internal.py:234 ipaserver/plugins/internal.py:690 -msgid "Remove hold" +#: ipaserver/plugins/idp.py:423 +#, python-format +msgid "Modified Identity Provider reference \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:235 -msgid "Reset" +#: ipaserver/plugins/idp.py:428 +msgid "Search for Identity Provider references." msgstr "" -#: ipaserver/plugins/internal.py:236 ipaserver/plugins/internal.py:1749 -msgid "Reset Password" -msgstr "" +#: ipaserver/plugins/idp.py:430 +#, python-format +msgid "%(count)d Identity Provider reference matched" +msgid_plural "%(count)d Identity Provider references matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/internal.py:237 -msgid "Reset Password and Log in" +#: ipaserver/plugins/idp.py:445 +msgid "Display information about an Identity Provider reference." msgstr "" -#: ipaserver/plugins/internal.py:238 -msgid "Restore" +#: ipaserver/plugins/idrange.py:43 +msgid "" +"-------\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"\n" +"-------\n" msgstr "" -#: ipaserver/plugins/internal.py:239 -msgid "Retry" +#: ipaserver/plugins/idrange.py:58 +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"and an ID range of a trusted domain may set\n" +" - auto-private-groups: [true|false|hybrid] automatic creation of private " +"groups\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n" +" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n" +" --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" msgstr "" -#: ipaserver/plugins/internal.py:240 -msgid "Revert" +#: ipaserver/plugins/idrange.py:203 +msgid "ID Ranges" msgstr "" -#: ipaserver/plugins/internal.py:242 -msgid "Revoke" +#: ipaserver/plugins/idrange.py:204 +msgid "ID Range" msgstr "" -#: ipaserver/plugins/internal.py:243 -msgid "Save" +#: ipaserver/plugins/idrange.py:208 +msgid "local domain range" msgstr "" -#: ipaserver/plugins/internal.py:244 -msgid "Set" +#: ipaserver/plugins/idrange.py:256 +msgid "ID range type, one of allowed values" msgstr "" -#: ipaserver/plugins/internal.py:245 -msgid "Show" +#: ipaserver/plugins/idrange.py:261 ipaserver/plugins/internal.py:1267 +msgid "Auto private groups" msgstr "" -#: ipaserver/plugins/internal.py:246 -msgid "Stage" +#: ipaserver/plugins/idrange.py:263 +msgid "Auto creation of private groups, one of allowed values" msgstr "" -#: ipaserver/plugins/internal.py:248 -msgid "Update" +#: ipaserver/plugins/idrange.py:337 +msgid "" +"range modification leaving objects with ID out of the defined range is not " +"allowed" msgstr "" -#: ipaserver/plugins/internal.py:249 -msgid "View" +#: ipaserver/plugins/idrange.py:342 +msgid "" +"Cannot perform SID validation without Samba 4 support installed. Make sure " +"you have installed server-trust-ad sub-package of IPA on the server" msgstr "" -#: ipaserver/plugins/internal.py:252 ipaserver/plugins/internal.py:1757 -msgid "Customization" +#: ipaserver/plugins/idrange.py:349 +msgid "" +"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-" +"install on the IPA server first" msgstr "" -#: ipaserver/plugins/internal.py:253 -msgid "Pagination Size" +#: ipaserver/plugins/idrange.py:361 +msgid "SID is not recognized as a valid SID for a trusted domain" msgstr "" -#: ipaserver/plugins/internal.py:256 -msgid "Collapse All" +#: ipaserver/plugins/idrange.py:398 +msgid "" +"\n" +" Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --auto-private-groups\n" +"\n" +" may be given for a new ID range for a trusted AD domain and\n" +"\n" +" --rid-base\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" msgstr "" -#: ipaserver/plugins/internal.py:257 -msgid "Expand All" +#: ipaserver/plugins/idrange.py:424 +#, python-format +msgid "Added ID range \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:258 -msgid "General" +#: ipaserver/plugins/idrange.py:437 ipaserver/plugins/idrange.py:702 +msgid "Options dom-sid and dom-name cannot be used together" msgstr "" -#: ipaserver/plugins/internal.py:259 -msgid "Identity Settings" +#: ipaserver/plugins/idrange.py:448 +msgid "Specified trusted domain name could not be found." msgstr "" -#: ipaserver/plugins/internal.py:260 -msgid "Record Settings" +#: ipaserver/plugins/idrange.py:463 +msgid "Options dom-sid/dom-name and rid-base must be used together" msgstr "" -#: ipaserver/plugins/internal.py:261 -#, python-brace-format -msgid "${entity} ${primary_key} Settings" +#: ipaserver/plugins/idrange.py:470 ipaserver/plugins/idrange.py:737 +msgid "" +"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix" msgstr "" -#: ipaserver/plugins/internal.py:262 -msgid "Back to Top" +#: ipaserver/plugins/idrange.py:477 +msgid "" +"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of " +"the trusted domain is specified" msgstr "" -#: ipaserver/plugins/internal.py:263 -#, python-brace-format -msgid "${entity} ${primary_key} updated" +#: ipaserver/plugins/idrange.py:483 +msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together" msgstr "" -#: ipaserver/plugins/internal.py:266 -#, python-brace-format -msgid "${entity} successfully added" +#: ipaserver/plugins/idrange.py:502 +msgid "" +"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when " +"SID of the trusted domain is not specified." msgstr "" -#: ipaserver/plugins/internal.py:267 -msgid "Add custom value" +#: ipaserver/plugins/idrange.py:512 +msgid "" +"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when auto-" +"private-groups is specified" msgstr "" -#: ipaserver/plugins/internal.py:269 -msgid "Available" +#: ipaserver/plugins/idrange.py:519 ipaserver/plugins/idrange.py:756 +msgid "Options secondary-rid-base and rid-base must be used together" msgstr "" -#: ipaserver/plugins/internal.py:270 -msgid "Some operations failed." +#: ipaserver/plugins/idrange.py:529 ipaserver/plugins/idrange.py:779 +msgid "Primary RID range and secondary RID range cannot overlap" msgstr "" -#: ipaserver/plugins/internal.py:271 -msgid "Operations Error" +#: ipaserver/plugins/idrange.py:541 +msgid "" +"You must specify both rid-base and secondary-rid-base options, because ipa-" +"adtrust-install has already been run." msgstr "" -#: ipaserver/plugins/internal.py:272 -msgid "Confirmation" +#: ipaserver/plugins/idrange.py:560 +#, python-format +msgid "Deleted ID range \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:273 -msgid "Custom value" -msgstr "" +#: ipaserver/plugins/idrange.py:609 +#, python-format +msgid "%(count)d range matched" +msgid_plural "%(count)d ranges matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/internal.py:274 -msgid "This page has unsaved changes. Please save or revert." +#: ipaserver/plugins/idrange.py:645 +msgid "" +"Modify ID range.\n" +"\n" msgstr "" -#: ipaserver/plugins/internal.py:275 -msgid "Unsaved Changes" +#: ipaserver/plugins/idrange.py:649 +#, python-format +msgid "Modified ID range \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:276 -#, python-brace-format -msgid "Edit ${entity}" +#: ipaserver/plugins/idrange.py:684 +msgid "" +"This command can not be used to change ID allocation for local IPA domain. " +"Run `ipa help idrange` for more information" msgstr "" -#: ipaserver/plugins/internal.py:277 -msgid "Hide details" +#: ipaserver/plugins/idrange.py:714 +msgid "" +"SID for the specified trusted domain name could not be found. Please specify " +"the SID directly using dom-sid option." msgstr "" -#: ipaserver/plugins/internal.py:279 -#, python-brace-format -msgid "${product}, version: ${version}" +#: ipaserver/plugins/idrange.py:721 +msgid "Options dom-sid and secondary-rid-base cannot be used together" msgstr "" -#: ipaserver/plugins/internal.py:280 -msgid "Prospective" +#: ipaserver/plugins/idrange.py:728 +msgid "Options dom-sid and rid-base must be used together" msgstr "" -#: ipaserver/plugins/internal.py:281 -msgid "Redirection" +#: ipaserver/plugins/schema.py:24 +msgid "" +"\n" +"API Schema\n" msgstr "" -#: ipaserver/plugins/internal.py:282 -msgid "Select entries to be removed." +#: ipaserver/plugins/schema.py:26 +msgid "" +"\n" +"Provides API introspection capabilities.\n" msgstr "" -#: ipaserver/plugins/internal.py:284 -msgid "Result" +#: ipaserver/plugins/schema.py:30 +msgid "" +"\n" +" Show user-find details:\n" +" ipa command-show user-find\n" msgstr "" -#: ipaserver/plugins/internal.py:285 -msgid "Show details" +#: ipaserver/plugins/schema.py:33 +msgid "" +"\n" +" Find user-find parameters:\n" +" ipa param-find user-find\n" msgstr "" -#: ipaserver/plugins/internal.py:286 -msgid "Success" +#: ipaserver/plugins/schema.py:54 +msgid "Documentation" msgstr "" -#: ipaserver/plugins/internal.py:287 -msgid "Validation error" +#: ipaserver/plugins/schema.py:59 +msgid "Exclude from" msgstr "" -#: ipaserver/plugins/internal.py:288 -msgid "Input form contains invalid or missing values." +#: ipaserver/plugins/schema.py:64 +msgid "Include in" msgstr "" -#: ipaserver/plugins/internal.py:291 -msgid "Please try the following options:" +#: ipaserver/plugins/schema.py:135 +msgid "Help topic" msgstr "" -#: ipaserver/plugins/internal.py:292 -msgid "If the problem persists please contact the system administrator." +#: ipaserver/plugins/schema.py:147 ipaserver/plugins/internal.py:736 +msgid "Version" msgstr "" -#: ipaserver/plugins/internal.py:293 -msgid "Refresh the page." +#: ipaserver/plugins/schema.py:172 +msgid "Parameters" msgstr "" -#: ipaserver/plugins/internal.py:294 -msgid "Reload the browser." +#: ipaserver/plugins/schema.py:207 +msgid "Method of" msgstr "" -#: ipaserver/plugins/internal.py:295 -msgid "Return to the main page and retry the operation" +#: ipaserver/plugins/schema.py:212 +msgid "Method name" msgstr "" -#: ipaserver/plugins/internal.py:296 -#, python-brace-format -msgid "An error has occurred (${error})" +#: ipaserver/plugins/schema.py:270 +msgid "Display information about a command." msgstr "" -#: ipaserver/plugins/internal.py:300 -msgid "HTTP Error" +#: ipaserver/plugins/schema.py:275 +msgid "Search for commands." msgstr "" -#: ipaserver/plugins/internal.py:301 -msgid "Internal Error" +#: ipaserver/plugins/schema.py:280 +msgid "Return command defaults" msgstr "" -#: ipaserver/plugins/internal.py:302 -msgid "IPA Error" +#: ipaserver/plugins/schema.py:291 +#, python-brace-format +msgid "{oname}: {command_name} not found" msgstr "" -#: ipaserver/plugins/internal.py:303 -msgid "No response" +#: ipaserver/plugins/schema.py:344 +msgid "Display information about a class." msgstr "" -#: ipaserver/plugins/internal.py:304 -msgid "Unknown Error" +#: ipaserver/plugins/schema.py:349 +msgid "Search for classes." msgstr "" -#: ipaserver/plugins/internal.py:305 -msgid "URL" +#: ipaserver/plugins/schema.py:436 +msgid "Display information about a help topic." msgstr "" -#: ipaserver/plugins/internal.py:308 -#, python-brace-format -msgid "${primary_key} is managed by:" +#: ipaserver/plugins/schema.py:441 +msgid "Search for help topics." msgstr "" -#: ipaserver/plugins/internal.py:309 -#, python-brace-format -msgid "${primary_key} members:" +#: ipaserver/plugins/schema.py:453 +msgid "Required" msgstr "" -#: ipaserver/plugins/internal.py:310 -#, python-brace-format -msgid "${primary_key} is a member of:" +#: ipaserver/plugins/schema.py:458 +msgid "Multi-value" msgstr "" -#: ipaserver/plugins/internal.py:311 -#, python-brace-format -msgid "${primary_key} member managers:" +#: ipaserver/plugins/schema.py:510 +msgid "Always ask" msgstr "" -#: ipaserver/plugins/internal.py:314 -msgid "Settings" +#: ipaserver/plugins/schema.py:515 +msgid "CLI metavar" msgstr "" -#: ipaserver/plugins/internal.py:315 ipaserver/plugins/internal.py:1770 -msgid "Search" +#: ipaserver/plugins/schema.py:520 +msgid "CLI name" msgstr "" -#: ipaserver/plugins/internal.py:317 -msgid "False" +#: ipaserver/plugins/schema.py:525 +msgid "Confirm (password)" msgstr "" -#: ipaserver/plugins/internal.py:320 -#, python-brace-format -msgid "Allow user groups to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:530 +msgid "Default" msgstr "" -#: ipaserver/plugins/internal.py:323 -#, python-brace-format -msgid "Allow user groups to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:535 +msgid "Default from" msgstr "" -#: ipaserver/plugins/internal.py:326 -#, python-brace-format -msgid "Allow host groups to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:540 +msgid "Label" msgstr "" -#: ipaserver/plugins/internal.py:329 -#, python-brace-format -msgid "Allow host groups to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:545 +msgid "Convert on server" msgstr "" -#: ipaserver/plugins/internal.py:332 -#, python-brace-format -msgid "Allow hosts to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:550 +msgid "Option group" msgstr "" -#: ipaserver/plugins/internal.py:335 -#, python-brace-format -msgid "Allow hosts to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:555 +msgid "Sensitive" msgstr "" -#: ipaserver/plugins/internal.py:338 -#, python-brace-format -msgid "Allow users to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:560 +msgid "Positional argument" msgstr "" -#: ipaserver/plugins/internal.py:341 -#, python-brace-format -msgid "Allow users to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:645 +#, python-format +msgid "%(metaobject)s: %(oname)s not found" msgstr "" -#: ipaserver/plugins/internal.py:343 -msgid "Allowed to create keytab" +#: ipaserver/plugins/schema.py:684 +msgid "Display information about a command parameter." msgstr "" -#: ipaserver/plugins/internal.py:344 -msgid "Allowed to retrieve keytab" +#: ipaserver/plugins/schema.py:689 +msgid "Search command parameters." msgstr "" -#: ipaserver/plugins/internal.py:346 -#, python-brace-format -msgid "Disallow user groups to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:746 +#, python-format +msgid "%(command_name)s: %(oname)s not found" msgstr "" -#: ipaserver/plugins/internal.py:349 -#, python-brace-format -msgid "Disallow user groups to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:771 +msgid "Display information about a command output." msgstr "" -#: ipaserver/plugins/internal.py:352 -#, python-brace-format -msgid "Disallow host groups to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:776 +msgid "Search for command outputs." msgstr "" -#: ipaserver/plugins/internal.py:355 -#, python-brace-format -msgid "Disallow host groups to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:781 +msgid "Store and provide schema for commands and topics" msgstr "" -#: ipaserver/plugins/internal.py:358 -#, python-brace-format -msgid "Disallow hosts to create keytab of '${primary_key}'" +#: ipaserver/plugins/schema.py:787 +msgid "Fingerprint of schema cached by client" msgstr "" -#: ipaserver/plugins/internal.py:361 -#, python-brace-format -msgid "Disallow hosts to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/sudorule.py:43 +msgid "" +"\n" +"Sudo Rules\n" msgstr "" -#: ipaserver/plugins/internal.py:364 -#, python-brace-format -msgid "Disallow users to create keytab of '${primary_key}'" +#: ipaserver/plugins/sudorule.py:45 +msgid "" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" msgstr "" -#: ipaserver/plugins/internal.py:367 -#, python-brace-format -msgid "Disallow users to retrieve keytab of '${primary_key}'" +#: ipaserver/plugins/sudorule.py:50 +msgid "" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" msgstr "" -#: ipaserver/plugins/internal.py:371 -msgid "Add Kerberos Principal Alias" +#: ipaserver/plugins/sudorule.py:59 +msgid "" +"\n" +"Each option needs to be added separately and no validation is done whether\n" +"the option is known by sudo or is in a valid format. Environment variables\n" +"also need to be set individually. For example env_keep=\"FOO BAR\" in " +"sudoers\n" +"needs be represented as --sudooption env_keep=FOO --sudooption " +"env_keep+=BAR.\n" msgstr "" -#: ipaserver/plugins/internal.py:372 -msgid "New kerberos principal alias" +#: ipaserver/plugins/sudorule.py:64 +msgid "" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" msgstr "" -#: ipaserver/plugins/internal.py:373 -msgid "Remove Kerberos Alias" +#: ipaserver/plugins/sudorule.py:68 +msgid "" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" msgstr "" -#: ipaserver/plugins/internal.py:374 -#, python-brace-format -msgid "Do you want to remove kerberos alias ${alias}?" +#: ipaserver/plugins/sudorule.py:71 +msgid "" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -H ldap://ipa." +"example.com -ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc," +"dc=example,dc=com\n" msgstr "" -#: ipaserver/plugins/internal.py:377 -msgid "Inherited from server configuration" +#: ipaserver/plugins/sudorule.py:78 +msgid "" +"\n" +" Create a new rule:\n" +" ipa sudorule-add readfiles\n" msgstr "" -#: ipaserver/plugins/internal.py:378 -msgid "MS-PAC" +#: ipaserver/plugins/sudorule.py:81 +msgid "" +"\n" +" Add sudo command object and add it as allowed command in the rule:\n" +" ipa sudocmd-add /usr/bin/less\n" +" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" msgstr "" -#: ipaserver/plugins/internal.py:379 -msgid "Override inherited settings" +#: ipaserver/plugins/sudorule.py:85 +msgid "" +"\n" +" Add a host to the rule:\n" +" ipa sudorule-add-host readfiles --hosts server.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:380 -msgid "PAD" +#: ipaserver/plugins/sudorule.py:88 +msgid "" +"\n" +" Add a user to the rule:\n" +" ipa sudorule-add-user readfiles --users jsmith\n" msgstr "" -#: ipaserver/plugins/internal.py:383 -msgid "Authenticating" +#: ipaserver/plugins/sudorule.py:91 +msgid "" +"\n" +" Add a special Sudo rule for default Sudo server configuration:\n" +" ipa sudorule-add defaults\n" msgstr "" -#: ipaserver/plugins/internal.py:385 -msgid "Authentication with personal certificate failed" +#: ipaserver/plugins/sudorule.py:94 +msgid "" +"\n" +" Set a default Sudo option:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" msgstr "" -#: ipaserver/plugins/internal.py:387 +#: ipaserver/plugins/sudorule.py:97 msgid "" -" To log in with certificate, please make sure you have valid personal certificate. " +"\n" +" Set multiple default Sudo options:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate' --" +"sudooption mail_badpass\n" msgstr "" -#: ipaserver/plugins/internal.py:391 -msgid "Continue to next page" +#: ipaserver/plugins/sudorule.py:101 +msgid "" +"\n" +" Set SELinux type and role transitions on a rule:\n" +" ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n" +" ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n" msgstr "" -#: ipaserver/plugins/internal.py:393 -msgid "" -" To log in with username and " -"password, enter them in the corresponding fields, then click 'Log " -"in'." +#: ipaserver/plugins/sudorule.py:120 +msgid "this option has been deprecated." msgstr "" -#: ipaserver/plugins/internal.py:396 -msgid "Login failed due to an unknown reason" +#: ipaserver/plugins/sudorule.py:148 +msgid "sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:397 -msgid "Logged In As" +#: ipaserver/plugins/sudorule.py:236 +msgid "Sudo Rules" msgstr "" -#: ipaserver/plugins/internal.py:398 -msgid "Authentication with Kerberos failed" +#: ipaserver/plugins/sudorule.py:237 +msgid "Sudo Rule" msgstr "" -#: ipaserver/plugins/internal.py:400 -#, python-brace-format -msgid "" -" To log in with Kerberos, please make sure you have valid tickets (obtainable via kinit) and " -"configured the " -"browser correctly, then click 'Log in'." +#: ipaserver/plugins/sudorule.py:372 +#, python-format +msgid "order must be a unique value (%(order)d already used by %(rule)s)" msgstr "" -#: ipaserver/plugins/internal.py:405 -msgid "Loading" +#: ipaserver/plugins/sudorule.py:403 +#, python-format +msgid "Added Sudo Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:407 -msgid "Kerberos Principal you entered is expired" +#: ipaserver/plugins/sudorule.py:410 +#, python-format +msgid "Deleted Sudo Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:408 -msgid "Loading data" +#: ipaserver/plugins/sudorule.py:417 +#, python-format +msgid "Modified Sudo Rule \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:409 -msgid "Log in" +#: ipaserver/plugins/sudorule.py:436 +#, python-format +msgid "" +"%(type)s category cannot be set to 'all' while there are allowed %(objects)s" msgstr "" -#: ipaserver/plugins/internal.py:410 -msgid "Log In Using Certificate" +#: ipaserver/plugins/sudorule.py:442 ipaserver/plugins/user.py:182 +msgid "users" msgstr "" -#: ipaserver/plugins/internal.py:411 -msgid "Log in using personal certificate" +#: ipaserver/plugins/sudorule.py:452 +msgid "command" msgstr "" -#: ipaserver/plugins/internal.py:412 ipaserver/plugins/internal.py:1758 -msgid "Log out" +#: ipaserver/plugins/sudorule.py:452 +msgid "commands" msgstr "" -#: ipaserver/plugins/internal.py:413 -msgid "Log out error" +#: ipaserver/plugins/sudorule.py:458 +msgid "runAs user" msgstr "" -#: ipaserver/plugins/internal.py:415 ipaserver/plugins/internal.py:1743 -msgid "Password or Password+One-Time Password" +#: ipaserver/plugins/sudorule.py:458 +msgid "runAs users" msgstr "" -#: ipaserver/plugins/internal.py:416 -#, python-brace-format -msgid "You will be redirected in ${count}s" +#: ipaserver/plugins/sudorule.py:463 +msgid "group runAs" msgstr "" -#: ipaserver/plugins/internal.py:417 -msgid "Sync OTP Token" +#: ipaserver/plugins/sudorule.py:463 +msgid "runAs groups" msgstr "" -#: ipaserver/plugins/internal.py:418 -msgid "Synchronizing" -msgstr "" +#: ipaserver/plugins/sudorule.py:484 +#, python-format +msgid "%(count)d Sudo Rule matched" +msgid_plural "%(count)d Sudo Rules matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/internal.py:420 -msgid "The user account you entered is locked" +#: ipaserver/plugins/sudorule.py:556 +msgid "commands cannot be added when command category='all'" msgstr "" -#: ipaserver/plugins/internal.py:423 -msgid "number of passwords" +#: ipaserver/plugins/sudorule.py:818 ipaserver/plugins/sudorule.py:940 +msgid "users cannot be added when runAs user or runAs group category='all'" msgstr "" -#: ipaserver/plugins/internal.py:424 -msgid "seconds" +#: ipaserver/plugins/sudorule.py:825 +#, python-format +msgid "RunAsUser does not accept '%(name)s' as a user name" msgstr "" -#: ipaserver/plugins/internal.py:427 -msgid "Migrating" +#: ipaserver/plugins/sudorule.py:833 +#, python-format +msgid "RunAsUser does not accept '%(name)s' as a group name" msgstr "" -#: ipaserver/plugins/internal.py:429 -msgid "There was a problem with your request. Please, try again later." +#: ipaserver/plugins/sudorule.py:947 +#, python-format +msgid "RunAsGroup does not accept '%(name)s' as a group name" msgstr "" -#: ipaserver/plugins/internal.py:432 -msgid "Password migration was not successful" +#: ipaserver/plugins/automount.py:218 +msgid "automount location" msgstr "" -#: ipaserver/plugins/internal.py:434 -msgid "" -"

Password Migration

If you have been sent here by your " -"administrator, your personal information is being migrated to a new identity " -"management solution (IPA).

Please, enter your credentials in the form " -"to complete the process. Upon successful login your kerberos account will be " -"activated.

" +#: ipaserver/plugins/automount.py:219 +msgid "automount locations" msgstr "" -#: ipaserver/plugins/internal.py:441 ipaserver/plugins/internal.py:1725 -msgid "The password or username you entered is incorrect" +#: ipaserver/plugins/automount.py:222 +msgid "Automount Locations" msgstr "" -#: ipaserver/plugins/internal.py:442 -msgid "Password migration was successful" +#: ipaserver/plugins/automount.py:223 +msgid "Automount Location" msgstr "" -#: ipaserver/plugins/internal.py:446 ipaserver/plugins/internal.py:531 -#: ipaserver/plugins/internal.py:1241 -msgid "Attribute" +#: ipaserver/plugins/automount.py:263 +#, python-format +msgid "Added automount location \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:449 -msgid "Add delegation" +#: ipaserver/plugins/automount.py:283 +#, python-format +msgid "Deleted automount location \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:450 -msgid "Remove delegations" -msgstr "" +#: ipaserver/plugins/automount.py:296 +#, python-format +msgid "%(count)d automount location matched" +msgid_plural "%(count)d automount locations matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/internal.py:453 ipaserver/plugins/internal.py:785 -msgid "Add permission" +#: ipaserver/plugins/automount.py:349 +msgid "automount map" msgstr "" -#: ipaserver/plugins/internal.py:455 -#, python-brace-format -msgid "Add privileges into permission '${primary_key}'" +#: ipaserver/plugins/automount.py:350 +msgid "automount maps" msgstr "" -#: ipaserver/plugins/internal.py:457 -msgid "Remove permissions" +#: ipaserver/plugins/automount.py:393 +msgid "Automount Maps" msgstr "" -#: ipaserver/plugins/internal.py:459 -#, python-brace-format -msgid "Remove privileges from permission '${primary_key}'" +#: ipaserver/plugins/automount.py:394 +msgid "Automount Map" msgstr "" -#: ipaserver/plugins/internal.py:463 -msgid "Add privilege" +#: ipaserver/plugins/automount.py:401 +#, python-format +msgid "Added automount map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:465 -#, python-brace-format -msgid "Add privilege '${primary_key}' into permissions" +#: ipaserver/plugins/automount.py:408 +#, python-format +msgid "Deleted automount map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:468 -#, python-brace-format -msgid "Add roles into privilege '${primary_key}'" +#: ipaserver/plugins/automount.py:428 +#, python-format +msgid "Modified automount map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:470 -msgid "Remove privileges" +#: ipaserver/plugins/automount.py:436 +#, python-format +msgid "%(count)d automount map matched" +msgid_plural "%(count)d automount maps matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/automount.py:448 +msgid "Automount key object." msgstr "" -#: ipaserver/plugins/internal.py:472 -#, python-brace-format -msgid "Remove privilege '${primary_key}' from permissions" +#: ipaserver/plugins/automount.py:452 +msgid "automount key" msgstr "" -#: ipaserver/plugins/internal.py:475 -#, python-brace-format -msgid "Remove roles from privilege '${primary_key}'" +#: ipaserver/plugins/automount.py:453 +msgid "automount keys" msgstr "" -#: ipaserver/plugins/internal.py:479 -msgid "Role Settings" +#: ipaserver/plugins/automount.py:512 +msgid "Automount Keys" msgstr "" -#: ipaserver/plugins/internal.py:480 -msgid "Add role" +#: ipaserver/plugins/automount.py:513 +msgid "Automount Key" msgstr "" -#: ipaserver/plugins/internal.py:482 -#, python-brace-format -msgid "Add user groups into role '${primary_key}'" +#: ipaserver/plugins/automount.py:514 +#, python-format +msgid "" +"The key,info pair must be unique. A key named %(key)s with info %(info)s " +"already exists" msgstr "" -#: ipaserver/plugins/internal.py:485 -#, python-brace-format -msgid "Add hosts into role '${primary_key}'" +#: ipaserver/plugins/automount.py:515 +#, python-format +msgid "key named %(key)s already exists" msgstr "" -#: ipaserver/plugins/internal.py:488 -#, python-brace-format -msgid "Add host groups into role '${primary_key}'" +#: ipaserver/plugins/automount.py:516 +#, python-format +msgid "The automount key %(key)s with info %(info)s does not exist" msgstr "" -#: ipaserver/plugins/internal.py:491 -#, python-brace-format -msgid "Add role '${primary_key}' into privileges" +#: ipaserver/plugins/automount.py:566 +#, python-format +msgid "" +"More than one entry with key %(key)s found, use --info to select specific " +"entry." msgstr "" -#: ipaserver/plugins/internal.py:494 -#, python-brace-format -msgid "Add services into role '${primary_key}'" +#: ipaserver/plugins/automount.py:625 +#, python-format +msgid "Added automount key \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:497 -#, python-brace-format -msgid "Add users into role '${primary_key}'" +#: ipaserver/plugins/automount.py:654 +#, python-format +msgid "Added automount indirect map \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:499 -msgid "Remove roles" +#: ipaserver/plugins/automount.py:678 +msgid "mount point is relative to parent map, cannot begin with /" msgstr "" -#: ipaserver/plugins/internal.py:501 -#, python-brace-format -msgid "Remove role '${primary_key}' from privileges" +#: ipaserver/plugins/automount.py:707 +#, python-format +msgid "Deleted automount key \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:504 -#, python-brace-format -msgid "Remove user groups from role '${primary_key}'" +#: ipaserver/plugins/automount.py:748 +#, python-format +msgid "Modified automount key \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:507 -#, python-brace-format -msgid "Remove hosts from role '${primary_key}'" +#: ipaserver/plugins/automount.py:807 +#, python-format +msgid "%(count)d automount key matched" +msgid_plural "%(count)d automount keys matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/config.py:50 +msgid "" +"\n" +"Server configuration\n" +"\n" +"Manage the default values that IPA uses and some of its tuning parameters.\n" +"\n" +"NOTES:\n" +"\n" +"The password notification value (--pwdexpnotify) is stored here so it will\n" +"be replicated. It is not currently used to notify users in advance of an\n" +"expiring password.\n" +"\n" +"Some attributes are read-only, provided only for information purposes. " +"These\n" +"include:\n" +"\n" +"Certificate Subject base: the configured certificate subject base,\n" +" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" +"Password plug-in features: currently defines additional hashes that the\n" +" password will generate (there may be other conditions).\n" +"\n" +"When setting the order list for mapping SELinux users you may need to\n" +"quote the value so it isn't interpreted by the shell.\n" +"\n" +"The maximum length of a hostname in Linux is controlled by\n" +"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n" +"systems, Solaris for example, allows hostnames up to 255 characters.\n" +"This option will allow flexibility in length but by default limiting\n" +"to the Linux maximum length.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Show basic server configuration:\n" +" ipa config-show\n" +"\n" +" Show all configuration options:\n" +" ipa config-show --all\n" +"\n" +" Change maximum username length to 99 characters:\n" +" ipa config-mod --maxusername=99\n" +"\n" +" Change maximum host name length to 255 characters:\n" +" ipa config-mod --maxhostname=255\n" +"\n" +" Increase default time and size limits for maximum IPA server search:\n" +" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" +"\n" +" Set default user e-mail domain:\n" +" ipa config-mod --emaildomain=example.com\n" +"\n" +" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +" Define SELinux user map order:\n" +" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" +"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" msgstr "" -#: ipaserver/plugins/internal.py:510 -#, python-brace-format -msgid "Remove host groups from role '${primary_key}'" +#: ipaserver/plugins/config.py:116 +msgid "must be at least 10" msgstr "" -#: ipaserver/plugins/internal.py:513 -#, python-brace-format -msgid "Remove services from role '${primary_key}'" +#: ipaserver/plugins/config.py:124 +msgid "configuration options" msgstr "" -#: ipaserver/plugins/internal.py:516 -#, python-brace-format -msgid "Remove users from role '${primary_key}'" +#: ipaserver/plugins/config.py:160 ipaserver/plugins/config.py:161 +msgid "Configuration" msgstr "" -#: ipaserver/plugins/internal.py:520 -msgid "Add self service permission" +#: ipaserver/plugins/config.py:172 +msgid "Maximum hostname length" msgstr "" -#: ipaserver/plugins/internal.py:521 -msgid "Remove self service permissions" +#: ipaserver/plugins/config.py:276 ipaserver/plugins/config.py:277 +msgid "Enable adding subids to new users" msgstr "" -#: ipaserver/plugins/internal.py:524 -msgid "Add rule" +#: ipaserver/plugins/config.py:281 +msgid "IPA masters" msgstr "" -#: ipaserver/plugins/internal.py:526 -#, python-brace-format -msgid "Add inclusive condition into '${primary_key}'" +#: ipaserver/plugins/config.py:282 +msgid "List of all IPA masters" msgstr "" -#: ipaserver/plugins/internal.py:529 -#, python-brace-format -msgid "Add exclusive condition into '${primary_key}'" +#: ipaserver/plugins/config.py:287 +msgid "Hidden IPA masters" msgstr "" -#: ipaserver/plugins/internal.py:533 -msgid "Are you sure you want to change default group?" +#: ipaserver/plugins/config.py:288 +msgid "List of all hidden IPA masters" msgstr "" -#: ipaserver/plugins/internal.py:535 -msgid "Default host group" +#: ipaserver/plugins/config.py:293 +msgid "IPA master capable of PKINIT" msgstr "" -#: ipaserver/plugins/internal.py:536 -msgid "Default user group" +#: ipaserver/plugins/config.py:294 +msgid "IPA master which can process PKINIT requests" msgstr "" -#: ipaserver/plugins/internal.py:537 -msgid "Exclusive" +#: ipaserver/plugins/config.py:299 +msgid "IPA CA servers" msgstr "" -#: ipaserver/plugins/internal.py:538 -msgid "Expression" +#: ipaserver/plugins/config.py:300 +msgid "IPA servers configured as certificate authority" msgstr "" -#: ipaserver/plugins/internal.py:539 -msgid "Host group rule" +#: ipaserver/plugins/config.py:305 +msgid "Hidden IPA CA servers" msgstr "" -#: ipaserver/plugins/internal.py:540 -msgid "Host group rules" +#: ipaserver/plugins/config.py:306 +msgid "Hidden IPA servers configured as certificate authority" msgstr "" -#: ipaserver/plugins/internal.py:541 -msgid "Inclusive" +#: ipaserver/plugins/config.py:311 +msgid "IPA CA renewal master" msgstr "" -#: ipaserver/plugins/internal.py:542 -msgid "Remove auto membership rules" +#: ipaserver/plugins/config.py:312 +msgid "Renewal master for IPA certificate authority" msgstr "" -#: ipaserver/plugins/internal.py:544 -#, python-brace-format -msgid "Remove exclusive conditions from rule '${primary_key}'" +#: ipaserver/plugins/config.py:318 +msgid "IPA servers configured as key recovery agent" msgstr "" -#: ipaserver/plugins/internal.py:547 -#, python-brace-format -msgid "Remove inclusive conditions from rule '${primary_key}'" +#: ipaserver/plugins/config.py:323 +msgid "Hidden IPA KRA servers" msgstr "" -#: ipaserver/plugins/internal.py:549 -msgid "User group rule" +#: ipaserver/plugins/config.py:324 +msgid "Hidden IPA servers configured as key recovery agent" msgstr "" -#: ipaserver/plugins/internal.py:550 -msgid "User group rules" +#: ipaserver/plugins/config.py:337 +msgid "IPA servers configured as domain name server" msgstr "" -#: ipaserver/plugins/internal.py:553 -msgid "Add automount key" +#: ipaserver/plugins/config.py:342 +msgid "Hidden IPA DNS servers" msgstr "" -#: ipaserver/plugins/internal.py:554 -msgid "Remove automount keys" +#: ipaserver/plugins/config.py:343 +msgid "Hidden IPA servers configured as domain name server" msgstr "" -#: ipaserver/plugins/internal.py:557 -msgid "Add automount location" +#: ipaserver/plugins/config.py:349 +msgid "DNSec key master" msgstr "" -#: ipaserver/plugins/internal.py:558 -msgid "Automount Location Settings" +#: ipaserver/plugins/config.py:354 +msgid "Setup SID configuration" msgstr "" -#: ipaserver/plugins/internal.py:559 -msgid "Remove automount locations" +#: ipaserver/plugins/config.py:355 +msgid "New users and groups automatically get a SID assigned" msgstr "" -#: ipaserver/plugins/internal.py:562 -msgid "Add automount map" +#: ipaserver/plugins/config.py:360 +msgid "Add SIDs" msgstr "" -#: ipaserver/plugins/internal.py:563 -msgid "Map Type" +#: ipaserver/plugins/config.py:361 +msgid "Add SIDs for existing users and groups" msgstr "" -#: ipaserver/plugins/internal.py:564 -msgid "Direct" +#: ipaserver/plugins/config.py:366 ipaserver/plugins/config.py:367 +msgid "NetBIOS name of the IPA domain" msgstr "" -#: ipaserver/plugins/internal.py:565 -msgid "Indirect" +#: ipaserver/plugins/config.py:444 +msgid "Empty domain is not allowed" msgstr "" -#: ipaserver/plugins/internal.py:566 -msgid "Remove automount maps" +#: ipaserver/plugins/config.py:452 +#, python-format +msgid "Invalid domain name '%(domain)s': %(e)s" msgstr "" -#: ipaserver/plugins/internal.py:569 -msgid "Add certificate authority" +#: ipaserver/plugins/config.py:457 +#, python-format +msgid "Server has no information about domain '%(domain)s'" msgstr "" -#: ipaserver/plugins/internal.py:570 -msgid "Remove certificate authorities" +#: ipaserver/plugins/config.py:464 +#, python-format +msgid "Disabled domain '%(domain)s' is not allowed" msgstr "" -#: ipaserver/plugins/internal.py:573 -msgid "Add CA ACL" +#: ipaserver/plugins/config.py:514 +msgid "not allowed to enable SID generation" msgstr "" -#: ipaserver/plugins/internal.py:575 -#, python-brace-format -msgid "Add Certificate Authorities into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:522 +msgid "" +"Up to 15 characters and only uppercase ASCII letters, digits and dashes are " +"allowed. Empty string is not allowed." msgstr "" -#: ipaserver/plugins/internal.py:579 -#, python-brace-format -msgid "Add user groups into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:550 +msgid "Failed to call DBus" msgstr "" -#: ipaserver/plugins/internal.py:582 -#, python-brace-format -msgid "Add host groups into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:560 +msgid "Configuration of SID failed. See details in the error log" msgstr "" -#: ipaserver/plugins/internal.py:585 -#, python-brace-format -msgid "Add hosts into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:570 +msgid "The group doesn't exist" msgstr "" -#: ipaserver/plugins/internal.py:588 -#, python-brace-format -msgid "Add certificate profiles into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:588 +#, python-format +msgid "attribute \"%s\" not allowed" msgstr "" -#: ipaserver/plugins/internal.py:591 -#, python-brace-format -msgid "Add services into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:608 +msgid "May not be empty" msgstr "" -#: ipaserver/plugins/internal.py:594 -#, python-brace-format -msgid "Add users into CA ACL '${primary_key}'" +#: ipaserver/plugins/config.py:627 +#, python-format +msgid "%(obj)s default attribute %(attr)s would not be allowed!" msgstr "" -#: ipaserver/plugins/internal.py:596 -msgid "All" +#: ipaserver/plugins/config.py:659 +msgid "A list of SELinux users delimited by $ expected" msgstr "" -#: ipaserver/plugins/internal.py:597 -msgid "Any CA" +#: ipaserver/plugins/config.py:663 +#, python-format +msgid "SELinux user '%(user)s' is not valid: %(error)s" msgstr "" -#: ipaserver/plugins/internal.py:598 ipaserver/plugins/internal.py:907 -#: ipaserver/plugins/internal.py:1174 ipaserver/plugins/internal.py:1309 -#: ipaserver/plugins/internal.py:1478 -msgid "Any Host" +#: ipaserver/plugins/config.py:675 +msgid "SELinux user map default user not in order list" msgstr "" -#: ipaserver/plugins/internal.py:599 ipaserver/plugins/internal.py:908 -msgid "Any Service" +#: ipaserver/plugins/config.py:694 +#, python-format +msgid "You cannot specify %s without the --enable-sid option" msgstr "" -#: ipaserver/plugins/internal.py:600 -msgid "Any Profile" +#: ipaserver/plugins/host.py:74 +msgid "" +"\n" +"Hosts/Machines\n" +"\n" +"A host represents a machine. It can be used in a number of contexts:\n" +"- service entries are associated with a host\n" +"- a host stores the host/ service principal\n" +"- a host can be used in Host-based Access Control (HBAC) rules\n" +"- every enrolled client generates a host entry\n" msgstr "" -#: ipaserver/plugins/internal.py:601 ipaserver/plugins/internal.py:909 -#: ipaserver/plugins/internal.py:1175 ipaserver/plugins/internal.py:1310 -#: ipaserver/plugins/internal.py:1479 -msgid "Anyone" +#: ipaserver/plugins/host.py:82 +msgid "" +"\n" +"ENROLLMENT:\n" +"\n" +"There are three enrollment scenarios when enrolling a new client:\n" +"\n" +"1. You are enrolling as a full administrator. The host entry may exist\n" +" or not. A full administrator is a member of the hostadmin role\n" +" or the admins group.\n" +"2. You are enrolling as a limited administrator. The host must already\n" +" exist. A limited administrator is a member a role with the\n" +" Host Enrollment privilege.\n" +"3. The host has been created with a one-time password.\n" msgstr "" -#: ipaserver/plugins/internal.py:602 ipaserver/plugins/internal.py:911 -#: ipaserver/plugins/internal.py:1484 -msgid "Rule status" +#: ipaserver/plugins/host.py:94 +msgid "" +"\n" +"RE-ENROLLMENT:\n" +"\n" +"Host that has been enrolled at some point, and lost its configuration (e.g. " +"VM\n" +"destroyed) can be re-enrolled.\n" +"\n" +"For more information, consult the manual pages for ipa-client-install.\n" +"\n" +"A host can optionally store information such as where it is located,\n" +"the OS that it runs, etc.\n" msgstr "" -#: ipaserver/plugins/internal.py:603 -msgid "If no CAs are specified, requests to the default CA are allowed." +#: ipaserver/plugins/host.py:106 +msgid "" +"\n" +" Add a new host:\n" +" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." +"com\n" msgstr "" -#: ipaserver/plugins/internal.py:605 -msgid "Remove CA ACLs" +#: ipaserver/plugins/host.py:109 +msgid "" +"\n" +" Delete a host:\n" +" ipa host-del test.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:607 -#, python-brace-format -msgid "Remove Certificate Authorities from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:112 +msgid "" +"\n" +" Add a new host with a one-time password:\n" +" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:611 -#, python-brace-format -msgid "Remove user groups from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:115 +msgid "" +"\n" +" Add a new host with a random one-time password:\n" +" ipa host-add --os='Fedora 12' --random test.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:614 -#, python-brace-format -msgid "Remove host groups from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:118 +msgid "" +"\n" +" Modify information about a host:\n" +" ipa host-mod --os='Fedora 12' test.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:617 -#, python-brace-format -msgid "Remove hosts from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:121 +msgid "" +"\n" +" Remove SSH public keys of a host and update DNS to reflect this change:\n" +" ipa host-mod --sshpubkey= --updatedns test.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:620 -#, python-brace-format -msgid "Remove certificate profiles from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:124 +msgid "" +"\n" +" Disable the host Kerberos key, SSL certificate and all of its services:\n" +" ipa host-disable test.example.com\n" msgstr "" -#: ipaserver/plugins/internal.py:623 -#, python-brace-format -msgid "Remove services from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:127 +msgid "" +"\n" +" Add a host that can manage this host's keytab and certificate:\n" +" ipa host-add-managedby --hosts=test2 test\n" msgstr "" -#: ipaserver/plugins/internal.py:626 -#, python-brace-format -msgid "Remove users from CA ACL '${primary_key}'" +#: ipaserver/plugins/host.py:130 +msgid "" +"\n" +" Allow user to create a keytab:\n" +" ipa host-allow-create-keytab test2 --users=tuser1\n" msgstr "" -#: ipaserver/plugins/internal.py:628 -msgid "Specified CAs" +#: ipaserver/plugins/host.py:242 ipaserver/plugins/service.py:164 +msgid "Users allowed to add resource delegation" msgstr "" -#: ipaserver/plugins/internal.py:629 ipaserver/plugins/internal.py:933 -#: ipaserver/plugins/internal.py:1201 ipaserver/plugins/internal.py:1325 -#: ipaserver/plugins/internal.py:1529 -msgid "Specified Hosts and Groups" +#: ipaserver/plugins/host.py:244 ipaserver/plugins/service.py:166 +msgid "Groups allowed to add resource delegation" msgstr "" -#: ipaserver/plugins/internal.py:630 -msgid "Specified Profiles" +#: ipaserver/plugins/host.py:246 ipaserver/plugins/service.py:168 +msgid "Hosts allowed to add resource delegation" msgstr "" -#: ipaserver/plugins/internal.py:631 ipaserver/plugins/internal.py:934 -msgid "Specified Services and Groups" +#: ipaserver/plugins/host.py:248 ipaserver/plugins/service.py:170 +msgid "Host Groups allowed to add resource delegation" msgstr "" -#: ipaserver/plugins/internal.py:632 ipaserver/plugins/internal.py:935 -#: ipaserver/plugins/internal.py:1202 ipaserver/plugins/internal.py:1326 -#: ipaserver/plugins/internal.py:1530 -msgid "Specified Users and Groups" +#: ipaserver/plugins/host.py:481 ipaserver/plugins/internal.py:1177 +#: ipaserver/plugins/internal.py:1311 +msgid "Host" msgstr "" -#: ipaserver/plugins/internal.py:633 -msgid "Permitted to have certificates issued" +#: ipaserver/plugins/host.py:503 +msgid "Host physical location hint (e.g. \"Lab 2\")" msgstr "" -#: ipaserver/plugins/internal.py:636 -msgid "Remove certificate profiles" +#: ipaserver/plugins/host.py:533 +msgid "Base-64 encoded host certificate" msgstr "" -#: ipaserver/plugins/internal.py:639 -msgid "AA Compromise" +#: ipaserver/plugins/host.py:540 ipaserver/plugins/internal.py:702 +#: ipaserver/plugins/service.py:565 +msgid "Serial Number" msgstr "" -#: ipaserver/plugins/internal.py:640 -msgid "Add principal" +#: ipaserver/plugins/host.py:544 ipaserver/plugins/internal.py:703 +#: ipaserver/plugins/service.py:569 +msgid "Serial Number (hex)" msgstr "" -#: ipaserver/plugins/internal.py:641 -msgid "Affiliation Changed" +#: ipaserver/plugins/host.py:581 ipaserver/plugins/service.py:540 +#: ipaserver/plugins/baseuser.py:311 +msgid "Principal alias" msgstr "" -#: ipaserver/plugins/internal.py:643 -msgid "CA Compromise" +#: ipaserver/plugins/host.py:588 ipaserver/plugins/host.py:589 +#: ipaserver/plugins/service.py:549 ipaserver/plugins/service.py:550 +msgid "Delegation principal" msgstr "" -#: ipaserver/plugins/internal.py:645 ipaserver/plugins/internal.py:1972 -msgid "Certificates" +#: ipaserver/plugins/host.py:608 ipaserver/plugins/baseuser.py:407 +msgid "SSH public key fingerprint" msgstr "" -#: ipaserver/plugins/internal.py:646 -msgid "Certificate Hold" +#: ipaserver/plugins/host.py:624 ipaserver/plugins/service.py:607 +msgid "Authentication Indicators" msgstr "" -#: ipaserver/plugins/internal.py:647 -msgid "Cessation of Operation" +#: ipaserver/plugins/host.py:625 +msgid "" +"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" +"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " +"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " +"'hardened' to allow brute-force hardened password authentication by SPAKE or " +"FAST. Use 'idp' to allow External Identity Provider authentications. Use " +"'passkey' to allow passkey-based 2FA authentications. With no indicator " +"specified, all authentication mechanisms are allowed." msgstr "" -#: ipaserver/plugins/internal.py:648 -msgid "Common Name" +#: ipaserver/plugins/host.py:699 +#, python-format +msgid "Added host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:650 -msgid "the certificate with serial number " +#: ipaserver/plugins/host.py:723 ipaserver/plugins/stageuser.py:337 +#: ipaserver/plugins/stageuser.py:558 ipaserver/plugins/user.py:589 +#: ipaserver/plugins/baseuser.py:651 +#, python-format +msgid "can be at most %(len)d characters" msgstr "" -#: ipaserver/plugins/internal.py:651 -msgid "Expires On" +#: ipaserver/plugins/host.py:823 +#, python-format +msgid "Deleted host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:652 -msgid "Issued on from" +#: ipaserver/plugins/host.py:828 +msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS" msgstr "" -#: ipaserver/plugins/internal.py:653 -msgid "Issued on to" +#: ipaserver/plugins/host.py:900 +msgid "No A, AAAA, SSHFP or PTR records found." msgstr "" -#: ipaserver/plugins/internal.py:654 -msgid "Maximum serial number" +#: ipaserver/plugins/host.py:916 +#, python-format +msgid "Modified host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:655 -msgid "Minimum serial number" +#: ipaserver/plugins/host.py:937 +msgid "Password cannot be set on enrolled host." msgstr "" -#: ipaserver/plugins/internal.py:657 -msgid "Revoked on from" +#: ipaserver/plugins/host.py:941 +msgid "cn is immutable" msgstr "" -#: ipaserver/plugins/internal.py:658 -msgid "Revoked on to" -msgstr "" +#: ipaserver/plugins/host.py:1066 +#, python-format +msgid "%(count)d host matched" +msgid_plural "%(count)d hosts matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/internal.py:660 -msgid "Valid not after from" +#: ipaserver/plugins/host.py:1221 +#, python-format +msgid "Disabled host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:661 -msgid "Valid not after to" +#: ipaserver/plugins/host.py:1390 +#, python-format +msgid "Added certificates to host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:662 -msgid "Valid not before from" +#: ipaserver/plugins/host.py:1397 +#, python-format +msgid "Removed certificates from host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:663 -msgid "Valid not before to" +#: ipaserver/plugins/host.py:1413 +msgid "Add new principal alias to host entry" msgstr "" -#: ipaserver/plugins/internal.py:664 -msgid "Fingerprints" +#: ipaserver/plugins/host.py:1414 +#, python-format +msgid "Added new aliases to host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:665 -msgid "Get Certificate" +#: ipaserver/plugins/host.py:1425 +msgid "Remove principal alias from a host entry" msgstr "" -#: ipaserver/plugins/internal.py:666 -msgid "Certificate Hold Removed" +#: ipaserver/plugins/host.py:1426 +#, python-format +msgid "Removed aliases from host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:668 -#, python-brace-format -msgid "Issue new certificate for host '${primary_key}'" +#: ipaserver/plugins/host.py:1436 +msgid "Add new resource delegation to a host" msgstr "" -#: ipaserver/plugins/internal.py:671 -#, python-brace-format -msgid "Issue new certificate for service '${primary_key}'" +#: ipaserver/plugins/host.py:1437 +#, python-format +msgid "Added new resource delegation to the host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:674 -#, python-brace-format -msgid "Issue new certificate for user '${primary_key}'" +#: ipaserver/plugins/host.py:1450 +msgid "Remove resource delegation from a host" msgstr "" -#: ipaserver/plugins/internal.py:676 -msgid "Issue new certificate" +#: ipaserver/plugins/host.py:1451 +#, python-format +msgid "Removed resource delegation from the host \"%(value)s\"" msgstr "" -#: ipaserver/plugins/internal.py:677 -msgid "Issued By" +#: ipaserver/plugins/host.py:1457 +msgid "" +"Allow users, groups, hosts or host groups to handle a resource delegation of " +"this host." msgstr "" -#: ipaserver/plugins/internal.py:678 -msgid "Issued On" +#: ipaserver/plugins/host.py:1477 +msgid "" +"Disallow users, groups, hosts or host groups to handle a resource delegation " +"of this host." msgstr "" -#: ipaserver/plugins/internal.py:679 -msgid "Issued To" +#: ipaserver/plugins/internal.py:151 +msgid "Internationalization messages" msgstr "" -#: ipaserver/plugins/internal.py:680 -msgid "Key Compromise" +#: ipaserver/plugins/internal.py:157 +msgid "Your session has expired. Please log in again." msgstr "" -#: ipaserver/plugins/internal.py:681 -msgid "No Valid Certificate" +#: ipaserver/plugins/internal.py:161 ipaserver/plugins/internal.py:211 +msgid "Apply" msgstr "" -#: ipaserver/plugins/internal.py:682 -msgid "New Certificate" +#: ipaserver/plugins/internal.py:162 +msgid "Rebuild auto membership" msgstr "" -#: ipaserver/plugins/internal.py:683 -msgid "Certificate in base64 or PEM format" +#: ipaserver/plugins/internal.py:164 +msgid "" +"Are you sure you want to rebuild auto membership? In case of a high number " +"of users, hosts or groups, the operation may require high CPU usage." msgstr "" -#: ipaserver/plugins/internal.py:684 -msgid "Note" +#: ipaserver/plugins/internal.py:169 +msgid "Are you sure you want to proceed with the action?" msgstr "" -#: ipaserver/plugins/internal.py:686 -msgid "Organizational Unit" +#: ipaserver/plugins/internal.py:170 +#, python-brace-format +msgid "Are you sure you want to delete ${object}?" msgstr "" -#: ipaserver/plugins/internal.py:687 +#: ipaserver/plugins/internal.py:171 #, python-brace-format -msgid "${count} certificate(s) present" +msgid "Are you sure you want to disable ${object}?" msgstr "" -#: ipaserver/plugins/internal.py:688 -msgid "Privilege Withdrawn" +#: ipaserver/plugins/internal.py:172 +#, python-brace-format +msgid "Are you sure you want to enable ${object}?" msgstr "" -#: ipaserver/plugins/internal.py:689 -msgid "Reason for Revocation" +#: ipaserver/plugins/internal.py:173 +msgid "Actions" msgstr "" -#: ipaserver/plugins/internal.py:691 -msgid "Remove certificate hold" +#: ipaserver/plugins/internal.py:176 ipaserver/plugins/internal.py:206 +#: ipaserver/plugins/internal.py:268 +msgid "Add" msgstr "" -#: ipaserver/plugins/internal.py:692 -msgid "Do you want to remove the certificate hold?" +#: ipaserver/plugins/internal.py:177 +#, python-brace-format +msgid "${count} item(s) added" msgstr "" -#: ipaserver/plugins/internal.py:693 -msgid "Remove from CRL" +#: ipaserver/plugins/internal.py:178 +msgid "Direct Membership" msgstr "" -#: ipaserver/plugins/internal.py:694 +#: ipaserver/plugins/internal.py:179 #, python-brace-format -msgid "" -"
  1. Create a certificate database or use an existing one. To create a " -"new database:
    # certutil -N -d <database path>
    2. " -"
  2. Create a CSR with subject CN=<${cn_name}>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g " -"<key size> -s 'CN=${cn},O=${realm}'${san}
  3. Copy and " -"paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to " -"-----END NEW CERTIFICATE REQUEST-----) into the text area below:
" +msgid "Filter available ${other_entity}" msgstr "" -#: ipaserver/plugins/internal.py:695 -#, python-brace-format -msgid " -8 '${cn}'" +#: ipaserver/plugins/internal.py:180 +msgid "Indirect Membership" msgstr "" -#: ipaserver/plugins/internal.py:696 -msgid "Certificate requested" +#: ipaserver/plugins/internal.py:181 +msgid "No entries." msgstr "" -#: ipaserver/plugins/internal.py:698 -msgid "Revoke certificate" +#: ipaserver/plugins/internal.py:182 +#, python-brace-format +msgid "Showing ${start} to ${end} of ${total} entries." msgstr "" -#: ipaserver/plugins/internal.py:699 -msgid "" -"Do you want to revoke this certificate? Select a reason from the pull-down " -"list." +#: ipaserver/plugins/internal.py:183 ipaserver/plugins/internal.py:283 +msgid "Remove" msgstr "" -#: ipaserver/plugins/internal.py:700 -msgid "Certificate Revoked" +#: ipaserver/plugins/internal.py:184 +#, python-brace-format +msgid "${count} item(s) removed" msgstr "" -#: ipaserver/plugins/internal.py:701 -msgid "REVOKED" +#: ipaserver/plugins/internal.py:185 +msgid "Show Results" msgstr "" -#: ipaserver/plugins/internal.py:704 -msgid "SHA1 Fingerprint" +#: ipaserver/plugins/internal.py:188 +msgid "Authentication indicators" msgstr "" -#: ipaserver/plugins/internal.py:705 -msgid "SHA256 Fingerprint" +#: ipaserver/plugins/internal.py:189 +msgid "Authentication indicator" msgstr "" -#: ipaserver/plugins/internal.py:707 -msgid "Superseded" +#: ipaserver/plugins/internal.py:190 +msgid "" +"

Implicit method (password) will be used if no method is chosen.

Password + Two-factor: LDAP and Kerberos allow " +"authentication with either one of the authentication types but Kerberos uses " +"pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " +"but LDAP never does. LDAP only recognize the password and two-factor " +"authentication options.

" msgstr "" -#: ipaserver/plugins/internal.py:708 -msgid "Unspecified" +#: ipaserver/plugins/internal.py:191 +msgid "Add Custom Authentication Indicator" msgstr "" -#: ipaserver/plugins/internal.py:709 -msgid "Valid Certificate Present" +#: ipaserver/plugins/internal.py:193 +msgid "Two factor authentication (password + OTP)" msgstr "" -#: ipaserver/plugins/internal.py:710 -msgid "Valid from" +#: ipaserver/plugins/internal.py:195 +msgid "RADIUS" msgstr "" -#: ipaserver/plugins/internal.py:711 -msgid "Valid to" +#: ipaserver/plugins/internal.py:197 +msgid "Hardened Password (by SPAKE or FAST)" msgstr "" -#: ipaserver/plugins/internal.py:712 -msgid "Validity" +#: ipaserver/plugins/internal.py:198 +msgid "External Identity Provider" msgstr "" -#: ipaserver/plugins/internal.py:713 -#, python-brace-format -msgid "Certificate for ${entity} ${primary_key}" +#: ipaserver/plugins/internal.py:199 ipaserver/plugins/internal.py:1229 +msgid "Passkey" msgstr "" -#: ipaserver/plugins/internal.py:714 -msgid "View Certificate" +#: ipaserver/plugins/internal.py:200 +msgid "Disable per-user override" msgstr "" -#: ipaserver/plugins/internal.py:717 -msgid "Certificate Data" +#: ipaserver/plugins/internal.py:201 +msgid "" +"

Per-user setting, overwrites the global setting if any option is checked." +"

Password + Two-factor: LDAP and Kerberos allow " +"authentication with either one of the authentication types but Kerberos uses " +"pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " +"but LDAP never does. LDAP only recognize the password and two-factor " +"authentication options.

" msgstr "" -#: ipaserver/plugins/internal.py:718 -msgid "Certificate For Match" +#: ipaserver/plugins/internal.py:204 ipaserver/plugins/internal.py:278 +#: ipaserver/plugins/internal.py:1756 +msgid "About" msgstr "" -#: ipaserver/plugins/internal.py:719 -msgid "Certificate Mapping Match" +#: ipaserver/plugins/internal.py:205 +msgid "Activate" msgstr "" -#: ipaserver/plugins/internal.py:721 -msgid "Matched Users" +#: ipaserver/plugins/internal.py:207 +msgid "Add and Add Another" msgstr "" -#: ipaserver/plugins/internal.py:722 -msgid "User Login" +#: ipaserver/plugins/internal.py:208 +msgid "Add and Close" msgstr "" -#: ipaserver/plugins/internal.py:725 -msgid "Add certificate identity mapping rule" +#: ipaserver/plugins/internal.py:209 +msgid "Add and Edit" msgstr "" -#: ipaserver/plugins/internal.py:726 -msgid "Add certificate mapping data" +#: ipaserver/plugins/internal.py:210 +msgid "Add Many" msgstr "" -#: ipaserver/plugins/internal.py:729 -msgid "Configuration string" +#: ipaserver/plugins/internal.py:212 +msgid "Back" msgstr "" -#: ipaserver/plugins/internal.py:730 -#, python-brace-format -msgid "Do you want to remove certificate mapping data ${data}?" +#: ipaserver/plugins/internal.py:213 +msgid "Cancel" msgstr "" -#: ipaserver/plugins/internal.py:731 -msgid "Remove certificate mapping data" +#: ipaserver/plugins/internal.py:214 +msgid "Clear" msgstr "" -#: ipaserver/plugins/internal.py:733 -msgid "Issuer and subject" +#: ipaserver/plugins/internal.py:215 +msgid "Clear all fields on the page." msgstr "" -#: ipaserver/plugins/internal.py:734 -msgid "Remove certificate identity mapping rules" +#: ipaserver/plugins/internal.py:216 +msgid "Close" msgstr "" -#: ipaserver/plugins/internal.py:736 ipaserver/plugins/schema.py:147 -msgid "Version" +#: ipaserver/plugins/internal.py:217 ipaserver/plugins/internal.py:1960 +msgid "Disable" msgstr "" -#: ipaserver/plugins/internal.py:739 -msgid "Group Options" +#: ipaserver/plugins/internal.py:218 ipaserver/plugins/internal.py:649 +msgid "Download" msgstr "" -#: ipaserver/plugins/internal.py:740 -msgid "Search Options" +#: ipaserver/plugins/internal.py:219 +msgid "Download certificate as PEM formatted file." msgstr "" -#: ipaserver/plugins/internal.py:741 -msgid "SELinux Options" +#: ipaserver/plugins/internal.py:220 +msgid "Edit" msgstr "" -#: ipaserver/plugins/internal.py:742 -msgid "Server Options" +#: ipaserver/plugins/internal.py:221 ipaserver/plugins/internal.py:1962 +msgid "Enable" msgstr "" -#: ipaserver/plugins/internal.py:743 -msgid "Service Options" +#: ipaserver/plugins/internal.py:223 +msgid "Find" msgstr "" -#: ipaserver/plugins/internal.py:744 -msgid "User Options" +#: ipaserver/plugins/internal.py:224 +msgid "Get" +msgstr "" + +#: ipaserver/plugins/internal.py:225 +msgid "Hide" msgstr "" -#: ipaserver/plugins/internal.py:749 -msgid "Forward first" +#: ipaserver/plugins/internal.py:226 +msgid "Issue" msgstr "" -#: ipaserver/plugins/internal.py:750 -msgid "Forwarding disabled" +#: ipaserver/plugins/internal.py:227 +msgid "Match" msgstr "" -#: ipaserver/plugins/internal.py:751 -msgid "Forward only" +#: ipaserver/plugins/internal.py:228 +msgid "Match users according to certificate." msgstr "" -#: ipaserver/plugins/internal.py:752 ipaserver/plugins/internal.py:1237 -#: ipaserver/plugins/internal.py:1487 ipaserver/plugins/internal.py:1593 -msgid "Options" +#: ipaserver/plugins/internal.py:229 +msgid "Migrate" msgstr "" -#: ipaserver/plugins/internal.py:753 -msgid "Update System DNS Records" +#: ipaserver/plugins/internal.py:230 +msgid "OK" msgstr "" -#: ipaserver/plugins/internal.py:754 -msgid "Do you want to update system DNS records?" +#: ipaserver/plugins/internal.py:231 +msgid "Refresh" msgstr "" -#: ipaserver/plugins/internal.py:755 -msgid "System DNS records updated" +#: ipaserver/plugins/internal.py:232 +msgid "Reload current settings from the server." msgstr "" -#: ipaserver/plugins/internal.py:758 -msgid "Add DNS forward zone" +#: ipaserver/plugins/internal.py:233 +msgid "Delete" msgstr "" -#: ipaserver/plugins/internal.py:759 -msgid "Remove DNS forward zones" +#: ipaserver/plugins/internal.py:234 ipaserver/plugins/internal.py:690 +msgid "Remove hold" msgstr "" -#: ipaserver/plugins/internal.py:762 -msgid "Add DNS resource record" +#: ipaserver/plugins/internal.py:235 +msgid "Reset" msgstr "" -#: ipaserver/plugins/internal.py:764 -msgid "DNS record was deleted because it contained no data." +#: ipaserver/plugins/internal.py:236 ipaserver/plugins/internal.py:1749 +msgid "Reset Password" msgstr "" -#: ipaserver/plugins/internal.py:765 -msgid "Other Record Types" +#: ipaserver/plugins/internal.py:237 +msgid "Reset Password and Log in" msgstr "" -#: ipaserver/plugins/internal.py:766 -msgid "Address not valid, can't redirect" +#: ipaserver/plugins/internal.py:238 +msgid "Restore" msgstr "" -#: ipaserver/plugins/internal.py:767 -msgid "Create dns record" +#: ipaserver/plugins/internal.py:239 +msgid "Retry" msgstr "" -#: ipaserver/plugins/internal.py:768 -msgid "Creating record." +#: ipaserver/plugins/internal.py:240 +msgid "Revert" msgstr "" -#: ipaserver/plugins/internal.py:769 -msgid "Record creation failed." +#: ipaserver/plugins/internal.py:242 +msgid "Revoke" msgstr "" -#: ipaserver/plugins/internal.py:770 -msgid "Checking if record exists." +#: ipaserver/plugins/internal.py:243 +msgid "Save" msgstr "" -#: ipaserver/plugins/internal.py:771 -msgid "Record not found." +#: ipaserver/plugins/internal.py:244 +msgid "Set" msgstr "" -#: ipaserver/plugins/internal.py:772 -msgid "Redirection to PTR record" +#: ipaserver/plugins/internal.py:245 +msgid "Show" msgstr "" -#: ipaserver/plugins/internal.py:773 -#, python-brace-format -msgid "Zone found: ${zone}" +#: ipaserver/plugins/internal.py:246 +msgid "Stage" msgstr "" -#: ipaserver/plugins/internal.py:774 -msgid "Target reverse zone not found." +#: ipaserver/plugins/internal.py:248 +msgid "Update" msgstr "" -#: ipaserver/plugins/internal.py:775 -msgid "Fetching DNS zones." +#: ipaserver/plugins/internal.py:249 +msgid "View" msgstr "" -#: ipaserver/plugins/internal.py:776 -msgid "An error occurred while fetching dns zones." +#: ipaserver/plugins/internal.py:252 ipaserver/plugins/internal.py:1757 +msgid "Customization" msgstr "" -#: ipaserver/plugins/internal.py:777 -msgid "You will be redirected to DNS Zone." +#: ipaserver/plugins/internal.py:253 +msgid "Pagination Size" msgstr "" -#: ipaserver/plugins/internal.py:778 -msgid "Remove DNS resource records" +#: ipaserver/plugins/internal.py:256 +msgid "Collapse All" msgstr "" -#: ipaserver/plugins/internal.py:779 -msgid "Standard Record Types" +#: ipaserver/plugins/internal.py:257 +msgid "Expand All" msgstr "" -#: ipaserver/plugins/internal.py:780 -msgid "Records for DNS Zone" +#: ipaserver/plugins/internal.py:258 +msgid "General" msgstr "" -#: ipaserver/plugins/internal.py:781 -msgid "Record Type" +#: ipaserver/plugins/internal.py:259 +msgid "Identity Settings" msgstr "" -#: ipaserver/plugins/internal.py:784 -msgid "Add DNS zone" +#: ipaserver/plugins/internal.py:260 +msgid "Record Settings" msgstr "" -#: ipaserver/plugins/internal.py:786 +#: ipaserver/plugins/internal.py:261 #, python-brace-format -msgid "Are you sure you want to add permission for DNS Zone ${object}?" +msgid "${entity} ${primary_key} Settings" msgstr "" -#: ipaserver/plugins/internal.py:787 -msgid "DNS Zone Settings" +#: ipaserver/plugins/internal.py:262 +msgid "Back to Top" msgstr "" -#: ipaserver/plugins/internal.py:788 -msgid "Remove DNS zones" +#: ipaserver/plugins/internal.py:263 +#, python-brace-format +msgid "${entity} ${primary_key} updated" msgstr "" -#: ipaserver/plugins/internal.py:789 -msgid "Remove Permission" +#: ipaserver/plugins/internal.py:266 +#, python-brace-format +msgid "${entity} successfully added" msgstr "" -#: ipaserver/plugins/internal.py:790 -#, python-brace-format -msgid "Are you sure you want to remove permission for DNS Zone ${object}?" +#: ipaserver/plugins/internal.py:267 +msgid "Add custom value" msgstr "" -#: ipaserver/plugins/internal.py:791 -msgid "Skip DNS check" +#: ipaserver/plugins/internal.py:269 +msgid "Available" msgstr "" -#: ipaserver/plugins/internal.py:792 -msgid "Skip overlap check" +#: ipaserver/plugins/internal.py:270 +msgid "Some operations failed." msgstr "" -#: ipaserver/plugins/internal.py:793 -msgid "Do you want to check if new authoritative nameserver address is in DNS" +#: ipaserver/plugins/internal.py:271 +msgid "Operations Error" msgstr "" -#: ipaserver/plugins/internal.py:794 -msgid "Authoritative nameserver change" +#: ipaserver/plugins/internal.py:272 +msgid "Confirmation" msgstr "" -#: ipaserver/plugins/internal.py:799 -msgid "Level" +#: ipaserver/plugins/internal.py:273 +msgid "Custom value" msgstr "" -#: ipaserver/plugins/internal.py:800 -msgid "Set Domain Level" +#: ipaserver/plugins/internal.py:274 +msgid "This page has unsaved changes. Please save or revert." msgstr "" -#: ipaserver/plugins/internal.py:803 -msgid "Add user group" +#: ipaserver/plugins/internal.py:275 +msgid "Unsaved Changes" msgstr "" -#: ipaserver/plugins/internal.py:805 +#: ipaserver/plugins/internal.py:276 #, python-brace-format -msgid "Add user groups into user group '${primary_key}'" +msgid "Edit ${entity}" msgstr "" -#: ipaserver/plugins/internal.py:808 -#, python-brace-format -msgid "Add user group '${primary_key}' into user groups" +#: ipaserver/plugins/internal.py:277 +msgid "Hide details" msgstr "" -#: ipaserver/plugins/internal.py:811 +#: ipaserver/plugins/internal.py:279 #, python-brace-format -msgid "Add user group '${primary_key}' into HBAC rules" +msgid "${product}, version: ${version}" msgstr "" -#: ipaserver/plugins/internal.py:814 -#, python-brace-format -msgid "Add user group '${primary_key}' into netgroups" +#: ipaserver/plugins/internal.py:280 +msgid "Prospective" msgstr "" -#: ipaserver/plugins/internal.py:817 -#, python-brace-format -msgid "Add user group '${primary_key}' into roles" +#: ipaserver/plugins/internal.py:281 +msgid "Redirection" msgstr "" -#: ipaserver/plugins/internal.py:820 -#, python-brace-format -msgid "Add user group '${primary_key}' into sudo rules" +#: ipaserver/plugins/internal.py:282 +msgid "Select entries to be removed." msgstr "" -#: ipaserver/plugins/internal.py:823 -#, python-brace-format -msgid "Add services into user group '${primary_key}'" +#: ipaserver/plugins/internal.py:284 +msgid "Result" msgstr "" -#: ipaserver/plugins/internal.py:826 -#, python-brace-format -msgid "Add users into user group '${primary_key}'" +#: ipaserver/plugins/internal.py:285 +msgid "Show details" msgstr "" -#: ipaserver/plugins/internal.py:829 -#, python-brace-format -msgid "Add groups as member managers for user group '${primary_key}'" +#: ipaserver/plugins/internal.py:286 +msgid "Success" msgstr "" -#: ipaserver/plugins/internal.py:833 -#, python-brace-format -msgid "Remove groups from member managers for user group '${primary_key}'" +#: ipaserver/plugins/internal.py:287 +msgid "Validation error" msgstr "" -#: ipaserver/plugins/internal.py:837 -#, python-brace-format -msgid "Add users as member managers for user group '${primary_key}'" +#: ipaserver/plugins/internal.py:288 +msgid "Input form contains invalid or missing values." msgstr "" -#: ipaserver/plugins/internal.py:841 -#, python-brace-format -msgid "Remove users from member managers for user group '${primary_key}'" +#: ipaserver/plugins/internal.py:291 +msgid "Please try the following options:" msgstr "" -#: ipaserver/plugins/internal.py:845 -#, python-brace-format -msgid "Add user ID override into user group '${primary_key}'" +#: ipaserver/plugins/internal.py:292 +msgid "If the problem persists please contact the system administrator." msgstr "" -#: ipaserver/plugins/internal.py:847 -msgid "Group Settings" +#: ipaserver/plugins/internal.py:293 +msgid "Refresh the page." msgstr "" -#: ipaserver/plugins/internal.py:848 ipaserver/plugins/internal.py:1176 -#: ipaserver/plugins/internal.py:1482 -msgid "External" +#: ipaserver/plugins/internal.py:294 +msgid "Reload the browser." msgstr "" -#: ipaserver/plugins/internal.py:849 ipaserver/plugins/internal.py:1415 -msgid "Groups" +#: ipaserver/plugins/internal.py:295 +msgid "Return to the main page and retry the operation" msgstr "" -#: ipaserver/plugins/internal.py:850 -msgid "Group categories" +#: ipaserver/plugins/internal.py:296 +#, python-brace-format +msgid "An error has occurred (${error})" msgstr "" -#: ipaserver/plugins/internal.py:851 -msgid "Change to external group" +#: ipaserver/plugins/internal.py:300 +msgid "HTTP Error" msgstr "" -#: ipaserver/plugins/internal.py:852 -msgid "Change to POSIX group" +#: ipaserver/plugins/internal.py:301 +msgid "Internal Error" msgstr "" -#: ipaserver/plugins/internal.py:853 -msgid "Non-POSIX" +#: ipaserver/plugins/internal.py:302 +msgid "IPA Error" msgstr "" -#: ipaserver/plugins/internal.py:854 -msgid "POSIX" +#: ipaserver/plugins/internal.py:303 +msgid "No response" msgstr "" -#: ipaserver/plugins/internal.py:855 -msgid "Remove user groups" +#: ipaserver/plugins/internal.py:304 +msgid "Unknown Error" msgstr "" -#: ipaserver/plugins/internal.py:857 -#, python-brace-format -msgid "Remove user group '${primary_key}' from user groups" +#: ipaserver/plugins/internal.py:305 +msgid "URL" msgstr "" -#: ipaserver/plugins/internal.py:860 +#: ipaserver/plugins/internal.py:308 #, python-brace-format -msgid "Remove user group '${primary_key}' from netgroups" +msgid "${primary_key} is managed by:" msgstr "" -#: ipaserver/plugins/internal.py:863 +#: ipaserver/plugins/internal.py:309 #, python-brace-format -msgid "Remove user group '${primary_key}' from roles" +msgid "${primary_key} members:" msgstr "" -#: ipaserver/plugins/internal.py:866 +#: ipaserver/plugins/internal.py:310 #, python-brace-format -msgid "Remove user group '${primary_key}' from HBAC rules" +msgid "${primary_key} is a member of:" msgstr "" -#: ipaserver/plugins/internal.py:869 +#: ipaserver/plugins/internal.py:311 #, python-brace-format -msgid "Remove user group '${primary_key}' from sudo rules" +msgid "${primary_key} member managers:" msgstr "" -#: ipaserver/plugins/internal.py:872 -#, python-brace-format -msgid "Remove user groups from user group '${primary_key}'" +#: ipaserver/plugins/internal.py:314 +msgid "Settings" msgstr "" -#: ipaserver/plugins/internal.py:875 -#, python-brace-format -msgid "Remove services from user group '${primary_key}'" +#: ipaserver/plugins/internal.py:315 ipaserver/plugins/internal.py:1770 +msgid "Search" msgstr "" -#: ipaserver/plugins/internal.py:878 -#, python-brace-format -msgid "Remove users from user group '${primary_key}'" +#: ipaserver/plugins/internal.py:317 +msgid "False" msgstr "" -#: ipaserver/plugins/internal.py:881 +#: ipaserver/plugins/internal.py:320 #, python-brace-format -msgid "Remove user ID overrides from user group '${primary_key}'" -msgstr "" - -#: ipaserver/plugins/internal.py:883 -msgid "Group Type" +msgid "Allow user groups to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:887 -msgid "Add HBAC rule" +#: ipaserver/plugins/internal.py:323 +#, python-brace-format +msgid "Allow user groups to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:889 +#: ipaserver/plugins/internal.py:326 #, python-brace-format -msgid "Add user groups into HBAC rule '${primary_key}'" +msgid "Allow host groups to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:892 +#: ipaserver/plugins/internal.py:329 #, python-brace-format -msgid "Add host groups into HBAC rule '${primary_key}'" +msgid "Allow host groups to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:895 +#: ipaserver/plugins/internal.py:332 #, python-brace-format -msgid "Add hosts into HBAC rule '${primary_key}'" +msgid "Allow hosts to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:898 +#: ipaserver/plugins/internal.py:335 #, python-brace-format -msgid "Add HBAC service groups into HBAC rule '${primary_key}'" +msgid "Allow hosts to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:902 +#: ipaserver/plugins/internal.py:338 #, python-brace-format -msgid "Add HBAC services into HBAC rule '${primary_key}'" +msgid "Allow users to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:905 +#: ipaserver/plugins/internal.py:341 #, python-brace-format -msgid "Add users into HBAC rule '${primary_key}'" +msgid "Allow users to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:910 -msgid "Accessing" +#: ipaserver/plugins/internal.py:343 +msgid "Allowed to create keytab" msgstr "" -#: ipaserver/plugins/internal.py:912 -msgid "Remove HBAC rules" +#: ipaserver/plugins/internal.py:344 +msgid "Allowed to retrieve keytab" msgstr "" -#: ipaserver/plugins/internal.py:914 +#: ipaserver/plugins/internal.py:346 #, python-brace-format -msgid "Remove user groups from HBAC rule '${primary_key}'" +msgid "Disallow user groups to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:917 +#: ipaserver/plugins/internal.py:349 #, python-brace-format -msgid "Remove host groups from HBAC rule '${primary_key}'" +msgid "Disallow user groups to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:920 +#: ipaserver/plugins/internal.py:352 #, python-brace-format -msgid "Remove hosts from HBAC rule '${primary_key}'" +msgid "Disallow host groups to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:923 +#: ipaserver/plugins/internal.py:355 #, python-brace-format -msgid "Remove HBAC service groups from HBAC rule '${primary_key}'" +msgid "Disallow host groups to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:927 +#: ipaserver/plugins/internal.py:358 #, python-brace-format -msgid "Remove HBAC services from HBAC rule '${primary_key}'" +msgid "Disallow hosts to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:930 +#: ipaserver/plugins/internal.py:361 #, python-brace-format -msgid "Remove users from HBAC rule '${primary_key}'" +msgid "Disallow hosts to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:932 -msgid "Via Service" +#: ipaserver/plugins/internal.py:364 +#, python-brace-format +msgid "Disallow users to create keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:936 ipaserver/plugins/internal.py:1531 -msgid "Who" +#: ipaserver/plugins/internal.py:367 +#, python-brace-format +msgid "Disallow users to retrieve keytab of '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:939 -msgid "Add HBAC service" +#: ipaserver/plugins/internal.py:371 +msgid "Add Kerberos Principal Alias" msgstr "" -#: ipaserver/plugins/internal.py:941 -#, python-brace-format -msgid "Add HBAC service '${primary_key}' into HBAC service groups" +#: ipaserver/plugins/internal.py:372 +msgid "New kerberos principal alias" msgstr "" -#: ipaserver/plugins/internal.py:944 -msgid "Remove HBAC services" +#: ipaserver/plugins/internal.py:373 +msgid "Remove Kerberos Alias" msgstr "" -#: ipaserver/plugins/internal.py:946 +#: ipaserver/plugins/internal.py:374 #, python-brace-format -msgid "Remove HBAC service '${primary_key}' from HBAC service groups" +msgid "Do you want to remove kerberos alias ${alias}?" msgstr "" -#: ipaserver/plugins/internal.py:951 -msgid "Add HBAC service group" +#: ipaserver/plugins/internal.py:377 +msgid "Inherited from server configuration" msgstr "" -#: ipaserver/plugins/internal.py:953 -#, python-brace-format -msgid "Add HBAC services into HBAC service group '${primary_key}'" +#: ipaserver/plugins/internal.py:378 +msgid "MS-PAC" msgstr "" -#: ipaserver/plugins/internal.py:956 -msgid "Remove HBAC service groups" +#: ipaserver/plugins/internal.py:379 +msgid "Override inherited settings" msgstr "" -#: ipaserver/plugins/internal.py:958 -#, python-brace-format -msgid "Remove HBAC services from HBAC service group '${primary_key}'" +#: ipaserver/plugins/internal.py:380 +msgid "PAD" msgstr "" -#: ipaserver/plugins/internal.py:964 -msgid "Access Denied" +#: ipaserver/plugins/internal.py:383 +msgid "Authenticating" msgstr "" -#: ipaserver/plugins/internal.py:965 -msgid "Access Granted" +#: ipaserver/plugins/internal.py:385 +msgid "Authentication with personal certificate failed" msgstr "" -#: ipaserver/plugins/internal.py:966 -msgid "Include Disabled" +#: ipaserver/plugins/internal.py:387 +msgid "" +" To log in with certificate, please make sure you have valid personal certificate. " msgstr "" -#: ipaserver/plugins/internal.py:967 -msgid "Include Enabled" +#: ipaserver/plugins/internal.py:391 +msgid "Continue to next page" msgstr "" -#: ipaserver/plugins/internal.py:968 -msgid "HBAC Test" +#: ipaserver/plugins/internal.py:393 +msgid "" +" To log in with username and " +"password, enter them in the corresponding fields, then click 'Log " +"in'." msgstr "" -#: ipaserver/plugins/internal.py:969 -msgid "Matched" +#: ipaserver/plugins/internal.py:396 +msgid "Login failed due to an unknown reason" msgstr "" -#: ipaserver/plugins/internal.py:970 -msgid "Missing values: " +#: ipaserver/plugins/internal.py:397 +msgid "Logged In As" msgstr "" -#: ipaserver/plugins/internal.py:971 -msgid "New Test" +#: ipaserver/plugins/internal.py:398 +msgid "Authentication with Kerberos failed" msgstr "" -#: ipaserver/plugins/internal.py:972 -msgid "Rules" +#: ipaserver/plugins/internal.py:400 +#, python-brace-format +msgid "" +" To log in with Kerberos, please make sure you have valid tickets (obtainable via kinit) and " +"configured the " +"browser correctly, then click 'Log in'." msgstr "" -#: ipaserver/plugins/internal.py:973 -msgid "Run Test" +#: ipaserver/plugins/internal.py:405 +msgid "Loading" msgstr "" -#: ipaserver/plugins/internal.py:974 -#, python-brace-format -msgid "Specify external ${entity}" +#: ipaserver/plugins/internal.py:407 +msgid "Kerberos Principal you entered is expired" msgstr "" -#: ipaserver/plugins/internal.py:975 -msgid "Unmatched" +#: ipaserver/plugins/internal.py:408 +msgid "Loading data" msgstr "" -#: ipaserver/plugins/internal.py:978 -msgid "Add host" +#: ipaserver/plugins/internal.py:409 +msgid "Log in" msgstr "" -#: ipaserver/plugins/internal.py:980 -#, python-brace-format -msgid "Add hosts managing host '${primary_key}'" +#: ipaserver/plugins/internal.py:410 +msgid "Log In Using Certificate" msgstr "" -#: ipaserver/plugins/internal.py:983 -#, python-brace-format -msgid "Add host '${primary_key}' into host groups" +#: ipaserver/plugins/internal.py:411 +msgid "Log in using personal certificate" msgstr "" -#: ipaserver/plugins/internal.py:986 -#, python-brace-format -msgid "Add host '${primary_key}' into HBAC rules" +#: ipaserver/plugins/internal.py:412 ipaserver/plugins/internal.py:1758 +msgid "Log out" msgstr "" -#: ipaserver/plugins/internal.py:989 -#, python-brace-format -msgid "Add host '${primary_key}' into netgroups" +#: ipaserver/plugins/internal.py:413 +msgid "Log out error" msgstr "" -#: ipaserver/plugins/internal.py:992 +#: ipaserver/plugins/internal.py:415 ipaserver/plugins/internal.py:1743 +msgid "Password or Password+One-Time Password" +msgstr "" + +#: ipaserver/plugins/internal.py:416 #, python-brace-format -msgid "Add host '${primary_key}' into roles" +msgid "You will be redirected in ${count}s" msgstr "" -#: ipaserver/plugins/internal.py:995 -#, python-brace-format -msgid "Add host '${primary_key}' into sudo rules" +#: ipaserver/plugins/internal.py:417 +msgid "Sync OTP Token" msgstr "" -#: ipaserver/plugins/internal.py:997 -msgid "Host Certificate" +#: ipaserver/plugins/internal.py:418 +msgid "Synchronizing" msgstr "" -#: ipaserver/plugins/internal.py:998 ipaserver/plugins/internal.py:1350 -msgid "Host Name" +#: ipaserver/plugins/internal.py:420 +msgid "The user account you entered is locked" msgstr "" -#: ipaserver/plugins/internal.py:999 ipaserver/plugins/internal.py:1348 -msgid "Delete Key, Unprovision" +#: ipaserver/plugins/internal.py:423 +msgid "number of passwords" msgstr "" -#: ipaserver/plugins/internal.py:1000 -msgid "Host Settings" +#: ipaserver/plugins/internal.py:424 +msgid "seconds" msgstr "" -#: ipaserver/plugins/internal.py:1001 -msgid "Enrolled" +#: ipaserver/plugins/internal.py:427 +msgid "Migrating" msgstr "" -#: ipaserver/plugins/internal.py:1002 -msgid "Enrollment" +#: ipaserver/plugins/internal.py:429 +msgid "There was a problem with your request. Please, try again later." msgstr "" -#: ipaserver/plugins/internal.py:1003 -msgid "Fully Qualified Host Name" +#: ipaserver/plugins/internal.py:432 +msgid "Password migration was not successful" msgstr "" -#: ipaserver/plugins/internal.py:1004 -msgid "Generate OTP" +#: ipaserver/plugins/internal.py:434 +msgid "" +"

Password Migration

If you have been sent here by your " +"administrator, your personal information is being migrated to a new identity " +"management solution (IPA).

Please, enter your credentials in the form " +"to complete the process. Upon successful login your kerberos account will be " +"activated.

" msgstr "" -#: ipaserver/plugins/internal.py:1005 -msgid "Generated OTP" +#: ipaserver/plugins/internal.py:441 ipaserver/plugins/internal.py:1725 +msgid "The password or username you entered is incorrect" msgstr "" -#: ipaserver/plugins/internal.py:1006 -msgid "Kerberos Key" +#: ipaserver/plugins/internal.py:442 +msgid "Password migration was successful" msgstr "" -#: ipaserver/plugins/internal.py:1007 ipaserver/plugins/internal.py:1351 -msgid "Kerberos Key Not Present" +#: ipaserver/plugins/internal.py:446 ipaserver/plugins/internal.py:531 +#: ipaserver/plugins/internal.py:1241 +msgid "Attribute" msgstr "" -#: ipaserver/plugins/internal.py:1008 -msgid "Kerberos Key Present, Host Provisioned" +#: ipaserver/plugins/internal.py:449 +msgid "Add delegation" msgstr "" -#: ipaserver/plugins/internal.py:1009 ipaserver/plugins/internal.py:1738 -msgid "One-Time Password" +#: ipaserver/plugins/internal.py:450 +msgid "Remove delegations" msgstr "" -#: ipaserver/plugins/internal.py:1010 -msgid "One-Time Password Not Present" +#: ipaserver/plugins/internal.py:453 ipaserver/plugins/internal.py:785 +msgid "Add permission" msgstr "" -#: ipaserver/plugins/internal.py:1011 -msgid "One-Time Password Present" +#: ipaserver/plugins/internal.py:455 +#, python-brace-format +msgid "Add privileges into permission '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1012 -msgid "Reset OTP" +#: ipaserver/plugins/internal.py:457 +msgid "Remove permissions" msgstr "" -#: ipaserver/plugins/internal.py:1013 -msgid "Reset One-Time Password" +#: ipaserver/plugins/internal.py:459 +#, python-brace-format +msgid "Remove privileges from permission '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1014 -msgid "Set OTP" +#: ipaserver/plugins/internal.py:463 +msgid "Add privilege" msgstr "" -#: ipaserver/plugins/internal.py:1015 -msgid "OTP set" +#: ipaserver/plugins/internal.py:465 +#, python-brace-format +msgid "Add privilege '${primary_key}' into permissions" msgstr "" -#: ipaserver/plugins/internal.py:1016 -msgid "Set One-Time Password" +#: ipaserver/plugins/internal.py:468 +#, python-brace-format +msgid "Add roles into privilege '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1017 -msgid "Remove hosts" +#: ipaserver/plugins/internal.py:470 +msgid "Remove privileges" msgstr "" -#: ipaserver/plugins/internal.py:1019 +#: ipaserver/plugins/internal.py:472 #, python-brace-format -msgid "Remove hosts managing host '${primary_key}'" +msgid "Remove privilege '${primary_key}' from permissions" msgstr "" -#: ipaserver/plugins/internal.py:1022 +#: ipaserver/plugins/internal.py:475 #, python-brace-format -msgid "Remove host '${primary_key}' from host groups" +msgid "Remove roles from privilege '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1025 -#, python-brace-format -msgid "Remove host '${primary_key}' from netgroups" +#: ipaserver/plugins/internal.py:479 +msgid "Role Settings" msgstr "" -#: ipaserver/plugins/internal.py:1028 -#, python-brace-format -msgid "Remove host '${primary_key}' from roles" +#: ipaserver/plugins/internal.py:480 +msgid "Add role" msgstr "" -#: ipaserver/plugins/internal.py:1031 +#: ipaserver/plugins/internal.py:482 #, python-brace-format -msgid "Remove host '${primary_key}' from HBAC rules" +msgid "Add user groups into role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1034 +#: ipaserver/plugins/internal.py:485 #, python-brace-format -msgid "Remove host '${primary_key}' from sudo rules" +msgid "Add hosts into role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1037 ipaserver/plugins/internal.py:1362 -msgid "Unprovision" +#: ipaserver/plugins/internal.py:488 +#, python-brace-format +msgid "Add host groups into role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1038 -msgid "Are you sure you want to unprovision this host?" +#: ipaserver/plugins/internal.py:491 +#, python-brace-format +msgid "Add role '${primary_key}' into privileges" msgstr "" -#: ipaserver/plugins/internal.py:1039 -msgid "Unprovisioning host" +#: ipaserver/plugins/internal.py:494 +#, python-brace-format +msgid "Add services into role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1040 -msgid "Host unprovisioned" +#: ipaserver/plugins/internal.py:497 +#, python-brace-format +msgid "Add users into role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1043 -msgid "Add host group" +#: ipaserver/plugins/internal.py:499 +msgid "Remove roles" msgstr "" -#: ipaserver/plugins/internal.py:1045 +#: ipaserver/plugins/internal.py:501 #, python-brace-format -msgid "Add hosts into host group '${primary_key}'" +msgid "Remove role '${primary_key}' from privileges" msgstr "" -#: ipaserver/plugins/internal.py:1048 +#: ipaserver/plugins/internal.py:504 #, python-brace-format -msgid "Add host groups into host group '${primary_key}'" +msgid "Remove user groups from role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1051 +#: ipaserver/plugins/internal.py:507 #, python-brace-format -msgid "Add host group '${primary_key}' into host groups" +msgid "Remove hosts from role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1054 +#: ipaserver/plugins/internal.py:510 #, python-brace-format -msgid "Add host group '${primary_key}' into HBAC rules" +msgid "Remove host groups from role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1057 +#: ipaserver/plugins/internal.py:513 #, python-brace-format -msgid "Add host group '${primary_key}' into netgroups" +msgid "Remove services from role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1060 +#: ipaserver/plugins/internal.py:516 #, python-brace-format -msgid "Add host group '${primary_key}' into sudo rules" +msgid "Remove users from role '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1063 -#, python-brace-format -msgid "Add groups as member managers for host group '${primary_key}'" +#: ipaserver/plugins/internal.py:520 +msgid "Add self service permission" msgstr "" -#: ipaserver/plugins/internal.py:1067 -#, python-brace-format -msgid "Remove groups from member managers for host group '${primary_key}'" +#: ipaserver/plugins/internal.py:521 +msgid "Remove self service permissions" msgstr "" -#: ipaserver/plugins/internal.py:1071 +#: ipaserver/plugins/internal.py:524 +msgid "Add rule" +msgstr "" + +#: ipaserver/plugins/internal.py:526 #, python-brace-format -msgid "Add users as member managers for host group '${primary_key}'" +msgid "Add inclusive condition into '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1075 +#: ipaserver/plugins/internal.py:529 #, python-brace-format -msgid "Remove users from member managers for host group '${primary_key}'" +msgid "Add exclusive condition into '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1079 -msgid "Host Group Settings" +#: ipaserver/plugins/internal.py:533 +msgid "Are you sure you want to change default group?" msgstr "" -#: ipaserver/plugins/internal.py:1080 -msgid "Remove host groups" +#: ipaserver/plugins/internal.py:535 +msgid "Default host group" msgstr "" -#: ipaserver/plugins/internal.py:1082 -#, python-brace-format -msgid "Remove host group '${primary_key}' from host groups" +#: ipaserver/plugins/internal.py:536 +msgid "Default user group" msgstr "" -#: ipaserver/plugins/internal.py:1085 -#, python-brace-format -msgid "Remove host group '${primary_key}' from netgroups" +#: ipaserver/plugins/internal.py:537 +msgid "Exclusive" msgstr "" -#: ipaserver/plugins/internal.py:1088 -#, python-brace-format -msgid "Remove host group '${primary_key}' from HBAC rules" +#: ipaserver/plugins/internal.py:538 +msgid "Expression" msgstr "" -#: ipaserver/plugins/internal.py:1091 -#, python-brace-format -msgid "Remove host group '${primary_key}' from sudo rules" +#: ipaserver/plugins/internal.py:539 +msgid "Host group rule" msgstr "" -#: ipaserver/plugins/internal.py:1094 -#, python-brace-format -msgid "Remove hosts from host group '${primary_key}'" +#: ipaserver/plugins/internal.py:540 +msgid "Host group rules" msgstr "" -#: ipaserver/plugins/internal.py:1097 -#, python-brace-format -msgid "Remove host groups from host group '${primary_key}'" +#: ipaserver/plugins/internal.py:541 +msgid "Inclusive" msgstr "" -#: ipaserver/plugins/internal.py:1101 -msgid "Keycloak or Red Hat SSO" +#: ipaserver/plugins/internal.py:542 +msgid "Remove auto membership rules" msgstr "" -#: ipaserver/plugins/internal.py:1102 -msgid "Google" +#: ipaserver/plugins/internal.py:544 +#, python-brace-format +msgid "Remove exclusive conditions from rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1103 -msgid "Github" +#: ipaserver/plugins/internal.py:547 +#, python-brace-format +msgid "Remove inclusive conditions from rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1104 -msgid "Microsoft or Azure" +#: ipaserver/plugins/internal.py:549 +msgid "User group rule" msgstr "" -#: ipaserver/plugins/internal.py:1105 -msgid "Okta" +#: ipaserver/plugins/internal.py:550 +msgid "User group rules" msgstr "" -#: ipaserver/plugins/internal.py:1106 -msgid "OAuth 2.0 client details" +#: ipaserver/plugins/internal.py:553 +msgid "Add automount key" msgstr "" -#: ipaserver/plugins/internal.py:1107 -msgid "Identity provider details" +#: ipaserver/plugins/internal.py:554 +msgid "Remove automount keys" msgstr "" -#: ipaserver/plugins/internal.py:1108 -msgid "Verify secret" +#: ipaserver/plugins/internal.py:557 +msgid "Add automount location" msgstr "" -#: ipaserver/plugins/internal.py:1111 -msgid "User to override" +#: ipaserver/plugins/internal.py:558 +msgid "Automount Location Settings" msgstr "" -#: ipaserver/plugins/internal.py:1112 -msgid "" -"Enter trusted or IPA user login. Note: search doesn't list users from " -"trusted domains." +#: ipaserver/plugins/internal.py:559 +msgid "Remove automount locations" msgstr "" -#: ipaserver/plugins/internal.py:1113 -msgid "Enter trusted user login." +#: ipaserver/plugins/internal.py:562 +msgid "Add automount map" msgstr "" -#: ipaserver/plugins/internal.py:1114 ipaserver/plugins/internal.py:1760 -msgid "Profile" +#: ipaserver/plugins/internal.py:563 +msgid "Map Type" msgstr "" -#: ipaserver/plugins/internal.py:1117 -msgid "Group to override" +#: ipaserver/plugins/internal.py:564 +msgid "Direct" msgstr "" -#: ipaserver/plugins/internal.py:1118 -msgid "" -"Enter trusted or IPA group name. Note: search doesn't list groups from " -"trusted domains." +#: ipaserver/plugins/internal.py:565 +msgid "Indirect" msgstr "" -#: ipaserver/plugins/internal.py:1119 -msgid "Enter trusted group name." +#: ipaserver/plugins/internal.py:566 +msgid "Remove automount maps" msgstr "" -#: ipaserver/plugins/internal.py:1122 -msgid "Add ID view" +#: ipaserver/plugins/internal.py:569 +msgid "Add certificate authority" msgstr "" -#: ipaserver/plugins/internal.py:1123 -msgid "Add group ID override" +#: ipaserver/plugins/internal.py:570 +msgid "Remove certificate authorities" msgstr "" -#: ipaserver/plugins/internal.py:1124 -msgid "Add user ID override" +#: ipaserver/plugins/internal.py:573 +msgid "Add CA ACL" msgstr "" -#: ipaserver/plugins/internal.py:1125 +#: ipaserver/plugins/internal.py:575 #, python-brace-format -msgid "${primary_key} applies to:" +msgid "Add Certificate Authorities into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1126 ipaserver/plugins/internal.py:1127 -msgid "Applied to hosts" +#: ipaserver/plugins/internal.py:579 +#, python-brace-format +msgid "Add user groups into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1128 -msgid "Apply to host groups" +#: ipaserver/plugins/internal.py:582 +#, python-brace-format +msgid "Add host groups into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1130 +#: ipaserver/plugins/internal.py:585 #, python-brace-format -msgid "Apply ID view '${primary_key}' on hosts of host groups" +msgid "Add hosts into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1132 -msgid "Apply to hosts" +#: ipaserver/plugins/internal.py:588 +#, python-brace-format +msgid "Add certificate profiles into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1134 +#: ipaserver/plugins/internal.py:591 #, python-brace-format -msgid "Apply ID view '${primary_key}' on hosts" +msgid "Add services into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1137 +#: ipaserver/plugins/internal.py:594 #, python-brace-format -msgid "${primary_key} overrides:" +msgid "Add users into CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1138 -msgid "Remove ID views" +#: ipaserver/plugins/internal.py:596 +msgid "All" msgstr "" -#: ipaserver/plugins/internal.py:1139 -msgid "Remove user ID overrides" +#: ipaserver/plugins/internal.py:597 +msgid "Any CA" msgstr "" -#: ipaserver/plugins/internal.py:1140 -msgid "Remove group ID overrides" +#: ipaserver/plugins/internal.py:598 ipaserver/plugins/internal.py:907 +#: ipaserver/plugins/internal.py:1174 ipaserver/plugins/internal.py:1309 +#: ipaserver/plugins/internal.py:1478 +msgid "Any Host" msgstr "" -#: ipaserver/plugins/internal.py:1141 -msgid "Un-apply from host groups" +#: ipaserver/plugins/internal.py:599 ipaserver/plugins/internal.py:908 +msgid "Any Service" msgstr "" -#: ipaserver/plugins/internal.py:1142 -msgid "Un-apply ID Views from hosts of hostgroups" +#: ipaserver/plugins/internal.py:600 +msgid "Any Profile" msgstr "" -#: ipaserver/plugins/internal.py:1143 -msgid "Un-apply" +#: ipaserver/plugins/internal.py:601 ipaserver/plugins/internal.py:909 +#: ipaserver/plugins/internal.py:1175 ipaserver/plugins/internal.py:1310 +#: ipaserver/plugins/internal.py:1479 +msgid "Anyone" msgstr "" -#: ipaserver/plugins/internal.py:1144 -msgid "Un-apply from hosts" +#: ipaserver/plugins/internal.py:602 ipaserver/plugins/internal.py:911 +#: ipaserver/plugins/internal.py:1484 +msgid "Rule status" msgstr "" -#: ipaserver/plugins/internal.py:1145 -msgid "Un-apply ID Views from hosts" +#: ipaserver/plugins/internal.py:603 +msgid "If no CAs are specified, requests to the default CA are allowed." msgstr "" -#: ipaserver/plugins/internal.py:1146 -msgid "Are you sure you want to un-apply ID view from selected entries?" +#: ipaserver/plugins/internal.py:605 +msgid "Remove CA ACLs" msgstr "" -#: ipaserver/plugins/internal.py:1148 +#: ipaserver/plugins/internal.py:607 #, python-brace-format -msgid "Un-apply ID view '${primary_key}' from hosts" +msgid "Remove Certificate Authorities from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1152 ipaserver/plugins/krbtpolicy.py:128 -#: ipaserver/plugins/krbtpolicy.py:129 -msgid "Kerberos Ticket Policy" +#: ipaserver/plugins/internal.py:611 +#, python-brace-format +msgid "Remove user groups from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1155 -msgid "Add netgroup" +#: ipaserver/plugins/internal.py:614 +#, python-brace-format +msgid "Remove host groups from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1157 +#: ipaserver/plugins/internal.py:617 #, python-brace-format -msgid "Add netgroup '${primary_key}' into netgroups" +msgid "Remove hosts from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1160 +#: ipaserver/plugins/internal.py:620 #, python-brace-format -msgid "Add netgroups into netgroup '${primary_key}'" +msgid "Remove certificate profiles from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1163 +#: ipaserver/plugins/internal.py:623 #, python-brace-format -msgid "Add user groups into netgroup '${primary_key}'" +msgid "Remove services from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1166 +#: ipaserver/plugins/internal.py:626 #, python-brace-format -msgid "Add hosts into netgroup '${primary_key}'" +msgid "Remove users from CA ACL '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1169 -#, python-brace-format -msgid "Add host groups into netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:628 +msgid "Specified CAs" msgstr "" -#: ipaserver/plugins/internal.py:1172 -#, python-brace-format -msgid "Add users into netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:629 ipaserver/plugins/internal.py:933 +#: ipaserver/plugins/internal.py:1201 ipaserver/plugins/internal.py:1325 +#: ipaserver/plugins/internal.py:1529 +msgid "Specified Hosts and Groups" msgstr "" -#: ipaserver/plugins/internal.py:1180 -msgid "Netgroup Settings" +#: ipaserver/plugins/internal.py:630 +msgid "Specified Profiles" msgstr "" -#: ipaserver/plugins/internal.py:1182 -msgid "Remove netgroups" +#: ipaserver/plugins/internal.py:631 ipaserver/plugins/internal.py:934 +msgid "Specified Services and Groups" msgstr "" -#: ipaserver/plugins/internal.py:1184 -#, python-brace-format -msgid "Remove netgroup '${primary_key}' from netgroups" +#: ipaserver/plugins/internal.py:632 ipaserver/plugins/internal.py:935 +#: ipaserver/plugins/internal.py:1202 ipaserver/plugins/internal.py:1326 +#: ipaserver/plugins/internal.py:1530 +msgid "Specified Users and Groups" msgstr "" -#: ipaserver/plugins/internal.py:1187 -#, python-brace-format -msgid "Remove user groups from netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:633 +msgid "Permitted to have certificates issued" msgstr "" -#: ipaserver/plugins/internal.py:1190 -#, python-brace-format -msgid "Remove hosts from netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:636 +msgid "Remove certificate profiles" msgstr "" -#: ipaserver/plugins/internal.py:1193 -#, python-brace-format -msgid "Remove host groups from netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:639 +msgid "AA Compromise" msgstr "" -#: ipaserver/plugins/internal.py:1196 -#, python-brace-format -msgid "Remove netgroups from netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:640 +msgid "Add principal" msgstr "" -#: ipaserver/plugins/internal.py:1199 -#, python-brace-format -msgid "Remove users from netgroup '${primary_key}'" +#: ipaserver/plugins/internal.py:641 +msgid "Affiliation Changed" msgstr "" -#: ipaserver/plugins/internal.py:1208 -msgid "Add OTP token" +#: ipaserver/plugins/internal.py:643 +msgid "CA Compromise" msgstr "" -#: ipaserver/plugins/internal.py:1210 -#, python-brace-format -msgid "Add users managing OTP token '${primary_key}'" +#: ipaserver/plugins/internal.py:645 ipaserver/plugins/internal.py:1972 +msgid "Certificates" msgstr "" -#: ipaserver/plugins/internal.py:1212 -#, python-brace-format -msgid "" -"You can use FreeOTP as a software " -"OTP token application." +#: ipaserver/plugins/internal.py:646 +msgid "Certificate Hold" msgstr "" -#: ipaserver/plugins/internal.py:1213 -msgid "Configure your token" +#: ipaserver/plugins/internal.py:647 +msgid "Cessation of Operation" msgstr "" -#: ipaserver/plugins/internal.py:1214 -msgid "" -"Configure your token by scanning the QR code below. Click on the QR code if " -"you see this on the device you want to configure." +#: ipaserver/plugins/internal.py:648 +msgid "Common Name" msgstr "" -#: ipaserver/plugins/internal.py:1215 -msgid "OTP Token Settings" +#: ipaserver/plugins/internal.py:650 +msgid "the certificate with serial number " msgstr "" -#: ipaserver/plugins/internal.py:1216 -msgid "Disable token" +#: ipaserver/plugins/internal.py:651 +msgid "Expires On" +msgstr "" + +#: ipaserver/plugins/internal.py:652 +msgid "Issued on from" +msgstr "" + +#: ipaserver/plugins/internal.py:653 +msgid "Issued on to" +msgstr "" + +#: ipaserver/plugins/internal.py:654 +msgid "Maximum serial number" msgstr "" -#: ipaserver/plugins/internal.py:1217 -msgid "Enable token" +#: ipaserver/plugins/internal.py:655 +msgid "Minimum serial number" msgstr "" -#: ipaserver/plugins/internal.py:1218 -msgid "Remove OTP tokens" +#: ipaserver/plugins/internal.py:657 +msgid "Revoked on from" msgstr "" -#: ipaserver/plugins/internal.py:1220 -#, python-brace-format -msgid "Remove users managing OTP token '${primary_key}'" +#: ipaserver/plugins/internal.py:658 +msgid "Revoked on to" msgstr "" -#: ipaserver/plugins/internal.py:1222 -msgid "Show QR code" +#: ipaserver/plugins/internal.py:660 +msgid "Valid not after from" msgstr "" -#: ipaserver/plugins/internal.py:1223 -msgid "Show configuration uri" +#: ipaserver/plugins/internal.py:661 +msgid "Valid not after to" msgstr "" -#: ipaserver/plugins/internal.py:1224 -msgid "Counter-based (HOTP)" +#: ipaserver/plugins/internal.py:662 +msgid "Valid not before from" msgstr "" -#: ipaserver/plugins/internal.py:1225 -msgid "Time-based (TOTP)" +#: ipaserver/plugins/internal.py:663 +msgid "Valid not before to" msgstr "" -#: ipaserver/plugins/internal.py:1228 -msgid "Add Passkey" +#: ipaserver/plugins/internal.py:664 +msgid "Fingerprints" msgstr "" -#: ipaserver/plugins/internal.py:1231 -#, python-brace-format -msgid "Do you want to remove passkey ${passkey}?" +#: ipaserver/plugins/internal.py:665 +msgid "Get Certificate" msgstr "" -#: ipaserver/plugins/internal.py:1232 -msgid "Remove Passkey" +#: ipaserver/plugins/internal.py:666 +msgid "Certificate Hold Removed" msgstr "" -#: ipaserver/plugins/internal.py:1233 -msgid "(discoverable) " +#: ipaserver/plugins/internal.py:668 +#, python-brace-format +msgid "Issue new certificate for host '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1234 -msgid "(server-side) " +#: ipaserver/plugins/internal.py:671 +#, python-brace-format +msgid "Issue new certificate for service '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1240 -msgid "Add Custom Attribute" +#: ipaserver/plugins/internal.py:674 +#, python-brace-format +msgid "Issue new certificate for user '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1243 -msgid "Permission settings" +#: ipaserver/plugins/internal.py:676 +msgid "Issue new certificate" msgstr "" -#: ipaserver/plugins/internal.py:1244 -msgid "Attribute breakdown" +#: ipaserver/plugins/internal.py:677 +msgid "Issued By" msgstr "" -#: ipaserver/plugins/internal.py:1248 -msgid "Privilege Settings" +#: ipaserver/plugins/internal.py:678 +msgid "Issued On" msgstr "" -#: ipaserver/plugins/internal.py:1251 -msgid "Public key:" +#: ipaserver/plugins/internal.py:679 +msgid "Issued To" msgstr "" -#: ipaserver/plugins/internal.py:1252 -msgid "Set public key" +#: ipaserver/plugins/internal.py:680 +msgid "Key Compromise" msgstr "" -#: ipaserver/plugins/internal.py:1253 ipaserver/plugins/internal.py:1372 -msgid "Show/Set key" +#: ipaserver/plugins/internal.py:681 +msgid "No Valid Certificate" msgstr "" -#: ipaserver/plugins/internal.py:1254 ipaserver/plugins/internal.py:1373 -msgid "Modified: key not set" +#: ipaserver/plugins/internal.py:682 +msgid "New Certificate" msgstr "" -#: ipaserver/plugins/internal.py:1255 ipaserver/plugins/internal.py:1374 -msgid "Modified" +#: ipaserver/plugins/internal.py:683 +msgid "Certificate in base64 or PEM format" msgstr "" -#: ipaserver/plugins/internal.py:1256 ipaserver/plugins/internal.py:1375 -msgid "New: key not set" +#: ipaserver/plugins/internal.py:684 +msgid "Note" msgstr "" -#: ipaserver/plugins/internal.py:1257 ipaserver/plugins/internal.py:1376 -msgid "New: key set" +#: ipaserver/plugins/internal.py:686 +msgid "Organizational Unit" msgstr "" -#: ipaserver/plugins/internal.py:1260 -msgid "Add password policy" +#: ipaserver/plugins/internal.py:687 +#, python-brace-format +msgid "${count} certificate(s) present" msgstr "" -#: ipaserver/plugins/internal.py:1261 ipaserver/plugins/pwpolicy.py:302 -msgid "Password Policy" +#: ipaserver/plugins/internal.py:688 +msgid "Privilege Withdrawn" msgstr "" -#: ipaserver/plugins/internal.py:1262 -msgid "Remove password policies" +#: ipaserver/plugins/internal.py:689 +msgid "Reason for Revocation" msgstr "" -#: ipaserver/plugins/internal.py:1265 -msgid "Add ID range" +#: ipaserver/plugins/internal.py:691 +msgid "Remove certificate hold" msgstr "" -#: ipaserver/plugins/internal.py:1266 -msgid "Range Settings" +#: ipaserver/plugins/internal.py:692 +msgid "Do you want to remove the certificate hold?" msgstr "" -#: ipaserver/plugins/internal.py:1268 ipaserver/plugins/internal.py:1398 -msgid "Base ID" +#: ipaserver/plugins/internal.py:693 +msgid "Remove from CRL" msgstr "" -#: ipaserver/plugins/internal.py:1269 -msgid "Primary RID base" +#: ipaserver/plugins/internal.py:694 +#, python-brace-format +msgid "" +"
  1. Create a certificate database or use an existing one. To create a " +"new database:
    # certutil -N -d <database path>
    2. " +"
  2. Create a CSR with subject CN=<${cn_name}>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g " +"<key size> -s 'CN=${cn},O=${realm}'${san}
  3. Copy and " +"paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to " +"-----END NEW CERTIFICATE REQUEST-----) into the text area below:
" msgstr "" -#: ipaserver/plugins/internal.py:1270 ipaserver/plugins/internal.py:1405 -msgid "Range size" +#: ipaserver/plugins/internal.py:695 +#, python-brace-format +msgid " -8 '${cn}'" msgstr "" -#: ipaserver/plugins/internal.py:1271 -msgid "Domain SID" +#: ipaserver/plugins/internal.py:696 +msgid "Certificate requested" msgstr "" -#: ipaserver/plugins/internal.py:1272 -msgid "Secondary RID base" +#: ipaserver/plugins/internal.py:698 +msgid "Revoke certificate" msgstr "" -#: ipaserver/plugins/internal.py:1273 -msgid "Remove ID ranges" +#: ipaserver/plugins/internal.py:699 +msgid "" +"Do you want to revoke this certificate? Select a reason from the pull-down " +"list." msgstr "" -#: ipaserver/plugins/internal.py:1275 ipaserver/dcerpc_common.py:37 -msgid "Active Directory domain" +#: ipaserver/plugins/internal.py:700 +msgid "Certificate Revoked" msgstr "" -#: ipaserver/plugins/internal.py:1276 -msgid "Active Directory domain with POSIX attributes" +#: ipaserver/plugins/internal.py:701 +msgid "REVOKED" msgstr "" -#: ipaserver/plugins/internal.py:1277 -msgid "Detect" +#: ipaserver/plugins/internal.py:704 +msgid "SHA1 Fingerprint" msgstr "" -#: ipaserver/plugins/internal.py:1278 -msgid "Local domain" +#: ipaserver/plugins/internal.py:705 +msgid "SHA256 Fingerprint" msgstr "" -#: ipaserver/plugins/internal.py:1279 -msgid "IPA trust" +#: ipaserver/plugins/internal.py:707 +msgid "Superseded" msgstr "" -#: ipaserver/plugins/internal.py:1280 -msgid "Active Directory winsync" +#: ipaserver/plugins/internal.py:708 +msgid "Unspecified" msgstr "" -#: ipaserver/plugins/internal.py:1283 -msgid "Add RADIUS server" +#: ipaserver/plugins/internal.py:709 +msgid "Valid Certificate Present" msgstr "" -#: ipaserver/plugins/internal.py:1284 -msgid "RADIUS Proxy Server Settings" +#: ipaserver/plugins/internal.py:710 +msgid "Valid from" msgstr "" -#: ipaserver/plugins/internal.py:1285 -msgid "Remove RADIUS servers" +#: ipaserver/plugins/internal.py:711 +msgid "Valid to" msgstr "" -#: ipaserver/plugins/internal.py:1289 -msgid "Check DNS" +#: ipaserver/plugins/internal.py:712 +msgid "Validity" msgstr "" -#: ipaserver/plugins/internal.py:1290 -msgid "Do you also want to perform DNS check?" +#: ipaserver/plugins/internal.py:713 +#, python-brace-format +msgid "Certificate for ${entity} ${primary_key}" msgstr "" -#: ipaserver/plugins/internal.py:1291 -msgid "Force Update" +#: ipaserver/plugins/internal.py:714 +msgid "View Certificate" msgstr "" -#: ipaserver/plugins/internal.py:1296 -msgid "Add SELinux user map" +#: ipaserver/plugins/internal.py:717 +msgid "Certificate Data" msgstr "" -#: ipaserver/plugins/internal.py:1298 -#, python-brace-format -msgid "Add user groups into SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:718 +msgid "Certificate For Match" msgstr "" -#: ipaserver/plugins/internal.py:1301 -#, python-brace-format -msgid "Add host groups into SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:719 +msgid "Certificate Mapping Match" msgstr "" -#: ipaserver/plugins/internal.py:1304 -#, python-brace-format -msgid "Add hosts into SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:721 +msgid "Matched Users" msgstr "" -#: ipaserver/plugins/internal.py:1307 -#, python-brace-format -msgid "Add users into SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:722 +msgid "User Login" msgstr "" -#: ipaserver/plugins/internal.py:1312 -msgid "Remove selinux user maps" +#: ipaserver/plugins/internal.py:725 +msgid "Add certificate identity mapping rule" msgstr "" -#: ipaserver/plugins/internal.py:1314 -#, python-brace-format -msgid "Remove user groups from SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:726 +msgid "Add certificate mapping data" msgstr "" -#: ipaserver/plugins/internal.py:1317 -#, python-brace-format -msgid "Remove host groups from SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:727 ipaserver/plugins/baseuser.py:468 +#: ipaserver/plugins/baseuser.py:469 +msgid "Certificate mapping data" msgstr "" -#: ipaserver/plugins/internal.py:1320 -#, python-brace-format -msgid "Remove hosts from SELinux user map '${primary_key}'" +#: ipaserver/plugins/internal.py:729 +msgid "Configuration string" msgstr "" -#: ipaserver/plugins/internal.py:1323 +#: ipaserver/plugins/internal.py:730 #, python-brace-format -msgid "Remove users from SELinux user map '${primary_key}'" +msgid "Do you want to remove certificate mapping data ${data}?" msgstr "" -#: ipaserver/plugins/internal.py:1330 -msgid "Server Roles" +#: ipaserver/plugins/internal.py:731 +msgid "Remove certificate mapping data" msgstr "" -#: ipaserver/plugins/internal.py:1331 -msgid "Server Role" +#: ipaserver/plugins/internal.py:733 +msgid "Issuer and subject" msgstr "" -#: ipaserver/plugins/internal.py:1334 -msgid "Warning: Consider service replication" +#: ipaserver/plugins/internal.py:734 +msgid "Remove certificate identity mapping rules" msgstr "" -#: ipaserver/plugins/internal.py:1335 -msgid "" -"It is strongly recommended to keep the following services installed on more " -"than one server:" +#: ipaserver/plugins/internal.py:739 +msgid "Group Options" msgstr "" -#: ipaserver/plugins/internal.py:1336 -msgid "Delete Server" +#: ipaserver/plugins/internal.py:740 +msgid "Search Options" msgstr "" -#: ipaserver/plugins/internal.py:1337 -msgid "" -"Deleting a server removes it permanently from the topology. Note that this " -"is a non-reversible action." +#: ipaserver/plugins/internal.py:741 +msgid "SELinux Options" msgstr "" -#: ipaserver/plugins/internal.py:1340 -msgid "Add service" +#: ipaserver/plugins/internal.py:742 +msgid "Server Options" msgstr "" -#: ipaserver/plugins/internal.py:1342 -#, python-brace-format -msgid "Add hosts managing service '${primary_key}'" +#: ipaserver/plugins/internal.py:743 +msgid "Service Options" msgstr "" -#: ipaserver/plugins/internal.py:1345 -#, python-brace-format -msgid "Add service '${primary_key}' into roles" +#: ipaserver/plugins/internal.py:744 +msgid "User Options" msgstr "" -#: ipaserver/plugins/internal.py:1347 -msgid "Service Certificate" +#: ipaserver/plugins/internal.py:749 +msgid "Forward first" msgstr "" -#: ipaserver/plugins/internal.py:1349 -msgid "Service Settings" +#: ipaserver/plugins/internal.py:750 +msgid "Forwarding disabled" msgstr "" -#: ipaserver/plugins/internal.py:1352 -msgid "Provisioning" +#: ipaserver/plugins/internal.py:751 +msgid "Forward only" msgstr "" -#: ipaserver/plugins/internal.py:1353 -msgid "Remove services" +#: ipaserver/plugins/internal.py:752 ipaserver/plugins/internal.py:1237 +#: ipaserver/plugins/internal.py:1487 ipaserver/plugins/internal.py:1593 +msgid "Options" msgstr "" -#: ipaserver/plugins/internal.py:1355 -#, python-brace-format -msgid "Remove service '${primary_key}' from roles" +#: ipaserver/plugins/internal.py:753 +msgid "Update System DNS Records" msgstr "" -#: ipaserver/plugins/internal.py:1358 -#, python-brace-format -msgid "Remove hosts managing service '${primary_key}'" +#: ipaserver/plugins/internal.py:754 +msgid "Do you want to update system DNS records?" msgstr "" -#: ipaserver/plugins/internal.py:1363 -msgid "Are you sure you want to unprovision this service?" +#: ipaserver/plugins/internal.py:755 +msgid "System DNS records updated" msgstr "" -#: ipaserver/plugins/internal.py:1364 -msgid "Unprovisioning service" +#: ipaserver/plugins/internal.py:758 +msgid "Add DNS forward zone" msgstr "" -#: ipaserver/plugins/internal.py:1365 -msgid "Service unprovisioned" +#: ipaserver/plugins/internal.py:759 +msgid "Remove DNS forward zones" msgstr "" -#: ipaserver/plugins/internal.py:1366 -msgid "Kerberos Key Present, Service Provisioned" +#: ipaserver/plugins/internal.py:762 +msgid "Add DNS resource record" msgstr "" -#: ipaserver/plugins/internal.py:1369 -msgid "SSH public keys" +#: ipaserver/plugins/internal.py:764 +msgid "DNS record was deleted because it contained no data." msgstr "" -#: ipaserver/plugins/internal.py:1370 -msgid "SSH public key:" +#: ipaserver/plugins/internal.py:765 +msgid "Other Record Types" msgstr "" -#: ipaserver/plugins/internal.py:1371 -msgid "Set SSH key" +#: ipaserver/plugins/internal.py:766 +msgid "Address not valid, can't redirect" msgstr "" -#: ipaserver/plugins/internal.py:1379 -msgid "Are you sure you want to activate selected users?" +#: ipaserver/plugins/internal.py:767 +msgid "Create dns record" msgstr "" -#: ipaserver/plugins/internal.py:1380 -#, python-brace-format -msgid "Are you sure you want to activate ${object}?" +#: ipaserver/plugins/internal.py:768 +msgid "Creating record." msgstr "" -#: ipaserver/plugins/internal.py:1381 -#, python-brace-format -msgid "${count} user(s) activated" +#: ipaserver/plugins/internal.py:769 +msgid "Record creation failed." msgstr "" -#: ipaserver/plugins/internal.py:1382 -msgid "Add stage user" +#: ipaserver/plugins/internal.py:770 +msgid "Checking if record exists." msgstr "" -#: ipaserver/plugins/internal.py:1383 -msgid "Stage users" +#: ipaserver/plugins/internal.py:771 +msgid "Record not found." msgstr "" -#: ipaserver/plugins/internal.py:1384 -msgid "Preserved users" +#: ipaserver/plugins/internal.py:772 +msgid "Redirection to PTR record" msgstr "" -#: ipaserver/plugins/internal.py:1385 -msgid "Remove preserved users" +#: ipaserver/plugins/internal.py:773 +#, python-brace-format +msgid "Zone found: ${zone}" msgstr "" -#: ipaserver/plugins/internal.py:1386 -msgid "Remove stage users" +#: ipaserver/plugins/internal.py:774 +msgid "Target reverse zone not found." msgstr "" -#: ipaserver/plugins/internal.py:1387 -msgid "Are you sure you want to stage selected users?" +#: ipaserver/plugins/internal.py:775 +msgid "Fetching DNS zones." msgstr "" -#: ipaserver/plugins/internal.py:1388 -#, python-brace-format -msgid "${count} users(s) staged" +#: ipaserver/plugins/internal.py:776 +msgid "An error occurred while fetching dns zones." msgstr "" -#: ipaserver/plugins/internal.py:1389 -#, python-brace-format -msgid "Are you sure you want to stage ${object}?" +#: ipaserver/plugins/internal.py:777 +msgid "You will be redirected to DNS Zone." msgstr "" -#: ipaserver/plugins/internal.py:1390 -msgid "Are you sure you want to restore selected users?" +#: ipaserver/plugins/internal.py:778 +msgid "Remove DNS resource records" msgstr "" -#: ipaserver/plugins/internal.py:1391 -#, python-brace-format -msgid "Are you sure you want to restore ${object}?" +#: ipaserver/plugins/internal.py:779 +msgid "Standard Record Types" msgstr "" -#: ipaserver/plugins/internal.py:1392 -#, python-brace-format -msgid "${count} user(s) restored" +#: ipaserver/plugins/internal.py:780 +msgid "Records for DNS Zone" msgstr "" -#: ipaserver/plugins/internal.py:1393 -msgid "User categories" +#: ipaserver/plugins/internal.py:781 +msgid "Record Type" msgstr "" -#: ipaserver/plugins/internal.py:1396 -msgid "Add subid" +#: ipaserver/plugins/internal.py:784 +msgid "Add DNS zone" msgstr "" -#: ipaserver/plugins/internal.py:1397 -msgid "Assigned subids" +#: ipaserver/plugins/internal.py:786 +#, python-brace-format +msgid "Are you sure you want to add permission for DNS Zone ${object}?" msgstr "" -#: ipaserver/plugins/internal.py:1399 -msgid "DNA remaining" +#: ipaserver/plugins/internal.py:787 +msgid "DNS Zone Settings" msgstr "" -#: ipaserver/plugins/internal.py:1406 -msgid "Remaining subids" +#: ipaserver/plugins/internal.py:788 +msgid "Remove DNS zones" msgstr "" -#: ipaserver/plugins/internal.py:1407 -msgid "Subordinate ID Statistics" +#: ipaserver/plugins/internal.py:789 +msgid "Remove Permission" msgstr "" -#: ipaserver/plugins/internal.py:1410 -msgid "Add sudo command" +#: ipaserver/plugins/internal.py:790 +#, python-brace-format +msgid "Are you sure you want to remove permission for DNS Zone ${object}?" msgstr "" -#: ipaserver/plugins/internal.py:1412 -#, python-brace-format -msgid "Add sudo command '${primary_key}' into sudo command groups" +#: ipaserver/plugins/internal.py:791 +msgid "Skip DNS check" msgstr "" -#: ipaserver/plugins/internal.py:1416 -msgid "Remove sudo commands" +#: ipaserver/plugins/internal.py:792 +msgid "Skip overlap check" msgstr "" -#: ipaserver/plugins/internal.py:1418 -#, python-brace-format -msgid "Remove sudo command '${primary_key}' from sudo command groups" +#: ipaserver/plugins/internal.py:793 +msgid "Do you want to check if new authoritative nameserver address is in DNS" msgstr "" -#: ipaserver/plugins/internal.py:1423 -msgid "Add sudo command group" +#: ipaserver/plugins/internal.py:794 +msgid "Authoritative nameserver change" msgstr "" -#: ipaserver/plugins/internal.py:1425 -#, python-brace-format -msgid "Add sudo commands into sudo command group '${primary_key}'" +#: ipaserver/plugins/internal.py:799 +msgid "Level" msgstr "" -#: ipaserver/plugins/internal.py:1429 -msgid "Remove sudo command groups" +#: ipaserver/plugins/internal.py:800 +msgid "Set Domain Level" msgstr "" -#: ipaserver/plugins/internal.py:1431 -#, python-brace-format -msgid "Remove sudo commands from sudo command group '${primary_key}'" +#: ipaserver/plugins/internal.py:803 +msgid "Add user group" msgstr "" -#: ipaserver/plugins/internal.py:1436 -msgid "Add sudo rule" +#: ipaserver/plugins/internal.py:805 +#, python-brace-format +msgid "Add user groups into user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1437 -msgid "Add sudo option" +#: ipaserver/plugins/internal.py:808 +#, python-brace-format +msgid "Add user group '${primary_key}' into user groups" msgstr "" -#: ipaserver/plugins/internal.py:1439 +#: ipaserver/plugins/internal.py:811 #, python-brace-format -msgid "Add allow sudo commands into sudo rule '${primary_key}'" +msgid "Add user group '${primary_key}' into HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1443 +#: ipaserver/plugins/internal.py:814 #, python-brace-format -msgid "Add allow sudo command groups into sudo rule '${primary_key}'" +msgid "Add user group '${primary_key}' into netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1447 +#: ipaserver/plugins/internal.py:817 #, python-brace-format -msgid "Add deny sudo commands into sudo rule '${primary_key}'" +msgid "Add user group '${primary_key}' into roles" msgstr "" -#: ipaserver/plugins/internal.py:1451 +#: ipaserver/plugins/internal.py:820 #, python-brace-format -msgid "Add deny sudo command groups into sudo rule '${primary_key}'" +msgid "Add user group '${primary_key}' into sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:1455 +#: ipaserver/plugins/internal.py:823 #, python-brace-format -msgid "Add user groups into sudo rule '${primary_key}'" +msgid "Add services into user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1458 +#: ipaserver/plugins/internal.py:826 #, python-brace-format -msgid "Add host groups into sudo rule '${primary_key}'" +msgid "Add users into user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1461 +#: ipaserver/plugins/internal.py:829 #, python-brace-format -msgid "Add hosts into sudo rule '${primary_key}'" +msgid "Add groups as member managers for user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1464 +#: ipaserver/plugins/internal.py:833 #, python-brace-format -msgid "Add RunAs users into sudo rule '${primary_key}'" +msgid "Remove groups from member managers for user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1467 +#: ipaserver/plugins/internal.py:837 #, python-brace-format -msgid "Add RunAs user groups into sudo rule '${primary_key}'" +msgid "Add users as member managers for user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1470 +#: ipaserver/plugins/internal.py:841 #, python-brace-format -msgid "Add RunAs groups into sudo rule '${primary_key}'" +msgid "Remove users from member managers for user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1473 +#: ipaserver/plugins/internal.py:845 #, python-brace-format -msgid "Add users into sudo rule '${primary_key}'" +msgid "Add user ID override into user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1475 -msgid "Allow" +#: ipaserver/plugins/internal.py:847 +msgid "Group Settings" msgstr "" -#: ipaserver/plugins/internal.py:1476 -msgid "Any Command" +#: ipaserver/plugins/internal.py:848 ipaserver/plugins/internal.py:1176 +#: ipaserver/plugins/internal.py:1482 +msgid "External" msgstr "" -#: ipaserver/plugins/internal.py:1477 -msgid "Any Group" +#: ipaserver/plugins/internal.py:849 ipaserver/plugins/internal.py:1415 +msgid "Groups" msgstr "" -#: ipaserver/plugins/internal.py:1480 -msgid "Run Commands" +#: ipaserver/plugins/internal.py:850 +msgid "Group categories" msgstr "" -#: ipaserver/plugins/internal.py:1481 -msgid "Deny" +#: ipaserver/plugins/internal.py:851 +msgid "Change to external group" msgstr "" -#: ipaserver/plugins/internal.py:1483 -msgid "Access this host" +#: ipaserver/plugins/internal.py:852 +msgid "Change to POSIX group" msgstr "" -#: ipaserver/plugins/internal.py:1485 -msgid "Option added" +#: ipaserver/plugins/internal.py:853 +msgid "Non-POSIX" msgstr "" -#: ipaserver/plugins/internal.py:1486 -#, python-brace-format -msgid "${count} option(s) removed" +#: ipaserver/plugins/internal.py:854 +msgid "POSIX" msgstr "" -#: ipaserver/plugins/internal.py:1488 -msgid "Remove sudo rules" +#: ipaserver/plugins/internal.py:855 +msgid "Remove user groups" msgstr "" -#: ipaserver/plugins/internal.py:1490 +#: ipaserver/plugins/internal.py:857 #, python-brace-format -msgid "Remove allow sudo commands from sudo rule '${primary_key}'" +msgid "Remove user group '${primary_key}' from user groups" msgstr "" -#: ipaserver/plugins/internal.py:1494 +#: ipaserver/plugins/internal.py:860 #, python-brace-format -msgid "Remove allow sudo command groups from sudo rule '${primary_key}'" +msgid "Remove user group '${primary_key}' from netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1498 +#: ipaserver/plugins/internal.py:863 #, python-brace-format -msgid "Remove deny sudo commands from sudo rule '${primary_key}'" +msgid "Remove user group '${primary_key}' from roles" msgstr "" -#: ipaserver/plugins/internal.py:1502 +#: ipaserver/plugins/internal.py:866 #, python-brace-format -msgid "Remove deny sudo command groups from sudo rule '${primary_key}'" +msgid "Remove user group '${primary_key}' from HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1506 +#: ipaserver/plugins/internal.py:869 #, python-brace-format -msgid "Remove user groups from sudo rule '${primary_key}'" +msgid "Remove user group '${primary_key}' from sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:1509 +#: ipaserver/plugins/internal.py:872 #, python-brace-format -msgid "Remove host groups from sudo rule '${primary_key}'" +msgid "Remove user groups from user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1512 +#: ipaserver/plugins/internal.py:875 #, python-brace-format -msgid "Remove hosts from sudo rule '${primary_key}'" +msgid "Remove services from user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1515 +#: ipaserver/plugins/internal.py:878 #, python-brace-format -msgid "Remove RunAs users from sudo rule '${primary_key}'" +msgid "Remove users from user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1518 +#: ipaserver/plugins/internal.py:881 #, python-brace-format -msgid "Remove RunAs user groups from sudo rule '${primary_key}'" +msgid "Remove user ID overrides from user group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1521 -#, python-brace-format -msgid "Remove RunAs groups from sudo rule '${primary_key}'" +#: ipaserver/plugins/internal.py:883 +msgid "Group Type" msgstr "" -#: ipaserver/plugins/internal.py:1524 -#, python-brace-format -msgid "Remove users from sudo rule '${primary_key}'" +#: ipaserver/plugins/internal.py:887 +msgid "Add HBAC rule" msgstr "" -#: ipaserver/plugins/internal.py:1526 -msgid "As Whom" +#: ipaserver/plugins/internal.py:889 +#, python-brace-format +msgid "Add user groups into HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1527 -msgid "Specified Commands and Groups" +#: ipaserver/plugins/internal.py:892 +#, python-brace-format +msgid "Add host groups into HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1528 -msgid "Specified Groups" +#: ipaserver/plugins/internal.py:895 +#, python-brace-format +msgid "Add hosts into HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1534 -msgid "Remove sudo options" +#: ipaserver/plugins/internal.py:898 +#, python-brace-format +msgid "Add HBAC service groups into HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1537 -msgid "Autogenerated" +#: ipaserver/plugins/internal.py:902 +#, python-brace-format +msgid "Add HBAC services into HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1538 -msgid "Segment details" +#: ipaserver/plugins/internal.py:905 +#, python-brace-format +msgid "Add users into HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1539 -msgid "Replication configuration" +#: ipaserver/plugins/internal.py:910 +msgid "Accessing" msgstr "" -#: ipaserver/plugins/internal.py:1540 -#, python-brace-format -msgid "Managed topology requires minimal domain level ${domainlevel}" +#: ipaserver/plugins/internal.py:912 +msgid "Remove HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1543 -msgid "Add IPA location" +#: ipaserver/plugins/internal.py:914 +#, python-brace-format +msgid "Remove user groups from HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1545 +#: ipaserver/plugins/internal.py:917 #, python-brace-format -msgid "Add IPA server into IPA location '${primary_key}'" +msgid "Remove host groups from HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1547 -msgid "Remove IPA locations" +#: ipaserver/plugins/internal.py:920 +#, python-brace-format +msgid "Remove hosts from HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1549 +#: ipaserver/plugins/internal.py:923 #, python-brace-format -msgid "Remove IPA servers from IPA location '${primary_key}'" +msgid "Remove HBAC service groups from HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1553 -msgid "Add topology segment" +#: ipaserver/plugins/internal.py:927 +#, python-brace-format +msgid "Remove HBAC services from HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1554 -msgid "Remove topology segments" +#: ipaserver/plugins/internal.py:930 +#, python-brace-format +msgid "Remove users from HBAC rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1557 -msgid "Account" +#: ipaserver/plugins/internal.py:932 +msgid "Via Service" msgstr "" -#: ipaserver/plugins/internal.py:1558 -msgid "Add trust" +#: ipaserver/plugins/internal.py:936 ipaserver/plugins/internal.py:1531 +msgid "Who" msgstr "" -#: ipaserver/plugins/internal.py:1559 -msgid "Administrative account" +#: ipaserver/plugins/internal.py:939 +msgid "Add HBAC service" msgstr "" -#: ipaserver/plugins/internal.py:1560 -msgid "SID blocklists" +#: ipaserver/plugins/internal.py:941 +#, python-brace-format +msgid "Add HBAC service '${primary_key}' into HBAC service groups" msgstr "" -#: ipaserver/plugins/internal.py:1561 -msgid "Trust Settings" +#: ipaserver/plugins/internal.py:944 +msgid "Remove HBAC services" msgstr "" -#: ipaserver/plugins/internal.py:1563 -msgid "Establish using" +#: ipaserver/plugins/internal.py:946 +#, python-brace-format +msgid "Remove HBAC service '${primary_key}' from HBAC service groups" msgstr "" -#: ipaserver/plugins/internal.py:1564 -msgid "Fetch domains" +#: ipaserver/plugins/internal.py:951 +msgid "Add HBAC service group" msgstr "" -#: ipaserver/plugins/internal.py:1567 -msgid "Pre-shared password" +#: ipaserver/plugins/internal.py:953 +#, python-brace-format +msgid "Add HBAC services into HBAC service group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1568 -msgid "Remove trusts" +#: ipaserver/plugins/internal.py:956 +msgid "Remove HBAC service groups" msgstr "" -#: ipaserver/plugins/internal.py:1569 -msgid "Remove domains" +#: ipaserver/plugins/internal.py:958 +#, python-brace-format +msgid "Remove HBAC services from HBAC service group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1570 ipaserver/plugins/trust.py:559 -msgid "Trust direction" +#: ipaserver/plugins/internal.py:964 +msgid "Access Denied" msgstr "" -#: ipaserver/plugins/internal.py:1571 ipaserver/plugins/trust.py:567 -msgid "Trust status" +#: ipaserver/plugins/internal.py:965 +msgid "Access Granted" msgstr "" -#: ipaserver/plugins/internal.py:1572 ipaserver/plugins/trust.py:563 -msgid "Trust type" +#: ipaserver/plugins/internal.py:966 +msgid "Include Disabled" msgstr "" -#: ipaserver/plugins/internal.py:1573 -msgid "Alternative UPN suffixes" +#: ipaserver/plugins/internal.py:967 +msgid "Include Enabled" msgstr "" -#: ipaserver/plugins/internal.py:1577 -msgid "User attributes for SMB services" +#: ipaserver/plugins/internal.py:968 +msgid "HBAC Test" msgstr "" -#: ipaserver/plugins/internal.py:1580 -msgid "Path to a script executed on a Windows system at logon" +#: ipaserver/plugins/internal.py:969 +msgid "Matched" msgstr "" -#: ipaserver/plugins/internal.py:1583 -msgid "Path to a user profile, in UNC format \\\\server\\share\\" +#: ipaserver/plugins/internal.py:970 +msgid "Missing values: " msgstr "" -#: ipaserver/plugins/internal.py:1586 -msgid "Path to a user home directory, in UNC format" +#: ipaserver/plugins/internal.py:971 +msgid "New Test" msgstr "" -#: ipaserver/plugins/internal.py:1589 -msgid "Drive to mount a home directory" +#: ipaserver/plugins/internal.py:972 +msgid "Rules" msgstr "" -#: ipaserver/plugins/internal.py:1596 -msgid "Account Settings" +#: ipaserver/plugins/internal.py:973 +msgid "Run Test" msgstr "" -#: ipaserver/plugins/internal.py:1597 -msgid "Account Status" +#: ipaserver/plugins/internal.py:974 +#, python-brace-format +msgid "Specify external ${entity}" msgstr "" -#: ipaserver/plugins/internal.py:1598 -msgid "Active users" +#: ipaserver/plugins/internal.py:975 +msgid "Unmatched" msgstr "" -#: ipaserver/plugins/internal.py:1599 -msgid "Add user" +#: ipaserver/plugins/internal.py:978 +msgid "Add host" msgstr "" -#: ipaserver/plugins/internal.py:1601 +#: ipaserver/plugins/internal.py:980 #, python-brace-format -msgid "Add user '${primary_key}' into user groups" +msgid "Add hosts managing host '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1604 +#: ipaserver/plugins/internal.py:983 #, python-brace-format -msgid "Add user '${primary_key}' into HBAC rules" +msgid "Add host '${primary_key}' into host groups" msgstr "" -#: ipaserver/plugins/internal.py:1607 +#: ipaserver/plugins/internal.py:986 #, python-brace-format -msgid "Add user '${primary_key}' into netgroups" +msgid "Add host '${primary_key}' into HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1610 +#: ipaserver/plugins/internal.py:989 #, python-brace-format -msgid "Add user '${primary_key}' into roles" +msgid "Add host '${primary_key}' into netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1613 +#: ipaserver/plugins/internal.py:992 #, python-brace-format -msgid "Add user '${primary_key}' into sudo rules" -msgstr "" - -#: ipaserver/plugins/internal.py:1615 -msgid "Auto assign subordinate ids" +msgid "Add host '${primary_key}' into roles" msgstr "" -#: ipaserver/plugins/internal.py:1617 +#: ipaserver/plugins/internal.py:995 #, python-brace-format -msgid "" -"Are you sure you want to auto-assign a subordinate id to user ${object}?" +msgid "Add host '${primary_key}' into sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:1620 -msgid "Contact Settings" +#: ipaserver/plugins/internal.py:997 +msgid "Host Certificate" msgstr "" -#: ipaserver/plugins/internal.py:1621 -msgid "Delete mode" +#: ipaserver/plugins/internal.py:998 ipaserver/plugins/internal.py:1350 +msgid "Host Name" msgstr "" -#: ipaserver/plugins/internal.py:1622 -msgid "Employee Information" +#: ipaserver/plugins/internal.py:999 ipaserver/plugins/internal.py:1348 +msgid "Delete Key, Unprovision" msgstr "" -#: ipaserver/plugins/internal.py:1623 -msgid "Error changing account status" +#: ipaserver/plugins/internal.py:1000 +msgid "Host Settings" msgstr "" -#: ipaserver/plugins/internal.py:1624 -msgid "Password expiration" +#: ipaserver/plugins/internal.py:1001 +msgid "Enrolled" msgstr "" -#: ipaserver/plugins/internal.py:1625 -msgid "Mailing Address" +#: ipaserver/plugins/internal.py:1002 +msgid "Enrollment" msgstr "" -#: ipaserver/plugins/internal.py:1626 -msgid "Misc. Information" +#: ipaserver/plugins/internal.py:1003 +msgid "Fully Qualified Host Name" msgstr "" -#: ipaserver/plugins/internal.py:1627 -msgid "delete" +#: ipaserver/plugins/internal.py:1004 +msgid "Generate OTP" msgstr "" -#: ipaserver/plugins/internal.py:1628 -msgid "preserve" +#: ipaserver/plugins/internal.py:1005 +msgid "Generated OTP" msgstr "" -#: ipaserver/plugins/internal.py:1629 -msgid "No private group" +#: ipaserver/plugins/internal.py:1006 +msgid "Kerberos Key" msgstr "" -#: ipaserver/plugins/internal.py:1630 -msgid "Remove users" +#: ipaserver/plugins/internal.py:1007 ipaserver/plugins/internal.py:1351 +msgid "Kerberos Key Not Present" msgstr "" -#: ipaserver/plugins/internal.py:1632 -#, python-brace-format -msgid "Remove user '${primary_key}' from user groups" +#: ipaserver/plugins/internal.py:1008 +msgid "Kerberos Key Present, Host Provisioned" msgstr "" -#: ipaserver/plugins/internal.py:1635 -#, python-brace-format -msgid "Remove user '${primary_key}' from netgroups" +#: ipaserver/plugins/internal.py:1009 ipaserver/plugins/internal.py:1738 +msgid "One-Time Password" msgstr "" -#: ipaserver/plugins/internal.py:1638 -#, python-brace-format -msgid "Remove user '${primary_key}' from roles" +#: ipaserver/plugins/internal.py:1010 +msgid "One-Time Password Not Present" msgstr "" -#: ipaserver/plugins/internal.py:1641 -#, python-brace-format -msgid "Remove user '${primary_key}' from HBAC rules" +#: ipaserver/plugins/internal.py:1011 +msgid "One-Time Password Present" msgstr "" -#: ipaserver/plugins/internal.py:1644 -#, python-brace-format -msgid "Remove user '${primary_key}' from sudo rules" +#: ipaserver/plugins/internal.py:1012 +msgid "Reset OTP" msgstr "" -#: ipaserver/plugins/internal.py:1646 -#, python-brace-format -msgid "" -"Are you sure you want to ${action} the user?
The change will take effect " -"immediately." +#: ipaserver/plugins/internal.py:1013 +msgid "Reset One-Time Password" msgstr "" -#: ipaserver/plugins/internal.py:1647 -#, python-brace-format -msgid "Click to ${action}" +#: ipaserver/plugins/internal.py:1014 +msgid "Set OTP" msgstr "" -#: ipaserver/plugins/internal.py:1648 -msgid "Unlock" +#: ipaserver/plugins/internal.py:1015 +msgid "OTP set" msgstr "" -#: ipaserver/plugins/internal.py:1649 -#, python-brace-format -msgid "Are you sure you want to unlock user ${object}?" +#: ipaserver/plugins/internal.py:1016 +msgid "Set One-Time Password" msgstr "" -#: ipaserver/plugins/internal.py:1652 -msgid "Add vault" +#: ipaserver/plugins/internal.py:1017 +msgid "Remove hosts" msgstr "" -#: ipaserver/plugins/internal.py:1654 +#: ipaserver/plugins/internal.py:1019 #, python-brace-format -msgid "Add user groups into members of vault '${primary_key}'" +msgid "Remove hosts managing host '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1657 +#: ipaserver/plugins/internal.py:1022 #, python-brace-format -msgid "Add services into members of vault '${primary_key}'" +msgid "Remove host '${primary_key}' from host groups" msgstr "" -#: ipaserver/plugins/internal.py:1660 +#: ipaserver/plugins/internal.py:1025 #, python-brace-format -msgid "Add users into members of vault '${primary_key}'" +msgid "Remove host '${primary_key}' from netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1663 +#: ipaserver/plugins/internal.py:1028 #, python-brace-format -msgid "Add user groups into owners of vault '${primary_key}'" +msgid "Remove host '${primary_key}' from roles" msgstr "" -#: ipaserver/plugins/internal.py:1666 +#: ipaserver/plugins/internal.py:1031 #, python-brace-format -msgid "Add services into owners of vault '${primary_key}'" +msgid "Remove host '${primary_key}' from HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1669 +#: ipaserver/plugins/internal.py:1034 #, python-brace-format -msgid "Add users into owners of vault '${primary_key}'" -msgstr "" - -#: ipaserver/plugins/internal.py:1672 -msgid "" -"Secrets can be added/retrieved to vault only by using vault-archive and " -"vault-retrieve from CLI." -msgstr "" - -#: ipaserver/plugins/internal.py:1676 -msgid "" -"Content of 'standard' vaults can be seen by users with higher privileges " -"(admins)." +msgid "Remove host '${primary_key}' from sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:1679 -msgid "Asymmetric" +#: ipaserver/plugins/internal.py:1037 ipaserver/plugins/internal.py:1362 +msgid "Unprovision" msgstr "" -#: ipaserver/plugins/internal.py:1680 -msgid "Vaults Config" +#: ipaserver/plugins/internal.py:1038 +msgid "Are you sure you want to unprovision this host?" msgstr "" -#: ipaserver/plugins/internal.py:1682 -msgid "Members" +#: ipaserver/plugins/internal.py:1039 +msgid "Unprovisioning host" msgstr "" -#: ipaserver/plugins/internal.py:1683 -msgid "My User Vaults" +#: ipaserver/plugins/internal.py:1040 +msgid "Host unprovisioned" msgstr "" -#: ipaserver/plugins/internal.py:1684 -msgid "Owners" +#: ipaserver/plugins/internal.py:1043 +msgid "Add host group" msgstr "" -#: ipaserver/plugins/internal.py:1685 -msgid "Remove vaults" +#: ipaserver/plugins/internal.py:1045 +#, python-brace-format +msgid "Add hosts into host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1687 +#: ipaserver/plugins/internal.py:1048 #, python-brace-format -msgid "Remove user groups from members of vault '${primary_key}'" +msgid "Add host groups into host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1690 +#: ipaserver/plugins/internal.py:1051 #, python-brace-format -msgid "Remove services from members of vault '${primary_key}'" +msgid "Add host group '${primary_key}' into host groups" msgstr "" -#: ipaserver/plugins/internal.py:1693 +#: ipaserver/plugins/internal.py:1054 #, python-brace-format -msgid "Remove users from members of vault '${primary_key}'" +msgid "Add host group '${primary_key}' into HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1696 +#: ipaserver/plugins/internal.py:1057 #, python-brace-format -msgid "Remove user groups from owners of vault '${primary_key}'" +msgid "Add host group '${primary_key}' into netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1699 +#: ipaserver/plugins/internal.py:1060 #, python-brace-format -msgid "Remove services from owners of vault '${primary_key}'" +msgid "Add host group '${primary_key}' into sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:1702 +#: ipaserver/plugins/internal.py:1063 #, python-brace-format -msgid "Remove users from owners of vault '${primary_key}'" +msgid "Add groups as member managers for host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1705 -msgid "Service Vaults" +#: ipaserver/plugins/internal.py:1067 +#, python-brace-format +msgid "Remove groups from member managers for host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1706 -msgid "Shared" +#: ipaserver/plugins/internal.py:1071 +#, python-brace-format +msgid "Add users as member managers for host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1707 -msgid "Shared Vaults" +#: ipaserver/plugins/internal.py:1075 +#, python-brace-format +msgid "Remove users from member managers for host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1708 -msgid "Standard" +#: ipaserver/plugins/internal.py:1079 +msgid "Host Group Settings" msgstr "" -#: ipaserver/plugins/internal.py:1709 -msgid "Symmetric" +#: ipaserver/plugins/internal.py:1080 +msgid "Remove host groups" msgstr "" -#: ipaserver/plugins/internal.py:1710 -msgid "Vault Type" +#: ipaserver/plugins/internal.py:1082 +#, python-brace-format +msgid "Remove host group '${primary_key}' from host groups" msgstr "" -#: ipaserver/plugins/internal.py:1712 -msgid "" -"Only standard vaults can be created in WebUI, use CLI for other types of " -"vaults." +#: ipaserver/plugins/internal.py:1085 +#, python-brace-format +msgid "Remove host group '${primary_key}' from netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1716 -msgid "User Vaults" +#: ipaserver/plugins/internal.py:1088 +#, python-brace-format +msgid "Remove host group '${primary_key}' from HBAC rules" msgstr "" -#: ipaserver/plugins/internal.py:1721 -msgid "Current password is required" +#: ipaserver/plugins/internal.py:1091 +#, python-brace-format +msgid "Remove host group '${primary_key}' from sudo rules" msgstr "" -#: ipaserver/plugins/internal.py:1722 +#: ipaserver/plugins/internal.py:1094 #, python-brace-format -msgid "Your password expires in ${days} days." +msgid "Remove hosts from host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1723 -msgid "First OTP" +#: ipaserver/plugins/internal.py:1097 +#, python-brace-format +msgid "Remove host groups from host group '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1727 -msgid "New password is required" +#: ipaserver/plugins/internal.py:1101 +msgid "Keycloak or Red Hat SSO" msgstr "" -#: ipaserver/plugins/internal.py:1730 -msgid "" -" OTP (One-Time Password):Generate new OTP code for each OTP field." +#: ipaserver/plugins/internal.py:1102 +msgid "Google" msgstr "" -#: ipaserver/plugins/internal.py:1734 -msgid "" -" OTP (One-Time Password):Leave blank if you are not using OTP tokensfor authentication." +#: ipaserver/plugins/internal.py:1103 +msgid "Github" msgstr "" -#: ipaserver/plugins/internal.py:1739 -msgid "Token synchronization failed" +#: ipaserver/plugins/internal.py:1104 +msgid "Microsoft or Azure" msgstr "" -#: ipaserver/plugins/internal.py:1740 -msgid "The username, password or token codes are not correct" +#: ipaserver/plugins/internal.py:1105 +msgid "Okta" msgstr "" -#: ipaserver/plugins/internal.py:1741 -msgid "Token was synchronized" +#: ipaserver/plugins/internal.py:1106 +msgid "OAuth 2.0 client details" msgstr "" -#: ipaserver/plugins/internal.py:1744 -msgid "Password change complete" +#: ipaserver/plugins/internal.py:1107 +msgid "Identity provider details" msgstr "" -#: ipaserver/plugins/internal.py:1746 -msgid "Your password has expired. Please enter a new password." +#: ipaserver/plugins/internal.py:1108 +msgid "Verify secret" msgstr "" -#: ipaserver/plugins/internal.py:1747 -msgid "Passwords must match" +#: ipaserver/plugins/internal.py:1111 +msgid "User to override" msgstr "" -#: ipaserver/plugins/internal.py:1748 -msgid "Password reset was not successful." +#: ipaserver/plugins/internal.py:1112 +msgid "" +"Enter trusted or IPA user login. Note: search doesn't list users from " +"trusted domains." msgstr "" -#: ipaserver/plugins/internal.py:1750 -msgid "Reset your password." +#: ipaserver/plugins/internal.py:1113 +msgid "Enter trusted user login." msgstr "" -#: ipaserver/plugins/internal.py:1751 -msgid "Second OTP" +#: ipaserver/plugins/internal.py:1114 ipaserver/plugins/internal.py:1760 +msgid "Profile" msgstr "" -#: ipaserver/plugins/internal.py:1753 -msgid "Verify Password" +#: ipaserver/plugins/internal.py:1117 +msgid "Group to override" msgstr "" -#: ipaserver/plugins/internal.py:1763 -msgid "Are you sure you want to delete selected entries?" +#: ipaserver/plugins/internal.py:1118 +msgid "" +"Enter trusted or IPA group name. Note: search doesn't list groups from " +"trusted domains." msgstr "" -#: ipaserver/plugins/internal.py:1764 -#, python-brace-format -msgid "${count} item(s) deleted" +#: ipaserver/plugins/internal.py:1119 +msgid "Enter trusted group name." msgstr "" -#: ipaserver/plugins/internal.py:1765 -msgid "Are you sure you want to disable selected entries?" +#: ipaserver/plugins/internal.py:1122 +msgid "Add ID view" msgstr "" -#: ipaserver/plugins/internal.py:1766 -#, python-brace-format -msgid "${count} item(s) disabled" +#: ipaserver/plugins/internal.py:1123 +msgid "Add group ID override" msgstr "" -#: ipaserver/plugins/internal.py:1767 -msgid "Are you sure you want to enable selected entries?" +#: ipaserver/plugins/internal.py:1124 +msgid "Add user ID override" msgstr "" -#: ipaserver/plugins/internal.py:1768 +#: ipaserver/plugins/internal.py:1125 #, python-brace-format -msgid "${count} item(s) enabled" -msgstr "" - -#: ipaserver/plugins/internal.py:1769 -msgid "Some entries were not deleted" +msgid "${primary_key} applies to:" msgstr "" -#: ipaserver/plugins/internal.py:1772 -msgid "Quick Links" +#: ipaserver/plugins/internal.py:1126 ipaserver/plugins/internal.py:1127 +msgid "Applied to hosts" msgstr "" -#: ipaserver/plugins/internal.py:1773 -msgid "Select All" +#: ipaserver/plugins/internal.py:1128 +msgid "Apply to host groups" msgstr "" -#: ipaserver/plugins/internal.py:1774 +#: ipaserver/plugins/internal.py:1130 #, python-brace-format -msgid "" -"Query returned more results than the configured size limit. Displaying the " -"first ${counter} results." -msgstr "" - -#: ipaserver/plugins/internal.py:1775 -msgid "Unselect All" +msgid "Apply ID view '${primary_key}' on hosts of host groups" msgstr "" -#: ipaserver/plugins/internal.py:1779 -msgid "" -"

Browser Kerberos Setup

\n" -"\n" +#: ipaserver/plugins/internal.py:1132 +msgid "Apply to hosts" msgstr "" -#: ipaserver/plugins/internal.py:1783 -msgid "" -"

Firefox

\n" -"\n" -"

\n" -" You can configure Firefox to use Kerberos for Single Sign-on. " -"The following instructions will guide you in configuring your web browser to " -"send your Kerberos credentials to the appropriate Key Distribution Center " -"which enables Single Sign-on.\n" -"

\n" -"\n" +#: ipaserver/plugins/internal.py:1134 +#, python-brace-format +msgid "Apply ID view '${primary_key}' on hosts" msgstr "" -#: ipaserver/plugins/internal.py:1795 -msgid "" -"
    \n" -"
  1. \n" -"

    \n" -"Import " -"Certificate Authority certificate\n" -"

    \n" -"

    \n" -" Make sure you select all three checkboxes.\n" -"

    \n" -"
    2. \n" -"
  2. \n" -" In the address bar of Firefox, type about:config to display the list of current configuration options.\n" -"
    3. \n" -"
  3. \n" -" In the Filter field, type negotiate to restrict " -"the list of options.\n" -"
    4. \n" -"
  4. \n" -" Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.\n" -"
    5. \n" -"
  5. \n" -" Enter the name of the domain against which you want to " -"authenticate, for example, .example.com.\n" -"
    6. \n" -"
  6. Return to Web UI
    7. \n" -"
\n" -"\n" +#: ipaserver/plugins/internal.py:1137 +#, python-brace-format +msgid "${primary_key} overrides:" msgstr "" -#: ipaserver/plugins/internal.py:1831 -msgid "" -"

Chrome

\n" -"\n" -"

\n" -" You can configure Chrome to use Kerberos for Single Sign-on. The " -"following instructions will guide you in configuring your web browser to " -"send your Kerberos credentials to the appropriate Key Distribution Center " -"which enables Single Sign-on.\n" -"

\n" -"\n" +#: ipaserver/plugins/internal.py:1138 +msgid "Remove ID views" msgstr "" -#: ipaserver/plugins/internal.py:1843 -msgid "" -"

Import CA Certificate

\n" -"
    \n" -"
  1. \n" -" Download the CA certificate. " -"Alternatively, if the host is also an IdM client, you can find the " -"certificate in /etc/ipa/ca.crt.\n" -"
    2. \n" -"
  2. \n" -" Click the menu button with the Customize and control " -"Google Chrome tooltip, which is by default in the top right-hand corner " -"of Chrome, and click Settings.\n" -"
    3. \n" -"
  3. \n" -" Click Show advanced settings to display more " -"options, and then click the Manage certificates button located " -"under the HTTPS/SSL heading.\n" -"
    4. \n" -"
  4. \n" -" In the Authorities tab, click the Import " -"button at the bottom.\n" -"
    5. \n" -"
  5. Select the CA certificate file that you downloaded in the first step.\n" -"
\n" -"\n" +#: ipaserver/plugins/internal.py:1139 +msgid "Remove user ID overrides" msgstr "" -#: ipaserver/plugins/internal.py:1872 -msgid "" -"

\n" -" Enable SPNEGO (Simple and Protected GSSAPI Negotiation " -"Mechanism) to Use Kerberos Authentication\n" -" in Chrome\n" -"

\n" -"
    \n" -"
  1. \n" -" Make sure you have the necessary directory created by " -"running:\n" -"
    \n" -" [root@client]# mkdir -p /etc/opt/chrome/policies/" -"managed/\n" -"
    \n" -"
    2. \n" -"
  2. \n" -" Create a new /etc/opt/chrome/policies/managed/mydomain." -"json file with write privileges limited to the system administrator " -"or root, and include the following line:\n" -"
    \n" -" { \"AuthServerWhitelist\": \"*.example.com\" }\n" -"
    \n" -"
    \n" -" You can do this by running:\n" -"
    \n" -"
    \n" -" [root@server]# echo '{ \"AuthServerWhitelist\": \"*.example.com\" }' > /etc/opt/chrome/policies/" -"managed/mydomain.json\n" -"
    \n" -"
    3. \n" -"
\n" -"
    \n" -"

    \n" -"Note: If using Chromium, use /etc/chromium/policies/" -"managed/ instead of /etc/opt/chrome/policies/managed/ " -"for the two SPNEGO Chrome configuration steps above.\n" -"

    \n" -"
\n" -"\n" +#: ipaserver/plugins/internal.py:1140 +msgid "Remove group ID overrides" msgstr "" -#: ipaserver/plugins/internal.py:1917 -msgid "" -"

Internet Explorer

\n" -"

WARNING: Internet Explorer is no longer a supported " -"browser.

\n" -"

\n" -" Once you are able to log into the workstation with your kerberos " -"key you are now able to use that ticket in Internet Explorer.\n" -"

\n" -"

\n" +#: ipaserver/plugins/internal.py:1141 +msgid "Un-apply from host groups" msgstr "" -#: ipaserver/plugins/internal.py:1928 -msgid "" -"Log into the Windows machine using an account of your Kerberos realm " -"(administrative domain)\n" -"

\n" -"

\n" -"In Internet Explorer, click Tools, and then click Internet Options.\n" -"

\n" -"
\n" -"
    \n" -"
  1. Click the Security tab
    2. \n" -"
  2. Click Local intranet
    3. \n" -"
  3. Click Sites
    4. \n" -"
  4. Click Advanced
    5. \n" -"
  5. Add your domain to the list
    6. \n" -"
\n" -"
    \n" -"
  1. Click the Security tab
    2. \n" -"
  2. Click Local intranet
    3. \n" -"
  3. Click Custom Level
    4. \n" -"
  4. Select Automatic logon only in Intranet zone
    5. \n" -"
\n" -"\n" -"
    \n" -"
  1. Visit a kerberized web site using IE (You must use the fully-qualified " -"Domain Name in the URL)
    2. \n" -"
  2. You are all set.
    3. \n" -"
\n" -"
\n" -"\n" +#: ipaserver/plugins/internal.py:1142 +msgid "Un-apply ID Views from hosts of hostgroups" msgstr "" -#: ipaserver/plugins/internal.py:1965 -msgid "Working" +#: ipaserver/plugins/internal.py:1143 +msgid "Un-apply" msgstr "" -#: ipaserver/plugins/internal.py:1968 -msgid "Audit" +#: ipaserver/plugins/internal.py:1144 +msgid "Un-apply from hosts" msgstr "" -#: ipaserver/plugins/internal.py:1969 -msgid "Authentication" +#: ipaserver/plugins/internal.py:1145 +msgid "Un-apply ID Views from hosts" msgstr "" -#: ipaserver/plugins/internal.py:1971 -msgid "Automount" +#: ipaserver/plugins/internal.py:1146 +msgid "Are you sure you want to un-apply ID view from selected entries?" msgstr "" -#: ipaserver/plugins/internal.py:1973 -msgid "DNS" +#: ipaserver/plugins/internal.py:1148 +#, python-brace-format +msgid "Un-apply ID view '${primary_key}' from hosts" msgstr "" -#: ipaserver/plugins/internal.py:1974 -msgid "Host-Based Access Control" +#: ipaserver/plugins/internal.py:1152 ipaserver/plugins/krbtpolicy.py:128 +#: ipaserver/plugins/krbtpolicy.py:129 +msgid "Kerberos Ticket Policy" msgstr "" -#: ipaserver/plugins/internal.py:1975 -msgid "Identity" +#: ipaserver/plugins/internal.py:1155 +msgid "Add netgroup" msgstr "" -#: ipaserver/plugins/internal.py:1977 -msgid "Network Services" +#: ipaserver/plugins/internal.py:1157 +#, python-brace-format +msgid "Add netgroup '${primary_key}' into netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1978 -msgid "Policy" +#: ipaserver/plugins/internal.py:1160 +#, python-brace-format +msgid "Add netgroups into netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1979 -msgid "Role-Based Access Control" +#: ipaserver/plugins/internal.py:1163 +#, python-brace-format +msgid "Add user groups into netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1980 -msgid "Subordinate IDs" +#: ipaserver/plugins/internal.py:1166 +#, python-brace-format +msgid "Add hosts into netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1981 -msgid "Sudo" +#: ipaserver/plugins/internal.py:1169 +#, python-brace-format +msgid "Add host groups into netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1982 -msgid "Topology" +#: ipaserver/plugins/internal.py:1172 +#, python-brace-format +msgid "Add users into netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:1983 ipaserver/plugins/trust.py:533 -msgid "Trusts" +#: ipaserver/plugins/internal.py:1180 +msgid "Netgroup Settings" msgstr "" -#: ipaserver/plugins/internal.py:1985 -msgid "True" +#: ipaserver/plugins/internal.py:1182 +msgid "Remove netgroups" msgstr "" -#: ipaserver/plugins/internal.py:1987 -msgid "" -"

Unable to verify your Kerberos credentials

\n" -"

\n" -" Please make sure that you have valid Kerberos tickets " -"(obtainable via kinit), and that you have configured your " -"browser correctly.\n" -"

\n" -"\n" -"

Browser configuration

\n" -"\n" -"
\n" -"

\n" -" If this is your first time, please configure your browser.\n" -"

\n" -"
\n" +#: ipaserver/plugins/internal.py:1184 +#, python-brace-format +msgid "Remove netgroup '${primary_key}' from netgroups" msgstr "" -#: ipaserver/plugins/internal.py:2004 -msgid "API Browser" +#: ipaserver/plugins/internal.py:1187 +#, python-brace-format +msgid "Remove user groups from netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2005 -msgid "First" +#: ipaserver/plugins/internal.py:1190 +#, python-brace-format +msgid "Remove hosts from netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2006 -msgid "Last" +#: ipaserver/plugins/internal.py:1193 +#, python-brace-format +msgid "Remove host groups from netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2007 -msgid "Next" +#: ipaserver/plugins/internal.py:1196 +#, python-brace-format +msgid "Remove netgroups from netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2008 -msgid "Page" +#: ipaserver/plugins/internal.py:1199 +#, python-brace-format +msgid "Remove users from netgroup '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2009 -msgid "Prev" +#: ipaserver/plugins/internal.py:1208 +msgid "Add OTP token" msgstr "" -#: ipaserver/plugins/internal.py:2010 -msgid "Undo" +#: ipaserver/plugins/internal.py:1210 +#, python-brace-format +msgid "Add users managing OTP token '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2011 -msgid "Undo this change." +#: ipaserver/plugins/internal.py:1212 +#, python-brace-format +msgid "" +"You can use FreeOTP as a software " +"OTP token application." msgstr "" -#: ipaserver/plugins/internal.py:2012 -msgid "Undo All" +#: ipaserver/plugins/internal.py:1213 +msgid "Configure your token" msgstr "" -#: ipaserver/plugins/internal.py:2013 -msgid "Undo all changes in this field." +#: ipaserver/plugins/internal.py:1214 +msgid "" +"Configure your token by scanning the QR code below. Click on the QR code if " +"you see this on the device you want to configure." msgstr "" -#: ipaserver/plugins/internal.py:2015 -msgid "Text does not match field pattern" +#: ipaserver/plugins/internal.py:1215 +msgid "OTP Token Settings" msgstr "" -#: ipaserver/plugins/internal.py:2016 -msgid "Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")" +#: ipaserver/plugins/internal.py:1216 +msgid "Disable token" msgstr "" -#: ipaserver/plugins/internal.py:2017 -msgid "Must be a decimal number" +#: ipaserver/plugins/internal.py:1217 +msgid "Enable token" msgstr "" -#: ipaserver/plugins/internal.py:2018 -msgid "Format error" +#: ipaserver/plugins/internal.py:1218 +msgid "Remove OTP tokens" msgstr "" -#: ipaserver/plugins/internal.py:2019 -msgid "Must be an integer" +#: ipaserver/plugins/internal.py:1220 +#, python-brace-format +msgid "Remove users managing OTP token '${primary_key}'" msgstr "" -#: ipaserver/plugins/internal.py:2020 -msgid "Not a valid IP address" +#: ipaserver/plugins/internal.py:1222 +msgid "Show QR code" msgstr "" -#: ipaserver/plugins/internal.py:2021 -msgid "Not a valid IPv4 address" +#: ipaserver/plugins/internal.py:1223 +msgid "Show configuration uri" msgstr "" -#: ipaserver/plugins/internal.py:2022 -msgid "Not a valid IPv6 address" +#: ipaserver/plugins/internal.py:1224 +msgid "Counter-based (HOTP)" msgstr "" -#: ipaserver/plugins/internal.py:2023 -#, python-brace-format -msgid "Maximum value is ${value}" +#: ipaserver/plugins/internal.py:1225 +msgid "Time-based (TOTP)" msgstr "" -#: ipaserver/plugins/internal.py:2024 +#: ipaserver/plugins/internal.py:1228 +msgid "Add Passkey" +msgstr "" + +#: ipaserver/plugins/internal.py:1231 #, python-brace-format -msgid "Minimum value is ${value}" +msgid "Do you want to remove passkey ${passkey}?" msgstr "" -#: ipaserver/plugins/internal.py:2025 -msgid "Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)" +#: ipaserver/plugins/internal.py:1232 +msgid "Remove Passkey" msgstr "" -#: ipaserver/plugins/internal.py:2026 -msgid "Parse error" +#: ipaserver/plugins/internal.py:1233 +msgid "(discoverable) " msgstr "" -#: ipaserver/plugins/internal.py:2027 -msgid "Must be a positive number" +#: ipaserver/plugins/internal.py:1234 +msgid "(server-side) " msgstr "" -#: ipaserver/plugins/internal.py:2028 -#, python-brace-format -msgid "'${port}' is not a valid port" +#: ipaserver/plugins/internal.py:1240 +msgid "Add Custom Attribute" msgstr "" -#: ipaserver/plugins/internal.py:2029 -msgid "Required field" +#: ipaserver/plugins/internal.py:1243 +msgid "Permission settings" msgstr "" -#: ipaserver/plugins/internal.py:2030 -msgid "Unsupported value" +#: ipaserver/plugins/internal.py:1244 +msgid "Attribute breakdown" +msgstr "" + +#: ipaserver/plugins/internal.py:1248 +msgid "Privilege Settings" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:86 -msgid "kerberos ticket policy settings" +#: ipaserver/plugins/internal.py:1251 +msgid "Public key:" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:152 -msgid "OTP max life" +#: ipaserver/plugins/internal.py:1252 +msgid "Set public key" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:153 -msgid "OTP token maximum ticket life (seconds)" +#: ipaserver/plugins/internal.py:1253 ipaserver/plugins/internal.py:1372 +msgid "Show/Set key" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:157 -msgid "OTP max renew" +#: ipaserver/plugins/internal.py:1254 ipaserver/plugins/internal.py:1373 +msgid "Modified: key not set" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:158 -msgid "OTP token ticket maximum renewable age (seconds)" +#: ipaserver/plugins/internal.py:1255 ipaserver/plugins/internal.py:1374 +msgid "Modified" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:162 -msgid "RADIUS max life" +#: ipaserver/plugins/internal.py:1256 ipaserver/plugins/internal.py:1375 +msgid "New: key not set" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:163 -msgid "RADIUS maximum ticket life (seconds)" +#: ipaserver/plugins/internal.py:1257 ipaserver/plugins/internal.py:1376 +msgid "New: key set" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:167 -msgid "RADIUS max renew" +#: ipaserver/plugins/internal.py:1260 +msgid "Add password policy" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:168 -msgid "RADIUS ticket maximum renewable age (seconds)" +#: ipaserver/plugins/internal.py:1262 +msgid "Remove password policies" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:172 -msgid "PKINIT max life" +#: ipaserver/plugins/internal.py:1265 +msgid "Add ID range" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:173 -msgid "PKINIT maximum ticket life (seconds)" +#: ipaserver/plugins/internal.py:1266 +msgid "Range Settings" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:177 -msgid "PKINIT max renew" +#: ipaserver/plugins/internal.py:1268 ipaserver/plugins/internal.py:1398 +msgid "Base ID" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:178 -msgid "PKINIT ticket maximum renewable age (seconds)" +#: ipaserver/plugins/internal.py:1269 +msgid "Primary RID base" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:182 -msgid "Hardened max life" +#: ipaserver/plugins/internal.py:1270 ipaserver/plugins/internal.py:1405 +msgid "Range size" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:183 -msgid "Hardened ticket maximum ticket life (seconds)" +#: ipaserver/plugins/internal.py:1271 +msgid "Domain SID" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:187 -msgid "Hardened max renew" +#: ipaserver/plugins/internal.py:1272 +msgid "Secondary RID base" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:188 -msgid "Hardened ticket maximum renewable age (seconds)" +#: ipaserver/plugins/internal.py:1273 +msgid "Remove ID ranges" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:192 -msgid "IdP max life" +#: ipaserver/plugins/internal.py:1276 +msgid "Active Directory domain with POSIX attributes" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:193 -msgid "External Identity Provider ticket maximum ticket life (seconds)" +#: ipaserver/plugins/internal.py:1277 +msgid "Detect" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:198 -msgid "IdP max renew" +#: ipaserver/plugins/internal.py:1278 +msgid "Local domain" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:199 -msgid "External Identity Provider ticket maximum renewable age (seconds)" +#: ipaserver/plugins/internal.py:1279 +msgid "IPA trust" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:204 -msgid "Passkey max life" +#: ipaserver/plugins/internal.py:1280 +msgid "Active Directory winsync" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:205 -msgid "Passkey ticket maximum ticket life (seconds)" +#: ipaserver/plugins/internal.py:1283 +msgid "Add RADIUS server" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:209 -msgid "Passkey max renew" +#: ipaserver/plugins/internal.py:1284 +msgid "RADIUS Proxy Server Settings" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:210 -msgid "Passkey ticket maximum renewable age (seconds)" +#: ipaserver/plugins/internal.py:1285 +msgid "Remove RADIUS servers" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:294 -#, python-format -msgid "Ticket policy for %s could not be read" +#: ipaserver/plugins/internal.py:1289 +msgid "Check DNS" msgstr "" -#: ipaserver/plugins/krbtpolicy.py:314 -msgid "Default ticket policy could not be read" +#: ipaserver/plugins/internal.py:1290 +msgid "Do you also want to perform DNS check?" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:19 -msgid "" -"\n" -"Passkey configuration\n" +#: ipaserver/plugins/internal.py:1291 +msgid "Force Update" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:21 -msgid "" -"\n" -"Manage Passkey configuration.\n" +#: ipaserver/plugins/internal.py:1296 +msgid "Add SELinux user map" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:23 -msgid "" -"\n" -"IPA supports the use of passkeys for authentication. A passkey\n" -"device has to be registered to SSSD and the resulting authentication " -"mapping\n" -"stored in the user entry.\n" -"The passkey authentication supports the following configuration option:\n" -"require user verification. When set, the method for user verification " -"depends\n" -"on the type of device (PIN, fingerprint, external pad...)\n" +#: ipaserver/plugins/internal.py:1298 +#, python-brace-format +msgid "Add user groups into SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:32 -msgid "" -"\n" -" Display the Passkey configuration:\n" -" ipa passkeyconfig-show\n" +#: ipaserver/plugins/internal.py:1301 +#, python-brace-format +msgid "Add host groups into SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:35 -msgid "" -"\n" -" Modify the Passkey configuration to always require user verification:\n" -" ipa passkeyconfig-mod --require-user-verification=TRUE\n" +#: ipaserver/plugins/internal.py:1304 +#, python-brace-format +msgid "Add hosts into SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:48 -msgid "Passkey configuration options" +#: ipaserver/plugins/internal.py:1307 +#, python-brace-format +msgid "Add users into SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:52 ipaserver/plugins/passkeyconfig.py:53 -msgid "Passkey Configuration" +#: ipaserver/plugins/internal.py:1312 +msgid "Remove selinux user maps" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:59 -msgid "Require user verification" +#: ipaserver/plugins/internal.py:1314 +#, python-brace-format +msgid "Remove user groups from SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:60 -msgid "Require user verification during authentication" +#: ipaserver/plugins/internal.py:1317 +#, python-brace-format +msgid "Remove host groups from SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:89 -msgid "Modify Passkey configuration." +#: ipaserver/plugins/internal.py:1320 +#, python-brace-format +msgid "Remove hosts from SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/passkeyconfig.py:94 -msgid "Show the current Passkey configuration." +#: ipaserver/plugins/internal.py:1323 +#, python-brace-format +msgid "Remove users from SELinux user map '${primary_key}'" msgstr "" -#: ipaserver/plugins/permission.py:41 -msgid "" -"\n" -"Permissions\n" +#: ipaserver/plugins/internal.py:1330 +msgid "Server Roles" msgstr "" -#: ipaserver/plugins/permission.py:43 -msgid "" -"\n" -"A permission enables fine-grained delegation of rights. A permission is\n" -"a human-readable wrapper around a 389-ds Access Control Rule,\n" -"or instruction (ACI).\n" -"A permission grants the right to perform a specific task such as adding a\n" -"user, modifying a group, etc.\n" +#: ipaserver/plugins/internal.py:1331 +msgid "Server Role" msgstr "" -#: ipaserver/plugins/permission.py:49 -msgid "" -"\n" -"A permission may not contain other permissions.\n" +#: ipaserver/plugins/internal.py:1334 +msgid "Warning: Consider service replication" msgstr "" -#: ipaserver/plugins/permission.py:51 +#: ipaserver/plugins/internal.py:1335 msgid "" -"\n" -"* A permission grants access to read, write, add, delete, read, search,\n" -" or compare.\n" -"* A privilege combines similar permissions (for example all the permissions\n" -" needed to add a user).\n" -"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +"It is strongly recommended to keep the following services installed on more " +"than one server:" msgstr "" -#: ipaserver/plugins/permission.py:57 -msgid "" -"\n" -"A permission is made up of a number of different parts:\n" -"\n" -"1. The name of the permission.\n" -"2. The target of the permission.\n" -"3. The rights granted by the permission.\n" +#: ipaserver/plugins/internal.py:1336 +msgid "Delete Server" msgstr "" -#: ipaserver/plugins/permission.py:63 +#: ipaserver/plugins/internal.py:1337 msgid "" -"\n" -"Rights define what operations are allowed, and may be one or more\n" -"of the following:\n" -"1. write - write one or more attributes\n" -"2. read - read one or more attributes\n" -"3. search - search on one or more attributes\n" -"4. compare - compare one or more attributes\n" -"5. add - add a new entry to the tree\n" -"6. delete - delete an existing entry\n" -"7. all - all permissions are granted\n" +"Deleting a server removes it permanently from the topology. Note that this " +"is a non-reversible action." msgstr "" -#: ipaserver/plugins/permission.py:73 -msgid "" -"\n" -"Note the distinction between attributes and entries. The permissions are\n" -"independent, so being able to add a user does not mean that the user will\n" -"be editable.\n" +#: ipaserver/plugins/internal.py:1340 +msgid "Add service" msgstr "" -#: ipaserver/plugins/permission.py:77 -msgid "" -"\n" -"There are a number of allowed targets:\n" -"1. subtree: a DN; the permission applies to the subtree under this DN\n" -"2. target filter: an LDAP filter\n" -"3. target: DN with possible wildcards, specifies entries permission applies " -"to\n" +#: ipaserver/plugins/internal.py:1342 +#, python-brace-format +msgid "Add hosts managing service '${primary_key}'" msgstr "" -#: ipaserver/plugins/permission.py:82 -msgid "" -"\n" -"Additionally, there are the following convenience options.\n" -"Setting one of these options will set the corresponding attribute(s).\n" -"1. type: a type of object (user, group, etc); sets subtree and target " -"filter.\n" -"2. memberof: apply to members of a group; sets target filter\n" -"3. targetgroup: grant access to modify a specific group (such as granting\n" -" the rights to manage group membership); sets target.\n" +#: ipaserver/plugins/internal.py:1345 +#, python-brace-format +msgid "Add service '${primary_key}' into roles" msgstr "" -#: ipaserver/plugins/permission.py:89 -msgid "" -"\n" -"Managed permissions\n" +#: ipaserver/plugins/internal.py:1347 +msgid "Service Certificate" msgstr "" -#: ipaserver/plugins/permission.py:91 -msgid "" -"\n" -"Permissions that come with IPA by default can be so-called \"managed\"\n" -"permissions. These have a default set of attributes they apply to,\n" -"but the administrator can add/remove individual attributes to/from the set.\n" +#: ipaserver/plugins/internal.py:1349 +msgid "Service Settings" msgstr "" -#: ipaserver/plugins/permission.py:95 -msgid "" -"\n" -"Deleting or renaming a managed permission, as well as changing its target,\n" -"is not allowed.\n" +#: ipaserver/plugins/internal.py:1352 +msgid "Provisioning" msgstr "" -#: ipaserver/plugins/permission.py:100 -msgid "" -"\n" -" Add a permission that grants the creation of users:\n" -" ipa permission-add --type=user --permissions=add \"Add Users\"\n" +#: ipaserver/plugins/internal.py:1353 +msgid "Remove services" msgstr "" -#: ipaserver/plugins/permission.py:103 -msgid "" -"\n" -" Add a permission that grants the ability to manage group membership:\n" -" ipa permission-add --attrs=member --permissions=write --type=group " -"\"Manage Group Members\"\n" +#: ipaserver/plugins/internal.py:1355 +#, python-brace-format +msgid "Remove service '${primary_key}' from roles" msgstr "" -#: ipaserver/plugins/permission.py:130 -msgid "must be enclosed in parentheses" +#: ipaserver/plugins/internal.py:1358 +#, python-brace-format +msgid "Remove hosts managing service '${primary_key}'" msgstr "" -#: ipaserver/plugins/permission.py:150 -#, python-format -msgid "\"%s\" is not an object type" +#: ipaserver/plugins/internal.py:1363 +msgid "Are you sure you want to unprovision this service?" msgstr "" -#: ipaserver/plugins/permission.py:152 ipaserver/plugins/permission.py:930 -#, python-format -msgid "\"%s\" is not a valid permission type" +#: ipaserver/plugins/internal.py:1364 +msgid "Unprovisioning service" msgstr "" -#: ipaserver/plugins/permission.py:354 -#, python-format -msgid "Deprecated; use %s" +#: ipaserver/plugins/internal.py:1365 +msgid "Service unprovisioned" msgstr "" -#: ipaserver/plugins/permission.py:371 -#, python-format -msgid "Permission with unknown flag %s may not be modified or removed" +#: ipaserver/plugins/internal.py:1366 +msgid "Kerberos Key Present, Service Provisioned" msgstr "" -#: ipaserver/plugins/permission.py:375 -msgid "A SYSTEM permission may not be modified or removed" +#: ipaserver/plugins/internal.py:1369 +msgid "SSH public keys" msgstr "" -#: ipaserver/plugins/permission.py:638 -#, python-format -msgid "Entry %s not found" +#: ipaserver/plugins/internal.py:1370 +msgid "SSH public key:" msgstr "" -#: ipaserver/plugins/permission.py:749 -#, python-format -msgid "The ACI for permission %(name)s was not found in %(dn)s " +#: ipaserver/plugins/internal.py:1371 +msgid "Set SSH key" msgstr "" -#: ipaserver/plugins/permission.py:853 -msgid "" -"cannot specify full target filter and extra target filter simultaneously" +#: ipaserver/plugins/internal.py:1379 +msgid "Are you sure you want to activate selected users?" msgstr "" -#: ipaserver/plugins/permission.py:876 -#, python-format -msgid "option was renamed; use %s" +#: ipaserver/plugins/internal.py:1380 +#, python-brace-format +msgid "Are you sure you want to activate ${object}?" msgstr "" -#: ipaserver/plugins/permission.py:880 -#, python-format -msgid "Cannot use %(old_name)s with %(new_name)s" +#: ipaserver/plugins/internal.py:1381 +#, python-brace-format +msgid "${count} user(s) activated" msgstr "" -#: ipaserver/plugins/permission.py:894 ipaserver/plugins/permission.py:909 -#, python-format -msgid "%s: group not found" +#: ipaserver/plugins/internal.py:1382 +msgid "Add stage user" msgstr "" -#: ipaserver/plugins/permission.py:904 -msgid "target and targetgroup are mutually exclusive" +#: ipaserver/plugins/internal.py:1383 +msgid "Stage users" msgstr "" -#: ipaserver/plugins/permission.py:925 -msgid "subtree and type are mutually exclusive" +#: ipaserver/plugins/internal.py:1384 +msgid "Preserved users" msgstr "" -#: ipaserver/plugins/permission.py:963 -msgid "Bad search filter" +#: ipaserver/plugins/internal.py:1385 +msgid "Remove preserved users" msgstr "" -#: ipaserver/plugins/permission.py:973 -#, python-format -msgid "Entry %s does not exist" +#: ipaserver/plugins/internal.py:1386 +msgid "Remove stage users" msgstr "" -#: ipaserver/plugins/permission.py:982 -msgid "" -"there must be at least one target entry specifier (e.g. target, " -"targetfilter, attrs)" +#: ipaserver/plugins/internal.py:1387 +msgid "Are you sure you want to stage selected users?" msgstr "" -#: ipaserver/plugins/permission.py:994 ipaserver/plugins/permission.py:1022 -#, python-format -msgid "Added permission \"%(value)s\"" +#: ipaserver/plugins/internal.py:1388 +#, python-brace-format +msgid "${count} users(s) staged" msgstr "" -#: ipaserver/plugins/permission.py:1049 -msgid "attrs and included attributes are mutually exclusive" +#: ipaserver/plugins/internal.py:1389 +#, python-brace-format +msgid "Are you sure you want to stage ${object}?" msgstr "" -#: ipaserver/plugins/permission.py:1081 -#, python-format -msgid "Cannot store permission ACI to %s" +#: ipaserver/plugins/internal.py:1390 +msgid "Are you sure you want to restore selected users?" msgstr "" -#: ipaserver/plugins/permission.py:1092 -#, python-format -msgid "Deleted permission \"%(value)s\"" +#: ipaserver/plugins/internal.py:1391 +#, python-brace-format +msgid "Are you sure you want to restore ${object}?" msgstr "" -#: ipaserver/plugins/permission.py:1112 -msgid "cannot delete managed permissions" +#: ipaserver/plugins/internal.py:1392 +#, python-brace-format +msgid "${count} user(s) restored" msgstr "" -#: ipaserver/plugins/permission.py:1118 -#, python-format -msgid "ACI of permission %s was not found" +#: ipaserver/plugins/internal.py:1393 +msgid "User categories" msgstr "" -#: ipaserver/plugins/permission.py:1127 -#, python-format -msgid "Modified permission \"%(value)s\"" +#: ipaserver/plugins/internal.py:1396 +msgid "Add subid" msgstr "" -#: ipaserver/plugins/permission.py:1162 -msgid "cannot rename managed permissions" +#: ipaserver/plugins/internal.py:1397 +msgid "Assigned subids" msgstr "" -#: ipaserver/plugins/permission.py:1169 ipaserver/plugins/permission.py:1173 -msgid "not modifiable on managed permissions" +#: ipaserver/plugins/internal.py:1399 +msgid "DNA remaining" msgstr "" -#: ipaserver/plugins/permission.py:1180 -msgid "only available on managed permissions" +#: ipaserver/plugins/internal.py:1406 +msgid "Remaining subids" msgstr "" -#: ipaserver/plugins/permission.py:1187 ipaserver/plugins/permission.py:1313 -msgid "attrs and included/excluded attributes are mutually exclusive" +#: ipaserver/plugins/internal.py:1407 +msgid "Subordinate ID Statistics" msgstr "" -#: ipaserver/plugins/permission.py:1198 -msgid "cannot set bindtype for a permission that is assigned to a privilege" +#: ipaserver/plugins/internal.py:1410 +msgid "Add sudo command" msgstr "" -#: ipaserver/plugins/permission.py:1302 -#, python-format -msgid "%(count)d permission matched" -msgid_plural "%(count)d permissions matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/internal.py:1412 +#, python-brace-format +msgid "Add sudo command '${primary_key}' into sudo command groups" +msgstr "" -#: ipaserver/plugins/pwpolicy.py:43 -msgid "" -"\n" -"Password policy\n" -"\n" -"A password policy sets limitations on IPA passwords, including maximum\n" -"lifetime, minimum lifetime, the number of passwords to save in\n" -"history, the number of character classes required (for stronger passwords)\n" -"and the minimum password length.\n" -"\n" -"By default there is a single, global policy for all users. You can also\n" -"create a password policy to apply to a group. Each user is only subject\n" -"to one password policy, either the group policy or the global policy. A\n" -"group policy stands alone; it is not a super-set of the global policy plus\n" -"custom settings.\n" -"\n" -"Each group password policy requires a unique priority setting. If a user\n" -"is in multiple groups that have password policies, this priority determines\n" -"which password policy is applied. A lower value indicates a higher priority\n" -"policy.\n" -"\n" -"Group password policies are automatically removed when the groups they\n" -"are associated with are removed.\n" -"\n" -"Grace period defines the number of LDAP logins allowed after expiration.\n" -"-1 means do not enforce expiration to match previous behavior. 0 allows\n" -"no additional logins after expiration.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Modify the global policy:\n" -" ipa pwpolicy-mod --minlength=10\n" -"\n" -" Add a new group password policy:\n" -" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" -"minlength=8 --priority=10 localadmins\n" -"\n" -" Display the global password policy:\n" -" ipa pwpolicy-show\n" -"\n" -" Display a group password policy:\n" -" ipa pwpolicy-show localadmins\n" -"\n" -" Display the policy that would be applied to a given user:\n" -" ipa pwpolicy-show --user=tuser1\n" -"\n" -" Modify a group password policy:\n" -" ipa pwpolicy-mod --minclasses=2 localadmins\n" +#: ipaserver/plugins/internal.py:1416 +msgid "Remove sudo commands" +msgstr "" + +#: ipaserver/plugins/internal.py:1418 +#, python-brace-format +msgid "Remove sudo command '${primary_key}' from sudo command groups" msgstr "" -#: ipaserver/plugins/pwpolicy.py:96 -msgid "Class of Service object used for linking policies with groups" +#: ipaserver/plugins/internal.py:1423 +msgid "Add sudo command group" msgstr "" -#: ipaserver/plugins/pwpolicy.py:147 -#, python-format -msgid "priority must be a unique value (%(prio)d already used by %(gname)s)" +#: ipaserver/plugins/internal.py:1425 +#, python-brace-format +msgid "Add sudo commands into sudo command group '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:175 -msgid "Add Class of Service entry" +#: ipaserver/plugins/internal.py:1429 +msgid "Remove sudo command groups" msgstr "" -#: ipaserver/plugins/pwpolicy.py:198 -msgid "Delete Class of Service entry" +#: ipaserver/plugins/internal.py:1431 +#, python-brace-format +msgid "Remove sudo commands from sudo command group '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:204 -msgid "Modify Class of Service entry" +#: ipaserver/plugins/internal.py:1436 +msgid "Add sudo rule" msgstr "" -#: ipaserver/plugins/pwpolicy.py:222 -msgid "Display Class of Service entry" +#: ipaserver/plugins/internal.py:1437 +msgid "Add sudo option" msgstr "" -#: ipaserver/plugins/pwpolicy.py:228 -msgid "Search for Class of Service entry" +#: ipaserver/plugins/internal.py:1439 +#, python-brace-format +msgid "Add allow sudo commands into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:241 -msgid "password policy" +#: ipaserver/plugins/internal.py:1443 +#, python-brace-format +msgid "Add allow sudo command groups into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:242 -msgid "password policies" +#: ipaserver/plugins/internal.py:1447 +#, python-brace-format +msgid "Add deny sudo commands into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:301 -msgid "Password Policies" +#: ipaserver/plugins/internal.py:1451 +#, python-brace-format +msgid "Add deny sudo command groups into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:374 -msgid "Max repeat" +#: ipaserver/plugins/internal.py:1455 +#, python-brace-format +msgid "Add user groups into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:375 -msgid "Maximum number of same consecutive characters" +#: ipaserver/plugins/internal.py:1458 +#, python-brace-format +msgid "Add host groups into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:383 -msgid "Max sequence" +#: ipaserver/plugins/internal.py:1461 +#, python-brace-format +msgid "Add hosts into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:384 -msgid "The max. length of monotonic character sequences (abcd)" +#: ipaserver/plugins/internal.py:1464 +#, python-brace-format +msgid "Add RunAs users into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:392 -msgid "Dictionary check" +#: ipaserver/plugins/internal.py:1467 +#, python-brace-format +msgid "Add RunAs user groups into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:393 -msgid "Check if the password is a dictionary word" +#: ipaserver/plugins/internal.py:1470 +#, python-brace-format +msgid "Add RunAs groups into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:399 -msgid "User check" +#: ipaserver/plugins/internal.py:1473 +#, python-brace-format +msgid "Add users into sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/pwpolicy.py:400 -msgid "Check if the password contains the username" +#: ipaserver/plugins/internal.py:1475 +msgid "Allow" msgstr "" -#: ipaserver/plugins/pwpolicy.py:406 -msgid "Grace login limit" +#: ipaserver/plugins/internal.py:1476 +msgid "Any Command" msgstr "" -#: ipaserver/plugins/pwpolicy.py:407 -msgid "Number of LDAP authentications allowed after expiration" +#: ipaserver/plugins/internal.py:1477 +msgid "Any Group" msgstr "" -#: ipaserver/plugins/pwpolicy.py:483 -msgid "" -"Minimum length must be >= 6 if maxrepeat, maxsequence, dictcheck or " -"usercheck are defined" +#: ipaserver/plugins/internal.py:1480 +msgid "Run Commands" msgstr "" -#: ipaserver/plugins/pwpolicy.py:509 -msgid "Maximum password life must be equal to or greater than the minimum." +#: ipaserver/plugins/internal.py:1481 +msgid "Deny" msgstr "" -#: ipaserver/plugins/pwpolicy.py:569 -msgid "cannot delete global password policy" +#: ipaserver/plugins/internal.py:1483 +msgid "Access this host" msgstr "" -#: ipaserver/plugins/pwpolicy.py:605 -msgid "priority cannot be set on global policy" +#: ipaserver/plugins/internal.py:1485 +msgid "Option added" msgstr "" -#: ipaserver/plugins/schema.py:24 -msgid "" -"\n" -"API Schema\n" +#: ipaserver/plugins/internal.py:1486 +#, python-brace-format +msgid "${count} option(s) removed" msgstr "" -#: ipaserver/plugins/schema.py:26 -msgid "" -"\n" -"Provides API introspection capabilities.\n" +#: ipaserver/plugins/internal.py:1488 +msgid "Remove sudo rules" msgstr "" -#: ipaserver/plugins/schema.py:30 -msgid "" -"\n" -" Show user-find details:\n" -" ipa command-show user-find\n" +#: ipaserver/plugins/internal.py:1490 +#, python-brace-format +msgid "Remove allow sudo commands from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:33 -msgid "" -"\n" -" Find user-find parameters:\n" -" ipa param-find user-find\n" +#: ipaserver/plugins/internal.py:1494 +#, python-brace-format +msgid "Remove allow sudo command groups from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:54 -msgid "Documentation" +#: ipaserver/plugins/internal.py:1498 +#, python-brace-format +msgid "Remove deny sudo commands from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:59 -msgid "Exclude from" +#: ipaserver/plugins/internal.py:1502 +#, python-brace-format +msgid "Remove deny sudo command groups from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:64 -msgid "Include in" +#: ipaserver/plugins/internal.py:1506 +#, python-brace-format +msgid "Remove user groups from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:135 -msgid "Help topic" +#: ipaserver/plugins/internal.py:1509 +#, python-brace-format +msgid "Remove host groups from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:172 -msgid "Parameters" +#: ipaserver/plugins/internal.py:1512 +#, python-brace-format +msgid "Remove hosts from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:207 -msgid "Method of" +#: ipaserver/plugins/internal.py:1515 +#, python-brace-format +msgid "Remove RunAs users from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:212 -msgid "Method name" +#: ipaserver/plugins/internal.py:1518 +#, python-brace-format +msgid "Remove RunAs user groups from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:270 -msgid "Display information about a command." +#: ipaserver/plugins/internal.py:1521 +#, python-brace-format +msgid "Remove RunAs groups from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:275 -msgid "Search for commands." +#: ipaserver/plugins/internal.py:1524 +#, python-brace-format +msgid "Remove users from sudo rule '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:280 -msgid "Return command defaults" +#: ipaserver/plugins/internal.py:1526 +msgid "As Whom" msgstr "" -#: ipaserver/plugins/schema.py:291 -#, python-brace-format -msgid "{oname}: {command_name} not found" +#: ipaserver/plugins/internal.py:1527 +msgid "Specified Commands and Groups" msgstr "" -#: ipaserver/plugins/schema.py:344 -msgid "Display information about a class." +#: ipaserver/plugins/internal.py:1528 +msgid "Specified Groups" msgstr "" -#: ipaserver/plugins/schema.py:349 -msgid "Search for classes." +#: ipaserver/plugins/internal.py:1534 +msgid "Remove sudo options" msgstr "" -#: ipaserver/plugins/schema.py:436 -msgid "Display information about a help topic." +#: ipaserver/plugins/internal.py:1537 +msgid "Autogenerated" msgstr "" -#: ipaserver/plugins/schema.py:441 -msgid "Search for help topics." +#: ipaserver/plugins/internal.py:1538 +msgid "Segment details" msgstr "" -#: ipaserver/plugins/schema.py:453 -msgid "Required" +#: ipaserver/plugins/internal.py:1539 +msgid "Replication configuration" msgstr "" -#: ipaserver/plugins/schema.py:458 -msgid "Multi-value" +#: ipaserver/plugins/internal.py:1540 +#, python-brace-format +msgid "Managed topology requires minimal domain level ${domainlevel}" msgstr "" -#: ipaserver/plugins/schema.py:510 -msgid "Always ask" +#: ipaserver/plugins/internal.py:1543 +msgid "Add IPA location" msgstr "" -#: ipaserver/plugins/schema.py:515 -msgid "CLI metavar" +#: ipaserver/plugins/internal.py:1545 +#, python-brace-format +msgid "Add IPA server into IPA location '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:520 -msgid "CLI name" +#: ipaserver/plugins/internal.py:1547 +msgid "Remove IPA locations" msgstr "" -#: ipaserver/plugins/schema.py:525 -msgid "Confirm (password)" +#: ipaserver/plugins/internal.py:1549 +#, python-brace-format +msgid "Remove IPA servers from IPA location '${primary_key}'" msgstr "" -#: ipaserver/plugins/schema.py:530 -msgid "Default" +#: ipaserver/plugins/internal.py:1553 +msgid "Add topology segment" msgstr "" -#: ipaserver/plugins/schema.py:535 -msgid "Default from" +#: ipaserver/plugins/internal.py:1554 +msgid "Remove topology segments" msgstr "" -#: ipaserver/plugins/schema.py:540 -msgid "Label" +#: ipaserver/plugins/internal.py:1557 +msgid "Account" msgstr "" -#: ipaserver/plugins/schema.py:545 -msgid "Convert on server" +#: ipaserver/plugins/internal.py:1558 +msgid "Add trust" msgstr "" -#: ipaserver/plugins/schema.py:550 -msgid "Option group" +#: ipaserver/plugins/internal.py:1559 +msgid "Administrative account" msgstr "" -#: ipaserver/plugins/schema.py:555 -msgid "Sensitive" +#: ipaserver/plugins/internal.py:1560 +msgid "SID blocklists" msgstr "" -#: ipaserver/plugins/schema.py:560 -msgid "Positional argument" +#: ipaserver/plugins/internal.py:1561 +msgid "Trust Settings" msgstr "" -#: ipaserver/plugins/schema.py:645 -#, python-format -msgid "%(metaobject)s: %(oname)s not found" +#: ipaserver/plugins/internal.py:1563 +msgid "Establish using" msgstr "" -#: ipaserver/plugins/schema.py:684 -msgid "Display information about a command parameter." +#: ipaserver/plugins/internal.py:1564 +msgid "Fetch domains" msgstr "" -#: ipaserver/plugins/schema.py:689 -msgid "Search command parameters." +#: ipaserver/plugins/internal.py:1567 +msgid "Pre-shared password" msgstr "" -#: ipaserver/plugins/schema.py:746 -#, python-format -msgid "%(command_name)s: %(oname)s not found" +#: ipaserver/plugins/internal.py:1568 +msgid "Remove trusts" msgstr "" -#: ipaserver/plugins/schema.py:771 -msgid "Display information about a command output." +#: ipaserver/plugins/internal.py:1569 +msgid "Remove domains" msgstr "" -#: ipaserver/plugins/schema.py:776 -msgid "Search for command outputs." +#: ipaserver/plugins/internal.py:1573 +msgid "Alternative UPN suffixes" msgstr "" -#: ipaserver/plugins/schema.py:781 -msgid "Store and provide schema for commands and topics" +#: ipaserver/plugins/internal.py:1577 +msgid "User attributes for SMB services" msgstr "" -#: ipaserver/plugins/schema.py:787 -msgid "Fingerprint of schema cached by client" +#: ipaserver/plugins/internal.py:1580 +msgid "Path to a script executed on a Windows system at logon" msgstr "" -#: ipaserver/plugins/server.py:36 -msgid "" -"\n" -"IPA servers\n" +#: ipaserver/plugins/internal.py:1583 +msgid "Path to a user profile, in UNC format \\\\server\\share\\" msgstr "" -#: ipaserver/plugins/server.py:38 -msgid "" -"\n" -"Get information about installed IPA servers.\n" +#: ipaserver/plugins/internal.py:1586 +msgid "Path to a user home directory, in UNC format" msgstr "" -#: ipaserver/plugins/server.py:42 -msgid "" -"\n" -" Find all servers:\n" -" ipa server-find\n" +#: ipaserver/plugins/internal.py:1589 +msgid "Drive to mount a home directory" msgstr "" -#: ipaserver/plugins/server.py:45 -msgid "" -"\n" -" Show specific server:\n" -" ipa server-show ipa.example.com\n" +#: ipaserver/plugins/internal.py:1596 +msgid "Account Settings" msgstr "" -#: ipaserver/plugins/server.py:61 -msgid "server" +#: ipaserver/plugins/internal.py:1597 +msgid "Account Status" msgstr "" -#: ipaserver/plugins/server.py:62 -msgid "servers" +#: ipaserver/plugins/internal.py:1598 +msgid "Active users" msgstr "" -#: ipaserver/plugins/server.py:70 -msgid "IPA Servers" +#: ipaserver/plugins/internal.py:1599 +msgid "Add user" msgstr "" -#: ipaserver/plugins/server.py:133 -msgid "Server DNS location" +#: ipaserver/plugins/internal.py:1601 +#, python-brace-format +msgid "Add user '${primary_key}' into user groups" msgstr "" -#: ipaserver/plugins/server.py:140 -msgid "Service weight" +#: ipaserver/plugins/internal.py:1604 +#, python-brace-format +msgid "Add user '${primary_key}' into HBAC rules" msgstr "" -#: ipaserver/plugins/server.py:141 -msgid "Weight for server services" +#: ipaserver/plugins/internal.py:1607 +#, python-brace-format +msgid "Add user '${primary_key}' into netgroups" msgstr "" -#: ipaserver/plugins/server.py:148 -msgid "Service relative weight" +#: ipaserver/plugins/internal.py:1610 +#, python-brace-format +msgid "Add user '${primary_key}' into roles" msgstr "" -#: ipaserver/plugins/server.py:149 -msgid "Relative weight for server services (counts per location)" +#: ipaserver/plugins/internal.py:1613 +#, python-brace-format +msgid "Add user '${primary_key}' into sudo rules" msgstr "" -#: ipaserver/plugins/server.py:154 -msgid "Enabled server roles" +#: ipaserver/plugins/internal.py:1615 +msgid "Auto assign subordinate ids" msgstr "" -#: ipaserver/plugins/server.py:155 -msgid "List of enabled roles" +#: ipaserver/plugins/internal.py:1617 +#, python-brace-format +msgid "" +"Are you sure you want to auto-assign a subordinate id to user ${object}?" msgstr "" -#: ipaserver/plugins/server.py:222 -msgid "Modify information about an IPA server." +#: ipaserver/plugins/internal.py:1620 +msgid "Contact Settings" msgstr "" -#: ipaserver/plugins/server.py:224 -#, python-format -msgid "Modified IPA server \"%(value)s\"" +#: ipaserver/plugins/internal.py:1621 +msgid "Delete mode" msgstr "" -#: ipaserver/plugins/server.py:306 -#, python-format -msgid "%(count)d IPA server matched" -msgid_plural "%(count)d IPA servers matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/internal.py:1622 +msgid "Employee Information" +msgstr "" -#: ipaserver/plugins/server.py:444 -#, python-format -msgid "Deleted IPA server \"%(value)s\"" +#: ipaserver/plugins/internal.py:1623 +msgid "Error changing account status" msgstr "" -#: ipaserver/plugins/server.py:449 -msgid "Ignore topology errors" +#: ipaserver/plugins/internal.py:1624 +msgid "Password expiration" msgstr "" -#: ipaserver/plugins/server.py:450 -msgid "Ignore topology connectivity problems after removal" +#: ipaserver/plugins/internal.py:1625 +msgid "Mailing Address" msgstr "" -#: ipaserver/plugins/server.py:455 -msgid "Ignore check for last remaining CA or DNS server" +#: ipaserver/plugins/internal.py:1626 +msgid "Misc. Information" msgstr "" -#: ipaserver/plugins/server.py:456 -msgid "Skip a check whether the last CA master or DNS server is removed" +#: ipaserver/plugins/internal.py:1627 +msgid "delete" msgstr "" -#: ipaserver/plugins/server.py:462 -msgid "Force server removal" +#: ipaserver/plugins/internal.py:1628 +msgid "preserve" msgstr "" -#: ipaserver/plugins/server.py:463 -msgid "Force server removal even if it does not exist" +#: ipaserver/plugins/internal.py:1629 +msgid "No private group" msgstr "" -#: ipaserver/plugins/server.py:500 -msgid "" -"Replica is active DNSSEC key master. Uninstall could break your DNS system. " -"Please disable or replace DNSSEC key master first." +#: ipaserver/plugins/internal.py:1630 +msgid "Remove users" msgstr "" -#: ipaserver/plugins/server.py:506 -msgid "Deleting this server will leave your installation without a DNS." +#: ipaserver/plugins/internal.py:1632 +#, python-brace-format +msgid "Remove user '${primary_key}' from user groups" msgstr "" -#: ipaserver/plugins/server.py:520 -msgid "" -"Deleting this server is not allowed as it would leave your installation " -"without a KRA." +#: ipaserver/plugins/internal.py:1635 +#, python-brace-format +msgid "Remove user '${primary_key}' from netgroups" msgstr "" -#: ipaserver/plugins/server.py:530 -msgid "" -"Deleting this server is not allowed as it would leave your installation " -"without a CA." +#: ipaserver/plugins/internal.py:1638 +#, python-brace-format +msgid "Remove user '${primary_key}' from roles" msgstr "" -#: ipaserver/plugins/server.py:545 -msgid "Ignoring these warnings and proceeding with removal" +#: ipaserver/plugins/internal.py:1641 +#, python-brace-format +msgid "Remove user '${primary_key}' from HBAC rules" msgstr "" -#: ipaserver/plugins/server.py:595 -#, python-format -msgid "" -"Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: " -"%(err)s" +#: ipaserver/plugins/internal.py:1644 +#, python-brace-format +msgid "Remove user '${primary_key}' from sudo rules" msgstr "" -#: ipaserver/plugins/server.py:616 -#, python-format -msgid "Failed to clean up DNA hostname entries for %(master)s: %(err)s" +#: ipaserver/plugins/internal.py:1646 +#, python-brace-format +msgid "" +"Are you sure you want to ${action} the user?
The change will take effect " +"immediately." msgstr "" -#: ipaserver/plugins/server.py:637 -#, python-format -msgid "Failed to remove server %(master)s from server list: %(err)s" +#: ipaserver/plugins/internal.py:1647 +#, python-brace-format +msgid "Click to ${action}" msgstr "" -#: ipaserver/plugins/server.py:663 -#, python-format -msgid "Failed to clean up Custodia keys for %(master)s: %(err)s" +#: ipaserver/plugins/internal.py:1648 +msgid "Unlock" msgstr "" -#: ipaserver/plugins/server.py:701 -#, python-format -msgid "Failed to cleanup server principals/keys: %(err)s" +#: ipaserver/plugins/internal.py:1649 +#, python-brace-format +msgid "Are you sure you want to unlock user ${object}?" msgstr "" -#: ipaserver/plugins/server.py:717 -#, python-format -msgid "Failed to cleanup %(hostname)s DNS entries: %(err)s" +#: ipaserver/plugins/internal.py:1652 +msgid "Add vault" msgstr "" -#: ipaserver/plugins/server.py:722 -msgid "You may need to manually remove them from the tree" +#: ipaserver/plugins/internal.py:1654 +#, python-brace-format +msgid "Add user groups into members of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:737 -#, python-format -msgid "Forcing removal of %(hostname)s" +#: ipaserver/plugins/internal.py:1657 +#, python-brace-format +msgid "Add services into members of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:747 -msgid "Ignoring topology connectivity errors." +#: ipaserver/plugins/internal.py:1660 +#, python-brace-format +msgid "Add users into members of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:766 -#, python-format -msgid "Failed to remove server from security domain: %s" +#: ipaserver/plugins/internal.py:1663 +#, python-brace-format +msgid "Add user groups into owners of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:793 -msgid "Server has already been deleted" +#: ipaserver/plugins/internal.py:1666 +#, python-brace-format +msgid "Add services into owners of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:843 -msgid "Agreements deleted" +#: ipaserver/plugins/internal.py:1669 +#, python-brace-format +msgid "Add users into owners of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:854 -msgid "Following segments were not deleted:" +#: ipaserver/plugins/internal.py:1672 +msgid "" +"Secrets can be added/retrieved to vault only by using vault-archive and " +"vault-retrieve from CLI." msgstr "" -#: ipaserver/plugins/server.py:927 ipaserver/plugins/trust.py:1869 -#, python-format -msgid "must be \"%s\"" +#: ipaserver/plugins/internal.py:1676 +msgid "" +"Content of 'standard' vaults can be seen by users with higher privileges " +"(admins)." msgstr "" -#: ipaserver/plugins/server.py:939 -msgid "not allowed to perform server connection check" +#: ipaserver/plugins/internal.py:1679 +msgid "Asymmetric" msgstr "" -#: ipaserver/plugins/server.py:965 -msgid "Set enabled/hidden state of a server." +#: ipaserver/plugins/internal.py:1680 +msgid "Vaults Config" msgstr "" -#: ipaserver/plugins/server.py:971 -msgid "State" +#: ipaserver/plugins/internal.py:1682 +msgid "Members" msgstr "" -#: ipaserver/plugins/server.py:972 -msgid "Server state" +#: ipaserver/plugins/internal.py:1683 +msgid "My User Vaults" msgstr "" -#: ipaserver/plugins/server.py:977 -#, python-format -msgid "Changed server state of \"%(value)s\"." +#: ipaserver/plugins/internal.py:1684 +msgid "Owners" msgstr "" -#: ipaserver/plugins/server.py:986 -msgid "Cannot hide CA renewal master." +#: ipaserver/plugins/internal.py:1685 +msgid "Remove vaults" msgstr "" -#: ipaserver/plugins/server.py:988 -msgid "Cannot hide DNSSec key master." +#: ipaserver/plugins/internal.py:1687 +#, python-brace-format +msgid "Remove user groups from members of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/server.py:1000 -#, python-format -msgid "Cannot hide last enabled %(name)s server." +#: ipaserver/plugins/internal.py:1690 +#, python-brace-format +msgid "Remove services from members of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/service.py:60 -msgid "" -"\n" -"Services\n" -"\n" -"A IPA service represents a service that runs on a host. The IPA service\n" -"record can store a Kerberos principal, an SSL certificate, or both.\n" -"\n" -"An IPA service can be managed directly from a machine, provided that\n" -"machine has been given the correct permission. This is true even for\n" -"machines other than the one the service is associated with. For example,\n" -"requesting an SSL certificate using the host service principal credentials\n" -"of the host. To manage a service using host credentials you need to\n" -"kinit as the host:\n" -"\n" -" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" -"\n" -"Adding an IPA service allows the associated service to request an SSL\n" -"certificate or keytab, but this is performed as a separate step; they\n" -"are not produced as a result of adding the service.\n" -"\n" -"Only the public aspect of a certificate is stored in a service record;\n" -"the private key is not stored.\n" -"\n" -"EXAMPLES:\n" -"\n" -" Add a new IPA service:\n" -" ipa service-add HTTP/web.example.com\n" -"\n" -" Allow a host to manage an IPA service certificate:\n" -" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" -" ipa role-add-member --hosts=web.example.com certadmin\n" -"\n" -" Override a default list of supported PAC types for the service:\n" -" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" -"\n" -" A typical use case where overriding the PAC type is needed is NFS.\n" -" Currently the related code in the Linux kernel can only handle Kerberos\n" -" tickets up to a maximal size. Since the PAC data can become quite large " -"it\n" -" is recommended to set --pac-type=NONE for NFS services.\n" -"\n" -" Delete an IPA service:\n" -" ipa service-del HTTP/web.example.com\n" -"\n" -" Find all IPA services associated with a host:\n" -" ipa service-find web.example.com\n" -"\n" -" Find all HTTP services:\n" -" ipa service-find HTTP\n" -"\n" -" Disable the service Kerberos key and SSL certificate:\n" -" ipa service-disable HTTP/web.example.com\n" -"\n" -" Request a certificate for an IPA service:\n" -" ipa cert-request --principal=HTTP/web.example.com example.csr\n" +#: ipaserver/plugins/internal.py:1693 +#, python-brace-format +msgid "Remove users from members of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/service.py:113 -msgid "" -"\n" -" Allow user to create a keytab:\n" -" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" +#: ipaserver/plugins/internal.py:1696 +#, python-brace-format +msgid "Remove user groups from owners of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/service.py:116 -msgid "" -"\n" -" Generate and retrieve a keytab for an IPA service:\n" -" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" -"httpd.keytab\n" -"\n" +#: ipaserver/plugins/internal.py:1699 +#, python-brace-format +msgid "Remove services from owners of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/service.py:188 -msgid "Trusted to authenticate as user" +#: ipaserver/plugins/internal.py:1702 +#, python-brace-format +msgid "Remove users from owners of vault '${primary_key}'" msgstr "" -#: ipaserver/plugins/service.py:189 -msgid "The service is allowed to authenticate on behalf of a client" +#: ipaserver/plugins/internal.py:1705 +msgid "Service Vaults" msgstr "" -#: ipaserver/plugins/service.py:234 -#, python-format -msgid "authentication indicators not allowed in service \"%s\"" +#: ipaserver/plugins/internal.py:1706 +msgid "Shared" msgstr "" -#: ipaserver/plugins/service.py:250 -msgid "Malformed principal" +#: ipaserver/plugins/internal.py:1707 +msgid "Shared Vaults" msgstr "" -#: ipaserver/plugins/service.py:329 -msgid "{} is required by the IPA master" +#: ipaserver/plugins/internal.py:1708 +msgid "Standard" msgstr "" -#: ipaserver/plugins/service.py:403 -msgid "service" +#: ipaserver/plugins/internal.py:1709 +msgid "Symmetric" msgstr "" -#: ipaserver/plugins/service.py:404 -msgid "services" +#: ipaserver/plugins/internal.py:1710 +msgid "Vault Type" msgstr "" -#: ipaserver/plugins/service.py:541 -msgid "Service principal alias" +#: ipaserver/plugins/internal.py:1712 +msgid "" +"Only standard vaults can be created in WebUI, use CLI for other types of " +"vaults." msgstr "" -#: ipaserver/plugins/service.py:557 -msgid "Base-64 encoded service certificate" +#: ipaserver/plugins/internal.py:1716 +msgid "User Vaults" msgstr "" -#: ipaserver/plugins/service.py:608 -msgid "" -"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" -"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " -"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " -"'hardened' to allow brute-force hardened password authentication by SPAKE or " -"FAST. Use 'idp' to allow authentication against an external Identity " -"Provider supporting OAuth 2.0 Device Authorization Flow (RFC 8628). Use " -"'passkey' to allow passkey-based 2FA authentications. With no indicator " -"specified, all authentication mechanisms are allowed." +#: ipaserver/plugins/internal.py:1721 +msgid "Current password is required" msgstr "" -#: ipaserver/plugins/service.py:638 -msgid "NONE value cannot be combined with other PAC types" +#: ipaserver/plugins/internal.py:1722 +#, python-brace-format +msgid "Your password expires in ${days} days." msgstr "" -#: ipaserver/plugins/service.py:690 -msgid "Add a new IPA service." +#: ipaserver/plugins/internal.py:1723 +msgid "First OTP" msgstr "" -#: ipaserver/plugins/service.py:692 ipaserver/plugins/service.py:761 -#, python-format -msgid "Added service \"%(value)s\"" +#: ipaserver/plugins/internal.py:1727 +msgid "New password is required" msgstr "" -#: ipaserver/plugins/service.py:698 -msgid "force principal name even if host not in DNS" +#: ipaserver/plugins/internal.py:1730 +msgid "" +" OTP (One-Time Password):Generate new OTP code for each OTP field." msgstr "" -#: ipaserver/plugins/service.py:701 -msgid "Skip host check" +#: ipaserver/plugins/internal.py:1734 +msgid "" +" OTP (One-Time Password):Leave blank if you are not using OTP tokensfor authentication." msgstr "" -#: ipaserver/plugins/service.py:702 -msgid "" -"force service to be created even when host object does not exist to manage it" +#: ipaserver/plugins/internal.py:1739 +msgid "Token synchronization failed" msgstr "" -#: ipaserver/plugins/service.py:720 ipaserver/plugins/service.py:829 -#, python-format -msgid "The host '%s' does not exist to add a service to." +#: ipaserver/plugins/internal.py:1740 +msgid "The username, password or token codes are not correct" msgstr "" -#: ipaserver/plugins/service.py:759 -msgid "Add a new SMB service." +#: ipaserver/plugins/internal.py:1741 +msgid "Token was synchronized" msgstr "" -#: ipaserver/plugins/service.py:775 -msgid "SMB service NetBIOS name" +#: ipaserver/plugins/internal.py:1744 +msgid "Password change complete" msgstr "" -#: ipaserver/plugins/service.py:889 -#, python-format -msgid "Deleted service \"%(value)s\"" +#: ipaserver/plugins/internal.py:1746 +msgid "Your password has expired. Please enter a new password." msgstr "" -#: ipaserver/plugins/service.py:909 -#, python-format -msgid "Modified service \"%(value)s\"" +#: ipaserver/plugins/internal.py:1747 +msgid "Passwords must match" msgstr "" -#: ipaserver/plugins/service.py:960 -#, python-format -msgid "%(count)d service matched" -msgid_plural "%(count)d services matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/internal.py:1748 +msgid "Password reset was not successful." +msgstr "" -#: ipaserver/plugins/service.py:1159 -#, python-format -msgid "Disabled service \"%(value)s\"" +#: ipaserver/plugins/internal.py:1750 +msgid "Reset your password." +msgstr "" + +#: ipaserver/plugins/internal.py:1751 +msgid "Second OTP" msgstr "" -#: ipaserver/plugins/service.py:1200 -#, python-format -msgid "Added certificates to service principal \"%(value)s\"" +#: ipaserver/plugins/internal.py:1753 +msgid "Verify Password" msgstr "" -#: ipaserver/plugins/service.py:1207 -#, python-format -msgid "Removed certificates from service principal \"%(value)s\"" +#: ipaserver/plugins/internal.py:1763 +msgid "Are you sure you want to delete selected entries?" msgstr "" -#: ipaserver/plugins/service.py:1223 -msgid "Add new principal alias to a service" +#: ipaserver/plugins/internal.py:1764 +#, python-brace-format +msgid "${count} item(s) deleted" msgstr "" -#: ipaserver/plugins/service.py:1224 -#, python-format -msgid "Added new aliases to the service principal \"%(value)s\"" +#: ipaserver/plugins/internal.py:1765 +msgid "Are you sure you want to disable selected entries?" msgstr "" -#: ipaserver/plugins/service.py:1235 -msgid "Remove principal alias from a service" +#: ipaserver/plugins/internal.py:1766 +#, python-brace-format +msgid "${count} item(s) disabled" msgstr "" -#: ipaserver/plugins/service.py:1236 -#, python-format -msgid "Removed aliases to the service principal \"%(value)s\"" +#: ipaserver/plugins/internal.py:1767 +msgid "Are you sure you want to enable selected entries?" msgstr "" -#: ipaserver/plugins/service.py:1246 -msgid "Add new resource delegation to a service" +#: ipaserver/plugins/internal.py:1768 +#, python-brace-format +msgid "${count} item(s) enabled" msgstr "" -#: ipaserver/plugins/service.py:1247 -#, python-format -msgid "Added new resource delegation to the service principal \"%(value)s\"" +#: ipaserver/plugins/internal.py:1769 +msgid "Some entries were not deleted" msgstr "" -#: ipaserver/plugins/service.py:1261 -msgid "Remove resource delegation from a service" +#: ipaserver/plugins/internal.py:1772 +msgid "Quick Links" msgstr "" -#: ipaserver/plugins/service.py:1262 -#, python-format -msgid "Removed resource delegation from the service principal \"%(value)s\"" +#: ipaserver/plugins/internal.py:1773 +msgid "Select All" msgstr "" -#: ipaserver/plugins/service.py:1269 +#: ipaserver/plugins/internal.py:1774 +#, python-brace-format msgid "" -"Allow users, groups, hosts or host groups to handle a resource delegation of " -"this service." +"Query returned more results than the configured size limit. Displaying the " +"first ${counter} results." msgstr "" -#: ipaserver/plugins/service.py:1289 -msgid "" -"Disallow users, groups, hosts or host groups to handle a resource delegation " -"of this service." +#: ipaserver/plugins/internal.py:1775 +msgid "Unselect All" msgstr "" -#: ipaserver/plugins/stageuser.py:67 +#: ipaserver/plugins/internal.py:1779 msgid "" +"

Browser Kerberos Setup

\n" "\n" -"Stageusers\n" -"\n" -"Manage stage user entries.\n" -"\n" -"Stage user entries are directly under the container: \"cn=stage users,\n" -"cn=accounts, cn=provisioning, SUFFIX\".\n" -"Users can not authenticate with those entries (even if the entries\n" -"contain credentials). Those entries are only candidate to become Active " -"entries.\n" -"\n" -"Active user entries are Posix users directly under the container: " -"\"cn=accounts, SUFFIX\".\n" -"Users can authenticate with Active entries, at the condition they have\n" -"credentials.\n" -"\n" -"Deleted user entries are Posix users directly under the container: " -"\"cn=deleted users,\n" -"cn=accounts, cn=provisioning, SUFFIX\".\n" -"Users can not authenticate with those entries, even if the entries contain " -"credentials.\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1783 +msgid "" +"

Firefox

\n" "\n" -"The stage user container contains entries:\n" -" - created by 'stageuser-add' commands that are Posix users,\n" -" - created by external provisioning system.\n" +"

\n" +" You can configure Firefox to use Kerberos for Single Sign-on. " +"The following instructions will guide you in configuring your web browser to " +"send your Kerberos credentials to the appropriate Key Distribution Center " +"which enables Single Sign-on.\n" +"

\n" "\n" -"A valid stage user entry MUST have:\n" -" - entry RDN is 'uid',\n" -" - ipaUniqueID is 'autogenerate'.\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1795 +msgid "" +"
    \n" +"
  1. \n" +"

    \n" +"Import " +"Certificate Authority certificate\n" +"

    \n" +"

    \n" +" Make sure you select all three checkboxes.\n" +"

    \n" +"
    2. \n" +"
  2. \n" +" In the address bar of Firefox, type about:config to display the list of current configuration options.\n" +"
    3. \n" +"
  3. \n" +" In the Filter field, type negotiate to restrict " +"the list of options.\n" +"
    4. \n" +"
  4. \n" +" Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.\n" +"
    5. \n" +"
  5. \n" +" Enter the name of the domain against which you want to " +"authenticate, for example, .example.com.\n" +"
    6. \n" +"
  6. Return to Web UI
    7. \n" +"
\n" "\n" -"IPA supports a wide range of username formats, but you need to be aware of " -"any\n" -"restrictions that may apply to your particular environment. For example,\n" -"usernames that start with a digit or usernames that exceed a certain length\n" -"may cause problems for some UNIX systems.\n" -"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1831 +msgid "" +"

Chrome

\n" "\n" -"The user name must follow these rules:\n" -"- cannot contain only numbers\n" -"- must start with a letter, a number, _ or .\n" -"- may contain letters, numbers, _, ., or -\n" -"- may end with a letter, a number, _, ., - or $\n" +"

\n" +" You can configure Chrome to use Kerberos for Single Sign-on. The " +"following instructions will guide you in configuring your web browser to " +"send your Kerberos credentials to the appropriate Key Distribution Center " +"which enables Single Sign-on.\n" +"

\n" "\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1843 +msgid "" +"

Import CA Certificate

\n" +"
    \n" +"
  1. \n" +" Download the CA certificate. " +"Alternatively, if the host is also an IdM client, you can find the " +"certificate in /etc/ipa/ca.crt.\n" +"
    2. \n" +"
  2. \n" +" Click the menu button with the Customize and control " +"Google Chrome tooltip, which is by default in the top right-hand corner " +"of Chrome, and click Settings.\n" +"
    3. \n" +"
  3. \n" +" Click Show advanced settings to display more " +"options, and then click the Manage certificates button located " +"under the HTTPS/SSL heading.\n" +"
    4. \n" +"
  4. \n" +" In the Authorities tab, click the Import " +"button at the bottom.\n" +"
    5. \n" +"
  5. Select the CA certificate file that you downloaded in the first step.\n" +"
\n" "\n" -"EXAMPLES:\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1872 +msgid "" +"

\n" +" Enable SPNEGO (Simple and Protected GSSAPI Negotiation " +"Mechanism) to Use Kerberos Authentication\n" +" in Chrome\n" +"

\n" +"
    \n" +"
  1. \n" +" Make sure you have the necessary directory created by " +"running:\n" +"
    \n" +" [root@client]# mkdir -p /etc/opt/chrome/policies/" +"managed/\n" +"
    \n" +"
    2. \n" +"
  2. \n" +" Create a new /etc/opt/chrome/policies/managed/mydomain." +"json file with write privileges limited to the system administrator " +"or root, and include the following line:\n" +"
    \n" +" { \"AuthServerWhitelist\": \"*.example.com\" }\n" +"
    \n" +"
    \n" +" You can do this by running:\n" +"
    \n" +"
    \n" +" [root@server]# echo '{ \"AuthServerWhitelist\": \"*.example.com\" }' > /etc/opt/chrome/policies/" +"managed/mydomain.json\n" +"
    \n" +"
    3. \n" +"
\n" +"
    \n" +"

    \n" +"Note: If using Chromium, use /etc/chromium/policies/" +"managed/ instead of /etc/opt/chrome/policies/managed/ " +"for the two SPNEGO Chrome configuration steps above.\n" +"

    \n" +"
\n" "\n" -" Add a new stageuser:\n" -" ipa stageuser-add --first=Tim --last=User --password tuser1\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1917 +msgid "" +"

Internet Explorer

\n" +"

WARNING: Internet Explorer is no longer a supported " +"browser.

\n" +"

\n" +" Once you are able to log into the workstation with your kerberos " +"key you are now able to use that ticket in Internet Explorer.\n" +"

\n" +"

\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1928 +msgid "" +"Log into the Windows machine using an account of your Kerberos realm " +"(administrative domain)\n" +"

\n" +"

\n" +"In Internet Explorer, click Tools, and then click Internet Options.\n" +"

\n" +"
\n" +"
    \n" +"
  1. Click the Security tab
    2. \n" +"
  2. Click Local intranet
    3. \n" +"
  3. Click Sites
    4. \n" +"
  4. Click Advanced
    5. \n" +"
  5. Add your domain to the list
    6. \n" +"
\n" +"
    \n" +"
  1. Click the Security tab
    2. \n" +"
  2. Click Local intranet
    3. \n" +"
  3. Click Custom Level
    4. \n" +"
  4. Select Automatic logon only in Intranet zone
    5. \n" +"
\n" "\n" -" Add a stageuser from the deleted users container:\n" -" ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" +"
    \n" +"
  1. Visit a kerberized web site using IE (You must use the fully-qualified " +"Domain Name in the URL)
    2. \n" +"
  2. You are all set.
    3. \n" +"
\n" +"
\n" "\n" msgstr "" -#: ipaserver/plugins/stageuser.py:136 -msgid "Stage Users" +#: ipaserver/plugins/internal.py:1965 +msgid "Working" msgstr "" -#: ipaserver/plugins/stageuser.py:137 -msgid "Stage User" +#: ipaserver/plugins/internal.py:1968 +msgid "Audit" msgstr "" -#: ipaserver/plugins/stageuser.py:138 -msgid "stage user" +#: ipaserver/plugins/internal.py:1969 +msgid "Authentication" msgstr "" -#: ipaserver/plugins/stageuser.py:139 -msgid "stage users" +#: ipaserver/plugins/internal.py:1971 +msgid "Automount" msgstr "" -#: ipaserver/plugins/stageuser.py:286 -#, python-format -msgid "Added stage user \"%(value)s\"" +#: ipaserver/plugins/internal.py:1973 +msgid "DNS" msgstr "" -#: ipaserver/plugins/stageuser.py:305 -msgid "givenname is required" +#: ipaserver/plugins/internal.py:1974 +msgid "Host-Based Access Control" msgstr "" -#: ipaserver/plugins/stageuser.py:308 -msgid "sn is required" +#: ipaserver/plugins/internal.py:1975 +msgid "Identity" msgstr "" -#: ipaserver/plugins/stageuser.py:443 -#, python-format -msgid "Deleted stage user \"%(value)s\"" +#: ipaserver/plugins/internal.py:1977 +msgid "Network Services" msgstr "" -#: ipaserver/plugins/stageuser.py:449 -#, python-format -msgid "Modified stage user \"%(value)s\"" +#: ipaserver/plugins/internal.py:1978 +msgid "Policy" msgstr "" -#: ipaserver/plugins/stageuser.py:496 ipaserver/plugins/user.py:919 -#, python-format -msgid "%(count)d user matched" -msgid_plural "%(count)d users matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/internal.py:1979 +msgid "Role-Based Access Control" +msgstr "" -#: ipaserver/plugins/stageuser.py:520 -#, python-format -msgid "Activate a stage user \"%(value)s\"" +#: ipaserver/plugins/internal.py:1980 +msgid "Subordinate IDs" msgstr "" -#: ipaserver/plugins/stageuser.py:533 -msgid "Entry RDN is not 'uid'" +#: ipaserver/plugins/internal.py:1981 +msgid "Sudo" msgstr "" -#: ipaserver/plugins/stageuser.py:539 -#, python-format -msgid "Entry has no '%(attribute)s'" +#: ipaserver/plugins/internal.py:1982 +msgid "Topology" msgstr "" -#: ipaserver/plugins/stageuser.py:715 -#, python-format -msgid "active user with name \"%(user)s\" already exists" +#: ipaserver/plugins/internal.py:1985 +msgid "True" msgstr "" -#: ipaserver/plugins/stageuser.py:779 -#, python-format -msgid "Stage user %s activated" +#: ipaserver/plugins/internal.py:1987 +msgid "" +"

Unable to verify your Kerberos credentials

\n" +"

\n" +" Please make sure that you have valid Kerberos tickets " +"(obtainable via kinit), and that you have configured your " +"browser correctly.\n" +"

\n" +"\n" +"

Browser configuration

\n" +"\n" +"
\n" +"

\n" +" If this is your first time, please configure your browser.\n" +"

\n" +"
\n" msgstr "" -#: ipaserver/plugins/stageuser.py:796 -msgid "Add one or more certificates to the stageuser entry" +#: ipaserver/plugins/internal.py:2004 +msgid "API Browser" msgstr "" -#: ipaserver/plugins/stageuser.py:797 -#, python-format -msgid "Added certificates to stageuser \"%(value)s\"" +#: ipaserver/plugins/internal.py:2005 +msgid "First" msgstr "" -#: ipaserver/plugins/stageuser.py:802 -msgid "Remove one or more certificates to the stageuser entry" +#: ipaserver/plugins/internal.py:2006 +msgid "Last" msgstr "" -#: ipaserver/plugins/stageuser.py:803 -#, python-format -msgid "Removed certificates from stageuser \"%(value)s\"" +#: ipaserver/plugins/internal.py:2007 +msgid "Next" msgstr "" -#: ipaserver/plugins/stageuser.py:808 -msgid "Add new principal alias to the stageuser entry" +#: ipaserver/plugins/internal.py:2008 +msgid "Page" msgstr "" -#: ipaserver/plugins/stageuser.py:809 -#, python-format -msgid "Added new aliases to stageuser \"%(value)s\"" +#: ipaserver/plugins/internal.py:2009 +msgid "Prev" msgstr "" -#: ipaserver/plugins/stageuser.py:814 -msgid "Remove principal alias from the stageuser entry" +#: ipaserver/plugins/internal.py:2010 +msgid "Undo" msgstr "" -#: ipaserver/plugins/stageuser.py:815 -#, python-format -msgid "Removed aliases from stageuser \"%(value)s\"" +#: ipaserver/plugins/internal.py:2011 +msgid "Undo this change." msgstr "" -#: ipaserver/plugins/stageuser.py:820 -msgid "Add one or more certificate mappings to the stage user entry." +#: ipaserver/plugins/internal.py:2012 +msgid "Undo All" msgstr "" -#: ipaserver/plugins/stageuser.py:826 -msgid "Remove one or more certificate mappings from the stage user entry." +#: ipaserver/plugins/internal.py:2013 +msgid "Undo all changes in this field." msgstr "" -#: ipaserver/plugins/stageuser.py:832 -msgid "Add one or more passkey mappings to the stage user entry." +#: ipaserver/plugins/internal.py:2015 +msgid "Text does not match field pattern" msgstr "" -#: ipaserver/plugins/stageuser.py:838 -msgid "Remove one or more passkey mappings from the stage user entry." +#: ipaserver/plugins/internal.py:2016 +msgid "Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")" msgstr "" -#: ipaserver/plugins/sudorule.py:43 -msgid "" -"\n" -"Sudo Rules\n" +#: ipaserver/plugins/internal.py:2017 +msgid "Must be a decimal number" msgstr "" -#: ipaserver/plugins/sudorule.py:45 -msgid "" -"\n" -"Sudo (su \"do\") allows a system administrator to delegate authority to\n" -"give certain users (or groups of users) the ability to run some (or all)\n" -"commands as root or another user while providing an audit trail of the\n" -"commands and their arguments.\n" +#: ipaserver/plugins/internal.py:2018 +msgid "Format error" msgstr "" -#: ipaserver/plugins/sudorule.py:50 -msgid "" -"\n" -"IPA provides a means to configure the various aspects of Sudo:\n" -" Users: The user(s)/group(s) allowed to invoke Sudo.\n" -" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " -"Sudo.\n" -" Allow Command: The specific command(s) permitted to be run via Sudo.\n" -" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" -" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " -"invoked with.\n" -" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" -" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +#: ipaserver/plugins/internal.py:2019 +msgid "Must be an integer" msgstr "" -#: ipaserver/plugins/sudorule.py:59 -msgid "" -"\n" -"Each option needs to be added separately and no validation is done whether\n" -"the option is known by sudo or is in a valid format. Environment variables\n" -"also need to be set individually. For example env_keep=\"FOO BAR\" in " -"sudoers\n" -"needs be represented as --sudooption env_keep=FOO --sudooption " -"env_keep+=BAR.\n" +#: ipaserver/plugins/internal.py:2020 +msgid "Not a valid IP address" msgstr "" -#: ipaserver/plugins/sudorule.py:64 -msgid "" -"\n" -"An order can be added to a sudorule to control the order in which they\n" -"are evaluated (if the client supports it). This order is an integer and\n" -"must be unique.\n" +#: ipaserver/plugins/internal.py:2021 +msgid "Not a valid IPv4 address" msgstr "" -#: ipaserver/plugins/sudorule.py:68 -msgid "" -"\n" -"IPA provides a designated binddn to use with Sudo located at:\n" -"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +#: ipaserver/plugins/internal.py:2022 +msgid "Not a valid IPv6 address" msgstr "" -#: ipaserver/plugins/sudorule.py:71 -msgid "" -"\n" -"To enable the binddn run the following command to set the password:\n" -"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -H ldap://ipa." -"example.com -ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc," -"dc=example,dc=com\n" +#: ipaserver/plugins/internal.py:2023 +#, python-brace-format +msgid "Maximum value is ${value}" msgstr "" -#: ipaserver/plugins/sudorule.py:78 -msgid "" -"\n" -" Create a new rule:\n" -" ipa sudorule-add readfiles\n" +#: ipaserver/plugins/internal.py:2024 +#, python-brace-format +msgid "Minimum value is ${value}" msgstr "" -#: ipaserver/plugins/sudorule.py:81 -msgid "" -"\n" -" Add sudo command object and add it as allowed command in the rule:\n" -" ipa sudocmd-add /usr/bin/less\n" -" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" +#: ipaserver/plugins/internal.py:2025 +msgid "Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)" msgstr "" -#: ipaserver/plugins/sudorule.py:85 -msgid "" -"\n" -" Add a host to the rule:\n" -" ipa sudorule-add-host readfiles --hosts server.example.com\n" +#: ipaserver/plugins/internal.py:2026 +msgid "Parse error" +msgstr "" + +#: ipaserver/plugins/internal.py:2027 +msgid "Must be a positive number" msgstr "" -#: ipaserver/plugins/sudorule.py:88 -msgid "" -"\n" -" Add a user to the rule:\n" -" ipa sudorule-add-user readfiles --users jsmith\n" +#: ipaserver/plugins/internal.py:2028 +#, python-brace-format +msgid "'${port}' is not a valid port" msgstr "" -#: ipaserver/plugins/sudorule.py:91 -msgid "" -"\n" -" Add a special Sudo rule for default Sudo server configuration:\n" -" ipa sudorule-add defaults\n" +#: ipaserver/plugins/internal.py:2029 +msgid "Required field" msgstr "" -#: ipaserver/plugins/sudorule.py:94 -msgid "" -"\n" -" Set a default Sudo option:\n" -" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" +#: ipaserver/plugins/internal.py:2030 +msgid "Unsupported value" msgstr "" -#: ipaserver/plugins/sudorule.py:97 -msgid "" -"\n" -" Set multiple default Sudo options:\n" -" ipa sudorule-add-option defaults --sudooption '!authenticate' --" -"sudooption mail_badpass\n" +#: ipaserver/plugins/krbtpolicy.py:86 +msgid "kerberos ticket policy settings" msgstr "" -#: ipaserver/plugins/sudorule.py:101 -msgid "" -"\n" -" Set SELinux type and role transitions on a rule:\n" -" ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n" -" ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n" +#: ipaserver/plugins/krbtpolicy.py:152 +msgid "OTP max life" msgstr "" -#: ipaserver/plugins/sudorule.py:120 -msgid "this option has been deprecated." +#: ipaserver/plugins/krbtpolicy.py:153 +msgid "OTP token maximum ticket life (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:148 -msgid "sudo rules" +#: ipaserver/plugins/krbtpolicy.py:157 +msgid "OTP max renew" msgstr "" -#: ipaserver/plugins/sudorule.py:236 -msgid "Sudo Rules" +#: ipaserver/plugins/krbtpolicy.py:158 +msgid "OTP token ticket maximum renewable age (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:237 -msgid "Sudo Rule" +#: ipaserver/plugins/krbtpolicy.py:162 +msgid "RADIUS max life" msgstr "" -#: ipaserver/plugins/sudorule.py:372 -#, python-format -msgid "order must be a unique value (%(order)d already used by %(rule)s)" +#: ipaserver/plugins/krbtpolicy.py:163 +msgid "RADIUS maximum ticket life (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:403 -#, python-format -msgid "Added Sudo Rule \"%(value)s\"" +#: ipaserver/plugins/krbtpolicy.py:167 +msgid "RADIUS max renew" msgstr "" -#: ipaserver/plugins/sudorule.py:410 -#, python-format -msgid "Deleted Sudo Rule \"%(value)s\"" +#: ipaserver/plugins/krbtpolicy.py:168 +msgid "RADIUS ticket maximum renewable age (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:417 -#, python-format -msgid "Modified Sudo Rule \"%(value)s\"" +#: ipaserver/plugins/krbtpolicy.py:172 +msgid "PKINIT max life" msgstr "" -#: ipaserver/plugins/sudorule.py:436 -#, python-format -msgid "" -"%(type)s category cannot be set to 'all' while there are allowed %(objects)s" +#: ipaserver/plugins/krbtpolicy.py:173 +msgid "PKINIT maximum ticket life (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:442 ipaserver/plugins/user.py:182 -msgid "users" +#: ipaserver/plugins/krbtpolicy.py:177 +msgid "PKINIT max renew" msgstr "" -#: ipaserver/plugins/sudorule.py:452 -msgid "command" +#: ipaserver/plugins/krbtpolicy.py:178 +msgid "PKINIT ticket maximum renewable age (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:452 -msgid "commands" +#: ipaserver/plugins/krbtpolicy.py:182 +msgid "Hardened max life" msgstr "" -#: ipaserver/plugins/sudorule.py:458 -msgid "runAs user" +#: ipaserver/plugins/krbtpolicy.py:183 +msgid "Hardened ticket maximum ticket life (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:458 -msgid "runAs users" +#: ipaserver/plugins/krbtpolicy.py:187 +msgid "Hardened max renew" msgstr "" -#: ipaserver/plugins/sudorule.py:463 -msgid "group runAs" +#: ipaserver/plugins/krbtpolicy.py:188 +msgid "Hardened ticket maximum renewable age (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:463 -msgid "runAs groups" +#: ipaserver/plugins/krbtpolicy.py:192 +msgid "IdP max life" msgstr "" -#: ipaserver/plugins/sudorule.py:484 -#, python-format -msgid "%(count)d Sudo Rule matched" -msgid_plural "%(count)d Sudo Rules matched" -msgstr[0] "" -msgstr[1] "" +#: ipaserver/plugins/krbtpolicy.py:193 +msgid "External Identity Provider ticket maximum ticket life (seconds)" +msgstr "" -#: ipaserver/plugins/sudorule.py:556 -msgid "commands cannot be added when command category='all'" +#: ipaserver/plugins/krbtpolicy.py:198 +msgid "IdP max renew" msgstr "" -#: ipaserver/plugins/sudorule.py:818 ipaserver/plugins/sudorule.py:940 -msgid "users cannot be added when runAs user or runAs group category='all'" +#: ipaserver/plugins/krbtpolicy.py:199 +msgid "External Identity Provider ticket maximum renewable age (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:825 -#, python-format -msgid "RunAsUser does not accept '%(name)s' as a user name" +#: ipaserver/plugins/krbtpolicy.py:204 +msgid "Passkey max life" msgstr "" -#: ipaserver/plugins/sudorule.py:833 -#, python-format -msgid "RunAsUser does not accept '%(name)s' as a group name" +#: ipaserver/plugins/krbtpolicy.py:205 +msgid "Passkey ticket maximum ticket life (seconds)" msgstr "" -#: ipaserver/plugins/sudorule.py:947 -#, python-format -msgid "RunAsGroup does not accept '%(name)s' as a group name" +#: ipaserver/plugins/krbtpolicy.py:209 +msgid "Passkey max renew" msgstr "" -#: ipaserver/plugins/trust.py:83 -msgid "" -"\n" -"Cross-realm trusts\n" -"\n" -"Manage trust relationship between IPA and Active Directory domains.\n" -"\n" -"In order to allow users from a remote domain to access resources in IPA " -"domain,\n" -"trust relationship needs to be established. Currently IPA supports only " -"trusts\n" -"between IPA and Active Directory domains under control of Windows Server " -"2008\n" -"or later, with functional level 2008 or later.\n" -"\n" -"Please note that DNS on both IPA and Active Directory domain sides should " -"be\n" -"configured properly to discover each other. Trust relationship relies on\n" -"ability to discover special resources in the other domain via DNS records.\n" -"\n" -"Examples:\n" -"\n" -"1. Establish cross-realm trust with Active Directory using AD administrator\n" -" credentials:\n" -"\n" -" ipa trust-add --type=ad --admin --password\n" -"\n" -"2. List all existing trust relationships:\n" -"\n" -" ipa trust-find\n" -"\n" -"3. Show details of the specific trust relationship:\n" -"\n" -" ipa trust-show \n" -"\n" -"4. Delete existing trust relationship:\n" -"\n" -" ipa trust-del \n" -"\n" -"Once trust relationship is established, remote users will need to be mapped\n" -"to local POSIX groups in order to actually use IPA resources. The mapping\n" -"should be done via use of external membership of non-POSIX group and then\n" -"this group should be included into one of local POSIX groups.\n" -"\n" -"Example:\n" -"\n" -"1. Create group for the trusted domain admins' mapping and their local " -"POSIX\n" -"group:\n" -"\n" -" ipa group-add --desc=' admins external map' " -"ad_admins_external --external\n" -" ipa group-add --desc=' admins' ad_admins\n" -"\n" -"2. Add security identifier of Domain Admins of the to the\n" -" ad_admins_external group:\n" -"\n" -" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" -"\n" -"3. Allow members of ad_admins_external group to be associated with\n" -" ad_admins POSIX group:\n" -"\n" -" ipa group-add-member ad_admins --groups ad_admins_external\n" -"\n" -"4. List members of external members of ad_admins_external group to see\n" -" their SIDs:\n" -"\n" -" ipa group-show ad_admins_external\n" -"\n" -"\n" -"GLOBAL TRUST CONFIGURATION\n" -"\n" -"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n" -"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" -"identifiers are then used when communicating with a trusted domain of the\n" -"particular type.\n" -"\n" -"1. Show global trust configuration for Active Directory type of trusts:\n" -"\n" -" ipa trustconfig-show --type ad\n" -"\n" -"2. Modify global configuration for all trusts of Active Directory type and " -"set\n" -" a different fallback primary group (fallback primary group GID is used as " -"a\n" -" primary user GID if user authenticating to IPA domain does not have any\n" -" other primary GID already set):\n" -"\n" -" ipa trustconfig-mod --type ad --fallback-primary-group \"another AD " -"group\"\n" -"\n" -"3. Change primary fallback group back to default hidden group (any group " -"with\n" -" posixGroup object class is allowed):\n" -"\n" -" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB " -"Group\"\n" +#: ipaserver/plugins/krbtpolicy.py:210 +msgid "Passkey ticket maximum renewable age (seconds)" msgstr "" -#: ipaserver/plugins/trust.py:226 +#: ipaserver/plugins/krbtpolicy.py:294 #, python-format -msgid "" -" Alternatively, following servers are capable of running this command: " -"%(masters)s" +msgid "Ticket policy for %s could not be read" msgstr "" -#: ipaserver/plugins/trust.py:239 ipaserver/plugins/trust.py:875 -#: ipaserver/plugins/trust.py:891 ipaserver/plugins/trust.py:912 -#: ipaserver/plugins/trust.py:922 ipaserver/plugins/trust.py:1075 -#: ipaserver/plugins/trust.py:1110 -msgid "AD Trust setup" +#: ipaserver/plugins/krbtpolicy.py:314 +msgid "Default ticket policy could not be read" +msgstr "" + +#: ipaserver/plugins/passkeyconfig.py:19 +msgid "" +"\n" +"Passkey configuration\n" msgstr "" -#: ipaserver/plugins/trust.py:250 +#: ipaserver/plugins/passkeyconfig.py:21 msgid "" -"Cannot perform the selected command without Samba 4 support installed. Make " -"sure you have installed server-trust-ad sub-package of IPA." +"\n" +"Manage Passkey configuration.\n" msgstr "" -#: ipaserver/plugins/trust.py:260 +#: ipaserver/plugins/passkeyconfig.py:23 msgid "" -"Cannot perform the selected command without Samba 4 instance configured on " -"this machine. Make sure you have run ipa-adtrust-install on this server." +"\n" +"IPA supports the use of passkeys for authentication. A passkey\n" +"device has to be registered to SSSD and the resulting authentication " +"mapping\n" +"stored in the user entry.\n" +"The passkey authentication supports the following configuration option:\n" +"require user verification. When set, the method for user verification " +"depends\n" +"on the type of device (PIN, fingerprint, external pad...)\n" msgstr "" -#: ipaserver/plugins/trust.py:477 +#: ipaserver/plugins/passkeyconfig.py:32 msgid "" -"Fetching domains from trusted forest failed. See details in the error_log" +"\n" +" Display the Passkey configuration:\n" +" ipa passkeyconfig-show\n" msgstr "" -#: ipaserver/plugins/trust.py:490 -msgid "trust" +#: ipaserver/plugins/passkeyconfig.py:35 +msgid "" +"\n" +" Modify the Passkey configuration to always require user verification:\n" +" ipa passkeyconfig-mod --require-user-verification=TRUE\n" msgstr "" -#: ipaserver/plugins/trust.py:491 -msgid "trusts" +#: ipaserver/plugins/passkeyconfig.py:48 +msgid "Passkey configuration options" msgstr "" -#: ipaserver/plugins/trust.py:534 -msgid "Trust" +#: ipaserver/plugins/passkeyconfig.py:52 ipaserver/plugins/passkeyconfig.py:53 +msgid "Passkey Configuration" msgstr "" -#: ipaserver/plugins/trust.py:552 -msgid "SID blocklist incoming" +#: ipaserver/plugins/passkeyconfig.py:59 +msgid "Require user verification" msgstr "" -#: ipaserver/plugins/trust.py:556 -msgid "SID blocklist outgoing" +#: ipaserver/plugins/passkeyconfig.py:60 +msgid "Require user verification during authentication" msgstr "" -#: ipaserver/plugins/trust.py:572 -msgid "UPN suffixes" +#: ipaserver/plugins/passkeyconfig.py:89 +msgid "Modify Passkey configuration." msgstr "" -#: ipaserver/plugins/trust.py:589 -#, python-brace-format -msgid "invalid SID: {SID}" +#: ipaserver/plugins/passkeyconfig.py:94 +msgid "Show the current Passkey configuration." msgstr "" -#: ipaserver/plugins/trust.py:658 +#: ipaserver/plugins/service.py:60 msgid "" "\n" -"Add new trust to use.\n" +"Services\n" "\n" -"This command establishes trust relationship to another domain\n" -"which becomes 'trusted'. As result, users of the trusted domain\n" -"may access resources of this domain.\n" +"A IPA service represents a service that runs on a host. The IPA service\n" +"record can store a Kerberos principal, an SSL certificate, or both.\n" "\n" -"Only trusts to Active Directory domains are supported right now.\n" +"An IPA service can be managed directly from a machine, provided that\n" +"machine has been given the correct permission. This is true even for\n" +"machines other than the one the service is associated with. For example,\n" +"requesting an SSL certificate using the host service principal credentials\n" +"of the host. To manage a service using host credentials you need to\n" +"kinit as the host:\n" "\n" -"The command can be safely run multiple times against the same domain,\n" -"this will cause change to trust relationship credentials on both\n" -"sides.\n" +" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" "\n" -"Note that if the command was previously run with a specific range type,\n" -"or with automatic detection of the range type, and you want to configure a\n" -"different range type, you may need to delete first the ID range using\n" -"ipa idrange-del before retrying the command with the desired range type.\n" -" " +"Adding an IPA service allows the associated service to request an SSL\n" +"certificate or keytab, but this is performed as a separate step; they\n" +"are not produced as a result of adding the service.\n" +"\n" +"Only the public aspect of a certificate is stored in a service record;\n" +"the private key is not stored.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new IPA service:\n" +" ipa service-add HTTP/web.example.com\n" +"\n" +" Allow a host to manage an IPA service certificate:\n" +" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" +" ipa role-add-member --hosts=web.example.com certadmin\n" +"\n" +" Override a default list of supported PAC types for the service:\n" +" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" +"\n" +" A typical use case where overriding the PAC type is needed is NFS.\n" +" Currently the related code in the Linux kernel can only handle Kerberos\n" +" tickets up to a maximal size. Since the PAC data can become quite large " +"it\n" +" is recommended to set --pac-type=NONE for NFS services.\n" +"\n" +" Delete an IPA service:\n" +" ipa service-del HTTP/web.example.com\n" +"\n" +" Find all IPA services associated with a host:\n" +" ipa service-find web.example.com\n" +"\n" +" Find all HTTP services:\n" +" ipa service-find HTTP\n" +"\n" +" Disable the service Kerberos key and SSL certificate:\n" +" ipa service-disable HTTP/web.example.com\n" +"\n" +" Request a certificate for an IPA service:\n" +" ipa cert-request --principal=HTTP/web.example.com example.csr\n" msgstr "" -#: ipaserver/plugins/trust.py:716 -msgid "Type of trusted domain ID range, one of allowed values" +#: ipaserver/plugins/service.py:113 +msgid "" +"\n" +" Allow user to create a keytab:\n" +" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" msgstr "" -#: ipaserver/plugins/trust.py:728 -msgid "External trust" +#: ipaserver/plugins/service.py:116 +msgid "" +"\n" +" Generate and retrieve a keytab for an IPA service:\n" +" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" +"httpd.keytab\n" +"\n" msgstr "" -#: ipaserver/plugins/trust.py:730 -msgid "" -"Establish external trust to a domain in another forest. The trust is not " -"transitive beyond the domain." +#: ipaserver/plugins/service.py:188 +msgid "Trusted to authenticate as user" msgstr "" -#: ipaserver/plugins/trust.py:736 -#, python-format -msgid "Added Active Directory trust for realm \"%(value)s\"" +#: ipaserver/plugins/service.py:189 +msgid "The service is allowed to authenticate on behalf of a client" msgstr "" -#: ipaserver/plugins/trust.py:737 +#: ipaserver/plugins/service.py:234 #, python-format -msgid "Re-established trust to domain \"%(value)s\"" +msgid "authentication indicators not allowed in service \"%s\"" msgstr "" -#: ipaserver/plugins/trust.py:833 -msgid "missing base_id" +#: ipaserver/plugins/service.py:250 +msgid "Malformed principal" msgstr "" -#: ipaserver/plugins/trust.py:835 -msgid "pysss_murmur is not available on the server and no base-id is given." +#: ipaserver/plugins/service.py:329 +msgid "{} is required by the IPA master" msgstr "" -#: ipaserver/plugins/trust.py:845 -msgid "trust type" +#: ipaserver/plugins/service.py:403 +msgid "service" msgstr "" -#: ipaserver/plugins/trust.py:846 -msgid "only \"ad\" is supported" +#: ipaserver/plugins/service.py:404 +msgid "services" msgstr "" -#: ipaserver/plugins/trust.py:853 -msgid "" -"Cannot establish a trust to AD deployed in the same domain as IPA. Such " -"setup is not supported." +#: ipaserver/plugins/service.py:541 +msgid "Service principal alias" msgstr "" -#: ipaserver/plugins/trust.py:866 -msgid "Realm-domain mismatch" +#: ipaserver/plugins/service.py:557 +msgid "Base-64 encoded service certificate" msgstr "" -#: ipaserver/plugins/trust.py:867 +#: ipaserver/plugins/service.py:608 msgid "" -"To establish trust with Active Directory, the domain name and the realm name " -"of the IPA server must match" +"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" +"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " +"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " +"'hardened' to allow brute-force hardened password authentication by SPAKE or " +"FAST. Use 'idp' to allow authentication against an external Identity " +"Provider supporting OAuth 2.0 Device Authorization Flow (RFC 8628). Use " +"'passkey' to allow passkey-based 2FA authentications. With no indicator " +"specified, all authentication mechanisms are allowed." msgstr "" -#: ipaserver/plugins/trust.py:893 +#: ipaserver/plugins/service.py:638 +msgid "NONE value cannot be combined with other PAC types" +msgstr "" + +#: ipaserver/plugins/service.py:690 +msgid "Add a new IPA service." +msgstr "" + +#: ipaserver/plugins/service.py:692 ipaserver/plugins/service.py:761 #, python-format +msgid "Added service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:698 +msgid "force principal name even if host not in DNS" +msgstr "" + +#: ipaserver/plugins/service.py:701 +msgid "Skip host check" +msgstr "" + +#: ipaserver/plugins/service.py:702 msgid "" -"Trusted domain %(domain)s is included among IPA realm domains. It needs to " -"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --" -"del-domain\" command." +"force service to be created even when host object does not exist to manage it" msgstr "" -#: ipaserver/plugins/trust.py:914 -msgid "Trusted domain and administrator account use different realms" +#: ipaserver/plugins/service.py:720 ipaserver/plugins/service.py:829 +#, python-format +msgid "The host '%s' does not exist to add a service to." msgstr "" -#: ipaserver/plugins/trust.py:923 -msgid "Realm administrator password should be specified" +#: ipaserver/plugins/service.py:759 +msgid "Add a new SMB service." msgstr "" -#: ipaserver/plugins/trust.py:944 -msgid "id range type" +#: ipaserver/plugins/service.py:775 +msgid "SMB service NetBIOS name" msgstr "" -#: ipaserver/plugins/trust.py:946 -msgid "" -"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-" -"type when adding an AD trust." +#: ipaserver/plugins/service.py:889 +#, python-format +msgid "Deleted service \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:956 -msgid "id range" +#: ipaserver/plugins/service.py:909 +#, python-format +msgid "Modified service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:960 +#, python-format +msgid "%(count)d service matched" +msgid_plural "%(count)d services matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/service.py:1159 +#, python-format +msgid "Disabled service \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:958 -msgid "" -"An id range already exists for this trust. You should either delete the old " -"range, or exclude --base-id/--range-size options from the command." +#: ipaserver/plugins/service.py:1200 +#, python-format +msgid "Added certificates to service principal \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:980 -msgid "range exists" +#: ipaserver/plugins/service.py:1207 +#, python-format +msgid "Removed certificates from service principal \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:982 -msgid "" -"ID range with the same name but different domain SID already exists. The ID " -"range for the new trusted domain must be created manually." +#: ipaserver/plugins/service.py:1223 +msgid "Add new principal alias to a service" msgstr "" -#: ipaserver/plugins/trust.py:990 -msgid "range type change" +#: ipaserver/plugins/service.py:1224 +#, python-format +msgid "Added new aliases to the service principal \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:991 -msgid "" -"ID range for the trusted domain already exists, but it has a different type. " -"Please remove the old range manually, or do not enforce type via --range-" -"type option." +#: ipaserver/plugins/service.py:1235 +msgid "Remove principal alias from a service" msgstr "" -#: ipaserver/plugins/trust.py:1029 -#, python-brace-format -msgid "Unable to resolve domain controller for {domain} domain. " +#: ipaserver/plugins/service.py:1236 +#, python-format +msgid "Removed aliases to the service principal \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1043 -msgid "" -"Forward policy is defined for it in IPA DNS, perhaps forwarder points to " -"incorrect host?" +#: ipaserver/plugins/service.py:1246 +msgid "Add new resource delegation to a service" msgstr "" -#: ipaserver/plugins/trust.py:1049 -#, python-brace-format -msgid "" -"IPA manages DNS, please verify your DNS configuration and make sure that " -"service records of the '{domain}' domain can be resolved. Examples how to " -"configure DNS with CLI commands or the Web UI can be found in the " -"documentation. " +#: ipaserver/plugins/service.py:1247 +#, python-format +msgid "Added new resource delegation to the service principal \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1061 -#, python-brace-format -msgid "" -"Since IPA does not manage DNS records, ensure DNS is configured to resolve " -"'{domain}' domain from IPA hosts and back." +#: ipaserver/plugins/service.py:1261 +msgid "Remove resource delegation from a service" msgstr "" -#: ipaserver/plugins/trust.py:1076 -msgid "Unable to verify write permissions to the AD" +#: ipaserver/plugins/service.py:1262 +#, python-format +msgid "Removed resource delegation from the service principal \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1111 -msgid "Not enough arguments specified to perform trust setup" +#: ipaserver/plugins/service.py:1269 +msgid "" +"Allow users, groups, hosts or host groups to handle a resource delegation of " +"this service." msgstr "" -#: ipaserver/plugins/trust.py:1119 -#, python-format -msgid "Deleted trust \"%(value)s\"" +#: ipaserver/plugins/service.py:1289 +msgid "" +"Disallow users, groups, hosts or host groups to handle a resource delegation " +"of this service." msgstr "" -#: ipaserver/plugins/trust.py:1124 +#: ipaserver/plugins/stageuser.py:67 msgid "" "\n" -" Modify a trust (for future use).\n" +"Stageusers\n" +"\n" +"Manage stage user entries.\n" +"\n" +"Stage user entries are directly under the container: \"cn=stage users,\n" +"cn=accounts, cn=provisioning, SUFFIX\".\n" +"Users can not authenticate with those entries (even if the entries\n" +"contain credentials). Those entries are only candidate to become Active " +"entries.\n" +"\n" +"Active user entries are Posix users directly under the container: " +"\"cn=accounts, SUFFIX\".\n" +"Users can authenticate with Active entries, at the condition they have\n" +"credentials.\n" +"\n" +"Deleted user entries are Posix users directly under the container: " +"\"cn=deleted users,\n" +"cn=accounts, cn=provisioning, SUFFIX\".\n" +"Users can not authenticate with those entries, even if the entries contain " +"credentials.\n" +"\n" +"The stage user container contains entries:\n" +" - created by 'stageuser-add' commands that are Posix users,\n" +" - created by external provisioning system.\n" +"\n" +"A valid stage user entry MUST have:\n" +" - entry RDN is 'uid',\n" +" - ipaUniqueID is 'autogenerate'.\n" +"\n" +"IPA supports a wide range of username formats, but you need to be aware of " +"any\n" +"restrictions that may apply to your particular environment. For example,\n" +"usernames that start with a digit or usernames that exceed a certain length\n" +"may cause problems for some UNIX systems.\n" +"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" +"\n" +"The user name must follow these rules:\n" +"- cannot contain only numbers\n" +"- must start with a letter, a number, _ or .\n" +"- may contain letters, numbers, _, ., or -\n" +"- may end with a letter, a number, _, ., - or $\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new stageuser:\n" +" ipa stageuser-add --first=Tim --last=User --password tuser1\n" +"\n" +" Add a stageuser from the deleted users container:\n" +" ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" "\n" -" Currently only the default option to modify the LDAP attributes is\n" -" available. More specific options will be added in coming releases.\n" -" " -msgstr "" - -#: ipaserver/plugins/trust.py:1131 -#, python-format -msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)" msgstr "" -#: ipaserver/plugins/trust.py:1149 -#, python-format -msgid "%(count)d trust matched" -msgid_plural "%(count)d trusts matched" -msgstr[0] "" -msgstr[1] "" - -#: ipaserver/plugins/trust.py:1238 -msgid "trust configuration" +#: ipaserver/plugins/stageuser.py:136 +msgid "Stage Users" msgstr "" -#: ipaserver/plugins/trust.py:1244 ipaserver/plugins/trust.py:1245 -msgid "Global Trust Configuration" +#: ipaserver/plugins/stageuser.py:137 +msgid "Stage User" msgstr "" -#: ipaserver/plugins/trust.py:1270 -msgid "IPA AD trust agents" +#: ipaserver/plugins/stageuser.py:138 +msgid "stage user" msgstr "" -#: ipaserver/plugins/trust.py:1271 -msgid "IPA servers configured as AD trust agents" +#: ipaserver/plugins/stageuser.py:139 +msgid "stage users" msgstr "" -#: ipaserver/plugins/trust.py:1276 -msgid "IPA AD trust controllers" +#: ipaserver/plugins/stageuser.py:286 +#, python-format +msgid "Added stage user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1277 -msgid "IPA servers configured as AD trust controllers" +#: ipaserver/plugins/stageuser.py:305 +msgid "givenname is required" msgstr "" -#: ipaserver/plugins/trust.py:1291 -msgid "unsupported trust type" +#: ipaserver/plugins/stageuser.py:308 +msgid "sn is required" msgstr "" -#: ipaserver/plugins/trust.py:1358 +#: ipaserver/plugins/stageuser.py:443 #, python-format -msgid "Modified \"%(value)s\" trust configuration" +msgid "Deleted stage user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1423 -msgid "SID" +#: ipaserver/plugins/stageuser.py:449 +#, python-format +msgid "Modified stage user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1549 -msgid "sidgen_was_run" -msgstr "" +#: ipaserver/plugins/stageuser.py:496 ipaserver/plugins/user.py:919 +#, python-format +msgid "%(count)d user matched" +msgid_plural "%(count)d users matched" +msgstr[0] "" +msgstr[1] "" -#: ipaserver/plugins/trust.py:1551 -msgid "" -"This command relies on the existence of the \"editors\" group, but this " -"group was not found." +#: ipaserver/plugins/stageuser.py:520 +#, python-format +msgid "Activate a stage user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1570 -msgid "trust domain" +#: ipaserver/plugins/stageuser.py:533 +msgid "Entry RDN is not 'uid'" msgstr "" -#: ipaserver/plugins/trust.py:1571 -msgid "trust domains" +#: ipaserver/plugins/stageuser.py:539 +#, python-format +msgid "Entry has no '%(attribute)s'" msgstr "" -#: ipaserver/plugins/trust.py:1579 -msgid "Trusted domains" +#: ipaserver/plugins/stageuser.py:715 +#, python-format +msgid "active user with name \"%(user)s\" already exists" msgstr "" -#: ipaserver/plugins/trust.py:1580 -msgid "Trusted domain" +#: ipaserver/plugins/stageuser.py:779 +#, python-format +msgid "Stage user %s activated" msgstr "" -#: ipaserver/plugins/trust.py:1594 -msgid "Domain enabled" +#: ipaserver/plugins/stageuser.py:796 +msgid "Add one or more certificates to the stageuser entry" msgstr "" -#: ipaserver/plugins/trust.py:1666 +#: ipaserver/plugins/stageuser.py:797 #, python-format -msgid "Removed information about the trusted domain \"%(value)s\"" +msgid "Added certificates to stageuser \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1684 -msgid "" -"cannot delete root domain of the trust, use trust-del to delete the trust " -"itself" +#: ipaserver/plugins/stageuser.py:802 +msgid "Remove one or more certificates to the stageuser entry" msgstr "" -#: ipaserver/plugins/trust.py:1835 -msgid "" -"List of trust domains successfully refreshed. Use trustdomain-find command " -"to list them." +#: ipaserver/plugins/stageuser.py:803 +#, python-format +msgid "Removed certificates from stageuser \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1843 -msgid "Configure this server as a trust agent." +#: ipaserver/plugins/stageuser.py:808 +msgid "Add new principal alias to the stageuser entry" msgstr "" -#: ipaserver/plugins/trust.py:1859 -msgid "Enable support for trusted domains for old clients" +#: ipaserver/plugins/stageuser.py:809 +#, python-format +msgid "Added new aliases to stageuser \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1875 -msgid "not allowed to remotely add agent" +#: ipaserver/plugins/stageuser.py:814 +msgid "Remove principal alias from the stageuser entry" msgstr "" -#: ipaserver/plugins/trust.py:1911 +#: ipaserver/plugins/stageuser.py:815 #, python-format -msgid "Enabled trust domain \"%(value)s\"" +msgid "Removed aliases from stageuser \"%(value)s\"" msgstr "" -#: ipaserver/plugins/trust.py:1920 -msgid "Root domain of the trust is always enabled for the existing trust" +#: ipaserver/plugins/stageuser.py:820 +msgid "Add one or more certificate mappings to the stage user entry." msgstr "" -#: ipaserver/plugins/trust.py:1953 -#, python-format -msgid "Disabled trust domain \"%(value)s\"" +#: ipaserver/plugins/stageuser.py:826 +msgid "Remove one or more certificate mappings from the stage user entry." msgstr "" -#: ipaserver/plugins/trust.py:1962 -msgid "" -"cannot disable root domain of the trust, use trust-del to delete the trust " -"itself" +#: ipaserver/plugins/stageuser.py:832 +msgid "Add one or more passkey mappings to the stage user entry." +msgstr "" + +#: ipaserver/plugins/stageuser.py:838 +msgid "Remove one or more passkey mappings from the stage user entry." msgstr "" #: ipaserver/plugins/user.py:82 @@ -27448,432 +27760,194 @@ msgstr "" msgid "Removed certificates from user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/user.py:1393 -msgid "Add new principal alias to the user entry" +#: ipaserver/plugins/user.py:1373 ipaserver/plugins/baseuser.py:1063 +msgid "Add one or more certificate mappings to the user entry." msgstr "" -#: ipaserver/plugins/user.py:1394 -#, python-format -msgid "Added new aliases to user \"%(value)s\"" +#: ipaserver/plugins/user.py:1378 ipaserver/plugins/baseuser.py:1082 +msgid "Remove one or more certificate mappings from the user entry." msgstr "" -#: ipaserver/plugins/user.py:1399 -msgid "Remove principal alias from the user entry" +#: ipaserver/plugins/user.py:1393 +msgid "Add new principal alias to the user entry" msgstr "" -#: ipaserver/plugins/user.py:1400 +#: ipaserver/plugins/user.py:1394 #, python-format -msgid "Removed aliases from user \"%(value)s\"" -msgstr "" - -#: ipaserver/plugins/vault.py:52 -msgid "" -"\n" -"Vaults\n" -msgstr "" - -#: ipaserver/plugins/vault.py:54 -msgid "" -"\n" -"Manage vaults.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:56 -msgid "" -"\n" -"Vault is a secure place to store a secret. One vault can only\n" -"store one secret. When archiving a secret in a vault, the\n" -"existing secret (if any) is overwritten.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:60 -msgid "" -"\n" -"Based on the ownership there are three vault categories:\n" -"* user/private vault\n" -"* service vault\n" -"* shared vault\n" -msgstr "" - -#: ipaserver/plugins/vault.py:65 -msgid "" -"\n" -"User vaults are vaults owned used by a particular user. Private\n" -"vaults are vaults owned the current user. Service vaults are\n" -"vaults owned by a service. Shared vaults are owned by the admin\n" -"but they can be used by other users or services.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:70 -msgid "" -"\n" -"Based on the security mechanism there are three types of\n" -"vaults:\n" -"* standard vault\n" -"* symmetric vault\n" -"* asymmetric vault\n" -msgstr "" - -#: ipaserver/plugins/vault.py:76 -msgid "" -"\n" -"Standard vault uses a secure mechanism to transport and\n" -"store the secret. The secret can only be retrieved by users\n" -"that have access to the vault.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:80 -msgid "" -"\n" -"Symmetric vault is similar to the standard vault, but it\n" -"pre-encrypts the secret using a password before transport.\n" -"The secret can only be retrieved using the same password.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:84 -msgid "" -"\n" -"Asymmetric vault is similar to the standard vault, but it\n" -"pre-encrypts the secret using a public key before transport.\n" -"The secret can only be retrieved using the private key.\n" -msgstr "" - -#: ipaserver/plugins/vault.py:90 -msgid "" -"\n" -" List vaults:\n" -" ipa vault-find\n" -" [--user |--service |--shared]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:94 -msgid "" -"\n" -" Add a standard vault:\n" -" ipa vault-add \n" -" [--user |--service |--shared]\n" -" --type standard\n" -msgstr "" - -#: ipaserver/plugins/vault.py:99 -msgid "" -"\n" -" Add a symmetric vault:\n" -" ipa vault-add \n" -" [--user |--service |--shared]\n" -" --type symmetric --password-file password.txt\n" -msgstr "" - -#: ipaserver/plugins/vault.py:104 -msgid "" -"\n" -" Add an asymmetric vault:\n" -" ipa vault-add \n" -" [--user |--service |--shared]\n" -" --type asymmetric --public-key-file public.pem\n" -msgstr "" - -#: ipaserver/plugins/vault.py:109 -msgid "" -"\n" -" Show a vault:\n" -" ipa vault-show \n" -" [--user |--service |--shared]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:113 -msgid "" -"\n" -" Modify vault description:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --desc \n" -msgstr "" - -#: ipaserver/plugins/vault.py:118 -msgid "" -"\n" -" Modify vault type:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --type \n" -" [old password/private key]\n" -" [new password/public key]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:125 -msgid "" -"\n" -" Modify symmetric vault password:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --change-password\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --old-password \n" -" --new-password \n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --old-password-file \n" -" --new-password-file \n" -msgstr "" - -#: ipaserver/plugins/vault.py:138 -msgid "" -"\n" -" Modify asymmetric vault keys:\n" -" ipa vault-mod \n" -" [--user |--service |--shared]\n" -" --private-key-file \n" -" --public-key-file \n" -msgstr "" - -#: ipaserver/plugins/vault.py:144 -msgid "" -"\n" -" Delete a vault:\n" -" ipa vault-del \n" -" [--user |--service |--shared]\n" -msgstr "" - -#: ipaserver/plugins/vault.py:148 -msgid "" -"\n" -" Display vault configuration:\n" -" ipa vaultconfig-show\n" -msgstr "" - -#: ipaserver/plugins/vault.py:151 -msgid "" -"\n" -" Archive data into standard vault:\n" -" ipa vault-archive \n" -" [--user |--service |--shared]\n" -" --in \n" -msgstr "" - -#: ipaserver/plugins/vault.py:156 -msgid "" -"\n" -" Archive data into symmetric vault:\n" -" ipa vault-archive \n" -" [--user |--service |--shared]\n" -" --in \n" -" --password-file password.txt\n" -msgstr "" - -#: ipaserver/plugins/vault.py:162 -msgid "" -"\n" -" Archive data into asymmetric vault:\n" -" ipa vault-archive \n" -" [--user |--service |--shared]\n" -" --in \n" -msgstr "" - -#: ipaserver/plugins/vault.py:167 -msgid "" -"\n" -" Retrieve data from standard vault:\n" -" ipa vault-retrieve \n" -" [--user |--service |--shared]\n" -" --out \n" +msgid "Added new aliases to user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/vault.py:172 -msgid "" -"\n" -" Retrieve data from symmetric vault:\n" -" ipa vault-retrieve \n" -" [--user |--service |--shared]\n" -" --out \n" -" --password-file password.txt\n" +#: ipaserver/plugins/user.py:1399 +msgid "Remove principal alias from the user entry" msgstr "" -#: ipaserver/plugins/vault.py:178 -msgid "" -"\n" -" Retrieve data from asymmetric vault:\n" -" ipa vault-retrieve \n" -" [--user |--service |--shared]\n" -" --out --private-key-file private.pem\n" +#: ipaserver/plugins/user.py:1400 +#, python-format +msgid "Removed aliases from user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/vault.py:183 -msgid "" -"\n" -" Add vault owners:\n" -" ipa vault-add-owner \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" +#: ipaserver/plugins/user.py:1410 ipaserver/plugins/baseuser.py:1109 +msgid "Remove one or more passkey mappings from the user entry." msgstr "" -#: ipaserver/plugins/vault.py:188 +#: ipaserver/plugins/baseuser.py:61 msgid "" "\n" -" Delete vault owners:\n" -" ipa vault-remove-owner \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" +"Baseuser\n" +"\n" +"This contains common definitions for user/stageuser\n" msgstr "" -#: ipaserver/plugins/vault.py:193 -msgid "" -"\n" -" Add vault members:\n" -" ipa vault-add-member \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" +#: ipaserver/plugins/baseuser.py:92 +msgid "must be TRUE or FALSE" msgstr "" -#: ipaserver/plugins/vault.py:198 +#: ipaserver/plugins/baseuser.py:158 msgid "" -"\n" -" Delete vault members:\n" -" ipa vault-remove-member \n" -" [--user |--service |--shared]\n" -" [--users ] [--groups ] [--services ]\n" +"Object class ipaNTUserAttrs is missing, user entry cannot have SMB " +"attributes." msgstr "" -#: ipaserver/plugins/vault.py:250 -msgid "" -"\n" -" Vault Container object.\n" -" " +#: ipaserver/plugins/baseuser.py:323 +msgid "User password expiration" msgstr "" -#: ipaserver/plugins/vault.py:256 -msgid "vaultcontainer" +#: ipaserver/plugins/baseuser.py:434 +msgid "External IdP configuration" msgstr "" -#: ipaserver/plugins/vault.py:257 -msgid "vaultcontainers" +#: ipaserver/plugins/baseuser.py:438 +msgid "External IdP user identifier" msgstr "" -#: ipaserver/plugins/vault.py:265 -msgid "Vault Containers" +#: ipaserver/plugins/baseuser.py:439 +msgid "A string that identifies the user at external IdP" msgstr "" -#: ipaserver/plugins/vault.py:266 -msgid "Vault Container" +#: ipaserver/plugins/baseuser.py:474 +msgid "SMB logon script path" msgstr "" -#: ipaserver/plugins/vault.py:355 -msgid "Service, shared and user options cannot be specified simultaneously" +#: ipaserver/plugins/baseuser.py:479 +msgid "SMB profile path" msgstr "" -#: ipaserver/plugins/vault.py:365 ipaserver/plugins/vault.py:695 -msgid "Host is not supported" +#: ipaserver/plugins/baseuser.py:484 +msgid "SMB Home Directory" msgstr "" -#: ipaserver/plugins/vault.py:407 ipaserver/plugins/vault.py:431 -#: ipaserver/plugins/vault.py:798 ipaserver/plugins/vault.py:836 -#: ipaserver/plugins/vault.py:892 ipaserver/plugins/vault.py:948 -#: ipaserver/plugins/vault.py:970 ipaserver/plugins/vault.py:1011 -#: ipaserver/plugins/vault.py:1067 ipaserver/plugins/vault.py:1146 -msgid "KRA service is not enabled" +#: ipaserver/plugins/baseuser.py:489 +msgid "SMB Home Directory Drive" msgstr "" -#: ipaserver/plugins/vault.py:422 -msgid "Deleted vault container" +#: ipaserver/plugins/baseuser.py:498 ipaserver/plugins/baseuser.py:499 +msgid "Passkey mapping" msgstr "" -#: ipaserver/plugins/vault.py:447 ipaserver/plugins/vault.py:472 -#: ipaserver/plugins/vault.py:1203 ipaserver/plugins/vault.py:1228 +#: ipaserver/plugins/baseuser.py:519 ipaserver/plugins/baseuser.py:523 #, python-format -msgid "owner %s" +msgid "invalid e-mail format: %(email)s" msgstr "" -#: ipaserver/plugins/vault.py:492 -msgid "" -"\n" -" Vault object.\n" -" " +#: ipaserver/plugins/baseuser.py:550 +#, python-format +msgid "manager %(manager)s not found" msgstr "" -#: ipaserver/plugins/vault.py:498 -msgid "vault" +#: ipaserver/plugins/baseuser.py:943 +msgid "Issuer of the certificate" msgstr "" -#: ipaserver/plugins/vault.py:499 -msgid "vaults" +#: ipaserver/plugins/baseuser.py:950 +msgid "Subject of the certificate" msgstr "" -#: ipaserver/plugins/vault.py:522 -msgid "Vaults" +#: ipaserver/plugins/baseuser.py:995 +msgid "cannot have an empty subject" msgstr "" -#: ipaserver/plugins/vault.py:523 -msgid "Vault" +#: ipaserver/plugins/baseuser.py:1035 +msgid "cannot specify both subject/issuer and certificate" msgstr "" -#: ipaserver/plugins/vault.py:680 -msgid "Service, shared, and user options cannot be specified simultaneously" +#: ipaserver/plugins/baseuser.py:1039 +msgid "cannot specify both subject/issuer and ipacertmapdata" msgstr "" -#: ipaserver/plugins/vault.py:784 -msgid "Add a vault." +#: ipaserver/plugins/baseuser.py:1064 +#, python-format +msgid "Added certificate mappings to user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/vault.py:790 +#: ipaserver/plugins/baseuser.py:1083 #, python-format -msgid "Added vault \"%(value)s\"" +msgid "Removed certificate mappings from user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/vault.py:829 +#: ipaserver/plugins/baseuser.py:1092 #, python-format -msgid "Deleted vault \"%(value)s\"" +msgid "Added passkey mappings to user \"%(value)s\"" msgstr "" -#: ipaserver/plugins/vault.py:881 +#: ipaserver/plugins/baseuser.py:1110 #, python-format -msgid "%(count)d vault matched" -msgid_plural "%(count)d vaults matched" -msgstr[0] "" -msgstr[1] "" +msgid "Removed passkey mappings from user \"%(value)s\"" +msgstr "" -#: ipaserver/plugins/vault.py:899 -msgid "" -"Service(s), shared, and user(s) options cannot be specified simultaneously" +#: ipaserver/plugins/dogtag.py:650 +msgid "REST API is not logged in." msgstr "" -#: ipaserver/plugins/vault.py:939 +#: ipaserver/plugins/dogtag.py:672 #, python-format -msgid "Modified vault \"%(value)s\"" +msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s" msgstr "" -#: ipaserver/plugins/vault.py:981 -msgid "Vault configuration" +#: ipaserver/plugins/dogtag.py:698 +msgid "Unable to communicate with CMS" msgstr "" -#: ipaserver/plugins/vault.py:991 -msgid "IPA servers configured as key recovery agents" +#: ipaserver/plugins/dogtag.py:835 ipaserver/plugins/dogtag.py:922 +#: ipaserver/plugins/dogtag.py:1032 ipaserver/plugins/dogtag.py:1153 +#: ipaserver/plugins/dogtag.py:1251 ipaserver/plugins/dogtag.py:1643 +#: ipaserver/plugins/dogtag.py:1654 +msgid "Response from CA was not valid JSON" msgstr "" -#: ipaserver/plugins/vault.py:1052 ipaserver/plugins/vault.py:1131 -msgid "Key wrapping algorithm" +#: ipaserver/servroles.py:296 +#, python-format +msgid "all masters must have %(role)s role enabled" msgstr "" -#: ipaserver/plugins/vault.py:1061 +#: ipaserver/servroles.py:401 #, python-format -msgid "Archived data into vault \"%(value)s\"" +msgid "must have %(role)s role enabled" msgstr "" -#: ipaserver/plugins/vault.py:1120 -msgid "Retrieve data from a vault." +#: ipaserver/servroles.py:443 +msgid "must be enabled only on a single master" msgstr "" -#: ipaserver/plugins/vault.py:1140 +#: ipaserver/topology.py:14 #, python-format -msgid "Retrieved data from vault \"%(value)s\"" +msgid "" +"\n" +"Replication topology in suffix '%(suffix)s' is disconnected:\n" +"%(errors)s" msgstr "" -#: ipaserver/plugins/vault.py:1169 -msgid "No archived data." +#: ipaserver/topology.py:18 +#, python-format +msgid "" +"\n" +"Removal of '%(hostname)s' leads to disconnected topology in suffix " +"'%(suffix)s':\n" +"%(errors)s" msgstr "" -#: ipaserver/plugins/vault.py:1262 -msgid "Checks if any of the servers has the KRA service enabled" +#: ipaserver/topology.py:120 +#, python-format +msgid "Topology does not allow server %(server)s to replicate with servers:" msgstr "" #: ipaserver/dcerpc.py:87 @@ -28056,79 +28130,6 @@ msgid "" "instead" msgstr "" -#: ipaserver/dcerpc_common.py:20 -msgid "Trusting forest" -msgstr "" - -#: ipaserver/dcerpc_common.py:21 -msgid "Trusted forest" -msgstr "" - -#: ipaserver/dcerpc_common.py:26 -msgid "Established and verified" -msgstr "" - -#: ipaserver/dcerpc_common.py:27 -msgid "Waiting for confirmation by remote side" -msgstr "" - -#: ipaserver/dcerpc_common.py:30 -msgid "Unknown" -msgstr "" - -#: ipaserver/dcerpc_common.py:36 -msgid "Non-Active Directory domain" -msgstr "" - -#: ipaserver/dcerpc_common.py:38 -msgid "RFC4120-compliant Kerberos realm" -msgstr "" - -#: ipaserver/dcerpc_common.py:39 -msgid "" -"Non-transitive external trust to a domain in another Active Directory forest" -msgstr "" - -#: ipaserver/dcerpc_common.py:41 -msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm" -msgstr "" - -#: ipaserver/servroles.py:296 -#, python-format -msgid "all masters must have %(role)s role enabled" -msgstr "" - -#: ipaserver/servroles.py:401 -#, python-format -msgid "must have %(role)s role enabled" -msgstr "" - -#: ipaserver/servroles.py:443 -msgid "must be enabled only on a single master" -msgstr "" - -#: ipaserver/topology.py:14 -#, python-format -msgid "" -"\n" -"Replication topology in suffix '%(suffix)s' is disconnected:\n" -"%(errors)s" -msgstr "" - -#: ipaserver/topology.py:18 -#, python-format -msgid "" -"\n" -"Removal of '%(hostname)s' leads to disconnected topology in suffix " -"'%(suffix)s':\n" -"%(errors)s" -msgstr "" - -#: ipaserver/topology.py:120 -#, python-format -msgid "Topology does not allow server %(server)s to replicate with servers:" -msgstr "" - #: ipaserver/rpcserver.py:556 msgid "Request must be a dict" msgstr ""