diff --git a/po/LINGUAS b/po/LINGUAS index a14d8e925..7279945e8 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1 +1 @@ -bn_IN ca cs de en_GB es eu fi fr hi hu id ja ka kn mr nl pa pl pt pt_BR ru si sk tg tr uk zh_CN +bn_IN ca cs de en_GB es eu fi fr hi hu id ja ka kn ko mr nl pa pl pt pt_BR ru si sk tg tr uk zh_CN diff --git a/po/ko.po b/po/ko.po new file mode 100644 index 000000000..342ed84cb --- /dev/null +++ b/po/ko.po @@ -0,0 +1,27903 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR FreeIPA Contributors +# This file is distributed under the same license as the freeipa package. +# 김인수 , 2022. +msgid "" +msgstr "" +"Project-Id-Version: freeipa 4.10.0.dev202206291425+git9a97f9b40\n" +"Report-Msgid-Bugs-To: https://pagure.io/freeipa/new_issue\n" +"POT-Creation-Date: 2022-06-29 16:26+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: ko\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: client/config.c:56 +#, c-format +msgid "cannot open configuration file %s\n" +msgstr "" + +#: client/config.c:63 +#, c-format +msgid "cannot stat() configuration file %s\n" +msgstr "" + +#: client/config.c:69 +#, c-format +msgid "out of memory\n" +msgstr "" + +#: client/config.c:80 +#, c-format +msgid "read error\n" +msgstr "" + +#: client/ipa-rmkeytab.c:51 +#, c-format +msgid "Unable to parse principal name\n" +msgstr "" + +#: client/ipa-rmkeytab.c:53 +#, c-format +msgid "krb5_parse_name %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:63 +#, c-format +msgid "Removing principal %s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:76 +#, c-format +msgid "Failed to open keytab\n" +msgstr "" + +#: client/ipa-rmkeytab.c:80 +#, c-format +msgid "principal not found\n" +msgstr "" + +#: client/ipa-rmkeytab.c:82 +#, c-format +msgid "krb5_kt_get_entry %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:90 +#, c-format +msgid "Unable to remove entry\n" +msgstr "" + +#: client/ipa-rmkeytab.c:92 +#, c-format +msgid "kvno %d\n" +msgstr "" + +#: client/ipa-rmkeytab.c:93 +#, c-format +msgid "krb5_kt_remove_entry %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:124 client/ipa-rmkeytab.c:146 +#: client/ipa-rmkeytab.c:160 client/ipa-rmkeytab.c:263 +#, c-format +msgid "Failed to set cursor '%1$s'\n" +msgstr "" + +#: client/ipa-rmkeytab.c:133 +#, c-format +msgid "Unable to parse principal\n" +msgstr "" + +#: client/ipa-rmkeytab.c:135 +#, c-format +msgid "krb5_unparse_name %1$d: %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:169 +#, c-format +msgid "realm not found\n" +msgstr "" + +#: client/ipa-rmkeytab.c:195 client/ipa-getkeytab.c:942 +msgid "Print debugging information" +msgstr "" + +#: client/ipa-rmkeytab.c:195 +msgid "Debugging output" +msgstr "" + +#: client/ipa-rmkeytab.c:197 +msgid "" +"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)" +msgstr "" + +#: client/ipa-rmkeytab.c:198 client/ipa-getkeytab.c:948 +msgid "Kerberos Service Principal Name" +msgstr "" + +#: client/ipa-rmkeytab.c:200 +msgid "The keytab file to remove the principcal(s) from" +msgstr "" + +#: client/ipa-rmkeytab.c:200 client/ipa-getkeytab.c:952 +msgid "Keytab File Name" +msgstr "" + +#: client/ipa-rmkeytab.c:202 +msgid "Remove all principals in this realm" +msgstr "" + +#: client/ipa-rmkeytab.c:202 ipaclient/remote_plugins/2_114/trust.py:111 +msgid "Realm name" +msgstr "" + +#: client/ipa-rmkeytab.c:216 client/ipa-getkeytab.c:1001 +#, c-format +msgid "Kerberos context initialization failed\n" +msgstr "" + +#: client/ipa-rmkeytab.c:256 +#, c-format +msgid "Failed to open keytab '%1$s': %2$s\n" +msgstr "" + +#: client/ipa-rmkeytab.c:279 +#, c-format +msgid "Closing keytab failed\n" +msgstr "" + +#: client/ipa-rmkeytab.c:281 +#, c-format +msgid "krb5_kt_close %1$d: %2$s\n" +msgstr "" + +#: client/ipa-getkeytab.c:254 +#, c-format +msgid "Kerberos context initialization failed: %1$s (%2$d)\n" +msgstr "" + +#: client/ipa-getkeytab.c:265 +#, c-format +msgid "Unable to parse principal: %1$s (%2$d)\n" +msgstr "" + +#: client/ipa-getkeytab.c:320 +#, c-format +msgid "No keys accepted by KDC\n" +msgstr "" + +#: client/ipa-getkeytab.c:338 +#, c-format +msgid "Out of memory \n" +msgstr "" + +#: client/ipa-getkeytab.c:361 +#, c-format +msgid "Unable to initialize ldap library!\n" +msgstr "" + +#: client/ipa-getkeytab.c:377 +msgid "Simple bind failed\n" +msgstr "" + +#: client/ipa-getkeytab.c:391 client/ipa-join.c:260 +msgid "SASL Bind failed\n" +msgstr "" + +#: client/ipa-getkeytab.c:422 +#, c-format +msgid "Operation failed: %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:431 +#, c-format +msgid "Failed to get result: %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:435 +#, c-format +msgid "Timeout exceeded." +msgstr "" + +#: client/ipa-getkeytab.c:441 +#, c-format +msgid "Failed to parse extended result: %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:448 +#, c-format +msgid "Failed to parse result: %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:467 +#, c-format +msgid "Missing reply control list!\n" +msgstr "" + +#: client/ipa-getkeytab.c:477 +#, c-format +msgid "Missing reply control!\n" +msgstr "" + +#: client/ipa-getkeytab.c:519 +#, c-format +msgid "Out of Memory!\n" +msgstr "" + +#: client/ipa-getkeytab.c:526 client/ipa-getkeytab.c:688 +#, c-format +msgid "Failed to create control!\n" +msgstr "" + +#: client/ipa-getkeytab.c:532 client/ipa-getkeytab.c:696 +#, c-format +msgid "Failed to bind to server!\n" +msgstr "" + +#: client/ipa-getkeytab.c:539 +#, c-format +msgid "Failed to get keytab!\n" +msgstr "" + +#: client/ipa-getkeytab.c:548 +#, c-format +msgid "ber_init() failed, Invalid control ?!\n" +msgstr "" + +#: client/ipa-getkeytab.c:567 +#, c-format +msgid "ber_scanf() failed, unable to find kvno ?!\n" +msgstr "" + +#: client/ipa-getkeytab.c:579 +#, c-format +msgid "Failed to retrieve encryption type type #%d\n" +msgstr "" + +#: client/ipa-getkeytab.c:583 +#, c-format +msgid "Failed to retrieve encryption type %1$s (#%2$d)\n" +msgstr "" + +#: client/ipa-getkeytab.c:593 +#, c-format +msgid "Failed to retrieve any keys" +msgstr "" + +#: client/ipa-getkeytab.c:711 +msgid "Failed to decode control reply!\n" +msgstr "" + +#: client/ipa-getkeytab.c:773 +#, c-format +msgid "Passwords do not match!\n" +msgstr "" + +#: client/ipa-getkeytab.c:803 +#, c-format +msgid "Failed to open config file %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:813 +#, c-format +msgid "Failed to parse config file %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:896 +msgid "Failed to resolve symlink to keytab.\n" +msgstr "" + +#: client/ipa-getkeytab.c:907 +msgid "keytab is a dangling symlink and owned by another user.\n" +msgstr "" + +#: client/ipa-getkeytab.c:940 +msgid "Print as little as possible" +msgstr "" + +#: client/ipa-getkeytab.c:940 +msgid "Output only on errors" +msgstr "" + +#: client/ipa-getkeytab.c:942 +msgid "Output debug info" +msgstr "" + +#: client/ipa-getkeytab.c:944 +msgid "Contact this specific KDC Server" +msgstr "" + +#: client/ipa-getkeytab.c:945 +msgid "Server Name" +msgstr "" + +#: client/ipa-getkeytab.c:947 +msgid "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)" +msgstr "" + +#: client/ipa-getkeytab.c:950 +msgid "" +"The keytab file to append the new key to (will be created if it does not " +"exist)." +msgstr "" + +#: client/ipa-getkeytab.c:954 +msgid "Encryption types to request" +msgstr "" + +#: client/ipa-getkeytab.c:955 +msgid "Comma separated encryption types list" +msgstr "" + +#: client/ipa-getkeytab.c:957 +msgid "Show the list of permitted encryption types and exit" +msgstr "" + +#: client/ipa-getkeytab.c:958 +msgid "Permitted Encryption Types" +msgstr "" + +#: client/ipa-getkeytab.c:960 +msgid "Asks for a non-random password to use for the principal" +msgstr "" + +#: client/ipa-getkeytab.c:962 +msgid "LDAP DN" +msgstr "" + +#: client/ipa-getkeytab.c:962 +msgid "DN to bind as if not using kerberos" +msgstr "" + +#: client/ipa-getkeytab.c:964 +msgid "LDAP password" +msgstr "" + +#: client/ipa-getkeytab.c:964 +msgid "password to use if not using kerberos" +msgstr "" + +#: client/ipa-getkeytab.c:966 +msgid "Prompt for LDAP password" +msgstr "" + +#: client/ipa-getkeytab.c:968 +msgid "Path to the IPA CA certificate" +msgstr "" + +#: client/ipa-getkeytab.c:968 +msgid "IPA CA certificate" +msgstr "" + +#: client/ipa-getkeytab.c:970 +msgid "LDAP uri to connect to. Mutually exclusive with --server" +msgstr "" + +#: client/ipa-getkeytab.c:971 +msgid "url" +msgstr "" + +#: client/ipa-getkeytab.c:973 +msgid "LDAP SASL bind mechanism if no bindd/bindpw" +msgstr "" + +#: client/ipa-getkeytab.c:974 +msgid "GSSAPI|EXTERNAL" +msgstr "" + +#: client/ipa-getkeytab.c:976 +msgid "Retrieve current keys without changing them" +msgstr "" + +#: client/ipa-getkeytab.c:1014 util/ipa_krb5.c:892 +#, c-format +msgid "No system preferred enctypes ?!\n" +msgstr "" + +#: client/ipa-getkeytab.c:1017 +#, c-format +msgid "Supported encryption types:\n" +msgstr "" + +#: client/ipa-getkeytab.c:1021 +#, c-format +msgid "Warning: failed to convert type (#%d)\n" +msgstr "" + +#: client/ipa-getkeytab.c:1039 +#, c-format +msgid "Bind password already provided (-w).\n" +msgstr "" + +#: client/ipa-getkeytab.c:1047 +msgid "Enter LDAP password" +msgstr "" + +#: client/ipa-getkeytab.c:1055 +#, c-format +msgid "Bind password required when using a bind DN (-w or -W).\n" +msgstr "" + +#: client/ipa-getkeytab.c:1062 +#, c-format +msgid "Cannot specify both SASL mechanism and bind DN simultaneously.\n" +msgstr "" + +#: client/ipa-getkeytab.c:1070 +#, c-format +msgid "Invalid SASL bind mechanism\n" +msgstr "" + +#: client/ipa-getkeytab.c:1081 +#, c-format +msgid "Cannot specify server and LDAP uri simultaneously.\n" +msgstr "" + +#: client/ipa-getkeytab.c:1094 +#, c-format +msgid "DNS discovery for domain %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:1099 +#, c-format +msgid "Discovered server %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:1105 +#, c-format +msgid "Using discovered server %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:1114 +#, c-format +msgid "DNS Discovery failed\n" +msgstr "" + +#: client/ipa-getkeytab.c:1133 +#, c-format +msgid "Using server from config %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:1136 +#, c-format +msgid "Server name not provided and unavailable\n" +msgstr "" + +#: client/ipa-getkeytab.c:1141 +#, c-format +msgid "Using provided server %s\n" +msgstr "" + +#: client/ipa-getkeytab.c:1156 +#, c-format +msgid "Incompatible options provided (-r and -P)\n" +msgstr "" + +#: client/ipa-getkeytab.c:1161 +msgid "New Principal Password" +msgstr "" + +#: client/ipa-getkeytab.c:1162 +msgid "Verify Principal Password" +msgstr "" + +#: client/ipa-getkeytab.c:1168 +#, c-format +msgid "" +"Warning: salt types are not honored with randomized passwords (see opt. -P)\n" +msgstr "" + +#: client/ipa-getkeytab.c:1175 +#, c-format +msgid "Invalid Service Principal Name\n" +msgstr "" + +#: client/ipa-getkeytab.c:1183 +#, c-format +msgid "Kerberos Credential Cache not found. Do you have a Kerberos Ticket?\n" +msgstr "" + +#: client/ipa-getkeytab.c:1191 +#, c-format +msgid "" +"Kerberos User Principal not found. Do you have a valid Credential Cache?\n" +msgstr "" + +#: client/ipa-getkeytab.c:1205 +#, c-format +msgid "Failed to open Keytab\n" +msgstr "" + +#: client/ipa-getkeytab.c:1223 +#, c-format +msgid "Retrying with pre-4.0 keytab retrieval method...\n" +msgstr "" + +#: client/ipa-getkeytab.c:1233 +#, c-format +msgid "Failed to create key material\n" +msgstr "" + +#: client/ipa-getkeytab.c:1243 +#, c-format +msgid "Failed to get keytab\n" +msgstr "" + +#: client/ipa-getkeytab.c:1257 +#, c-format +msgid "Failed to add key to the keytab\n" +msgstr "" + +#: client/ipa-getkeytab.c:1266 +#, c-format +msgid "Failed to close the keytab\n" +msgstr "" + +#: client/ipa-getkeytab.c:1272 +#, c-format +msgid "Keytab successfully retrieved and stored in: %s\n" +msgstr "" + +#: client/ipa-join.c:65 client/ipa-join.c:420 client/ipa-join.c:440 +#: client/ipa-join.c:538 client/ipa-join.c:1065 util/ipa_krb5.c:1024 +#: util/ipa_krb5.c:1058 +#, c-format +msgid "Out of memory!\n" +msgstr "" + +#: client/ipa-join.c:80 client/ipa-join.c:812 +#, c-format +msgid "No permission to join this host to the IPA domain.\n" +msgstr "" + +#: client/ipa-join.c:110 client/ipa-join.c:122 +#, c-format +msgid "No write permissions on keytab file '%s'\n" +msgstr "" + +#: client/ipa-join.c:127 +#, c-format +msgid "access() on %1$s failed: errno = %2$d\n" +msgstr "" + +#: client/ipa-join.c:151 client/ipa-join.c:180 client/ipa-join.c:231 +#, c-format +msgid "Out of memory!" +msgstr "" + +#: client/ipa-join.c:242 +#, c-format +msgid "Unable to enable SSL in LDAP\n" +msgstr "" + +#: client/ipa-join.c:334 +#, c-format +msgid "Search for %1$s on rootdse failed with error %2$d\n" +msgstr "" + +#: client/ipa-join.c:354 +#, c-format +msgid "No values for %s" +msgstr "" + +#: client/ipa-join.c:364 +#, c-format +msgid "Search for IPA namingContext failed with error %d\n" +msgstr "" + +#: client/ipa-join.c:370 +#, c-format +msgid "IPA namingContext not found\n" +msgstr "" + +#: client/ipa-join.c:426 +#, c-format +msgid "Unable to determine root DN of %s\n" +msgstr "" + +#: client/ipa-join.c:474 +#, c-format +msgid "Enrollment failed. %s\n" +msgstr "" + +#: client/ipa-join.c:592 +#, c-format +msgid "principal not found in XML-RPC response\n" +msgstr "" + +#: client/ipa-join.c:606 client/ipa-join.c:945 +#, c-format +msgid "Host is already joined.\n" +msgstr "" + +#: client/ipa-join.c:632 +#, c-format +msgid "curl_slist_append() failed for value: '%s'\n" +msgstr "" + +#: client/ipa-join.c:640 +#, c-format +msgid "curl_easy_setopt() failed\n" +msgstr "" + +#: client/ipa-join.c:652 +#, c-format +msgid "Expanding buffer in jsonrpc_handle_response failed" +msgstr "" + +#: client/ipa-join.c:680 +#, c-format +msgid "curl_global_init() failed\n" +msgstr "" + +#: client/ipa-join.c:687 +#, c-format +msgid "curl_easy_init() failed\n" +msgstr "" + +#: client/ipa-join.c:736 +#, c-format +msgid "json_dumps() failed\n" +msgstr "" + +#: client/ipa-join.c:743 +#, c-format +msgid "" +"JSON-RPC request:\n" +"%s\n" +msgstr "" + +#: client/ipa-join.c:749 +#, c-format +msgid "JSON-RPC call failed: %s\n" +msgstr "" + +#: client/ipa-join.c:760 +#, c-format +msgid "JSON-RPC call was unauthorized. Check your credentials.\n" +msgstr "" + +#: client/ipa-join.c:762 +#, c-format +msgid "JSON-RPC call failed with status code: %li\n" +msgstr "" + +#: client/ipa-join.c:769 +#, c-format +msgid "" +"JSON-RPC response:\n" +"%s\n" +msgstr "" + +#: client/ipa-join.c:804 +#, c-format +msgid "Extracting the error from the JSON-RPC response failed: %s\n" +msgstr "" + +#: client/ipa-join.c:837 +#, c-format +msgid "Parsing JSON-RPC response failed: %s\n" +msgstr "" + +#: client/ipa-join.c:852 +#, c-format +msgid "Parsing JSON-RPC response failed: no 'result' value found.\n" +msgstr "" + +#: client/ipa-join.c:884 client/ipa-join.c:973 +#, c-format +msgid "Extracting the data from the JSON-RPC response failed: %s\n" +msgstr "" + +#: client/ipa-join.c:927 client/ipa-join.c:1003 +#, c-format +msgid "json_pack_ex() failed: %s\n" +msgstr "" + +#: client/ipa-join.c:1019 client/ipa-join.c:1096 +#, c-format +msgid "Unenrollment successful.\n" +msgstr "" + +#: client/ipa-join.c:1021 client/ipa-join.c:1098 +#, c-format +msgid "Unenrollment failed.\n" +msgstr "" + +#: client/ipa-join.c:1103 +#, c-format +msgid "result not found in XML-RPC response\n" +msgstr "" + +#: client/ipa-join.c:1145 client/ipa-join.c:1287 +#, c-format +msgid "Unable to determine IPA server from %s\n" +msgstr "" + +#: client/ipa-join.c:1157 client/ipa-join.c:1296 +#, c-format +msgid "Unable to join host: Kerberos context initialization failed\n" +msgstr "" + +#: client/ipa-join.c:1164 +#, c-format +msgid "Unable to join host: Kerberos Credential Cache not found\n" +msgstr "" + +#: client/ipa-join.c:1172 +#, c-format +msgid "" +"Unable to join host: Kerberos User Principal not found and host password not " +"provided.\n" +msgstr "" + +#: client/ipa-join.c:1191 +#, c-format +msgid "fork() failed\n" +msgstr "" + +#: client/ipa-join.c:1223 +#, c-format +msgid "ipa-getkeytab not found\n" +msgstr "" + +#: client/ipa-join.c:1226 +#, c-format +msgid "ipa-getkeytab has bad permissions?\n" +msgstr "" + +#: client/ipa-join.c:1229 +#, c-format +msgid "executing ipa-getkeytab failed, errno %d\n" +msgstr "" + +#: client/ipa-join.c:1241 +#, c-format +msgid "child exited with %d\n" +msgstr "" + +#: client/ipa-join.c:1304 +#, c-format +msgid "Error resolving keytab: %s.\n" +msgstr "" + +#: client/ipa-join.c:1312 +#, c-format +msgid "Error getting default Kerberos realm: %s.\n" +msgstr "" + +#: client/ipa-join.c:1322 +#, c-format +msgid "Error parsing \"%1$s\": %2$s.\n" +msgstr "" + +#: client/ipa-join.c:1340 +#, c-format +msgid "Error obtaining initial credentials: %s.\n" +msgstr "" + +#: client/ipa-join.c:1351 client/ipa-join.c:1358 +#, c-format +msgid "Unable to generate Kerberos Credential Cache\n" +msgstr "" + +#: client/ipa-join.c:1366 +#, c-format +msgid "Error storing creds in credential cache: %s.\n" +msgstr "" + +#: client/ipa-join.c:1422 +msgid "Print the raw XML-RPC output in GSSAPI mode" +msgstr "" + +#: client/ipa-join.c:1424 +msgid "Quiet mode. Only errors are displayed." +msgstr "" + +#: client/ipa-join.c:1426 +msgid "Unenroll this host from IPA server" +msgstr "" + +#: client/ipa-join.c:1428 +msgid "Hostname of this server" +msgstr "" + +#: client/ipa-join.c:1428 client/ipa-join.c:1430 +msgid "hostname" +msgstr "" + +#: client/ipa-join.c:1430 +msgid "IPA Server to use" +msgstr "" + +#: client/ipa-join.c:1432 +msgid "Specifies where to store keytab information." +msgstr "" + +#: client/ipa-join.c:1432 +msgid "filename" +msgstr "" + +#: client/ipa-join.c:1434 +msgid "Force the host join. Rejoin even if already joined." +msgstr "" + +#: client/ipa-join.c:1436 +msgid "LDAP password (if not using Kerberos)" +msgstr "" + +#: client/ipa-join.c:1436 +msgid "password" +msgstr "" + +#: client/ipa-join.c:1438 +msgid "LDAP basedn" +msgstr "" + +#: client/ipa-join.c:1438 +msgid "basedn" +msgstr "" + +#: client/ipa-join.c:1471 +#, c-format +msgid "Cannot get host's FQDN!\n" +msgstr "" + +#: client/ipa-join.c:1476 +#, c-format +msgid "The hostname must be fully-qualified: %s\n" +msgstr "" + +#: client/ipa-join.c:1480 +#, c-format +msgid "The hostname must not be: %s\n" +msgstr "" + +#: ipaclient/plugins/automember.py:33 ipaserver/plugins/automember.py:342 +msgid "Failed to add" +msgstr "" + +#: ipaclient/plugins/ca.py:19 ipaclient/plugins/cert.py:39 +msgid "Write certificate (chain if --chain used) to file" +msgstr "" + +#: ipaclient/plugins/cert.py:107 +msgid "Unrevoked" +msgstr "" + +#: ipaclient/plugins/cert.py:110 ipaserver/plugins/internal.py:294 +msgid "Error" +msgstr "" + +#: ipaclient/plugins/cert.py:120 +msgid "Input filename" +msgstr "" + +#: ipaclient/plugins/cert.py:121 +msgid "File to load the certificate from." +msgstr "" + +#: ipaclient/plugins/cert.py:130 ipaclient/plugins/certmap.py:41 +msgid "cannot specify both raw certificate and file" +msgstr "" + +#: ipaclient/plugins/certmap.py:19 +msgid "Input file" +msgstr "" + +#: ipaclient/plugins/certmap.py:20 +msgid "File to load the certificate from" +msgstr "" + +#: ipaclient/plugins/certprofile.py:25 +#, python-format +msgid "Profile configuration stored in file '%(file)s'" +msgstr "" + +#: ipaclient/plugins/dns.py:137 ipaserver/plugins/dns.py:3576 +msgid "Split DNS record to parts" +msgstr "" + +#: ipaclient/plugins/dns.py:237 +msgid "Please choose a type of DNS resource record to be added" +msgstr "" + +#: ipaclient/plugins/dns.py:238 +#, python-format +msgid "The most common types for this type of zone are: %s\n" +msgstr "" + +#: ipaclient/plugins/dns.py:243 +msgid "DNS resource record type" +msgstr "" + +#: ipaclient/plugins/dns.py:261 +#, python-format +msgid "Invalid or unsupported type. Allowed values are: %s" +msgstr "" + +#: ipaclient/plugins/dns.py:286 +msgid "No option to modify specific record provided." +msgstr "" + +#: ipaclient/plugins/dns.py:289 ipaclient/plugins/dns.py:355 +msgid "Current DNS record contents:\n" +msgstr "" + +#: ipaclient/plugins/dns.py:312 +#, python-format +msgid "Modify %(name)s '%(value)s'?" +msgstr "" + +#: ipaclient/plugins/dns.py:321 +#, python-format +msgid "" +"%(count)d %(type)s record skipped. Only one value per DNS record type can be " +"modified at one time." +msgid_plural "" +"%(count)d %(type)s records skipped. Only one value per DNS record type can " +"be modified at one time." +msgstr[0] "" +msgstr[1] "" + +#: ipaclient/plugins/dns.py:329 ipaserver/plugins/dns.py:3876 +msgid "" +"Neither --del-all nor options to delete a specific record provided.\n" +"Command help may be consulted for all supported record types." +msgstr "" + +#: ipaclient/plugins/dns.py:347 +msgid "No option to delete specific record provided." +msgstr "" + +#: ipaclient/plugins/dns.py:348 +msgid "Delete all?" +msgstr "" + +#: ipaclient/plugins/dns.py:376 +#, python-format +msgid "Delete %(name)s '%(value)s'?" +msgstr "" + +#: ipaclient/plugins/dns.py:392 ipaclient/plugins/dns.py:409 +#: ipaclient/plugins/dns.py:421 +msgid "Server will check DNS forwarder(s)." +msgstr "" + +#: ipaclient/plugins/dns.py:394 ipaclient/plugins/dns.py:411 +#: ipaclient/plugins/dns.py:423 +msgid "This may take some time, please wait ..." +msgstr "" + +#: ipaclient/plugins/dns.py:403 +msgid "DNS forwarder" +msgstr "" + +#: ipaclient/plugins/dns.py:434 +msgid "file to store DNS records in nsupdate format" +msgstr "" + +#: ipaclient/plugins/host.py:41 ipaclient/plugins/service.py:43 +#: ipaclient/plugins/user.py:74 +#, python-format +msgid "Certificate(s) stored in file '%(file)s'" +msgstr "" + +#: ipaclient/plugins/location.py:23 +msgid "Servers details:" +msgstr "" + +#: ipaclient/plugins/migration.py:37 +msgid "" +"Migration mode is disabled.\n" +"Use 'ipa config-mod --enable-migration=TRUE' to enable it." +msgstr "" + +#: ipaclient/plugins/migration.py:41 +msgid "" +"Passwords have been migrated in pre-hashed format.\n" +"IPA is unable to generate Kerberos keys unless provided\n" +"with clear text passwords. All migrated users need to\n" +"login at https://your.domain/ipa/migration/ before they\n" +"can use their Kerberos accounts." +msgstr "" + +#: ipaclient/plugins/server.py:20 +#, python-format +msgid "Removing %(servers)s from replication topology, please wait..." +msgstr "" + +#: ipaclient/plugins/topology.py:25 +#, python-format +msgid "Replication topology of suffix \"%(suffix)s\" is in order." +msgstr "" + +#: ipaclient/plugins/topology.py:30 +#, python-format +msgid "Replication topology of suffix \"%(suffix)s\" contains errors." +msgstr "" + +#: ipaclient/plugins/topology.py:33 +msgid "Topology is disconnected" +msgstr "" + +#: ipaclient/plugins/topology.py:35 +#, python-format +msgid "Server %(srv)s can't contact servers: %(replicas)s" +msgstr "" + +#: ipaclient/plugins/topology.py:40 +msgid "Recommended maximum number of agreements per replica exceeded" +msgstr "" + +#: ipaclient/plugins/topology.py:43 +msgid "Maximum number of agreements per replica" +msgstr "" + +#: ipaclient/plugins/topology.py:47 +#, python-format +msgid "Server \"%(srv)s\" has %(n)d agreements with servers:" +msgstr "" + +#: ipaclient/plugins/user.py:40 +msgid "Delete a user, keeping the entry available for future use" +msgstr "" + +#: ipaclient/plugins/user.py:45 +msgid "Delete a user" +msgstr "" + +#: ipaclient/plugins/user.py:54 +msgid "preserve and no-preserve cannot be both set" +msgstr "" + +#: ipaclient/plugins/automount.py:101 +msgid "maps not connected to /etc/auto.master:" +msgstr "" + +#: ipaclient/plugins/automount.py:120 +msgid "Import automount files for a specific location." +msgstr "" + +#: ipaclient/plugins/automount.py:124 +msgid "Master file" +msgstr "" + +#: ipaclient/plugins/automount.py:125 +msgid "Automount master file." +msgstr "" + +#: ipaclient/plugins/automount.py:132 +msgid "" +"Continuous operation mode. Errors are reported but the process continues." +msgstr "" + +#: ipaclient/plugins/automount.py:150 +#, python-format +msgid "File %(file)s not found" +msgstr "" + +#: ipaclient/plugins/automount.py:200 +#, python-format +msgid "key %(key)s already exists" +msgstr "" + +#: ipaclient/plugins/automount.py:215 +#, python-format +msgid "map %(map)s already exists" +msgstr "" + +#: ipaclient/plugins/automount.py:264 +msgid "Imported maps:" +msgstr "" + +#: ipaclient/plugins/automount.py:267 +#, python-format +msgid "Added %(map)s" +msgstr "" + +#: ipaclient/plugins/automount.py:271 +msgid "Imported keys:" +msgstr "" + +#: ipaclient/plugins/automount.py:274 +#, python-format +msgid "Added %(src)s to %(dst)s" +msgstr "" + +#: ipaclient/plugins/automount.py:281 +msgid "Ignored keys:" +msgstr "" + +#: ipaclient/plugins/automount.py:284 +#, python-format +msgid "Ignored %(src)s to %(dst)s" +msgstr "" + +#: ipaclient/plugins/automount.py:292 +msgid "Duplicate maps skipped:" +msgstr "" + +#: ipaclient/plugins/automount.py:295 +#, python-format +msgid "Skipped %(map)s" +msgstr "" + +#: ipaclient/plugins/automount.py:301 +msgid "Duplicate keys skipped:" +msgstr "" + +#: ipaclient/plugins/automount.py:304 +#, python-format +msgid "Skipped %(key)s" +msgstr "" + +#: ipaclient/plugins/otptoken.py:66 +msgid "" +"Unable to display QR code using the configured output encoding. Please use " +"the token URI to configure your OTP device" +msgstr "" + +#: ipaclient/plugins/otptoken.py:82 +msgid "" +"QR code width is greater than that of the output tty. Please resize your " +"terminal." +msgstr "" + +#: ipaclient/plugins/otptoken.py:136 +msgid "Synchronize an OTP token." +msgstr "" + +#: ipaclient/plugins/otptoken.py:141 +msgid "User ID" +msgstr "" + +#: ipaclient/plugins/otptoken.py:142 ipaclient/remote_plugins/2_114/host.py:187 +#: ipaserver/plugins/baseuser.py:289 ipaserver/plugins/internal.py:190 +#: ipaserver/plugins/internal.py:409 ipaserver/plugins/internal.py:1725 +#: ipaserver/plugins/migration.py:534 +msgid "Password" +msgstr "" + +#: ipaclient/plugins/otptoken.py:143 +msgid "First Code" +msgstr "" + +#: ipaclient/plugins/otptoken.py:144 +msgid "Second Code" +msgstr "" + +#: ipaclient/plugins/otptoken.py:148 ipaserver/plugins/internal.py:1735 +msgid "Token ID" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:35 +msgid "python-yubico is not installed." +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:40 +msgid "" +"\n" +"YubiKey Tokens\n" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:42 +msgid "" +"\n" +"Manage YubiKey tokens.\n" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:44 +msgid "" +"\n" +"This code is an extension to the otptoken plugin and provides support for\n" +"reading/writing YubiKey tokens directly.\n" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:47 ipaserver/plugins/dnsserver.py:39 +#: ipaserver/plugins/location.py:37 ipaserver/plugins/otptoken.py:49 +#: ipaserver/plugins/radiusproxy.py:43 ipaserver/plugins/serverrole.py:19 +#: ipaserver/plugins/server.py:40 ipaserver/plugins/automember.py:63 +#: ipaserver/plugins/permission.py:97 ipaserver/plugins/schema.py:28 +#: ipaserver/plugins/vault.py:88 ipaserver/plugins/certmap.py:60 +#: ipaserver/plugins/host.py:104 ipaserver/plugins/idp.py:31 +#: ipaserver/plugins/ca.py:36 ipaserver/plugins/cert.py:99 +#: ipaserver/plugins/sudorule.py:76 +msgid "" +"\n" +"EXAMPLES:\n" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:49 +msgid "" +"\n" +" Add a new token:\n" +" ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:72 +msgid "Add a new YubiKey OTP token." +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:77 +msgid "YubiKey slot" +msgstr "" + +#: ipaclient/plugins/otptoken_yubikey.py:146 +msgid "No free YubiKey slot!" +msgstr "" + +#: ipaclient/plugins/vault.py:68 ipaclient/plugins/vault.py:874 +#, python-format +msgid "Cannot read file '%(filename)s': %(exc)s" +msgstr "" + +#: ipaclient/plugins/vault.py:75 +#, python-format +msgid "Cannot decode file '%(filename)s': %(exc)s" +msgstr "" + +#: ipaclient/plugins/vault.py:145 ipaclient/plugins/vault.py:164 +#: ipaserver/plugins/passwd.py:149 +msgid "Invalid credentials" +msgstr "" + +#: ipaclient/plugins/vault.py:182 +msgid "Create a new vault." +msgstr "" + +#: ipaclient/plugins/vault.py:188 ipaclient/plugins/vault.py:769 +#: ipaclient/plugins/vault.py:1011 +msgid "Vault password" +msgstr "" + +#: ipaclient/plugins/vault.py:193 ipaclient/plugins/vault.py:774 +#: ipaclient/plugins/vault.py:1016 +msgid "File containing the vault password" +msgstr "" + +#: ipaclient/plugins/vault.py:198 +msgid "File containing the vault public key" +msgstr "" + +#: ipaclient/plugins/vault.py:258 +msgid "Password can be specified only for symmetric vault" +msgstr "" + +#: ipaclient/plugins/vault.py:264 +msgid "Public key can be specified only for asymmetric vault" +msgstr "" + +#: ipaclient/plugins/vault.py:284 ipaclient/plugins/vault.py:907 +#: ipaclient/plugins/vault.py:1153 +msgid "Password specified multiple times" +msgstr "" + +#: ipaclient/plugins/vault.py:307 +msgid "Public key specified multiple times" +msgstr "" + +#: ipaclient/plugins/vault.py:323 +msgid "Missing vault public key" +msgstr "" + +#: ipaclient/plugins/vault.py:335 +#, python-format +msgid "Invalid or unsupported vault public key: %s" +msgstr "" + +#: ipaclient/plugins/vault.py:369 ipaserver/plugins/vault.py:933 +msgid "Modify a vault." +msgstr "" + +#: ipaclient/plugins/vault.py:374 ipaserver/plugins/internal.py:1742 +msgid "Change password" +msgstr "" + +#: ipaclient/plugins/vault.py:379 +msgid "Old vault password" +msgstr "" + +#: ipaclient/plugins/vault.py:384 +msgid "File containing the old vault password" +msgstr "" + +#: ipaclient/plugins/vault.py:389 +msgid "New vault password" +msgstr "" + +#: ipaclient/plugins/vault.py:394 +msgid "File containing the new vault password" +msgstr "" + +#: ipaclient/plugins/vault.py:399 +msgid "Old vault private key" +msgstr "" + +#: ipaclient/plugins/vault.py:404 +msgid "File containing the old vault private key" +msgstr "" + +#: ipaclient/plugins/vault.py:409 +msgid "File containing the new vault public key" +msgstr "" + +#: ipaclient/plugins/vault.py:515 +msgid "New public key specified multiple times" +msgstr "" + +#: ipaclient/plugins/vault.py:528 +msgid "Missing new vault public key" +msgstr "" + +#: ipaclient/plugins/vault.py:660 ipaserver/plugins/vault.py:659 +#, python-brace-format +msgid "{algo} is not a supported vault wrapping algorithm" +msgstr "" + +#: ipaclient/plugins/vault.py:755 ipaserver/plugins/vault.py:1033 +msgid "Archive data into a vault." +msgstr "" + +#: ipaclient/plugins/vault.py:760 +msgid "Binary data to archive" +msgstr "" + +#: ipaclient/plugins/vault.py:764 +msgid "File containing data to archive" +msgstr "" + +#: ipaclient/plugins/vault.py:778 +msgid "Override existing password" +msgstr "" + +#: ipaclient/plugins/vault.py:860 +msgid "Input data specified multiple times" +msgstr "" + +#: ipaclient/plugins/vault.py:865 ipaclient/plugins/vault.py:878 +#, python-format +msgid "" +"Size of data exceeds the limit. Current vault data size limit is %(limit)d B" +msgstr "" + +#: ipaclient/plugins/vault.py:961 ipaclient/plugins/vault.py:1203 +msgid "Invalid vault type" +msgstr "" + +#: ipaclient/plugins/vault.py:1001 +msgid "Retrieve a data from a vault." +msgstr "" + +#: ipaclient/plugins/vault.py:1006 +msgid "File to store retrieved data" +msgstr "" + +#: ipaclient/plugins/vault.py:1021 +msgid "Vault private key" +msgstr "" + +#: ipaclient/plugins/vault.py:1026 +msgid "File containing the vault private key" +msgstr "" + +#: ipaclient/plugins/vault.py:1033 ipaserver/plugins/internal.py:758 +msgid "Data" +msgstr "" + +#: ipaclient/plugins/vault.py:1179 +msgid "Private key specified multiple times" +msgstr "" + +#: ipaclient/plugins/vault.py:1192 +msgid "Missing vault private key" +msgstr "" + +#: ipaclient/plugins/sudorule.py:30 +#, python-format +msgid "Enabled Sudo Rule \"%s\"" +msgstr "" + +#: ipaclient/plugins/sudorule.py:36 +#, python-format +msgid "Disabled Sudo Rule \"%s\"" +msgstr "" + +#: ipaclient/plugins/sudorule.py:44 +#, python-format +msgid "Added option \"%(option)s\" to Sudo Rule \"%(rule)s\"" +msgstr "" + +#: ipaclient/plugins/sudorule.py:57 +#, python-format +msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\"" +msgstr "" + +msgid "" +"\n" +"Directory Server Access Control Instructions (ACIs)\n" +"\n" +"ACIs are used to allow or deny access to information. This module is\n" +"currently designed to allow, not deny, access.\n" +"\n" +"The aci commands are designed to grant permissions that allow updating\n" +"existing entries or adding or deleting new ones. The goal of the ACIs\n" +"that ship with IPA is to provide a set of low-level permissions that\n" +"grant access to special groups called taskgroups. These low-level\n" +"permissions can be combined into roles that grant broader access. These\n" +"roles are another type of group, roles.\n" +"\n" +"For example, if you have taskgroups that allow adding and modifying users " +"you\n" +"could create a role, useradmin. You would assign users to the useradmin\n" +"role to allow them to do the operations defined by the taskgroups.\n" +"\n" +"You can create ACIs that delegate permission so users in group A can write\n" +"attributes on group B.\n" +"\n" +"The type option is a map that applies to all entries in the users, groups " +"or\n" +"host location. It is primarily designed to be used when granting add\n" +"permissions (to write new entries).\n" +"\n" +"An ACI consists of three parts:\n" +"1. target\n" +"2. permissions\n" +"3. bind rules\n" +"\n" +"The target is a set of rules that define which LDAP objects are being\n" +"targeted. This can include a list of attributes, an area of that LDAP\n" +"tree or an LDAP filter.\n" +"\n" +"The targets include:\n" +"- attrs: list of attributes affected\n" +"- type: an object type (user, group, host, service, etc)\n" +"- memberof: members of a group\n" +"- targetgroup: grant access to modify a specific group. This is primarily\n" +" designed to enable users to add or remove members of a specific group.\n" +"- filter: A legal LDAP filter used to narrow the scope of the target.\n" +"- subtree: Used to apply a rule across an entire set of objects. For " +"example,\n" +" to allow adding users you need to grant \"add\" permission to the subtree\n" +" ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n" +" is a fail-safe for objects that may not be covered by the type option.\n" +"\n" +"The permissions define what the ACI is allowed to do, and are one or\n" +"more of:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. add - add a new entry to the tree\n" +"4. delete - delete an existing entry\n" +"5. all - all permissions are granted\n" +"\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" +"\n" +"The bind rule defines who this ACI grants permissions to. The LDAP server\n" +"allows this to be any valid LDAP entry but we encourage the use of\n" +"taskgroups so that the rights can be easily shared through roles.\n" +"\n" +"For a more thorough description of access controls see\n" +"http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control." +"html\n" +"\n" +"EXAMPLES:\n" +"\n" +"NOTE: ACIs are now added via the permission plugin. These examples are to\n" +"demonstrate how the various options work but this is done via the " +"permission\n" +"command-line now (see last example).\n" +"\n" +" Add an ACI so that the group \"secretaries\" can update the address on any " +"user:\n" +" ipa group-add --desc=\"Office secretaries\" secretaries\n" +" ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries " +"--permissions=write --prefix=none \"Secretaries write addresses\"\n" +"\n" +" Show the new ACI:\n" +" ipa aci-show --prefix=none \"Secretaries write addresses\"\n" +"\n" +" Add an ACI that allows members of the \"addusers\" permission to add new " +"users:\n" +" ipa aci-add --type=user --permission=addusers --permissions=add --" +"prefix=none \"Add new users\"\n" +"\n" +" Add an ACI that allows members of the editors manage members of the admins " +"group:\n" +" ipa aci-add --permissions=write --attrs=member --targetgroup=admins --" +"group=editors --prefix=none \"Editors manage admins\"\n" +"\n" +" Add an ACI that allows members of the admins group to manage the street and " +"zip code of those in the editors group:\n" +" ipa aci-add --permissions=write --memberof=editors --group=admins --" +"attrs=street --attrs=postalcode --prefix=none \"admins edit the address of " +"editors\"\n" +"\n" +" Add an ACI that allows the admins group manage the street and zipcode of " +"those who work for the boss:\n" +" ipa aci-add --permissions=write --group=admins --attrs=street --" +"attrs=postalcode --filter=\"(manager=uid=boss,cn=users,cn=accounts," +"dc=example,dc=com)\" --prefix=none \"Edit the address of those who work for " +"the boss\"\n" +"\n" +" Add an entirely new kind of record to IPA that isn't covered by any of the " +"--type options, creating a permission:\n" +" ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange," +"cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n" +"\n" +"\n" +"The show command shows the raw 389-ds ACI.\n" +"\n" +"IMPORTANT: When modifying the target attributes of an existing ACI you\n" +"must include all existing attributes as well. When doing an aci-mod the\n" +"targetattr REPLACES the current attributes, it does not add to them.\n" +msgstr "" + +msgid "ACI name" +msgstr "" + +#: ipaserver/plugins/permission.py:231 +msgid "Permission" +msgstr "" + +msgid "Permission ACI grants access to" +msgstr "" + +#: ipaserver/plugins/delegation.py:97 ipaserver/plugins/aci.py:457 +msgid "User group" +msgstr "" + +#: ipaserver/plugins/delegation.py:98 ipaserver/plugins/aci.py:458 +msgid "User group ACI grants access to" +msgstr "" + +#: ipaserver/plugins/delegation.py:81 ipaserver/plugins/selfservice.py:84 +#: ipaserver/plugins/aci.py:463 ipaserver/plugins/baseldap.py:74 +#: ipaserver/plugins/permission.py:230 +msgid "Permissions" +msgstr "" + +msgid "Permissions to grant(read, write, add, delete, all)" +msgstr "" + +msgid "Attributes to which the permission applies" +msgstr "" + +#: ipaserver/plugins/delegation.py:86 ipaserver/plugins/selfservice.py:89 +#: ipaserver/plugins/aci.py:472 +msgid "Attributes" +msgstr "" + +#: ipaserver/plugins/otptoken.py:165 ipaserver/plugins/aci.py:477 +#: ipaserver/plugins/permission.py:346 ipaserver/plugins/schema.py:448 +#: ipaserver/plugins/vault.py:598 +msgid "Type" +msgstr "" + +msgid "type of IPA object (user, group, host, hostgroup, service, netgroup)" +msgstr "" + +msgid "Member of" +msgstr "" + +msgid "Member of a group" +msgstr "" + +#: ipaserver/plugins/internal.py:217 ipaserver/plugins/internal.py:1225 +#: ipaserver/plugins/internal.py:1754 +msgid "Filter" +msgstr "" + +msgid "Legal LDAP filter (e.g. ou=Engineering)" +msgstr "" + +#: ipaserver/plugins/permission.py:289 +msgid "Subtree" +msgstr "" + +msgid "Subtree to apply ACI to" +msgstr "" + +#: ipaserver/plugins/permission.py:340 +msgid "Target group" +msgstr "" + +msgid "Group to apply ACI to" +msgstr "" + +msgid "Target your own entry (self)" +msgstr "" + +msgid "Apply ACI to your own entry (self)" +msgstr "" + +msgid "Create new ACI." +msgstr "" + +msgid "ACI prefix" +msgstr "" + +msgid "" +"Prefix used to distinguish ACI types (permission, delegation, selfservice, " +"none)" +msgstr "" + +msgid "Test the ACI syntax but don't write anything" +msgstr "" + +msgid "" +"Retrieve and print all attributes from the server. Affects command output." +msgstr "" + +msgid "Print entries as stored on the server. Only affects output format." +msgstr "" + +msgid "User-friendly description of action performed" +msgstr "" + +msgid "The primary_key value of the entry, e.g. 'jdoe' for a user" +msgstr "" + +msgid "Delete ACI." +msgstr "" + +#: ipalib/output.py:218 ipaserver/plugins/dns.py:354 +msgid "True means the operation was successful" +msgstr "" + +msgid "" +"\n" +"Search for ACIs.\n" +"\n" +" Returns a list of ACIs\n" +"\n" +" EXAMPLES:\n" +"\n" +" To find all ACIs that apply directly to members of the group ipausers:\n" +" ipa aci-find --memberof=ipausers\n" +"\n" +" To find all ACIs that grant add access:\n" +" ipa aci-find --permissions=add\n" +"\n" +" Note that the find command only looks for the given text in the set of\n" +" ACIs, it does not evaluate the ACIs to see if something would apply.\n" +" For example, searching on memberof=ipausers will find all ACIs that\n" +" have ipausers as a memberof. There may be other ACIs that apply to\n" +" members of that group indirectly.\n" +" " +msgstr "" + +msgid "A string searched in all relevant object attributes" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1960 ipaserver/plugins/schema.py:121 +#: ipaserver/plugins/cert.py:1564 +msgid "Primary key only" +msgstr "" + +msgid "Results should contain primary key attribute only (\"name\")" +msgstr "" + +msgid "Number of entries returned" +msgstr "" + +msgid "True if not all results were returned" +msgstr "" + +msgid "Modify ACI." +msgstr "" + +msgid "Rename an ACI." +msgstr "" + +msgid "New ACI name" +msgstr "" + +msgid "Display a single ACI given an ACI name." +msgstr "" + +msgid "Location of the ACI" +msgstr "" + +msgid "" +"\n" +"Auto Membership Rule.\n" +"\n" +"Bring clarity to the membership of hosts and users by configuring inclusive\n" +"or exclusive regex patterns, you can automatically assign a new entries " +"into\n" +"a group or hostgroup based upon attribute information.\n" +"\n" +"A rule is directly associated with a group by name, so you cannot create\n" +"a rule without an accompanying group or hostgroup.\n" +"\n" +"A condition is a regular expression used by 389-ds to match a new incoming\n" +"entry with an automember rule. If it matches an inclusive rule then the\n" +"entry is added to the appropriate group or hostgroup.\n" +"\n" +"A default group or hostgroup could be specified for entries that do not\n" +"match any rule. In case of user entries this group will be a fallback group\n" +"because all users are by default members of group specified in IPA config.\n" +"\n" +"The automember-rebuild command can be used to retroactively run automember " +"rules\n" +"against existing entries, thus rebuilding their membership.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add the initial group or hostgroup:\n" +" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" +" ipa group-add --desc=\"Developers\" devel\n" +"\n" +" Add the initial rule:\n" +" ipa automember-add --type=hostgroup webservers\n" +" ipa automember-add --type=group devel\n" +"\n" +" Add a condition to the rule:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +" ipa automember-add-condition --key=manager --type=group --inclusive-" +"regex=^uid=mscott devel\n" +"\n" +" Add an exclusive condition to the rule to prevent auto assignment:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" +"regex=^web5\\.example\\.com webservers\n" +"\n" +" Add a host:\n" +" ipa host-add web1.example.com\n" +"\n" +" Add a user:\n" +" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" +"\n" +" Verify automembership:\n" +" ipa hostgroup-show webservers\n" +" Host-group: webservers\n" +" Description: Web Servers\n" +" Member hosts: web1.example.com\n" +"\n" +" ipa group-show devel\n" +" Group name: devel\n" +" Description: Developers\n" +" GID: 1004200000\n" +" Member users: tuser\n" +"\n" +" Remove a condition from the rule:\n" +" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +"\n" +" Modify the automember rule:\n" +" ipa automember-mod\n" +"\n" +" Set the default (fallback) target group:\n" +" ipa automember-default-group-set --default-group=webservers --" +"type=hostgroup\n" +" ipa automember-default-group-set --default-group=ipausers --type=group\n" +"\n" +" Remove the default (fallback) target group:\n" +" ipa automember-default-group-remove --type=hostgroup\n" +" ipa automember-default-group-remove --type=group\n" +"\n" +" Show the default (fallback) target group:\n" +" ipa automember-default-group-show --type=hostgroup\n" +" ipa automember-default-group-show --type=group\n" +"\n" +" Find all of the automember rules:\n" +" ipa automember-find\n" +"\n" +" Display a automember rule:\n" +" ipa automember-show --type=hostgroup webservers\n" +" ipa automember-show --type=group devel\n" +"\n" +" Delete an automember rule:\n" +" ipa automember-del --type=hostgroup webservers\n" +" ipa automember-del --type=group devel\n" +"\n" +" Rebuild membership for all users:\n" +" ipa automember-rebuild --type=group\n" +"\n" +" Rebuild membership for all hosts:\n" +" ipa automember-rebuild --type=hostgroup\n" +"\n" +" Rebuild membership for specified users:\n" +" ipa automember-rebuild --users=tuser1 --users=tuser2\n" +"\n" +" Rebuild membership for specified hosts:\n" +" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." +"com\n" +msgstr "" + +#: ipaserver/plugins/automount.py:364 ipaserver/plugins/group.py:342 +#: ipaserver/plugins/hbacsvc.py:108 ipaserver/plugins/hbacsvcgroup.py:120 +#: ipaserver/plugins/hostgroup.py:193 ipaserver/plugins/location.py:111 +#: ipaserver/plugins/netgroup.py:210 ipaserver/plugins/otptoken.py:174 +#: ipaserver/plugins/radiusproxy.py:117 ipaserver/plugins/role.py:153 +#: ipaserver/plugins/subid.py:143 ipaserver/plugins/sudocmd.py:128 +#: ipaserver/plugins/sudocmdgroup.py:130 ipaserver/plugins/automember.py:257 +#: ipaserver/plugins/privilege.py:159 ipaserver/plugins/vault.py:592 +#: ipaserver/plugins/caacl.py:175 ipaserver/plugins/certmap.py:279 +#: ipaserver/plugins/hbacrule.py:253 ipaserver/plugins/host.py:473 +#: ipaserver/plugins/selinuxusermap.py:265 ipaserver/plugins/idviews.py:142 +#: ipaserver/plugins/idviews.py:776 ipaserver/plugins/ca.py:91 +#: ipaserver/plugins/sudorule.py:247 +msgid "Description" +msgstr "" + +#: ipaserver/plugins/automember.py:258 +msgid "A description of this auto member rule" +msgstr "" + +#: ipaserver/plugins/automember.py:262 ipaserver/plugins/automember.py:585 +msgid "Default (fallback) Group" +msgstr "" + +#: ipaserver/plugins/automember.py:263 +msgid "Default group for entries to land" +msgstr "" + +msgid "Add an automember rule." +msgstr "" + +#: ipaserver/plugins/automember.py:249 ipaserver/plugins/automember.py:250 +msgid "Automember Rule" +msgstr "" + +#: ipaserver/plugins/baseldap.py:977 +msgid "" +"Set an attribute to a name/value pair. Format is attr=value.\n" +"For multi-valued attributes, the command replaces the values already present." +msgstr "" + +#: ipaserver/plugins/baseldap.py:983 +msgid "" +"Add an attribute/value pair. Format is attr=value. The attribute\n" +"must be part of the schema." +msgstr "" + +#: ipaserver/plugins/automember.py:184 +msgid "Grouping Type" +msgstr "" + +#: ipaserver/plugins/automember.py:185 +msgid "Grouping to which the rule applies" +msgstr "" + +msgid "Add conditions to an automember rule." +msgstr "" + +#: ipaserver/plugins/automember.py:160 ipaserver/plugins/automember.py:161 +msgid "Inclusive Regex" +msgstr "" + +#: ipaserver/plugins/automember.py:167 ipaserver/plugins/automember.py:168 +msgid "Exclusive Regex" +msgstr "" + +#: ipaserver/plugins/automember.py:176 +msgid "Attribute Key" +msgstr "" + +#: ipaserver/plugins/automember.py:177 +msgid "" +"Attribute to filter via regex. For example fqdn for a host, or manager for a " +"user" +msgstr "" + +#: ipaserver/plugins/automember.py:357 +msgid "Conditions that could not be added" +msgstr "" + +#: ipaserver/plugins/automember.py:361 +msgid "Number of conditions added" +msgstr "" + +msgid "Remove default (fallback) group for all unmatched entries." +msgstr "" + +msgid "Set default (fallback) group for all unmatched entries." +msgstr "" + +#: ipaserver/plugins/automember.py:586 +msgid "Default (fallback) group for entries to land" +msgstr "" + +msgid "Display information about the default (fallback) automember groups." +msgstr "" + +msgid "Delete an automember rule." +msgstr "" + +#: ipalib/output.py:204 +msgid "List of deletions that failed" +msgstr "" + +msgid "Search for automember rules." +msgstr "" + +msgid "Modify an automember rule." +msgstr "" + +#: ipaserver/plugins/baseldap.py:989 +msgid "" +"Delete an attribute/value pair. The option will be evaluated\n" +"last, after all sets and adds." +msgstr "" + +#: ipaserver/plugins/baseldap.py:1402 ipaserver/plugins/baseldap.py:1477 +msgid "Rights" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1403 ipaserver/plugins/baseldap.py:1478 +msgid "" +"Display the access rights of this entry (requires --all). See ipa man page " +"for details." +msgstr "" + +#: ipaserver/plugins/automember.py:683 +msgid "Rebuild auto membership." +msgstr "" + +#: ipaserver/plugins/automember.py:693 +msgid "Rebuild membership for all members of a grouping" +msgstr "" + +#: ipaserver/plugins/automember.py:697 ipaserver/plugins/baseuser.py:208 +#: ipaserver/plugins/caacl.py:220 ipaserver/plugins/hbacrule.py:260 +#: ipaserver/plugins/internal.py:1200 ipaserver/plugins/selinuxusermap.py:272 +#: ipaserver/plugins/sudorule.py:291 ipaserver/plugins/user.py:162 +msgid "Users" +msgstr "" + +#: ipaserver/plugins/automember.py:698 +msgid "Rebuild membership for specified users" +msgstr "" + +#: ipaserver/plugins/automember.py:702 ipaserver/plugins/caacl.py:228 +#: ipaserver/plugins/hbacrule.py:268 ipaserver/plugins/host.py:461 +#: ipaserver/plugins/internal.py:1174 ipaserver/plugins/selinuxusermap.py:280 +#: ipaserver/plugins/sudorule.py:304 +msgid "Hosts" +msgstr "" + +#: ipaserver/plugins/automember.py:703 +msgid "Rebuild membership for specified hosts" +msgstr "" + +#: ipaserver/plugins/automember.py:708 +msgid "No wait" +msgstr "" + +#: ipaserver/plugins/automember.py:709 +msgid "Don't wait for rebuilding membership" +msgstr "" + +msgid "Remove conditions from an automember rule." +msgstr "" + +#: ipaserver/plugins/automember.py:441 +msgid "Conditions that could not be removed" +msgstr "" + +#: ipaserver/plugins/automember.py:445 +msgid "Number of conditions removed" +msgstr "" + +msgid "Display information about an automember rule." +msgstr "" + +#: ipaserver/plugins/automount.py:41 +msgid "" +"\n" +"Automount\n" +"\n" +"Stores automount(8) configuration for autofs(8) in IPA.\n" +"\n" +"The base of an automount configuration is the configuration file auto." +"master.\n" +"This is also the base location in IPA. Multiple auto.master configurations\n" +"can be stored in separate locations. A location is implementation-specific\n" +"with the default being a location named 'default'. For example, you can " +"have\n" +"locations by geographic region, by floor, by type, etc.\n" +"\n" +"Automount has three basic object types: locations, maps and keys.\n" +"\n" +"A location defines a set of maps anchored in auto.master. This allows you\n" +"to store multiple automount configurations. A location in itself isn't\n" +"very interesting, it is just a point to start a new automount map.\n" +"\n" +"A map is roughly equivalent to a discrete automount file and provides\n" +"storage for keys.\n" +"\n" +"A key is a mount point associated with a map.\n" +"\n" +"When a new location is created, two maps are automatically created for\n" +"it: auto.master and auto.direct. auto.master is the root map for all\n" +"automount maps for the location. auto.direct is the default map for\n" +"direct mounts and is mounted on /-.\n" +"\n" +"An automount map may contain a submount key. This key defines a mount\n" +"location within the map that references another map. This can be done\n" +"either using automountmap-add-indirect --parentmap or manually\n" +"with automountkey-add and setting info to \"-type=autofs :\".\n" +"\n" +"EXAMPLES:\n" +"\n" +"Locations:\n" +"\n" +" Create a named location, \"Baltimore\":\n" +" ipa automountlocation-add baltimore\n" +"\n" +" Display the new location:\n" +" ipa automountlocation-show baltimore\n" +"\n" +" Find available locations:\n" +" ipa automountlocation-find\n" +"\n" +" Remove a named automount location:\n" +" ipa automountlocation-del baltimore\n" +"\n" +" Show what the automount maps would look like if they were in the " +"filesystem:\n" +" ipa automountlocation-tofiles baltimore\n" +"\n" +" Import an existing configuration into a location:\n" +" ipa automountlocation-import baltimore /etc/auto.master\n" +"\n" +" The import will fail if any duplicate entries are found. For\n" +" continuous operation where errors are ignored, use the --continue\n" +" option.\n" +"\n" +"Maps:\n" +"\n" +" Create a new map, \"auto.share\":\n" +" ipa automountmap-add baltimore auto.share\n" +"\n" +" Display the new map:\n" +" ipa automountmap-show baltimore auto.share\n" +"\n" +" Find maps in the location baltimore:\n" +" ipa automountmap-find baltimore\n" +"\n" +" Create an indirect map with auto.share as a submount:\n" +" ipa automountmap-add-indirect baltimore --parentmap=auto.share --" +"mount=sub auto.man\n" +"\n" +" This is equivalent to:\n" +"\n" +" ipa automountmap-add-indirect baltimore --mount=/man auto.man\n" +" ipa automountkey-add baltimore auto.man --key=sub --info=\"-" +"fstype=autofs ldap:auto.share\"\n" +"\n" +" Remove the auto.share map:\n" +" ipa automountmap-del baltimore auto.share\n" +"\n" +"Keys:\n" +"\n" +" Create a new key for the auto.share map in location baltimore. This ties\n" +" the map we previously created to auto.master:\n" +" ipa automountkey-add baltimore auto.master --key=/share --info=auto." +"share\n" +"\n" +" Create a new key for our auto.share map, an NFS mount for man pages:\n" +" ipa automountkey-add baltimore auto.share --key=man --info=\"-ro,soft," +"rsize=8192,wsize=8192 ipa.example.com:/shared/man\"\n" +"\n" +" Find all keys for the auto.share map:\n" +" ipa automountkey-find baltimore auto.share\n" +"\n" +" Find all direct automount keys:\n" +" ipa automountkey-find baltimore --key=/-\n" +"\n" +" Remove the man key from the auto.share map:\n" +" ipa automountkey-del baltimore auto.share --key=man\n" +msgstr "" + +#: ipaserver/plugins/automount.py:465 ipaserver/plugins/automount.py:712 +#: ipaserver/plugins/automount.py:819 ipaserver/plugins/otptoken.py:219 +msgid "Key" +msgstr "" + +#: ipaserver/plugins/automount.py:466 ipaserver/plugins/automount.py:713 +#: ipaserver/plugins/automount.py:820 +msgid "Automount key name." +msgstr "" + +#: ipaserver/plugins/automount.py:471 ipaserver/plugins/automount.py:717 +#: ipaserver/plugins/automount.py:824 +msgid "Mount information" +msgstr "" + +#: ipaserver/plugins/automount.py:474 +msgid "description" +msgstr "" + +#: ipaserver/plugins/server.py:132 ipaserver/plugins/host.py:483 +msgid "Location" +msgstr "" + +#: ipaserver/plugins/automount.py:253 +msgid "Automount location name." +msgstr "" + +#: ipaserver/plugins/automount.py:358 +msgid "Map" +msgstr "" + +#: ipaserver/plugins/automount.py:359 +msgid "Automount map name." +msgstr "" + +#: ipaserver/plugins/automount.py:623 +msgid "Create a new automount key." +msgstr "" + +#: ipaserver/plugins/automount.py:705 +msgid "Delete an automount key." +msgstr "" + +#: ipaserver/plugins/baseldap.py:1381 +msgid "Continuous mode: Don't stop on errors." +msgstr "" + +#: ipaserver/plugins/automount.py:804 +msgid "Search for an automount key." +msgstr "" + +#: ipaserver/plugins/serverrole.py:123 ipaserver/plugins/baseldap.py:1979 +#: ipaserver/plugins/cert.py:1569 +msgid "Time Limit" +msgstr "" + +msgid "Time limit of search in seconds" +msgstr "" + +#: ipaserver/plugins/serverrole.py:131 ipaserver/plugins/baseldap.py:1986 +#: ipaserver/plugins/hbactest.py:304 ipaserver/plugins/cert.py:1574 +msgid "Size Limit" +msgstr "" + +msgid "Maximum number of entries returned" +msgstr "" + +#: ipaserver/plugins/automount.py:746 +msgid "Modify an automount key." +msgstr "" + +#: ipaserver/plugins/automount.py:755 +msgid "New mount information" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1487 +msgid "Rename" +msgstr "" + +msgid "Rename the automount key object" +msgstr "" + +#: ipaserver/plugins/automount.py:814 +msgid "Display an automount key." +msgstr "" + +#: ipaserver/plugins/automount.py:261 +msgid "Create a new automount location." +msgstr "" + +#: ipaserver/plugins/automount.py:281 +msgid "Delete an automount location." +msgstr "" + +#: ipaserver/plugins/automount.py:293 +msgid "Search for an automount location." +msgstr "" + +msgid "Results should contain primary key attribute only (\"location\")" +msgstr "" + +#: ipaserver/plugins/automount.py:288 +msgid "Display an automount location." +msgstr "" + +#: ipaserver/plugins/automount.py:303 +msgid "Generate automount files for a specific location." +msgstr "" + +#: ipaserver/plugins/automount.py:399 +msgid "Create a new automount map." +msgstr "" + +#: ipaserver/plugins/automount.py:652 +msgid "Create a new indirect mount point." +msgstr "" + +#: ipaserver/plugins/automount.py:659 +msgid "Mount point" +msgstr "" + +#: ipaserver/plugins/automount.py:663 +msgid "Parent map" +msgstr "" + +#: ipaserver/plugins/automount.py:664 +msgid "Name of parent automount map (default: auto.master)." +msgstr "" + +#: ipaserver/plugins/automount.py:406 +msgid "Delete an automount map." +msgstr "" + +#: ipaserver/plugins/automount.py:433 +msgid "Search for an automount map." +msgstr "" + +msgid "Results should contain primary key attribute only (\"map\")" +msgstr "" + +#: ipaserver/plugins/automount.py:426 +msgid "Modify an automount map." +msgstr "" + +#: ipaserver/plugins/automount.py:443 +msgid "Display an automount map." +msgstr "" + +msgid "" +"\n" +"Plugin to make multiple ipa calls via one remote procedure call\n" +"\n" +"To run this code in the lite-server\n" +"\n" +"curl -H \"Content-Type:application/json\" -H \"Accept:application/" +"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" +"etc/ipa/ca.crt -d @batch_request.json -X POST http://" +"localhost:8888/ipa/json\n" +"\n" +"where the contents of the file batch_request.json follow the below example\n" +"\n" +"{\"method\":\"batch\",\"params\":[[\n" +" {\"method\":\"group_find\",\"params\":[[],{}]},\n" +" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\"," +"\"all\":\"true\"}]},\n" +" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" +" ],{}],\"id\":1}\n" +"\n" +"The format of the response is nested the same way. At the top you will see\n" +" \"error\": null,\n" +" \"id\": 1,\n" +" \"result\": {\n" +" \"count\": 3,\n" +" \"results\": [\n" +"\n" +"\n" +"And then a nested response for each IPA command method sent in the request\n" +msgstr "" + +msgid "Nested Methods to execute" +msgstr "" + +msgid "" +"\n" +"IPA certificate operations\n" +"\n" +"Implements a set of commands for managing server SSL certificates.\n" +"\n" +"Certificate requests exist in the form of a Certificate Signing Request " +"(CSR)\n" +"in PEM format.\n" +"\n" +"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" +"subject to values configured in the server.\n" +"\n" +"A certificate is stored with a service principal and a service principal\n" +"needs a host.\n" +"\n" +"In order to request a certificate:\n" +"\n" +"* The host must exist\n" +"* The service must exist (or you use the --add option to automatically add " +"it)\n" +"\n" +"SEARCHING:\n" +"\n" +"Certificates may be searched on by certificate subject, serial number,\n" +"revocation reason, validity dates and the issued date.\n" +"\n" +"When searching on dates the _from date does a >= search and the _to date\n" +"does a <= search. When combined these are done as an AND.\n" +"\n" +"Dates are treated as GMT to match the dates in the certificates.\n" +"\n" +"The date format is YYYY-mm-dd.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Request a new certificate and add the principal:\n" +" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" +"\n" +" Retrieve an existing certificate:\n" +" ipa cert-show 1032\n" +"\n" +" Revoke a certificate (see RFC 5280 for reason details):\n" +" ipa cert-revoke --revocation-reason=6 1032\n" +"\n" +" Remove a certificate from revocation hold status:\n" +" ipa cert-remove-hold 1032\n" +"\n" +" Check the status of a signing request:\n" +" ipa cert-status 10\n" +"\n" +" Search for certificates by hostname:\n" +" ipa cert-find --subject=ipaserver.example.com\n" +"\n" +" Search for revoked certificates by reason:\n" +" ipa cert-find --revocation-reason=5\n" +"\n" +" Search for certificates based on issuance date\n" +" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +"\n" +"IPA currently immediately issues (or declines) all certificate requests so\n" +"the status of a request is not normally useful. This is for future use\n" +"or the case where a CA does not immediately issue a certificate.\n" +"\n" +"The following revocation reasons are supported:\n" +"\n" +" * 0 - unspecified\n" +" * 1 - keyCompromise\n" +" * 2 - cACompromise\n" +" * 3 - affiliationChanged\n" +" * 4 - superseded\n" +" * 5 - cessationOfOperation\n" +" * 6 - certificateHold\n" +" * 8 - removeFromCRL\n" +" * 9 - privilegeWithdrawn\n" +" * 10 - aACompromise\n" +"\n" +"Note that reason code 7 is not used. See RFC 5280 for more details:\n" +"\n" +"http://www.ietf.org/rfc/rfc5280.txt\n" +msgstr "" + +msgid "Checks if any of the servers has the CA service enabled." +msgstr "" + +msgid "Search for existing certificates." +msgstr "" + +msgid "Match cn attribute in subject" +msgstr "" + +msgid "Reason" +msgstr "" + +msgid "Reason for revoking the certificate (0-10)" +msgstr "" + +msgid "minimum serial number" +msgstr "" + +msgid "maximum serial number" +msgstr "" + +msgid "match the common name exactly" +msgstr "" + +msgid "Valid not after from this date (YYYY-mm-dd)" +msgstr "" + +msgid "Valid not after to this date (YYYY-mm-dd)" +msgstr "" + +msgid "Valid not before from this date (YYYY-mm-dd)" +msgstr "" + +msgid "Valid not before to this date (YYYY-mm-dd)" +msgstr "" + +msgid "Issued on from this date (YYYY-mm-dd)" +msgstr "" + +msgid "Issued on to this date (YYYY-mm-dd)" +msgstr "" + +msgid "Revoked on from this date (YYYY-mm-dd)" +msgstr "" + +msgid "Revoked on to this date (YYYY-mm-dd)" +msgstr "" + +msgid "Maximum number of certs returned" +msgstr "" + +msgid "Take a revoked certificate off hold." +msgstr "" + +msgid "Serial number" +msgstr "" + +msgid "Serial number in decimal or if prefixed with 0x in hexadecimal" +msgstr "" + +msgid "Submit a certificate signing request." +msgstr "" + +msgid "CSR" +msgstr "" + +msgid "Principal" +msgstr "" + +msgid "Service principal for this certificate (e.g. HTTP/test.example.com)" +msgstr "" + +msgid "automatically add the principal if it doesn't exist" +msgstr "" + +msgid "Dictionary mapping variable name to value" +msgstr "" + +msgid "Revoke a certificate." +msgstr "" + +msgid "Retrieve an existing certificate." +msgstr "" + +msgid "Output filename" +msgstr "" + +msgid "File to store the certificate in." +msgstr "" + +msgid "Check the status of a certificate signing request." +msgstr "" + +msgid "Request id" +msgstr "" + +msgid "" +"\n" +"Server configuration\n" +"\n" +"Manage the default values that IPA uses and some of its tuning parameters.\n" +"\n" +"NOTES:\n" +"\n" +"The password notification value (--pwdexpnotify) is stored here so it will\n" +"be replicated. It is not currently used to notify users in advance of an\n" +"expiring password.\n" +"\n" +"Some attributes are read-only, provided only for information purposes. " +"These\n" +"include:\n" +"\n" +"Certificate Subject base: the configured certificate subject base,\n" +" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" +"Password plug-in features: currently defines additional hashes that the\n" +" password will generate (there may be other conditions).\n" +"\n" +"When setting the order list for mapping SELinux users you may need to\n" +"quote the value so it isn't interpreted by the shell.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Show basic server configuration:\n" +" ipa config-show\n" +"\n" +" Show all configuration options:\n" +" ipa config-show --all\n" +"\n" +" Change maximum username length to 99 characters:\n" +" ipa config-mod --maxusername=99\n" +"\n" +" Increase default time and size limits for maximum IPA server search:\n" +" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" +"\n" +" Set default user e-mail domain:\n" +" ipa config-mod --emaildomain=example.com\n" +"\n" +" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +" Define SELinux user map order:\n" +" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" +"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" +msgstr "" + +msgid "Maximum username length" +msgstr "" + +msgid "Home directory base" +msgstr "" + +msgid "Default location of home directories" +msgstr "" + +msgid "Default shell" +msgstr "" + +msgid "Default shell for new users" +msgstr "" + +msgid "Default users group" +msgstr "" + +msgid "Default group for new users" +msgstr "" + +#: ipaserver/plugins/config.py:193 +msgid "Default e-mail domain" +msgstr "" + +msgid "Search time limit" +msgstr "" + +msgid "" +"Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)" +msgstr "" + +msgid "Search size limit" +msgstr "" + +msgid "Maximum number of records to search (-1 is unlimited)" +msgstr "" + +msgid "User search fields" +msgstr "" + +msgid "A comma-separated list of fields to search in when searching for users" +msgstr "" + +msgid "Group search fields" +msgstr "" + +msgid "A comma-separated list of fields to search in when searching for groups" +msgstr "" + +#: ipaserver/plugins/config.py:220 +msgid "Enable migration mode" +msgstr "" + +msgid "Certificate Subject base" +msgstr "" + +msgid "Base for certificate subjects (OU=Test,O=Example)" +msgstr "" + +msgid "Default group objectclasses" +msgstr "" + +msgid "Default group objectclasses (comma-separated list)" +msgstr "" + +msgid "Default user objectclasses" +msgstr "" + +msgid "Default user objectclasses (comma-separated list)" +msgstr "" + +msgid "Password Expiration Notification (days)" +msgstr "" + +msgid "Number of days's notice of impending password expiration" +msgstr "" + +msgid "Password plugin features" +msgstr "" + +msgid "Extra hashes to generate in password plug-in" +msgstr "" + +msgid "SELinux user map order" +msgstr "" + +msgid "Order in increasing priority of SELinux users, delimited by $" +msgstr "" + +msgid "Default SELinux user" +msgstr "" + +msgid "Default SELinux user when no match is found in SELinux map rule" +msgstr "" + +msgid "Default PAC types" +msgstr "" + +msgid "Default types of PAC supported for services" +msgstr "" + +msgid "Default user authentication types" +msgstr "" + +msgid "Default types of supported user authentication" +msgstr "" + +msgid "Modify configuration options." +msgstr "" + +msgid "Show the current configuration." +msgstr "" + +#: ipaserver/plugins/delegation.py:29 +msgid "" +"\n" +"Group to Group Delegation\n" +"\n" +"A permission enables fine-grained delegation of permissions. Access Control\n" +"Rules, or instructions (ACIs), grant permission to permissions to perform\n" +"given tasks such as adding a user, modifying a group, etc.\n" +"\n" +"Group to Group Delegations grants the members of one group to update a set\n" +"of attributes of members of another group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a delegation rule to allow managers to edit employee's addresses:\n" +" ipa delegation-add --attrs=street --group=managers --" +"membergroup=employees \"managers edit employees' street\"\n" +"\n" +" When managing the list of attributes you need to include all attributes\n" +" in the list, including existing ones. Add postalCode to the list:\n" +" ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --" +"membergroup=employees \"managers edit employees' street\"\n" +"\n" +" Display our updated rule:\n" +" ipa delegation-show \"managers edit employees' street\"\n" +"\n" +" Delete a rule:\n" +" ipa delegation-del \"managers edit employees' street\"\n" +msgstr "" + +#: ipaserver/plugins/delegation.py:75 ipaserver/plugins/delegation.py:76 +#: ipaserver/plugins/servicedelegation.py:162 +msgid "Delegation name" +msgstr "" + +#: ipaserver/plugins/delegation.py:82 ipaserver/plugins/selfservice.py:85 +msgid "Permissions to grant (read, write). Default is write." +msgstr "" + +#: ipaserver/plugins/delegation.py:87 +msgid "Attributes to which the delegation applies" +msgstr "" + +#: ipaserver/plugins/delegation.py:92 +msgid "Member user group" +msgstr "" + +#: ipaserver/plugins/delegation.py:93 +msgid "User group to apply delegation to" +msgstr "" + +#: ipaserver/plugins/delegation.py:130 +msgid "Add a new delegation." +msgstr "" + +#: ipaserver/plugins/delegation.py:150 +msgid "Delete a delegation." +msgstr "" + +#: ipaserver/plugins/delegation.py:186 +msgid "Search for delegations." +msgstr "" + +#: ipaserver/plugins/delegation.py:168 +msgid "Modify a delegation." +msgstr "" + +#: ipaserver/plugins/delegation.py:211 +msgid "Display information about a delegation." +msgstr "" + +msgid "" +"\n" +"Domain Name System (DNS)\n" +"\n" +"Manage DNS zone and resource records.\n" +"\n" +"SUPPORTED ZONE TYPES\n" +"\n" +" * Master zone (dnszone-*), contains authoritative data.\n" +" * Forward zone (dnsforwardzone-*), forwards queries to configured " +"forwarders\n" +" (a set of DNS servers).\n" +"\n" +"USING STRUCTURED PER-TYPE OPTIONS\n" +"\n" +"There are many structured DNS RR types where DNS data stored in LDAP server\n" +"is not just a scalar value, for example an IP address or a domain name, but\n" +"a data structure which may be often complex. A good example is a LOC record\n" +"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" +"minutes, seconds of latitude and longitude, altitude or precision).\n" +"\n" +"It may be difficult to manipulate such DNS records without making a mistake\n" +"and entering an invalid value. DNS module provides an abstraction over " +"these\n" +"raw records and allows to manipulate each RR type with specific options. " +"For\n" +"each supported RR type, DNS module provides a standard option to manipulate\n" +"a raw records with format ---rec, e.g. --mx-rec, and special " +"options\n" +"for every part of the RR structure with format ---, e.g.\n" +"--mx-preference and --mx-exchanger.\n" +"\n" +"When adding a record, either RR specific options or standard option for a " +"raw\n" +"value can be used, they just should not be combined in one add operation. " +"When\n" +"modifying an existing entry, new RR specific options can be used to change\n" +"one part of a DNS record, where the standard option for raw value is used\n" +"to specify the modified value. The following example demonstrates\n" +"a modification of MX record preference from 0 to 1 in a record without\n" +"modifying the exchanger:\n" +"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add new zone:\n" +" ipa dnszone-add example.com --admin-email=admin@example.com\n" +"\n" +" Add system permission that can be used for per-zone privilege delegation:\n" +" ipa dnszone-add-permission example.com\n" +"\n" +" Modify the zone to allow dynamic updates for hosts own records in realm " +"EXAMPLE.COM:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE\n" +"\n" +" This is the equivalent of:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE --update-" +"policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * " +"AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" +"\n" +" Modify the zone to allow zone transfers for local network only:\n" +" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" +"\n" +" Add new reverse zone specified by network IP address:\n" +" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" +"\n" +" Add second nameserver for example.com:\n" +" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" +"\n" +" Add a mail server for example.com:\n" +" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" +"\n" +" Add another record using MX record specific options:\n" +" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" +"\n" +" Add another record using interactive mode (started when dnsrecord-add, " +"dnsrecord-mod,\n" +" or dnsrecord-del are executed with no options):\n" +" ipa dnsrecord-add example.com @\n" +" Please choose a type of DNS resource record to be added\n" +" The most common types for this type of zone are: NS, MX, LOC\n" +"\n" +" DNS resource record type: MX\n" +" MX Preference: 30\n" +" MX Exchanger: mail3\n" +" Record name: example.com\n" +" MX record: 10 mail1, 20 mail2, 30 mail3\n" +" NS record: nameserver.example.com., nameserver2.example.com.\n" +"\n" +" Delete previously added nameserver from example.com:\n" +" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" +"\n" +" Add LOC record for example.com:\n" +" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " +"227.64m\"\n" +"\n" +" Add new A record for www.example.com. Create a reverse record in " +"appropriate\n" +" reverse zone as well. In this case a PTR record \"2\" pointing to www." +"example.com\n" +" will be created in zone 2.0.192.in-addr.arpa.\n" +" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" +"\n" +" Add new PTR record for www.example.com\n" +" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" +"\n" +" Add new SRV records for LDAP servers. Three quarters of the requests\n" +" should go to fast.example.com, one quarter to slow.example.com. If neither\n" +" is available, switch to backup.example.com.\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." +"example.com\"\n" +"\n" +" The interactive mode can be used for easy modification:\n" +" ipa dnsrecord-mod example.com _ldap._tcp\n" +" No option to modify specific record provided.\n" +" Current DNS record contents:\n" +"\n" +" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " +"backup.example.com\n" +"\n" +" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" +" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" +" SRV Priority [0]: (keep the default value)\n" +" SRV Weight [1]: 2 (modified value)\n" +" SRV Port [389]: (keep the default value)\n" +" SRV Target [slow.example.com]: (keep the default value)\n" +" 1 SRV record skipped. Only one value per DNS record type can be modified " +"at one time.\n" +" Record name: _ldap._tcp\n" +" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " +"389 slow.example.com\n" +"\n" +" After this modification, three fifths of the requests should go to\n" +" fast.example.com and two fifths to slow.example.com.\n" +"\n" +" An example of the interactive mode for dnsrecord-del command:\n" +" ipa dnsrecord-del example.com www\n" +" No option to delete specific record provided.\n" +" Delete all? Yes/No (default No): (do not delete all records)\n" +" Current DNS record contents:\n" +"\n" +" A record: 192.0.2.2, 192.0.2.3\n" +"\n" +" Delete A record '192.0.2.2'? Yes/No (default No):\n" +" Delete A record '192.0.2.3'? Yes/No (default No): y\n" +" Record name: www\n" +" A record: 192.0.2.2 (A record 192.0.2.3 has been " +"deleted)\n" +"\n" +" Show zone example.com:\n" +" ipa dnszone-show example.com\n" +"\n" +" Find zone with \"example\" in its domain name:\n" +" ipa dnszone-find example\n" +"\n" +" Find records for resources with \"www\" in their name in zone example.com:\n" +" ipa dnsrecord-find example.com www\n" +"\n" +" Find A records with value 192.0.2.2 in zone example.com\n" +" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" +"\n" +" Show records for resource www in zone example.com\n" +" ipa dnsrecord-show example.com www\n" +"\n" +" Delegate zone sub.example to another nameserver:\n" +" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" +" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +"\n" +" Delete zone example.com with all resource records:\n" +" ipa dnszone-del example.com\n" +"\n" +" If a global forwarder is configured, all queries for which this server is " +"not\n" +" authoritative (e.g. sub.example.com) will be routed to the global " +"forwarder.\n" +" Global forwarding configuration can be overridden per-zone.\n" +"\n" +" Semantics of forwarding in IPA matches BIND semantics and depends on the " +"type\n" +" of zone:\n" +" * Master zone: local BIND replies authoritatively to queries for data in\n" +" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" +" affects only queries for names below zone cuts (NS records) of locally\n" +" served zones.\n" +"\n" +" * Forward zone: forward zone contains no authoritative data. BIND " +"forwards\n" +" queries, which cannot be answered from its local cache, to configured\n" +" forwarders.\n" +"\n" +" Semantics of the --forward-policy option:\n" +" * none - disable forwarding for the given zone.\n" +" * first - forward all queries to configured forwarders. If they fail,\n" +" do resolution using DNS root servers.\n" +" * only - forward all queries to configured forwarders and if they fail,\n" +" return failure.\n" +"\n" +" Disable global forwarding for given sub-tree:\n" +" ipa dnszone-mod example.com --forward-policy=none\n" +"\n" +" This configuration forwards all queries for names outside the example.com\n" +" sub-tree to global forwarders. Normal recursive resolution process is used\n" +" for names inside the example.com sub-tree (i.e. NS records are followed " +"etc.).\n" +"\n" +" Forward all requests for the zone external.example.com to another " +"forwarder\n" +" using a \"first\" policy (it will send the queries to the selected " +"forwarder\n" +" and if not answered it will use global root servers):\n" +" ipa dnsforwardzone-add external.example.com --forward-" +"policy=first --forwarder=203.0.113.1\n" +"\n" +" Change forward-policy for external.example.com:\n" +" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" +"\n" +" Show forward zone external.example.com:\n" +" ipa dnsforwardzone-show external.example.com\n" +"\n" +" List all forward zones:\n" +" ipa dnsforwardzone-find\n" +"\n" +" Delete forward zone external.example.com:\n" +" ipa dnsforwardzone-del external.example.com\n" +"\n" +" Resolve a host name to see if it exists (will add default IPA domain\n" +" if one is not included):\n" +" ipa dns-resolve www.example.com\n" +" ipa dns-resolve www\n" +"\n" +"\n" +"GLOBAL DNS CONFIGURATION\n" +"\n" +"DNS configuration passed to command line install script is stored in a " +"local\n" +"configuration file on each IPA server where DNS service is configured. " +"These\n" +"local settings can be overridden with a common configuration stored in LDAP\n" +"server:\n" +"\n" +" Show global DNS configuration:\n" +" ipa dnsconfig-show\n" +"\n" +" Modify global DNS configuration and set a list of global forwarders:\n" +" ipa dnsconfig-mod --forwarder=203.0.113.113\n" +msgstr "" + +msgid "Global forwarders" +msgstr "" + +msgid "" +"Global forwarders. A custom port can be specified for each forwarder using a " +"standard format \"IP_ADDRESS port PORT\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2049 ipaserver/plugins/dns.py:4124 +msgid "Forward policy" +msgstr "" + +msgid "" +"Global forwarding policy. Set to \"none\" to disable any configured global " +"forwarders." +msgstr "" + +#: ipaserver/plugins/dns.py:4131 +msgid "Allow PTR sync" +msgstr "" + +msgid "Allow synchronization of forward (A, AAAA) and reverse (PTR) records" +msgstr "" + +msgid "Zone refresh interval" +msgstr "" + +msgid "Zone name" +msgstr "" + +msgid "Zone name (FQDN)" +msgstr "" + +msgid "Reverse zone IP network" +msgstr "" + +msgid "IP network to create reverse zone name from" +msgstr "" + +msgid "Active zone" +msgstr "" + +msgid "Is zone active?" +msgstr "" + +msgid "Zone forwarders" +msgstr "" + +msgid "" +"Per-zone forwarders. A custom port can be specified for each forwarder using " +"a standard format \"IP_ADDRESS port PORT\"" +msgstr "" + +msgid "" +"Per-zone conditional forwarding policy. Set to \"none\" to disable " +"forwarding to global forwarder for this zone. In that case, conditional zone " +"forwarders are disregarded." +msgstr "" + +#: ipaserver/plugins/dns.py:3059 +msgid "Record name" +msgstr "" + +#: ipaserver/plugins/dns.py:3064 ipaserver/plugins/dns.py:3065 +msgid "Time to live" +msgstr "" + +msgid "Records" +msgstr "" + +msgid "Record type" +msgstr "" + +#: ipaserver/plugins/dns.py:1556 +msgid "Record data" +msgstr "" + +msgid "A record" +msgstr "" + +msgid "Raw A records" +msgstr "" + +msgid "A IP Address" +msgstr "" + +#: ipaserver/plugins/dns.py:983 ipaserver/plugins/host.py:682 +msgid "IP Address" +msgstr "" + +msgid "A Create reverse" +msgstr "" + +msgid "Create reverse record for this IP Address" +msgstr "" + +msgid "AAAA record" +msgstr "" + +msgid "Raw AAAA records" +msgstr "" + +msgid "AAAA IP Address" +msgstr "" + +msgid "AAAA Create reverse" +msgstr "" + +msgid "A6 record" +msgstr "" + +msgid "Raw A6 records" +msgstr "" + +msgid "A6 Record data" +msgstr "" + +msgid "AFSDB record" +msgstr "" + +msgid "Raw AFSDB records" +msgstr "" + +msgid "AFSDB Subtype" +msgstr "" + +msgid "Subtype" +msgstr "" + +msgid "AFSDB Hostname" +msgstr "" + +#: ipaserver/plugins/dns.py:1034 ipaserver/plugins/dns.py:1283 +#: ipaserver/plugins/dns.py:1346 +msgid "Hostname" +msgstr "" + +msgid "APL record" +msgstr "" + +msgid "Raw APL records" +msgstr "" + +msgid "CERT record" +msgstr "" + +msgid "Raw CERT records" +msgstr "" + +msgid "CERT Certificate Type" +msgstr "" + +msgid "Certificate Type" +msgstr "" + +msgid "CERT Key Tag" +msgstr "" + +#: ipaserver/plugins/dns.py:1058 +msgid "Key Tag" +msgstr "" + +msgid "CERT Algorithm" +msgstr "" + +#: ipaserver/plugins/dns.py:1020 ipaserver/plugins/dns.py:1063 +#: ipaserver/plugins/dns.py:1412 +msgid "Algorithm" +msgstr "" + +msgid "CERT Certificate/CRL" +msgstr "" + +msgid "Certificate/CRL" +msgstr "" + +msgid "CNAME record" +msgstr "" + +msgid "Raw CNAME records" +msgstr "" + +msgid "CNAME Hostname" +msgstr "" + +msgid "A hostname which this alias hostname points to" +msgstr "" + +msgid "DHCID record" +msgstr "" + +msgid "Raw DHCID records" +msgstr "" + +msgid "DLV record" +msgstr "" + +msgid "Raw DLV records" +msgstr "" + +msgid "DLV Key Tag" +msgstr "" + +msgid "DLV Algorithm" +msgstr "" + +msgid "DLV Digest Type" +msgstr "" + +msgid "Digest Type" +msgstr "" + +msgid "DLV Digest" +msgstr "" + +msgid "Digest" +msgstr "" + +msgid "DNAME record" +msgstr "" + +msgid "Raw DNAME records" +msgstr "" + +msgid "DNAME Target" +msgstr "" + +#: ipaserver/plugins/dns.py:1379 ipaserver/plugins/internal.py:1228 +msgid "Target" +msgstr "" + +msgid "DNSKEY record" +msgstr "" + +msgid "Raw DNSKEY records" +msgstr "" + +msgid "DS record" +msgstr "" + +msgid "Raw DS records" +msgstr "" + +msgid "DS Key Tag" +msgstr "" + +msgid "DS Algorithm" +msgstr "" + +msgid "DS Digest Type" +msgstr "" + +msgid "DS Digest" +msgstr "" + +msgid "HIP record" +msgstr "" + +msgid "Raw HIP records" +msgstr "" + +msgid "IPSECKEY record" +msgstr "" + +msgid "Raw IPSECKEY records" +msgstr "" + +msgid "KEY record" +msgstr "" + +msgid "Raw KEY records" +msgstr "" + +msgid "KX record" +msgstr "" + +msgid "Raw KX records" +msgstr "" + +msgid "KX Preference" +msgstr "" + +#: ipaserver/plugins/dns.py:1267 +msgid "Preference given to this exchanger. Lower values are more preferred" +msgstr "" + +msgid "KX Exchanger" +msgstr "" + +msgid "A host willing to act as a key exchanger" +msgstr "" + +msgid "LOC record" +msgstr "" + +msgid "Raw LOC records" +msgstr "" + +msgid "LOC Degrees Latitude" +msgstr "" + +msgid "Degrees Latitude" +msgstr "" + +msgid "LOC Minutes Latitude" +msgstr "" + +msgid "Minutes Latitude" +msgstr "" + +msgid "LOC Seconds Latitude" +msgstr "" + +msgid "Seconds Latitude" +msgstr "" + +msgid "LOC Direction Latitude" +msgstr "" + +msgid "Direction Latitude" +msgstr "" + +msgid "LOC Degrees Longitude" +msgstr "" + +msgid "Degrees Longitude" +msgstr "" + +msgid "LOC Minutes Longitude" +msgstr "" + +msgid "Minutes Longitude" +msgstr "" + +msgid "LOC Seconds Longitude" +msgstr "" + +msgid "Seconds Longitude" +msgstr "" + +msgid "LOC Direction Longitude" +msgstr "" + +msgid "Direction Longitude" +msgstr "" + +msgid "LOC Altitude" +msgstr "" + +msgid "Altitude" +msgstr "" + +msgid "LOC Size" +msgstr "" + +msgid "Size" +msgstr "" + +msgid "LOC Horizontal Precision" +msgstr "" + +msgid "Horizontal Precision" +msgstr "" + +msgid "LOC Vertical Precision" +msgstr "" + +msgid "Vertical Precision" +msgstr "" + +msgid "MX record" +msgstr "" + +msgid "Raw MX records" +msgstr "" + +msgid "MX Preference" +msgstr "" + +msgid "MX Exchanger" +msgstr "" + +msgid "A host willing to act as a mail exchanger" +msgstr "" + +msgid "NAPTR record" +msgstr "" + +msgid "Raw NAPTR records" +msgstr "" + +msgid "NAPTR Order" +msgstr "" + +msgid "Order" +msgstr "" + +msgid "NAPTR Preference" +msgstr "" + +#: ipaserver/plugins/dns.py:1266 ipaserver/plugins/dns.py:1314 +msgid "Preference" +msgstr "" + +msgid "NAPTR Flags" +msgstr "" + +msgid "Flags" +msgstr "" + +msgid "NAPTR Service" +msgstr "" + +#: ipaserver/plugins/hbactest.py:285 ipaserver/plugins/dns.py:1324 +#: ipaserver/plugins/internal.py:1343 ipaserver/plugins/internal.py:1687 +#: ipaserver/plugins/service.py:494 +msgid "Service" +msgstr "" + +msgid "NAPTR Regular Expression" +msgstr "" + +msgid "Regular Expression" +msgstr "" + +msgid "NAPTR Replacement" +msgstr "" + +msgid "Replacement" +msgstr "" + +msgid "NS record" +msgstr "" + +msgid "Raw NS records" +msgstr "" + +msgid "NS Hostname" +msgstr "" + +msgid "NSEC record" +msgstr "" + +msgid "Raw NSEC records" +msgstr "" + +msgid "NSEC3 record" +msgstr "" + +msgid "Raw NSEC3 records" +msgstr "" + +msgid "PTR record" +msgstr "" + +msgid "Raw PTR records" +msgstr "" + +msgid "PTR Hostname" +msgstr "" + +msgid "The hostname this reverse record points to" +msgstr "" + +msgid "RRSIG record" +msgstr "" + +msgid "Raw RRSIG records" +msgstr "" + +msgid "RP record" +msgstr "" + +msgid "Raw RP records" +msgstr "" + +msgid "SIG record" +msgstr "" + +msgid "Raw SIG records" +msgstr "" + +msgid "SPF record" +msgstr "" + +msgid "Raw SPF records" +msgstr "" + +msgid "SRV record" +msgstr "" + +msgid "Raw SRV records" +msgstr "" + +msgid "SRV Priority" +msgstr "" + +#: ipaserver/plugins/certmap.py:304 ipaserver/plugins/pwpolicy.py:345 +msgid "Priority" +msgstr "" + +msgid "SRV Weight" +msgstr "" + +#: ipaserver/plugins/dns.py:1498 +msgid "Weight" +msgstr "" + +msgid "SRV Port" +msgstr "" + +msgid "Port" +msgstr "" + +msgid "SRV Target" +msgstr "" + +msgid "" +"The domain name of the target host or '.' if the service is decidedly not " +"available at this domain" +msgstr "" + +msgid "SSHFP record" +msgstr "" + +msgid "Raw SSHFP records" +msgstr "" + +msgid "SSHFP Algorithm" +msgstr "" + +msgid "SSHFP Fingerprint Type" +msgstr "" + +msgid "Fingerprint Type" +msgstr "" + +msgid "SSHFP Fingerprint" +msgstr "" + +msgid "Fingerprint" +msgstr "" + +msgid "TA record" +msgstr "" + +msgid "Raw TA records" +msgstr "" + +msgid "TLSA record" +msgstr "" + +msgid "Raw TLSA records" +msgstr "" + +msgid "TLSA Certificate Usage" +msgstr "" + +msgid "Certificate Usage" +msgstr "" + +msgid "TLSA Selector" +msgstr "" + +msgid "Selector" +msgstr "" + +msgid "TLSA Matching Type" +msgstr "" + +msgid "Matching Type" +msgstr "" + +msgid "TLSA Certificate Association Data" +msgstr "" + +msgid "Certificate Association Data" +msgstr "" + +msgid "TKEY record" +msgstr "" + +msgid "Raw TKEY records" +msgstr "" + +msgid "TSIG record" +msgstr "" + +msgid "Raw TSIG records" +msgstr "" + +msgid "TXT record" +msgstr "" + +msgid "Raw TXT records" +msgstr "" + +msgid "TXT Text Data" +msgstr "" + +msgid "Text Data" +msgstr "" + +msgid "Authoritative nameserver" +msgstr "" + +msgid "Authoritative nameserver domain name" +msgstr "" + +#: ipaserver/plugins/dns.py:2429 +msgid "Administrator e-mail address" +msgstr "" + +msgid "SOA serial" +msgstr "" + +msgid "SOA record serial number" +msgstr "" + +msgid "SOA refresh" +msgstr "" + +msgid "SOA record refresh time" +msgstr "" + +msgid "SOA retry" +msgstr "" + +msgid "SOA record retry time" +msgstr "" + +msgid "SOA expire" +msgstr "" + +msgid "SOA record expire time" +msgstr "" + +msgid "SOA minimum" +msgstr "" + +msgid "How long should negative responses be cached" +msgstr "" + +msgid "Time to live for records at zone apex" +msgstr "" + +#: ipaserver/plugins/dns.py:2504 +msgid "BIND update policy" +msgstr "" + +msgid "Dynamic update" +msgstr "" + +msgid "Allow dynamic updates." +msgstr "" + +msgid "Allow query" +msgstr "" + +msgid "" +"Semicolon separated list of IP addresses or networks which are allowed to " +"issue queries" +msgstr "" + +msgid "Allow transfer" +msgstr "" + +msgid "" +"Semicolon separated list of IP addresses or networks which are allowed to " +"transfer the zone" +msgstr "" + +msgid "" +"Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the " +"zone" +msgstr "" + +msgid "Allow in-line DNSSEC signing" +msgstr "" + +msgid "Allow inline DNSSEC signing of records in the zone" +msgstr "" + +msgid "NSEC3PARAM record" +msgstr "" + +msgid "" +"NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt" +msgstr "" + +msgid "Checks if any of the servers has the DNS service enabled." +msgstr "" + +msgid "Resolve a host name in DNS." +msgstr "" + +msgid "Modify global DNS configuration." +msgstr "" + +msgid "Show the current global DNS configuration." +msgstr "" + +msgid "Create new DNS forward zone." +msgstr "" + +msgid "Add a permission for per-forward zone access delegation." +msgstr "" + +msgid "Permission value" +msgstr "" + +msgid "Delete DNS forward zone." +msgstr "" + +msgid "Disable DNS Forward Zone." +msgstr "" + +msgid "Enable DNS Forward Zone." +msgstr "" + +msgid "Search for DNS forward zones." +msgstr "" + +msgid "Modify DNS forward zone." +msgstr "" + +msgid "Remove a permission for per-forward zone access delegation." +msgstr "" + +msgid "Display information about a DNS forward zone." +msgstr "" + +msgid "Add new DNS resource record." +msgstr "" + +#: ipaserver/plugins/realmdomains.py:151 ipaserver/plugins/permission.py:1061 +#: ipaserver/plugins/dns.py:2898 ipaserver/plugins/dns.py:3597 +#: ipaserver/plugins/host.py:674 ipaserver/plugins/service.py:655 +msgid "Force" +msgstr "" + +msgid "force NS record creation even if its hostname is not in DNS" +msgstr "" + +msgid "Structured" +msgstr "" + +msgid "Parse all raw DNS records and return them in a structured way" +msgstr "" + +msgid "Delete DNS resource record." +msgstr "" + +msgid "Delete all associated records" +msgstr "" + +msgid "Delete DNS record entry." +msgstr "" + +msgid "Search for DNS resources." +msgstr "" + +msgid "Modify a DNS resource record." +msgstr "" + +msgid "Rename the DNS resource record object" +msgstr "" + +msgid "Display DNS resource." +msgstr "" + +msgid "Create new DNS zone (SOA record)." +msgstr "" + +msgid "Force DNS zone creation even if nameserver is not resolvable." +msgstr "" + +msgid "Add a permission for per-zone access delegation." +msgstr "" + +msgid "Delete DNS zone (SOA record)." +msgstr "" + +msgid "Disable DNS Zone." +msgstr "" + +msgid "Enable DNS Zone." +msgstr "" + +#: ipaserver/plugins/dns.py:2948 +msgid "Search for DNS zones (SOA records)." +msgstr "" + +msgid "Forward zones only" +msgstr "" + +msgid "Search for forward zones only" +msgstr "" + +msgid "Modify DNS zone (SOA record)." +msgstr "" + +msgid "Force nameserver change even if nameserver not in DNS" +msgstr "" + +msgid "Remove a permission for per-zone access delegation." +msgstr "" + +msgid "Display information about a DNS zone (SOA record)." +msgstr "" + +msgid "" +"\n" +"Groups of users\n" +"\n" +"Manage groups of users. By default, new groups are POSIX groups. You\n" +"can add the --nonposix option to the group-add command to mark a new group\n" +"as non-POSIX. You can use the --posix argument with the group-mod command\n" +"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add multiple users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1 --users=test2 localadmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\\name, or name@domain format. IPA will " +"attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +msgstr "" + +#: ipaserver/plugins/idviews.py:1127 +msgid "Group name" +msgstr "" + +#: ipaserver/plugins/group.py:343 ipaserver/plugins/sudocmdgroup.py:131 +msgid "Group description" +msgstr "" + +#: ipaserver/plugins/baseuser.py:311 ipaserver/plugins/idviews.py:1037 +#: ipaserver/plugins/idviews.py:1132 +msgid "GID" +msgstr "" + +msgid "GID (use this option to set it manually)" +msgstr "" + +msgid "Member users" +msgstr "" + +msgid "Member groups" +msgstr "" + +msgid "Member of groups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:80 +msgid "Roles" +msgstr "" + +msgid "Member of netgroups" +msgstr "" + +msgid "Member of Sudo rule" +msgstr "" + +msgid "Member of HBAC rule" +msgstr "" + +msgid "Indirect Member users" +msgstr "" + +msgid "Indirect Member groups" +msgstr "" + +msgid "Indirect Member of group" +msgstr "" + +msgid "Indirect Member of netgroup" +msgstr "" + +msgid "Indirect Member of role" +msgstr "" + +msgid "Indirect Member of Sudo rule" +msgstr "" + +msgid "Indirect Member of HBAC rule" +msgstr "" + +msgid "Create a new group." +msgstr "" + +msgid "Create as a non-POSIX group" +msgstr "" + +msgid "Allow adding external non-IPA members from trusted domains" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1227 ipaserver/plugins/cert.py:1341 +msgid "Suppress processing of membership attributes." +msgstr "" + +msgid "Add members to a group." +msgstr "" + +msgid "External member" +msgstr "" + +msgid "Members of a trusted domain in DOM\\name or name@domain form" +msgstr "" + +msgid "member user" +msgstr "" + +msgid "users to add" +msgstr "" + +msgid "member group" +msgstr "" + +msgid "groups to add" +msgstr "" + +#: ipaserver/plugins/role.py:255 ipaserver/plugins/baseldap.py:1770 +#: ipaserver/plugins/baseldap.py:2257 ipaserver/plugins/privilege.py:226 +#: ipaserver/plugins/privilege.py:257 +msgid "Members that could not be added" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1774 ipaserver/plugins/baseldap.py:2261 +msgid "Number of members added" +msgstr "" + +msgid "Delete group." +msgstr "" + +msgid "Detach a managed group from a user." +msgstr "" + +msgid "Search for groups." +msgstr "" + +msgid "search for private groups" +msgstr "" + +msgid "search for POSIX groups" +msgstr "" + +msgid "" +"search for groups with support of external non-IPA members from trusted " +"domains" +msgstr "" + +msgid "search for non-POSIX groups" +msgstr "" + +msgid "Results should contain primary key attribute only (\"group-name\")" +msgstr "" + +#: ipaserver/plugins/sudorule.py:442 ipaserver/plugins/user.py:164 +msgid "user" +msgstr "" + +msgid "Search for groups with these member users." +msgstr "" + +msgid "Search for groups without these member users." +msgstr "" + +#: ipaserver/plugins/group.py:417 ipaserver/plugins/group.py:678 +#: ipaserver/plugins/user.py:152 +msgid "group" +msgstr "" + +msgid "Search for groups with these member groups." +msgstr "" + +msgid "Search for groups without these member groups." +msgstr "" + +msgid "Search for groups with these member of groups." +msgstr "" + +msgid "Search for groups without these member of groups." +msgstr "" + +msgid "netgroup" +msgstr "" + +msgid "Search for groups with these member of netgroups." +msgstr "" + +msgid "Search for groups without these member of netgroups." +msgstr "" + +#: ipaserver/plugins/serverrole.py:185 +msgid "role" +msgstr "" + +msgid "Search for groups with these member of roles." +msgstr "" + +msgid "Search for groups without these member of roles." +msgstr "" + +msgid "HBAC rule" +msgstr "" + +msgid "Search for groups with these member of HBAC rules." +msgstr "" + +msgid "Search for groups without these member of HBAC rules." +msgstr "" + +msgid "sudo rule" +msgstr "" + +msgid "Search for groups with these member of sudo rules." +msgstr "" + +msgid "Search for groups without these member of sudo rules." +msgstr "" + +msgid "Modify a group." +msgstr "" + +msgid "change to a POSIX group" +msgstr "" + +msgid "change to support external non-IPA members from trusted domains" +msgstr "" + +msgid "Rename the group object" +msgstr "" + +msgid "Remove members from a group." +msgstr "" + +msgid "users to remove" +msgstr "" + +msgid "groups to remove" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1868 ipaserver/plugins/baseldap.py:2356 +msgid "Members that could not be removed" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1872 ipaserver/plugins/baseldap.py:2360 +msgid "Number of members removed" +msgstr "" + +msgid "Display information about a named group." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:39 +msgid "" +"\n" +"Host-based access control\n" +"\n" +"Control who can access what services on what hosts. You\n" +"can use HBAC to control which users or groups can\n" +"access a service, or group of services, on a target host.\n" +"\n" +"You can also specify a category of users and target hosts.\n" +"This is currently limited to \"all\", but might be expanded in the\n" +"future.\n" +"\n" +"Target hosts in HBAC rules must be hosts managed by IPA.\n" +"\n" +"The available services and groups of services are controlled by the\n" +"hbacsvc and hbacsvcgroup plug-ins respectively.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a rule, \"test1\", that grants all users access to the host " +"\"server\" from\n" +" anywhere:\n" +" ipa hbacrule-add --usercat=all test1\n" +" ipa hbacrule-add-host --hosts=server.example.com test1\n" +"\n" +" Display the properties of a named HBAC rule:\n" +" ipa hbacrule-show test1\n" +"\n" +" Create a rule for a specific service. This lets the user john access\n" +" the sshd service on any machine from any machine:\n" +" ipa hbacrule-add --hostcat=all john_sshd\n" +" ipa hbacrule-add-user --users=john john_sshd\n" +" ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n" +"\n" +" Create a rule for a new service group. This lets the user john access\n" +" the FTP service on any machine from any machine:\n" +" ipa hbacsvcgroup-add ftpers\n" +" ipa hbacsvc-add sftp\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers\n" +" ipa hbacrule-add --hostcat=all john_ftp\n" +" ipa hbacrule-add-user --users=john john_ftp\n" +" ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n" +"\n" +" Disable a named HBAC rule:\n" +" ipa hbacrule-disable test1\n" +"\n" +" Remove a named HBAC rule:\n" +" ipa hbacrule-del allow_server\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:273 ipaserver/plugins/hbacrule.py:207 +#: ipaserver/plugins/selinuxusermap.py:239 ipaserver/plugins/sudorule.py:242 +msgid "Rule name" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:213 +msgid "Rule type" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:212 +msgid "Rule type (allow)" +msgstr "" + +#: ipaserver/plugins/netgroup.py:227 ipaserver/plugins/caacl.py:195 +#: ipaserver/plugins/hbacrule.py:223 ipaserver/plugins/selinuxusermap.py:253 +#: ipaserver/plugins/sudorule.py:255 +msgid "User category" +msgstr "" + +#: ipaserver/plugins/netgroup.py:228 ipaserver/plugins/hbacrule.py:224 +#: ipaserver/plugins/selinuxusermap.py:254 ipaserver/plugins/sudorule.py:256 +msgid "User category the rule applies to" +msgstr "" + +#: ipaserver/plugins/netgroup.py:233 ipaserver/plugins/caacl.py:201 +#: ipaserver/plugins/hbacrule.py:229 ipaserver/plugins/selinuxusermap.py:259 +#: ipaserver/plugins/sudorule.py:261 +msgid "Host category" +msgstr "" + +#: ipaserver/plugins/netgroup.py:234 ipaserver/plugins/hbacrule.py:230 +#: ipaserver/plugins/selinuxusermap.py:260 ipaserver/plugins/sudorule.py:262 +msgid "Host category the rule applies to" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:243 +msgid "Service category" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:244 +msgid "Service category the rule applies to" +msgstr "" + +#: ipaserver/plugins/certmap.py:310 ipaserver/plugins/hbacrule.py:256 +#: ipaserver/plugins/internal.py:1946 ipaserver/plugins/selinuxusermap.py:268 +#: ipaserver/plugins/sudorule.py:250 +msgid "Enabled" +msgstr "" + +#: ipaserver/plugins/caacl.py:224 ipaserver/plugins/hbacrule.py:264 +#: ipaserver/plugins/internal.py:879 ipaserver/plugins/internal.py:1199 +#: ipaserver/plugins/selinuxusermap.py:276 ipaserver/plugins/sudorule.py:295 +msgid "User Groups" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:178 ipaserver/plugins/caacl.py:232 +#: ipaserver/plugins/hbacrule.py:272 ipaserver/plugins/internal.py:1073 +#: ipaserver/plugins/internal.py:1173 ipaserver/plugins/selinuxusermap.py:284 +#: ipaserver/plugins/sudorule.py:308 +msgid "Host Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:956 ipaserver/plugins/service.py:493 +msgid "Services" +msgstr "" + +msgid "Service Groups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:333 +msgid "External host" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:300 +msgid "Create a new HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:534 +msgid "Add target hosts and hostgroups to an HBAC rule." +msgstr "" + +msgid "member host" +msgstr "" + +msgid "hosts to add" +msgstr "" + +msgid "member host group" +msgstr "" + +msgid "host groups to add" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:591 +msgid "Add services to an HBAC rule." +msgstr "" + +msgid "member HBAC service" +msgstr "" + +msgid "HBAC services to add" +msgstr "" + +msgid "member HBAC service group" +msgstr "" + +msgid "HBAC service groups to add" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:503 +msgid "Add users and groups to an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:314 +msgid "Delete an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:411 +msgid "Disable an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:381 +msgid "Enable an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:365 +msgid "Search for HBAC rules." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:331 +msgid "Modify an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:556 +msgid "Remove target hosts and hostgroups from an HBAC rule." +msgstr "" + +msgid "hosts to remove" +msgstr "" + +msgid "host groups to remove" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:613 +msgid "Remove service and service groups from an HBAC rule." +msgstr "" + +msgid "HBAC services to remove" +msgstr "" + +msgid "HBAC service groups to remove" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:525 +msgid "Remove users and groups from an HBAC rule." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:375 +msgid "Display the properties of an HBAC rule." +msgstr "" + +msgid "" +"\n" +"HBAC Services\n" +"\n" +"The PAM services that HBAC can control access to. The name used here\n" +"must match the service name that PAM is evaluating.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new HBAC service:\n" +" ipa hbacsvc-add tftp\n" +"\n" +" Modify an existing HBAC service:\n" +" ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n" +"\n" +" Search for HBAC services. This example will return two results, the FTP\n" +" service and the newly-added tftp service:\n" +" ipa hbacsvc-find ftp\n" +"\n" +" Delete an HBAC service:\n" +" ipa hbacsvc-del tftp\n" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:101 +msgid "Service name" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:102 +msgid "HBAC service" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:109 +msgid "HBAC service description" +msgstr "" + +msgid "Member of HBAC service groups" +msgstr "" + +msgid "Add a new HBAC service." +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:125 +msgid "Delete an existing HBAC service." +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:141 +msgid "Search for HBAC services." +msgstr "" + +msgid "Results should contain primary key attribute only (\"service\")" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:133 +msgid "Modify an HBAC service." +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:151 +msgid "Display information about an HBAC service." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:33 +msgid "" +"\n" +"HBAC Service Groups\n" +"\n" +"HBAC service groups can contain any number of individual services,\n" +"or \"members\". Every group must have a description.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new HBAC service group:\n" +" ipa hbacsvcgroup-add --desc=\"login services\" login\n" +"\n" +" Add members to an HBAC service group:\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login\n" +"\n" +" Display information about a named group:\n" +" ipa hbacsvcgroup-show login\n" +"\n" +" Delete an HBAC service group:\n" +" ipa hbacsvcgroup-del login\n" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:114 +msgid "Service group name" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:121 +msgid "HBAC service group description" +msgstr "" + +#: ipaserver/plugins/baseldap.py:107 +msgid "Member HBAC service" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:129 +msgid "Add a new HBAC service group." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:169 +msgid "Add members to an HBAC service group." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:137 +msgid "Delete an HBAC service group." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:153 +msgid "Search for an HBAC service group." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:145 +msgid "Modify an HBAC service group." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:175 +msgid "Remove members from an HBAC service group." +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:163 +msgid "Display information about an HBAC service group." +msgstr "" + +msgid "" +"\n" +"Simulate use of Host-based access controls\n" +"\n" +"HBAC rules control who can access what services on what hosts.\n" +"You can use HBAC to control which users or groups can access a service,\n" +"or group of services, on a target host.\n" +"\n" +"Since applying HBAC rules implies use of a production environment,\n" +"this plugin aims to provide simulation of HBAC rules evaluation without\n" +"having access to the production environment.\n" +"\n" +" Test user coming to a service on a named host against\n" +" existing enabled rules.\n" +"\n" +" ipa hbactest --user= --host= --service=\n" +" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" +" [--sizelimit= ]\n" +"\n" +" --user, --host, and --service are mandatory, others are optional.\n" +"\n" +" If --rules is specified simulate enabling of the specified rules and test\n" +" the login of the user using only these rules.\n" +"\n" +" If --enabled is specified, all enabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --disabled is specified, all disabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --nodetail is specified, do not return information about rules matched/" +"not matched.\n" +"\n" +" If both --rules and --enabled are specified, apply simulation to --rules " +"_and_\n" +" all IPA enabled rules.\n" +"\n" +" If no --rules specified, simulation is run against all IPA enabled rules.\n" +" By default there is a IPA-wide limit to number of entries fetched, you can " +"change it\n" +" with --sizelimit option.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Use all enabled HBAC rules in IPA database to simulate:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 2. Disable detailed summary of how rules were applied:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +"\n" +" 3. Test explicitly specified HBAC rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --rules=myrule --rules=my-second-rule\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: myrule\n" +"\n" +" 4. Use all enabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --rules=myrule --rules=my-second-rule --enabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 5. Test all disabled HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: new-rule\n" +"\n" +" 6. Test all disabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --rules=myrule --rules=my-second-rule --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +"\n" +" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" +" --enabled --disabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Not matched rules: new-rule\n" +" Matched rules: allow_all\n" +"\n" +"\n" +"HBACTEST AND TRUSTED DOMAINS\n" +"\n" +"When an external trusted domain is configured in IPA, HBAC rules are also " +"applied\n" +"on users accessing IPA resources from the trusted domain. Trusted domain " +"users and\n" +"groups (and their SIDs) can be then assigned to external groups which can " +"be\n" +"members of POSIX groups in IPA which can be used in HBAC rules and thus " +"allowing\n" +"access to resources protected by the HBAC system.\n" +"\n" +"hbactest plugin is capable of testing access for both local IPA users and " +"users\n" +"from the trusted domains, either by a fully qualified user name or by user " +"SID.\n" +"Such user names need to have a trusted domain specified as a short name\n" +"(DOMAIN\\Administrator) or with a user principal name (UPN), " +"Administrator@ad.test.\n" +"\n" +"Please note that hbactest executed with a trusted domain user as --user " +"parameter\n" +"can be only run by members of \"trust admins\" group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Test if a user from a trusted domain specified by its shortname " +"matches any\n" +" rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 2. Test if a user from a trusted domain specified by its domain name " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 3. Test if a user from a trusted domain specified by its SID matches any " +"rule:\n" +"\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 4. Test if other user from a trusted domain specified by its SID matches " +"any rule:\n" +"\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +"\n" +" 5. Test if other user from a trusted domain specified by its shortname " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " +"sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +msgstr "" + +#: ipaserver/plugins/hbactest.py:256 +msgid "Simulate use of Host-based access controls" +msgstr "" + +#: ipaserver/plugins/hbactest.py:270 ipaserver/plugins/krbtpolicy.py:134 +msgid "User name" +msgstr "" + +#: ipaserver/plugins/hbactest.py:281 +msgid "Target host" +msgstr "" + +#: ipaserver/plugins/hbactest.py:289 +msgid "Rules to test. If not specified, --enabled is assumed" +msgstr "" + +#: ipaserver/plugins/hbactest.py:293 +msgid "Hide details which rules are matched, not matched, or invalid" +msgstr "" + +#: ipaserver/plugins/hbactest.py:297 +msgid "Include all enabled IPA rules into test [default]" +msgstr "" + +#: ipaserver/plugins/hbactest.py:301 +msgid "Include all disabled IPA rules into test" +msgstr "" + +#: ipaserver/plugins/hbactest.py:305 +msgid "Maximum number of rules to process when no --rules is specified" +msgstr "" + +#: ipaserver/plugins/hbactest.py:260 +msgid "Warning" +msgstr "" + +#: ipaserver/plugins/hbactest.py:261 +msgid "Matched rules" +msgstr "" + +#: ipaserver/plugins/hbactest.py:262 +msgid "Not matched rules" +msgstr "" + +#: ipaserver/plugins/hbactest.py:263 +msgid "Non-existent or invalid rules" +msgstr "" + +#: ipaserver/plugins/hbactest.py:264 +msgid "Result of simulation" +msgstr "" + +msgid "" +"\n" +"Hosts/Machines\n" +"\n" +"A host represents a machine. It can be used in a number of contexts:\n" +"- service entries are associated with a host\n" +"- a host stores the host/ service principal\n" +"- a host can be used in Host-based Access Control (HBAC) rules\n" +"- every enrolled client generates a host entry\n" +"\n" +"ENROLLMENT:\n" +"\n" +"There are three enrollment scenarios when enrolling a new client:\n" +"\n" +"1. You are enrolling as a full administrator. The host entry may exist\n" +" or not. A full administrator is a member of the hostadmin role\n" +" or the admins group.\n" +"2. You are enrolling as a limited administrator. The host must already\n" +" exist. A limited administrator is a member a role with the\n" +" Host Enrollment privilege.\n" +"3. The host has been created with a one-time password.\n" +"\n" +"RE-ENROLLMENT:\n" +"\n" +"Host that has been enrolled at some point, and lost its configuration (e.g. " +"VM\n" +"destroyed) can be re-enrolled.\n" +"\n" +"For more information, consult the manual pages for ipa-client-install.\n" +"\n" +"A host can optionally store information such as where it is located,\n" +"the OS that it runs, etc.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host:\n" +" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." +"com\n" +"\n" +" Delete a host:\n" +" ipa host-del test.example.com\n" +"\n" +" Add a new host with a one-time password:\n" +" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" +"\n" +" Add a new host with a random one-time password:\n" +" ipa host-add --os='Fedora 12' --random test.example.com\n" +"\n" +" Modify information about a host:\n" +" ipa host-mod --os='Fedora 12' test.example.com\n" +"\n" +" Remove SSH public keys of a host and update DNS to reflect this change:\n" +" ipa host-mod --sshpubkey= --updatedns test.example.com\n" +"\n" +" Disable the host Kerberos key, SSL certificate and all of its services:\n" +" ipa host-disable test.example.com\n" +"\n" +" Add a host that can manage this host's keytab and certificate:\n" +" ipa host-add-managedby --hosts=test2 test\n" +"\n" +" Allow user to create a keytab:\n" +" ipa host-allow-create-keytab test2 --users=tuser1\n" +msgstr "" + +#: ipaserver/plugins/service.py:725 +msgid "Host name" +msgstr "" + +msgid "A description of this host" +msgstr "" + +msgid "Locality" +msgstr "" + +msgid "Host locality (e.g. \"Baltimore, MD\")" +msgstr "" + +msgid "Host location (e.g. \"Lab 2\")" +msgstr "" + +msgid "Platform" +msgstr "" + +msgid "Host hardware platform (e.g. \"Lenovo T61\")" +msgstr "" + +msgid "Operating system" +msgstr "" + +msgid "Host operating system and version (e.g. \"Fedora 9\")" +msgstr "" + +msgid "User password" +msgstr "" + +msgid "Password used in bulk enrollment" +msgstr "" + +msgid "Generate a random password to be used in bulk enrollment" +msgstr "" + +#: ipaserver/plugins/host.py:508 +msgid "Random password" +msgstr "" + +#: ipaserver/plugins/baseuser.py:420 ipaserver/plugins/baseuser.py:886 +#: ipaserver/plugins/certmap.py:605 ipaserver/plugins/host.py:513 +#: ipaserver/plugins/internal.py:639 ipaserver/plugins/internal.py:723 +#: ipaserver/plugins/service.py:519 ipaserver/plugins/idviews.py:1060 +#: ipaserver/plugins/ca.py:114 ipaserver/plugins/cert.py:353 +msgid "Certificate" +msgstr "" + +msgid "Base-64 encoded server certificate" +msgstr "" + +#: ipaserver/plugins/host.py:555 ipaserver/plugins/service.py:501 +msgid "Principal name" +msgstr "" + +msgid "MAC address" +msgstr "" + +msgid "Hardware MAC address(es) on this host" +msgstr "" + +#: ipaserver/plugins/host.py:576 ipaserver/plugins/idviews.py:1054 +msgid "SSH public key" +msgstr "" + +#: ipaserver/plugins/host.py:586 +msgid "Class" +msgstr "" + +msgid "" +"Host category (semantics placed on this attribute are for local " +"interpretation)" +msgstr "" + +#: ipaserver/plugins/internal.py:1131 +msgid "Assigned ID View" +msgstr "" + +#: ipaserver/plugins/service.py:168 +msgid "Requires pre-authentication" +msgstr "" + +#: ipaserver/plugins/service.py:169 +msgid "Pre-authentication is required for the service" +msgstr "" + +#: ipaserver/plugins/service.py:174 +msgid "Trusted for delegation" +msgstr "" + +#: ipaserver/plugins/service.py:175 +msgid "Client credentials may be delegated to the service" +msgstr "" + +#: ipaserver/plugins/baseldap.py:71 +msgid "Member of host-groups" +msgstr "" + +msgid "Indirect Member of host-group" +msgstr "" + +#: ipaserver/plugins/service.py:128 +msgid "Keytab" +msgstr "" + +msgid "Managed by" +msgstr "" + +msgid "Managing" +msgstr "" + +#: ipaserver/plugins/service.py:134 +msgid "Users allowed to retrieve keytab" +msgstr "" + +#: ipaserver/plugins/service.py:137 +msgid "Groups allowed to retrieve keytab" +msgstr "" + +#: ipaserver/plugins/service.py:140 +msgid "Hosts allowed to retrieve keytab" +msgstr "" + +#: ipaserver/plugins/service.py:143 +msgid "Host Groups allowed to retrieve keytab" +msgstr "" + +#: ipaserver/plugins/service.py:146 +msgid "Users allowed to create keytab" +msgstr "" + +#: ipaserver/plugins/service.py:149 +msgid "Groups allowed to create keytab" +msgstr "" + +#: ipaserver/plugins/service.py:152 +msgid "Hosts allowed to create keytab" +msgstr "" + +#: ipaserver/plugins/service.py:155 +msgid "Host Groups allowed to create keytab" +msgstr "" + +msgid "Add a new host." +msgstr "" + +msgid "force host name even if not in DNS" +msgstr "" + +msgid "skip reverse DNS detection" +msgstr "" + +msgid "Add the host to DNS with this IP address" +msgstr "" + +msgid "Add hosts that can manage this host." +msgstr "" + +msgid "" +"Allow users, groups, hosts or host groups to create a keytab of this host." +msgstr "" + +msgid "" +"Allow users, groups, hosts or host groups to retrieve a keytab of this host." +msgstr "" + +msgid "Delete a host." +msgstr "" + +msgid "Remove entries from DNS" +msgstr "" + +msgid "Disable the Kerberos key, SSL certificate and all services of a host." +msgstr "" + +msgid "" +"Disallow users, groups, hosts or host groups to create a keytab of this host." +msgstr "" + +msgid "" +"Disallow users, groups, hosts or host groups to retrieve a keytab of this " +"host." +msgstr "" + +msgid "Search for hosts." +msgstr "" + +msgid "Results should contain primary key attribute only (\"hostname\")" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:106 +msgid "host group" +msgstr "" + +msgid "Search for hosts with these member of host groups." +msgstr "" + +msgid "Search for hosts without these member of host groups." +msgstr "" + +msgid "Search for hosts with these member of netgroups." +msgstr "" + +msgid "Search for hosts without these member of netgroups." +msgstr "" + +msgid "Search for hosts with these member of roles." +msgstr "" + +msgid "Search for hosts without these member of roles." +msgstr "" + +msgid "Search for hosts with these member of HBAC rules." +msgstr "" + +msgid "Search for hosts without these member of HBAC rules." +msgstr "" + +msgid "Search for hosts with these member of sudo rules." +msgstr "" + +msgid "Search for hosts without these member of sudo rules." +msgstr "" + +msgid "Search for hosts with these enrolled by users." +msgstr "" + +msgid "Search for hosts without these enrolled by users." +msgstr "" + +#: ipaserver/plugins/cert.py:1025 ipaserver/plugins/sudorule.py:447 +msgid "host" +msgstr "" + +msgid "Search for hosts with these managed by hosts." +msgstr "" + +msgid "Search for hosts without these managed by hosts." +msgstr "" + +msgid "Search for hosts with these managing hosts." +msgstr "" + +msgid "Search for hosts without these managing hosts." +msgstr "" + +msgid "Modify information about a host." +msgstr "" + +msgid "Kerberos principal name for this host" +msgstr "" + +msgid "Update DNS entries" +msgstr "" + +msgid "Remove hosts that can manage this host." +msgstr "" + +msgid "Display information about a host." +msgstr "" + +#: ipaserver/plugins/service.py:987 ipaserver/plugins/user.py:940 +msgid "file to store certificate in" +msgstr "" + +msgid "" +"\n" +"Groups of hosts.\n" +"\n" +"Manage groups of hosts. This is useful for applying access control to a\n" +"number of hosts by using Host-based Access Control.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host group:\n" +" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" +"\n" +" Add another new host group:\n" +" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" +"\n" +" Add members to the hostgroup (using Bash brace expansion):\n" +" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" +"\n" +" Add a hostgroup as a member of another hostgroup:\n" +" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" +"\n" +" Remove a host from the hostgroup:\n" +" ipa hostgroup-remove-member --hosts=box2 baltimore\n" +"\n" +" Display a host group:\n" +" ipa hostgroup-show baltimore\n" +"\n" +" Delete a hostgroup:\n" +" ipa hostgroup-del baltimore\n" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:186 +msgid "Host-group" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:187 +msgid "Name of host-group" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:194 +msgid "A description of this host-group" +msgstr "" + +msgid "Member hosts" +msgstr "" + +msgid "Member host-groups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:137 +msgid "Indirect Member hosts" +msgstr "" + +#: ipaserver/plugins/baseldap.py:140 +msgid "Indirect Member host-groups" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:220 +msgid "Add a new hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:330 +msgid "Add members to a hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:260 +msgid "Delete a hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:298 +msgid "Search for hostgroups." +msgstr "" + +msgid "Results should contain primary key attribute only (\"hostgroup-name\")" +msgstr "" + +msgid "Search for host groups with these member hosts." +msgstr "" + +msgid "Search for host groups without these member hosts." +msgstr "" + +msgid "Search for host groups with these member host groups." +msgstr "" + +msgid "Search for host groups without these member host groups." +msgstr "" + +msgid "Search for host groups with these member of host groups." +msgstr "" + +msgid "Search for host groups without these member of host groups." +msgstr "" + +msgid "Search for host groups with these member of netgroups." +msgstr "" + +msgid "Search for host groups without these member of netgroups." +msgstr "" + +msgid "Search for host groups with these member of HBAC rules." +msgstr "" + +msgid "Search for host groups without these member of HBAC rules." +msgstr "" + +msgid "Search for host groups with these member of sudo rules." +msgstr "" + +msgid "Search for host groups without these member of sudo rules." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:275 +msgid "Modify a hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:340 +msgid "Remove members from a hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:316 +msgid "Display information about a hostgroup." +msgstr "" + +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=1000 --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:219 +msgid "Range name" +msgstr "" + +#: ipaserver/plugins/idrange.py:224 +msgid "First Posix ID of the range" +msgstr "" + +#: ipaserver/plugins/idrange.py:230 +msgid "Number of IDs in the range" +msgstr "" + +#: ipaserver/plugins/idrange.py:236 +msgid "First RID of the corresponding RID range" +msgstr "" + +#: ipaserver/plugins/idrange.py:240 +msgid "First RID of the secondary RID range" +msgstr "" + +#: ipaserver/plugins/idrange.py:245 ipaserver/plugins/idrange.py:655 +msgid "Domain SID of the trusted domain" +msgstr "" + +#: ipaserver/plugins/idrange.py:250 ipaserver/plugins/idrange.py:663 +msgid "Name of the trusted domain" +msgstr "" + +#: ipaserver/plugins/idrange.py:253 ipaserver/plugins/trust.py:711 +#: ipaserver/plugins/internal.py:1257 +msgid "Range type" +msgstr "" + +msgid "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local" +msgstr "" + +msgid "" +"\n" +"Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --rid-base\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" +" WARNING:\n" +"\n" +" DNA plugin in 389-ds will allocate IDs based on the ranges configured " +"for the\n" +" local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +" on the local ranges set via this family of commands.\n" +"\n" +" Manual configuration change has to be done in the DNA plugin " +"configuration for\n" +" the new local range. Specifically, The dnaNextRange attribute of " +"'cn=Posix\n" +" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " +"to be\n" +" modified to match the new range.\n" +" " +msgstr "" + +#: ipaserver/plugins/idrange.py:556 +msgid "Delete an ID range." +msgstr "" + +#: ipaserver/plugins/idrange.py:604 +msgid "Search for ranges." +msgstr "" + +msgid "Modify ID range." +msgstr "" + +#: ipaserver/plugins/idrange.py:627 +msgid "Display information about a range." +msgstr "" + +msgid "" +"\n" +"ID Views\n" +"\n" +"Manage ID Views\n" +"\n" +"IPA allows to override certain properties of users and groups per each " +"host.\n" +"This functionality is primarily used to allow migration from older systems " +"or\n" +"other Identity Management solutions.\n" +msgstr "" + +#: ipaserver/plugins/idviews.py:772 +msgid "Anchor to override" +msgstr "" + +#: ipaserver/plugins/idviews.py:1038 ipaserver/plugins/idviews.py:1133 +msgid "Group ID Number" +msgstr "" + +#: ipaserver/plugins/idviews.py:1024 +msgid "User login" +msgstr "" + +#: ipaserver/plugins/idviews.py:1029 +msgid "UID" +msgstr "" + +#: ipaserver/plugins/idviews.py:1030 +msgid "User ID Number" +msgstr "" + +#: ipaserver/plugins/baseuser.py:250 ipaserver/plugins/idviews.py:1034 +msgid "GECOS" +msgstr "" + +#: ipaserver/plugins/idviews.py:1043 +msgid "Home directory" +msgstr "" + +#: ipaserver/plugins/idviews.py:1047 +msgid "Login shell" +msgstr "" + +#: ipaserver/plugins/idviews.py:136 +msgid "ID View Name" +msgstr "" + +#: ipaserver/plugins/idviews.py:1288 +msgid "Add a new Group ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:1294 +msgid "Delete an Group ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:1306 +msgid "Search for an Group ID override." +msgstr "" + +msgid "Results should contain primary key attribute only (\"anchor\")" +msgstr "" + +#: ipaserver/plugins/idviews.py:1300 +msgid "Modify an Group ID override." +msgstr "" + +msgid "Rename the Group ID override object" +msgstr "" + +#: ipaserver/plugins/idviews.py:1322 +msgid "Display information about an Group ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:1189 +msgid "Add a new User ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:1214 +msgid "Delete an User ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:1252 +msgid "Search for an User ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:1220 +msgid "Modify an User ID override." +msgstr "" + +msgid "Rename the User ID override object" +msgstr "" + +#: ipaserver/plugins/idviews.py:1276 +msgid "Display information about an User ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:196 +msgid "Add a new ID View." +msgstr "" + +msgid "" +"Applies ID View to specified hosts or current members of specified " +"hostgroups. If any other ID View is applied to the host, it is overriden." +msgstr "" + +#: ipaserver/plugins/idviews.py:454 ipaserver/plugins/idviews.py:497 +#: ipaserver/plugins/sudorule.py:447 +msgid "hosts" +msgstr "" + +#: ipaserver/plugins/idviews.py:453 +msgid "Hosts to apply the ID View to" +msgstr "" + +#: ipaserver/plugins/idviews.py:461 ipaserver/plugins/idviews.py:504 +msgid "hostgroups" +msgstr "" + +#: ipaserver/plugins/idviews.py:458 +msgid "" +"Hostgroups to whose hosts apply the ID View to. Please note that view is not " +"applied automatically to any hosts added to the hostgroup after running the " +"idview-apply command." +msgstr "" + +#: ipaserver/plugins/idviews.py:469 +msgid "Hosts that this ID View was applied to." +msgstr "" + +#: ipaserver/plugins/idviews.py:473 +msgid "Hosts or hostgroups that this ID View could not be applied to." +msgstr "" + +#: ipaserver/plugins/idviews.py:478 +msgid "Number of hosts the ID View was applied to:" +msgstr "" + +#: ipaserver/plugins/idviews.py:213 +msgid "Delete an ID View." +msgstr "" + +#: ipaserver/plugins/idviews.py:242 +msgid "Search for an ID View." +msgstr "" + +#: ipaserver/plugins/idviews.py:226 +msgid "Modify an ID View." +msgstr "" + +msgid "Rename the ID View object" +msgstr "" + +#: ipaserver/plugins/idviews.py:249 +msgid "Display information about an ID View." +msgstr "" + +#: ipaserver/plugins/idviews.py:254 +msgid "Enumerate all the hosts the view applies to." +msgstr "" + +#: ipaserver/plugins/idviews.py:485 +msgid "" +"Clears ID View from specified hosts or current members of specified " +"hostgroups." +msgstr "" + +#: ipaserver/plugins/idviews.py:496 +msgid "Hosts to clear (any) ID View from." +msgstr "" + +#: ipaserver/plugins/idviews.py:501 +msgid "" +"Hostgroups whose hosts should have ID Views cleared. Note that view is not " +"cleared automatically from any host added to the hostgroup after running " +"idview-unapply command." +msgstr "" + +#: ipaserver/plugins/idviews.py:512 +msgid "Hosts that ID View was cleared from." +msgstr "" + +#: ipaserver/plugins/idviews.py:516 +msgid "Hosts or hostgroups that ID View could not be cleared from." +msgstr "" + +#: ipaserver/plugins/idviews.py:521 +msgid "Number of hosts that had a ID View was unset:" +msgstr "" + +#: ipaserver/plugins/internal.py:30 +msgid "" +"\n" +"Plugins not accessible directly through the CLI, commands used internally\n" +msgstr "" + +#: ipaserver/plugins/internal.py:2018 +msgid "Dict of I18N messages" +msgstr "" + +#: ipaserver/plugins/internal.py:38 +msgid "Export plugin meta-data for the webUI." +msgstr "" + +#: ipaserver/plugins/internal.py:44 ipaserver/plugins/internal.py:53 +msgid "Name of object to export" +msgstr "" + +#: ipaserver/plugins/internal.py:47 ipaserver/plugins/internal.py:56 +msgid "Name of method to export" +msgstr "" + +#: ipaserver/plugins/internal.py:59 +msgid "Name of command to export" +msgstr "" + +#: ipaserver/plugins/internal.py:64 +msgid "Dict of JSON encoded IPA Objects" +msgstr "" + +#: ipaserver/plugins/internal.py:65 +msgid "Dict of JSON encoded IPA Methods" +msgstr "" + +#: ipaserver/plugins/internal.py:66 +msgid "Dict of JSON encoded IPA Commands" +msgstr "" + +msgid "" +"\n" +"Joining an IPA domain\n" +msgstr "" + +msgid "Join an IPA domain" +msgstr "" + +msgid "The hostname to register as" +msgstr "" + +msgid "The IPA realm" +msgstr "" + +msgid "Hardware platform of the host (e.g. Lenovo T61)" +msgstr "" + +msgid "Operating System and version of the host (e.g. Fedora 9)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:27 +msgid "" +"\n" +"Kerberos ticket policy\n" +"\n" +"There is a single Kerberos ticket policy. This policy defines the\n" +"maximum ticket lifetime and the maximum renewal age, the period during\n" +"which the ticket is renewable.\n" +"\n" +"You can also create a per-user ticket policy by specifying the user login.\n" +"\n" +"For changes to the global policy to take effect, restarting the KDC service\n" +"is required, which can be achieved using:\n" +"\n" +"service krb5kdc restart\n" +"\n" +"Changes to per-user policies take effect immediately for newly requested\n" +"tickets (e.g. when the user next runs kinit).\n" +"\n" +"EXAMPLES:\n" +"\n" +" Display the current Kerberos ticket policy:\n" +" ipa krbtpolicy-show\n" +"\n" +" Reset the policy to the default:\n" +" ipa krbtpolicy-reset\n" +"\n" +" Modify the policy to 8 hours max life, 1-day max renewal:\n" +" ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400\n" +"\n" +" Display effective Kerberos ticket policy for user 'admin':\n" +" ipa krbtpolicy-show admin\n" +"\n" +" Reset per-user policy for user 'admin':\n" +" ipa krbtpolicy-reset admin\n" +"\n" +" Modify per-user policy for user 'admin':\n" +" ipa krbtpolicy-mod admin --maxlife=3600\n" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:135 +msgid "Manage ticket policy for specific user" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:140 +msgid "Max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:141 +msgid "Maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:146 +msgid "Max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:147 +msgid "Maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:233 +msgid "Modify Kerberos ticket policy." +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:312 +msgid "Reset Kerberos ticket policy to the default values." +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:258 +msgid "Display the current Kerberos ticket policy." +msgstr "" + +msgid "" +"\n" +"Migration to IPA\n" +"\n" +"Migrate users and groups from an LDAP server to IPA.\n" +"\n" +"This performs an LDAP query against the remote server searching for\n" +"users and groups in a container. In order to migrate passwords you need\n" +"to bind as a user that can read the userPassword attribute on the remote\n" +"server. This is generally restricted to high-level admins such as\n" +"cn=Directory Manager in 389-ds (this is the default bind user).\n" +"\n" +"The default user container is ou=People.\n" +"\n" +"The default group container is ou=Groups.\n" +"\n" +"Users and groups that already exist on the IPA server are skipped.\n" +"\n" +"Two LDAP schemas define how group members are stored: RFC2307 and\n" +"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" +"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" +"\n" +"The schema compat feature allows IPA to reformat data for systems that\n" +"do not support RFC2307bis. It is recommended that this feature is disabled\n" +"during migration to reduce system overhead. It can be re-enabled after\n" +"migration. To migrate with it enabled use the \"--with-compat\" option.\n" +"\n" +"Migrated users do not have Kerberos credentials, they have only their\n" +"LDAP password. To complete the migration process, users need to go\n" +"to http://ipa.example.com/ipa/migration and authenticate using their\n" +"LDAP password in order to generate their Kerberos credentials.\n" +"\n" +"Migration is disabled by default. Use the command ipa config-mod to\n" +"enable it:\n" +"\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +"If a base DN is not provided with --basedn then IPA will use either\n" +"the value of defaultNamingContext if it is set or the first value\n" +"in namingContexts set in the root of the remote LDAP server.\n" +"\n" +"Users are added as members to the default user group. This can be a\n" +"time-intensive task so during migration this is done in a batch\n" +"mode for every 100 users. As a result there will be a window in which\n" +"users will be added to IPA but will not be members of the default\n" +"user group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" The simplest migration, accepting all defaults:\n" +" ipa migrate-ds ldap://ds.example.com:389\n" +"\n" +" Specify the user and group container. This can be used to migrate user\n" +" and group data from an IPA v1 server:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" +"container='cn=groups,cn=accounts' ldap://ds.example.com:389\n" +"\n" +" Since IPA v2 server already contain predefined groups that may collide " +"with\n" +" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" +" having colliding group as their primary group may happen to belong to\n" +" an unknown group on new IPA v2 server.\n" +" Use --group-overwrite-gid option to overwrite GID of already existing " +"groups\n" +" to prevent this issue:\n" +" ipa migrate-ds --group-overwrite-gid --user-container='cn=users," +"cn=accounts' --group-container='cn=groups,cn=accounts' " +"ldap://ds.example.com:389\n" +"\n" +" Migrated users or groups may have object class and accompanied attributes\n" +" unknown to the IPA v2 server. These object classes and attributes may be\n" +" left out of the migration process:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" +"container='cn=groups,cn=accounts' --user-ignore-" +"objectclass=radiusprofile --user-ignore-" +"attribute=radiusgroupname ldap://ds.example.com:389\n" +"\n" +"LOGGING\n" +"\n" +"Migration will log warnings and errors to the Apache error log. This\n" +"file should be evaluated post-migration to correct or investigate any\n" +"issues that were discovered.\n" +"\n" +"For every 100 users migrated an info-level message will be displayed to\n" +"give the current progress and duration to make it possible to track\n" +"the progress of migration.\n" +"\n" +"If the log level is debug, either by setting debug = True in\n" +"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " +"printed\n" +"for each user added plus a summary when the default user group is\n" +"updated.\n" +msgstr "" + +#: ipaserver/plugins/migration.py:482 +msgid "Migrate users and groups from DS to IPA." +msgstr "" + +#: ipaserver/plugins/migration.py:529 +msgid "LDAP URI" +msgstr "" + +#: ipaserver/plugins/migration.py:530 +msgid "LDAP URI of DS server to migrate from" +msgstr "" + +#: ipaserver/plugins/migration.py:536 +msgid "bind password" +msgstr "" + +#: ipaserver/plugins/migration.py:543 +msgid "Bind DN" +msgstr "" + +#: ipaserver/plugins/migration.py:549 +msgid "User container" +msgstr "" + +#: ipaserver/plugins/migration.py:550 +msgid "DN of container for users in DS relative to base DN" +msgstr "" + +#: ipaserver/plugins/migration.py:556 +msgid "Group container" +msgstr "" + +#: ipaserver/plugins/migration.py:557 +msgid "DN of container for groups in DS relative to base DN" +msgstr "" + +#: ipaserver/plugins/migration.py:563 +msgid "User object class" +msgstr "" + +#: ipaserver/plugins/migration.py:564 +msgid "Objectclasses used to search for user entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:570 +msgid "Group object class" +msgstr "" + +#: ipaserver/plugins/migration.py:571 +msgid "Objectclasses used to search for group entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:577 +msgid "Ignore user object class" +msgstr "" + +#: ipaserver/plugins/migration.py:578 +msgid "Objectclasses to be ignored for user entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:584 +msgid "Ignore user attribute" +msgstr "" + +#: ipaserver/plugins/migration.py:585 +msgid "Attributes to be ignored for user entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:591 +msgid "Ignore group object class" +msgstr "" + +#: ipaserver/plugins/migration.py:592 +msgid "Objectclasses to be ignored for group entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:598 +msgid "Ignore group attribute" +msgstr "" + +#: ipaserver/plugins/migration.py:599 +msgid "Attributes to be ignored for group entries in DS" +msgstr "" + +#: ipaserver/plugins/migration.py:605 +msgid "Overwrite GID" +msgstr "" + +#: ipaserver/plugins/migration.py:606 +msgid "" +"When migrating a group already existing in IPA domain overwrite the group " +"GID and report as success" +msgstr "" + +#: ipaserver/plugins/migration.py:611 +msgid "LDAP schema" +msgstr "" + +#: ipaserver/plugins/migration.py:612 +msgid "" +"The schema used on the LDAP server. Supported values are RFC2307 and " +"RFC2307bis. The default is RFC2307bis" +msgstr "" + +#: ipaserver/plugins/migration.py:618 +msgid "Continue" +msgstr "" + +#: ipaserver/plugins/migration.py:619 +msgid "" +"Continuous operation mode. Errors are reported but the process continues" +msgstr "" + +#: ipaserver/plugins/migration.py:624 +msgid "Base DN" +msgstr "" + +#: ipaserver/plugins/migration.py:625 +msgid "Base DN on remote LDAP server" +msgstr "" + +#: ipaserver/plugins/migration.py:629 +msgid "Ignore compat plugin" +msgstr "" + +#: ipaserver/plugins/migration.py:630 +msgid "Allows migration despite the usage of compat plugin" +msgstr "" + +#: ipaserver/plugins/migration.py:635 +msgid "CA certificate" +msgstr "" + +#: ipaserver/plugins/migration.py:636 +msgid "Load CA certificate of LDAP server from FILE" +msgstr "" + +msgid "groups to exclude from migration" +msgstr "" + +msgid "users to exclude from migration" +msgstr "" + +#: ipaserver/plugins/migration.py:662 +msgid "Lists of objects migrated; categorized by type." +msgstr "" + +#: ipaserver/plugins/migration.py:666 +msgid "Lists of objects that could not be migrated; categorized by type." +msgstr "" + +#: ipaserver/plugins/migration.py:670 +msgid "False if migration mode was disabled." +msgstr "" + +#: ipaserver/plugins/migration.py:674 +msgid "False if migration fails because the compatibility plug-in is enabled." +msgstr "" + +msgid "" +"\n" +"Misc plug-ins\n" +msgstr "" + +msgid "Show environment variables." +msgstr "" + +msgid "Forward to server instead of running locally" +msgstr "" + +#: ipalib/misc.py:103 +msgid "" +"retrieve and print all attributes from the server. Affects command output." +msgstr "" + +msgid "Total number of variables env (>= count)" +msgstr "" + +msgid "Number of variables returned (<= total)" +msgstr "" + +msgid "Show all loaded plugins." +msgstr "" + +msgid "Dictionary mapping plugin names to bases" +msgstr "" + +msgid "Number of plugins loaded" +msgstr "" + +#: ipaserver/plugins/netgroup.py:46 +msgid "" +"\n" +"Netgroups\n" +"\n" +"A netgroup is a group used for permission checking. It can contain both\n" +"user and host values.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new netgroup:\n" +" ipa netgroup-add --desc=\"NFS admins\" admins\n" +"\n" +" Add members to the netgroup:\n" +" ipa netgroup-add-member --users=tuser1 --users=tuser2 admins\n" +"\n" +" Remove a member from the netgroup:\n" +" ipa netgroup-remove-member --users=tuser2 admins\n" +"\n" +" Display information about a netgroup:\n" +" ipa netgroup-show admins\n" +"\n" +" Delete a netgroup:\n" +" ipa netgroup-del admins\n" +msgstr "" + +#: ipaserver/plugins/netgroup.py:204 +msgid "Netgroup name" +msgstr "" + +#: ipaserver/plugins/netgroup.py:211 +msgid "Netgroup description" +msgstr "" + +#: ipaserver/plugins/netgroup.py:217 +msgid "NIS domain name" +msgstr "" + +#: ipaserver/plugins/netgroup.py:222 +msgid "IPA unique ID" +msgstr "" + +#: ipaserver/plugins/baseldap.py:92 +msgid "Member netgroups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:155 +msgid "Indirect Member netgroups" +msgstr "" + +msgid "Member User" +msgstr "" + +msgid "Member Group" +msgstr "" + +#: ipaserver/plugins/netgroup.py:88 +msgid "Member Host" +msgstr "" + +msgid "Member Hostgroup" +msgstr "" + +#: ipaserver/plugins/netgroup.py:263 +msgid "Add a new netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:378 +msgid "Add members to a netgroup." +msgstr "" + +msgid "member netgroup" +msgstr "" + +msgid "netgroups to add" +msgstr "" + +#: ipaserver/plugins/netgroup.py:299 +msgid "Delete a netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:334 +msgid "Search for a netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:349 +msgid "search for managed groups" +msgstr "" + +msgid "Search for netgroups with these member netgroups." +msgstr "" + +msgid "Search for netgroups without these member netgroups." +msgstr "" + +msgid "Search for netgroups with these member users." +msgstr "" + +msgid "Search for netgroups without these member users." +msgstr "" + +msgid "Search for netgroups with these member groups." +msgstr "" + +msgid "Search for netgroups without these member groups." +msgstr "" + +msgid "Search for netgroups with these member hosts." +msgstr "" + +msgid "Search for netgroups without these member hosts." +msgstr "" + +msgid "Search for netgroups with these member host groups." +msgstr "" + +msgid "Search for netgroups without these member host groups." +msgstr "" + +msgid "Search for netgroups with these member of netgroups." +msgstr "" + +msgid "Search for netgroups without these member of netgroups." +msgstr "" + +#: ipaserver/plugins/netgroup.py:307 +msgid "Modify a netgroup." +msgstr "" + +#: ipaserver/plugins/netgroup.py:400 +msgid "Remove members from a netgroup." +msgstr "" + +msgid "netgroups to remove" +msgstr "" + +#: ipaserver/plugins/netgroup.py:371 +msgid "Display information about a netgroup." +msgstr "" + +#: ipaserver/plugins/otpconfig.py:24 +msgid "" +"\n" +"OTP configuration\n" +"\n" +"Manage the default values that IPA uses for OTP tokens.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Show basic OTP configuration:\n" +" ipa otpconfig-show\n" +"\n" +" Show all OTP configuration options:\n" +" ipa otpconfig-show --all\n" +"\n" +" Change maximum TOTP authentication window to 10 minutes:\n" +" ipa otpconfig-mod --totp-auth-window=600\n" +"\n" +" Change maximum TOTP synchronization window to 12 hours:\n" +" ipa otpconfig-mod --totp-sync-window=43200\n" +"\n" +" Change maximum HOTP authentication window to 5:\n" +" ipa hotpconfig-mod --hotp-auth-window=5\n" +"\n" +" Change maximum HOTP synchronization window to 50:\n" +" ipa hotpconfig-mod --hotp-sync-window=50\n" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:86 +msgid "TOTP authentication Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:87 +msgid "TOTP authentication time variance (seconds)" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:92 +msgid "TOTP Synchronization Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:93 +msgid "TOTP synchronization time variance (seconds)" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:98 +msgid "HOTP Authentication Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:99 +msgid "HOTP authentication skip-ahead" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:104 +msgid "HOTP Synchronization Window" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:105 +msgid "HOTP synchronization skip-ahead" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:116 +msgid "Modify OTP configuration options." +msgstr "" + +#: ipaserver/plugins/otpconfig.py:121 +msgid "Show the current OTP configuration." +msgstr "" + +msgid "" +"\n" +"OTP Tokens\n" +"\n" +"Manage OTP tokens.\n" +"\n" +"IPA supports the use of OTP tokens for multi-factor authentication. This\n" +"code enables the management of OTP tokens.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new token:\n" +" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" +"\n" +" Examine the token:\n" +" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" +"\n" +" Change the vendor:\n" +" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red " +"Hat\"\n" +"\n" +" Delete a token:\n" +" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:160 ipaserver/plugins/subid.py:136 +msgid "Unique ID" +msgstr "" + +#: ipaserver/plugins/otptoken.py:166 +msgid "Type of the token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:175 +msgid "Token description (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:179 ipaserver/plugins/subid.py:149 +#: ipaserver/plugins/subid.py:467 ipaserver/plugins/internal.py:1383 +msgid "Owner" +msgstr "" + +#: ipaserver/plugins/otptoken.py:180 +msgid "Assigned user of the token (default: self)" +msgstr "" + +#: ipaserver/plugins/baseuser.py:353 +msgid "Manager" +msgstr "" + +#: ipaserver/plugins/otptoken.py:184 +msgid "Assigned manager of the token (default: self)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:189 ipaserver/plugins/internal.py:1944 +msgid "Disabled" +msgstr "" + +#: ipaserver/plugins/otptoken.py:190 +msgid "Mark the token as disabled (default: false)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:194 +msgid "Validity start" +msgstr "" + +#: ipaserver/plugins/otptoken.py:195 +msgid "First date/time the token can be used" +msgstr "" + +#: ipaserver/plugins/otptoken.py:199 +msgid "Validity end" +msgstr "" + +#: ipaserver/plugins/otptoken.py:200 +msgid "Last date/time the token can be used" +msgstr "" + +#: ipaserver/plugins/otptoken.py:204 +msgid "Vendor" +msgstr "" + +#: ipaserver/plugins/otptoken.py:205 +msgid "Token vendor name (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:209 +msgid "Model" +msgstr "" + +#: ipaserver/plugins/otptoken.py:210 +msgid "Token model (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:214 +msgid "Serial" +msgstr "" + +#: ipaserver/plugins/otptoken.py:215 +msgid "Token serial (informational only)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:220 +msgid "Token secret (Base32; default: random)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:230 +msgid "Token hash algorithm" +msgstr "" + +#: ipaserver/plugins/otptoken.py:238 +msgid "Digits" +msgstr "" + +#: ipaserver/plugins/otptoken.py:239 +msgid "Number of digits each token code will have" +msgstr "" + +#: ipaserver/plugins/otptoken.py:247 +msgid "Clock offset" +msgstr "" + +#: ipaserver/plugins/otptoken.py:248 +msgid "TOTP token / IPA server time difference" +msgstr "" + +#: ipaserver/plugins/otptoken.py:255 +msgid "Clock interval" +msgstr "" + +#: ipaserver/plugins/otptoken.py:256 +msgid "Length of TOTP token code validity" +msgstr "" + +#: ipaserver/plugins/otptoken.py:264 +msgid "Counter" +msgstr "" + +#: ipaserver/plugins/otptoken.py:265 +msgid "Initial counter for the HOTP token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:280 +msgid "Add a new OTP token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:284 +msgid "(deprecated)" +msgstr "" + +#: ipaserver/plugins/otptoken.py:285 +msgid "Do not display QR code" +msgstr "" + +#: ipaserver/plugins/otptoken.py:463 +msgid "Add users that can manage this token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:366 +msgid "Delete an OTP token." +msgstr "" + +#: ipaserver/plugins/otptoken.py:421 +msgid "Search for OTP token." +msgstr "" + +msgid "Results should contain primary key attribute only (\"id\")" +msgstr "" + +#: ipaserver/plugins/otptoken.py:372 +msgid "Modify a OTP token." +msgstr "" + +msgid "Rename the OTP token object" +msgstr "" + +#: ipaserver/plugins/otptoken.py:450 +msgid "Display information about an OTP token." +msgstr "" + +msgid "" +"\n" +"YubiKey Tokens\n" +"\n" +"Manage YubiKey tokens.\n" +"\n" +"This code is an extension to the otptoken plugin and provides support for\n" +"reading/writing YubiKey tokens directly.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new token:\n" +" ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n" +msgstr "" + +msgid "" +"\n" +"Set a user's password\n" +"\n" +"If someone other than a user changes that user's password (e.g., Helpdesk\n" +"resets it) then the password will need to be changed the first time it\n" +"is used. This is so the end-user is the only one who knows the password.\n" +"\n" +"The IPA password policy controls how often a password may be changed,\n" +"what strength requirements exist, and the length of the password history.\n" +"\n" +"EXAMPLES:\n" +"\n" +" To reset your own password:\n" +" ipa passwd\n" +"\n" +" To change another user's password:\n" +" ipa passwd tuser1\n" +msgstr "" + +msgid "Set a user's password." +msgstr "" + +#: ipaserver/plugins/internal.py:1709 +msgid "New Password" +msgstr "" + +#: ipaserver/plugins/internal.py:1703 +msgid "Current Password" +msgstr "" + +#: ipaserver/plugins/internal.py:188 ipaserver/plugins/internal.py:1711 +msgid "OTP" +msgstr "" + +msgid "One Time Password" +msgstr "" + +msgid "" +"\n" +"Permissions\n" +"\n" +"A permission enables fine-grained delegation of rights. A permission is\n" +"a human-readable wrapper around a 389-ds Access Control Rule,\n" +"or instruction (ACI).\n" +"A permission grants the right to perform a specific task such as adding a\n" +"user, modifying a group, etc.\n" +"\n" +"A permission may not contain other permissions.\n" +"\n" +"* A permission grants access to read, write, add, delete, read, search,\n" +" or compare.\n" +"* A privilege combines similar permissions (for example all the permissions\n" +" needed to add a user).\n" +"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +"\n" +"A permission is made up of a number of different parts:\n" +"\n" +"1. The name of the permission.\n" +"2. The target of the permission.\n" +"3. The rights granted by the permission.\n" +"\n" +"Rights define what operations are allowed, and may be one or more\n" +"of the following:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. search - search on one or more attributes\n" +"4. compare - compare one or more attributes\n" +"5. add - add a new entry to the tree\n" +"6. delete - delete an existing entry\n" +"7. all - all permissions are granted\n" +"\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" +"\n" +"There are a number of allowed targets:\n" +"1. subtree: a DN; the permission applies to the subtree under this DN\n" +"2. target filter: an LDAP filter\n" +"3. target: DN with possible wildcards, specifies entries permission applies " +"to\n" +"\n" +"Additionally, there are the following convenience options.\n" +"Setting one of these options will set the corresponding attribute(s).\n" +"1. type: a type of object (user, group, etc); sets subtree and target " +"filter.\n" +"2. memberof: apply to members of a group; sets target filter\n" +"3. targetgroup: grant access to modify a specific group (such as granting\n" +" the rights to manage group membership); sets target.\n" +"\n" +"Managed permissions\n" +"\n" +"Permissions that come with IPA by default can be so-called \"managed\"\n" +"permissions. These have a default set of attributes they apply to,\n" +"but the administrator can add/remove individual attributes to/from the set.\n" +"\n" +"Deleting or renaming a managed permission, as well as changing its target,\n" +"is not allowed.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a permission that grants the creation of users:\n" +" ipa permission-add --type=user --permissions=add \"Add Users\"\n" +"\n" +" Add a permission that grants the ability to manage group membership:\n" +" ipa permission-add --attrs=member --permissions=write --type=group " +"\"Manage Group Members\"\n" +msgstr "" + +#: ipaserver/plugins/permission.py:236 +msgid "Permission name" +msgstr "" + +#: ipaserver/plugins/permission.py:245 +msgid "Granted rights" +msgstr "" + +#: ipaserver/plugins/permission.py:246 +msgid "Rights to grant (read, search, compare, write, add, delete, all)" +msgstr "" + +#: ipaserver/plugins/permission.py:253 +msgid "Effective attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:254 +msgid "All attributes to which the permission applies" +msgstr "" + +#: ipaserver/plugins/permission.py:259 +msgid "Included attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:260 +msgid "User-specified attributes to which the permission applies" +msgstr "" + +#: ipaserver/plugins/permission.py:265 +msgid "Excluded attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:266 +msgid "" +"User-specified attributes to which the permission explicitly does not apply" +msgstr "" + +#: ipaserver/plugins/permission.py:272 +msgid "Default attributes" +msgstr "" + +#: ipaserver/plugins/permission.py:273 +msgid "Attributes to which the permission applies by default" +msgstr "" + +#: ipaserver/plugins/permission.py:279 ipaserver/plugins/permission.py:280 +msgid "Bind rule type" +msgstr "" + +#: ipaserver/plugins/permission.py:290 +msgid "Subtree to apply permissions to" +msgstr "" + +#: ipaserver/plugins/permission.py:298 ipaserver/plugins/permission.py:299 +msgid "Extra target filter" +msgstr "" + +#: ipaserver/plugins/permission.py:305 +msgid "Raw target filter" +msgstr "" + +#: ipaserver/plugins/permission.py:306 +msgid "All target filters, including those implied by type and memberof" +msgstr "" + +#: ipaserver/plugins/permission.py:313 +msgid "Target DN" +msgstr "" + +#: ipaserver/plugins/permission.py:314 +msgid "" +"Optional DN to apply the permission to (must be in the subtree, but may not " +"yet exist)" +msgstr "" + +#: ipaserver/plugins/permission.py:335 +msgid "Member of group" +msgstr "" + +#: ipaserver/plugins/permission.py:336 +msgid "Target members of a group (sets memberOf targetfilter)" +msgstr "" + +#: ipaserver/plugins/permission.py:341 +msgid "User group to apply permissions to (sets target)" +msgstr "" + +#: ipaserver/plugins/permission.py:347 +msgid "Type of IPA object (sets subtree and objectClass targetfilter)" +msgstr "" + +msgid "Deprecated; use extratargetfilter" +msgstr "" + +msgid "Deprecated; use ipapermlocation" +msgstr "" + +msgid "Deprecated; use ipapermright" +msgstr "" + +msgid "Granted to Privilege" +msgstr "" + +#: ipaserver/plugins/baseldap.py:143 +msgid "Indirect Member of roles" +msgstr "" + +#: ipaserver/plugins/permission.py:987 +msgid "Add a new permission." +msgstr "" + +#: ipaserver/plugins/permission.py:1405 +msgid "Add members to a permission." +msgstr "" + +msgid "member privilege" +msgstr "" + +msgid "privileges to add" +msgstr "" + +#: ipaserver/plugins/permission.py:959 +msgid "Add a system permission without an ACI (internal command)" +msgstr "" + +#: ipaserver/plugins/permission.py:169 +msgid "Permission flags" +msgstr "" + +#: ipaserver/plugins/permission.py:1055 +msgid "Delete a permission." +msgstr "" + +#: ipaserver/plugins/permission.py:1063 +msgid "force delete of SYSTEM permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1262 +msgid "Search for permissions." +msgstr "" + +#: ipaserver/plugins/permission.py:1090 +msgid "Modify a permission." +msgstr "" + +msgid "Rename the permission object" +msgstr "" + +#: ipaserver/plugins/permission.py:1417 +msgid "Remove members from a permission." +msgstr "" + +msgid "privileges to remove" +msgstr "" + +#: ipaserver/plugins/permission.py:1395 +msgid "Display information about a permission." +msgstr "" + +msgid "" +"\n" +"Ping the remote IPA server to ensure it is running.\n" +"\n" +"The ping command sends an echo request to an IPA server. The server\n" +"returns its version information. This is used by an IPA client\n" +"to confirm that the server is available and accepting requests.\n" +"\n" +"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n" +"If it does not respond then the client will contact any servers defined\n" +"by ldap SRV records in DNS.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Ping an IPA server:\n" +" ipa ping\n" +" ------------------------------------------\n" +" IPA server version 2.1.9. API version 2.20\n" +" ------------------------------------------\n" +"\n" +" Ping an IPA server verbosely:\n" +" ipa -v ping\n" +" ipa: INFO: trying https://ipa.example.com/ipa/xml\n" +" ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'\n" +" -----------------------------------------------------\n" +" IPA server version 2.1.9. API version 2.20\n" +" -----------------------------------------------------\n" +msgstr "" + +msgid "Ping a remote server." +msgstr "" + +msgid "" +"\n" +"Kerberos pkinit options\n" +"\n" +"Enable or disable anonymous pkinit using the principal\n" +"WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with\n" +"pkinit support.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Enable anonymous pkinit:\n" +" ipa pkinit-anonymous enable\n" +"\n" +" Disable anonymous pkinit:\n" +" ipa pkinit-anonymous disable\n" +"\n" +"For more information on anonymous pkinit see:\n" +"\n" +"http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit\n" +msgstr "" + +msgid "Enable or Disable Anonymous PKINIT." +msgstr "" + +#: ipaserver/plugins/privilege.py:37 +msgid "" +"\n" +"Privileges\n" +"\n" +"A privilege combines permissions into a logical task. A permission provides\n" +"the rights to do a single task. There are some IPA operations that require\n" +"multiple permissions to succeed. A privilege is where permissions are\n" +"combined in order to perform a specific task.\n" +"\n" +"For example, adding a user requires the following permissions:\n" +" * Creating a new user entry\n" +" * Resetting a user password\n" +" * Adding the new user to the default IPA users group\n" +"\n" +"Combining these three low-level tasks into a higher level task in the\n" +"form of a privilege named \"Add User\" makes it easier to manage Roles.\n" +"\n" +"A privilege may not contain other privileges.\n" +"\n" +"See role and permission for additional information.\n" +msgstr "" + +#: ipaserver/plugins/privilege.py:154 +msgid "Privilege name" +msgstr "" + +#: ipaserver/plugins/privilege.py:160 +msgid "Privilege description" +msgstr "" + +#: ipaserver/plugins/baseldap.py:89 +msgid "Granting privilege to roles" +msgstr "" + +#: ipaserver/plugins/privilege.py:167 +msgid "Add a new privilege." +msgstr "" + +#: ipaserver/plugins/privilege.py:202 +msgid "Add members to a privilege." +msgstr "" + +msgid "member role" +msgstr "" + +msgid "roles to add" +msgstr "" + +#: ipaserver/plugins/privilege.py:215 +msgid "Add permissions to a privilege." +msgstr "" + +#: ipaserver/plugins/permission.py:180 +msgid "permission" +msgstr "" + +#: ipaserver/plugins/permission.py:181 +msgid "permissions" +msgstr "" + +#: ipaserver/plugins/privilege.py:230 +msgid "Number of permissions added" +msgstr "" + +#: ipaserver/plugins/privilege.py:174 +msgid "Delete a privilege." +msgstr "" + +#: ipaserver/plugins/privilege.py:188 +msgid "Search for privileges." +msgstr "" + +#: ipaserver/plugins/privilege.py:181 +msgid "Modify a privilege." +msgstr "" + +msgid "Rename the privilege object" +msgstr "" + +#: ipaserver/plugins/privilege.py:209 +msgid "Remove members from a privilege" +msgstr "" + +msgid "roles to remove" +msgstr "" + +#: ipaserver/plugins/privilege.py:244 +msgid "Remove permissions from a privilege." +msgstr "" + +#: ipaserver/plugins/privilege.py:262 +msgid "Number of permissions removed" +msgstr "" + +#: ipaserver/plugins/privilege.py:197 +msgid "Display information about a privilege." +msgstr "" + +msgid "" +"\n" +"Password policy\n" +"\n" +"A password policy sets limitations on IPA passwords, including maximum\n" +"lifetime, minimum lifetime, the number of passwords to save in\n" +"history, the number of character classes required (for stronger passwords)\n" +"and the minimum password length.\n" +"\n" +"By default there is a single, global policy for all users. You can also\n" +"create a password policy to apply to a group. Each user is only subject\n" +"to one password policy, either the group policy or the global policy. A\n" +"group policy stands alone; it is not a super-set of the global policy plus\n" +"custom settings.\n" +"\n" +"Each group password policy requires a unique priority setting. If a user\n" +"is in multiple groups that have password policies, this priority determines\n" +"which password policy is applied. A lower value indicates a higher priority\n" +"policy.\n" +"\n" +"Group password policies are automatically removed when the groups they\n" +"are associated with are removed.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Modify the global policy:\n" +" ipa pwpolicy-mod --minlength=10\n" +"\n" +" Add a new group password policy:\n" +" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" +"minlength=8 --priority=10 localadmins\n" +"\n" +" Display the global password policy:\n" +" ipa pwpolicy-show\n" +"\n" +" Display a group password policy:\n" +" ipa pwpolicy-show localadmins\n" +"\n" +" Display the policy that would be applied to a given user:\n" +" ipa pwpolicy-show --user=tuser1\n" +"\n" +" Modify a group password policy:\n" +" ipa pwpolicy-mod --minclasses=2 localadmins\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1664 ipaserver/plugins/pwpolicy.py:307 +msgid "Group" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:308 +msgid "Manage password policy for specific group" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:313 +msgid "Max lifetime (days)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:314 +msgid "Maximum password lifetime (in days)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:320 +msgid "Min lifetime (hours)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:321 +msgid "Minimum password lifetime (in hours)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:326 +msgid "History size" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:327 +msgid "Password history size" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:332 +msgid "Character classes" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:333 +msgid "Minimum number of character classes" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:339 +msgid "Min length" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:340 +msgid "Minimum length of password" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:346 +msgid "Priority of the policy (higher number means lower priority" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:353 +msgid "Max failures" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:354 +msgid "Consecutive failures before lockout" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:360 +msgid "Failure reset interval" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:361 +msgid "Period after which failure count will be reset (seconds)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:367 +msgid "Lockout duration" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:368 +msgid "Period for which lockout is enforced (seconds)" +msgstr "" + +msgid "Results should contain primary key attribute only (\"cn\")" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:528 +msgid "Add a new group password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:555 +msgid "Delete a group password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:667 +msgid "Search for group password policies." +msgstr "" + +msgid "Results should contain primary key attribute only (\"group\")" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:582 +msgid "Modify a group password policy." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:635 +msgid "Display information about password policy." +msgstr "" + +#: ipaserver/plugins/baseuser.py:209 ipaserver/plugins/internal.py:1198 +#: ipaserver/plugins/internal.py:1310 ipaserver/plugins/internal.py:1698 +#: ipaserver/plugins/pwpolicy.py:639 ipaserver/plugins/user.py:163 +msgid "User" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:640 +msgid "Display effective policy for a specific user" +msgstr "" + +msgid "" +"\n" +"RADIUS Proxy Servers\n" +"\n" +"Manage RADIUS Proxy Servers.\n" +"\n" +"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n" +"authentications. This permits a great deal of flexibility when\n" +"integrating with third-party authentication services.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new server:\n" +" ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n" +"\n" +" Find all servers whose entries include the string \"example.com\":\n" +" ipa radiusproxy-find example.com\n" +"\n" +" Examine the configuration:\n" +" ipa radiusproxy-show MyRADIUS\n" +"\n" +" Change the secret:\n" +" ipa radiusproxy-mod MyRADIUS --secret\n" +"\n" +" Delete a configuration:\n" +" ipa radiusproxy-del MyRADIUS\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:112 +msgid "RADIUS proxy server name" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:118 +msgid "A description of this RADIUS proxy server" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:122 ipaserver/plugins/user.py:1177 +msgid "Server" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:123 +msgid "The hostname or IP (with or without port)" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:127 ipaserver/plugins/idp.py:151 +msgid "Secret" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:128 +msgid "The secret used to encrypt data" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:133 +msgid "Timeout" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:134 +msgid "The total timeout across all retries (in seconds)" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:139 +msgid "Retries" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:140 +msgid "The number of times to retry authentication" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:146 +msgid "User attribute" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:147 +msgid "The username attribute on the user object" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:171 +msgid "Add a new RADIUS proxy server." +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:176 +msgid "Delete a RADIUS proxy server." +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:186 +msgid "Search for RADIUS proxy servers." +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:181 +msgid "Modify a RADIUS proxy server." +msgstr "" + +msgid "Rename the RADIUS proxy server object" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:201 +msgid "Display information about a RADIUS proxy server." +msgstr "" + +msgid "" +"\n" +"Realm domains\n" +"\n" +"Manage the list of domains associated with IPA realm.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Display the current list of realm domains:\n" +" ipa realmdomains-show\n" +"\n" +" Replace the list of realm domains:\n" +" ipa realmdomains-mod --domain=example.com\n" +" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" +"\n" +" Add a domain to the list of realm domains:\n" +" ipa realmdomains-mod --add-domain=newdomain.com\n" +"\n" +" Delete a domain from the list of realm domains:\n" +" ipa realmdomains-mod --del-domain=olddomain.com\n" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:115 ipaserver/plugins/trust.py:1246 +#: ipaserver/plugins/certmap.py:566 ipaserver/plugins/internal.py:715 +#: ipaserver/plugins/internal.py:1545 +msgid "Domain" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:121 +msgid "Add domain" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:127 +msgid "Delete domain" +msgstr "" + +msgid "Modify realm domains." +msgstr "" + +#: ipaserver/plugins/realmdomains.py:152 +msgid "Force adding domain even if not in DNS" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:361 +msgid "Display the list of realm domains." +msgstr "" + +msgid "" +"\n" +"Roles\n" +"\n" +"A role is used for fine-grained delegation. A permission grants the ability\n" +"to perform given low-level tasks (add a user, modify a group, etc.). A\n" +"privilege combines one or more permissions into a higher-level abstraction\n" +"such as useradmin. A useradmin would be able to add, delete and modify " +"users.\n" +"\n" +"Privileges are assigned to Roles.\n" +"\n" +"Users, groups, hosts and hostgroups may be members of a Role.\n" +"\n" +"Roles can not contain other roles.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new role:\n" +" ipa role-add --desc=\"Junior-level admin\" junioradmin\n" +"\n" +" Add some privileges to this role:\n" +" ipa role-add-privilege --privileges=addusers junioradmin\n" +" ipa role-add-privilege --privileges=change_password junioradmin\n" +" ipa role-add-privilege --privileges=add_user_to_default_group " +"junioradmin\n" +"\n" +" Add a group of users to this role:\n" +" ipa group-add --desc=\"User admins\" useradmins\n" +" ipa role-add-member --groups=useradmins junioradmin\n" +"\n" +" Display information about a role:\n" +" ipa role-show junioradmin\n" +"\n" +" The result of this is that any users in the group 'junioradmin' can\n" +" add users, reset passwords or add a user to the default IPA user group.\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:64 ipaserver/plugins/serverrole.py:191 +msgid "Role name" +msgstr "" + +msgid "A description of this role-group" +msgstr "" + +msgid "Privileges" +msgstr "" + +msgid "Member services" +msgstr "" + +msgid "Add a new role." +msgstr "" + +msgid "Add members to a role." +msgstr "" + +msgid "member service" +msgstr "" + +msgid "services to add" +msgstr "" + +msgid "Add privileges to a role." +msgstr "" + +msgid "privilege" +msgstr "" + +#: ipaserver/plugins/privilege.py:107 +msgid "privileges" +msgstr "" + +msgid "Number of privileges added" +msgstr "" + +msgid "Delete a role." +msgstr "" + +msgid "Search for roles." +msgstr "" + +msgid "Modify a role." +msgstr "" + +msgid "Rename the role object" +msgstr "" + +msgid "Remove members from a role." +msgstr "" + +msgid "services to remove" +msgstr "" + +msgid "Remove privileges from a role." +msgstr "" + +msgid "Number of privileges removed" +msgstr "" + +msgid "Display information about a role." +msgstr "" + +#: ipaserver/plugins/selfservice.py:28 +msgid "" +"\n" +"Self-service Permissions\n" +"\n" +"A permission enables fine-grained delegation of permissions. Access Control\n" +"Rules, or instructions (ACIs), grant permission to permissions to perform\n" +"given tasks such as adding a user, modifying a group, etc.\n" +"\n" +"A Self-service permission defines what an object can change in its own " +"entry.\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a self-service rule to allow users to manage their address (using Bash\n" +" brace expansion):\n" +" ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c," +"st} \"Users manage their own address\"\n" +"\n" +" When managing the list of attributes you need to include all attributes\n" +" in the list, including existing ones.\n" +" Add telephoneNumber to the list (using Bash brace expansion):\n" +" ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} " +"\"Users manage their own address\"\n" +"\n" +" Display our updated rule:\n" +" ipa selfservice-show \"Users manage their own address\"\n" +"\n" +" Delete a rule:\n" +" ipa selfservice-del \"Users manage their own address\"\n" +msgstr "" + +#: ipaserver/plugins/selfservice.py:76 ipaserver/plugins/selfservice.py:77 +msgid "Self-service name" +msgstr "" + +#: ipaserver/plugins/selfservice.py:90 +msgid "Attributes to which the permission applies." +msgstr "" + +#: ipaserver/plugins/selfservice.py:122 +msgid "Add a new self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:143 +msgid "Delete a self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:182 +msgid "Search for a self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:161 +msgid "Modify a self-service permission." +msgstr "" + +#: ipaserver/plugins/selfservice.py:208 +msgid "Display information about a self-service permission." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:42 +msgid "" +"\n" +"SELinux User Mapping\n" +"\n" +"Map IPA users to SELinux users by host.\n" +"\n" +"Hosts, hostgroups, users and groups can be either defined within\n" +"the rule or it may point to an existing HBAC rule. When using\n" +"--hbacrule option to selinuxusermap-find an exact match is made on the\n" +"HBAC rule name, so only one or zero entries will be returned.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a rule, \"test1\", that sets all users to xguest_u:s0 on the host " +"\"server\":\n" +" ipa selinuxusermap-add --usercat=all --selinuxuser=xguest_u:s0 test1\n" +" ipa selinuxusermap-add-host --hosts=server.example.com test1\n" +"\n" +" Create a rule, \"test2\", that sets all users to guest_u:s0 and uses an " +"existing HBAC rule for users and hosts:\n" +" ipa selinuxusermap-add --usercat=all --hbacrule=webserver --" +"selinuxuser=guest_u:s0 test2\n" +"\n" +" Display the properties of a rule:\n" +" ipa selinuxusermap-show test2\n" +"\n" +" Create a rule for a specific user. This sets the SELinux context for\n" +" user john to unconfined_u:s0-s0:c0.c1023 on any machine:\n" +" ipa selinuxusermap-add --hostcat=all --selinuxuser=unconfined_u:s0-s0:c0." +"c1023 john_unconfined\n" +" ipa selinuxusermap-add-user --users=john john_unconfined\n" +"\n" +" Disable a rule:\n" +" ipa selinuxusermap-disable test1\n" +"\n" +" Enable a rule:\n" +" ipa selinuxusermap-enable test1\n" +"\n" +" Find a rule referencing a specific HBAC rule:\n" +" ipa selinuxusermap-find --hbacrule=allow_some\n" +"\n" +" Remove a rule:\n" +" ipa selinuxusermap-del john_unconfined\n" +"\n" +"SEEALSO:\n" +"\n" +" The list controlling the order in which the SELinux user map is applied\n" +" and the default SELinux user are available in the config-show command.\n" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:244 +msgid "SELinux User" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:202 ipaserver/plugins/selinuxusermap.py:248 +msgid "HBAC Rule" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:249 +msgid "HBAC Rule that defines the users, groups and hostgroups" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:328 +msgid "Create a new SELinux User Map." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:590 +msgid "Add target hosts and hostgroups to an SELinux User Map rule." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:557 +msgid "Add users and groups to an SELinux User Map rule." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:366 +msgid "Delete a SELinux User Map." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:527 +msgid "Disable an SELinux User Map rule." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:497 +msgid "Enable an SELinux User Map rule." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:446 +msgid "Search for SELinux User Maps." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:374 +msgid "Modify a SELinux User Map." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:614 +msgid "Remove target hosts and hostgroups from an SELinux User Map rule." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:581 +msgid "Remove users and groups from an SELinux User Map rule." +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:486 +msgid "Display the properties of a SELinux User Map rule." +msgstr "" + +msgid "" +"\n" +"Services\n" +"\n" +"A IPA service represents a service that runs on a host. The IPA service\n" +"record can store a Kerberos principal, an SSL certificate, or both.\n" +"\n" +"An IPA service can be managed directly from a machine, provided that\n" +"machine has been given the correct permission. This is true even for\n" +"machines other than the one the service is associated with. For example,\n" +"requesting an SSL certificate using the host service principal credentials\n" +"of the host. To manage a service using host credentials you need to\n" +"kinit as the host:\n" +"\n" +" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" +"\n" +"Adding an IPA service allows the associated service to request an SSL\n" +"certificate or keytab, but this is performed as a separate step; they\n" +"are not produced as a result of adding the service.\n" +"\n" +"Only the public aspect of a certificate is stored in a service record;\n" +"the private key is not stored.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new IPA service:\n" +" ipa service-add HTTP/web.example.com\n" +"\n" +" Allow a host to manage an IPA service certificate:\n" +" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" +" ipa role-add-member --hosts=web.example.com certadmin\n" +"\n" +" Override a default list of supported PAC types for the service:\n" +" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" +"\n" +" A typical use case where overriding the PAC type is needed is NFS.\n" +" Currently the related code in the Linux kernel can only handle Kerberos\n" +" tickets up to a maximal size. Since the PAC data can become quite large " +"it\n" +" is recommended to set --pac-type=NONE for NFS services.\n" +"\n" +" Delete an IPA service:\n" +" ipa service-del HTTP/web.example.com\n" +"\n" +" Find all IPA services associated with a host:\n" +" ipa service-find web.example.com\n" +"\n" +" Find all HTTP services:\n" +" ipa service-find HTTP\n" +"\n" +" Disable the service Kerberos key and SSL certificate:\n" +" ipa service-disable HTTP/web.example.com\n" +"\n" +" Request a certificate for an IPA service:\n" +" ipa cert-request --principal=HTTP/web.example.com example.csr\n" +"\n" +" Allow user to create a keytab:\n" +" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" +"\n" +" Generate and retrieve a keytab for an IPA service:\n" +" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" +"httpd.keytab\n" +msgstr "" + +#: ipaserver/plugins/service.py:502 +msgid "Service principal" +msgstr "" + +#: ipaserver/plugins/service.py:561 +msgid "PAC type" +msgstr "" + +#: ipaserver/plugins/service.py:562 +msgid "" +"Override default list of supported PAC types. Use 'NONE' to disable PAC " +"support for this service, e.g. this might be necessary for NFS services." +msgstr "" + +msgid "Add a new IPA new service." +msgstr "" + +msgid "force principal name even if not in DNS" +msgstr "" + +#: ipaserver/plugins/service.py:1019 +msgid "Add hosts that can manage this service." +msgstr "" + +#: ipaserver/plugins/service.py:1075 +msgid "" +"Allow users, groups, hosts or host groups to create a keytab of this service." +msgstr "" + +#: ipaserver/plugins/service.py:1036 +msgid "" +"Allow users, groups, hosts or host groups to retrieve a keytab of this " +"service." +msgstr "" + +#: ipaserver/plugins/service.py:845 +msgid "Delete an IPA service." +msgstr "" + +#: ipaserver/plugins/service.py:1114 +msgid "Disable the Kerberos key and SSL certificate of a service." +msgstr "" + +#: ipaserver/plugins/service.py:1095 +msgid "" +"Disallow users, groups, hosts or host groups to create a keytab of this " +"service." +msgstr "" + +#: ipaserver/plugins/service.py:1056 +msgid "" +"Disallow users, groups, hosts or host groups to retrieve a keytab of this " +"service." +msgstr "" + +#: ipaserver/plugins/service.py:915 +msgid "Search for IPA services." +msgstr "" + +msgid "Results should contain primary key attribute only (\"principal\")" +msgstr "" + +msgid "Search for services with these managed by hosts." +msgstr "" + +msgid "Search for services without these managed by hosts." +msgstr "" + +#: ipaserver/plugins/service.py:865 +msgid "Modify an existing IPA service." +msgstr "" + +#: ipaserver/plugins/service.py:1028 +msgid "Remove hosts that can manage this service." +msgstr "" + +#: ipaserver/plugins/service.py:982 +msgid "Display information about an IPA service." +msgstr "" + +msgid "" +"\n" +"Session Support for IPA\n" +"John Dennis \n" +"\n" +"Goals\n" +"=====\n" +"\n" +"Provide per-user session data caching which persists between\n" +"requests. Desired features are:\n" +"\n" +"* Integrates cleanly with minimum impact on existing infrastructure.\n" +"\n" +"* Provides maximum security balanced against real-world performance\n" +" demands.\n" +"\n" +"* Sessions must be able to be revoked (flushed).\n" +"\n" +"* Should be flexible and easy to use for developers.\n" +"\n" +"* Should leverage existing technology and code to the maximum extent\n" +" possible to avoid re-invention, excessive implementation time and to\n" +" benefit from robustness in field proven components commonly shared\n" +" in the open source community.\n" +"\n" +"* Must support multiple independent processes which share session\n" +" data.\n" +"\n" +"* System must function correctly if session data is available or not.\n" +"\n" +"* Must be high performance.\n" +"\n" +"* Should not be tied to specific web servers or browsers. Should\n" +" integrate with our chosen WSGI model.\n" +"\n" +"Issues\n" +"======\n" +"\n" +"Cookies\n" +"-------\n" +"\n" +"Most session implementations are based on the use of cookies. Cookies\n" +"have some inherent problems.\n" +"\n" +"* User has the option to disable cookies.\n" +"\n" +"* User stored cookie data is not secure. Can be mitigated by setting\n" +" flags indicating the cookie is only to be used with SSL secured HTTP\n" +" connections to specific web resources and setting the cookie to\n" +" expire at session termination. Most modern browsers enforce these.\n" +"\n" +"Where to store session data?\n" +"----------------------------\n" +"\n" +"Session data may be stored on either on the client or on the\n" +"server. Storing session data on the client addresses the problem of\n" +"session data availability when requests are serviced by independent web\n" +"servers because the session data travels with the request. However\n" +"there are data size limitations. Storing session data on the client\n" +"also exposes sensitive data but this can be mitigated by encrypting\n" +"the session data such that only the server can decrypt it.\n" +"\n" +"The more conventional approach is to bind session data to a unique\n" +"name, the session ID. The session ID is transmitted to the client and\n" +"the session data is paired with the session ID on the server in a\n" +"associative data store. The session data is retrieved by the server\n" +"using the session ID when the receiving the request. This eliminates\n" +"exposing sensitive session data on the client along with limitations\n" +"on data size. It however introduces the issue of session data\n" +"availability when requests are serviced by more than one server\n" +"process.\n" +"\n" +"Multi-process session data availability\n" +"---------------------------------------\n" +"\n" +"Apache (and other web servers) fork child processes to handle requests\n" +"in parallel. Also web servers may be deployed in a farm where requests\n" +"are load balanced in round robin fashion across different nodes. In\n" +"both cases session data cannot be stored in the memory of a server\n" +"process because it is not available to other processes, either sibling\n" +"children of a master server process or server processes on distinct\n" +"nodes.\n" +"\n" +"Typically this is addressed by storing session data in a SQL\n" +"database. When a request is received by a server process containing a\n" +"session ID in it's cookie data the session ID is used to perform a SQL\n" +"query and the resulting data is then attached to the request as it\n" +"proceeds through the request processing pipeline. This of course\n" +"introduces coherency issues.\n" +"\n" +"For IPA the introduction of a SQL database dependency is undesired and\n" +"should be avoided.\n" +"\n" +"Session data may also be shared by independent processes by storing\n" +"the session data in files.\n" +"\n" +"An alternative solution which has gained considerable popularity\n" +"recently is the use of a fast memory based caching server. Data is\n" +"stored in a single process memory and may be queried and set via a\n" +"light weight protocol using standard socket mechanisms, memcached is\n" +"one example. A typical use is to optimize SQL queries by storing a SQL\n" +"result in shared memory cache avoiding the more expensive SQL\n" +"operation. But the memory cache has distinct advantages in non-SQL\n" +"situations as well.\n" +"\n" +"Possible implementations for use by IPA\n" +"=======================================\n" +"\n" +"Apache Sessions\n" +"---------------\n" +"\n" +"Apache has 2.3 has implemented session support via these modules:\n" +"\n" +" mod_session\n" +" Overarching session support based on cookies.\n" +"\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session.html\n" +"\n" +" mod_session_cookie\n" +" Stores session data in the client.\n" +"\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session_cookie.html\n" +"\n" +" mod_session_crypto\n" +" Encrypts session data for security. Encryption key is shared\n" +" configuration parameter visible to all Apache processes and is\n" +" stored in a configuration file.\n" +"\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session_crypto.html\n" +"\n" +" mod_session_dbd\n" +" Stores session data in a SQL database permitting multiple\n" +" processes to access and share the same session data.\n" +"\n" +" See: http://httpd.apache.org/docs/2.3/mod/mod_session_dbd.html\n" +"\n" +"Issues with Apache sessions\n" +"~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" +"\n" +"Although Apache has implemented generic session support and Apache is\n" +"our web server of preference it nonetheless introduces issues for IPA.\n" +"\n" +" * Session support is only available in httpd >= 2.3 which at the\n" +" time of this writing is currently only available as a Beta release\n" +" from upstream. We currently only ship httpd 2.2, the same is true\n" +" for other distributions.\n" +"\n" +" * We could package and ship the sessions modules as a temporary\n" +" package in httpd 2.2 environments. But this has the following\n" +" consequences:\n" +"\n" +" - The code has to be backported. the module API has changed\n" +" slightly between httpd 2.2 and 2.3. The backporting is not\n" +" terribly difficult and a proof of concept has been\n" +" implemented.\n" +"\n" +" - We would then be on the hook to package and maintain a special\n" +" case Apache package. This is maintenance burden as well as a\n" +" distribution packaging burden. Both of which would be best\n" +" avoided if possible.\n" +"\n" +" * The design of the Apache session modules is such that they can\n" +" only be manipulated by other Apache modules. The ability of\n" +" consumers of the session data to control the session data is\n" +" simplistic, constrained and static during the period the request\n" +" is processed. Request handlers which are not native Apache modules\n" +" (e.g. IPA via WSGI) can only examine the session data\n" +" via request headers and reset it in response headers.\n" +"\n" +" * Shared session data is available exclusively via SQL.\n" +"\n" +"However using the 2.3 Apache session modules would give us robust\n" +"session support implemented in C based on standardized Apache\n" +"interfaces which are widely used.\n" +"\n" +"Python Web Frameworks\n" +"---------------------\n" +"\n" +"Virtually every Python web framework supports cookie based sessions,\n" +"e.g. Django, Twisted, Zope, Turbogears etc. Early on in IPA we decided\n" +"to avoid the use of these frameworks. Trying to pull in just one part\n" +"of these frameworks just to get session support would be problematic\n" +"because the code does not function outside it's framework.\n" +"\n" +"IPA implemented sessions\n" +"------------------------\n" +"\n" +"Originally it was believed the path of least effort was to utilize\n" +"existing session support, most likely what would be provided by\n" +"Apache. However there are enough basic modular components available in\n" +"native Python and other standard packages it should be possible to\n" +"provide session support meeting the aforementioned goals with a modest\n" +"implementation effort. Because we're leveraging existing components\n" +"the implementation difficulties are subsumed by other components which\n" +"have already been field proven and have community support. This is a\n" +"smart strategy.\n" +"\n" +"Proposed Solution\n" +"=================\n" +"\n" +"Our interface to the web server is via WSGI which invokes a callback\n" +"per request passing us an environmental context for the request. For\n" +"this discussion we'll name the WSGI callback \"application()\", a\n" +"conventional name in WSGI parlance.\n" +"\n" +"Shared session data will be handled by memcached. We will create one\n" +"instance of memcached on each server node dedicated to IPA\n" +"exclusively. Communication with memcached will be via a UNIX socket\n" +"located in the file system under /var/run/ipa_memcached. It will be\n" +"protected by file permissions and optionally SELinux policy.\n" +"\n" +"In application() we examine the request cookies and if there is an IPA\n" +"session cookie with a session ID we retrieve the session data from our\n" +"memcached instance.\n" +"\n" +"The session data will be a Python dict. IPA components will read or\n" +"write their session information by using a pre-agreed upon name\n" +"(e.g. key) in the dict. This is a very flexible system and consistent\n" +"with how we pass data in most parts of IPA.\n" +"\n" +"If the session data is not available an empty session data dict will\n" +"be created.\n" +"\n" +"How does this session data travel with the request in the IPA\n" +"pipeline? In IPA we use the HTTP request/response to implement RPC. In\n" +"application() we convert the request into a procedure call passing it\n" +"arguments derived from the HTTP request. The passed parameters are\n" +"specific to the RPC method being invoked. The context the RPC call is\n" +"executing in is not passed as an RPC parameter.\n" +"\n" +"How would the contextual information such as session data be bound to\n" +"the request and hence the RPC call?\n" +"\n" +"In IPA when a RPC invocation is being prepared from a request we\n" +"recognize this will only ever be processed serially by one Python\n" +"thread. A thread local dict called \"context\" is allocated for each\n" +"thread. The context dict is cleared in between requests (e.g. RPC method\n" +"invocations). The per-thread context dict is populated during the\n" +"lifetime of the request and is used as a global data structure unique to\n" +"the request that various IPA component can read from and write to with\n" +"the assurance the data is unique to the current request and/or method\n" +"call.\n" +"\n" +"The session data dict will be written into the context dict under the\n" +"session key before the RPC method begins execution. Thus session data\n" +"can be read and written by any IPA component by accessing\n" +"``context.session``.\n" +"\n" +"When the RPC method finishes execution the session data bound to the\n" +"request/method is retrieved from the context and written back to the\n" +"memcached instance. The session ID is set in the response sent back to\n" +"the client in the ``Set-Cookie`` header along with the flags\n" +"controlling it's usage.\n" +"\n" +"Issues and details\n" +"------------------\n" +"\n" +"IPA code cannot depend on session data being present, however it\n" +"should always update session data with the hope it will be available\n" +"in the future. Session data may not be available because:\n" +"\n" +" * This is the first request from the user and no session data has\n" +" been created yet.\n" +"\n" +" * The user may have cookies disabled.\n" +"\n" +" * The session data may have been flushed. memcached operates with\n" +" a fixed memory allocation and will flush entries on a LRU basis,\n" +" like with any cache there is no guarantee of persistence.\n" +"\n" +" Also we may have have deliberately expired or deleted session\n" +" data, see below.\n" +"\n" +"Cookie manipulation is done via the standard Python Cookie module.\n" +"\n" +"Session cookies will be set to only persist as long as the browser has\n" +"the session open. They will be tagged so the browser only returns\n" +"the session ID on SSL secured HTTP requests. They will not be visible\n" +"to Javascript in the browser.\n" +"\n" +"Session ID's will be created by using 48 bits of random data and\n" +"converted to 12 hexadecimal digits. Newly generated session ID's will\n" +"be checked for prior existence to handle the unlikely case the random\n" +"number repeats.\n" +"\n" +"memcached will have significantly higher performance than a SQL or file\n" +"based storage solution. Communication is effectively though a pipe\n" +"(UNIX socket) using a very simple protocol and the data is held\n" +"entirely in process memory. memcached also scales easily, it is easy\n" +"to add more memcached processes and distribute the load across them.\n" +"At this point in time we don't anticipate the need for this.\n" +"\n" +"A very nice feature of the Python memcached module is that when a data\n" +"item is written to the cache it is done with standard Python pickling\n" +"(pickling is a standard Python mechanism to marshal and unmarshal\n" +"Python objects). We adopt the convention the object written to cache\n" +"will be a dict to meet our internal data handling conventions. The\n" +"pickling code will recursively handle nested objects in the dict. Thus\n" +"we gain a lot of flexibility using standard Python data structures to\n" +"store and retrieve our session data without having to author and debug\n" +"code to marshal and unmarshal the data if some other storage mechanism\n" +"had been used. This is a significant implementation win. Of course\n" +"some common sense limitations need to observed when deciding on what\n" +"is written to the session cache keeping in mind the data is shared\n" +"between processes and it should not be excessively large (a\n" +"configurable option)\n" +"\n" +"We can set an expiration on memcached entries. We may elect to do that\n" +"to force session data to be refreshed periodically. For example we may\n" +"wish the client to present fresh credentials on a periodic basis even\n" +"if the cached credentials are otherwise within their validity period.\n" +"\n" +"We can explicitly delete session data if for some reason we believe it\n" +"is stale, invalid or compromised.\n" +"\n" +"memcached also gives us certain facilities to prevent race conditions\n" +"between different processes utilizing the cache. For example you can\n" +"check of the entry has been modified since you last read it or use CAS\n" +"(Check And Set) semantics. What has to be protected in terms of cache\n" +"coherency will likely have to be determined as the session support is\n" +"utilized and different data items are added to the cache. This is very\n" +"much data and context specific. Fortunately memcached operations are\n" +"atomic.\n" +"\n" +"Controlling the memcached process\n" +"---------------------------------\n" +"\n" +"We need a mechanism to start the memcached process and secure it so\n" +"that only IPA components can access it.\n" +"\n" +"Although memcached ships with both an initscript and systemd unit\n" +"files those are for generic instances. We want a memcached instance\n" +"dedicated exclusively to IPA usage. To accomplish this we would install\n" +"a systemd unit file or an SysV initscript to control the IPA specific\n" +"memcached service. ipactl would be extended to know about this\n" +"additional service. systemd's cgroup facility would give us additional\n" +"mechanisms to integrate the IPA memcached service within a larger IPA\n" +"process group.\n" +"\n" +"Protecting the memcached data would be done via file permissions (and\n" +"optionally SELinux policy) on the UNIX domain socket. Although recent\n" +"implementations of memcached support authentication via SASL this\n" +"introduces a performance and complexity burden not warranted when\n" +"cached is dedicated to our exclusive use and access controlled by OS\n" +"mechanisms.\n" +"\n" +"Conventionally daemons are protected by assigning a system uid and/or\n" +"gid to the daemon. A daemon launched by root will drop it's privileges\n" +"by assuming the effective uid:gid assigned to it. File system access\n" +"is controlled by the OS via the effective identity and SELinux policy\n" +"can be crafted based on the identity. Thus the memcached UNIX socket\n" +"would be protected by having it owned by a specific system user and/or\n" +"membership in a restricted system group (discounting for the moment\n" +"SELinux).\n" +"\n" +"Unfortunately we currently do not have an IPA system uid whose\n" +"identity our processes operate under nor do we have an IPA system\n" +"group. IPA does manage a collection of related processes (daemons) and\n" +"historically each has been assigned their own uid. When these\n" +"unrelated processes communicate they mutually authenticate via other\n" +"mechanisms. We do not have much of a history of using shared file\n" +"system objects across identities. When file objects are created they\n" +"are typically assigned the identity of daemon needing to access the\n" +"object and are not accessed by other daemons, or they carry root\n" +"identity.\n" +"\n" +"When our WSGI application runs in Apache it is run as a WSGI\n" +"daemon. This means when Apache starts up it forks off WSGI processes\n" +"for us and we are independent of other Apache processes. When WSGI is\n" +"run in this mode there is the ability to set the uid:gid of the WSGI\n" +"process hosting us, however we currently do not take advantage of this\n" +"option. WSGI can be run in other modes as well, only in daemon mode\n" +"can the uid:gid be independently set from the rest of Apache. All\n" +"processes started by Apache can be set to a common uid:gid specified\n" +"in the global Apache configuration, by default it's\n" +"apache:apache. Thus when our IPA code executes it is running as\n" +"apache:apache.\n" +"\n" +"To protect our memcached UNIX socket we can do one of two things:\n" +"\n" +"1. Assign it's uid:gid as apache:apache. This would limit access to\n" +" our cache only to processes running under httpd. It's somewhat\n" +" restricted but far from ideal. Any code running in the web server\n" +" could potentially access our cache. It's difficult to control what the\n" +" web server runs and admins may not understand the consequences of\n" +" configuring httpd to serve other things besides IPA.\n" +"\n" +"2. Create an IPA specific uid:gid, for example ipa:ipa. We then configure\n" +" our WSGI application to run as the ipa:ipa user and group. We also\n" +" configure our memcached instance to run as the ipa:ipa user and\n" +" group. In this configuration we are now fully protected, only our WSGI\n" +" code can read & write to our memcached UNIX socket.\n" +"\n" +"However there may be unforeseen issues by converting our code to run as\n" +"something other than apache:apache. This would require some\n" +"investigation and testing.\n" +"\n" +"IPA is dependent on other system daemons, specifically Directory\n" +"Server (ds) and Certificate Server (cs). Currently we configure ds to\n" +"run under the dirsrv:dirsrv user and group, an identity of our\n" +"creation. We allow cs to default to it's pkiuser:pkiuser user and\n" +"group. Should these other cooperating daemons also run under the\n" +"common ipa:ipa user and group identities? At first blush there would\n" +"seem to be an advantage to coalescing all process identities under a\n" +"common IPA user and group identity. However these other processes do\n" +"not depend on user and group permissions when working with external\n" +"agents, processes, etc. Rather they are designed to be stand-alone\n" +"network services which authenticate their clients via other\n" +"mechanisms. They do depend on user and group permission to manage\n" +"their own file system objects. If somehow the ipa user and/or group\n" +"were compromised or malicious code somehow executed under the ipa\n" +"identity there would be an advantage in having the cooperating\n" +"processes cordoned off under their own identities providing one extra\n" +"layer of protection. (Note, these cooperating daemons may not even be\n" +"co-located on the same node in which case the issue is moot)\n" +"\n" +"The UNIX socket behavior (ldapi) with Directory Server is as follows:\n" +"\n" +" * The socket ownership is: root:root\n" +"\n" +" * The socket permissions are: 0666\n" +"\n" +" * When connecting via ldapi you must authenticate as you would\n" +" normally with a TCP socket, except ...\n" +"\n" +" * If autobind is enabled and the uid:gid is available via\n" +" SO_PEERCRED and the uid:gid can be found in the set of users known\n" +" to the Directory Server then that connection will be bound as that\n" +" user.\n" +"\n" +" * Otherwise an anonymous bind will occur.\n" +"\n" +"memcached UNIX socket behavior is as follows:\n" +"\n" +" * memcached can be invoked with a user argument, no group may be\n" +" specified. The effective uid is the uid of the user argument and\n" +" the effective gid is the primary group of the user, let's call\n" +" this euid:egid\n" +"\n" +" * The socket ownership is: euid:egid\n" +"\n" +" * The socket permissions are 0700 by default, but this can be\n" +" modified by the -a mask command line arg which sets the umask\n" +" (defaults to 0700).\n" +"\n" +"Overview of authentication in IPA\n" +"=================================\n" +"\n" +"This describes how we currently authenticate and how we plan to\n" +"improve authentication performance. First some definitions.\n" +"\n" +"There are 4 major players:\n" +"\n" +" 1. client\n" +" 2. mod_auth_kerb (in Apache process)\n" +" 3. wsgi handler (in IPA wsgi python process)\n" +" 4. ds (directory server)\n" +"\n" +"There are several resources:\n" +"\n" +" 1. /ipa/ui (unprotected, web UI static resources)\n" +" 2. /ipa/xml (protected, xmlrpc RPC used by command line clients)\n" +" 3. /ipa/json (protected, json RPC used by javascript in web UI)\n" +" 4. ds (protected, wsgi acts as proxy, our LDAP server)\n" +"\n" +"Current Model\n" +"-------------\n" +"\n" +"This describes how things work in our current system for the web UI.\n" +"\n" +" 1. Client requests /ipa/ui, this is unprotected, is static and\n" +" contains no sensitive information. Apache replies with html and\n" +" javascript. The javascript requests /ipa/json.\n" +"\n" +" 2. Client sends post to /ipa/json.\n" +"\n" +" 3. mod_auth_kerb is configured to protect /ipa/json, replies 401\n" +" authenticate negotiate.\n" +"\n" +" 4. Client resends with credentials\n" +"\n" +" 5. mod_auth_kerb validates credentials\n" +"\n" +" a. if invalid replies 403 access denied (stops here)\n" +"\n" +" b. if valid creates temporary ccache, adds KRB5CCNAME to request\n" +" headers\n" +"\n" +" 6. Request passed to wsgi handler\n" +"\n" +" a. validates request, KRB5CCNAME must be present, referrer, etc.\n" +"\n" +" b. ccache saved and used to bind to ds\n" +"\n" +" c. routes to specified RPC handler.\n" +"\n" +" 7. wsgi handler replies to client\n" +"\n" +"Proposed new session based optimization\n" +"---------------------------------------\n" +"\n" +"The round trip negotiate and credential validation in steps 3,4,5 is\n" +"expensive. This can be avoided if we can cache the client\n" +"credentials. With client sessions we can store the client credentials\n" +"in the session bound to the client.\n" +"\n" +"A few notes about the session implementation.\n" +"\n" +" * based on session cookies, cookies must be enabled\n" +"\n" +" * session cookie is secure, only passed on secure connections, only\n" +" passed to our URL resource, never visible to client javascript\n" +" etc.\n" +"\n" +" * session cookie has a session id which is used by wsgi handler to\n" +" retrieve client session data from shared multi-process cache.\n" +"\n" +"Changes to Apache's resource protection\n" +"---------------------------------------\n" +"\n" +" * /ipa/json is no longer protected by mod_auth_kerb. This is\n" +" necessary to avoid the negotiate expense in steps 3,4,5\n" +" above. Instead the /ipa/json resource will be protected in our wsgi\n" +" handler via the session cookie.\n" +"\n" +" * A new protected URI is introduced, /ipa/login. This resource\n" +" does no serve any data, it is used exclusively for authentication.\n" +"\n" +"The new sequence is:\n" +"\n" +" 1. Client requests /ipa/ui, this is unprotected. Apache replies with\n" +" html and javascript. The javascript requests /ipa/json.\n" +"\n" +" 2. Client sends post to /ipa/json, which is unprotected.\n" +"\n" +" 3. wsgi handler obtains session data from session cookie.\n" +"\n" +" a. if ccache is present in session data and is valid\n" +"\n" +" - request is further validated\n" +"\n" +" - ccache is established for bind to ds\n" +"\n" +" - request is routed to RPC handler\n" +"\n" +" - wsgi handler eventually replies to client\n" +"\n" +" b. if ccache is not present or not valid processing continues ...\n" +"\n" +" 4. wsgi handler replies with 401 Unauthorized\n" +"\n" +" 5. client sends request to /ipa/login to obtain session credentials\n" +"\n" +" 6. mod_auth_kerb replies 401 negotiate on /ipa/login\n" +"\n" +" 7. client sends credentials to /ipa/login\n" +"\n" +" 8. mod_auth_kerb validates credentials\n" +"\n" +" a. if valid\n" +"\n" +" - mod_auth_kerb permits access to /ipa/login. wsgi handler is\n" +" invoked and does the following:\n" +"\n" +" * establishes session for client\n" +"\n" +" * retrieves the ccache from KRB5CCNAME and stores it\n" +"\n" +" a. if invalid\n" +"\n" +" - mod_auth_kerb sends 403 access denied (processing stops)\n" +"\n" +" 9. client now posts the same data again to /ipa/json including\n" +" session cookie. Processing repeats starting at step 2 and since\n" +" the session data now contains a valid ccache step 3a executes, a\n" +" successful reply is sent to client.\n" +"\n" +"Command line client using xmlrpc\n" +"--------------------------------\n" +"\n" +"The above describes the web UI utilizing the json RPC mechanism. The\n" +"IPA command line tools utilize a xmlrpc RPC mechanism on the same\n" +"HTTP server. Access to the xmlrpc is via the /ipa/xml URI. The json\n" +"and xmlrpc API's are the same, they differ only on how their procedure\n" +"calls are marshalled and unmarshalled.\n" +"\n" +"Under the new scheme /ipa/xml will continue to be Kerberos protected\n" +"at all times. Apache's mod_auth_kerb will continue to require the\n" +"client provides valid Kerberos credentials.\n" +"\n" +"When the WSGI handler routes to /ipa/xml the Kerberos credentials will\n" +"be extracted from the KRB5CCNAME environment variable as provided by\n" +"mod_auth_kerb. Everything else remains the same.\n" +msgstr "" + +msgid "RPC command used to log the current user out of their session." +msgstr "" + +msgid "" +"\n" +"Sudo Commands\n" +"\n" +"Commands used as building blocks for sudo\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a new command\n" +" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" +"\n" +" Remove a command\n" +" ipa sudocmd-del /usr/bin/less\n" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:118 ipaserver/plugins/sudocmd.py:123 +msgid "Sudo Command" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:129 +msgid "A description of this command" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:118 ipaserver/plugins/sudocmdgroup.py:138 +#: ipaserver/plugins/baseldap.py:83 +msgid "Sudo Command Groups" +msgstr "" + +msgid "Create new Sudo Command." +msgstr "" + +#: ipaserver/plugins/sudocmd.py:158 +msgid "Delete Sudo Command." +msgstr "" + +#: ipaserver/plugins/sudocmd.py:198 +msgid "Search for Sudo Commands." +msgstr "" + +msgid "Results should contain primary key attribute only (\"command\")" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:191 +msgid "Modify Sudo Command." +msgstr "" + +#: ipaserver/plugins/sudocmd.py:207 +msgid "Display Sudo Command." +msgstr "" + +msgid "" +"\n" +"Groups of Sudo Commands\n" +"\n" +"Manage groups of Sudo Commands.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new Sudo Command Group:\n" +" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" +"\n" +" Remove a Sudo Command Group:\n" +" ipa sudocmdgroup-del admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" +"vim admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n" +"\n" +" Show a Sudo Command Group:\n" +" ipa group-show localadmins\n" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:119 ipaserver/plugins/sudocmdgroup.py:124 +msgid "Sudo Command Group" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:134 ipaserver/plugins/internal.py:1411 +msgid "Commands" +msgstr "" + +msgid "Member Sudo commands" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:147 +msgid "Create new Sudo Command Group." +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:188 +msgid "Add members to Sudo Command Group." +msgstr "" + +msgid "member sudo command" +msgstr "" + +msgid "sudo commands to add" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:155 +msgid "Delete Sudo Command Group." +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:171 +msgid "Search for Sudo Command Groups." +msgstr "" + +msgid "" +"Results should contain primary key attribute only (\"sudocmdgroup-name\")" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:163 +msgid "Modify Sudo Command Group." +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:194 +msgid "Remove members from Sudo Command Group." +msgstr "" + +msgid "sudo commands to remove" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:182 +msgid "Display Sudo Command Group." +msgstr "" + +msgid "" +"\n" +"Cross-realm trusts\n" +"\n" +"Manage trust relationship between IPA and Active Directory domains.\n" +"\n" +"In order to allow users from a remote domain to access resources in IPA\n" +"domain, trust relationship needs to be established. Currently IPA supports\n" +"only trusts between IPA and Active Directory domains under control of " +"Windows\n" +"Server 2008 or later, with functional level 2008 or later.\n" +"\n" +"Please note that DNS on both IPA and Active Directory domain sides should " +"be\n" +"configured properly to discover each other. Trust relationship relies on\n" +"ability to discover special resources in the other domain via DNS records.\n" +"\n" +"Examples:\n" +"\n" +"1. Establish cross-realm trust with Active Directory using AD administrator\n" +" credentials:\n" +"\n" +" ipa trust-add --type=ad --admin --" +"password\n" +"\n" +"2. List all existing trust relationships:\n" +"\n" +" ipa trust-find\n" +"\n" +"3. Show details of the specific trust relationship:\n" +"\n" +" ipa trust-show \n" +"\n" +"4. Delete existing trust relationship:\n" +"\n" +" ipa trust-del \n" +"\n" +"Once trust relationship is established, remote users will need to be mapped\n" +"to local POSIX groups in order to actually use IPA resources. The mapping " +"should\n" +"be done via use of external membership of non-POSIX group and then this " +"group\n" +"should be included into one of local POSIX groups.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +"\n" +"\n" +"GLOBAL TRUST CONFIGURATION\n" +"\n" +"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n" +"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" +"identifiers are then used when communicating with a trusted domain of the\n" +"particular type.\n" +"\n" +"1. Show global trust configuration for Active Directory type of trusts:\n" +"\n" +" ipa trustconfig-show --type ad\n" +"\n" +"2. Modify global configuration for all trusts of Active Directory type and " +"set\n" +" a different fallback primary group (fallback primary group GID is used " +"as\n" +" a primary user GID if user authenticating to IPA domain does not have any " +"other\n" +" primary GID already set):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD " +"group\"\n" +"\n" +"3. Change primary fallback group back to default hidden group (any group " +"with\n" +" posixGroup object class is allowed):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB " +"Group\"\n" +msgstr "" + +#: ipaserver/plugins/trust.py:1586 ipaserver/plugins/internal.py:1548 +msgid "Domain NetBIOS name" +msgstr "" + +#: ipaserver/plugins/trust.py:1589 ipaserver/plugins/internal.py:1549 +msgid "Domain Security Identifier" +msgstr "" + +msgid "SID blacklist incoming" +msgstr "" + +msgid "SID blacklist outgoing" +msgstr "" + +msgid "Security Identifier" +msgstr "" + +msgid "NetBIOS name" +msgstr "" + +msgid "Domain GUID" +msgstr "" + +msgid "Fallback primary group" +msgstr "" + +#: ipaserver/plugins/certmap.py:298 +msgid "Domain name" +msgstr "" + +msgid "Trusted domain partner" +msgstr "" + +msgid "Determine whether ipa-adtrust-install has been run on this system" +msgstr "" + +msgid "" +"Determine whether Schema Compatibility plugin is configured to serve trusted " +"domain users and groups" +msgstr "" + +msgid "Determine whether ipa-adtrust-install has been run with sidgen task" +msgstr "" + +msgid "" +"\n" +"Add new trust to use.\n" +"\n" +"This command establishes trust relationship to another domain\n" +"which becomes 'trusted'. As result, users of the trusted domain\n" +"may access resources of this domain.\n" +"\n" +"Only trusts to Active Directory domains are supported right now.\n" +"\n" +"The command can be safely run multiple times against the same domain,\n" +"this will cause change to trust relationship credentials on both\n" +"sides.\n" +" " +msgstr "" + +msgid "Trust type (ad for Active Directory, default)" +msgstr "" + +#: ipaserver/plugins/trust.py:1799 +msgid "Active Directory domain administrator" +msgstr "" + +#: ipaserver/plugins/trust.py:1803 +msgid "Active Directory domain administrator's password" +msgstr "" + +#: ipaserver/plugins/trust.py:1808 +msgid "Domain controller for the Active Directory domain (optional)" +msgstr "" + +msgid "Shared secret for the trust" +msgstr "" + +msgid "First Posix ID of the range reserved for the trusted domain" +msgstr "" + +msgid "Size of the ID range reserved for the trusted domain" +msgstr "" + +msgid "" +"Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust" +msgstr "" + +msgid "Delete a trust." +msgstr "" + +msgid "Refresh list of the domains associated with the trust" +msgstr "" + +msgid "Search for trusts." +msgstr "" + +msgid "Results should contain primary key attribute only (\"realm\")" +msgstr "" + +msgid "" +"\n" +"Modify a trust (for future use).\n" +"\n" +" Currently only the default option to modify the LDAP attributes is\n" +" available. More specific options will be added in coming releases.\n" +" " +msgstr "" + +msgid "Resolve security identifiers of users and groups in trusted domains" +msgstr "" + +msgid "Security Identifiers (SIDs)" +msgstr "" + +msgid "Display information about a trust." +msgstr "" + +msgid "Modify global trust configuration." +msgstr "" + +msgid "Show global trust configuration." +msgstr "" + +msgid "Allow access from the trusted domain" +msgstr "" + +msgid "Remove information about the domain associated with the trust." +msgstr "" + +msgid "Disable use of IPA resources by the domain of the trust" +msgstr "" + +msgid "Allow use of IPA resources by the domain of the trust" +msgstr "" + +msgid "Search domains of the trust" +msgstr "" + +msgid "Results should contain primary key attribute only (\"domain\")" +msgstr "" + +msgid "Modify trustdomain of the trust" +msgstr "" + +msgid "" +"\n" +"Users\n" +"\n" +"Manage user entries. All users are POSIX users.\n" +"\n" +"IPA supports a wide range of username formats, but you need to be aware of " +"any\n" +"restrictions that may apply to your particular environment. For example,\n" +"usernames that start with a digit or usernames that exceed a certain length\n" +"may cause problems for some UNIX systems.\n" +"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" +"\n" +"Disabling a user account prevents that user from obtaining new Kerberos\n" +"credentials. It does not invalidate any credentials that have already\n" +"been issued.\n" +"\n" +"Password management is not a part of this module. For more information\n" +"about this topic please see: ipa help passwd\n" +"\n" +"Account lockout on password failure happens per IPA master. The user-status\n" +"command can be used to identify which master the user is locked out on.\n" +"It is on that master the administrator must unlock the user.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new user:\n" +" ipa user-add --first=Tim --last=User --password tuser1\n" +"\n" +" Find all users whose entries include the string \"Tim\":\n" +" ipa user-find Tim\n" +"\n" +" Find all users with \"Tim\" as the first name:\n" +" ipa user-find --first=Tim\n" +"\n" +" Disable a user account:\n" +" ipa user-disable tuser1\n" +"\n" +" Enable a user account:\n" +" ipa user-enable tuser1\n" +"\n" +" Delete a user:\n" +" ipa user-del tuser1\n" +msgstr "" + +msgid "First name" +msgstr "" + +msgid "Last name" +msgstr "" + +#: ipaserver/plugins/baseuser.py:231 +msgid "Full name" +msgstr "" + +msgid "Display name" +msgstr "" + +msgid "Initials" +msgstr "" + +msgid "Kerberos principal" +msgstr "" + +#: ipaserver/plugins/baseuser.py:277 +msgid "Kerberos principal expiration" +msgstr "" + +msgid "Email address" +msgstr "" + +msgid "Prompt to set the user password" +msgstr "" + +msgid "Generate a random user password" +msgstr "" + +msgid "User ID Number (system will assign one if not provided)" +msgstr "" + +msgid "Street address" +msgstr "" + +msgid "City" +msgstr "" + +msgid "State/Province" +msgstr "" + +msgid "ZIP" +msgstr "" + +msgid "Telephone Number" +msgstr "" + +msgid "Mobile Telephone Number" +msgstr "" + +msgid "Pager Number" +msgstr "" + +msgid "Fax Number" +msgstr "" + +msgid "Org. Unit" +msgstr "" + +msgid "Job Title" +msgstr "" + +msgid "Car License" +msgstr "" + +msgid "Account disabled" +msgstr "" + +#: ipaserver/plugins/baseuser.py:371 +msgid "User authentication types" +msgstr "" + +#: ipaserver/plugins/baseuser.py:372 +msgid "Types of supported user authentication" +msgstr "" + +#: ipaserver/plugins/baseuser.py:379 +msgid "" +"User category (semantics placed on this attribute are for local " +"interpretation)" +msgstr "" + +#: ipaserver/plugins/baseuser.py:384 +msgid "RADIUS proxy configuration" +msgstr "" + +#: ipaserver/plugins/baseuser.py:388 +msgid "RADIUS proxy username" +msgstr "" + +#: ipaserver/plugins/baseuser.py:400 +msgid "Department Number" +msgstr "" + +#: ipaserver/plugins/baseuser.py:403 +msgid "Employee Number" +msgstr "" + +#: ipaserver/plugins/baseuser.py:406 +msgid "Employee Type" +msgstr "" + +#: ipaserver/plugins/baseuser.py:409 +msgid "Preferred Language" +msgstr "" + +msgid "Kerberos keys available" +msgstr "" + +msgid "Add a new user." +msgstr "" + +msgid "Don't create user private group" +msgstr "" + +msgid "Delete a user." +msgstr "" + +msgid "Disable a user account." +msgstr "" + +msgid "Enable a user account." +msgstr "" + +msgid "Search for users." +msgstr "" + +msgid "Self" +msgstr "" + +msgid "Display user record for current Kerberos principal" +msgstr "" + +msgid "Results should contain primary key attribute only (\"login\")" +msgstr "" + +msgid "Search for users with these member of groups." +msgstr "" + +msgid "Search for users without these member of groups." +msgstr "" + +msgid "Search for users with these member of netgroups." +msgstr "" + +msgid "Search for users without these member of netgroups." +msgstr "" + +msgid "Search for users with these member of roles." +msgstr "" + +msgid "Search for users without these member of roles." +msgstr "" + +msgid "Search for users with these member of HBAC rules." +msgstr "" + +msgid "Search for users without these member of HBAC rules." +msgstr "" + +msgid "Search for users with these member of sudo rules." +msgstr "" + +msgid "Search for users without these member of sudo rules." +msgstr "" + +msgid "Modify a user." +msgstr "" + +msgid "Rename the user object" +msgstr "" + +msgid "Display information about a user." +msgstr "" + +msgid "" +"\n" +"Lockout status of a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator.\n" +"\n" +" This connects to each IPA master and displays the lockout status on\n" +" each one.\n" +"\n" +" To determine whether an account is locked on a given server you need\n" +" to compare the number of failed logins and the time of the last " +"failure.\n" +" For an account to be locked it must exceed the maxfail failures within\n" +" the failinterval duration as specified in the password policy " +"associated\n" +" with the user.\n" +"\n" +" The failed login counter is modified only when a user attempts a log in\n" +" so it is possible that an account may appear locked but the last failed\n" +" login attempt is older than the lockouttime of the password policy. " +"This\n" +" means that the user may attempt a login again.\n" +" " +msgstr "" + +msgid "" +"\n" +"Unlock a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator.\n" +" " +msgstr "" + +msgid "" +"\n" +"Sudo Rules\n" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\\n" +" -H ldap://ipa.example.com -ZZ -D \"cn=Directory Manager\" \\\n" +" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a new rule:\n" +" ipa sudorule-add readfiles\n" +"\n" +" Add sudo command object and add it as allowed command in the rule:\n" +" ipa sudocmd-add /usr/bin/less\n" +" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" +"\n" +" Add a host to the rule:\n" +" ipa sudorule-add-host readfiles --hosts server.example.com\n" +"\n" +" Add a user to the rule:\n" +" ipa sudorule-add-user readfiles --users jsmith\n" +"\n" +" Add a special Sudo rule for default Sudo server configuration:\n" +" ipa sudorule-add defaults\n" +"\n" +" Set a default Sudo option:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:267 +msgid "Command category" +msgstr "" + +#: ipaserver/plugins/sudorule.py:268 +msgid "Command category the rule applies to" +msgstr "" + +#: ipaserver/plugins/sudorule.py:273 +msgid "RunAs User category" +msgstr "" + +#: ipaserver/plugins/sudorule.py:274 +msgid "RunAs User category the rule applies to" +msgstr "" + +#: ipaserver/plugins/sudorule.py:279 +msgid "RunAs Group category" +msgstr "" + +#: ipaserver/plugins/sudorule.py:280 +msgid "RunAs Group category the rule applies to" +msgstr "" + +#: ipaserver/plugins/sudorule.py:285 +msgid "Sudo order" +msgstr "" + +#: ipaserver/plugins/sudorule.py:286 +msgid "integer to order the Sudo rules" +msgstr "" + +#: ipaserver/plugins/sudorule.py:300 +msgid "External User" +msgstr "" + +#: ipaserver/plugins/sudorule.py:301 +msgid "External User the rule applies to (sudorule-find only)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:313 +msgid "Host Masks" +msgstr "" + +#: ipaserver/plugins/sudorule.py:319 +msgid "Sudo Allow Commands" +msgstr "" + +#: ipaserver/plugins/sudorule.py:323 +msgid "Sudo Deny Commands" +msgstr "" + +#: ipaserver/plugins/sudorule.py:327 +msgid "Sudo Allow Command Groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:331 +msgid "Sudo Deny Command Groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:335 +msgid "RunAs Users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:336 +msgid "Run as a user" +msgstr "" + +#: ipaserver/plugins/sudorule.py:340 +msgid "Groups of RunAs Users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:341 +msgid "Run as any user within a specified group" +msgstr "" + +#: ipaserver/plugins/sudorule.py:346 +msgid "RunAs External User" +msgstr "" + +#: ipaserver/plugins/sudorule.py:347 +msgid "External User the commands can run as (sudorule-find only)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:351 +msgid "External Groups of RunAs Users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:352 +msgid "External Groups of users that the command can run as" +msgstr "" + +#: ipaserver/plugins/sudorule.py:356 +msgid "RunAs Groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:357 +msgid "Run with the gid of a specified POSIX group" +msgstr "" + +#: ipaserver/plugins/sudorule.py:362 +msgid "RunAs External Group" +msgstr "" + +#: ipaserver/plugins/sudorule.py:363 +msgid "External Group the commands can run as (sudorule-find only)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:366 ipaserver/plugins/sudorule.py:1003 +#: ipaserver/plugins/sudorule.py:1052 +msgid "Sudo Option" +msgstr "" + +#: ipaserver/plugins/sudorule.py:394 +msgid "Create new Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:541 ipaserver/plugins/sudorule.py:572 +msgid "Add commands and sudo command groups affected by Sudo Rule." +msgstr "" + +msgid "member sudo command group" +msgstr "" + +msgid "sudo command groups to add" +msgstr "" + +#: ipaserver/plugins/sudorule.py:691 +msgid "Add hosts and hostgroups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:124 +msgid "host masks of allowed hosts" +msgstr "" + +#: ipaserver/plugins/sudorule.py:997 +msgid "Add an option to the Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:919 +msgid "Add group for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:795 +msgid "Add users and groups for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:592 +msgid "Add users and groups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:408 +msgid "Delete Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:518 +msgid "Disable a Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:495 +msgid "Enable a Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:481 +msgid "Search for Sudo Rule." +msgstr "" + +msgid "Results should contain primary key attribute only (\"sudorule-name\")" +msgstr "" + +#: ipaserver/plugins/sudorule.py:415 +msgid "Modify Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:564 ipaserver/plugins/sudorule.py:584 +msgid "Remove commands and sudo command groups affected by Sudo Rule." +msgstr "" + +msgid "sudo command groups to remove" +msgstr "" + +#: ipaserver/plugins/sudorule.py:749 +msgid "Remove hosts and hostgroups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:1046 +msgid "Remove an option from Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:970 +msgid "Remove group for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:874 +msgid "Remove users and groups for Sudo to execute as." +msgstr "" + +#: ipaserver/plugins/sudorule.py:647 +msgid "Remove users and groups affected by Sudo Rule." +msgstr "" + +#: ipaserver/plugins/sudorule.py:490 +msgid "Display Sudo Rule." +msgstr "" + +#: ipaserver/plugins/pkinit.py:72 ipaserver/plugins/serverrole.py:124 +#: ipaserver/plugins/baseldap.py:1980 ipaserver/plugins/cert.py:1570 +msgid "Time limit of search in seconds (0 is unlimited)" +msgstr "" + +#: ipaserver/plugins/pkinit.py:80 ipaserver/plugins/serverrole.py:132 +#: ipaserver/plugins/baseldap.py:1987 ipaserver/plugins/cert.py:1575 +msgid "Maximum number of entries returned (0 is unlimited)" +msgstr "" + +msgid "" +"\n" +"Manage CA ACL rules.\n" +"\n" +"This plugin is used to define rules governing which principals are\n" +"permitted to have certificates issued using a given certificate\n" +"profile.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a CA ACL \"test\" that grants all users access to the\n" +" \"UserCert\" profile:\n" +" ipa caacl-add test --usercat=all\n" +" ipa caacl-add-profile test --certprofiles UserCert\n" +"\n" +" Display the properties of a named CA ACL:\n" +" ipa caacl-show test\n" +"\n" +" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n" +" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" +" ipa caacl-add-user alice_dnp3 --user=alice\n" +"\n" +" Disable a CA ACL:\n" +" ipa caacl-disable test\n" +"\n" +" Remove a CA ACL:\n" +" ipa caacl-del test\n" +msgstr "" + +msgid "ACL name" +msgstr "" + +msgid "Profile category" +msgstr "" + +msgid "Profile category the ACL applies to" +msgstr "" + +msgid "User category the ACL applies to" +msgstr "" + +msgid "Host category the ACL applies to" +msgstr "" + +msgid "Service category the ACL applies to" +msgstr "" + +#: ipaserver/plugins/internal.py:599 +msgid "Profiles" +msgstr "" + +msgid "Create a new CA ACL." +msgstr "" + +msgid "Add target hosts and hostgroups to a CA ACL." +msgstr "" + +msgid "Add profiles to a CA ACL." +msgstr "" + +msgid "member Certificate Profile" +msgstr "" + +msgid "Certificate Profiles to add" +msgstr "" + +msgid "Add services to a CA ACL." +msgstr "" + +msgid "Add users and groups to a CA ACL." +msgstr "" + +msgid "Delete a CA ACL." +msgstr "" + +msgid "Disable a CA ACL." +msgstr "" + +msgid "Enable a CA ACL." +msgstr "" + +msgid "Search for CA ACLs." +msgstr "" + +msgid "Modify a CA ACL." +msgstr "" + +msgid "Remove target hosts and hostgroups from a CA ACL." +msgstr "" + +msgid "Remove profiles from a CA ACL." +msgstr "" + +msgid "Certificate Profiles to remove" +msgstr "" + +msgid "Remove services from a CA ACL." +msgstr "" + +msgid "Remove users and groups from a CA ACL." +msgstr "" + +msgid "Display the properties of a CA ACL." +msgstr "" + +msgid "Principal for this certificate (e.g. HTTP/test.example.com)" +msgstr "" + +#: ipaserver/plugins/certprofile.py:122 ipaserver/plugins/cert.py:575 +msgid "Profile ID" +msgstr "" + +msgid "Certificate Profile to use" +msgstr "" + +msgid "" +"\n" +"Manage Certificate Profiles\n" +"\n" +"Certificate Profiles are used by Certificate Authority (CA) in the signing " +"of\n" +"certificates to determine if a Certificate Signing Request (CSR) is " +"acceptable,\n" +"and if so what features and extensions will be present on the certificate.\n" +"\n" +"The Certificate Profile format is the property-list format understood by " +"the\n" +"Dogtag or Red Hat Certificate System CA.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Import a profile that will not store issued certificates:\n" +" ipa certprofile-import ShortLivedUserCert --file UserCert.profile " +"--desc \"User Certificates\" --store=false\n" +"\n" +" Delete a certificate profile:\n" +" ipa certprofile-del ShortLivedUserCert\n" +"\n" +" Show information about a profile:\n" +" ipa certprofile-show ShortLivedUserCert\n" +"\n" +" Save profile configuration to a file:\n" +" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" +"\n" +" Search for profiles that do not store certificates:\n" +" ipa certprofile-find --store=false\n" +"\n" +"PROFILE CONFIGURATION FORMAT:\n" +"\n" +"The profile configuration format is the raw property-list format\n" +"used by Dogtag Certificate System. The XML format is not supported.\n" +"\n" +"The following restrictions apply to profiles managed by IPA:\n" +"\n" +"- When importing a profile the \"profileId\" field, if present, must\n" +" match the ID given on the command line.\n" +"\n" +"- The \"classId\" field must be set to \"caEnrollImpl\"\n" +"\n" +"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" +"\n" +"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" +" class must be used.\n" +msgstr "" + +#: ipaserver/plugins/certprofile.py:123 +msgid "Profile ID for referring to this profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:132 +msgid "Profile description" +msgstr "" + +#: ipaserver/plugins/certprofile.py:133 +msgid "Brief description of this profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:138 +msgid "Store issued certificates" +msgstr "" + +#: ipaserver/plugins/certprofile.py:139 +msgid "Whether to store certs issued using this profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:281 +msgid "Delete a Certificate Profile." +msgstr "" + +#: ipaserver/plugins/certprofile.py:188 +msgid "Search for Certificate Profiles." +msgstr "" + +#: ipaserver/plugins/certprofile.py:221 +msgid "Import a Certificate Profile." +msgstr "" + +#: ipaserver/plugins/certprofile.py:226 +msgid "Filename of a raw profile. The XML format is not supported." +msgstr "" + +#: ipaserver/plugins/certprofile.py:304 +msgid "Modify Certificate Profile configuration." +msgstr "" + +#: ipaserver/plugins/certprofile.py:310 +msgid "File containing profile configuration" +msgstr "" + +#: ipaserver/plugins/certprofile.py:200 +msgid "Display the properties of a Certificate Profile." +msgstr "" + +#: ipaserver/plugins/certprofile.py:204 +msgid "Write profile configuration to file" +msgstr "" + +msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)" +msgstr "" + +msgid "Maximum number of records to search (-1 or 0 is unlimited)" +msgstr "" + +#: ipaserver/plugins/domainlevel.py:18 +msgid "" +"\n" +"Raise the IPA Domain Level.\n" +msgstr "" + +#: ipaserver/plugins/domainlevel.py:93 +msgid "Query current Domain Level." +msgstr "" + +#: ipaserver/plugins/domainlevel.py:27 +msgid "Current domain level:" +msgstr "" + +#: ipaserver/plugins/domainlevel.py:117 +msgid "Change current Domain Level." +msgstr "" + +#: ipaserver/plugins/domainlevel.py:124 ipaserver/plugins/internal.py:792 +#: ipaserver/plugins/internal.py:793 +msgid "Domain Level" +msgstr "" + +msgid "Add certificates to host entry" +msgstr "" + +msgid "Remove certificates from host entry" +msgstr "" + +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=1000 --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +msgstr "" + +msgid "" +"\n" +"Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --rid-base\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +" " +msgstr "" + +msgid "" +"\n" +"Modify ID range.\n" +"\n" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +" " +msgstr "" + +#: ipaserver/plugins/idviews.py:80 +msgid "Fallback to AD DC LDAP" +msgstr "" + +#: ipaserver/plugins/idviews.py:81 +msgid "" +"Allow falling back to AD DC LDAP when resolving AD trusted objects. For two-" +"way trusts only." +msgstr "" + +#: ipaserver/plugins/idviews.py:441 +msgid "" +"Applies ID View to specified hosts or current members of specified " +"hostgroups. If any other ID View is applied to the host, it is overridden." +msgstr "" + +#: ipaserver/plugins/migration.py:642 +msgid "Add to default group" +msgstr "" + +#: ipaserver/plugins/migration.py:643 +msgid "Add migrated users without a group to a default group (default: true)" +msgstr "" + +#: ipaserver/plugins/migration.py:650 +msgid "Search scope" +msgstr "" + +#: ipaserver/plugins/migration.py:651 +msgid "" +"LDAP search scope for users and groups: base, onelevel, or subtree. Defaults " +"to onelevel" +msgstr "" + +#: ipaserver/plugins/otptoken.py:469 +msgid "Remove users that can manage this token." +msgstr "" + +#: ipaserver/plugins/permission.py:321 +msgid "Target DN subtree" +msgstr "" + +#: ipaserver/plugins/permission.py:322 +msgid "" +"Optional DN subtree where an entry can be moved to (must be in the subtree, " +"but may not yet exist)" +msgstr "" + +#: ipaserver/plugins/permission.py:329 +msgid "Origin DN subtree" +msgstr "" + +#: ipaserver/plugins/permission.py:330 +msgid "" +"Optional DN subtree from where an entry can be moved (must be in the " +"subtree, but may not yet exist)" +msgstr "" + +msgid "" +"\n" +"IPA servers\n" +"\n" +"Get information about installed IPA servers.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Find all servers:\n" +" ipa server-find\n" +"\n" +" Show specific server:\n" +" ipa server-show ipa.example.com\n" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:112 ipaserver/plugins/pkinit.py:47 +#: ipaserver/plugins/serverrole.py:58 ipaserver/plugins/server.py:103 +msgid "Server name" +msgstr "" + +#: ipaserver/plugins/serverrole.py:59 ipaserver/plugins/server.py:104 +msgid "IPA server hostname" +msgstr "" + +msgid "Managed suffix" +msgstr "" + +msgid "Min domain level" +msgstr "" + +msgid "Minimum domain level" +msgstr "" + +msgid "Max domain level" +msgstr "" + +msgid "Maximum domain level" +msgstr "" + +msgid "Delete IPA server." +msgstr "" + +msgid "Search for IPA servers." +msgstr "" + +msgid "Show IPA server." +msgstr "" + +#: ipaserver/plugins/service.py:1157 +msgid "Add new certificates to a service" +msgstr "" + +#: ipaserver/plugins/service.py:1164 +msgid "Remove certificates from a service" +msgstr "" + +msgid "" +"\n" +"Service Constrained Delegation\n" +"\n" +"Manage rules to allow constrained delegation of credentials so\n" +"that a service can impersonate a user when communicating with another\n" +"service without requiring the user to actually forward their TGT.\n" +"This makes for a much better method of delegating credentials as it\n" +"prevents exposure of the short term secret of the user.\n" +"\n" +"The naming convention is to append the word \"target\" or \"targets\" to\n" +"a matching rule name. This is not mandatory but helps conceptually\n" +"to associate rules and targets.\n" +"\n" +"A rule consists of two things:\n" +" - A list of targets the rule applies to\n" +" - A list of memberPrincipals that are allowed to delegate for\n" +" those targets\n" +"\n" +"A target consists of a list of principals that can be delegated.\n" +"\n" +"In English, a rule says that this principal can delegate as this\n" +"list of principals, as defined by these targets.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new constrained delegation rule:\n" +" ipa servicedelegationrule-add ftp-delegation\n" +"\n" +" Add a new constrained delegation target:\n" +" ipa servicedelegationtarget-add ftp-delegation-target\n" +"\n" +" Add a principal to the rule:\n" +" ipa servicedelegationrule-add-member --principals=ftp/ipa.example." +"com ftp-delegation\n" +"\n" +" Add our target to the rule:\n" +" ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-" +"delegation-target ftp-delegation\n" +"\n" +" Add a principal to the target:\n" +" ipa servicedelegationtarget-add-member --principals=ldap/ipa.example." +"com ftp-delegation-target\n" +"\n" +" Display information about a named delegation rule and target:\n" +" ipa servicedelegationrule_show ftp-delegation\n" +" ipa servicedelegationtarget_show ftp-delegation-target\n" +"\n" +" Remove a constrained delegation:\n" +" ipa servicedelegationrule-del ftp-delegation-target\n" +" ipa servicedelegationtarget-del ftp-delegation\n" +"\n" +"In this example the ftp service can get a TGT for the ldap service on\n" +"the bound user's behalf.\n" +"\n" +"It is strongly discouraged to modify the delegations that ship with\n" +"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n" +"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n" +"to delegate, causing the framework to stop functioning.\n" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:167 +msgid "Allowed Target" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:396 +msgid "Create a new service delegation rule." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:435 +msgid "Add member to a named service delegation rule." +msgstr "" + +msgid "member principal" +msgstr "" + +msgid "principal to add" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:452 +msgid "Add target to a named service delegation rule." +msgstr "" + +msgid "member service delegation target" +msgstr "" + +msgid "service delegation targets to add" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:403 +msgid "Delete service delegation." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:420 +msgid "Search for service delegations rule." +msgstr "" + +msgid "Results should contain primary key attribute only (\"delegation-name\")" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:444 +msgid "Remove member from a named service delegation rule." +msgstr "" + +msgid "principal to remove" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:462 +msgid "Remove target from a named service delegation rule." +msgstr "" + +msgid "service delegation targets to remove" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:430 +msgid "Display information about a named service delegation rule." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:485 +msgid "Create a new service delegation target." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:550 +msgid "Add member to a named service delegation target." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:492 +msgid "Delete service delegation target." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:509 +msgid "Search for service delegation target." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:559 +msgid "Remove member from a named service delegation target." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:545 +msgid "Display information about a named service delegation target." +msgstr "" + +msgid "" +"\n" +"Stageusers\n" +"\n" +"Manage stage user entries.\n" +"\n" +"Stage user entries are directly under the container: \"cn=stage users,\n" +"cn=accounts, cn=provisioning, SUFFIX\".\n" +"User can not authenticate with those entries (even if the entries\n" +"contain credentials) and are candidate to become Active entries.\n" +"\n" +"Active user entries are Posix users directly under the container: " +"\"cn=accounts, SUFFIX\".\n" +"User can authenticate with Active entries, at the condition they have\n" +"credentials\n" +"\n" +"Delete user entries are Posix users directly under the container: " +"\"cn=deleted users,\n" +"cn=accounts, cn=provisioning, SUFFIX\".\n" +"User can not authenticate with those entries (even if the entries contain " +"credentials)\n" +"\n" +"The stage user container contains entries\n" +" - created by 'stageuser-add' commands that are Posix users\n" +" - created by external provisioning system\n" +"\n" +"A valid stage user entry MUST:\n" +" - entry RDN is 'uid'\n" +" - ipaUniqueID is 'autogenerate'\n" +"\n" +"IPA supports a wide range of username formats, but you need to be aware of " +"any\n" +"restrictions that may apply to your particular environment. For example,\n" +"usernames that start with a digit or usernames that exceed a certain length\n" +"may cause problems for some UNIX systems.\n" +"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new stageuser:\n" +" ipa stageuser-add --first=Tim --last=User --password tuser1\n" +"\n" +" Add a stageuser from the Delete container\n" +" ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" +msgstr "" + +#: ipaserver/plugins/stageuser.py:506 +msgid "Activate a stage user." +msgstr "" + +#: ipaserver/plugins/stageuser.py:276 +msgid "Add a new stage user." +msgstr "" + +#: ipaserver/plugins/stageuser.py:286 +msgid "Create Stage user in from a delete user" +msgstr "" + +#: ipaserver/plugins/stageuser.py:429 +msgid "Delete a stage user." +msgstr "" + +#: ipaserver/plugins/stageuser.py:457 +msgid "Search for stage users." +msgstr "" + +msgid "Search for stage users with these member of groups." +msgstr "" + +msgid "Search for stage users without these member of groups." +msgstr "" + +msgid "Search for stage users with these member of netgroups." +msgstr "" + +msgid "Search for stage users without these member of netgroups." +msgstr "" + +msgid "Search for stage users with these member of roles." +msgstr "" + +msgid "Search for stage users without these member of roles." +msgstr "" + +msgid "Search for stage users with these member of HBAC rules." +msgstr "" + +msgid "Search for stage users without these member of HBAC rules." +msgstr "" + +msgid "Search for stage users with these member of sudo rules." +msgstr "" + +msgid "Search for stage users without these member of sudo rules." +msgstr "" + +#: ipaserver/plugins/stageuser.py:435 +msgid "Modify a stage user." +msgstr "" + +msgid "Rename the stage user object" +msgstr "" + +#: ipaserver/plugins/stageuser.py:489 +msgid "Display information about a stage user." +msgstr "" + +msgid "" +"\n" +"Topology\n" +"\n" +"Management of a replication topology.\n" +"\n" +"Requires minimum domain level 1.\n" +msgstr "" + +#: ipaserver/plugins/topology.py:128 +msgid "Segment name" +msgstr "" + +#: ipaserver/plugins/topology.py:132 +msgid "Arbitrary string identifying the segment" +msgstr "" + +#: ipaserver/plugins/topology.py:140 +msgid "Left node" +msgstr "" + +#: ipaserver/plugins/topology.py:142 +msgid "Left replication node - an IPA server" +msgstr "" + +#: ipaserver/plugins/topology.py:151 +msgid "Right node" +msgstr "" + +#: ipaserver/plugins/topology.py:153 +msgid "Right replication node - an IPA server" +msgstr "" + +#: ipaserver/plugins/topology.py:159 +msgid "Connectivity" +msgstr "" + +#: ipaserver/plugins/topology.py:163 +msgid "Direction of replication between left and right replication node" +msgstr "" + +#: ipaserver/plugins/topology.py:170 +msgid "Attributes to strip" +msgstr "" + +#: ipaserver/plugins/topology.py:172 +msgid "" +"A space separated list of attributes which are removed from replication " +"updates." +msgstr "" + +msgid "Attributes to replicate" +msgstr "" + +#: ipaserver/plugins/topology.py:179 +msgid "" +"Attributes that are not replicated to a consumer server during a fractional " +"update. E.g., `(objectclass=*) $ EXCLUDE accountlockout memberof" +msgstr "" + +#: ipaserver/plugins/topology.py:186 +msgid "Attributes for total update" +msgstr "" + +#: ipaserver/plugins/topology.py:187 +msgid "" +"Attributes that are not replicated to a consumer server during a total " +"update. E.g. (objectclass=*) $ EXCLUDE accountlockout" +msgstr "" + +#: ipaserver/plugins/topology.py:194 +msgid "Session timeout" +msgstr "" + +#: ipaserver/plugins/topology.py:196 +msgid "" +"Number of seconds outbound LDAP operations waits for a response from the " +"remote replica before timing out and failing" +msgstr "" + +#: ipaserver/plugins/topology.py:203 +msgid "Replication agreement enabled" +msgstr "" + +#: ipaserver/plugins/topology.py:204 +msgid "" +"Whether a replication agreement is active, meaning whether replication is " +"occurring per that agreement" +msgstr "" + +#: ipaserver/plugins/topology.py:420 +msgid "Suffix name" +msgstr "" + +msgid "LDAP suffix to be managed" +msgstr "" + +#: ipaserver/plugins/topology.py:287 +msgid "Add a new segment." +msgstr "" + +#: ipaserver/plugins/topology.py:300 +msgid "Delete a segment." +msgstr "" + +#: ipaserver/plugins/topology.py:277 +msgid "Search for topology segments." +msgstr "" + +#: ipaserver/plugins/topology.py:312 +msgid "Modify a segment." +msgstr "" + +#: ipaserver/plugins/topology.py:325 +msgid "" +"Request a full re-initialization of the node retrieving data from the other " +"node." +msgstr "" + +#: ipaserver/plugins/topology.py:334 +msgid "Initialize left node" +msgstr "" + +#: ipaserver/plugins/topology.py:339 +msgid "Initialize right node" +msgstr "" + +#: ipaserver/plugins/topology.py:344 +msgid "Stop already started refresh of chosen node(s)" +msgstr "" + +#: ipaserver/plugins/topology.py:398 +msgid "Display a segment." +msgstr "" + +#: ipaserver/plugins/topology.py:456 +msgid "Add a new topology suffix to be managed." +msgstr "" + +#: ipaserver/plugins/topology.py:442 +msgid "Delete a topology suffix." +msgstr "" + +msgid "Search for topology suffices." +msgstr "" + +#: ipaserver/plugins/topology.py:470 +msgid "Modify a topology suffix." +msgstr "" + +#: ipaserver/plugins/topology.py:484 +msgid "Show managed suffix." +msgstr "" + +msgid "" +"\n" +"Verify replication topology for suffix.\n" +"\n" +"Checks done:\n" +" 1. check if a topology is not disconnected. In other words if there are\n" +" replication paths between all servers.\n" +" 2. check if servers don't have more than the recommended number of\n" +" replication agreements\n" +" " +msgstr "" + +#: ipaserver/plugins/trust.py:718 +msgid "Two-way trust" +msgstr "" + +msgid "" +"Establish bi-directional trust. By default trust is inbound one-way only." +msgstr "" + +#: ipaserver/plugins/user.py:1173 +msgid "Preserved user" +msgstr "" + +msgid "Add one or more certificates to the user entry" +msgstr "" + +msgid "Remove one or more certificates to the user entry" +msgstr "" + +msgid "Move deleted user into staged area" +msgstr "" + +msgid "Undelete a delete user account." +msgstr "" + +msgid "" +"\n" +"Vaults\n" +"\n" +"Manage vaults.\n" +"\n" +"Vault is a secure place to store a secret.\n" +"\n" +"Based on the ownership there are three vault categories:\n" +"* user/private vault\n" +"* service vault\n" +"* shared vault\n" +"\n" +"User vaults are vaults owned used by a particular user. Private\n" +"vaults are vaults owned the current user. Service vaults are\n" +"vaults owned by a service. Shared vaults are owned by the admin\n" +"but they can be used by other users or services.\n" +"\n" +"Based on the security mechanism there are three types of\n" +"vaults:\n" +"* standard vault\n" +"* symmetric vault\n" +"* asymmetric vault\n" +"\n" +"Standard vault uses a secure mechanism to transport and\n" +"store the secret. The secret can only be retrieved by users\n" +"that have access to the vault.\n" +"\n" +"Symmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a password before transport.\n" +"The secret can only be retrieved using the same password.\n" +"\n" +"Asymmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a public key before transport.\n" +"The secret can only be retrieved using the private key.\n" +"\n" +"EXAMPLES:\n" +"\n" +" List vaults:\n" +" ipa vault-find\n" +" [--user |--service |--shared]\n" +"\n" +" Add a standard vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type standard\n" +"\n" +" Add a symmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type symmetric --password-file password.txt\n" +"\n" +" Add an asymmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type asymmetric --public-key-file public.pem\n" +"\n" +" Show a vault:\n" +" ipa vault-show \n" +" [--user |--service |--shared]\n" +"\n" +" Modify vault description:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --desc \n" +"\n" +" Modify vault type:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --type \n" +" [old password/private key]\n" +" [new password/public key]\n" +"\n" +" Modify symmetric vault password:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --change-password\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password \n" +" --new-password \n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password-file \n" +" --new-password-file \n" +"\n" +" Modify asymmetric vault keys:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --private-key-file \n" +" --public-key-file \n" +"\n" +" Delete a vault:\n" +" ipa vault-del \n" +" [--user |--service |--shared]\n" +"\n" +" Display vault configuration:\n" +" ipa vaultconfig-show\n" +"\n" +" Archive data into standard vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +"\n" +" Archive data into symmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +" --password-file password.txt\n" +"\n" +" Archive data into asymmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +"\n" +" Retrieve data from standard vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +"\n" +" Retrieve data from symmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +" --password-file password.txt\n" +"\n" +" Retrieve data from asymmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out --private-key-file private.pem\n" +"\n" +" Add vault owners:\n" +" ipa vault-add-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +"\n" +" Delete vault owners:\n" +" ipa vault-remove-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +"\n" +" Add vault members:\n" +" ipa vault-add-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +"\n" +" Delete vault members:\n" +" ipa vault-remove-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +msgid "Vault name" +msgstr "" + +msgid "Vault description" +msgstr "" + +msgid "Vault type" +msgstr "" + +msgid "Salt" +msgstr "" + +msgid "Vault salt" +msgstr "" + +msgid "Public key" +msgstr "" + +msgid "Vault public key" +msgstr "" + +#: ipaserver/plugins/vault.py:620 +msgid "Owner users" +msgstr "" + +#: ipaserver/plugins/vault.py:625 +msgid "Owner groups" +msgstr "" + +#: ipaserver/plugins/vault.py:630 +msgid "Owner services" +msgstr "" + +#: ipaserver/plugins/vault.py:325 ipaserver/plugins/vault.py:635 +msgid "Failed owners" +msgstr "" + +#: ipaserver/plugins/vault.py:640 +msgid "Vault service" +msgstr "" + +#: ipaserver/plugins/vault.py:334 ipaserver/plugins/vault.py:645 +msgid "Shared vault" +msgstr "" + +#: ipaserver/plugins/vault.py:650 +msgid "Vault user" +msgstr "" + +msgid "Transport Certificate" +msgstr "" + +msgid "Service name of the service vault" +msgstr "" + +msgid "Username of the user vault" +msgstr "" + +msgid "Add members to a vault." +msgstr "" + +msgid "Add owners to a vault." +msgstr "" + +msgid "owner user" +msgstr "" + +msgid "owner group" +msgstr "" + +msgid "owner service" +msgstr "" + +#: ipaserver/plugins/vault.py:1211 +msgid "Owners that could not be added" +msgstr "" + +#: ipaserver/plugins/vault.py:1216 +msgid "Number of owners added" +msgstr "" + +#: ipaserver/plugins/vault.py:1127 +msgid "Session key wrapped with transport certificate" +msgstr "" + +msgid "Vault data encrypted with session key" +msgstr "" + +msgid "Nonce" +msgstr "" + +msgid "Delete a vault." +msgstr "" + +msgid "Search for vaults." +msgstr "" + +msgid "List all service vaults" +msgstr "" + +msgid "List all user vaults" +msgstr "" + +msgid "Remove members from a vault." +msgstr "" + +msgid "Remove owners from a vault." +msgstr "" + +#: ipaserver/plugins/vault.py:1236 +msgid "Owners that could not be removed" +msgstr "" + +#: ipaserver/plugins/vault.py:1241 +msgid "Number of owners removed" +msgstr "" + +msgid "Display information about a vault." +msgstr "" + +msgid "Show vault configuration." +msgstr "" + +msgid "Output file to store the transport certificate" +msgstr "" + +msgid "Add owners to a vault container." +msgstr "" + +msgid "Delete a vault container." +msgstr "" + +msgid "Remove owners from a vault container." +msgstr "" + +msgid "Display information about a vault container." +msgstr "" + +msgid "Resolve a host name in DNS. (Deprecated)" +msgstr "" + +msgid "Hostname (FQDN)" +msgstr "" + +msgid "Force DNS zone creation even if it will overlap with an existing zone." +msgstr "" + +msgid "" +"Force DNS zone creation even if nameserver is not resolvable. (Deprecated)" +msgstr "" + +msgid "" +"\n" +"Groups of users\n" +"\n" +"Manage groups of users. By default, new groups are POSIX groups. You\n" +"can add the --nonposix option to the group-add command to mark a new group\n" +"as non-POSIX. You can use the --posix argument with the group-mod command\n" +"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add multiple users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1 --users=test2 localadmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\n" +"ame, or name@domain format. IPA will attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +msgstr "" + +msgid "" +"\n" +"Simulate use of Host-based access controls\n" +"\n" +"HBAC rules control who can access what services on what hosts.\n" +"You can use HBAC to control which users or groups can access a service,\n" +"or group of services, on a target host.\n" +"\n" +"Since applying HBAC rules implies use of a production environment,\n" +"this plugin aims to provide simulation of HBAC rules evaluation without\n" +"having access to the production environment.\n" +"\n" +" Test user coming to a service on a named host against\n" +" existing enabled rules.\n" +"\n" +" ipa hbactest --user= --host= --service=\n" +" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" +" [--sizelimit= ]\n" +"\n" +" --user, --host, and --service are mandatory, others are optional.\n" +"\n" +" If --rules is specified simulate enabling of the specified rules and test\n" +" the login of the user using only these rules.\n" +"\n" +" If --enabled is specified, all enabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --disabled is specified, all disabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --nodetail is specified, do not return information about rules matched/" +"not matched.\n" +"\n" +" If both --rules and --enabled are specified, apply simulation to --rules " +"_and_\n" +" all IPA enabled rules.\n" +"\n" +" If no --rules specified, simulation is run against all IPA enabled rules.\n" +" By default there is a IPA-wide limit to number of entries fetched, you can " +"change it\n" +" with --sizelimit option.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Use all enabled HBAC rules in IPA database to simulate:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 2. Disable detailed summary of how rules were applied:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +"\n" +" 3. Test explicitly specified HBAC rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --" +"rules=myrule --rules=my-second-rule\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: myrule\n" +"\n" +" 4. Use all enabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --" +"rules=myrule --rules=my-second-rule --enabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 5. Test all disabled HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: new-rule\n" +"\n" +" 6. Test all disabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --" +"rules=myrule --rules=my-second-rule --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +"\n" +" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled " +"--disabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Not matched rules: new-rule\n" +" Matched rules: allow_all\n" +"\n" +"\n" +"HBACTEST AND TRUSTED DOMAINS\n" +"\n" +"When an external trusted domain is configured in IPA, HBAC rules are also " +"applied\n" +"on users accessing IPA resources from the trusted domain. Trusted domain " +"users and\n" +"groups (and their SIDs) can be then assigned to external groups which can " +"be\n" +"members of POSIX groups in IPA which can be used in HBAC rules and thus " +"allowing\n" +"access to resources protected by the HBAC system.\n" +"\n" +"hbactest plugin is capable of testing access for both local IPA users and " +"users\n" +"from the trusted domains, either by a fully qualified user name or by user " +"SID.\n" +"Such user names need to have a trusted domain specified as a short name\n" +"(DOMAIN\\Administrator) or with a user principal name (UPN), " +"Administrator@ad.test.\n" +"\n" +"Please note that hbactest executed with a trusted domain user as --user " +"parameter\n" +"can be only run by members of \"trust admins\" group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Test if a user from a trusted domain specified by its shortname " +"matches any\n" +" rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 2. Test if a user from a trusted domain specified by its domain name " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 3. Test if a user from a trusted domain specified by its SID matches any " +"rule:\n" +"\n" +" $ ipa hbactest --user " +"S-1-5-21-3035198329-144811719-1378114514-500 --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 4. Test if other user from a trusted domain specified by its SID matches " +"any rule:\n" +"\n" +" $ ipa hbactest --user " +"S-1-5-21-3035198329-144811719-1378114514-1203 --host `hostname` " +"--service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +"\n" +" 5. Test if other user from a trusted domain specified by its shortname " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " +"sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +msgstr "" + +msgid "Managed suffixes" +msgstr "" + +msgid "Check connection to remote IPA server." +msgstr "" + +#: ipaserver/plugins/trust.py:1849 +msgid "Remote server name" +msgstr "" + +#: ipaserver/plugins/trust.py:1850 +msgid "Remote IPA server hostname" +msgstr "" + +#: ipaserver/plugins/topology.py:407 +msgid "suffix" +msgstr "" + +msgid "Search for servers with these managed suffixes." +msgstr "" + +msgid "Search for servers without these managed suffixes." +msgstr "" + +#: ipaserver/plugins/stageuser.py:774 +msgid "Add a manager to the stage user entry" +msgstr "" + +#: ipaserver/plugins/stageuser.py:779 +msgid "Remove a manager to the stage user entry" +msgstr "" + +msgid "" +"\n" +"Topology\n" +"\n" +"Management of a replication topology at domain level 1.\n" +"\n" +"IPA server's data is stored in LDAP server in two suffixes:\n" +"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " +"data\n" +"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" +" contains data for Certificate Server component\n" +"\n" +"Data stored on IPA servers is replicated to other IPA servers. The way it " +"is\n" +"replicated is defined by replication agreements. Replication agreements " +"needs\n" +"to be set for both suffixes separately. On domain level 0 they are managed\n" +"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " +"1\n" +"they are managed centrally using `ipa topology*` commands.\n" +"\n" +"Agreements are represented by topology segments. By default topology " +"segment\n" +"represents 2 replication agreements - one for each direction, e.g., A to B " +"and\n" +"B to A. Creation of unidirectional segments is not allowed.\n" +"\n" +"To verify that no server is disconnected in the topology of the given " +"suffix,\n" +"use:\n" +" ipa topologysuffix-verify $suffix\n" +"\n" +"\n" +"Examples:\n" +" Find all IPA servers:\n" +" ipa server-find\n" +"\n" +" Find all suffixes:\n" +" ipa topologysuffix-find\n" +"\n" +" Add topology segment to 'domain' suffix:\n" +" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" +"\n" +" Add topology segment to 'ca' suffix:\n" +" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" +"\n" +" List all topology segments in 'domain' suffix:\n" +" ipa topologysegment-find domain\n" +"\n" +" List all topology segments in 'ca' suffix:\n" +" ipa topologysegment-find ca\n" +"\n" +" Delete topology segment in 'domain' suffix:\n" +" ipa topologysegment-del domain segment_name\n" +"\n" +" Delete topology segment in 'ca' suffix:\n" +" ipa topologysegment-del ca segment_name\n" +"\n" +" Verify topology of 'domain' suffix:\n" +" ipa topologysuffix-verify domain\n" +"\n" +" Verify topology of 'ca' suffix:\n" +" ipa topologysuffix-verify ca\n" +msgstr "" + +#: ipaserver/plugins/topology.py:425 +msgid "Managed LDAP suffix DN" +msgstr "" + +#: ipaserver/plugins/topology.py:432 +msgid "Search for topology suffixes." +msgstr "" + +msgid "Add a manager to the user entry" +msgstr "" + +msgid "Remove a manager to the user entry" +msgstr "" + +msgid "" +"\n" +"Directory Server Access Control Instructions (ACIs)\n" +"\n" +"ACIs are used to allow or deny access to information. This module is\n" +"currently designed to allow, not deny, access.\n" +"\n" +"The aci commands are designed to grant permissions that allow updating\n" +"existing entries or adding or deleting new ones. The goal of the ACIs\n" +"that ship with IPA is to provide a set of low-level permissions that\n" +"grant access to special groups called taskgroups. These low-level\n" +"permissions can be combined into roles that grant broader access. These\n" +"roles are another type of group, roles.\n" +"\n" +"For example, if you have taskgroups that allow adding and modifying users " +"you\n" +"could create a role, useradmin. You would assign users to the useradmin\n" +"role to allow them to do the operations defined by the taskgroups.\n" +"\n" +"You can create ACIs that delegate permission so users in group A can write\n" +"attributes on group B.\n" +"\n" +"The type option is a map that applies to all entries in the users, groups " +"or\n" +"host location. It is primarily designed to be used when granting add\n" +"permissions (to write new entries).\n" +"\n" +"An ACI consists of three parts:\n" +"1. target\n" +"2. permissions\n" +"3. bind rules\n" +"\n" +"The target is a set of rules that define which LDAP objects are being\n" +"targeted. This can include a list of attributes, an area of that LDAP\n" +"tree or an LDAP filter.\n" +"\n" +"The targets include:\n" +"- attrs: list of attributes affected\n" +"- type: an object type (user, group, host, service, etc)\n" +"- memberof: members of a group\n" +"- targetgroup: grant access to modify a specific group. This is primarily\n" +" designed to enable users to add or remove members of a specific group.\n" +"- filter: A legal LDAP filter used to narrow the scope of the target.\n" +"- subtree: Used to apply a rule across an entire set of objects. For " +"example,\n" +" to allow adding users you need to grant \"add\" permission to the subtree\n" +" ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n" +" is a fail-safe for objects that may not be covered by the type option.\n" +"\n" +"The permissions define what the ACI is allowed to do, and are one or\n" +"more of:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. add - add a new entry to the tree\n" +"4. delete - delete an existing entry\n" +"5. all - all permissions are granted\n" +"\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" +"\n" +"The bind rule defines who this ACI grants permissions to. The LDAP server\n" +"allows this to be any valid LDAP entry but we encourage the use of\n" +"taskgroups so that the rights can be easily shared through roles.\n" +"\n" +"For a more thorough description of access controls see\n" +"http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control." +"html\n" +"\n" +"EXAMPLES:\n" +"\n" +"NOTE: ACIs are now added via the permission plugin. These examples are to\n" +"demonstrate how the various options work but this is done via the " +"permission\n" +"command-line now (see last example).\n" +"\n" +" Add an ACI so that the group \"secretaries\" can update the address on any " +"user:\n" +" ipa group-add --desc=\"Office secretaries\" secretaries\n" +" ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries " +"--permissions=write --prefix=none \"Secretaries write addresses\"\n" +"\n" +" Show the new ACI:\n" +" ipa aci-show --prefix=none \"Secretaries write addresses\"\n" +"\n" +" Add an ACI that allows members of the \"addusers\" permission to add new " +"users:\n" +" ipa aci-add --type=user --permission=addusers --permissions=add --" +"prefix=none \"Add new users\"\n" +"\n" +" Add an ACI that allows members of the editors manage members of the admins " +"group:\n" +" ipa aci-add --permissions=write --attrs=member --targetgroup=admins --" +"group=editors --prefix=none \"Editors manage admins\"\n" +"\n" +" Add an ACI that allows members of the admins group to manage the street and " +"zip code of those in the editors group:\n" +" ipa aci-add --permissions=write --memberof=editors --group=admins --" +"attrs=street,postalcode --prefix=none \"admins edit the address of " +"editors\"\n" +"\n" +" Add an ACI that allows the admins group manage the street and zipcode of " +"those who work for the boss:\n" +" ipa aci-add --permissions=write --group=admins --attrs=street,postalcode " +"--filter=\"(manager=uid=boss,cn=users,cn=accounts,dc=example,dc=com)\" --" +"prefix=none \"Edit the address of those who work for the boss\"\n" +"\n" +" Add an entirely new kind of record to IPA that isn't covered by any of the " +"--type options, creating a permission:\n" +" ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange," +"cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n" +"\n" +"\n" +"The show command shows the raw 389-ds ACI.\n" +"\n" +"IMPORTANT: When modifying the target attributes of an existing ACI you\n" +"must include all existing attributes as well. When doing an aci-mod the\n" +"targetattr REPLACES the current attributes, it does not add to them.\n" +msgstr "" + +msgid "" +"comma-separated list of permissions to grant(read, write, add, delete, all)" +msgstr "" + +msgid "Comma-separated list of attributes" +msgstr "" + +msgid "" +"\n" +"Auto Membership Rule.\n" +"\n" +"Bring clarity to the membership of hosts and users by configuring inclusive\n" +"or exclusive regex patterns, you can automatically assign a new entries " +"into\n" +"a group or hostgroup based upon attribute information.\n" +"\n" +"A rule is directly associated with a group by name, so you cannot create\n" +"a rule without an accompanying group or hostgroup.\n" +"\n" +"A condition is a regular expression used by 389-ds to match a new incoming\n" +"entry with an automember rule. If it matches an inclusive rule then the\n" +"entry is added to the appropriate group or hostgroup.\n" +"\n" +"A default group or hostgroup could be specified for entries that do not\n" +"match any rule. In case of user entries this group will be a fallback group\n" +"because all users are by default members of group specified in IPA config.\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add the initial group or hostgroup:\n" +" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" +" ipa group-add --desc=\"Developers\" devel\n" +"\n" +" Add the initial rule:\n" +" ipa automember-add --type=hostgroup webservers\n" +" ipa automember-add --type=group devel\n" +"\n" +" Add a condition to the rule:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +" ipa automember-add-condition --key=manager --type=group --inclusive-" +"regex=^uid=mscott devel\n" +"\n" +" Add an exclusive condition to the rule to prevent auto assignment:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" +"regex=^web5\\.example\\.com webservers\n" +"\n" +" Add a host:\n" +" ipa host-add web1.example.com\n" +"\n" +" Add a user:\n" +" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" +"\n" +" Verify automembership:\n" +" ipa hostgroup-show webservers\n" +" Host-group: webservers\n" +" Description: Web Servers\n" +" Member hosts: web1.example.com\n" +"\n" +" ipa group-show devel\n" +" Group name: devel\n" +" Description: Developers\n" +" GID: 1004200000\n" +" Member users: tuser\n" +"\n" +" Remove a condition from the rule:\n" +" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +"\n" +" Modify the automember rule:\n" +" ipa automember-mod\n" +"\n" +" Set the default (fallback) target group:\n" +" ipa automember-default-group-set --default-group=webservers --" +"type=hostgroup\n" +" ipa automember-default-group-set --default-group=ipausers --type=group\n" +"\n" +" Remove the default (fallback) target group:\n" +" ipa automember-default-group-remove --type=hostgroup\n" +" ipa automember-default-group-remove --type=group\n" +"\n" +" Show the default (fallback) target group:\n" +" ipa automember-default-group-show --type=hostgroup\n" +" ipa automember-default-group-show --type=group\n" +"\n" +" Find all of the automember rules:\n" +" ipa automember-find\n" +"\n" +" Display a automember rule:\n" +" ipa automember-show --type=hostgroup webservers\n" +" ipa automember-show --type=group devel\n" +"\n" +" Delete an automember rule:\n" +" ipa automember-del --type=hostgroup webservers\n" +" ipa automember-del --type=group devel\n" +msgstr "" + +msgid "" +"\n" +"IPA certificate operations\n" +"\n" +"Implements a set of commands for managing server SSL certificates.\n" +"\n" +"Certificate requests exist in the form of a Certificate Signing Request " +"(CSR)\n" +"in PEM format.\n" +"\n" +"If using the selfsign back end then the subject in the CSR needs to match\n" +"the subject configured in the server. The dogtag CA uses just the CN\n" +"value of the CSR and forces the rest of the subject.\n" +"\n" +"A certificate is stored with a service principal and a service principal\n" +"needs a host.\n" +"\n" +"In order to request a certificate:\n" +"\n" +"* The host must exist\n" +"* The service must exist (or you use the --add option to automatically add " +"it)\n" +"\n" +"EXAMPLES:\n" +"\n" +" Request a new certificate and add the principal:\n" +" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" +"\n" +" Retrieve an existing certificate:\n" +" ipa cert-show 1032\n" +"\n" +" Revoke a certificate (see RFC 5280 for reason details):\n" +" ipa cert-revoke --revocation-reason=6 1032\n" +"\n" +" Remove a certificate from revocation hold status:\n" +" ipa cert-remove-hold 1032\n" +"\n" +" Check the status of a signing request:\n" +" ipa cert-status 10\n" +"\n" +"IPA currently immediately issues (or declines) all certificate requests so\n" +"the status of a request is not normally useful. This is for future use\n" +"or the case where a CA does not immediately issue a certificate.\n" +"\n" +"The following revocation reasons are supported:\n" +"\n" +" * 0 - unspecified\n" +" * 1 - keyCompromise\n" +" * 2 - cACompromise\n" +" * 3 - affiliationChanged\n" +" * 4 - superseded\n" +" * 5 - cessationOfOperation\n" +" * 6 - certificateHold\n" +" * 8 - removeFromCRL\n" +" * 9 - privilegeWithdrawn\n" +" * 10 - aACompromise\n" +"\n" +"Note that reason code 7 is not used. See RFC 5280 for more details:\n" +"\n" +"http://www.ietf.org/rfc/rfc5280.txt\n" +msgstr "" + +msgid "" +"\n" +"Group to Group Delegation\n" +"\n" +"A permission enables fine-grained delegation of permissions. Access Control\n" +"Rules, or instructions (ACIs), grant permission to permissions to perform\n" +"given tasks such as adding a user, modifying a group, etc.\n" +"\n" +"Group to Group Delegations grants the members of one group to update a set\n" +"of attributes of members of another group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a delegation rule to allow managers to edit employee's addresses:\n" +" ipa delegation-add --attrs=street --group=managers --" +"membergroup=employees \"managers edit employees' street\"\n" +"\n" +" When managing the list of attributes you need to include all attributes\n" +" in the list, including existing ones. Add postalCode to the list:\n" +" ipa delegation-mod --attrs=street,postalCode --group=managers --" +"membergroup=employees \"managers edit employees' street\"\n" +"\n" +" Display our updated rule:\n" +" ipa delegation-show \"managers edit employees' street\"\n" +"\n" +" Delete a rule:\n" +" ipa delegation-del \"managers edit employees' street\"\n" +msgstr "" + +msgid "" +"Comma-separated list of permissions to grant (read, write). Default is write." +msgstr "" + +msgid "" +"\n" +"Domain Name System (DNS)\n" +"\n" +"Manage DNS zone and resource records.\n" +"\n" +"\n" +"USING STRUCTURED PER-TYPE OPTIONS\n" +"\n" +"There are many structured DNS RR types where DNS data stored in LDAP server\n" +"is not just a scalar value, for example an IP address or a domain name, but\n" +"a data structure which may be often complex. A good example is a LOC record\n" +"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" +"minutes, seconds of latitude and longitude, altitude or precision).\n" +"\n" +"It may be difficult to manipulate such DNS records without making a mistake\n" +"and entering an invalid value. DNS module provides an abstraction over " +"these\n" +"raw records and allows to manipulate each RR type with specific options. " +"For\n" +"each supported RR type, DNS module provides a standard option to manipulate\n" +"a raw records with format ---rec, e.g. --mx-rec, and special " +"options\n" +"for every part of the RR structure with format ---, e.g.\n" +"--mx-preference and --mx-exchanger.\n" +"\n" +"When adding a record, either RR specific options or standard option for a " +"raw\n" +"value can be used, they just should not be combined in one add operation. " +"When\n" +"modifying an existing entry, new RR specific options can be used to change\n" +"one part of a DNS record, where the standard option for raw value is used\n" +"to specify the modified value. The following example demonstrates\n" +"a modification of MX record preference from 0 to 1 in a record without\n" +"modifying the exchanger:\n" +"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add new zone:\n" +" ipa dnszone-add example.com --name-" +"server=ns --admin-email=admin@example." +"com --ip-address=10.0.0.1\n" +"\n" +" Add system permission that can be used for per-zone privilege delegation:\n" +" ipa dnszone-add-permission example.com\n" +"\n" +" Modify the zone to allow dynamic updates for hosts own records in realm " +"EXAMPLE.COM:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE\n" +"\n" +" This is the equivalent of:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE --update-" +"policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * " +"AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" +"\n" +" Modify the zone to allow zone transfers for local network only:\n" +" ipa dnszone-mod example.com --allow-transfer=10.0.0.0/8\n" +"\n" +" Add new reverse zone specified by network IP address:\n" +" ipa dnszone-add --name-from-ip=80.142.15.0/24 --name-" +"server=ns.example.com.\n" +"\n" +" Add second nameserver for example.com:\n" +" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" +"\n" +" Add a mail server for example.com:\n" +" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" +"\n" +" Add another record using MX record specific options:\n" +" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" +"\n" +" Add another record using interactive mode (started when dnsrecord-add, " +"dnsrecord-mod,\n" +" or dnsrecord-del are executed with no options):\n" +" ipa dnsrecord-add example.com @\n" +" Please choose a type of DNS resource record to be added\n" +" The most common types for this type of zone are: NS, MX, LOC\n" +"\n" +" DNS resource record type: MX\n" +" MX Preference: 30\n" +" MX Exchanger: mail3\n" +" Record name: example.com\n" +" MX record: 10 mail1, 20 mail2, 30 mail3\n" +" NS record: nameserver.example.com., nameserver2.example.com.\n" +"\n" +" Delete previously added nameserver from example.com:\n" +" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" +"\n" +" Add LOC record for example.com:\n" +" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " +"227.64m\"\n" +"\n" +" Add new A record for www.example.com. Create a reverse record in " +"appropriate\n" +" reverse zone as well. In this case a PTR record \"2\" pointing to www." +"example.com\n" +" will be created in zone 15.142.80.in-addr.arpa.\n" +" ipa dnsrecord-add example.com www --a-rec=80.142.15.2 --a-create-reverse\n" +"\n" +" Add new PTR record for www.example.com\n" +" ipa dnsrecord-add 15.142.80.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" +"\n" +" Add new SRV records for LDAP servers. Three quarters of the requests\n" +" should go to fast.example.com, one quarter to slow.example.com. If neither\n" +" is available, switch to backup.example.com.\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." +"example.com\"\n" +"\n" +" The interactive mode can be used for easy modification:\n" +" ipa dnsrecord-mod example.com _ldap._tcp\n" +" No option to modify specific record provided.\n" +" Current DNS record contents:\n" +"\n" +" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " +"backup.example.com\n" +"\n" +" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" +" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" +" SRV Priority [0]: (keep the default value)\n" +" SRV Weight [1]: 2 (modified value)\n" +" SRV Port [389]: (keep the default value)\n" +" SRV Target [slow.example.com]: (keep the default value)\n" +" 1 SRV record skipped. Only one value per DNS record type can be modified " +"at one time.\n" +" Record name: _ldap._tcp\n" +" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " +"389 slow.example.com\n" +"\n" +" After this modification, three fifths of the requests should go to\n" +" fast.example.com and two fifths to slow.example.com.\n" +"\n" +" An example of the interactive mode for dnsrecord-del command:\n" +" ipa dnsrecord-del example.com www\n" +" No option to delete specific record provided.\n" +" Delete all? Yes/No (default No): (do not delete all records)\n" +" Current DNS record contents:\n" +"\n" +" A record: 1.2.3.4, 11.22.33.44\n" +"\n" +" Delete A record '1.2.3.4'? Yes/No (default No):\n" +" Delete A record '11.22.33.44'? Yes/No (default No): y\n" +" Record name: www\n" +" A record: 1.2.3.4 (A record 11.22.33.44 has been " +"deleted)\n" +"\n" +" Show zone example.com:\n" +" ipa dnszone-show example.com\n" +"\n" +" Find zone with \"example\" in its domain name:\n" +" ipa dnszone-find example\n" +"\n" +" Find records for resources with \"www\" in their name in zone example.com:\n" +" ipa dnsrecord-find example.com www\n" +"\n" +" Find A records with value 10.10.0.1 in zone example.com\n" +" ipa dnsrecord-find example.com --a-rec=10.10.0.1\n" +"\n" +" Show records for resource www in zone example.com\n" +" ipa dnsrecord-show example.com www\n" +"\n" +" Delegate zone sub.example to another nameserver:\n" +" ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5\n" +" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +"\n" +" If global forwarder is configured, all requests to sub.example.com will be\n" +" routed through the global forwarder. To change the behavior for example." +"com\n" +" zone only and forward the request directly to ns.sub.example.com., global\n" +" forwarding may be disabled per-zone:\n" +" ipa dnszone-mod example.com --forward-policy=none\n" +"\n" +" Forward all requests for the zone external.com to another nameserver using\n" +" a \"first\" policy (it will send the queries to the selected forwarder and " +"if\n" +" not answered it will use global resolvers):\n" +" ipa dnszone-add external.com\n" +" ipa dnszone-mod external.com --" +"forwarder=10.20.0.1 --forward-policy=first\n" +"\n" +" Delete zone example.com with all resource records:\n" +" ipa dnszone-del example.com\n" +"\n" +" Resolve a host name to see if it exists (will add default IPA domain\n" +" if one is not included):\n" +" ipa dns-resolve www.example.com\n" +" ipa dns-resolve www\n" +"\n" +"\n" +"GLOBAL DNS CONFIGURATION\n" +"\n" +"DNS configuration passed to command line install script is stored in a " +"local\n" +"configuration file on each IPA server where DNS service is configured. " +"These\n" +"local settings can be overridden with a common configuration stored in LDAP\n" +"server:\n" +"\n" +" Show global DNS configuration:\n" +" ipa dnsconfig-show\n" +"\n" +" Modify global DNS configuration and set a list of global forwarders:\n" +" ipa dnsconfig-mod --forwarder=10.0.0.1\n" +msgstr "" + +msgid "" +"A list of global forwarders. A custom port can be specified for each " +"forwarder using a standard format \"IP_ADDRESS port PORT\"" +msgstr "" + +msgid "An interval between regular polls of the name server for new DNS zones" +msgstr "" + +msgid "DNS class" +msgstr "" + +msgid "Comma-separated list of raw A records" +msgstr "" + +msgid "Comma-separated list of raw AAAA records" +msgstr "" + +msgid "Comma-separated list of raw A6 records" +msgstr "" + +msgid "Comma-separated list of raw AFSDB records" +msgstr "" + +msgid "Comma-separated list of raw APL records" +msgstr "" + +msgid "Comma-separated list of raw CERT records" +msgstr "" + +msgid "Comma-separated list of raw CNAME records" +msgstr "" + +msgid "Comma-separated list of raw DHCID records" +msgstr "" + +msgid "Comma-separated list of raw DLV records" +msgstr "" + +msgid "Comma-separated list of raw DNAME records" +msgstr "" + +msgid "Comma-separated list of raw DNSKEY records" +msgstr "" + +msgid "Comma-separated list of raw DS records" +msgstr "" + +msgid "Comma-separated list of raw HIP records" +msgstr "" + +msgid "Comma-separated list of raw IPSECKEY records" +msgstr "" + +msgid "Comma-separated list of raw KEY records" +msgstr "" + +msgid "KEY Flags" +msgstr "" + +msgid "KEY Protocol" +msgstr "" + +msgid "Protocol" +msgstr "" + +msgid "KEY Algorithm" +msgstr "" + +msgid "KEY Public Key" +msgstr "" + +msgid "Public Key" +msgstr "" + +msgid "Comma-separated list of raw KX records" +msgstr "" + +msgid "Comma-separated list of raw LOC records" +msgstr "" + +msgid "Comma-separated list of raw MX records" +msgstr "" + +msgid "Comma-separated list of raw NAPTR records" +msgstr "" + +msgid "Comma-separated list of raw NS records" +msgstr "" + +msgid "Comma-separated list of raw NSEC records" +msgstr "" + +msgid "NSEC Next Domain Name" +msgstr "" + +msgid "Next Domain Name" +msgstr "" + +msgid "NSEC Type Map" +msgstr "" + +msgid "Type Map" +msgstr "" + +msgid "Comma-separated list of raw NSEC3 records" +msgstr "" + +msgid "Comma-separated list of raw NSEC3PARAM records" +msgstr "" + +msgid "Comma-separated list of raw PTR records" +msgstr "" + +msgid "Comma-separated list of raw RRSIG records" +msgstr "" + +msgid "RRSIG Type Covered" +msgstr "" + +msgid "Type Covered" +msgstr "" + +msgid "RRSIG Algorithm" +msgstr "" + +msgid "RRSIG Labels" +msgstr "" + +msgid "Labels" +msgstr "" + +msgid "RRSIG Original TTL" +msgstr "" + +msgid "Original TTL" +msgstr "" + +msgid "RRSIG Signature Expiration" +msgstr "" + +msgid "Signature Expiration" +msgstr "" + +msgid "RRSIG Signature Inception" +msgstr "" + +msgid "Signature Inception" +msgstr "" + +msgid "RRSIG Key Tag" +msgstr "" + +msgid "RRSIG Signer's Name" +msgstr "" + +msgid "Signer's Name" +msgstr "" + +msgid "RRSIG Signature" +msgstr "" + +msgid "Signature" +msgstr "" + +msgid "Comma-separated list of raw RP records" +msgstr "" + +msgid "Comma-separated list of raw SIG records" +msgstr "" + +msgid "SIG Type Covered" +msgstr "" + +msgid "SIG Algorithm" +msgstr "" + +msgid "SIG Labels" +msgstr "" + +msgid "SIG Original TTL" +msgstr "" + +msgid "SIG Signature Expiration" +msgstr "" + +msgid "SIG Signature Inception" +msgstr "" + +msgid "SIG Key Tag" +msgstr "" + +msgid "SIG Signer's Name" +msgstr "" + +msgid "SIG Signature" +msgstr "" + +msgid "Comma-separated list of raw SPF records" +msgstr "" + +msgid "Comma-separated list of raw SRV records" +msgstr "" + +msgid "Comma-separated list of raw SSHFP records" +msgstr "" + +msgid "Comma-separated list of raw TA records" +msgstr "" + +msgid "Comma-separated list of raw TKEY records" +msgstr "" + +msgid "Comma-separated list of raw TSIG records" +msgstr "" + +msgid "Comma-separated list of raw TXT records" +msgstr "" + +msgid "SOA time to live" +msgstr "" + +msgid "SOA record time to live" +msgstr "" + +msgid "SOA class" +msgstr "" + +msgid "SOA record class" +msgstr "" + +msgid "" +"A list of per-zone forwarders. A custom port can be specified for each " +"forwarder using a standard format \"IP_ADDRESS port PORT\"" +msgstr "" + +msgid "Add forward record for nameserver located in the created zone" +msgstr "" + +msgid "" +"\n" +"Entitlements\n" +"\n" +"Manage entitlements for client machines\n" +"\n" +"Entitlements can be managed either by registering with an entitlement\n" +"server with a username and password or by manually importing entitlement\n" +"certificates. An entitlement certificate contains embedded information\n" +"such as the product being entitled, the quantity and the validity dates.\n" +"\n" +"An entitlement server manages the number of client entitlements available.\n" +"To mark these entitlements as used by the IPA server you provide a quantity\n" +"and they are marked as consumed on the entitlement server.\n" +"\n" +" Register with an entitlement server:\n" +" ipa entitle-register consumer\n" +"\n" +" Import an entitlement certificate:\n" +" ipa entitle-import /home/user/ipaclient.pem\n" +"\n" +" Display current entitlements:\n" +" ipa entitle-status\n" +"\n" +" Retrieve details on entitlement certificates:\n" +" ipa entitle-get\n" +"\n" +" Consume some entitlements from the entitlement server:\n" +" ipa entitle-consume 50\n" +"\n" +"The registration ID is a Unique Identifier (UUID). This ID will be\n" +"IMPORTED if you have used entitle-import.\n" +"\n" +"Changes to /etc/rhsm/rhsm.conf require a restart of the httpd service.\n" +msgstr "" + +msgid "Consume an entitlement." +msgstr "" + +msgid "Quantity" +msgstr "" + +msgid "Search for entitlement accounts." +msgstr "" + +msgid "Retrieve the entitlement certs." +msgstr "" + +msgid "Import an entitlement certificate." +msgstr "" + +msgid "UUID" +msgstr "" + +msgid "Enrollment UUID" +msgstr "" + +msgid "Register to the entitlement system." +msgstr "" + +#: ipaserver/plugins/internal.py:414 +msgid "Username" +msgstr "" + +msgid "Enrollment UUID (not implemented)" +msgstr "" + +msgid "Registration password" +msgstr "" + +msgid "Display current entitlements." +msgstr "" + +msgid "Re-sync the local entitlement cache with the entitlement server." +msgstr "" + +msgid "" +"\n" +"Groups of users\n" +"\n" +"Manage groups of users. By default, new groups are POSIX groups. You\n" +"can add the --nonposix option to the group-add command to mark a new group\n" +"as non-POSIX. You can use the --posix argument with the group-mod command\n" +"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add a list of users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1,test2 localadmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\n" +"ame, or name@domain format. IPA will attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +msgstr "" + +msgid "" +"comma-separated list of members of a trusted domain in DOM\\name or " +"name@domain form" +msgstr "" + +msgid "comma-separated list of users to add" +msgstr "" + +msgid "comma-separated list of groups to add" +msgstr "" + +msgid "comma-separated list of users to remove" +msgstr "" + +msgid "comma-separated list of groups to remove" +msgstr "" + +msgid "" +"\n" +"Host-based access control\n" +"\n" +"Control who can access what services on what hosts and from where. You\n" +"can use HBAC to control which users or groups on a source host can\n" +"access a service, or group of services, on a target host.\n" +"\n" +"You can also specify a category of users, target hosts, and source\n" +"hosts. This is currently limited to \"all\", but might be expanded in the\n" +"future.\n" +"\n" +"Target hosts and source hosts in HBAC rules must be hosts managed by IPA.\n" +"\n" +"The available services and groups of services are controlled by the\n" +"hbacsvc and hbacsvcgroup plug-ins respectively.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a rule, \"test1\", that grants all users access to the host " +"\"server\" from\n" +" anywhere:\n" +" ipa hbacrule-add --usercat=all --srchostcat=all test1\n" +" ipa hbacrule-add-host --hosts=server.example.com test1\n" +"\n" +" Display the properties of a named HBAC rule:\n" +" ipa hbacrule-show test1\n" +"\n" +" Create a rule for a specific service. This lets the user john access\n" +" the sshd service on any machine from any machine:\n" +" ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd\n" +" ipa hbacrule-add-user --users=john john_sshd\n" +" ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n" +"\n" +" Create a rule for a new service group. This lets the user john access\n" +" the FTP service on any machine from any machine:\n" +" ipa hbacsvcgroup-add ftpers\n" +" ipa hbacsvc-add sftp\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers\n" +" ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp\n" +" ipa hbacrule-add-user --users=john john_ftp\n" +" ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n" +"\n" +" Disable a named HBAC rule:\n" +" ipa hbacrule-disable test1\n" +"\n" +" Remove a named HBAC rule:\n" +" ipa hbacrule-del allow_server\n" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:236 +msgid "Source host category" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:237 +msgid "Source host category the rule applies to" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:277 +msgid "Source Hosts" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:282 +msgid "Source Host Groups" +msgstr "" + +msgid "comma-separated list of hosts to add" +msgstr "" + +msgid "comma-separated list of host groups to add" +msgstr "" + +msgid "comma-separated list of HBAC services to add" +msgstr "" + +msgid "comma-separated list of HBAC service groups to add" +msgstr "" + +msgid "Add source hosts and hostgroups from a HBAC rule." +msgstr "" + +msgid "comma-separated list of hosts to remove" +msgstr "" + +msgid "comma-separated list of host groups to remove" +msgstr "" + +msgid "comma-separated list of HBAC services to remove" +msgstr "" + +msgid "comma-separated list of HBAC service groups to remove" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:578 +msgid "Remove source hosts and hostgroups from an HBAC rule." +msgstr "" + +msgid "" +"\n" +"HBAC Service Groups\n" +"\n" +"HBAC service groups can contain any number of individual services,\n" +"or \"members\". Every group must have a description.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new HBAC service group:\n" +" ipa hbacsvcgroup-add --desc=\"login services\" login\n" +"\n" +" Add members to an HBAC service group:\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=sshd,login login\n" +"\n" +" Display information about a named group:\n" +" ipa hbacsvcgroup-show login\n" +"\n" +" Add a new group to the \"login\" group:\n" +" ipa hbacsvcgroup-add --desc=\"switch users\" login\n" +" ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l login\n" +"\n" +" Delete an HBAC service group:\n" +" ipa hbacsvcgroup-del login\n" +msgstr "" + +msgid "" +"\n" +"Simulate use of Host-based access controls\n" +"\n" +"HBAC rules control who can access what services on what hosts and from " +"where.\n" +"You can use HBAC to control which users or groups can access a service,\n" +"or group of services, on a target host.\n" +"\n" +"Since applying HBAC rules implies use of a production environment,\n" +"this plugin aims to provide simulation of HBAC rules evaluation without\n" +"having access to the production environment.\n" +"\n" +" Test user coming to a service on a named host against\n" +" existing enabled rules.\n" +"\n" +" ipa hbactest --user= --host= --service=\n" +" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" +" [--srchost= ] [--sizelimit= ]\n" +"\n" +" --user, --host, and --service are mandatory, others are optional.\n" +"\n" +" If --rules is specified simulate enabling of the specified rules and test\n" +" the login of the user using only these rules.\n" +"\n" +" If --enabled is specified, all enabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --disabled is specified, all disabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --nodetail is specified, do not return information about rules matched/" +"not matched.\n" +"\n" +" If both --rules and --enabled are specified, apply simulation to --rules " +"_and_\n" +" all IPA enabled rules.\n" +"\n" +" If no --rules specified, simulation is run against all IPA enabled rules.\n" +" By default there is a IPA-wide limit to number of entries fetched, you can " +"change it\n" +" with --sizelimit option.\n" +"\n" +" If --srchost is specified, it will be ignored. It is left because of " +"compatibility reasons only.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Use all enabled HBAC rules in IPA database to simulate:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" notmatched: my-second-rule\n" +" notmatched: my-third-rule\n" +" notmatched: myrule\n" +" matched: allow_all\n" +"\n" +" 2. Disable detailed summary of how rules were applied:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +"\n" +" 3. Test explicitly specified HBAC rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-" +"second-rule,myrule\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" notmatched: my-second-rule\n" +" notmatched: myrule\n" +"\n" +" 4. Use all enabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-" +"second-rule,myrule --enabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" notmatched: my-second-rule\n" +" notmatched: my-third-rule\n" +" notmatched: myrule\n" +" matched: allow_all\n" +"\n" +" 5. Test all disabled HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" notmatched: new-rule\n" +"\n" +" 6. Test all disabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-" +"second-rule,myrule --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" notmatched: my-second-rule\n" +" notmatched: my-third-rule\n" +" notmatched: myrule\n" +"\n" +" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled " +"--disabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" notmatched: my-second-rule\n" +" notmatched: my-third-rule\n" +" notmatched: myrule\n" +" notmatched: new-rule\n" +" matched: allow_all\n" +msgstr "" + +#: ipaserver/plugins/hbactest.py:276 +msgid "Source host" +msgstr "" + +msgid "" +"\n" +"Hosts/Machines\n" +"\n" +"A host represents a machine. It can be used in a number of contexts:\n" +"- service entries are associated with a host\n" +"- a host stores the host/ service principal\n" +"- a host can be used in Host-based Access Control (HBAC) rules\n" +"- every enrolled client generates a host entry\n" +"\n" +"ENROLLMENT:\n" +"\n" +"There are three enrollment scenarios when enrolling a new client:\n" +"\n" +"1. You are enrolling as a full administrator. The host entry may exist\n" +" or not. A full administrator is a member of the hostadmin role\n" +" or the admins group.\n" +"2. You are enrolling as a limited administrator. The host must already\n" +" exist. A limited administrator is a member a role with the\n" +" Host Enrollment privilege.\n" +"3. The host has been created with a one-time password.\n" +"\n" +"A host can only be enrolled once. If a client has enrolled and needs to\n" +"be re-enrolled, the host entry must be removed and re-created. Note that\n" +"re-creating the host entry will result in all services for the host being\n" +"removed, and all SSL certificates associated with those services being\n" +"revoked.\n" +"\n" +"A host can optionally store information such as where it is located,\n" +"the OS that it runs, etc.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host:\n" +" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." +"com\n" +"\n" +" Delete a host:\n" +" ipa host-del test.example.com\n" +"\n" +" Add a new host with a one-time password:\n" +" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" +"\n" +" Add a new host with a random one-time password:\n" +" ipa host-add --os='Fedora 12' --random test.example.com\n" +"\n" +" Modify information about a host:\n" +" ipa host-mod --os='Fedora 12' test.example.com\n" +"\n" +" Remove SSH public keys of a host and update DNS to reflect this change:\n" +" ipa host-mod --sshpubkey= --updatedns test.example.com\n" +"\n" +" Disable the host Kerberos key, SSL certificate and all of its services:\n" +" ipa host-disable test.example.com\n" +"\n" +" Add a host that can manage this host's keytab and certificate:\n" +" ipa host-add-managedby --hosts=test2 test\n" +msgstr "" + +msgid "" +"\n" +"Groups of hosts.\n" +"\n" +"Manage groups of hosts. This is useful for applying access control to a\n" +"number of hosts by using Host-based Access Control.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host group:\n" +" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" +"\n" +" Add another new host group:\n" +" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" +"\n" +" Add members to the hostgroup:\n" +" ipa hostgroup-add-member --hosts=box1,box2,box3 baltimore\n" +"\n" +" Add a hostgroup as a member of another hostgroup:\n" +" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" +"\n" +" Remove a host from the hostgroup:\n" +" ipa hostgroup-remove-member --hosts=box2 baltimore\n" +"\n" +" Display a host group:\n" +" ipa hostgroup-show baltimore\n" +"\n" +" Delete a hostgroup:\n" +" ipa hostgroup-del baltimore\n" +msgstr "" + +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - dom_sid: domain SID of the trusted domain\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" +"base=1000 --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +msgstr "" + +msgid "" +"\n" +"Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --rid-bas\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" +" WARNING:\n" +"\n" +" DNA plugin in 389-ds will allocate IDs based on the ranges configured " +"for the\n" +" local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +" on the local ranges set via this family of commands.\n" +"\n" +" Manual configuration change has to be done in the DNA plugin " +"configuration for\n" +" the new local range. Specifically, The dnaNextRange attribute of " +"'cn=Posix\n" +" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " +"to be\n" +" modified to match the new range.\n" +" " +msgstr "" + +msgid "" +"Comma-separated list of objectclasses used to search for user entries in DS" +msgstr "" + +msgid "" +"Comma-separated list of objectclasses used to search for group entries in DS" +msgstr "" + +msgid "" +"Comma-separated list of objectclasses to be ignored for user entries in DS" +msgstr "" + +msgid "Comma-separated list of attributes to be ignored for user entries in DS" +msgstr "" + +msgid "" +"Comma-separated list of objectclasses to be ignored for group entries in DS" +msgstr "" + +msgid "" +"Comma-separated list of attributes to be ignored for group entries in DS" +msgstr "" + +msgid "comma-separated list of groups to exclude from migration" +msgstr "" + +msgid "comma-separated list of users to exclude from migration" +msgstr "" + +msgid "" +"\n" +"Netgroups\n" +"\n" +"A netgroup is a group used for permission checking. It can contain both\n" +"user and host values.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new netgroup:\n" +" ipa netgroup-add --desc=\"NFS admins\" admins\n" +"\n" +" Add members to the netgroup:\n" +" ipa netgroup-add-member --users=tuser1,tuser2 admins\n" +"\n" +" Remove a member from the netgroup:\n" +" ipa netgroup-remove-member --users=tuser2 admins\n" +"\n" +" Display information about a netgroup:\n" +" ipa netgroup-show admins\n" +"\n" +" Delete a netgroup:\n" +" ipa netgroup-del admins\n" +msgstr "" + +msgid "comma-separated list of netgroups to add" +msgstr "" + +msgid "comma-separated list of netgroups to remove" +msgstr "" + +msgid "" +"\n" +"Permissions\n" +"\n" +"A permission enables fine-grained delegation of rights. A permission is\n" +"a human-readable form of a 389-ds Access Control Rule, or instruction " +"(ACI).\n" +"A permission grants the right to perform a specific task such as adding a\n" +"user, modifying a group, etc.\n" +"\n" +"A permission may not contain other permissions.\n" +"\n" +"* A permission grants access to read, write, add or delete.\n" +"* A privilege combines similar permissions (for example all the permissions\n" +" needed to add a user).\n" +"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +"\n" +"A permission is made up of a number of different parts:\n" +"\n" +"1. The name of the permission.\n" +"2. The target of the permission.\n" +"3. The rights granted by the permission.\n" +"\n" +"Rights define what operations are allowed, and may be one or more\n" +"of the following:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. add - add a new entry to the tree\n" +"4. delete - delete an existing entry\n" +"5. all - all permissions are granted\n" +"\n" +"Read permission is granted for most attributes by default so the read\n" +"permission is not expected to be used very often.\n" +"\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" +"\n" +"There are a number of allowed targets:\n" +"1. type: a type of object (user, group, etc).\n" +"2. memberof: a member of a group or hostgroup\n" +"3. filter: an LDAP filter\n" +"4. subtree: an LDAP filter specifying part of the LDAP DIT. This is a\n" +" super-set of the \"type\" target.\n" +"5. targetgroup: grant access to modify a specific group (such as granting\n" +" the rights to manage group membership)\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a permission that grants the creation of users:\n" +" ipa permission-add --type=user --permissions=add \"Add Users\"\n" +"\n" +" Add a permission that grants the ability to manage group membership:\n" +" ipa permission-add --attrs=member --permissions=write --type=group " +"\"Manage Group Members\"\n" +msgstr "" + +msgid "" +"Comma-separated list of permissions to grant (read, write, add, delete, all)" +msgstr "" + +msgid "" +"Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)" +msgstr "" + +msgid "Target members of a group" +msgstr "" + +msgid "User group to apply permissions to" +msgstr "" + +msgid "comma-separated list of privileges to add" +msgstr "" + +msgid "Add a system permission without an ACI" +msgstr "" + +msgid "Permission type" +msgstr "" + +msgid "comma-separated list of privileges to remove" +msgstr "" + +msgid "" +"\n" +"Ping the remote IPA server to ensure it is running.\n" +"\n" +"The ping command sends an echo request to an IPA server. The server\n" +"returns its version information. This is used by an IPA client\n" +"to confirm that the server is available and accepting requests.\n" +"\n" +"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n" +"If it does not respond then the client will contact any servers defined\n" +"by ldap SRV records in DNS.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Ping an IPA server:\n" +" ipa ping\n" +" ------------------------------------------\n" +" IPA server version 2.1.9. API version 2.20\n" +" ------------------------------------------\n" +"\n" +" Ping an IPA server verbosely:\n" +" ipa -v ping\n" +" ipa: INFO: trying https://ipa.example.com/ipa/xml\n" +" ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/" +"xml'\n" +" -----------------------------------------------------\n" +" IPA server version 2.1.9. API version 2.20\n" +" -----------------------------------------------------\n" +msgstr "" + +msgid "comma-separated list of roles to add" +msgstr "" + +msgid "comma-separated list of permissions" +msgstr "" + +msgid "comma-separated list of roles to remove" +msgstr "" + +msgid "comma-separated list of privileges" +msgstr "" + +msgid "" +"\n" +"Self-service Permissions\n" +"\n" +"A permission enables fine-grained delegation of permissions. Access Control\n" +"Rules, or instructions (ACIs), grant permission to permissions to perform\n" +"given tasks such as adding a user, modifying a group, etc.\n" +"\n" +"A Self-service permission defines what an object can change in its own " +"entry.\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a self-service rule to allow users to manage their address:\n" +" ipa selfservice-add --permissions=write --attrs=street,postalCode,l,c,st " +"\"Users manage their own address\"\n" +"\n" +" When managing the list of attributes you need to include all attributes\n" +" in the list, including existing ones. Add telephoneNumber to the list:\n" +" ipa selfservice-mod --attrs=street,postalCode,l,c,st,telephoneNumber " +"\"Users manage their own address\"\n" +"\n" +" Display our updated rule:\n" +" ipa selfservice-show \"Users manage their own address\"\n" +"\n" +" Delete a rule:\n" +" ipa selfservice-del \"Users manage their own address\"\n" +msgstr "" + +msgid "" +"\n" +"Services\n" +"\n" +"A IPA service represents a service that runs on a host. The IPA service\n" +"record can store a Kerberos principal, an SSL certificate, or both.\n" +"\n" +"An IPA service can be managed directly from a machine, provided that\n" +"machine has been given the correct permission. This is true even for\n" +"machines other than the one the service is associated with. For example,\n" +"requesting an SSL certificate using the host service principal credentials\n" +"of the host. To manage a service using host credentials you need to\n" +"kinit as the host:\n" +"\n" +" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" +"\n" +"Adding an IPA service allows the associated service to request an SSL\n" +"certificate or keytab, but this is performed as a separate step; they\n" +"are not produced as a result of adding the service.\n" +"\n" +"Only the public aspect of a certificate is stored in a service record;\n" +"the private key is not stored.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new IPA service:\n" +" ipa service-add HTTP/web.example.com\n" +"\n" +" Allow a host to manage an IPA service certificate:\n" +" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" +" ipa role-add-member --hosts=web.example.com certadmin\n" +"\n" +" Override a default list of supported PAC types for the service:\n" +" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" +"\n" +" Delete an IPA service:\n" +" ipa service-del HTTP/web.example.com\n" +"\n" +" Find all IPA services associated with a host:\n" +" ipa service-find web.example.com\n" +"\n" +" Find all HTTP services:\n" +" ipa service-find HTTP\n" +"\n" +" Disable the service Kerberos key and SSL certificate:\n" +" ipa service-disable HTTP/web.example.com\n" +"\n" +" Request a certificate for an IPA service:\n" +" ipa cert-request --principal=HTTP/web.example.com example.csr\n" +"\n" +" Generate and retrieve a keytab for an IPA service:\n" +" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" +"httpd.keytab\n" +msgstr "" + +msgid "" +"Override default list of supported PAC types. Use 'NONE' to disable PAC " +"support for this service" +msgstr "" + +msgid "" +"\n" +"Groups of Sudo Commands\n" +"\n" +"Manage groups of Sudo Commands.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new Sudo Command Group:\n" +" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" +"\n" +" Remove a Sudo Command Group:\n" +" ipa sudocmdgroup-del admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less,/usr/bin/vim " +"admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n" +"\n" +" Show a Sudo Command Group:\n" +" ipa group-show localadmins\n" +msgstr "" + +msgid "comma-separated list of sudo commands to add" +msgstr "" + +msgid "comma-separated list of sudo commands to remove" +msgstr "" + +msgid "Active directory domain administrator's password" +msgstr "" + +msgid "GECOS field" +msgstr "" + +msgid "" +"\n" +"Sudo Rules\n" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\\n" +" -H ldap://ipa.example.com -ZZ -D \"cn=Directory Manager\" \\\n" +" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +"\n" +"For more information, see the IPA Documentation to Sudo.\n" +msgstr "" + +msgid "comma-separated list of sudo command groups to add" +msgstr "" + +msgid "comma-separated list of sudo command groups to remove" +msgstr "" + +#: ipaclient/frontend.py:28 ipaclient/frontend.py:90 +#: ipaserver/plugins/baseldap.py:53 +msgid "Failed members" +msgstr "" + +#: ipaclient/frontend.py:32 ipaserver/plugins/baseldap.py:176 +msgid "Failed source hosts/hostgroups" +msgstr "" + +#: ipaclient/frontend.py:36 ipaserver/plugins/baseldap.py:179 +msgid "Failed hosts/hostgroups" +msgstr "" + +#: ipaclient/frontend.py:40 ipaserver/plugins/baseldap.py:182 +msgid "Failed users/groups" +msgstr "" + +#: ipaclient/frontend.py:44 ipaserver/plugins/baseldap.py:185 +msgid "Failed service/service groups" +msgstr "" + +#: ipaclient/frontend.py:48 ipaserver/plugins/baseldap.py:188 +msgid "Failed to remove" +msgstr "" + +#: ipaclient/frontend.py:53 ipaserver/plugins/baseldap.py:192 +msgid "Failed RunAs" +msgstr "" + +#: ipaclient/frontend.py:57 ipaserver/plugins/baseldap.py:195 +msgid "Failed RunAsGroup" +msgstr "" + +#: ipaclient/frontend.py:62 ipaserver/plugins/caacl.py:473 +msgid "Failed profiles" +msgstr "" + +#: ipaclient/frontend.py:66 ipaserver/plugins/caacl.py:476 +msgid "Failed CAs" +msgstr "" + +#: ipaclient/frontend.py:71 ipaserver/plugins/group.py:183 +#: ipaserver/plugins/hostgroup.py:95 +msgid "Failed member manager" +msgstr "" + +#: ipaclient/frontend.py:76 ipaserver/plugins/host.py:209 +msgid "Failed managedby" +msgstr "" + +#: ipaclient/frontend.py:81 ipaserver/plugins/host.py:236 +#: ipaserver/plugins/service.py:158 +msgid "Failed allowed to retrieve keytab" +msgstr "" + +#: ipaclient/frontend.py:85 ipaserver/plugins/host.py:239 +#: ipaserver/plugins/service.py:161 +msgid "Failed allowed to create keytab" +msgstr "" + +#: ipaclient/frontend.py:94 +msgid "Failed targets" +msgstr "" + +#: ipalib/errors.py:296 +#, python-format +msgid "%(cver)s client incompatible with %(sver)s server at '%(server)s'" +msgstr "" + +#: ipalib/errors.py:314 +#, python-format +msgid "unknown error %(code)d from %(server)s: %(error)s" +msgstr "" + +#: ipalib/errors.py:330 +msgid "an internal error has occurred" +msgstr "" + +#: ipalib/errors.py:352 +#, python-format +msgid "an internal error has occurred on server at '%(server)s'" +msgstr "" + +#: ipalib/errors.py:368 +#, python-format +msgid "unknown command '%(name)s'" +msgstr "" + +#: ipalib/errors.py:385 ipalib/errors.py:410 +#, python-format +msgid "error on server '%(server)s': %(error)s" +msgstr "" + +#: ipalib/errors.py:401 +#, python-format +msgid "cannot connect to '%(uri)s': %(error)s" +msgstr "" + +#: ipalib/errors.py:419 +#, python-format +msgid "Invalid JSON-RPC request: %(error)s" +msgstr "" + +#: ipalib/errors.py:435 +#, python-format +msgid "error marshalling data for XML-RPC transport: %(error)s" +msgstr "" + +#: ipalib/errors.py:451 +#, python-format +msgid "Missing or invalid HTTP Referer, %(referer)s" +msgstr "" + +#: ipalib/errors.py:469 +#, python-format +msgid "" +"System encoding must be UTF-8, '%(encoding)s' is not supported. Set " +"LC_ALL=\"C.UTF-8\", or LC_ALL=\"\" and LC_CTYPE=\"C.UTF-8\"." +msgstr "" + +#: ipalib/errors.py:497 +#, python-format +msgid "Kerberos error: %(major)s/%(minor)s" +msgstr "" + +#: ipalib/errors.py:514 +msgid "did not receive Kerberos credentials" +msgstr "" + +#: ipalib/errors.py:530 +#, python-format +msgid "Service '%(service)s' not found in Kerberos database" +msgstr "" + +#: ipalib/errors.py:546 +msgid "No credentials cache found" +msgstr "" + +#: ipalib/errors.py:562 +msgid "Ticket expired" +msgstr "" + +#: ipalib/errors.py:578 +msgid "Credentials cache permissions incorrect" +msgstr "" + +#: ipalib/errors.py:594 +msgid "Bad format in credentials cache" +msgstr "" + +#: ipalib/errors.py:610 +msgid "Cannot resolve KDC for requested realm" +msgstr "" + +#: ipalib/errors.py:622 +msgid "Session error" +msgstr "" + +#: ipalib/errors.py:630 +#, python-format +msgid "Principal %(principal)s cannot be authenticated: %(message)s" +msgstr "" + +#: ipalib/errors.py:666 +#, python-format +msgid "Insufficient access: %(info)s" +msgstr "" + +#: ipalib/errors.py:710 +#, python-format +msgid "command '%(name)s' takes no arguments" +msgstr "" + +#: ipalib/errors.py:730 +#, python-format +msgid "command '%(name)s' takes at most %(count)d argument" +msgid_plural "command '%(name)s' takes at most %(count)d arguments" +msgstr[0] "" +msgstr[1] "" + +#: ipalib/errors.py:760 +#, python-format +msgid "overlapping arguments and options: %(names)s" +msgstr "" + +#: ipalib/errors.py:776 +#, python-format +msgid "'%(name)s' is required" +msgstr "" + +#: ipalib/errors.py:792 ipalib/errors.py:808 +#, python-format +msgid "invalid '%(name)s': %(error)s" +msgstr "" + +#: ipalib/errors.py:824 +#, python-format +msgid "api has no such namespace: '%(name)s'" +msgstr "" + +#: ipalib/errors.py:833 +msgid "Passwords do not match" +msgstr "" + +#: ipalib/errors.py:842 +msgid "Command not implemented" +msgstr "" + +#: ipalib/errors.py:851 +msgid "Client is not configured. Run ipa-client-install." +msgstr "" + +#: ipalib/errors.py:860 +#, python-format +msgid "Could not get %(name)s interactively" +msgstr "" + +#: ipalib/errors.py:875 +#, python-format +msgid "Command '%(name)s' has been deprecated" +msgstr "" + +#: ipalib/errors.py:891 +#, python-format +msgid "Domain '%(domain)s' is not a root domain for forest '%(forest)s'" +msgstr "" + +#: ipalib/errors.py:918 ipalib/errors.py:1158 ipalib/errors.py:1237 +#: ipalib/errors.py:1403 ipalib/errors.py:1468 ipalib/errors.py:1785 +#: ipalib/errors.py:1802 +#, python-format +msgid "%(reason)s" +msgstr "" + +#: ipalib/errors.py:934 +msgid "This entry already exists" +msgstr "" + +#: ipalib/errors.py:950 +msgid "You must enroll a host in order to create a host service" +msgstr "" + +#: ipalib/errors.py:966 +#, python-format +msgid "" +"Service principal is not of the form: service/fully-qualified host name: " +"%(reason)s" +msgstr "" + +#: ipalib/errors.py:982 +msgid "" +"The realm for the principal does not match the realm for this IPA server" +msgstr "" + +#: ipalib/errors.py:998 +msgid "This command requires root access" +msgstr "" + +#: ipalib/errors.py:1014 +msgid "This is already a posix group" +msgstr "" + +#: ipalib/errors.py:1030 +#, python-format +msgid "Principal is not of the form user@REALM: '%(principal)s'" +msgstr "" + +#: ipalib/errors.py:1046 +msgid "This entry is already enabled" +msgstr "" + +#: ipalib/errors.py:1062 +msgid "This entry is already disabled" +msgstr "" + +#: ipalib/errors.py:1078 +msgid "This entry cannot be enabled or disabled" +msgstr "" + +#: ipalib/errors.py:1094 +msgid "This entry is not a member" +msgstr "" + +#: ipalib/errors.py:1110 +msgid "A group may not be a member of itself" +msgstr "" + +#: ipalib/errors.py:1126 +msgid "This entry is already a member" +msgstr "" + +#: ipalib/errors.py:1142 +#, python-format +msgid "Base64 decoding failed: %(reason)s" +msgstr "" + +#: ipalib/errors.py:1174 +msgid "A group may not be added as a member of itself" +msgstr "" + +#: ipalib/errors.py:1190 +msgid "The default users group cannot be removed" +msgstr "" + +#: ipalib/errors.py:1206 +msgid "Deleting a managed group is not allowed. It must be detached first." +msgstr "" + +#: ipalib/errors.py:1221 +msgid "A managed group cannot have a password policy." +msgstr "" + +#: ipalib/errors.py:1253 +#, python-format +msgid "'%(entry)s' doesn't have a certificate." +msgstr "" + +#: ipalib/errors.py:1269 +#, python-format +msgid "Unable to create private group. A group '%(group)s' already exists." +msgstr "" + +#: ipalib/errors.py:1285 +#, python-format +msgid "" +"A problem was encountered when verifying that all members were %(verb)s: " +"%(exc)s" +msgstr "" + +#: ipalib/errors.py:1303 +#, python-format +msgid "%(attr)s does not contain '%(value)s'" +msgstr "" + +#: ipalib/errors.py:1320 +#, python-format +msgid "" +"The search criteria was not specific enough. Expected 1 and found %(found)d." +msgstr "" + +#: ipalib/errors.py:1337 +msgid "This group already allows external members" +msgstr "" + +#: ipalib/errors.py:1354 +msgid "This group cannot be posix because it is external" +msgstr "" + +#: ipalib/errors.py:1371 +msgid "This is already a posix group and cannot be converted to external one" +msgstr "" + +#: ipalib/errors.py:1420 +#, python-format +msgid "Server removal aborted: %(reason)s." +msgstr "" + +#: ipalib/errors.py:1430 +#, python-format +msgid "%(operation)s is not supported for %(principal_type)s principals" +msgstr "" + +#: ipalib/errors.py:1440 +#, python-format +msgid "Request failed with status %(status)s: %(reason)s" +msgstr "" + +#: ipalib/errors.py:1458 +#, python-format +msgid "" +"Mapping ruleset \"%(ruleset)s\" has more than one rule for the %(helper)s " +"helper" +msgstr "" + +#: ipalib/errors.py:1477 +#, python-format +msgid "'%(attr)s' already contains one or more values" +msgstr "" + +#: ipalib/errors.py:1501 +#, python-format +msgid "no command nor help topic '%(topic)s'" +msgstr "" + +#: ipalib/errors.py:1525 +msgid "change collided with another change" +msgstr "" + +#: ipalib/errors.py:1541 +msgid "no modifications to be performed" +msgstr "" + +#: ipalib/errors.py:1557 +#, python-format +msgid "%(desc)s: %(info)s" +msgstr "" + +#: ipalib/errors.py:1573 +msgid "limits exceeded for this query" +msgstr "" + +#: ipalib/errors.py:1588 +#, python-format +msgid "%(info)s" +msgstr "" + +#: ipalib/errors.py:1603 +msgid "modifying primary key is not allowed" +msgstr "" + +#: ipalib/errors.py:1619 +#, python-format +msgid "%(attr)s: Only one value allowed." +msgstr "" + +#: ipalib/errors.py:1635 +#, python-format +msgid "%(attr)s: Invalid syntax." +msgstr "" + +#: ipalib/errors.py:1651 +#, python-format +msgid "Bad search filter %(info)s" +msgstr "" + +#: ipalib/errors.py:1667 +msgid "Not allowed on non-leaf entry" +msgstr "" + +#: ipalib/errors.py:1683 +msgid "LDAP timeout" +msgstr "" + +#: ipalib/errors.py:1699 +#, python-format +msgid "%(task)s LDAP task timeout, Task DN: '%(task_dn)s'" +msgstr "" + +#: ipalib/errors.py:1708 +msgid "Configured time limit exceeded" +msgstr "" + +#: ipalib/errors.py:1717 +msgid "Configured size limit exceeded" +msgstr "" + +#: ipalib/errors.py:1727 +msgid "Configured administrative server limit exceeded" +msgstr "" + +#: ipalib/errors.py:1752 +#, python-format +msgid "Certificate operation cannot be completed: %(error)s" +msgstr "" + +#: ipalib/errors.py:1768 +#, python-format +msgid "Certificate format error: %(error)s" +msgstr "" + +#: ipalib/errors.py:1819 +msgid "Already registered" +msgstr "" + +#: ipalib/errors.py:1835 +msgid "Not registered yet" +msgstr "" + +#: ipalib/errors.py:1851 +#, python-format +msgid "%(key)s cannot be deleted because %(label)s %(dependent)s requires it" +msgstr "" + +#: ipalib/errors.py:1867 +#, python-format +msgid "" +"%(key)s cannot be deleted or disabled because it is the last member of " +"%(label)s %(container)s" +msgstr "" + +#: ipalib/errors.py:1883 +#, python-format +msgid "%(label)s %(key)s cannot be deleted/modified: %(reason)s" +msgstr "" + +#: ipalib/errors.py:1900 +#, python-format +msgid "%(name)s certificate is not valid" +msgstr "" + +#: ipalib/errors.py:1918 +#, python-format +msgid "Schema is up to date (FP '%(fingerprint)s', TTL %(ttl)s s)" +msgstr "" + +#: ipalib/errors.py:1945 +#, python-format +msgid "Host '%(hostname)s' does not have corresponding DNS A/AAAA record" +msgstr "" + +#: ipalib/errors.py:1963 +#, python-format +msgid "DNS check failed: Expected {%(expected)s} got {%(got)s}" +msgstr "" + +#: ipalib/errors.py:1979 +#, python-format +msgid "%(exception)s" +msgstr "" + +#: ipalib/errors.py:2006 +#, python-format +msgid "" +"Forest '%(forest)s' has existing trust to forest(s) %(domains)s which " +"prevents a trust to '%(conflict)s'" +msgstr "" + +#: ipalib/messages.py:84 +msgid "Additional instructions:" +msgstr "" + +#: ipalib/messages.py:146 +#, python-format +msgid "" +"API Version number was not sent, forward compatibility not guaranteed. " +"Assuming server's API version, %(server_version)s" +msgstr "" + +#: ipalib/messages.py:158 +msgid "" +"DNS forwarder semantics changed since IPA 4.0.\n" +"You may want to use forward zones (dnsforwardzone-*) instead.\n" +"For more details read the docs." +msgstr "" + +#: ipalib/messages.py:170 +#, python-format +msgid "" +"DNSSEC support is experimental.\n" +"%(additional_info)s" +msgstr "" + +#: ipalib/messages.py:180 +#, python-format +msgid "'%(option)s' option is deprecated. %(additional_info)s" +msgstr "" + +#: ipalib/messages.py:190 +#, python-format +msgid "" +"Semantic of %(label)s was changed. %(current_behavior)s\n" +"%(hint)s" +msgstr "" + +#: ipalib/messages.py:201 +#, python-format +msgid "DNS server %(server)s: %(error)s." +msgstr "" + +#: ipalib/messages.py:211 +#, python-format +msgid "" +"DNS server %(server)s does not support DNSSEC: %(error)s.\n" +"If DNSSEC validation is enabled on IPA server(s), please disable it." +msgstr "" + +#: ipalib/messages.py:224 +#, python-format +msgid "" +"forward zone \"%(fwzone)s\" is not effective because of missing proper NS " +"delegation in authoritative zone \"%(authzone)s\". Please add NS record " +"\"%(ns_rec)s\" to parent zone \"%(authzone)s\"." +msgstr "" + +#: ipalib/messages.py:238 +#, python-format +msgid "" +"DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s.\n" +"If DNSSEC validation is enabled on IPA server(s), please disable it." +msgstr "" + +#: ipalib/messages.py:251 +#, python-format +msgid "" +"DNSSEC validation failed: %(error)s.\n" +"Please verify your DNSSEC configuration or disable DNSSEC validation on all " +"IPA servers." +msgstr "" + +#: ipalib/messages.py:265 +#, python-format +msgid "" +"The _kerberos TXT record from domain %(domain)s could not be created " +"(%(error)s).\n" +"This can happen if the zone is not managed by IPA. Please create the record " +"manually, containing the following value: '%(realm)s'" +msgstr "" + +#: ipalib/messages.py:281 +#, python-format +msgid "" +"The _kerberos TXT record from domain %(domain)s could not be removed " +"(%(error)s).\n" +"This can happen if the zone is not managed by IPA. Please remove the record " +"manually." +msgstr "" + +#: ipalib/messages.py:295 +msgid "" +"No DNSSEC key master is installed. DNSSEC zone signing will not work until " +"the DNSSEC key master is installed." +msgstr "" + +#: ipalib/messages.py:310 +#, python-format +msgid "" +"Relative record name '%(record)s' contains the zone name '%(zone)s' as a " +"suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused " +"by a missing dot at the end of the name specification." +msgstr "" + +#: ipalib/messages.py:323 +#, python-format +msgid "'%(command)s' is deprecated. %(additional_info)s" +msgstr "" + +#: ipalib/messages.py:333 +#, python-format +msgid "%(line)s" +msgstr "" + +#: ipalib/messages.py:343 +#, python-format +msgid "Search result has been truncated: %(reason)s" +msgstr "" + +#: ipalib/messages.py:353 +#, python-format +msgid "" +"Your trust to %(domain)s is broken. Please re-create it by running 'ipa " +"trust-add' again." +msgstr "" + +#: ipalib/messages.py:372 +#, python-format +msgid "DNS record(s) of host %(host)s could not be removed. (%(reason)s)" +msgstr "" + +#: ipalib/messages.py:386 +msgid "" +"Forwarding policy conflicts with some automatic empty zones. Queries for " +"zones specified by RFC 6303 will ignore forwarding and recursion and always " +"result in NXDOMAIN answers. To override this behavior use forward policy " +"'only'." +msgstr "" + +#: ipalib/messages.py:400 +#, python-format +msgid "Update of system record '%(record)s' failed with error: %(error)s" +msgstr "" + +#: ipalib/messages.py:411 +#, python-format +msgid "" +"IPA does not manage the zone %(zone)s, please add records to your DNS server " +"manually" +msgstr "" + +#: ipalib/messages.py:423 +msgid "" +"Automatic update of DNS system records failed. Please re-run update of " +"system records manually to get list of missing records." +msgstr "" + +#: ipalib/messages.py:436 +#, python-format +msgid "" +"Service %(service)s requires restart on IPA server %(server)s to apply " +"configuration changes." +msgstr "" + +#: ipalib/messages.py:448 +#, python-format +msgid "" +"No DNS servers in IPA location %(location)s. Without DNS servers location is " +"not working as expected." +msgstr "" + +#: ipalib/messages.py:475 +#, python-format +msgid "%(subject)s: Malformed certificate. %(reason)s" +msgstr "" + +#: ipalib/messages.py:486 +#, python-format +msgid "The host was added but the DNS update failed with: %(reason)s" +msgstr "" + +#: ipalib/messages.py:496 +#, python-format +msgid "The certificate for %(ca)s is not available on this server." +msgstr "" + +#: ipalib/misc.py:22 +#, python-format +msgid "%(count)d variables" +msgstr "" + +#: ipalib/misc.py:96 +#, python-format +msgid "%(count)d plugin loaded" +msgid_plural "%(count)d plugins loaded" +msgstr[0] "" +msgstr[1] "" + +#: ipalib/output.py:110 +msgid "A dictionary representing an LDAP entry" +msgstr "" + +#: ipalib/output.py:118 +msgid "A list of LDAP entries" +msgstr "" + +#: ipalib/output.py:170 +msgid "All commands should at least have a result" +msgstr "" + +#: ipalib/cli.py:630 +#, python-format +msgid "Enter %(label)s again to verify: " +msgstr "" + +#: ipalib/cli.py:639 +msgid "Passwords do not match!" +msgstr "" + +#: ipalib/cli.py:662 +msgid "No matching entries found" +msgstr "" + +#: ipalib/cli.py:737 +msgid "Topic or Command" +msgstr "" + +#: ipalib/cli.py:738 +msgid "The topic or command name." +msgstr "" + +#: ipalib/cli.py:910 +msgid "Topic commands:" +msgstr "" + +#: ipalib/cli.py:916 +msgid "To get command help, use:" +msgstr "" + +#: ipalib/cli.py:917 +msgid " ipa --help" +msgstr "" + +#: ipalib/cli.py:928 +msgid "Command name" +msgstr "" + +#: ipalib/cli.py:1151 +msgid "Positional arguments" +msgstr "" + +#: ipalib/cli.py:1297 +#, python-format +msgid "Same as --%s" +msgstr "" + +#: ipalib/cli.py:1300 +msgid "Deprecated options" +msgstr "" + +#: ipalib/cli.py:1429 +msgid "No file to read" +msgstr "" + +#: ipalib/frontend.py:425 +msgid "Results are truncated, try a more specific search" +msgstr "" + +#: ipalib/frontend.py:584 ipatests/test_xmlrpc/test_ping_plugin.py:52 +#, python-format +msgid "Unknown option: %(option)s" +msgstr "" + +#: ipalib/frontend.py:981 ipaserver/plugins/batch.py:83 +msgid "Client version. Used to determine if server will accept request." +msgstr "" + +#: ipalib/plugable.py:534 +#, python-format +msgid "%(filename)s: file not found" +msgstr "" + +#: ipalib/plugable.py:607 +#, python-brace-format +msgid "Unable to parse option {item}" +msgstr "" + +#: ipalib/rpc.py:1109 +msgid "any of the configured servers" +msgstr "" + +#: ipalib/rpc.py:1192 +msgid "Exceeded number of tries to forward a request." +msgstr "" + +#: ipalib/util.py:213 +msgid "Filename is empty" +msgstr "" + +#: ipalib/util.py:217 +#, python-format +msgid "Permission denied: %(file)s" +msgstr "" + +#: ipalib/util.py:412 ipalib/util.py:944 +msgid "empty DNS label" +msgstr "" + +#: ipalib/util.py:415 +msgid "DNS label cannot be longer that 63 characters" +msgstr "" + +#: ipalib/util.py:420 +#, python-format +msgid "" +"only letters, numbers, %(chars)s are allowed. DNS label may not start or end " +"with %(chars2)s" +msgstr "" + +#: ipalib/util.py:436 +msgid "single label {}s are not supported" +msgstr "" + +#: ipalib/util.py:446 +msgid "too many '@' characters" +msgstr "" + +#: ipalib/util.py:475 +msgid "cannot be longer that {} characters" +msgstr "" + +#: ipalib/util.py:482 +msgid "hostname contains empty label (consecutive dots)" +msgstr "" + +#: ipalib/util.py:486 +msgid "not fully qualified" +msgstr "" + +#: ipalib/util.py:499 ipalib/util.py:508 +msgid "invalid SSH public key" +msgstr "" + +#: ipalib/util.py:511 +msgid "options are not allowed" +msgstr "" + +#: ipalib/util.py:747 +msgid "invalid hostmask" +msgstr "" + +#: ipalib/util.py:761 +#, python-format +msgid "query '%(owner)s %(rtype)s': %(error)s" +msgstr "" + +#: ipalib/util.py:765 +#, python-format +msgid "query '%(owner)s %(rtype)s' with EDNS0: %(error)s" +msgstr "" + +#: ipalib/util.py:769 +#, python-format +msgid "" +"answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG " +"data)" +msgstr "" + +#: ipalib/util.py:774 +#, python-format +msgid "record '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)s" +msgstr "" + +#: ipalib/util.py:942 +msgid "invalid escape code in domain name" +msgstr "" + +#: ipalib/util.py:946 +msgid "domain name cannot be longer than 255 characters" +msgstr "" + +#: ipalib/util.py:948 +msgid "DNS label cannot be longer than 63 characters" +msgstr "" + +#: ipalib/util.py:950 +msgid "invalid domain name" +msgstr "" + +#: ipalib/util.py:963 +#, python-format +msgid "domain name '%(domain)s' should be normalized to: %(normalized)s" +msgstr "" + +#: ipalib/util.py:1112 +#, python-format +msgid "invalid domain-name: %s" +msgstr "" + +#: ipalib/util.py:1124 +#, python-format +msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!" +msgstr "" + +#: ipalib/util.py:1130 +msgid "invalid IP address format" +msgstr "" + +#: ipalib/util.py:1148 +#, python-format +msgid "%(port)s is not a valid port" +msgstr "" + +#: ipalib/util.py:1181 +msgid "" +"at least one value equal to the canonical principal name must be present" +msgstr "" + +#: ipalib/util.py:1268 +msgid "realm or UPN suffix overlaps with trusted domain namespace" +msgstr "" + +#: ipalib/parameters.py:415 +msgid "incorrect type" +msgstr "" + +#: ipalib/parameters.py:418 +msgid "Only one value is allowed" +msgstr "" + +#: ipalib/parameters.py:885 +msgid "this option is deprecated" +msgstr "" + +#: ipalib/parameters.py:1003 +msgid "must be True or False" +msgstr "" + +#: ipalib/parameters.py:1101 ipalib/parameters.py:2294 +msgid "must be an integer" +msgstr "" + +#: ipalib/parameters.py:1167 +#, python-format +msgid "must be at least %(minvalue)d" +msgstr "" + +#: ipalib/parameters.py:1179 +#, python-format +msgid "can be at most %(maxvalue)d" +msgstr "" + +#: ipalib/parameters.py:1197 +msgid "must be a decimal number" +msgstr "" + +#: ipalib/parameters.py:1243 +#, python-format +msgid "must be at least %(minvalue)s" +msgstr "" + +#: ipalib/parameters.py:1255 +#, python-format +msgid "can be at most %(maxvalue)s" +msgstr "" + +#: ipalib/parameters.py:1265 +#, python-format +msgid "" +"number class '%(cls)s' is not included in a list of allowed number classes: " +"%(allowed)s" +msgstr "" + +#: ipalib/parameters.py:1388 +#, python-format +msgid "must match pattern \"%(pattern)s\"" +msgstr "" + +#: ipalib/parameters.py:1408 +msgid "must be binary data" +msgstr "" + +#: ipalib/parameters.py:1427 +#, python-format +msgid "must be at least %(minlength)d bytes" +msgstr "" + +#: ipalib/parameters.py:1439 +#, python-format +msgid "can be at most %(maxlength)d bytes" +msgstr "" + +#: ipalib/parameters.py:1451 +#, python-format +msgid "must be exactly %(length)d bytes" +msgstr "" + +#: ipalib/parameters.py:1468 +msgid "must be a certificate" +msgstr "" + +#: ipalib/parameters.py:1504 +msgid "must be a certificate signing request" +msgstr "" + +#: ipalib/parameters.py:1550 +#, python-format +msgid "Failure decoding Certificate Signing Request: %s" +msgstr "" + +#: ipalib/parameters.py:1574 +msgid "must be Unicode text" +msgstr "" + +#: ipalib/parameters.py:1605 +msgid "Leading and trailing spaces are not allowed" +msgstr "" + +#: ipalib/parameters.py:1615 +#, python-format +msgid "must be at least %(minlength)d characters" +msgstr "" + +#: ipalib/parameters.py:1627 +#, python-format +msgid "can be at most %(maxlength)d characters" +msgstr "" + +#: ipalib/parameters.py:1639 +#, python-format +msgid "must be exactly %(length)d characters" +msgstr "" + +#: ipalib/parameters.py:1661 +#, python-format +msgid "The character %(char)r is not allowed." +msgstr "" + +#: ipalib/parameters.py:1714 +#, python-format +msgid "must be '%(value)s'" +msgstr "" + +#: ipalib/parameters.py:1717 +#, python-format +msgid "must be one of %(values)s" +msgstr "" + +#: ipalib/parameters.py:1834 +msgid "must be datetime value" +msgstr "" + +#: ipalib/parameters.py:1852 +msgid "does not match any of accepted formats: " +msgstr "" + +#: ipalib/parameters.py:2035 +msgid "incomplete time value" +msgstr "" + +#: ipalib/parameters.py:2112 +msgid "must be DNS name" +msgstr "" + +#: ipalib/parameters.py:2140 +msgid "must be absolute" +msgstr "" + +#: ipalib/parameters.py:2146 +msgid "must be relative" +msgstr "" + +#: ipalib/parameters.py:2157 +msgid "must be dictionary" +msgstr "" + +#: ipalib/parameters.py:2166 +msgid "must be Kerberos principal" +msgstr "" + +#: ipalib/parameters.py:2182 +#, python-format +msgid "Malformed principal: '%(value)s'" +msgstr "" + +#: ipalib/parameters.py:2191 +msgid "Service principal is required" +msgstr "" + +#: ipalib/parameters.py:2279 +msgid "must be at least 0" +msgstr "" + +#: ipalib/parameters.py:2288 +msgid "invalid valid hex" +msgstr "" + +#: ipalib/parameters.py:2299 +msgid "invalid serial number 0" +msgstr "" + +#: ipapython/dogtag.py:113 +#, python-format +msgid "Retrieving CA cert chain failed: %s" +msgstr "" + +#: ipapython/dogtag.py:119 +#, python-format +msgid "request failed with HTTP status %d" +msgstr "" + +#: ipapython/dogtag.py:136 +#, python-format +msgid "Retrieving CA status failed: %s" +msgstr "" + +#: ipapython/dogtag.py:158 +#, python-format +msgid "Retrieving CA status failed with status %d" +msgstr "" + +#: ipapython/ipaldap.py:1189 +#, python-format +msgid "objectclass %s not found" +msgstr "" + +#: ipaserver/dcerpc_common.py:20 +msgid "Trusting forest" +msgstr "" + +#: ipaserver/dcerpc_common.py:21 +msgid "Trusted forest" +msgstr "" + +#: ipaserver/dcerpc_common.py:26 +msgid "Established and verified" +msgstr "" + +#: ipaserver/dcerpc_common.py:27 +msgid "Waiting for confirmation by remote side" +msgstr "" + +#: ipaserver/dcerpc_common.py:30 +msgid "Unknown" +msgstr "" + +#: ipaserver/dcerpc_common.py:36 +msgid "Non-Active Directory domain" +msgstr "" + +#: ipaserver/dcerpc_common.py:37 ipaserver/plugins/internal.py:1258 +msgid "Active Directory domain" +msgstr "" + +#: ipaserver/dcerpc_common.py:38 +msgid "RFC4120-compliant Kerberos realm" +msgstr "" + +#: ipaserver/dcerpc_common.py:39 +msgid "" +"Non-transitive external trust to a domain in another Active Directory forest" +msgstr "" + +#: ipaserver/dcerpc_common.py:41 +msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm" +msgstr "" + +#: ipaserver/install/ipa_acme_manage.py:45 ipaserver/plugins/dogtag.py:1211 +msgid "Failed to authenticate to CA REST API" +msgstr "" + +#: ipaserver/install/certs.py:480 +#, python-format +msgid "Unable to communicate with CMS (status %d)" +msgstr "" + +#: ipaserver/install/replication.py:1787 ipaserver/install/replication.py:1806 +#, python-format +msgid "Replication agreement for %(hostname)s not found" +msgstr "" + +#: ipaserver/plugins/automount.py:218 +msgid "automount location" +msgstr "" + +#: ipaserver/plugins/automount.py:219 +msgid "automount locations" +msgstr "" + +#: ipaserver/plugins/automount.py:222 +msgid "Automount Locations" +msgstr "" + +#: ipaserver/plugins/automount.py:223 +msgid "Automount Location" +msgstr "" + +#: ipaserver/plugins/automount.py:263 +#, python-format +msgid "Added automount location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:283 +#, python-format +msgid "Deleted automount location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:296 +#, python-format +msgid "%(count)d automount location matched" +msgid_plural "%(count)d automount locations matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/automount.py:349 +msgid "automount map" +msgstr "" + +#: ipaserver/plugins/automount.py:350 +msgid "automount maps" +msgstr "" + +#: ipaserver/plugins/automount.py:393 +msgid "Automount Maps" +msgstr "" + +#: ipaserver/plugins/automount.py:394 +msgid "Automount Map" +msgstr "" + +#: ipaserver/plugins/automount.py:401 +#, python-format +msgid "Added automount map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:408 +#, python-format +msgid "Deleted automount map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:428 +#, python-format +msgid "Modified automount map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:436 +#, python-format +msgid "%(count)d automount map matched" +msgid_plural "%(count)d automount maps matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/automount.py:448 +msgid "Automount key object." +msgstr "" + +#: ipaserver/plugins/automount.py:452 +msgid "automount key" +msgstr "" + +#: ipaserver/plugins/automount.py:453 +msgid "automount keys" +msgstr "" + +#: ipaserver/plugins/automount.py:512 +msgid "Automount Keys" +msgstr "" + +#: ipaserver/plugins/automount.py:513 +msgid "Automount Key" +msgstr "" + +#: ipaserver/plugins/automount.py:514 +#, python-format +msgid "" +"The key,info pair must be unique. A key named %(key)s with info %(info)s " +"already exists" +msgstr "" + +#: ipaserver/plugins/automount.py:515 +#, python-format +msgid "key named %(key)s already exists" +msgstr "" + +#: ipaserver/plugins/automount.py:516 +#, python-format +msgid "The automount key %(key)s with info %(info)s does not exist" +msgstr "" + +#: ipaserver/plugins/automount.py:566 +#, python-format +msgid "" +"More than one entry with key %(key)s found, use --info to select specific " +"entry." +msgstr "" + +#: ipaserver/plugins/automount.py:625 +#, python-format +msgid "Added automount key \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:654 +#, python-format +msgid "Added automount indirect map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:678 +msgid "mount point is relative to parent map, cannot begin with /" +msgstr "" + +#: ipaserver/plugins/automount.py:707 +#, python-format +msgid "Deleted automount key \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:748 +#, python-format +msgid "Modified automount key \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automount.py:807 +#, python-format +msgid "%(count)d automount key matched" +msgid_plural "%(count)d automount keys matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certprofile.py:21 +msgid "" +"\n" +"Manage Certificate Profiles\n" +"\n" +"Certificate Profiles are used by Certificate Authority (CA) in the signing " +"of\n" +"certificates to determine if a Certificate Signing Request (CSR) is " +"acceptable,\n" +"and if so what features and extensions will be present on the certificate.\n" +"\n" +"The Certificate Profile format is the property-list format understood by " +"the\n" +"Dogtag or Red Hat Certificate System CA.\n" +"\n" +"PROFILE ID SYNTAX:\n" +"\n" +"A Profile ID is a string without spaces or punctuation starting with a " +"letter\n" +"and followed by a sequence of letters, digits or underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Import a profile that will not store issued certificates:\n" +" ipa certprofile-import ShortLivedUserCert \\\n" +" --file UserCert.profile --desc \"User Certificates\" \\\n" +" --store=false\n" +"\n" +" Delete a certificate profile:\n" +" ipa certprofile-del ShortLivedUserCert\n" +"\n" +" Show information about a profile:\n" +" ipa certprofile-show ShortLivedUserCert\n" +"\n" +" Save profile configuration to a file:\n" +" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" +"\n" +" Search for profiles that do not store certificates:\n" +" ipa certprofile-find --store=false\n" +"\n" +"PROFILE CONFIGURATION FORMAT:\n" +"\n" +"The profile configuration format is the raw property-list format\n" +"used by Dogtag Certificate System. The XML format is not supported.\n" +"\n" +"The following restrictions apply to profiles managed by IPA:\n" +"\n" +"- When importing a profile the \"profileId\" field, if present, must\n" +" match the ID given on the command line.\n" +"\n" +"- The \"classId\" field must be set to \"caEnrollImpl\"\n" +"\n" +"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" +"\n" +"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" +" class must be used.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/certprofile.py:86 ipaserver/plugins/cert.py:283 +msgid "CA is not configured" +msgstr "" + +#: ipaserver/plugins/certprofile.py:95 +msgid "invalid Profile ID" +msgstr "" + +#: ipaserver/plugins/certprofile.py:106 ipaserver/plugins/certprofile.py:116 +msgid "Certificate Profile" +msgstr "" + +#: ipaserver/plugins/certprofile.py:107 ipaserver/plugins/certprofile.py:115 +msgid "Certificate Profiles" +msgstr "" + +#: ipaserver/plugins/certprofile.py:126 +msgid "Profile configuration" +msgstr "" + +#: ipaserver/plugins/certprofile.py:190 +#, python-format +msgid "%(count)d profile matched" +msgid_plural "%(count)d profiles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certprofile.py:222 +#, python-format +msgid "Imported profile \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certprofile.py:247 +#, python-format +msgid "Profile data specifies profileId multiple times: %(values)s" +msgstr "" + +#: ipaserver/plugins/certprofile.py:255 +#, python-format +msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'" +msgstr "" + +#: ipaserver/plugins/certprofile.py:282 +#, python-format +msgid "Deleted profile \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certprofile.py:289 +#, python-format +msgid "Predefined profile '%(profile_id)s' cannot be deleted" +msgstr "" + +#: ipaserver/plugins/certprofile.py:305 +#, python-format +msgid "Modified Certificate Profile \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certprofile.py:322 +msgid "Certificate profiles cannot be renamed" +msgstr "" + +#: ipaserver/plugins/certprofile.py:327 +msgid "Insufficient privilege to modify a certificate profile." +msgstr "" + +#: ipaserver/plugins/delegation.py:67 +msgid "delegation" +msgstr "" + +#: ipaserver/plugins/delegation.py:68 +msgid "delegations" +msgstr "" + +#: ipaserver/plugins/delegation.py:69 +msgid "Delegations" +msgstr "" + +#: ipaserver/plugins/delegation.py:70 +msgid "Delegation" +msgstr "" + +#: ipaserver/plugins/delegation.py:101 ipaserver/plugins/selfservice.py:94 +#: ipaserver/plugins/aci.py:514 ipaserver/plugins/permission.py:359 +msgid "ACI" +msgstr "" + +#: ipaserver/plugins/delegation.py:132 +#, python-format +msgid "Added delegation \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/delegation.py:153 +#, python-format +msgid "Deleted delegation \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/delegation.py:170 +#, python-format +msgid "Modified delegation \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/delegation.py:189 +#, python-format +msgid "%(count)d delegation matched" +msgid_plural "%(count)d delegations matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/dnsserver.py:35 +msgid "" +"\n" +"DNS server configuration\n" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:37 +msgid "" +"\n" +"Manipulate DNS server configuration\n" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:41 +msgid "" +"\n" +" Show configuration of a specific DNS server:\n" +" ipa dnsserver-show\n" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:44 +msgid "" +"\n" +" Update configuration of a specific DNS server:\n" +" ipa dnsserver-mod\n" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:62 +msgid "DNS server" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:63 +msgid "DNS servers" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:71 +msgid "DNS Servers" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:72 +msgid "DNS Server" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:113 +msgid "DNS Server name" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:119 +msgid "SOA mname override" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:120 +msgid "SOA mname (authoritative server) override" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:126 +msgid "Forwarders" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:128 +msgid "" +"Per-server forwarders. A custom port can be specified for each forwarder " +"using a standard format \"IP_ADDRESS port PORT\"" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:138 +msgid "" +"Per-server conditional forwarding policy. Set to \"none\" to disable " +"forwarding to global forwarder for this zone. In that case, conditional zone " +"forwarders are disregarded." +msgstr "" + +#: ipaserver/plugins/dnsserver.py:148 ipaserver/plugins/dns.py:2063 +#: ipaserver/plugins/dns.py:2237 ipaserver/plugins/dns.py:3210 +#: ipaserver/plugins/dns.py:4191 +msgid "DNS is not configured" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:154 +msgid "Modify DNS server configuration" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:157 +#, python-format +msgid "Modified DNS server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:162 +msgid "Search for DNS servers." +msgstr "" + +#: ipaserver/plugins/dnsserver.py:166 +#, python-format +msgid "%(count)d DNS server matched" +msgid_plural "%(count)d DNS servers matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/dnsserver.py:176 +msgid "IPA DNS Server is not installed" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:183 +msgid "Display configuration of a DNS server." +msgstr "" + +#: ipaserver/plugins/dnsserver.py:193 +msgid "Add a new DNS server." +msgstr "" + +#: ipaserver/plugins/dnsserver.py:196 +#, python-format +msgid "Added new DNS server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:205 +msgid "Delete a DNS server" +msgstr "" + +#: ipaserver/plugins/dnsserver.py:208 +#, python-format +msgid "Deleted DNS server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/domainlevel.py:69 +#, python-brace-format +msgid "" +"Domain Level cannot be raised to {0}, existing replication conflicts have to " +"be resolved." +msgstr "" + +#: ipaserver/plugins/domainlevel.py:112 +msgid "Server does not support domain level functionality" +msgstr "" + +#: ipaserver/plugins/domainlevel.py:147 +msgid "Domain Level cannot be lowered." +msgstr "" + +#: ipaserver/plugins/domainlevel.py:155 +#, python-brace-format +msgid "Domain Level cannot be raised to {0}, server {1} does not support it." +msgstr "" + +#: ipaserver/plugins/group.py:62 +msgid "" +"\n" +"Groups of users\n" +"\n" +"Manage groups of users, groups, or services. By default, new groups are " +"POSIX\n" +"groups. You can add the --nonposix option to the group-add command to mark " +"a\n" +"new group as non-POSIX. You can use the --posix argument with the group-mod\n" +"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot " +"be\n" +"converted to non-POSIX groups.\n" +"\n" +"Every group must have a description.\n" +"\n" +"POSIX groups must have a Group ID (GID) number. Changing a GID is\n" +"supported but can have an impact on your file permissions. It is not " +"necessary\n" +"to supply a GID when creating a group. IPA will generate one automatically\n" +"if it is not provided.\n" +"\n" +"Groups members can be users, other groups, and Kerberos services. In POSIX\n" +"environments only users will be visible as group members, but nested groups " +"and\n" +"groups of services can be used for IPA management purposes.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new group:\n" +" ipa group-add --desc='local administrators' localadmins\n" +"\n" +" Add a new non-POSIX group:\n" +" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" +"\n" +" Convert a non-POSIX group to posix:\n" +" ipa group-mod --posix remoteadmins\n" +"\n" +" Add a new POSIX group with a specific Group ID number:\n" +" ipa group-add --gid=500 --desc='unix admins' unixadmins\n" +"\n" +" Add a new POSIX group and let IPA assign a Group ID number:\n" +" ipa group-add --desc='printer admins' printeradmins\n" +"\n" +" Remove a group:\n" +" ipa group-del unixadmins\n" +"\n" +" To add the \"remoteadmins\" group to the \"localadmins\" group:\n" +" ipa group-add-member --groups=remoteadmins localadmins\n" +"\n" +" Add multiple users to the \"localadmins\" group:\n" +" ipa group-add-member --users=test1 --users=test2 localadmins\n" +"\n" +" To add Kerberos services to the \"printer admins\" group:\n" +" ipa group-add-member --services=CUPS/some.host printeradmins\n" +"\n" +" Remove a user from the \"localadmins\" group:\n" +" ipa group-remove-member --users=test2 localadmins\n" +"\n" +" Display information about a named group.\n" +" ipa group-show localadmins\n" +"\n" +"Group membership managers are users or groups that can add members to a\n" +"group or remove members from a group.\n" +"\n" +" Allow user \"test2\" to add or remove members from group \"localadmins\":\n" +" ipa group-add-member-manager --users=test2 localadmins\n" +"\n" +" Revoke membership management rights for user \"test2\" from " +"\"localadmins\":\n" +" ipa group-remove-member-manager --users=test2 localadmins\n" +"\n" +"External group membership is designed to allow users from trusted domains\n" +"to be mapped to local POSIX groups in order to actually use IPA resources.\n" +"External members should be added to groups that specifically created as\n" +"external and non-POSIX. Such group later should be included into one of " +"POSIX\n" +"groups.\n" +"\n" +"An external group member is currently a Security Identifier (SID) as defined " +"by\n" +"the trusted domain. When adding external group members, it is possible to\n" +"specify them in either SID, or DOM\\name, or name@domain format. IPA will " +"attempt\n" +"to resolve passed name to SID with the use of Global Catalog of the trusted " +"domain.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local POSIX " +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' ad_admins_external " +"--external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the " +"ad_admins_external\n" +" group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with ad_admins " +"POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see their " +"SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +msgstr "" + +#: ipaserver/plugins/group.py:195 +msgid "groups" +msgstr "" + +#: ipaserver/plugins/group.py:328 +msgid "User Group" +msgstr "" + +#: ipaserver/plugins/group.py:360 +#, python-format +msgid "Added group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:383 +msgid "gid cannot be set for external group" +msgstr "" + +#: ipaserver/plugins/group.py:395 +msgid "attribute \"gidNumber\" not allowed with --nonposix" +msgstr "" + +#: ipaserver/plugins/group.py:404 +#, python-format +msgid "Deleted group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:418 +msgid "privileged group" +msgstr "" + +#: ipaserver/plugins/group.py:451 +#, python-format +msgid "Modified group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:526 +#, python-format +msgid "%(count)d group matched" +msgid_plural "%(count)d groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/group.py:629 ipaserver/plugins/group.py:686 +#: ipaserver/plugins/hbactest.py:402 +msgid "" +"Cannot perform external member validation without Samba 4 support installed. " +"Make sure you have installed server-trust-ad sub-package of IPA on the server" +msgstr "" + +#: ipaserver/plugins/group.py:634 ipaserver/plugins/group.py:691 +#: ipaserver/plugins/trust.py:874 +msgid "" +"Cannot perform join operation without own domain configured. Make sure you " +"have run ipa-adtrust-install on the IPA server first" +msgstr "" + +#: ipaserver/plugins/group.py:725 +#, python-format +msgid "Detached group \"%(value)s\" from user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/group.py:750 +msgid "not allowed to modify user entries" +msgstr "" + +#: ipaserver/plugins/group.py:761 +msgid "not allowed to modify group entries" +msgstr "" + +#: ipaserver/plugins/group.py:781 +msgid "Not a managed group" +msgstr "" + +#: ipaserver/plugins/group.py:803 +msgid "Add users that can manage members of this group." +msgstr "" + +#: ipaserver/plugins/group.py:811 +msgid "Remove users that can manage members of this group." +msgstr "" + +#: ipaserver/plugins/hbac.py:7 +msgid "Host-based access control commands" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:28 +msgid "" +"\n" +"HBAC Services\n" +"\n" +"The PAM services that HBAC can control access to. The name used here\n" +"must match the service name that PAM is evaluating.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new HBAC service:\n" +" ipa hbacsvc-add tftp\n" +"\n" +" Modify an existing HBAC service:\n" +" ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n" +"\n" +" Search for HBAC services. This example will return two results, the FTP\n" +" service and the newly-added tftp service:\n" +" ipa hbacsvc-find ftp\n" +"\n" +" Delete an HBAC service:\n" +" ipa hbacsvc-del tftp\n" +"\n" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:62 +msgid "HBAC services" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:95 ipaserver/plugins/hbacrule.py:286 +msgid "HBAC Services" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:96 +msgid "HBAC Service" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:119 +#, python-format +msgid "Added HBAC service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:127 +#, python-format +msgid "Deleted HBAC service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:135 +#, python-format +msgid "Modified HBAC service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvc.py:144 +#, python-format +msgid "%(count)d HBAC service matched" +msgid_plural "%(count)d HBAC services matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hbacsvcgroup.py:64 +msgid "HBAC service group" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:65 +msgid "HBAC service groups" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:108 ipaserver/plugins/hbacrule.py:290 +msgid "HBAC Service Groups" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:109 +msgid "HBAC Service Group" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:131 +#, python-format +msgid "Added HBAC service group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:139 +#, python-format +msgid "Deleted HBAC service group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:147 +#, python-format +msgid "Modified HBAC service group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacsvcgroup.py:156 +#, python-format +msgid "%(count)d HBAC service group matched" +msgid_plural "%(count)d HBAC service groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hostgroup.py:35 +msgid "" +"\n" +"Groups of hosts.\n" +"\n" +"Manage groups of hosts. This is useful for applying access control to a\n" +"number of hosts by using Host-based Access Control.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new host group:\n" +" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" +"\n" +" Add another new host group:\n" +" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" +"\n" +" Add members to the hostgroup (using Bash brace expansion):\n" +" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" +"\n" +" Add a hostgroup as a member of another hostgroup:\n" +" ipa hostgroup-add-member --hostgroups=baltimore maryland\n" +"\n" +" Remove a host from the hostgroup:\n" +" ipa hostgroup-remove-member --hosts=box2 baltimore\n" +"\n" +" Display a host group:\n" +" ipa hostgroup-show baltimore\n" +"\n" +" Add a member manager:\n" +" ipa hostgroup-add-member-manager --users=user1 baltimore\n" +"\n" +" Remove a member manager\n" +" ipa hostgroup-remove-member-manager --users=user1 baltimore\n" +"\n" +" Delete a hostgroup:\n" +" ipa hostgroup-del baltimore\n" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:107 +msgid "host groups" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:179 +msgid "Host Group" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:223 +#, python-format +msgid "Added hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:239 +#, python-format +msgid "" +"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a " +"common namespace" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:262 +#, python-format +msgid "Deleted hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:266 ipaserver/plugins/hostgroup.py:284 +#: ipaserver/plugins/hostgroup.py:349 +msgid "hostgroup" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:268 ipaserver/plugins/hostgroup.py:286 +msgid "privileged hostgroup" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:278 +#, python-format +msgid "Modified hostgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hostgroup.py:303 +#, python-format +msgid "%(count)d hostgroup matched" +msgid_plural "%(count)d hostgroups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hostgroup.py:362 +msgid "Add users that can manage members of this hostgroup." +msgstr "" + +#: ipaserver/plugins/hostgroup.py:372 +msgid "Remove users that can manage members of this hostgroup." +msgstr "" + +#: ipaserver/plugins/idrange.py:43 +msgid "" +"=======\n" +"WARNING:\n" +"\n" +"DNA plugin in 389-ds will allocate IDs based on the ranges configured for " +"the\n" +"local domain. Currently the DNA plugin *cannot* be reconfigured itself " +"based\n" +"on the local ranges set via this family of commands.\n" +"\n" +"Manual configuration change has to be done in the DNA plugin configuration " +"for\n" +"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" +"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " +"be\n" +"modified to match the new range.\n" +"=======\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:57 +msgid "" +"\n" +"ID ranges\n" +"\n" +"Manage ID ranges used to map Posix IDs to SIDs and back.\n" +"\n" +"There are two type of ID ranges which are both handled by this utility:\n" +"\n" +" - the ID ranges of the local domain\n" +" - the ID ranges of trusted remote domains\n" +"\n" +"Both types have the following attributes in common:\n" +"\n" +" - base-id: the first ID of the Posix ID range\n" +" - range-size: the size of the range\n" +"\n" +"With those two attributes a range object can reserve the Posix IDs starting\n" +"with base-id up to but not including base-id+range-size exclusively.\n" +"\n" +"Additionally an ID range of the local domain may set\n" +" - rid-base: the first RID(*) of the corresponding RID range\n" +" - secondary-rid-base: first RID of the secondary RID range\n" +"\n" +"and an ID range of a trusted domain must set\n" +" - rid-base: the first RID of the corresponding RID range\n" +" - sid: domain SID of the trusted domain\n" +"\n" +"and an ID range of a trusted domain may set\n" +" - auto-private-groups: [true|false|hybrid] automatic creation of private " +"groups\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for a trusted domain\n" +"\n" +"Since there might be more than one trusted domain the domain SID must be " +"given\n" +"while creating the ID range.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n" +" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" +"\n" +"This ID range is then used by the IPA server and the SSSD IPA provider to\n" +"assign Posix UIDs to users from the trusted domain.\n" +"\n" +"If e.g. a range for a trusted domain is configured with the following " +"values:\n" +" base-id = 1200000\n" +" range-size = 200000\n" +" rid-base = 0\n" +"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " +"So\n" +"RID 1000 <-> Posix ID 1201000\n" +"\n" +"\n" +"\n" +"EXAMPLE: Add a new ID range for the local domain\n" +"\n" +"To create an ID range for the local domain it is not necessary to specify a\n" +"domain SID. But since it is possible that a user and a group can have the " +"same\n" +"value as Posix ID a second RID interval is needed to handle conflicts.\n" +"\n" +" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n" +" --secondary-rid-base=1000000 local_range\n" +"\n" +"The data from the ID ranges of the local domain are used by the IPA server\n" +"internally to assign SIDs to IPA users and groups. The SID will then be " +"stored\n" +"in the user or group objects.\n" +"\n" +"If e.g. the ID range for the local domain is configured with the values " +"from\n" +"the example above then a new user with the UID 1200007 will get the RID " +"1007.\n" +"If this RID is already used by a group the RID will be 1000007. This can " +"only\n" +"happen if a user or a group object was created with a fixed ID because the\n" +"automatic assignment will not assign the same ID twice. Since there are " +"only\n" +"users and groups sharing the same ID namespace it is sufficient to have " +"only\n" +"one fallback range to handle conflicts.\n" +"\n" +"To find the Posix ID for a given RID from the local domain it has to be\n" +"checked first if the RID falls in the primary or secondary RID range and\n" +"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" +"and the base-id has to be added to get the Posix ID.\n" +"\n" +"Typically the creation of ID ranges happens behind the scenes and this CLI\n" +"must not be used at all. The ID range for the local domain will be created\n" +"during installation or upgrade from an older version. The ID range for a\n" +"trusted domain will be created together with the trust by 'ipa trust-" +"add ...'.\n" +"\n" +"USE CASES:\n" +"\n" +" Add an ID range from a transitively trusted domain\n" +"\n" +" If the trusted domain (A) trusts another domain (B) as well and this " +"trust\n" +" is transitive 'ipa trust-add domain-A' will only create a range for\n" +" domain A. The ID range for domain B must be added manually.\n" +"\n" +" Add an additional ID range for the local domain\n" +"\n" +" If the ID range of the local domain is exhausted, i.e. no new IDs can " +"be\n" +" assigned to Posix users or groups by the DNA plugin, a new range has to " +"be\n" +" created to allow new users and groups to be added. (Currently there is " +"no\n" +" connection between this range CLI and the DNA plugin, but a future " +"version\n" +" might be able to modify the configuration of the DNS plugin as well)\n" +"\n" +"In general it is not necessary to modify or delete ID ranges. If there is " +"no\n" +"other way to achieve a certain configuration than to modify or delete an ID\n" +"range it should be done with great care. Because UIDs are stored in the " +"file\n" +"system and are used for access control it might be possible that users are\n" +"allowed to access files of other users if an ID range got deleted and " +"reused\n" +"for a different domain.\n" +"\n" +"(*) The RID is typically the last integer of a user or group SID which " +"follows\n" +"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " +"from\n" +"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " +"the\n" +"user. RIDs are unique in a domain, 32bit values and are used for users and\n" +"groups.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:202 +msgid "ID Ranges" +msgstr "" + +#: ipaserver/plugins/idrange.py:203 +msgid "ID Range" +msgstr "" + +#: ipaserver/plugins/idrange.py:207 +msgid "local domain range" +msgstr "" + +#: ipaserver/plugins/idrange.py:210 ipaserver/plugins/trust.py:675 +msgid "Active Directory domain range" +msgstr "" + +#: ipaserver/plugins/idrange.py:211 ipaserver/plugins/trust.py:676 +msgid "Active Directory trust range with POSIX attributes" +msgstr "" + +#: ipaserver/plugins/idrange.py:255 +msgid "ID range type, one of allowed values" +msgstr "" + +#: ipaserver/plugins/idrange.py:260 ipaserver/plugins/internal.py:1250 +msgid "Auto private groups" +msgstr "" + +#: ipaserver/plugins/idrange.py:262 +msgid "Auto creation of private groups, one of allowed values" +msgstr "" + +#: ipaserver/plugins/idrange.py:336 +msgid "" +"range modification leaving objects with ID out of the defined range is not " +"allowed" +msgstr "" + +#: ipaserver/plugins/idrange.py:341 +msgid "" +"Cannot perform SID validation without Samba 4 support installed. Make sure " +"you have installed server-trust-ad sub-package of IPA on the server" +msgstr "" + +#: ipaserver/plugins/idrange.py:348 +msgid "" +"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-" +"install on the IPA server first" +msgstr "" + +#: ipaserver/plugins/idrange.py:360 +msgid "SID is not recognized as a valid SID for a trusted domain" +msgstr "" + +#: ipaserver/plugins/idrange.py:397 +msgid "" +"\n" +" Add new ID range.\n" +"\n" +" To add a new ID range you always have to specify\n" +"\n" +" --base-id\n" +" --range-size\n" +"\n" +" Additionally\n" +"\n" +" --rid-base\n" +" --secondary-rid-base\n" +"\n" +" may be given for a new ID range for the local domain while\n" +"\n" +" --auto-private-groups\n" +"\n" +" may be given for a new ID range for a trusted AD domain and\n" +"\n" +" --rid-base\n" +" --dom-sid\n" +"\n" +" must be given to add a new range for a trusted AD domain.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:423 +#, python-format +msgid "Added ID range \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idrange.py:435 ipaserver/plugins/idrange.py:698 +msgid "Options dom-sid and dom-name cannot be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:446 +msgid "Specified trusted domain name could not be found." +msgstr "" + +#: ipaserver/plugins/idrange.py:461 +msgid "Options dom-sid/dom-name and rid-base must be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:468 ipaserver/plugins/idrange.py:733 +msgid "" +"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix" +msgstr "" + +#: ipaserver/plugins/idrange.py:475 +msgid "" +"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of " +"the trusted domain is specified" +msgstr "" + +#: ipaserver/plugins/idrange.py:481 +msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:500 +msgid "" +"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when " +"SID of the trusted domain is not specified." +msgstr "" + +#: ipaserver/plugins/idrange.py:510 +msgid "" +"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when auto-" +"private-groups is specified" +msgstr "" + +#: ipaserver/plugins/idrange.py:517 ipaserver/plugins/idrange.py:752 +msgid "Options secondary-rid-base and rid-base must be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:527 ipaserver/plugins/idrange.py:775 +msgid "Primary RID range and secondary RID range cannot overlap" +msgstr "" + +#: ipaserver/plugins/idrange.py:539 +msgid "" +"You must specify both rid-base and secondary-rid-base options, because ipa-" +"adtrust-install has already been run." +msgstr "" + +#: ipaserver/plugins/idrange.py:558 +#, python-format +msgid "Deleted ID range \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idrange.py:607 +#, python-format +msgid "%(count)d range matched" +msgid_plural "%(count)d ranges matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idrange.py:643 +msgid "" +"Modify ID range.\n" +"\n" +msgstr "" + +#: ipaserver/plugins/idrange.py:647 +#, python-format +msgid "Modified ID range \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idrange.py:682 +msgid "" +"This command can not be used to change ID allocation for local IPA domain. " +"Run `ipa help idrange` for more information" +msgstr "" + +#: ipaserver/plugins/idrange.py:710 +msgid "" +"SID for the specified trusted domain name could not be found. Please specify " +"the SID directly using dom-sid option." +msgstr "" + +#: ipaserver/plugins/idrange.py:717 +msgid "Options dom-sid and secondary-rid-base cannot be used together" +msgstr "" + +#: ipaserver/plugins/idrange.py:724 +msgid "Options dom-sid and rid-base must be used together" +msgstr "" + +#: ipaserver/plugins/join.py:125 +#, python-format +msgid "" +"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry " +"'%s'." +msgstr "" + +#: ipaserver/plugins/location.py:33 +msgid "" +"\n" +"IPA locations\n" +msgstr "" + +#: ipaserver/plugins/location.py:35 +msgid "" +"\n" +"Manipulate DNS locations\n" +msgstr "" + +#: ipaserver/plugins/location.py:39 +msgid "" +"\n" +" Find all locations:\n" +" ipa location-find\n" +msgstr "" + +#: ipaserver/plugins/location.py:42 +msgid "" +"\n" +" Show specific location:\n" +" ipa location-show location\n" +msgstr "" + +#: ipaserver/plugins/location.py:45 +msgid "" +"\n" +" Add location:\n" +" ipa location-add location --description 'My location'\n" +msgstr "" + +#: ipaserver/plugins/location.py:48 +msgid "" +"\n" +" Delete location:\n" +" ipa location-del location\n" +msgstr "" + +#: ipaserver/plugins/location.py:62 +msgid "location" +msgstr "" + +#: ipaserver/plugins/location.py:63 +msgid "locations" +msgstr "" + +#: ipaserver/plugins/location.py:69 +msgid "IPA Locations" +msgstr "" + +#: ipaserver/plugins/location.py:70 +msgid "IPA Location" +msgstr "" + +#: ipaserver/plugins/location.py:103 +msgid "Location name" +msgstr "" + +#: ipaserver/plugins/location.py:104 +msgid "IPA location name" +msgstr "" + +#: ipaserver/plugins/location.py:112 +msgid "IPA Location description" +msgstr "" + +#: ipaserver/plugins/location.py:116 +msgid "Servers" +msgstr "" + +#: ipaserver/plugins/location.py:117 +msgid "Servers that belongs to the IPA location" +msgstr "" + +#: ipaserver/plugins/location.py:122 +msgid "Advertised by servers" +msgstr "" + +#: ipaserver/plugins/location.py:123 +msgid "List of servers which advertise the given location" +msgstr "" + +#: ipaserver/plugins/location.py:138 +msgid "Add a new IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:140 +#, python-format +msgid "Added IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:145 +msgid "Delete an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:147 +#, python-format +msgid "Deleted IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:157 ipaserver/plugins/server.py:71 +#: ipaserver/plugins/internal.py:1959 +msgid "IPA Server" +msgstr "" + +#: ipaserver/plugins/location.py:170 +msgid "Modify information about an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:172 +#, python-format +msgid "Modified IPA location \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/location.py:177 +msgid "Search for IPA locations." +msgstr "" + +#: ipaserver/plugins/location.py:180 +#, python-format +msgid "%(count)d IPA location matched" +msgid_plural "%(count)d IPA locations matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/location.py:187 +msgid "Display information about an IPA location." +msgstr "" + +#: ipaserver/plugins/location.py:193 +msgid "Servers in location" +msgstr "" + +#: ipaserver/plugins/netgroup.py:103 +msgid "netgroups" +msgstr "" + +#: ipaserver/plugins/netgroup.py:196 ipaserver/plugins/internal.py:1176 +msgid "Netgroups" +msgstr "" + +#: ipaserver/plugins/netgroup.py:197 +msgid "Netgroup" +msgstr "" + +#: ipaserver/plugins/netgroup.py:266 +#, python-format +msgid "Added netgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/netgroup.py:268 +#, python-format +msgid "" +"hostgroup with name \"%s\" already exists. Hostgroups and netgroups share a " +"common namespace" +msgstr "" + +#: ipaserver/plugins/netgroup.py:301 +#, python-format +msgid "Deleted netgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/netgroup.py:310 +#, python-format +msgid "Modified netgroup \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/netgroup.py:321 ipaserver/plugins/caacl.py:294 +#: ipaserver/plugins/hbacrule.py:345 +msgid "user category cannot be set to 'all' while there are allowed users" +msgstr "" + +#: ipaserver/plugins/netgroup.py:326 ipaserver/plugins/caacl.py:298 +#: ipaserver/plugins/hbacrule.py:350 +msgid "host category cannot be set to 'all' while there are allowed hosts" +msgstr "" + +#: ipaserver/plugins/netgroup.py:339 +#, python-format +msgid "%(count)d netgroup matched" +msgid_plural "%(count)d netgroups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/otp.py:7 +msgid "One time password commands" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:57 +msgid "OTP configuration options" +msgstr "" + +#: ipaserver/plugins/otpconfig.py:80 ipaserver/plugins/otpconfig.py:81 +msgid "OTP Configuration" +msgstr "" + +#: ipaserver/plugins/otptoken.py:42 +msgid "" +"\n" +"OTP Tokens\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:44 +msgid "" +"\n" +"Manage OTP tokens.\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:46 +msgid "" +"\n" +"IPA supports the use of OTP tokens for multi-factor authentication. This\n" +"code enables the management of OTP tokens.\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:51 +msgid "" +"\n" +" Add a new token:\n" +" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:54 +msgid "" +"\n" +" Examine the token:\n" +" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:57 +msgid "" +"\n" +" Change the vendor:\n" +" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red " +"Hat\"\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:60 +msgid "" +"\n" +" Delete a token:\n" +" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" +msgstr "" + +#: ipaserver/plugins/otptoken.py:137 +msgid "OTP token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:138 +msgid "OTP tokens" +msgstr "" + +#: ipaserver/plugins/otptoken.py:154 +msgid "OTP Tokens" +msgstr "" + +#: ipaserver/plugins/otptoken.py:155 +msgid "OTP Token" +msgstr "" + +#: ipaserver/plugins/otptoken.py:272 +msgid "URI" +msgstr "" + +#: ipaserver/plugins/otptoken.py:281 +#, python-format +msgid "Added OTP token \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/otptoken.py:335 +msgid "cannot be empty" +msgstr "" + +#: ipaserver/plugins/otptoken.py:367 +#, python-format +msgid "Deleted OTP token \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/otptoken.py:373 +#, python-format +msgid "Modified OTP token \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/otptoken.py:422 +#, python-format +msgid "%(count)d OTP token matched" +msgid_plural "%(count)d OTP tokens matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/passwd.py:40 +msgid "" +"\n" +"Set a user's password\n" +"\n" +"If someone other than a user changes that user's password (e.g., Helpdesk\n" +"resets it) then the password will need to be changed the first time it\n" +"is used. This is so the end-user is the only one who knows the password.\n" +"\n" +"The IPA password policy controls how often a password may be changed,\n" +"what strength requirements exist, and the length of the password history.\n" +"\n" +"If the user authentication method is set to password+OTP, the user should\n" +"pass the --otp option when resetting the password.\n" +"\n" +"EXAMPLES:\n" +"\n" +" To reset your own password:\n" +" ipa passwd\n" +"\n" +" To reset your own password when password+OTP is set as authentication " +"method:\n" +" ipa passwd --otp\n" +"\n" +" To change another user's password:\n" +" ipa passwd tuser1\n" +msgstr "" + +#: ipaserver/plugins/passwd.py:114 +msgid "The OTP if the user has a token configured" +msgstr "" + +#: ipaserver/plugins/passwd.py:120 +#, python-format +msgid "Changed password for \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/pkinit.py:13 +msgid "" +"\n" +"Kerberos PKINIT feature status reporting tools.\n" +"\n" +"Report IPA masters on which Kerberos PKINIT is enabled or disabled\n" +"\n" +"EXAMPLES:\n" +" List PKINIT status on all masters:\n" +" ipa pkinit-status\n" +"\n" +" Check PKINIT status on `ipa.example.com`:\n" +" ipa pkinit-status --server ipa.example.com\n" +"\n" +" List all IPA masters with disabled PKINIT:\n" +" ipa pkinit-status --status='disabled'\n" +"\n" +"For more info about PKINIT support see:\n" +"\n" +"https://www.freeipa.org/page/V4/Kerberos_PKINIT\n" +msgstr "" + +#: ipaserver/plugins/pkinit.py:39 +msgid "pkinit" +msgstr "" + +#: ipaserver/plugins/pkinit.py:41 ipaserver/plugins/internal.py:192 +msgid "PKINIT" +msgstr "" + +#: ipaserver/plugins/pkinit.py:53 +msgid "PKINIT status" +msgstr "" + +#: ipaserver/plugins/pkinit.py:54 +msgid "Whether PKINIT is enabled or disabled" +msgstr "" + +#: ipaserver/plugins/pkinit.py:63 +msgid "Report PKINIT status on the IPA masters" +msgstr "" + +#: ipaserver/plugins/pkinit.py:65 +#, python-format +msgid "%(count)s server matched" +msgid_plural "%(count)s servers matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/radiusproxy.py:35 +msgid "" +"\n" +"RADIUS Proxy Servers\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:37 +msgid "" +"\n" +"Manage RADIUS Proxy Servers.\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:39 +msgid "" +"\n" +"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n" +"authentications. This permits a great deal of flexibility when\n" +"integrating with third-party authentication services.\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:45 +msgid "" +"\n" +" Add a new server:\n" +" ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:48 +msgid "" +"\n" +" Find all servers whose entries include the string \"example.com\":\n" +" ipa radiusproxy-find example.com\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:51 +msgid "" +"\n" +" Examine the configuration:\n" +" ipa radiusproxy-show MyRADIUS\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:54 +msgid "" +"\n" +" Change the secret:\n" +" ipa radiusproxy-mod MyRADIUS --secret\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:57 +msgid "" +"\n" +" Delete a configuration:\n" +" ipa radiusproxy-del MyRADIUS\n" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:68 +msgid "invalid attribute name" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:80 +msgid "invalid port number" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:98 +msgid "RADIUS proxy server" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:99 +msgid "RADIUS proxy servers" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:106 +msgid "RADIUS Servers" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:107 +msgid "RADIUS Server" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:172 +#, python-format +msgid "Added RADIUS proxy server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:177 +#, python-format +msgid "Deleted RADIUS proxy server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:182 +#, python-format +msgid "Modified RADIUS proxy server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/radiusproxy.py:188 +#, python-format +msgid "%(count)d RADIUS proxy server matched" +msgid_plural "%(count)d RADIUS proxy servers matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/realmdomains.py:34 +msgid "" +"\n" +"Realm domains\n" +"\n" +"Manage the list of domains associated with IPA realm.\n" +"\n" +"This list is useful for Domain Controllers from other realms which have\n" +"established trust with this IPA realm. They need the information to know\n" +"which request should be forwarded to KDC of this IPA realm.\n" +"\n" +"Automatic management: a domain is automatically added to the realm domains\n" +"list when a new DNS Zone managed by IPA is created. Same applies for " +"deletion.\n" +"\n" +"Externally managed DNS: domains which are not managed in IPA server DNS\n" +"need to be manually added to the list using ipa realmdomains-mod command.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Display the current list of realm domains:\n" +" ipa realmdomains-show\n" +"\n" +" Replace the list of realm domains:\n" +" ipa realmdomains-mod --domain=example.com\n" +" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" +"\n" +" Add a domain to the list of realm domains:\n" +" ipa realmdomains-mod --add-domain=newdomain.com\n" +"\n" +" Delete a domain from the list of realm domains:\n" +" ipa realmdomains-mod --del-domain=olddomain.com\n" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:85 +msgid "Realm domains" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:107 ipaserver/plugins/realmdomains.py:108 +#: ipaserver/plugins/internal.py:1271 +msgid "Realm Domains" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:134 +msgid "" +"\n" +" Modify realm domains\n" +"\n" +" DNS check: When manually adding a domain to the list, a DNS check is\n" +" performed by default. It ensures that the domain is associated with\n" +" the IPA realm, by checking whether the domain has a _kerberos TXT " +"record\n" +" containing the IPA realm name. This check can be skipped by specifying\n" +" --force option.\n" +"\n" +" Removal: when a realm domain which has a matching DNS zone managed by\n" +" IPA is being removed, a corresponding _kerberos TXT record in the zone " +"is\n" +" removed automatically as well. Other records in the zone or the zone\n" +" itself are not affected.\n" +" " +msgstr "" + +#: ipaserver/plugins/realmdomains.py:177 +#, python-format +msgid "" +"DNS zone for each realmdomain must contain SOA or NS records. No records " +"found for: %s" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:203 +#, python-format +msgid "The following domains do not belong to this realm: %(domains)s" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:218 +#, python-format +msgid "" +"The realm of the following domains could not be detected: %(domains)s. If " +"these are domains that belong to the this realm, please create a _kerberos " +"TXT record containing \"%(realm)s\" in each of them." +msgstr "" + +#: ipaserver/plugins/realmdomains.py:241 +msgid "" +"The --domain option cannot be used together with --add-domain or --del-" +"domain. Use --domain to specify the whole realm domain list explicitly, to " +"add/remove individual domains, use --add-domain/del-domain." +msgstr "" + +#: ipaserver/plugins/realmdomains.py:252 +msgid "IPA server domain cannot be omitted" +msgstr "" + +#: ipaserver/plugins/realmdomains.py:274 +msgid "IPA server domain cannot be deleted" +msgstr "" + +#: ipaserver/plugins/role.py:82 ipaserver/plugins/serverrole.py:186 +msgid "roles" +msgstr "" + +#: ipaserver/plugins/role.py:143 +msgid "Role" +msgstr "" + +#: ipaserver/plugins/role.py:164 +#, python-format +msgid "Added role \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/role.py:172 +#, python-format +msgid "Deleted role \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/role.py:180 +#, python-format +msgid "Modified role \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/role.py:189 +#, python-format +msgid "%(count)d role matched" +msgid_plural "%(count)d roles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/selfservice.py:68 +msgid "self service permission" +msgstr "" + +#: ipaserver/plugins/selfservice.py:69 +msgid "self service permissions" +msgstr "" + +#: ipaserver/plugins/selfservice.py:70 +msgid "Self Service Permissions" +msgstr "" + +#: ipaserver/plugins/selfservice.py:71 +msgid "Self Service Permission" +msgstr "" + +#: ipaserver/plugins/selfservice.py:124 +#, python-format +msgid "Added selfservice \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selfservice.py:146 +#, python-format +msgid "Deleted selfservice \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selfservice.py:163 +#, python-format +msgid "Modified selfservice \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selfservice.py:185 +#, python-format +msgid "%(count)d selfservice matched" +msgid_plural "%(count)d selfservices matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/serverrole.py:13 +msgid "" +"\n" +"IPA server roles\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:15 +msgid "" +"\n" +"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:17 +msgid "" +"\n" +"The status of a role is either enabled, configured, or absent.\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:21 +msgid "" +"\n" +" Show status of 'DNS server' role on a server:\n" +" ipa server-role-show ipa.example.com \"DNS server\"\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:24 +msgid "" +"\n" +" Show status of all roles containing 'AD' on a server:\n" +" ipa server-role-find --server ipa.example.com --role=\"AD trust " +"controller\"\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:27 +msgid "" +"\n" +" Show status of all configured roles on a server:\n" +" ipa server-role-find ipa.example.com\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:30 +msgid "" +"\n" +" Show implicit IPA master role:\n" +" ipa server-role-find --include-master\n" +msgstr "" + +#: ipaserver/plugins/serverrole.py:46 +msgid "server role" +msgstr "" + +#: ipaserver/plugins/serverrole.py:47 +msgid "server roles" +msgstr "" + +#: ipaserver/plugins/serverrole.py:51 +msgid "IPA Server Roles" +msgstr "" + +#: ipaserver/plugins/serverrole.py:52 +msgid "IPA Server Role" +msgstr "" + +#: ipaserver/plugins/serverrole.py:65 +msgid "IPA server role name" +msgstr "" + +#: ipaserver/plugins/serverrole.py:71 +msgid "Role status" +msgstr "" + +#: ipaserver/plugins/serverrole.py:72 +msgid "Status of the role" +msgstr "" + +#: ipaserver/plugins/serverrole.py:89 +msgid "Show role status on a server" +msgstr "" + +#: ipaserver/plugins/serverrole.py:113 +msgid "Find a server role on a server(s)" +msgstr "" + +#: ipaserver/plugins/serverrole.py:118 +#, python-format +msgid "%(count)s server role matched" +msgid_plural "%(count)s server roles matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/serverrole.py:139 +msgid "Include IPA master entries" +msgstr "" + +#: ipaserver/plugins/serverrole.py:192 +msgid "IPA role name" +msgstr "" + +#: ipaserver/plugins/serverroles.py:84 +#, python-brace-format +msgid "{role}: role not found" +msgstr "" + +#: ipaserver/plugins/serverroles.py:178 +#, python-brace-format +msgid "{attr}: no such attribute" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:26 +msgid "" +"\n" +"Service Constrained Delegation\n" +"\n" +"Manage rules to allow constrained delegation of credentials so\n" +"that a service can impersonate a user when communicating with another\n" +"service without requiring the user to actually forward their TGT.\n" +"This makes for a much better method of delegating credentials as it\n" +"prevents exposure of the short term secret of the user.\n" +"\n" +"The naming convention is to append the word \"target\" or \"targets\" to\n" +"a matching rule name. This is not mandatory but helps conceptually\n" +"to associate rules and targets.\n" +"\n" +"A rule consists of two things:\n" +" - A list of targets the rule applies to\n" +" - A list of memberPrincipals that are allowed to delegate for\n" +" those targets\n" +"\n" +"A target consists of a list of principals that can be delegated.\n" +"\n" +"In English, a rule says that this principal can delegate as this\n" +"list of principals, as defined by these targets.\n" +"\n" +"In both a rule and a target Kerberos principals may be specified\n" +"by their name or an alias and the realm can be omitted. Additionally,\n" +"hosts can be specified by their names. If Kerberos principal specified\n" +"has a single component and does not end with '$' sign, it will be treated\n" +"as a host name. Kerberos principal names ending with '$' are typically\n" +"used as aliases for Active Directory-related services.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new constrained delegation rule:\n" +" ipa servicedelegationrule-add ftp-delegation\n" +"\n" +" Add a new constrained delegation target:\n" +" ipa servicedelegationtarget-add ftp-delegation-target\n" +"\n" +" Add a principal to the rule:\n" +" ipa servicedelegationrule-add-member --principals=ftp/ipa.example." +"com ftp-delegation\n" +"\n" +" Add a host principal of the host 'ipa.example.com' to the rule:\n" +" ipa servicedelegationrule-add-member --principals=ipa.example.com " +"ftp-delegation\n" +"\n" +" Add our target to the rule:\n" +" ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-" +"delegation-target ftp-delegation\n" +"\n" +" Add a principal to the target:\n" +" ipa servicedelegationtarget-add-member --principals=ldap/ipa.example." +"com ftp-delegation-target\n" +"\n" +" Display information about a named delegation rule and target:\n" +" ipa servicedelegationrule_show ftp-delegation\n" +" ipa servicedelegationtarget_show ftp-delegation-target\n" +"\n" +" Remove a constrained delegation:\n" +" ipa servicedelegationrule-del ftp-delegation-target\n" +" ipa servicedelegationtarget-del ftp-delegation\n" +"\n" +"In this example the ftp service can get a TGT for the ldap service on\n" +"the bound user's behalf.\n" +"\n" +"It is strongly discouraged to modify the delegations that ship with\n" +"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n" +"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n" +"to delegate, causing the framework to stop functioning.\n" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:172 +msgid "Allowed to Impersonate" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:177 +msgid "Member principals" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:189 +#, python-format +msgid "Malformed principal: %(error)s" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:199 +msgid "Add target to a named service delegation." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:213 +#: ipaserver/plugins/servicedelegation.py:303 +#: ipaserver/plugins/baseldap.py:1720 +#, python-format +msgid "member %s" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:287 +msgid "Remove member from a named service delegation." +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:378 +#: ipaserver/plugins/servicedelegation.py:411 +msgid "service delegation rule" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:379 +msgid "service delegation rules" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:390 +msgid "Service delegation rules" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:391 +msgid "Service delegation rule" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:398 +#, python-format +msgid "Added service delegation rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:405 +#, python-format +msgid "Deleted service delegation \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:413 +msgid "privileged service delegation rule" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:423 +#, python-format +msgid "%(count)d service delegation rule matched" +msgid_plural "%(count)d service delegation rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/servicedelegation.py:471 +#: ipaserver/plugins/servicedelegation.py:500 +msgid "service delegation target" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:472 +msgid "service delegation targets" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:479 +msgid "Service delegation targets" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:480 +msgid "Service delegation target" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:487 +#, python-format +msgid "Added service delegation target \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:494 +#, python-format +msgid "Deleted service delegation target \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:502 +msgid "privileged service delegation target" +msgstr "" + +#: ipaserver/plugins/servicedelegation.py:512 +#, python-format +msgid "%(count)d service delegation target matched" +msgid_plural "%(count)d service delegation targets matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/session.py:12 +msgid "" +"\n" +"Session Support for IPA\n" +msgstr "" + +#: ipaserver/plugins/subid.py:29 +msgid "" +"\n" +"Subordinate ids\n" +"\n" +"Manage subordinate user and group ids for users\n" +"\n" +"EXAMPLES:\n" +"\n" +" Auto-assign a subordinate id range to current user\n" +" ipa subid-generate\n" +"\n" +" Auto-assign a subordinate id range to user alice:\n" +" ipa subid-generate --owner=alice\n" +"\n" +" Find subordinate ids for user alice:\n" +" ipa subid-find --owner=alice\n" +"\n" +" Match entry by any subordinate uid in range:\n" +" ipa subid-match --subuid=2147483649\n" +msgstr "" + +#: ipaserver/plugins/subid.py:59 ipaserver/plugins/subid.py:62 +msgid "Subordinate id" +msgstr "" + +#: ipaserver/plugins/subid.py:60 ipaserver/plugins/subid.py:61 +msgid "Subordinate ids" +msgstr "" + +#: ipaserver/plugins/subid.py:144 +msgid "Subordinate id description" +msgstr "" + +#: ipaserver/plugins/subid.py:150 ipaserver/plugins/subid.py:468 +msgid "Owning user of subordinate id entry" +msgstr "" + +#: ipaserver/plugins/subid.py:155 ipaserver/plugins/internal.py:1387 +msgid "SubUID range start" +msgstr "" + +#: ipaserver/plugins/subid.py:157 +msgid "Start value for subordinate user ID (subuid) range" +msgstr "" + +#: ipaserver/plugins/subid.py:164 ipaserver/plugins/internal.py:1386 +msgid "SubUID range size" +msgstr "" + +#: ipaserver/plugins/subid.py:166 +msgid "Subordinate user ID count" +msgstr "" + +#: ipaserver/plugins/subid.py:173 ipaserver/plugins/internal.py:1385 +msgid "SubGID range start" +msgstr "" + +#: ipaserver/plugins/subid.py:175 +msgid "Start value for subordinate group ID (subgid) range" +msgstr "" + +#: ipaserver/plugins/subid.py:182 ipaserver/plugins/internal.py:1384 +msgid "SubGID range size" +msgstr "" + +#: ipaserver/plugins/subid.py:184 +msgid "Subordinate group ID count" +msgstr "" + +#: ipaserver/plugins/subid.py:213 +#, python-format +msgid "" +"%(oname)s with with name \"%(pkey)s\" or for user \"%(uid)s\" already exists." +msgstr "" + +#: ipaserver/plugins/subid.py:246 +#, python-format +msgid "'%(dn)s is not a valid user" +msgstr "" + +#: ipaserver/plugins/subid.py:278 +msgid "subgidnumber must be equal to subuidnumber" +msgstr "" + +#: ipaserver/plugins/subid.py:351 +msgid "Add a new subordinate id." +msgstr "" + +#: ipaserver/plugins/subid.py:352 +#, python-format +msgid "Added subordinate id \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/subid.py:384 +msgid "Delete a subordinate id." +msgstr "" + +#: ipaserver/plugins/subid.py:385 +#, python-format +msgid "Deleted subordinate id \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/subid.py:393 +msgid "Modify a subordinate id." +msgstr "" + +#: ipaserver/plugins/subid.py:394 +#, python-format +msgid "Modified subordinate id \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/subid.py:405 +msgid "Search for subordinate id." +msgstr "" + +#: ipaserver/plugins/subid.py:407 +#, python-format +msgid "%(count)d subordinate id matched" +msgid_plural "%(count)d subordinate ids matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/subid.py:440 +msgid "Display information about a subordinate id." +msgstr "" + +#: ipaserver/plugins/subid.py:458 +msgid "Generate and auto-assign subuid and subgid range to user entry" +msgstr "" + +#: ipaserver/plugins/subid.py:493 +msgid "Match users by any subordinate uid in their range" +msgstr "" + +#: ipaserver/plugins/subid.py:500 +msgid "SubUID match" +msgstr "" + +#: ipaserver/plugins/subid.py:501 +msgid "Match value for subordinate user ID" +msgstr "" + +#: ipaserver/plugins/subid.py:542 +msgid "Subordinate id statistics" +msgstr "" + +#: ipaserver/plugins/subid.py:586 +#, python-format +msgid "%(remaining)i remaining subordinate id ranges" +msgstr "" + +#: ipaserver/plugins/sudo.py:7 +msgid "commands for controlling sudo configuration" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:33 +msgid "" +"\n" +"Sudo Commands\n" +"\n" +"Commands used as building blocks for sudo\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a new command\n" +" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" +"\n" +" Remove a command\n" +" ipa sudocmd-del /usr/bin/less\n" +"\n" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:55 +#, python-format +msgid "must not contain trailing dot: %s" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:64 +msgid "sudo command" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:65 +msgid "sudo commands" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:117 +msgid "Sudo Commands" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:154 +#, python-format +msgid "Added Sudo Command \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:160 +#, python-format +msgid "Deleted Sudo Command \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:193 +#, python-format +msgid "Modified Sudo Command \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmd.py:201 +#, python-format +msgid "%(count)d Sudo Command matched" +msgid_plural "%(count)d Sudo Commands matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/sudocmdgroup.py:34 +msgid "" +"\n" +"Groups of Sudo Commands\n" +"\n" +"Manage groups of Sudo Commands.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new Sudo Command Group:\n" +" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" +"\n" +" Remove a Sudo Command Group:\n" +" ipa sudocmdgroup-del admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" +"vim admincmds\n" +"\n" +" Manage Sudo Command Group membership, commands:\n" +" ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n" +"\n" +" Show a Sudo Command Group:\n" +" ipa sudocmdgroup-show admincmds\n" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:67 +msgid "sudo command group" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:68 +msgid "sudo command groups" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:149 +#, python-format +msgid "Added Sudo Command Group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:157 +#, python-format +msgid "Deleted Sudo Command Group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:165 +#, python-format +msgid "Modified Sudo Command Group \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudocmdgroup.py:174 +#, python-format +msgid "%(count)d Sudo Command Group matched" +msgid_plural "%(count)d Sudo Command Groups matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/topology.py:24 +msgid "" +"\n" +"Topology\n" +"\n" +"Management of a replication topology at domain level 1.\n" +msgstr "" + +#: ipaserver/plugins/topology.py:28 +msgid "" +"\n" +"IPA server's data is stored in LDAP server in two suffixes:\n" +"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " +"data\n" +"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" +" contains data for Certificate Server component\n" +msgstr "" + +#: ipaserver/plugins/topology.py:33 +msgid "" +"\n" +"Data stored on IPA servers is replicated to other IPA servers. The way it " +"is\n" +"replicated is defined by replication agreements. Replication agreements " +"needs\n" +"to be set for both suffixes separately. On domain level 0 they are managed\n" +"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " +"1\n" +"they are managed centrally using `ipa topology*` commands.\n" +msgstr "" + +#: ipaserver/plugins/topology.py:39 +msgid "" +"\n" +"Agreements are represented by topology segments. By default topology " +"segment\n" +"represents 2 replication agreements - one for each direction, e.g., A to B " +"and\n" +"B to A. Creation of unidirectional segments is not allowed.\n" +msgstr "" + +#: ipaserver/plugins/topology.py:43 +msgid "" +"\n" +"To verify that no server is disconnected in the topology of the given " +"suffix,\n" +"use:\n" +" ipa topologysuffix-verify $suffix\n" +msgstr "" + +#: ipaserver/plugins/topology.py:47 +msgid "" +"\n" +"\n" +"Examples:\n" +" Find all IPA servers:\n" +" ipa server-find\n" +msgstr "" + +#: ipaserver/plugins/topology.py:52 +msgid "" +"\n" +" Find all suffixes:\n" +" ipa topologysuffix-find\n" +msgstr "" + +#: ipaserver/plugins/topology.py:55 +msgid "" +"\n" +" Add topology segment to 'domain' suffix:\n" +" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" +msgstr "" + +#: ipaserver/plugins/topology.py:58 +msgid "" +"\n" +" Add topology segment to 'ca' suffix:\n" +" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" +msgstr "" + +#: ipaserver/plugins/topology.py:61 +msgid "" +"\n" +" List all topology segments in 'domain' suffix:\n" +" ipa topologysegment-find domain\n" +msgstr "" + +#: ipaserver/plugins/topology.py:64 +msgid "" +"\n" +" List all topology segments in 'ca' suffix:\n" +" ipa topologysegment-find ca\n" +msgstr "" + +#: ipaserver/plugins/topology.py:67 +msgid "" +"\n" +" Delete topology segment in 'domain' suffix:\n" +" ipa topologysegment-del domain segment_name\n" +msgstr "" + +#: ipaserver/plugins/topology.py:70 +msgid "" +"\n" +" Delete topology segment in 'ca' suffix:\n" +" ipa topologysegment-del ca segment_name\n" +msgstr "" + +#: ipaserver/plugins/topology.py:73 +msgid "" +"\n" +" Verify topology of 'domain' suffix:\n" +" ipa topologysuffix-verify domain\n" +msgstr "" + +#: ipaserver/plugins/topology.py:76 +msgid "" +"\n" +" Verify topology of 'ca' suffix:\n" +" ipa topologysuffix-verify ca\n" +msgstr "" + +#: ipaserver/plugins/topology.py:92 +#, python-brace-format +msgid "Topology management requires minimum domain level {0} " +msgstr "" + +#: ipaserver/plugins/topology.py:104 +msgid "segment" +msgstr "" + +#: ipaserver/plugins/topology.py:105 +msgid "segments" +msgstr "" + +#: ipaserver/plugins/topology.py:119 +msgid "Topology Segments" +msgstr "" + +#: ipaserver/plugins/topology.py:120 +msgid "Topology Segment" +msgstr "" + +#: ipaserver/plugins/topology.py:226 +#, python-format +msgid "left node is not a topology node: %(leftnode)s" +msgstr "" + +#: ipaserver/plugins/topology.py:233 +#, python-format +msgid "right node is not a topology node: %(rightnode)s" +msgstr "" + +#: ipaserver/plugins/topology.py:250 +msgid "left node and right node must not be the same" +msgstr "" + +#: ipaserver/plugins/topology.py:261 +#, python-brace-format +msgid "left node ({host}) does not support suffix '{suff}'" +msgstr "" + +#: ipaserver/plugins/topology.py:269 +#, python-brace-format +msgid "right node ({host}) does not support suffix '{suff}'" +msgstr "" + +#: ipaserver/plugins/topology.py:280 +#, python-format +msgid "%(count)d segment matched" +msgid_plural "%(count)d segments matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/topology.py:289 +#, python-format +msgid "Added segment \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:302 +#, python-format +msgid "Deleted segment \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:314 +#, python-format +msgid "Modified segment \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:329 +#, python-format +msgid "%(value)s" +msgstr "" + +#: ipaserver/plugins/topology.py:365 +msgid "left or right node has to be specified" +msgstr "" + +#: ipaserver/plugins/topology.py:370 +msgid "only one node can be specified" +msgstr "" + +#: ipaserver/plugins/topology.py:374 +#, python-format +msgid "Replication refresh for segment: \"%(pkey)s\" requested." +msgstr "" + +#: ipaserver/plugins/topology.py:377 +#, python-format +msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested." +msgstr "" + +#: ipaserver/plugins/topology.py:408 +msgid "suffixes" +msgstr "" + +#: ipaserver/plugins/topology.py:412 +msgid "Topology suffixes" +msgstr "" + +#: ipaserver/plugins/topology.py:413 +msgid "Topology suffix" +msgstr "" + +#: ipaserver/plugins/topology.py:435 +#, python-format +msgid "%(count)d topology suffix matched" +msgid_plural "%(count)d topology suffixes matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/topology.py:446 +#, python-format +msgid "Deleted topology suffix \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:460 +#, python-format +msgid "Added topology suffix \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:474 +#, python-format +msgid "Modified topology suffix \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/topology.py:489 +msgid "" +"\n" +"Verify replication topology for suffix.\n" +"\n" +"Checks done:\n" +" 1. check if a topology is not disconnected. In other words if there are\n" +" replication paths between all servers.\n" +" 2. check if servers don't have more than the recommended number of\n" +" replication agreements\n" +msgstr "" + +#: ipaserver/plugins/virtual.py:57 +msgid "operation not defined" +msgstr "" + +#: ipaserver/plugins/virtual.py:82 +#, python-format +msgid "not allowed to perform operation: %s" +msgstr "" + +#: ipaserver/plugins/virtual.py:84 +msgid "No such virtual command" +msgstr "" + +#: ipaserver/plugins/whoami.py:15 +msgid "" +"\n" +"Return information about currently authenticated identity\n" +"\n" +"Who am I command returns information on how to get\n" +"more details about the identity authenticated for this\n" +"request. The information includes:\n" +"\n" +" * type of object\n" +" * command to retrieve details of the object\n" +" * arguments and options to pass to the command\n" +"\n" +"The information is returned as a dictionary. Examples below use\n" +"'key: value' output for illustrative purposes.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Look up as IPA user:\n" +" kinit admin\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: user\n" +" command: user_show/1\n" +" arguments: admin\n" +" ------------------------------------------\n" +"\n" +" Look up as a user from a trusted domain:\n" +" kinit user@AD.DOMAIN\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: idoverrideuser\n" +" command: idoverrideuser_show/1\n" +" arguments: ('default trust view', 'user@ad.domain')\n" +" ------------------------------------------\n" +"\n" +" Look up as a host:\n" +" kinit -k\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: host\n" +" command: host_show/1\n" +" arguments: ipa.example.com\n" +" ------------------------------------------\n" +"\n" +" Look up as a Kerberos service:\n" +" kinit -k -t /path/to/keytab HTTP/ipa.example.com\n" +" ipa console\n" +" >> api.Command.whoami()\n" +" ------------------------------------------\n" +" object: service\n" +" command: service_show/1\n" +" arguments: HTTP/ipa.example.com\n" +" ------------------------------------------\n" +msgstr "" + +#: ipaserver/plugins/whoami.py:77 +msgid "Describe currently authenticated identity." +msgstr "" + +#: ipaserver/plugins/whoami.py:82 ipaserver/plugins/whoami.py:88 +msgid "Object class name" +msgstr "" + +#: ipaserver/plugins/whoami.py:83 ipaserver/plugins/whoami.py:89 +msgid "Function to get details" +msgstr "" + +#: ipaserver/plugins/whoami.py:84 ipaserver/plugins/whoami.py:91 +msgid "Arguments to details function" +msgstr "" + +#: ipaserver/plugins/whoami.py:111 +msgid "Cannot query Directory Manager with API" +msgstr "" + +#: ipaserver/plugins/server.py:36 +msgid "" +"\n" +"IPA servers\n" +msgstr "" + +#: ipaserver/plugins/server.py:38 +msgid "" +"\n" +"Get information about installed IPA servers.\n" +msgstr "" + +#: ipaserver/plugins/server.py:42 +msgid "" +"\n" +" Find all servers:\n" +" ipa server-find\n" +msgstr "" + +#: ipaserver/plugins/server.py:45 +msgid "" +"\n" +" Show specific server:\n" +" ipa server-show ipa.example.com\n" +msgstr "" + +#: ipaserver/plugins/server.py:61 +msgid "server" +msgstr "" + +#: ipaserver/plugins/server.py:62 +msgid "servers" +msgstr "" + +#: ipaserver/plugins/server.py:70 +msgid "IPA Servers" +msgstr "" + +#: ipaserver/plugins/server.py:133 +msgid "Server location" +msgstr "" + +#: ipaserver/plugins/server.py:140 +msgid "Service weight" +msgstr "" + +#: ipaserver/plugins/server.py:141 +msgid "Weight for server services" +msgstr "" + +#: ipaserver/plugins/server.py:148 +msgid "Service relative weight" +msgstr "" + +#: ipaserver/plugins/server.py:149 +msgid "Relative weight for server services (counts per location)" +msgstr "" + +#: ipaserver/plugins/server.py:154 +msgid "Enabled server roles" +msgstr "" + +#: ipaserver/plugins/server.py:155 +msgid "List of enabled roles" +msgstr "" + +#: ipaserver/plugins/server.py:222 +msgid "Modify information about an IPA server." +msgstr "" + +#: ipaserver/plugins/server.py:224 +#, python-format +msgid "Modified IPA server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/server.py:306 +#, python-format +msgid "%(count)d IPA server matched" +msgid_plural "%(count)d IPA servers matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/server.py:444 +#, python-format +msgid "Deleted IPA server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/server.py:449 +msgid "Ignore topology errors" +msgstr "" + +#: ipaserver/plugins/server.py:450 +msgid "Ignore topology connectivity problems after removal" +msgstr "" + +#: ipaserver/plugins/server.py:455 +msgid "Ignore check for last remaining CA or DNS server" +msgstr "" + +#: ipaserver/plugins/server.py:456 +msgid "Skip a check whether the last CA master or DNS server is removed" +msgstr "" + +#: ipaserver/plugins/server.py:462 +msgid "Force server removal" +msgstr "" + +#: ipaserver/plugins/server.py:463 +msgid "Force server removal even if it does not exist" +msgstr "" + +#: ipaserver/plugins/server.py:500 +msgid "" +"Replica is active DNSSEC key master. Uninstall could break your DNS system. " +"Please disable or replace DNSSEC key master first." +msgstr "" + +#: ipaserver/plugins/server.py:506 +msgid "Deleting this server will leave your installation without a DNS." +msgstr "" + +#: ipaserver/plugins/server.py:520 +msgid "" +"Deleting this server is not allowed as it would leave your installation " +"without a KRA." +msgstr "" + +#: ipaserver/plugins/server.py:530 +msgid "" +"Deleting this server is not allowed as it would leave your installation " +"without a CA." +msgstr "" + +#: ipaserver/plugins/server.py:545 +msgid "Ignoring these warnings and proceeding with removal" +msgstr "" + +#: ipaserver/plugins/server.py:595 +#, python-format +msgid "" +"Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: " +"%(err)s" +msgstr "" + +#: ipaserver/plugins/server.py:616 +#, python-format +msgid "Failed to clean up DNA hostname entries for %(master)s: %(err)s" +msgstr "" + +#: ipaserver/plugins/server.py:637 +#, python-format +msgid "Failed to remove server %(master)s from server list: %(err)s" +msgstr "" + +#: ipaserver/plugins/server.py:663 +#, python-format +msgid "Failed to clean up Custodia keys for %(master)s: %(err)s" +msgstr "" + +#: ipaserver/plugins/server.py:701 +#, python-format +msgid "Failed to cleanup server principals/keys: %(err)s" +msgstr "" + +#: ipaserver/plugins/server.py:717 +#, python-format +msgid "Failed to cleanup %(hostname)s DNS entries: %(err)s" +msgstr "" + +#: ipaserver/plugins/server.py:722 +msgid "You may need to manually remove them from the tree" +msgstr "" + +#: ipaserver/plugins/server.py:737 +#, python-format +msgid "Forcing removal of %(hostname)s" +msgstr "" + +#: ipaserver/plugins/server.py:747 +msgid "Ignoring topology connectivity errors." +msgstr "" + +#: ipaserver/plugins/server.py:766 +#, python-format +msgid "Failed to remove server from security domain: %s" +msgstr "" + +#: ipaserver/plugins/server.py:793 +msgid "Server has already been deleted" +msgstr "" + +#: ipaserver/plugins/server.py:843 +msgid "Agreements deleted" +msgstr "" + +#: ipaserver/plugins/server.py:854 +msgid "Following segments were not deleted:" +msgstr "" + +#: ipaserver/plugins/server.py:927 ipaserver/plugins/trust.py:1866 +#, python-format +msgid "must be \"%s\"" +msgstr "" + +#: ipaserver/plugins/server.py:939 +msgid "not allowed to perform server connection check" +msgstr "" + +#: ipaserver/plugins/server.py:965 +msgid "Set enabled/hidden state of a server." +msgstr "" + +#: ipaserver/plugins/server.py:971 +msgid "State" +msgstr "" + +#: ipaserver/plugins/server.py:972 +msgid "Server state" +msgstr "" + +#: ipaserver/plugins/server.py:977 +#, python-format +msgid "Changed server state of \"%(value)s\"." +msgstr "" + +#: ipaserver/plugins/server.py:986 +msgid "Cannot hide CA renewal master." +msgstr "" + +#: ipaserver/plugins/server.py:988 +msgid "Cannot hide DNSSec key master." +msgstr "" + +#: ipaserver/plugins/server.py:1000 +#, python-format +msgid "Cannot hide last enabled %(name)s server." +msgstr "" + +#: ipaserver/plugins/aci.py:165 +msgid "A list of ACI values" +msgstr "" + +#: ipaserver/plugins/aci.py:229 +msgid "type, filter, subtree and targetgroup are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/aci.py:232 +msgid "ACI prefix is required" +msgstr "" + +#: ipaserver/plugins/aci.py:235 +msgid "" +"at least one of: type, filter, subtree, targetgroup, attrs or memberof are " +"required" +msgstr "" + +#: ipaserver/plugins/aci.py:238 +msgid "filter and memberof are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/aci.py:244 +msgid "group, permission and self are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/aci.py:246 +msgid "One of group, permission or self is required" +msgstr "" + +#: ipaserver/plugins/aci.py:269 +#, python-format +msgid "Group '%s' does not exist" +msgstr "" + +#: ipaserver/plugins/aci.py:295 +msgid "empty filter" +msgstr "" + +#: ipaserver/plugins/aci.py:316 +#, python-format +msgid "Syntax Error: %(error)s" +msgstr "" + +#: ipaserver/plugins/aci.py:361 +#, python-format +msgid "invalid DN (%s)" +msgstr "" + +#: ipaserver/plugins/aci.py:408 +#, python-format +msgid "ACI with name \"%s\" not found" +msgstr "" + +#: ipaserver/plugins/aci.py:437 +msgid "ACI object." +msgstr "" + +#: ipaserver/plugins/aci.py:440 +msgid "ACIs" +msgstr "" + +#: ipaserver/plugins/aci.py:524 +#, python-format +msgid "Created ACI \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/aci.py:577 +#, python-format +msgid "Deleted ACI \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/aci.py:620 +#, python-format +msgid "Modified ACI \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/aci.py:694 +#, python-format +msgid "%(count)d ACI matched" +msgid_plural "%(count)d ACIs matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/aci.py:929 +#, python-format +msgid "Renamed ACI to \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:43 +msgid "" +"\n" +"Auto Membership Rule.\n" +msgstr "" + +#: ipaserver/plugins/automember.py:45 +msgid "" +"\n" +"Bring clarity to the membership of hosts and users by configuring inclusive\n" +"or exclusive regex patterns, you can automatically assign a new entries " +"into\n" +"a group or hostgroup based upon attribute information.\n" +msgstr "" + +#: ipaserver/plugins/automember.py:49 +msgid "" +"\n" +"A rule is directly associated with a group by name, so you cannot create\n" +"a rule without an accompanying group or hostgroup.\n" +msgstr "" + +#: ipaserver/plugins/automember.py:52 +msgid "" +"\n" +"A condition is a regular expression used by 389-ds to match a new incoming\n" +"entry with an automember rule. If it matches an inclusive rule then the\n" +"entry is added to the appropriate group or hostgroup.\n" +msgstr "" + +#: ipaserver/plugins/automember.py:56 +msgid "" +"\n" +"A default group or hostgroup could be specified for entries that do not\n" +"match any rule. In case of user entries this group will be a fallback group\n" +"because all users are by default members of group specified in IPA config.\n" +msgstr "" + +#: ipaserver/plugins/automember.py:60 +msgid "" +"\n" +"The automember-rebuild command can be used to retroactively run automember " +"rules\n" +"against existing entries, thus rebuilding their membership.\n" +msgstr "" + +#: ipaserver/plugins/automember.py:65 +msgid "" +"\n" +" Add the initial group or hostgroup:\n" +" ipa hostgroup-add --desc=\"Web Servers\" webservers\n" +" ipa group-add --desc=\"Developers\" devel\n" +msgstr "" + +#: ipaserver/plugins/automember.py:69 +msgid "" +"\n" +" Add the initial rule:\n" +" ipa automember-add --type=hostgroup webservers\n" +" ipa automember-add --type=group devel\n" +msgstr "" + +#: ipaserver/plugins/automember.py:73 +msgid "" +"\n" +" Add a condition to the rule:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +" ipa automember-add-condition --key=manager --type=group --inclusive-" +"regex=^uid=mscott devel\n" +msgstr "" + +#: ipaserver/plugins/automember.py:77 +msgid "" +"\n" +" Add an exclusive condition to the rule to prevent auto assignment:\n" +" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" +"regex=^web5\\.example\\.com webservers\n" +msgstr "" + +#: ipaserver/plugins/automember.py:80 +msgid "" +"\n" +" Add a host:\n" +" ipa host-add web1.example.com\n" +msgstr "" + +#: ipaserver/plugins/automember.py:83 +msgid "" +"\n" +" Add a user:\n" +" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" +msgstr "" + +#: ipaserver/plugins/automember.py:86 +msgid "" +"\n" +" Verify automembership:\n" +" ipa hostgroup-show webservers\n" +" Host-group: webservers\n" +" Description: Web Servers\n" +" Member hosts: web1.example.com\n" +"\n" +" ipa group-show devel\n" +" Group name: devel\n" +" Description: Developers\n" +" GID: 1004200000\n" +" Member users: tuser\n" +msgstr "" + +#: ipaserver/plugins/automember.py:98 +msgid "" +"\n" +" Remove a condition from the rule:\n" +" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" +"regex=^web[1-9]+\\.example\\.com webservers\n" +msgstr "" + +#: ipaserver/plugins/automember.py:101 +msgid "" +"\n" +" Modify the automember rule:\n" +" ipa automember-mod\n" +msgstr "" + +#: ipaserver/plugins/automember.py:104 +msgid "" +"\n" +" Set the default (fallback) target group:\n" +" ipa automember-default-group-set --default-group=webservers --" +"type=hostgroup\n" +" ipa automember-default-group-set --default-group=ipausers --type=group\n" +msgstr "" + +#: ipaserver/plugins/automember.py:108 +msgid "" +"\n" +" Remove the default (fallback) target group:\n" +" ipa automember-default-group-remove --type=hostgroup\n" +" ipa automember-default-group-remove --type=group\n" +msgstr "" + +#: ipaserver/plugins/automember.py:112 +msgid "" +"\n" +" Show the default (fallback) target group:\n" +" ipa automember-default-group-show --type=hostgroup\n" +" ipa automember-default-group-show --type=group\n" +msgstr "" + +#: ipaserver/plugins/automember.py:116 +msgid "" +"\n" +" Find all of the automember rules:\n" +" ipa automember-find\n" +msgstr "" + +#: ipaserver/plugins/automember.py:119 +msgid "" +"\n" +" Find all of the orphan automember rules:\n" +" ipa automember-find-orphans --type=hostgroup\n" +" Find all of the orphan automember rules and remove them:\n" +" ipa automember-find-orphans --type=hostgroup --remove\n" +msgstr "" + +#: ipaserver/plugins/automember.py:124 +msgid "" +"\n" +" Display a automember rule:\n" +" ipa automember-show --type=hostgroup webservers\n" +" ipa automember-show --type=group devel\n" +msgstr "" + +#: ipaserver/plugins/automember.py:128 +msgid "" +"\n" +" Delete an automember rule:\n" +" ipa automember-del --type=hostgroup webservers\n" +" ipa automember-del --type=group devel\n" +msgstr "" + +#: ipaserver/plugins/automember.py:132 +msgid "" +"\n" +" Rebuild membership for all users:\n" +" ipa automember-rebuild --type=group\n" +msgstr "" + +#: ipaserver/plugins/automember.py:135 +msgid "" +"\n" +" Rebuild membership for all hosts:\n" +" ipa automember-rebuild --type=hostgroup\n" +msgstr "" + +#: ipaserver/plugins/automember.py:138 +msgid "" +"\n" +" Rebuild membership for specified users:\n" +" ipa automember-rebuild --users=tuser1 --users=tuser2\n" +msgstr "" + +#: ipaserver/plugins/automember.py:141 +msgid "" +"\n" +" Rebuild membership for specified hosts:\n" +" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." +"com\n" +msgstr "" + +#: ipaserver/plugins/automember.py:244 +msgid "Auto Membership Rule" +msgstr "" + +#: ipaserver/plugins/automember.py:275 +#, python-format +msgid "%(otype)s \"%(oname)s\" not found" +msgstr "" + +#: ipaserver/plugins/automember.py:301 +#, python-format +msgid "%s is not a valid attribute." +msgstr "" + +#: ipaserver/plugins/automember.py:314 +msgid "" +"\n" +" Add an automember rule.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:318 +#, python-format +msgid "Added automember rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:325 +msgid "Auto Membership is not configured" +msgstr "" + +#: ipaserver/plugins/automember.py:337 +msgid "" +"\n" +" Add conditions to an automember rule.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:348 +#, python-format +msgid "Added condition(s) to \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:371 ipaserver/plugins/automember.py:455 +#, python-format +msgid "Auto member rule: %s not found!" +msgstr "" + +#: ipaserver/plugins/automember.py:413 +msgid "" +"\n" +" Override this so we can add completed and failed to the return " +"result.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:428 +msgid "" +"\n" +" Remove conditions from an automember rule.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:432 +#, python-format +msgid "Removed condition(s) from \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:496 +msgid "" +"\n" +" Override this so we can set completed and failed.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:511 +msgid "" +"\n" +" Modify an automember rule.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:515 +#, python-format +msgid "Modified automember rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:525 +msgid "" +"\n" +" Delete an automember rule.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:529 +#, python-format +msgid "Deleted automember rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:534 +msgid "" +"\n" +" Search for automember rules.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:540 ipaserver/plugins/automember.py:840 +#, python-format +msgid "%(count)d rules matched" +msgid_plural "%(count)d rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/automember.py:552 +msgid "" +"\n" +" Display information about an automember rule.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:576 +msgid "" +"\n" +" Set default (fallback) group for all unmatched entries.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:590 +#, python-format +msgid "Set default (fallback) group for automember \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:607 +msgid "" +"\n" +" Remove default (fallback) group for all unmatched entries.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:614 +#, python-format +msgid "Removed default (fallback) group for automember \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/automember.py:625 ipaserver/plugins/automember.py:633 +#: ipaserver/plugins/automember.py:661 +msgid "No default (fallback) group set" +msgstr "" + +#: ipaserver/plugins/automember.py:644 +msgid "" +"\n" +" Display information about the default (fallback) automember groups.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:675 +msgid "Task DN" +msgstr "" + +#: ipaserver/plugins/automember.py:676 +msgid "DN of the started task" +msgstr "" + +#: ipaserver/plugins/automember.py:727 +msgid "at least one of options: type, users, hosts must be specified" +msgstr "" + +#: ipaserver/plugins/automember.py:733 +msgid "users and hosts cannot both be set" +msgstr "" + +#: ipaserver/plugins/automember.py:737 +msgid "hosts cannot be set when type is 'group'" +msgstr "" + +#: ipaserver/plugins/automember.py:741 +msgid "users cannot be set when type is 'hostgroup'" +msgstr "" + +#: ipaserver/plugins/automember.py:795 +msgid "Automember rebuild membership task started" +msgstr "" + +#: ipaserver/plugins/automember.py:799 ipaserver/plugins/internal.py:164 +msgid "Automember rebuild membership task completed" +msgstr "" + +#: ipaserver/plugins/automember.py:815 +#, python-format +msgid "Task DN = '%s'" +msgstr "" + +#: ipaserver/plugins/automember.py:818 ipaserver/plugins/internal.py:1953 +msgid "Automember" +msgstr "" + +#: ipaserver/plugins/automember.py:828 +msgid "" +"\n" +" Search for orphan automember rules. The command might need to be run as\n" +" a privileged user user to get all orphan rules.\n" +" " +msgstr "" + +#: ipaserver/plugins/automember.py:835 +msgid "Remove orphan automember rules" +msgstr "" + +#: ipaserver/plugins/baseldap.py:101 +msgid "Member service groups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:110 +msgid "Member HBAC service groups" +msgstr "" + +#: ipaserver/plugins/baseldap.py:127 +msgid "Member ID user overrides" +msgstr "" + +#: ipaserver/plugins/baseldap.py:129 +msgid "Indirect Member ID user overrides" +msgstr "" + +#: ipaserver/plugins/baseldap.py:146 +msgid "Indirect Member permissions" +msgstr "" + +#: ipaserver/plugins/baseldap.py:149 +msgid "Indirect Member HBAC service" +msgstr "" + +#: ipaserver/plugins/baseldap.py:152 +msgid "Indirect Member HBAC service group" +msgstr "" + +#: ipaserver/plugins/baseldap.py:213 +msgid "Invalid format. Should be name=value" +msgstr "" + +#: ipaserver/plugins/baseldap.py:584 +msgid "An IPA master host cannot be deleted or disabled" +msgstr "" + +#: ipaserver/plugins/baseldap.py:615 +msgid "entry" +msgstr "" + +#: ipaserver/plugins/baseldap.py:616 +msgid "entries" +msgstr "" + +#: ipaserver/plugins/baseldap.py:654 ipaserver/plugins/baseldap.py:655 +msgid "Entry" +msgstr "" + +#: ipaserver/plugins/baseldap.py:658 +#, python-format +msgid "container entry (%(container)s) not found" +msgstr "" + +#: ipaserver/plugins/baseldap.py:659 +#, python-format +msgid "%(parent)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/baseldap.py:660 ipaserver/plugins/schema.py:257 +#: ipaserver/plugins/schema.py:333 ipaserver/plugins/schema.py:424 +#: ipaserver/plugins/schema.py:661 ipaserver/plugins/schema.py:754 +#, python-format +msgid "%(pkey)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/baseldap.py:661 +#, python-format +msgid "%(oname)s with name \"%(pkey)s\" already exists" +msgstr "" + +#: ipaserver/plugins/baseldap.py:954 ipaserver/plugins/baseldap.py:962 +#, python-format +msgid "attribute \"%(attribute)s\" not allowed" +msgstr "" + +#: ipaserver/plugins/baseldap.py:967 +#, python-format +msgid "these attributes are not allowed: %(attrs)s" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1025 +msgid "attribute is not configurable" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1128 +msgid "No such attribute on this entry" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1488 +#, python-format +msgid "Rename the %(ldap_obj_name)s object" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1586 ipaserver/plugins/baseldap.py:2494 +msgid "the entry was deleted while being modified" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1719 ipaserver/plugins/baseldap.py:2221 +#, python-format +msgid "%s" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1762 ipaserver/plugins/baseldap.py:2245 +#, python-format +msgid "%s to add" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1861 ipaserver/plugins/baseldap.py:2344 +#, python-format +msgid "%s to remove" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1961 ipaserver/plugins/schema.py:122 +#, python-format +msgid "Results should contain primary key attribute only (\"%s\")" +msgstr "" + +#: ipaserver/plugins/baseldap.py:1969 +#, python-format +msgid "" +"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s." +msgstr "" + +#: ipaserver/plugins/baseldap.py:1970 +#, python-format +msgid "" +"Search for %(searched_object)s without these %(relationship)s " +"%(ldap_object)s." +msgstr "" + +#: ipaserver/plugins/baseldap.py:2525 +#, python-format +msgid "added attribute value to entry %(value)s" +msgstr "" + +#: ipaserver/plugins/baseldap.py:2539 +#, python-format +msgid "removed attribute values from entry %(value)s" +msgstr "" + +#: ipaserver/plugins/baseldap.py:2548 +msgid "one or more values to remove" +msgstr "" + +#: ipaserver/plugins/batch.py:35 +msgid "" +"\n" +"Plugin to make multiple ipa calls via one remote procedure call\n" +"\n" +"To run this code in the lite-server\n" +"\n" +"curl -H \"Content-Type:application/json\" -H \"Accept:application/" +"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" +"etc/ipa/ca.crt -d @batch_request.json -X POST http://" +"localhost:8888/ipa/json\n" +"\n" +"where the contents of the file batch_request.json follow the below example\n" +"\n" +"{\"method\":\"batch\",\"params\":[[\n" +" {\"method\":\"group_find\",\"params\":[[],{}]},\n" +" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\"," +"\"all\":\"true\"}]},\n" +" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" +" ],{}],\"id\":1}\n" +"\n" +"The format of the response is nested the same way. At the top you will see\n" +" \"error\": null,\n" +" \"id\": 1,\n" +" \"result\": {\n" +" \"count\": 3,\n" +" \"results\": [\n" +"\n" +"\n" +"And then a nested response for each IPA command method sent in the request\n" +"\n" +msgstr "" + +#: ipaserver/plugins/batch.py:71 +msgid "Make multiple ipa calls via one remote procedure call" +msgstr "" + +#: ipaserver/plugins/batch.py:122 +msgid "must contain a tuple (list, dict)" +msgstr "" + +#: ipaserver/plugins/dogtag.py:1251 +msgid "REST API is not logged in." +msgstr "" + +#: ipaserver/plugins/dogtag.py:1273 +#, python-format +msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s" +msgstr "" + +#: ipaserver/plugins/dogtag.py:1299 +msgid "Unable to communicate with CMS" +msgstr "" + +#: ipaserver/plugins/dogtag.py:1490 ipaserver/plugins/dogtag.py:1576 +#: ipaserver/plugins/dogtag.py:2083 ipaserver/plugins/dogtag.py:2093 +msgid "Response from CA was not valid JSON" +msgstr "" + +#: ipaserver/plugins/hbactest.py:39 ipaserver/plugins/cert.py:64 +msgid "pyhbac is not installed." +msgstr "" + +#: ipaserver/plugins/hbactest.py:45 +msgid "" +"\n" +"Simulate use of Host-based access controls\n" +"\n" +"HBAC rules control who can access what services on what hosts.\n" +"You can use HBAC to control which users or groups can access a service,\n" +"or group of services, on a target host.\n" +"\n" +"Since applying HBAC rules implies use of a production environment,\n" +"this plugin aims to provide simulation of HBAC rules evaluation without\n" +"having access to the production environment.\n" +"\n" +" Test user coming to a service on a named host against\n" +" existing enabled rules.\n" +"\n" +" ipa hbactest --user= --host= --service=\n" +" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" +" [--sizelimit= ]\n" +"\n" +" --user, --host, and --service are mandatory, others are optional.\n" +"\n" +" If --rules is specified simulate enabling of the specified rules and test\n" +" the login of the user using only these rules.\n" +"\n" +" If --enabled is specified, all enabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --disabled is specified, all disabled HBAC rules will be added to " +"simulation\n" +"\n" +" If --nodetail is specified, do not return information about rules matched/" +"not matched.\n" +"\n" +" If both --rules and --enabled are specified, apply simulation to --rules " +"_and_\n" +" all IPA enabled rules.\n" +"\n" +" If no --rules specified, simulation is run against all IPA enabled rules.\n" +" By default there is a IPA-wide limit to number of entries fetched, you can " +"change it\n" +" with --sizelimit option.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Use all enabled HBAC rules in IPA database to simulate:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 2. Disable detailed summary of how rules were applied:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +"\n" +" 3. Test explicitly specified HBAC rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --rules=myrule --rules=my-second-rule\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: myrule\n" +"\n" +" 4. Use all enabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --rules=myrule --rules=my-second-rule --enabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Matched rules: allow_all\n" +"\n" +" 5. Test all disabled HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: new-rule\n" +"\n" +" 6. Test all disabled HBAC rules in IPA database + explicitly specified " +"rules:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --rules=myrule --rules=my-second-rule --disabled\n" +" ---------------------\n" +" Access granted: False\n" +" ---------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +"\n" +" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" +" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" +" --enabled --disabled\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Not matched rules: my-second-rule\n" +" Not matched rules: my-third-rule\n" +" Not matched rules: myrule\n" +" Not matched rules: new-rule\n" +" Matched rules: allow_all\n" +"\n" +"\n" +"HBACTEST AND TRUSTED DOMAINS\n" +"\n" +"When an external trusted domain is configured in IPA, HBAC rules are also " +"applied\n" +"on users accessing IPA resources from the trusted domain. Trusted domain " +"users and\n" +"groups (and their SIDs) can be then assigned to external groups which can " +"be\n" +"members of POSIX groups in IPA which can be used in HBAC rules and thus " +"allowing\n" +"access to resources protected by the HBAC system.\n" +"\n" +"hbactest plugin is capable of testing access for both local IPA users and " +"users\n" +"from the trusted domains, either by a fully qualified user name or by user " +"SID.\n" +"Such user names need to have a trusted domain specified as a short name\n" +"(DOMAIN\\Administrator) or with a user principal name (UPN), " +"Administrator@ad.test.\n" +"\n" +"Please note that hbactest executed with a trusted domain user as --user " +"parameter\n" +"can be only run by members of \"trust admins\" group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" 1. Test if a user from a trusted domain specified by its shortname " +"matches any\n" +" rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 2. Test if a user from a trusted domain specified by its domain name " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" +"service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 3. Test if a user from a trusted domain specified by its SID matches any " +"rule:\n" +"\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Matched rules: can_login\n" +"\n" +" 4. Test if other user from a trusted domain specified by its SID matches " +"any rule:\n" +"\n" +" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\" +"\\\n" +" --host `hostname` --service sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +"\n" +" 5. Test if other user from a trusted domain specified by its shortname " +"matches\n" +" any rule:\n" +"\n" +" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " +"sshd\n" +" --------------------\n" +" Access granted: True\n" +" --------------------\n" +" Matched rules: allow_all\n" +" Not matched rules: can_login\n" +msgstr "" + +#: ipaserver/plugins/hbactest.py:384 +msgid "Unresolved rules in --rules" +msgstr "" + +#: ipaserver/plugins/hbactest.py:408 ipaserver/plugins/trust.py:345 +msgid "" +"Cannot search in trusted domains without own domain configured. Make sure " +"you have run ipa-adtrust-install on the IPA server first" +msgstr "" + +#: ipaserver/plugins/hbactest.py:497 +#, python-format +msgid "Access granted: %s" +msgstr "" + +#: ipaserver/plugins/permission.py:40 +msgid "" +"\n" +"Permissions\n" +msgstr "" + +#: ipaserver/plugins/permission.py:42 +msgid "" +"\n" +"A permission enables fine-grained delegation of rights. A permission is\n" +"a human-readable wrapper around a 389-ds Access Control Rule,\n" +"or instruction (ACI).\n" +"A permission grants the right to perform a specific task such as adding a\n" +"user, modifying a group, etc.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:48 +msgid "" +"\n" +"A permission may not contain other permissions.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:50 +msgid "" +"\n" +"* A permission grants access to read, write, add, delete, read, search,\n" +" or compare.\n" +"* A privilege combines similar permissions (for example all the permissions\n" +" needed to add a user).\n" +"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:56 +msgid "" +"\n" +"A permission is made up of a number of different parts:\n" +"\n" +"1. The name of the permission.\n" +"2. The target of the permission.\n" +"3. The rights granted by the permission.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:62 +msgid "" +"\n" +"Rights define what operations are allowed, and may be one or more\n" +"of the following:\n" +"1. write - write one or more attributes\n" +"2. read - read one or more attributes\n" +"3. search - search on one or more attributes\n" +"4. compare - compare one or more attributes\n" +"5. add - add a new entry to the tree\n" +"6. delete - delete an existing entry\n" +"7. all - all permissions are granted\n" +msgstr "" + +#: ipaserver/plugins/permission.py:72 +msgid "" +"\n" +"Note the distinction between attributes and entries. The permissions are\n" +"independent, so being able to add a user does not mean that the user will\n" +"be editable.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:76 +msgid "" +"\n" +"There are a number of allowed targets:\n" +"1. subtree: a DN; the permission applies to the subtree under this DN\n" +"2. target filter: an LDAP filter\n" +"3. target: DN with possible wildcards, specifies entries permission applies " +"to\n" +msgstr "" + +#: ipaserver/plugins/permission.py:81 +msgid "" +"\n" +"Additionally, there are the following convenience options.\n" +"Setting one of these options will set the corresponding attribute(s).\n" +"1. type: a type of object (user, group, etc); sets subtree and target " +"filter.\n" +"2. memberof: apply to members of a group; sets target filter\n" +"3. targetgroup: grant access to modify a specific group (such as granting\n" +" the rights to manage group membership); sets target.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:88 +msgid "" +"\n" +"Managed permissions\n" +msgstr "" + +#: ipaserver/plugins/permission.py:90 +msgid "" +"\n" +"Permissions that come with IPA by default can be so-called \"managed\"\n" +"permissions. These have a default set of attributes they apply to,\n" +"but the administrator can add/remove individual attributes to/from the set.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:94 +msgid "" +"\n" +"Deleting or renaming a managed permission, as well as changing its target,\n" +"is not allowed.\n" +msgstr "" + +#: ipaserver/plugins/permission.py:99 +msgid "" +"\n" +" Add a permission that grants the creation of users:\n" +" ipa permission-add --type=user --permissions=add \"Add Users\"\n" +msgstr "" + +#: ipaserver/plugins/permission.py:102 +msgid "" +"\n" +" Add a permission that grants the ability to manage group membership:\n" +" ipa permission-add --attrs=member --permissions=write --type=group " +"\"Manage Group Members\"\n" +msgstr "" + +#: ipaserver/plugins/permission.py:129 +msgid "must be enclosed in parentheses" +msgstr "" + +#: ipaserver/plugins/permission.py:149 +#, python-format +msgid "\"%s\" is not an object type" +msgstr "" + +#: ipaserver/plugins/permission.py:151 ipaserver/plugins/permission.py:897 +#, python-format +msgid "\"%s\" is not a valid permission type" +msgstr "" + +#: ipaserver/plugins/permission.py:353 +#, python-format +msgid "Deprecated; use %s" +msgstr "" + +#: ipaserver/plugins/permission.py:370 +#, python-format +msgid "Permission with unknown flag %s may not be modified or removed" +msgstr "" + +#: ipaserver/plugins/permission.py:374 +msgid "A SYSTEM permission may not be modified or removed" +msgstr "" + +#: ipaserver/plugins/permission.py:624 +#, python-format +msgid "Entry %s not found" +msgstr "" + +#: ipaserver/plugins/permission.py:716 +#, python-format +msgid "The ACI for permission %(name)s was not found in %(dn)s " +msgstr "" + +#: ipaserver/plugins/permission.py:820 +msgid "" +"cannot specify full target filter and extra target filter simultaneously" +msgstr "" + +#: ipaserver/plugins/permission.py:843 +#, python-format +msgid "option was renamed; use %s" +msgstr "" + +#: ipaserver/plugins/permission.py:847 +#, python-format +msgid "Cannot use %(old_name)s with %(new_name)s" +msgstr "" + +#: ipaserver/plugins/permission.py:861 ipaserver/plugins/permission.py:876 +#, python-format +msgid "%s: group not found" +msgstr "" + +#: ipaserver/plugins/permission.py:871 +msgid "target and targetgroup are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:892 +msgid "subtree and type are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:930 +msgid "Bad search filter" +msgstr "" + +#: ipaserver/plugins/permission.py:940 +#, python-format +msgid "Entry %s does not exist" +msgstr "" + +#: ipaserver/plugins/permission.py:949 +msgid "" +"there must be at least one target entry specifier (e.g. target, " +"targetfilter, attrs)" +msgstr "" + +#: ipaserver/plugins/permission.py:961 ipaserver/plugins/permission.py:989 +#, python-format +msgid "Added permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/permission.py:1014 +msgid "attrs and included attributes are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:1046 +#, python-format +msgid "Cannot store permission ACI to %s" +msgstr "" + +#: ipaserver/plugins/permission.py:1057 +#, python-format +msgid "Deleted permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/permission.py:1077 +msgid "cannot delete managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1083 +#, python-format +msgid "ACI of permission %s was not found" +msgstr "" + +#: ipaserver/plugins/permission.py:1092 +#, python-format +msgid "Modified permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/permission.py:1125 +msgid "cannot rename managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1132 ipaserver/plugins/permission.py:1136 +msgid "not modifiable on managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1143 +msgid "only available on managed permissions" +msgstr "" + +#: ipaserver/plugins/permission.py:1150 ipaserver/plugins/permission.py:1276 +msgid "attrs and included/excluded attributes are mutually exclusive" +msgstr "" + +#: ipaserver/plugins/permission.py:1161 +msgid "cannot set bindtype for a permission that is assigned to a privilege" +msgstr "" + +#: ipaserver/plugins/permission.py:1265 +#, python-format +msgid "%(count)d permission matched" +msgid_plural "%(count)d permissions matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/privilege.py:76 +#, python-format +msgid "" +"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a " +"privilege" +msgstr "" + +#: ipaserver/plugins/privilege.py:149 +msgid "Privilege" +msgstr "" + +#: ipaserver/plugins/privilege.py:169 +#, python-format +msgid "Added privilege \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/privilege.py:176 +#, python-format +msgid "Deleted privilege \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/privilege.py:183 +#, python-format +msgid "Modified privilege \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/privilege.py:191 +#, python-format +msgid "%(count)d privilege matched" +msgid_plural "%(count)d privileges matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/schema.py:24 +msgid "" +"\n" +"API Schema\n" +msgstr "" + +#: ipaserver/plugins/schema.py:26 +msgid "" +"\n" +"Provides API introspection capabilities.\n" +msgstr "" + +#: ipaserver/plugins/schema.py:30 +msgid "" +"\n" +" Show user-find details:\n" +" ipa command-show user-find\n" +msgstr "" + +#: ipaserver/plugins/schema.py:33 +msgid "" +"\n" +" Find user-find parameters:\n" +" ipa param-find user-find\n" +msgstr "" + +#: ipaserver/plugins/schema.py:48 ipaserver/plugins/trust.py:1419 +#: ipaserver/plugins/ca.py:86 +msgid "Name" +msgstr "" + +#: ipaserver/plugins/schema.py:54 +msgid "Documentation" +msgstr "" + +#: ipaserver/plugins/schema.py:59 +msgid "Exclude from" +msgstr "" + +#: ipaserver/plugins/schema.py:64 +msgid "Include in" +msgstr "" + +#: ipaserver/plugins/schema.py:135 +msgid "Help topic" +msgstr "" + +#: ipaserver/plugins/schema.py:147 ipaserver/plugins/internal.py:731 +msgid "Version" +msgstr "" + +#: ipaserver/plugins/schema.py:172 +msgid "Parameters" +msgstr "" + +#: ipaserver/plugins/schema.py:207 +msgid "Method of" +msgstr "" + +#: ipaserver/plugins/schema.py:212 +msgid "Method name" +msgstr "" + +#: ipaserver/plugins/schema.py:270 +msgid "Display information about a command." +msgstr "" + +#: ipaserver/plugins/schema.py:275 +msgid "Search for commands." +msgstr "" + +#: ipaserver/plugins/schema.py:280 +msgid "Return command defaults" +msgstr "" + +#: ipaserver/plugins/schema.py:291 +#, python-brace-format +msgid "{oname}: {command_name} not found" +msgstr "" + +#: ipaserver/plugins/schema.py:344 +msgid "Display information about a class." +msgstr "" + +#: ipaserver/plugins/schema.py:349 +msgid "Search for classes." +msgstr "" + +#: ipaserver/plugins/schema.py:436 +msgid "Display information about a help topic." +msgstr "" + +#: ipaserver/plugins/schema.py:441 +msgid "Search for help topics." +msgstr "" + +#: ipaserver/plugins/schema.py:453 +msgid "Required" +msgstr "" + +#: ipaserver/plugins/schema.py:458 +msgid "Multi-value" +msgstr "" + +#: ipaserver/plugins/schema.py:508 +msgid "Always ask" +msgstr "" + +#: ipaserver/plugins/schema.py:513 +msgid "CLI metavar" +msgstr "" + +#: ipaserver/plugins/schema.py:518 +msgid "CLI name" +msgstr "" + +#: ipaserver/plugins/schema.py:523 +msgid "Confirm (password)" +msgstr "" + +#: ipaserver/plugins/schema.py:528 +msgid "Default" +msgstr "" + +#: ipaserver/plugins/schema.py:533 +msgid "Default from" +msgstr "" + +#: ipaserver/plugins/schema.py:538 +msgid "Label" +msgstr "" + +#: ipaserver/plugins/schema.py:543 +msgid "Convert on server" +msgstr "" + +#: ipaserver/plugins/schema.py:548 +msgid "Option group" +msgstr "" + +#: ipaserver/plugins/schema.py:553 +msgid "Sensitive" +msgstr "" + +#: ipaserver/plugins/schema.py:558 +msgid "Positional argument" +msgstr "" + +#: ipaserver/plugins/schema.py:643 +#, python-format +msgid "%(metaobject)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/schema.py:682 +msgid "Display information about a command parameter." +msgstr "" + +#: ipaserver/plugins/schema.py:687 +msgid "Search command parameters." +msgstr "" + +#: ipaserver/plugins/schema.py:744 +#, python-format +msgid "%(command_name)s: %(oname)s not found" +msgstr "" + +#: ipaserver/plugins/schema.py:769 +msgid "Display information about a command output." +msgstr "" + +#: ipaserver/plugins/schema.py:774 +msgid "Search for command outputs." +msgstr "" + +#: ipaserver/plugins/schema.py:779 +msgid "Store and provide schema for commands and topics" +msgstr "" + +#: ipaserver/plugins/schema.py:785 +msgid "Fingerprint of schema cached by client" +msgstr "" + +#: ipaserver/plugins/trust.py:83 +msgid "" +"\n" +"Cross-realm trusts\n" +"\n" +"Manage trust relationship between IPA and Active Directory domains.\n" +"\n" +"In order to allow users from a remote domain to access resources in IPA " +"domain,\n" +"trust relationship needs to be established. Currently IPA supports only " +"trusts\n" +"between IPA and Active Directory domains under control of Windows Server " +"2008\n" +"or later, with functional level 2008 or later.\n" +"\n" +"Please note that DNS on both IPA and Active Directory domain sides should " +"be\n" +"configured properly to discover each other. Trust relationship relies on\n" +"ability to discover special resources in the other domain via DNS records.\n" +"\n" +"Examples:\n" +"\n" +"1. Establish cross-realm trust with Active Directory using AD administrator\n" +" credentials:\n" +"\n" +" ipa trust-add --type=ad --admin --password\n" +"\n" +"2. List all existing trust relationships:\n" +"\n" +" ipa trust-find\n" +"\n" +"3. Show details of the specific trust relationship:\n" +"\n" +" ipa trust-show \n" +"\n" +"4. Delete existing trust relationship:\n" +"\n" +" ipa trust-del \n" +"\n" +"Once trust relationship is established, remote users will need to be mapped\n" +"to local POSIX groups in order to actually use IPA resources. The mapping\n" +"should be done via use of external membership of non-POSIX group and then\n" +"this group should be included into one of local POSIX groups.\n" +"\n" +"Example:\n" +"\n" +"1. Create group for the trusted domain admins' mapping and their local " +"POSIX\n" +"group:\n" +"\n" +" ipa group-add --desc=' admins external map' " +"ad_admins_external --external\n" +" ipa group-add --desc=' admins' ad_admins\n" +"\n" +"2. Add security identifier of Domain Admins of the to the\n" +" ad_admins_external group:\n" +"\n" +" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" +"\n" +"3. Allow members of ad_admins_external group to be associated with\n" +" ad_admins POSIX group:\n" +"\n" +" ipa group-add-member ad_admins --groups ad_admins_external\n" +"\n" +"4. List members of external members of ad_admins_external group to see\n" +" their SIDs:\n" +"\n" +" ipa group-show ad_admins_external\n" +"\n" +"\n" +"GLOBAL TRUST CONFIGURATION\n" +"\n" +"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n" +"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" +"identifiers are then used when communicating with a trusted domain of the\n" +"particular type.\n" +"\n" +"1. Show global trust configuration for Active Directory type of trusts:\n" +"\n" +" ipa trustconfig-show --type ad\n" +"\n" +"2. Modify global configuration for all trusts of Active Directory type and " +"set\n" +" a different fallback primary group (fallback primary group GID is used as " +"a\n" +" primary user GID if user authenticating to IPA domain does not have any\n" +" other primary GID already set):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"another AD " +"group\"\n" +"\n" +"3. Change primary fallback group back to default hidden group (any group " +"with\n" +" posixGroup object class is allowed):\n" +"\n" +" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB " +"Group\"\n" +msgstr "" + +#: ipaserver/plugins/trust.py:226 +#, python-format +msgid "" +" Alternatively, following servers are capable of running this command: " +"%(masters)s" +msgstr "" + +#: ipaserver/plugins/trust.py:239 ipaserver/plugins/trust.py:872 +#: ipaserver/plugins/trust.py:888 ipaserver/plugins/trust.py:909 +#: ipaserver/plugins/trust.py:919 ipaserver/plugins/trust.py:1072 +#: ipaserver/plugins/trust.py:1107 +msgid "AD Trust setup" +msgstr "" + +#: ipaserver/plugins/trust.py:250 +msgid "" +"Cannot perform the selected command without Samba 4 support installed. Make " +"sure you have installed server-trust-ad sub-package of IPA." +msgstr "" + +#: ipaserver/plugins/trust.py:260 +msgid "" +"Cannot perform the selected command without Samba 4 instance configured on " +"this machine. Make sure you have run ipa-adtrust-install on this server." +msgstr "" + +#: ipaserver/plugins/trust.py:474 +msgid "" +"Fetching domains from trusted forest failed. See details in the error_log" +msgstr "" + +#: ipaserver/plugins/trust.py:487 +msgid "trust" +msgstr "" + +#: ipaserver/plugins/trust.py:488 +msgid "trusts" +msgstr "" + +#: ipaserver/plugins/trust.py:530 ipaserver/plugins/internal.py:1966 +msgid "Trusts" +msgstr "" + +#: ipaserver/plugins/trust.py:531 +msgid "Trust" +msgstr "" + +#: ipaserver/plugins/trust.py:549 +msgid "SID blocklist incoming" +msgstr "" + +#: ipaserver/plugins/trust.py:553 +msgid "SID blocklist outgoing" +msgstr "" + +#: ipaserver/plugins/trust.py:556 ipaserver/plugins/internal.py:1553 +msgid "Trust direction" +msgstr "" + +#: ipaserver/plugins/trust.py:560 ipaserver/plugins/internal.py:1555 +msgid "Trust type" +msgstr "" + +#: ipaserver/plugins/trust.py:564 ipaserver/plugins/internal.py:1554 +msgid "Trust status" +msgstr "" + +#: ipaserver/plugins/trust.py:569 +msgid "UPN suffixes" +msgstr "" + +#: ipaserver/plugins/trust.py:586 +#, python-brace-format +msgid "invalid SID: {SID}" +msgstr "" + +#: ipaserver/plugins/trust.py:655 +msgid "" +"\n" +"Add new trust to use.\n" +"\n" +"This command establishes trust relationship to another domain\n" +"which becomes 'trusted'. As result, users of the trusted domain\n" +"may access resources of this domain.\n" +"\n" +"Only trusts to Active Directory domains are supported right now.\n" +"\n" +"The command can be safely run multiple times against the same domain,\n" +"this will cause change to trust relationship credentials on both\n" +"sides.\n" +"\n" +"Note that if the command was previously run with a specific range type,\n" +"or with automatic detection of the range type, and you want to configure a\n" +"different range type, you may need to delete first the ID range using\n" +"ipa idrange-del before retrying the command with the desired range type.\n" +" " +msgstr "" + +#: ipaserver/plugins/trust.py:713 +msgid "Type of trusted domain ID range, one of allowed values" +msgstr "" + +#: ipaserver/plugins/trust.py:725 +msgid "External trust" +msgstr "" + +#: ipaserver/plugins/trust.py:727 +msgid "" +"Establish external trust to a domain in another forest. The trust is not " +"transitive beyond the domain." +msgstr "" + +#: ipaserver/plugins/trust.py:733 +#, python-format +msgid "Added Active Directory trust for realm \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:734 +#, python-format +msgid "Re-established trust to domain \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:830 +msgid "missing base_id" +msgstr "" + +#: ipaserver/plugins/trust.py:832 +msgid "pysss_murmur is not available on the server and no base-id is given." +msgstr "" + +#: ipaserver/plugins/trust.py:842 +msgid "trust type" +msgstr "" + +#: ipaserver/plugins/trust.py:843 +msgid "only \"ad\" is supported" +msgstr "" + +#: ipaserver/plugins/trust.py:849 ipaserver/plugins/certmap.py:141 +#: ipaserver/plugins/certmap.py:148 ipaserver/plugins/certmap.py:175 +msgid "domain" +msgstr "" + +#: ipaserver/plugins/trust.py:850 +msgid "" +"Cannot establish a trust to AD deployed in the same domain as IPA. Such " +"setup is not supported." +msgstr "" + +#: ipaserver/plugins/trust.py:863 +msgid "Realm-domain mismatch" +msgstr "" + +#: ipaserver/plugins/trust.py:864 +msgid "" +"To establish trust with Active Directory, the domain name and the realm name " +"of the IPA server must match" +msgstr "" + +#: ipaserver/plugins/trust.py:890 +#, python-format +msgid "" +"Trusted domain %(domain)s is included among IPA realm domains. It needs to " +"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --" +"del-domain\" command." +msgstr "" + +#: ipaserver/plugins/trust.py:911 +msgid "Trusted domain and administrator account use different realms" +msgstr "" + +#: ipaserver/plugins/trust.py:920 +msgid "Realm administrator password should be specified" +msgstr "" + +#: ipaserver/plugins/trust.py:941 +msgid "id range type" +msgstr "" + +#: ipaserver/plugins/trust.py:943 +msgid "" +"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-" +"type when adding an AD trust." +msgstr "" + +#: ipaserver/plugins/trust.py:953 +msgid "id range" +msgstr "" + +#: ipaserver/plugins/trust.py:955 +msgid "" +"An id range already exists for this trust. You should either delete the old " +"range, or exclude --base-id/--range-size options from the command." +msgstr "" + +#: ipaserver/plugins/trust.py:977 +msgid "range exists" +msgstr "" + +#: ipaserver/plugins/trust.py:979 +msgid "" +"ID range with the same name but different domain SID already exists. The ID " +"range for the new trusted domain must be created manually." +msgstr "" + +#: ipaserver/plugins/trust.py:987 +msgid "range type change" +msgstr "" + +#: ipaserver/plugins/trust.py:988 +msgid "" +"ID range for the trusted domain already exists, but it has a different type. " +"Please remove the old range manually, or do not enforce type via --range-" +"type option." +msgstr "" + +#: ipaserver/plugins/trust.py:1026 +#, python-brace-format +msgid "Unable to resolve domain controller for {domain} domain. " +msgstr "" + +#: ipaserver/plugins/trust.py:1040 +msgid "" +"Forward policy is defined for it in IPA DNS, perhaps forwarder points to " +"incorrect host?" +msgstr "" + +#: ipaserver/plugins/trust.py:1046 +#, python-brace-format +msgid "" +"IPA manages DNS, please verify your DNS configuration and make sure that " +"service records of the '{domain}' domain can be resolved. Examples how to " +"configure DNS with CLI commands or the Web UI can be found in the " +"documentation. " +msgstr "" + +#: ipaserver/plugins/trust.py:1058 +#, python-brace-format +msgid "" +"Since IPA does not manage DNS records, ensure DNS is configured to resolve " +"'{domain}' domain from IPA hosts and back." +msgstr "" + +#: ipaserver/plugins/trust.py:1073 +msgid "Unable to verify write permissions to the AD" +msgstr "" + +#: ipaserver/plugins/trust.py:1108 +msgid "Not enough arguments specified to perform trust setup" +msgstr "" + +#: ipaserver/plugins/trust.py:1116 +#, python-format +msgid "Deleted trust \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:1121 +msgid "" +"\n" +" Modify a trust (for future use).\n" +"\n" +" Currently only the default option to modify the LDAP attributes is\n" +" available. More specific options will be added in coming releases.\n" +" " +msgstr "" + +#: ipaserver/plugins/trust.py:1128 +#, python-format +msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)" +msgstr "" + +#: ipaserver/plugins/trust.py:1146 +#, python-format +msgid "%(count)d trust matched" +msgid_plural "%(count)d trusts matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/trust.py:1235 +msgid "trust configuration" +msgstr "" + +#: ipaserver/plugins/trust.py:1241 ipaserver/plugins/trust.py:1242 +msgid "Global Trust Configuration" +msgstr "" + +#: ipaserver/plugins/trust.py:1267 +msgid "IPA AD trust agents" +msgstr "" + +#: ipaserver/plugins/trust.py:1268 +msgid "IPA servers configured as AD trust agents" +msgstr "" + +#: ipaserver/plugins/trust.py:1273 +msgid "IPA AD trust controllers" +msgstr "" + +#: ipaserver/plugins/trust.py:1274 +msgid "IPA servers configured as AD trust controllers" +msgstr "" + +#: ipaserver/plugins/trust.py:1288 +msgid "unsupported trust type" +msgstr "" + +#: ipaserver/plugins/trust.py:1355 +#, python-format +msgid "Modified \"%(value)s\" trust configuration" +msgstr "" + +#: ipaserver/plugins/trust.py:1420 +msgid "SID" +msgstr "" + +#: ipaserver/plugins/trust.py:1546 +msgid "sidgen_was_run" +msgstr "" + +#: ipaserver/plugins/trust.py:1548 +msgid "" +"This command relies on the existence of the \"editors\" group, but this " +"group was not found." +msgstr "" + +#: ipaserver/plugins/trust.py:1567 +msgid "trust domain" +msgstr "" + +#: ipaserver/plugins/trust.py:1568 +msgid "trust domains" +msgstr "" + +#: ipaserver/plugins/trust.py:1576 +msgid "Trusted domains" +msgstr "" + +#: ipaserver/plugins/trust.py:1577 +msgid "Trusted domain" +msgstr "" + +#: ipaserver/plugins/trust.py:1591 +msgid "Domain enabled" +msgstr "" + +#: ipaserver/plugins/trust.py:1663 +#, python-format +msgid "Removed information about the trusted domain \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:1681 +msgid "" +"cannot delete root domain of the trust, use trust-del to delete the trust " +"itself" +msgstr "" + +#: ipaserver/plugins/trust.py:1832 +msgid "" +"List of trust domains successfully refreshed. Use trustdomain-find command " +"to list them." +msgstr "" + +#: ipaserver/plugins/trust.py:1840 +msgid "Configure this server as a trust agent." +msgstr "" + +#: ipaserver/plugins/trust.py:1856 +msgid "Enable support for trusted domains for old clients" +msgstr "" + +#: ipaserver/plugins/trust.py:1872 +msgid "not allowed to remotely add agent" +msgstr "" + +#: ipaserver/plugins/trust.py:1908 +#, python-format +msgid "Enabled trust domain \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:1917 +msgid "Root domain of the trust is always enabled for the existing trust" +msgstr "" + +#: ipaserver/plugins/trust.py:1950 +#, python-format +msgid "Disabled trust domain \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/trust.py:1959 +msgid "" +"cannot disable root domain of the trust, use trust-del to delete the trust " +"itself" +msgstr "" + +#: ipaserver/plugins/vault.py:52 +msgid "" +"\n" +"Vaults\n" +msgstr "" + +#: ipaserver/plugins/vault.py:54 +msgid "" +"\n" +"Manage vaults.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:56 +msgid "" +"\n" +"Vault is a secure place to store a secret. One vault can only\n" +"store one secret. When archiving a secret in a vault, the\n" +"existing secret (if any) is overwritten.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:60 +msgid "" +"\n" +"Based on the ownership there are three vault categories:\n" +"* user/private vault\n" +"* service vault\n" +"* shared vault\n" +msgstr "" + +#: ipaserver/plugins/vault.py:65 +msgid "" +"\n" +"User vaults are vaults owned used by a particular user. Private\n" +"vaults are vaults owned the current user. Service vaults are\n" +"vaults owned by a service. Shared vaults are owned by the admin\n" +"but they can be used by other users or services.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:70 +msgid "" +"\n" +"Based on the security mechanism there are three types of\n" +"vaults:\n" +"* standard vault\n" +"* symmetric vault\n" +"* asymmetric vault\n" +msgstr "" + +#: ipaserver/plugins/vault.py:76 +msgid "" +"\n" +"Standard vault uses a secure mechanism to transport and\n" +"store the secret. The secret can only be retrieved by users\n" +"that have access to the vault.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:80 +msgid "" +"\n" +"Symmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a password before transport.\n" +"The secret can only be retrieved using the same password.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:84 +msgid "" +"\n" +"Asymmetric vault is similar to the standard vault, but it\n" +"pre-encrypts the secret using a public key before transport.\n" +"The secret can only be retrieved using the private key.\n" +msgstr "" + +#: ipaserver/plugins/vault.py:90 +msgid "" +"\n" +" List vaults:\n" +" ipa vault-find\n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:94 +msgid "" +"\n" +" Add a standard vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type standard\n" +msgstr "" + +#: ipaserver/plugins/vault.py:99 +msgid "" +"\n" +" Add a symmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type symmetric --password-file password.txt\n" +msgstr "" + +#: ipaserver/plugins/vault.py:104 +msgid "" +"\n" +" Add an asymmetric vault:\n" +" ipa vault-add \n" +" [--user |--service |--shared]\n" +" --type asymmetric --public-key-file public.pem\n" +msgstr "" + +#: ipaserver/plugins/vault.py:109 +msgid "" +"\n" +" Show a vault:\n" +" ipa vault-show \n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:113 +msgid "" +"\n" +" Modify vault description:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --desc \n" +msgstr "" + +#: ipaserver/plugins/vault.py:118 +msgid "" +"\n" +" Modify vault type:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --type \n" +" [old password/private key]\n" +" [new password/public key]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:125 +msgid "" +"\n" +" Modify symmetric vault password:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --change-password\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password \n" +" --new-password \n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --old-password-file \n" +" --new-password-file \n" +msgstr "" + +#: ipaserver/plugins/vault.py:138 +msgid "" +"\n" +" Modify asymmetric vault keys:\n" +" ipa vault-mod \n" +" [--user |--service |--shared]\n" +" --private-key-file \n" +" --public-key-file \n" +msgstr "" + +#: ipaserver/plugins/vault.py:144 +msgid "" +"\n" +" Delete a vault:\n" +" ipa vault-del \n" +" [--user |--service |--shared]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:148 +msgid "" +"\n" +" Display vault configuration:\n" +" ipa vaultconfig-show\n" +msgstr "" + +#: ipaserver/plugins/vault.py:151 +msgid "" +"\n" +" Archive data into standard vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +msgstr "" + +#: ipaserver/plugins/vault.py:156 +msgid "" +"\n" +" Archive data into symmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +" --password-file password.txt\n" +msgstr "" + +#: ipaserver/plugins/vault.py:162 +msgid "" +"\n" +" Archive data into asymmetric vault:\n" +" ipa vault-archive \n" +" [--user |--service |--shared]\n" +" --in \n" +msgstr "" + +#: ipaserver/plugins/vault.py:167 +msgid "" +"\n" +" Retrieve data from standard vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +msgstr "" + +#: ipaserver/plugins/vault.py:172 +msgid "" +"\n" +" Retrieve data from symmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out \n" +" --password-file password.txt\n" +msgstr "" + +#: ipaserver/plugins/vault.py:178 +msgid "" +"\n" +" Retrieve data from asymmetric vault:\n" +" ipa vault-retrieve \n" +" [--user |--service |--shared]\n" +" --out --private-key-file private.pem\n" +msgstr "" + +#: ipaserver/plugins/vault.py:183 +msgid "" +"\n" +" Add vault owners:\n" +" ipa vault-add-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:188 +msgid "" +"\n" +" Delete vault owners:\n" +" ipa vault-remove-owner \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:193 +msgid "" +"\n" +" Add vault members:\n" +" ipa vault-add-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:198 +msgid "" +"\n" +" Delete vault members:\n" +" ipa vault-remove-member \n" +" [--user |--service |--shared]\n" +" [--users ] [--groups ] [--services ]\n" +msgstr "" + +#: ipaserver/plugins/vault.py:250 +msgid "" +"\n" +" Vault Container object.\n" +" " +msgstr "" + +#: ipaserver/plugins/vault.py:256 +msgid "vaultcontainer" +msgstr "" + +#: ipaserver/plugins/vault.py:257 +msgid "vaultcontainers" +msgstr "" + +#: ipaserver/plugins/vault.py:265 +msgid "Vault Containers" +msgstr "" + +#: ipaserver/plugins/vault.py:266 +msgid "Vault Container" +msgstr "" + +#: ipaserver/plugins/vault.py:355 +msgid "Service, shared and user options cannot be specified simultaneously" +msgstr "" + +#: ipaserver/plugins/vault.py:365 ipaserver/plugins/vault.py:695 +msgid "Host is not supported" +msgstr "" + +#: ipaserver/plugins/vault.py:407 ipaserver/plugins/vault.py:431 +#: ipaserver/plugins/vault.py:798 ipaserver/plugins/vault.py:836 +#: ipaserver/plugins/vault.py:892 ipaserver/plugins/vault.py:948 +#: ipaserver/plugins/vault.py:970 ipaserver/plugins/vault.py:1011 +#: ipaserver/plugins/vault.py:1067 ipaserver/plugins/vault.py:1146 +msgid "KRA service is not enabled" +msgstr "" + +#: ipaserver/plugins/vault.py:422 +msgid "Deleted vault container" +msgstr "" + +#: ipaserver/plugins/vault.py:447 ipaserver/plugins/vault.py:472 +#: ipaserver/plugins/vault.py:1203 ipaserver/plugins/vault.py:1228 +#, python-format +msgid "owner %s" +msgstr "" + +#: ipaserver/plugins/vault.py:492 +msgid "" +"\n" +" Vault object.\n" +" " +msgstr "" + +#: ipaserver/plugins/vault.py:498 +msgid "vault" +msgstr "" + +#: ipaserver/plugins/vault.py:499 +msgid "vaults" +msgstr "" + +#: ipaserver/plugins/vault.py:522 +msgid "Vaults" +msgstr "" + +#: ipaserver/plugins/vault.py:523 +msgid "Vault" +msgstr "" + +#: ipaserver/plugins/vault.py:680 +msgid "Service, shared, and user options cannot be specified simultaneously" +msgstr "" + +#: ipaserver/plugins/vault.py:784 +msgid "Add a vault." +msgstr "" + +#: ipaserver/plugins/vault.py:790 +#, python-format +msgid "Added vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:829 +#, python-format +msgid "Deleted vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:881 +#, python-format +msgid "%(count)d vault matched" +msgid_plural "%(count)d vaults matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/vault.py:899 +msgid "" +"Service(s), shared, and user(s) options cannot be specified simultaneously" +msgstr "" + +#: ipaserver/plugins/vault.py:939 +#, python-format +msgid "Modified vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:981 +msgid "Vault configuration" +msgstr "" + +#: ipaserver/plugins/vault.py:990 ipaserver/plugins/config.py:317 +msgid "IPA KRA servers" +msgstr "" + +#: ipaserver/plugins/vault.py:991 +msgid "IPA servers configured as key recovery agents" +msgstr "" + +#: ipaserver/plugins/vault.py:1052 ipaserver/plugins/vault.py:1131 +msgid "Key wrapping algorithm" +msgstr "" + +#: ipaserver/plugins/vault.py:1061 +#, python-format +msgid "Archived data into vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:1120 +msgid "Retrieve data from a vault." +msgstr "" + +#: ipaserver/plugins/vault.py:1140 +#, python-format +msgid "Retrieved data from vault \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/vault.py:1169 +msgid "No archived data." +msgstr "" + +#: ipaserver/plugins/vault.py:1262 +msgid "Checks if any of the servers has the KRA service enabled" +msgstr "" + +#: ipaserver/plugins/baseuser.py:57 +msgid "" +"\n" +"Baseuser\n" +"\n" +"This contains common definitions for user/stageuser\n" +msgstr "" + +#: ipaserver/plugins/baseuser.py:88 +msgid "must be TRUE or FALSE" +msgstr "" + +#: ipaserver/plugins/baseuser.py:154 +msgid "" +"Object class ipaNTUserAttrs is missing, user entry cannot have SMB " +"attributes." +msgstr "" + +#: ipaserver/plugins/baseuser.py:269 ipaserver/plugins/host.py:562 +#: ipaserver/plugins/service.py:511 +msgid "Principal alias" +msgstr "" + +#: ipaserver/plugins/baseuser.py:281 +msgid "User password expiration" +msgstr "" + +#: ipaserver/plugins/baseuser.py:365 ipaserver/plugins/host.py:581 +msgid "SSH public key fingerprint" +msgstr "" + +#: ipaserver/plugins/baseuser.py:392 +msgid "External IdP configuration" +msgstr "" + +#: ipaserver/plugins/baseuser.py:396 +msgid "External IdP user identifier" +msgstr "" + +#: ipaserver/plugins/baseuser.py:397 +msgid "A string that identifies the user at external IdP" +msgstr "" + +#: ipaserver/plugins/baseuser.py:421 ipaserver/plugins/baseuser.py:887 +#: ipaserver/plugins/certmap.py:606 ipaserver/plugins/idviews.py:1061 +msgid "Base-64 encoded user certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:426 ipaserver/plugins/baseuser.py:427 +#: ipaserver/plugins/internal.py:722 +msgid "Certificate mapping data" +msgstr "" + +#: ipaserver/plugins/baseuser.py:432 +msgid "SMB logon script path" +msgstr "" + +#: ipaserver/plugins/baseuser.py:437 +msgid "SMB profile path" +msgstr "" + +#: ipaserver/plugins/baseuser.py:442 +msgid "SMB Home Directory" +msgstr "" + +#: ipaserver/plugins/baseuser.py:447 +msgid "SMB Home Directory Drive" +msgstr "" + +#: ipaserver/plugins/baseuser.py:471 ipaserver/plugins/baseuser.py:475 +#, python-format +msgid "invalid e-mail format: %(email)s" +msgstr "" + +#: ipaserver/plugins/baseuser.py:502 +#, python-format +msgid "manager %(manager)s not found" +msgstr "" + +#: ipaserver/plugins/baseuser.py:598 ipaserver/plugins/host.py:694 +#: ipaserver/plugins/stageuser.py:329 ipaserver/plugins/stageuser.py:546 +#: ipaserver/plugins/user.py:563 +#, python-format +msgid "can be at most %(len)d characters" +msgstr "" + +#: ipaserver/plugins/baseuser.py:872 ipaserver/plugins/host.py:529 +#: ipaserver/plugins/internal.py:727 ipaserver/plugins/service.py:536 +#: ipaserver/plugins/cert.py:425 +msgid "Issuer" +msgstr "" + +#: ipaserver/plugins/baseuser.py:873 +msgid "Issuer of the certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:879 ipaserver/plugins/host.py:517 +#: ipaserver/plugins/internal.py:654 ipaserver/plugins/internal.py:730 +#: ipaserver/plugins/service.py:524 ipaserver/plugins/cert.py:365 +#: ipaserver/plugins/cert.py:1501 +msgid "Subject" +msgstr "" + +#: ipaserver/plugins/baseuser.py:880 +msgid "Subject of the certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:925 +msgid "cannot have an empty subject" +msgstr "" + +#: ipaserver/plugins/baseuser.py:965 +msgid "cannot specify both subject/issuer and certificate" +msgstr "" + +#: ipaserver/plugins/baseuser.py:969 +msgid "cannot specify both subject/issuer and ipacertmapdata" +msgstr "" + +#: ipaserver/plugins/baseuser.py:993 ipaserver/plugins/user.py:1329 +msgid "Add one or more certificate mappings to the user entry." +msgstr "" + +#: ipaserver/plugins/baseuser.py:994 +#, python-format +msgid "Added certificate mappings to user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/baseuser.py:1012 ipaserver/plugins/user.py:1334 +msgid "Remove one or more certificate mappings from the user entry." +msgstr "" + +#: ipaserver/plugins/baseuser.py:1013 +#, python-format +msgid "Removed certificate mappings from user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/caacl.py:21 +msgid "" +"\n" +"Manage CA ACL rules.\n" +"\n" +"This plugin is used to define rules governing which CAs and profiles\n" +"may be used to issue certificates to particular principals or groups\n" +"of principals.\n" +"\n" +"SUBJECT PRINCIPAL SCOPE:\n" +"\n" +"For a certificate request to be allowed, the principal(s) that are\n" +"the subject of a certificate request (not necessarily the principal\n" +"actually requesting the certificate) must be included in the scope\n" +"of a CA ACL that also includes the target CA and profile.\n" +"\n" +"Users can be included by name, group or the \"all users\" category.\n" +"Hosts can be included by name, hostgroup or the \"all hosts\"\n" +"category. Services can be included by service name or the \"all\n" +"services\" category. CA ACLs may be associated with a single type of\n" +"principal, or multiple types.\n" +"\n" +"CERTIFICATE AUTHORITY SCOPE:\n" +"\n" +"A CA ACL can be associated with one or more CAs by name, or by the\n" +"\"all CAs\" category. For compatibility reasons, a CA ACL with no CA\n" +"association implies an association with the 'ipa' CA (and only this\n" +"CA).\n" +"\n" +"PROFILE SCOPE:\n" +"\n" +"A CA ACL can be associated with one or more profiles by Profile ID.\n" +"The Profile ID is a string without spaces or punctuation starting\n" +"with a letter and followed by a sequence of letters, digits or\n" +"underscore (\"_\").\n" +"\n" +"EXAMPLES:\n" +"\n" +" Create a CA ACL \"test\" that grants all users access to the\n" +" \"UserCert\" profile on all CAs:\n" +" ipa caacl-add test --usercat=all --cacat=all\n" +" ipa caacl-add-profile test --certprofiles UserCert\n" +"\n" +" Display the properties of a named CA ACL:\n" +" ipa caacl-show test\n" +"\n" +" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile on \"DNP3-" +"CA\":\n" +" ipa caacl-add alice_dnp3\n" +" ipa caacl-add-ca alice_dnp3 --cas DNP3-CA\n" +" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" +" ipa caacl-add-user alice_dnp3 --user=alice\n" +"\n" +" Disable a CA ACL:\n" +" ipa caacl-disable test\n" +"\n" +" Remove a CA ACL:\n" +" ipa caacl-del test\n" +msgstr "" + +#: ipaserver/plugins/caacl.py:87 ipaserver/plugins/caacl.py:165 +#: ipaserver/plugins/caacl.py:263 +msgid "CA ACL" +msgstr "" + +#: ipaserver/plugins/caacl.py:88 ipaserver/plugins/caacl.py:164 +msgid "CA ACLs" +msgstr "" + +#: ipaserver/plugins/caacl.py:183 +msgid "CA category" +msgstr "" + +#: ipaserver/plugins/caacl.py:184 +msgid "CA category the ACL applies to" +msgstr "" + +#: ipaserver/plugins/caacl.py:212 +msgid "CAs" +msgstr "" + +#: ipaserver/plugins/caacl.py:246 +#, python-format +msgid "Added CA ACL \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/caacl.py:258 +#, python-format +msgid "Deleted CA ACL \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/caacl.py:265 +msgid "default CA ACL can be only disabled" +msgstr "" + +#: ipaserver/plugins/caacl.py:273 +#, python-format +msgid "Modified CA ACL \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/caacl.py:285 +msgid "CA category cannot be set to 'all' while there are allowed CAs" +msgstr "" + +#: ipaserver/plugins/caacl.py:290 +msgid "" +"profile category cannot be set to 'all' while there are allowed profiles" +msgstr "" + +#: ipaserver/plugins/caacl.py:302 ipaserver/plugins/hbacrule.py:356 +msgid "" +"service category cannot be set to 'all' while there are allowed services" +msgstr "" + +#: ipaserver/plugins/caacl.py:312 +#, python-format +msgid "%(count)d CA ACL matched" +msgid_plural "%(count)d CA ACLs matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/caacl.py:325 +#, python-format +msgid "Enabled CA ACL \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/caacl.py:354 +#, python-format +msgid "Disabled CA ACL \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/caacl.py:385 +#, python-format +msgid "%i user or group added." +msgstr "" + +#: ipaserver/plugins/caacl.py:386 +#, python-format +msgid "%i users or groups added." +msgstr "" + +#: ipaserver/plugins/caacl.py:397 ipaserver/plugins/hbacrule.py:518 +#: ipaserver/plugins/selinuxusermap.py:572 ipaserver/plugins/sudorule.py:607 +msgid "users cannot be added when user category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:407 +#, python-format +msgid "%i user or group removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:408 +#, python-format +msgid "%i users or groups removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:417 +#, python-format +msgid "%i host or hostgroup added." +msgstr "" + +#: ipaserver/plugins/caacl.py:418 +#, python-format +msgid "%i hosts or hostgroups added." +msgstr "" + +#: ipaserver/plugins/caacl.py:429 ipaserver/plugins/hbacrule.py:549 +#: ipaserver/plugins/selinuxusermap.py:605 ipaserver/plugins/sudorule.py:710 +msgid "hosts cannot be added when host category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:439 +#, python-format +msgid "%i host or hostgroup removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:440 +#, python-format +msgid "%i hosts or hostgroups removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:448 +#, python-format +msgid "%i service added." +msgstr "" + +#: ipaserver/plugins/caacl.py:448 +#, python-format +msgid "%i services added." +msgstr "" + +#: ipaserver/plugins/caacl.py:459 ipaserver/plugins/hbacrule.py:606 +msgid "services cannot be added when service category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:468 +#, python-format +msgid "%i service removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:468 +#, python-format +msgid "%i services removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:488 +#, python-format +msgid "%i profile added." +msgstr "" + +#: ipaserver/plugins/caacl.py:488 +#, python-format +msgid "%i profiles added." +msgstr "" + +#: ipaserver/plugins/caacl.py:499 +msgid "profiles cannot be added when profile category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:510 +#, python-format +msgid "%i profile removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:510 +#, python-format +msgid "%i profiles removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:515 +msgid "Add CAs to a CA ACL." +msgstr "" + +#: ipaserver/plugins/caacl.py:520 +#, python-format +msgid "%i CA added." +msgstr "" + +#: ipaserver/plugins/caacl.py:520 +#, python-format +msgid "%i CAs added." +msgstr "" + +#: ipaserver/plugins/caacl.py:531 +msgid "CAs cannot be added when CA category='all'" +msgstr "" + +#: ipaserver/plugins/caacl.py:537 +msgid "Remove CAs from a CA ACL." +msgstr "" + +#: ipaserver/plugins/caacl.py:542 +#, python-format +msgid "%i CA removed." +msgstr "" + +#: ipaserver/plugins/caacl.py:542 +#, python-format +msgid "%i CAs removed." +msgstr "" + +#: ipaserver/plugins/certmap.py:50 +msgid "" +"\n" +"Certificate Identity Mapping\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:52 +msgid "" +"\n" +"Manage Certificate Identity Mapping configuration and rules.\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:54 +msgid "" +"\n" +"IPA supports the use of certificates for authentication. Certificates can\n" +"either be stored in the user entry (full certificate in the usercertificate\n" +"attribute), or simply linked to the user entry through a mapping.\n" +"This code enables the management of the rules allowing to link a\n" +"certificate to a user entry.\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:62 +msgid "" +"\n" +" Display the Certificate Identity Mapping global configuration:\n" +" ipa certmapconfig-show\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:65 +msgid "" +"\n" +" Modify Certificate Identity Mapping global configuration:\n" +" ipa certmapconfig-mod --promptusername=TRUE\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:68 +msgid "" +"\n" +" Create a new Certificate Identity Mapping Rule:\n" +" ipa certmaprule-add rule1 --desc=\"Link certificate with subject and " +"issuer\"\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:71 +msgid "" +"\n" +" Modify a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-mod rule1 --maprule=\"\"\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:74 +msgid "" +"\n" +" Disable a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-disable rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:77 +msgid "" +"\n" +" Enable a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-enable rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:80 +msgid "" +"\n" +" Display information about a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-show rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:83 +msgid "" +"\n" +" Find all Certificate Identity Mapping Rules with the specified domain:\n" +" ipa certmaprule-find --domain example.com\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:86 +msgid "" +"\n" +" Delete a Certificate Identity Mapping Rule:\n" +" ipa certmaprule-del rule1\n" +msgstr "" + +#: ipaserver/plugins/certmap.py:142 +#, python-format +msgid "" +"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check." +msgstr "" + +#: ipaserver/plugins/certmap.py:149 +msgid "" +"The mapping rule with altSecurityIdentities should be applied to a trusted " +"Active Directory domain but no domain was associated with the rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:176 +#, python-format +msgid "The domain %s is neither IPA domain nor a trusteddomain." +msgstr "" + +#: ipaserver/plugins/certmap.py:186 +msgid "Certificate Identity Mapping configuration options" +msgstr "" + +#: ipaserver/plugins/certmap.py:191 ipaserver/plugins/certmap.py:192 +msgid "Certificate Identity Mapping Global Configuration" +msgstr "" + +#: ipaserver/plugins/certmap.py:198 +msgid "Prompt for the username" +msgstr "" + +#: ipaserver/plugins/certmap.py:199 +msgid "" +"Prompt for the username when multiple identities are mapped to a certificate" +msgstr "" + +#: ipaserver/plugins/certmap.py:229 +msgid "Modify Certificate Identity Mapping configuration." +msgstr "" + +#: ipaserver/plugins/certmap.py:234 +msgid "Show the current Certificate Identity Mapping configuration." +msgstr "" + +#: ipaserver/plugins/certmap.py:243 ipaserver/plugins/certmap.py:247 +msgid "Certificate Identity Mapping Rules" +msgstr "" + +#: ipaserver/plugins/certmap.py:244 ipaserver/plugins/certmap.py:246 +msgid "Certificate Identity Mapping Rule" +msgstr "" + +#: ipaserver/plugins/certmap.py:274 +msgid "Certificate Identity Mapping Rule name" +msgstr "" + +#: ipaserver/plugins/certmap.py:280 +msgid "Certificate Identity Mapping Rule description" +msgstr "" + +#: ipaserver/plugins/certmap.py:285 +msgid "Mapping rule" +msgstr "" + +#: ipaserver/plugins/certmap.py:286 +msgid "Rule used to map the certificate with a user entry" +msgstr "" + +#: ipaserver/plugins/certmap.py:291 +msgid "Matching rule" +msgstr "" + +#: ipaserver/plugins/certmap.py:292 +msgid "Rule used to check if a certificate can be used for authentication" +msgstr "" + +#: ipaserver/plugins/certmap.py:299 +msgid "Domain where the user entry will be searched" +msgstr "" + +#: ipaserver/plugins/certmap.py:305 +msgid "Priority of the rule (higher number means lower priority" +msgstr "" + +#: ipaserver/plugins/certmap.py:356 +msgid "Create a new Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:358 +#, python-format +msgid "Added Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:369 +msgid "Modify a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:371 +#, python-format +msgid "Modified Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:392 +msgid "Search for Certificate Identity Mapping Rules." +msgstr "" + +#: ipaserver/plugins/certmap.py:395 +#, python-format +msgid "%(count)d Certificate Identity Mapping Rule matched" +msgid_plural "%(count)d Certificate Identity Mapping Rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/certmap.py:402 +msgid "Display information about a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:408 +msgid "Delete a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:410 +#, python-format +msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:415 +msgid "Enable a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:417 +#, python-format +msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:444 +msgid "Disable a Certificate Identity Mapping Rule." +msgstr "" + +#: ipaserver/plugins/certmap.py:446 +#, python-format +msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/certmap.py:500 +msgid "Failed to connect to sssd over SystemBus. See details in the error_log" +msgstr "" + +#: ipaserver/plugins/certmap.py:554 +msgid "Failed to find users over SystemBus. See details in the error_log" +msgstr "" + +#: ipaserver/plugins/certmap.py:571 +msgid "User logins" +msgstr "" + +#: ipaserver/plugins/certmap.py:579 +msgid "" +"\n" +" Search for users matching the provided certificate.\n" +"\n" +" This command relies on SSSD to retrieve the list of matching users and\n" +" may return cached data. For more information on purging SSSD cache,\n" +" please refer to sss_cache documentation.\n" +" " +msgstr "" + +#: ipaserver/plugins/certmap.py:587 +#, python-format +msgid "%(count)s user matched" +msgid_plural "%(count)s users matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/config.py:50 +msgid "" +"\n" +"Server configuration\n" +"\n" +"Manage the default values that IPA uses and some of its tuning parameters.\n" +"\n" +"NOTES:\n" +"\n" +"The password notification value (--pwdexpnotify) is stored here so it will\n" +"be replicated. It is not currently used to notify users in advance of an\n" +"expiring password.\n" +"\n" +"Some attributes are read-only, provided only for information purposes. " +"These\n" +"include:\n" +"\n" +"Certificate Subject base: the configured certificate subject base,\n" +" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" +"Password plug-in features: currently defines additional hashes that the\n" +" password will generate (there may be other conditions).\n" +"\n" +"When setting the order list for mapping SELinux users you may need to\n" +"quote the value so it isn't interpreted by the shell.\n" +"\n" +"The maximum length of a hostname in Linux is controlled by\n" +"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n" +"systems, Solaris for example, allows hostnames up to 255 characters.\n" +"This option will allow flexibility in length but by default limiting\n" +"to the Linux maximum length.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Show basic server configuration:\n" +" ipa config-show\n" +"\n" +" Show all configuration options:\n" +" ipa config-show --all\n" +"\n" +" Change maximum username length to 99 characters:\n" +" ipa config-mod --maxusername=99\n" +"\n" +" Change maximum host name length to 255 characters:\n" +" ipa config-mod --maxhostname=255\n" +"\n" +" Increase default time and size limits for maximum IPA server search:\n" +" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" +"\n" +" Set default user e-mail domain:\n" +" ipa config-mod --emaildomain=example.com\n" +"\n" +" Enable migration mode to make \"ipa migrate-ds\" command operational:\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +" Define SELinux user map order:\n" +" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" +"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" +msgstr "" + +#: ipaserver/plugins/config.py:116 +msgid "must be at least 10" +msgstr "" + +#: ipaserver/plugins/config.py:124 +msgid "configuration options" +msgstr "" + +#: ipaserver/plugins/config.py:160 ipaserver/plugins/config.py:161 +msgid "Configuration" +msgstr "" + +#: ipaserver/plugins/config.py:172 +msgid "Maximum hostname length" +msgstr "" + +#: ipaserver/plugins/config.py:276 ipaserver/plugins/config.py:277 +msgid "Enable adding subids to new users" +msgstr "" + +#: ipaserver/plugins/config.py:281 +msgid "IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:282 +msgid "List of all IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:287 +msgid "Hidden IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:288 +msgid "List of all hidden IPA masters" +msgstr "" + +#: ipaserver/plugins/config.py:293 +msgid "IPA master capable of PKINIT" +msgstr "" + +#: ipaserver/plugins/config.py:294 +msgid "IPA master which can process PKINIT requests" +msgstr "" + +#: ipaserver/plugins/config.py:299 +msgid "IPA CA servers" +msgstr "" + +#: ipaserver/plugins/config.py:300 +msgid "IPA servers configured as certificate authority" +msgstr "" + +#: ipaserver/plugins/config.py:305 +msgid "Hidden IPA CA servers" +msgstr "" + +#: ipaserver/plugins/config.py:306 +msgid "Hidden IPA servers configured as certificate authority" +msgstr "" + +#: ipaserver/plugins/config.py:311 +msgid "IPA CA renewal master" +msgstr "" + +#: ipaserver/plugins/config.py:312 +msgid "Renewal master for IPA certificate authority" +msgstr "" + +#: ipaserver/plugins/config.py:318 +msgid "IPA servers configured as key recovery agent" +msgstr "" + +#: ipaserver/plugins/config.py:323 +msgid "Hidden IPA KRA servers" +msgstr "" + +#: ipaserver/plugins/config.py:324 +msgid "Hidden IPA servers configured as key recovery agent" +msgstr "" + +#: ipaserver/plugins/config.py:330 ipaserver/plugins/idviews.py:159 +msgid "Domain resolution order" +msgstr "" + +#: ipaserver/plugins/config.py:331 ipaserver/plugins/idviews.py:160 +msgid "colon-separated list of domains used for short name qualification" +msgstr "" + +#: ipaserver/plugins/config.py:336 ipaserver/plugins/dns.py:4147 +msgid "IPA DNS servers" +msgstr "" + +#: ipaserver/plugins/config.py:337 +msgid "IPA servers configured as domain name server" +msgstr "" + +#: ipaserver/plugins/config.py:342 +msgid "Hidden IPA DNS servers" +msgstr "" + +#: ipaserver/plugins/config.py:343 +msgid "Hidden IPA servers configured as domain name server" +msgstr "" + +#: ipaserver/plugins/config.py:348 ipaserver/plugins/dns.py:4153 +msgid "IPA DNSSec key master" +msgstr "" + +#: ipaserver/plugins/config.py:349 +msgid "DNSec key master" +msgstr "" + +#: ipaserver/plugins/config.py:354 +msgid "Setup SID configuration" +msgstr "" + +#: ipaserver/plugins/config.py:355 +msgid "New users and groups automatically get a SID assigned" +msgstr "" + +#: ipaserver/plugins/config.py:360 +msgid "Add SIDs" +msgstr "" + +#: ipaserver/plugins/config.py:361 +msgid "Add SIDs for existing users and groups" +msgstr "" + +#: ipaserver/plugins/config.py:366 ipaserver/plugins/config.py:367 +msgid "NetBIOS name of the IPA domain" +msgstr "" + +#: ipaserver/plugins/config.py:444 +msgid "Empty domain is not allowed" +msgstr "" + +#: ipaserver/plugins/config.py:452 +#, python-format +msgid "Invalid domain name '%(domain)s': %(e)s" +msgstr "" + +#: ipaserver/plugins/config.py:457 +#, python-format +msgid "Server has no information about domain '%(domain)s'" +msgstr "" + +#: ipaserver/plugins/config.py:464 +#, python-format +msgid "Disabled domain '%(domain)s' is not allowed" +msgstr "" + +#: ipaserver/plugins/config.py:514 +msgid "not allowed to enable SID generation" +msgstr "" + +#: ipaserver/plugins/config.py:522 +msgid "" +"Up to 15 characters and only uppercase ASCII letters, digits and dashes are " +"allowed. Empty string is not allowed." +msgstr "" + +#: ipaserver/plugins/config.py:550 +msgid "Failed to call DBus" +msgstr "" + +#: ipaserver/plugins/config.py:560 +msgid "Configuration of SID failed. See details in the error log" +msgstr "" + +#: ipaserver/plugins/config.py:570 +msgid "The group doesn't exist" +msgstr "" + +#: ipaserver/plugins/config.py:588 +#, python-format +msgid "attribute \"%s\" not allowed" +msgstr "" + +#: ipaserver/plugins/config.py:608 +msgid "May not be empty" +msgstr "" + +#: ipaserver/plugins/config.py:627 +#, python-format +msgid "%(obj)s default attribute %(attr)s would not be allowed!" +msgstr "" + +#: ipaserver/plugins/config.py:659 +msgid "A list of SELinux users delimited by $ expected" +msgstr "" + +#: ipaserver/plugins/config.py:663 +#, python-format +msgid "SELinux user '%(user)s' is not valid: %(error)s" +msgstr "" + +#: ipaserver/plugins/config.py:675 +msgid "SELinux user map default user not in order list" +msgstr "" + +#: ipaserver/plugins/config.py:694 +#, python-format +msgid "You cannot specify %s without the --enable-sid option" +msgstr "" + +#: ipaserver/plugins/dns.py:100 +msgid "" +"\n" +"Domain Name System (DNS)\n" +msgstr "" + +#: ipaserver/plugins/dns.py:102 +msgid "" +"\n" +"Manage DNS zone and resource records.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:104 +msgid "" +"\n" +"SUPPORTED ZONE TYPES\n" +"\n" +" * Master zone (dnszone-*), contains authoritative data.\n" +" * Forward zone (dnsforwardzone-*), forwards queries to configured " +"forwarders\n" +" (a set of DNS servers).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:110 +msgid "" +"\n" +"USING STRUCTURED PER-TYPE OPTIONS\n" +msgstr "" + +#: ipaserver/plugins/dns.py:112 +msgid "" +"\n" +"There are many structured DNS RR types where DNS data stored in LDAP server\n" +"is not just a scalar value, for example an IP address or a domain name, but\n" +"a data structure which may be often complex. A good example is a LOC record\n" +"[RFC1876] which consists of many mandatory and optional parts (degrees,\n" +"minutes, seconds of latitude and longitude, altitude or precision).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:118 +msgid "" +"\n" +"It may be difficult to manipulate such DNS records without making a mistake\n" +"and entering an invalid value. DNS module provides an abstraction over " +"these\n" +"raw records and allows to manipulate each RR type with specific options. " +"For\n" +"each supported RR type, DNS module provides a standard option to manipulate\n" +"a raw records with format ---rec, e.g. --mx-rec, and special " +"options\n" +"for every part of the RR structure with format ---, e.g.\n" +"--mx-preference and --mx-exchanger.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:126 +msgid "" +"\n" +"When adding a record, either RR specific options or standard option for a " +"raw\n" +"value can be used, they just should not be combined in one add operation. " +"When\n" +"modifying an existing entry, new RR specific options can be used to change\n" +"one part of a DNS record, where the standard option for raw value is used\n" +"to specify the modified value. The following example demonstrates\n" +"a modification of MX record preference from 0 to 1 in a record without\n" +"modifying the exchanger:\n" +"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" +msgstr "" + +#: ipaserver/plugins/dns.py:135 +msgid "" +"\n" +"\n" +"EXAMPLES:\n" +msgstr "" + +#: ipaserver/plugins/dns.py:138 +msgid "" +"\n" +" Add new zone:\n" +" ipa dnszone-add example.com --admin-email=admin@example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:141 +msgid "" +"\n" +" Add system permission that can be used for per-zone privilege delegation:\n" +" ipa dnszone-add-permission example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:144 +msgid "" +"\n" +" Modify the zone to allow dynamic updates for hosts own records in realm " +"EXAMPLE.COM:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE\n" +msgstr "" + +#: ipaserver/plugins/dns.py:147 +msgid "" +"\n" +" This is the equivalent of:\n" +" ipa dnszone-mod example.com --dynamic-update=TRUE \\\n" +" --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM " +"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:151 +msgid "" +"\n" +" Modify the zone to allow zone transfers for local network only:\n" +" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" +msgstr "" + +#: ipaserver/plugins/dns.py:154 +msgid "" +"\n" +" Add new reverse zone specified by network IP address:\n" +" ipa dnszone-add --name-from-ip=192.0.2.0/24\n" +msgstr "" + +#: ipaserver/plugins/dns.py:157 +msgid "" +"\n" +" Add second nameserver for example.com:\n" +" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:160 +msgid "" +"\n" +" Add a mail server for example.com:\n" +" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:163 +msgid "" +"\n" +" Add another record using MX record specific options:\n" +" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" +msgstr "" + +#: ipaserver/plugins/dns.py:166 +msgid "" +"\n" +" Add another record using interactive mode (started when dnsrecord-add, " +"dnsrecord-mod,\n" +" or dnsrecord-del are executed with no options):\n" +" ipa dnsrecord-add example.com @\n" +" Please choose a type of DNS resource record to be added\n" +" The most common types for this type of zone are: NS, MX, LOC\n" +"\n" +" DNS resource record type: MX\n" +" MX Preference: 30\n" +" MX Exchanger: mail3\n" +" Record name: example.com\n" +" MX record: 10 mail1, 20 mail2, 30 mail3\n" +" NS record: nameserver.example.com., nameserver2.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:179 +msgid "" +"\n" +" Delete previously added nameserver from example.com:\n" +" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:182 +msgid "" +"\n" +" Add LOC record for example.com:\n" +" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " +"227.64m\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:185 +msgid "" +"\n" +" Add new A record for www.example.com. Create a reverse record in " +"appropriate\n" +" reverse zone as well. In this case a PTR record \"2\" pointing to www." +"example.com\n" +" will be created in zone 2.0.192.in-addr.arpa.\n" +" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" +msgstr "" + +#: ipaserver/plugins/dns.py:190 +msgid "" +"\n" +" Add new PTR record for www.example.com\n" +" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:193 +msgid "" +"\n" +" Add new SRV records for LDAP servers. Three quarters of the requests\n" +" should go to fast.example.com, one quarter to slow.example.com. If neither\n" +" is available, switch to backup.example.com.\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." +"com\"\n" +" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." +"example.com\"\n" +msgstr "" + +#: ipaserver/plugins/dns.py:200 +msgid "" +"\n" +" The interactive mode can be used for easy modification:\n" +" ipa dnsrecord-mod example.com _ldap._tcp\n" +" No option to modify specific record provided.\n" +" Current DNS record contents:\n" +"\n" +" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " +"backup.example.com\n" +"\n" +" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" +" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" +" SRV Priority [0]: (keep the default value)\n" +" SRV Weight [1]: 2 (modified value)\n" +" SRV Port [389]: (keep the default value)\n" +" SRV Target [slow.example.com]: (keep the default value)\n" +" 1 SRV record skipped. Only one value per DNS record type can be modified " +"at one time.\n" +" Record name: _ldap._tcp\n" +" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " +"389 slow.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:217 +msgid "" +"\n" +" After this modification, three fifths of the requests should go to\n" +" fast.example.com and two fifths to slow.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:220 +msgid "" +"\n" +" An example of the interactive mode for dnsrecord-del command:\n" +" ipa dnsrecord-del example.com www\n" +" No option to delete specific record provided.\n" +" Delete all? Yes/No (default No): (do not delete all records)\n" +" Current DNS record contents:\n" +"\n" +" A record: 192.0.2.2, 192.0.2.3\n" +"\n" +" Delete A record '192.0.2.2'? Yes/No (default No):\n" +" Delete A record '192.0.2.3'? Yes/No (default No): y\n" +" Record name: www\n" +" A record: 192.0.2.2 (A record 192.0.2.3 has been " +"deleted)\n" +msgstr "" + +#: ipaserver/plugins/dns.py:233 +msgid "" +"\n" +" Show zone example.com:\n" +" ipa dnszone-show example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:236 +msgid "" +"\n" +" Find zone with \"example\" in its domain name:\n" +" ipa dnszone-find example\n" +msgstr "" + +#: ipaserver/plugins/dns.py:239 +msgid "" +"\n" +" Find records for resources with \"www\" in their name in zone example.com:\n" +" ipa dnsrecord-find example.com www\n" +msgstr "" + +#: ipaserver/plugins/dns.py:242 +msgid "" +"\n" +" Find A records with value 192.0.2.2 in zone example.com\n" +" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" +msgstr "" + +#: ipaserver/plugins/dns.py:245 +msgid "" +"\n" +" Show records for resource www in zone example.com\n" +" ipa dnsrecord-show example.com www\n" +msgstr "" + +#: ipaserver/plugins/dns.py:248 +msgid "" +"\n" +" Delegate zone sub.example to another nameserver:\n" +" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" +" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:252 +msgid "" +"\n" +" Delete zone example.com with all resource records:\n" +" ipa dnszone-del example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:255 +msgid "" +"\n" +" If a global forwarder is configured, all queries for which this server is " +"not\n" +" authoritative (e.g. sub.example.com) will be routed to the global " +"forwarder.\n" +" Global forwarding configuration can be overridden per-zone.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:259 +msgid "" +"\n" +" Semantics of forwarding in IPA matches BIND semantics and depends on the " +"type\n" +" of zone:\n" +" * Master zone: local BIND replies authoritatively to queries for data in\n" +" the given zone (including authoritative NXDOMAIN answers) and forwarding\n" +" affects only queries for names below zone cuts (NS records) of locally\n" +" served zones.\n" +"\n" +" * Forward zone: forward zone contains no authoritative data. BIND " +"forwards\n" +" queries, which cannot be answered from its local cache, to configured\n" +" forwarders.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:270 +msgid "" +"\n" +" Semantics of the --forward-policy option:\n" +" * none - disable forwarding for the given zone.\n" +" * first - forward all queries to configured forwarders. If they fail,\n" +" do resolution using DNS root servers.\n" +" * only - forward all queries to configured forwarders and if they fail,\n" +" return failure.\n" +msgstr "" + +#: ipaserver/plugins/dns.py:277 +msgid "" +"\n" +" Disable global forwarding for given sub-tree:\n" +" ipa dnszone-mod example.com --forward-policy=none\n" +msgstr "" + +#: ipaserver/plugins/dns.py:280 +msgid "" +"\n" +" This configuration forwards all queries for names outside the example.com\n" +" sub-tree to global forwarders. Normal recursive resolution process is used\n" +" for names inside the example.com sub-tree (i.e. NS records are followed " +"etc.).\n" +msgstr "" + +#: ipaserver/plugins/dns.py:284 +msgid "" +"\n" +" Forward all requests for the zone external.example.com to another " +"forwarder\n" +" using a \"first\" policy (it will send the queries to the selected " +"forwarder\n" +" and if not answered it will use global root servers):\n" +" ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n" +" --forwarder=203.0.113.1\n" +msgstr "" + +#: ipaserver/plugins/dns.py:290 +msgid "" +"\n" +" Change forward-policy for external.example.com:\n" +" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" +msgstr "" + +#: ipaserver/plugins/dns.py:293 +msgid "" +"\n" +" Show forward zone external.example.com:\n" +" ipa dnsforwardzone-show external.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:296 +msgid "" +"\n" +" List all forward zones:\n" +" ipa dnsforwardzone-find\n" +msgstr "" + +#: ipaserver/plugins/dns.py:299 +msgid "" +"\n" +" Delete forward zone external.example.com:\n" +" ipa dnsforwardzone-del external.example.com\n" +msgstr "" + +#: ipaserver/plugins/dns.py:302 +msgid "" +"\n" +" Resolve a host name to see if it exists (will add default IPA domain\n" +" if one is not included):\n" +" ipa dns-resolve www.example.com\n" +" ipa dns-resolve www\n" +msgstr "" + +#: ipaserver/plugins/dns.py:307 +msgid "" +"\n" +"\n" +"GLOBAL DNS CONFIGURATION\n" +msgstr "" + +#: ipaserver/plugins/dns.py:310 +msgid "" +"\n" +"DNS configuration passed to command line install script is stored in a " +"local\n" +"configuration file on each IPA server where DNS service is configured. " +"These\n" +"local settings can be overridden with a common configuration stored in LDAP\n" +"server:\n" +msgstr "" + +#: ipaserver/plugins/dns.py:315 +msgid "" +"\n" +" Show global DNS configuration:\n" +" ipa dnsconfig-show\n" +msgstr "" + +#: ipaserver/plugins/dns.py:318 +msgid "" +"\n" +" Modify global DNS configuration and set a list of global forwarders:\n" +" ipa dnsconfig-mod --forwarder=203.0.113.113\n" +msgstr "" + +#: ipaserver/plugins/dns.py:406 +msgid "invalid IP network format" +msgstr "" + +#: ipaserver/plugins/dns.py:415 +msgid "each ACL element must be terminated with a semicolon" +msgstr "" + +#: ipaserver/plugins/dns.py:431 +msgid "invalid address format" +msgstr "" + +#: ipaserver/plugins/dns.py:475 +msgid "" +"expected format: <0-255> <0-255> <0-65535> even-" +"length_hexadecimal_digits_or_hyphen" +msgstr "" + +#: ipaserver/plugins/dns.py:484 +msgid "algorithm value: allowed interval 0-255" +msgstr "" + +#: ipaserver/plugins/dns.py:487 +msgid "flags value: allowed interval 0-255" +msgstr "" + +#: ipaserver/plugins/dns.py:490 +msgid "iterations value: allowed interval 0-65535" +msgstr "" + +#: ipaserver/plugins/dns.py:498 +#, python-format +msgid "salt value: %(err)s" +msgstr "" + +#: ipaserver/plugins/dns.py:505 +msgid "invalid domain-name: not fully qualified" +msgstr "" + +#: ipaserver/plugins/dns.py:514 +msgid "should not be a wildcard domain name (RFC 4592 section 4)" +msgstr "" + +#: ipaserver/plugins/dns.py:555 +#, python-format +msgid "" +"All nameservers failed to answer the query for DNS reverse zone %(revdns)s" +msgstr "" + +#: ipaserver/plugins/dns.py:561 +#, python-format +msgid "" +"No answers could be found in the specified lifetime for DNS reverse zone " +"%(revdns)s" +msgstr "" + +#: ipaserver/plugins/dns.py:571 +#, python-format +msgid "" +"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this " +"server" +msgstr "" + +#: ipaserver/plugins/dns.py:588 +#, python-format +msgid "DNS zone %(zone)s not found" +msgstr "" + +#: ipaserver/plugins/dns.py:603 +#, python-format +msgid "IP address %(ip)s is already assigned in domain %(domain)s." +msgstr "" + +#: ipaserver/plugins/dns.py:613 +#, python-format +msgid "" +"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s." +msgstr "" + +#: ipaserver/plugins/dns.py:688 +#, python-format +msgid "%s record" +msgstr "" + +#: ipaserver/plugins/dns.py:690 +#, python-format +msgid "Raw %s records" +msgstr "" + +#: ipaserver/plugins/dns.py:691 +#, python-format +msgid "%s Record" +msgstr "" + +#: ipaserver/plugins/dns.py:692 +#, python-format +msgid "(see RFC %s for details)" +msgstr "" + +#: ipaserver/plugins/dns.py:754 +#, python-format +msgid "'%s' is a required part of DNS record" +msgstr "" + +#: ipaserver/plugins/dns.py:761 +msgid "Invalid number of parts!" +msgstr "" + +#: ipaserver/plugins/dns.py:813 +#, python-format +msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin" +msgstr "" + +#: ipaserver/plugins/dns.py:829 +#, python-format +msgid "format must be specified as \"%(format)s\" %(rfcs)s" +msgstr "" + +#: ipaserver/plugins/dns.py:904 +msgid "Create reverse" +msgstr "" + +#: ipaserver/plugins/dns.py:940 +#, python-format +msgid "Cannot create reverse record for \"%(value)s\": %(exc)s" +msgstr "" + +#: ipaserver/plugins/dns.py:1115 ipaserver/plugins/dns.py:1272 +msgid "Exchanger" +msgstr "" + +#: ipaserver/plugins/dns.py:1190 +msgid "" +"format must be specified as\n" +" \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] " +"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n" +" where:\n" +" d1: [0 .. 90] (degrees latitude)\n" +" d2: [0 .. 180] (degrees longitude)\n" +" m1, m2: [0 .. 59] (minutes latitude/longitude)\n" +" s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n" +" alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n" +" siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n" +" See RFC 1876 for details" +msgstr "" + +#: ipaserver/plugins/dns.py:1244 +#, python-format +msgid "'%(required)s' must not be empty when '%(name)s' is set" +msgstr "" + +#: ipaserver/plugins/dns.py:1299 +msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\"" +msgstr "" + +#: ipaserver/plugins/dns.py:1360 ipaserver/plugins/dns.py:1490 +msgid "Priority (order)" +msgstr "" + +#: ipaserver/plugins/dns.py:1361 +msgid "" +"Lower number means higher priority. Clients will attempt to contact the " +"server with the lowest-numbered priority they can reach." +msgstr "" + +#: ipaserver/plugins/dns.py:1369 ipaserver/plugins/dns.py:1499 +msgid "Relative weight for entries with the same priority." +msgstr "" + +#: ipaserver/plugins/dns.py:1389 +msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format" +msgstr "" + +#: ipaserver/plugins/dns.py:1491 +msgid "" +"Lower number means higher priority. Clients will attempt to contact the URI " +"with the lowest-numbered priority they can reach." +msgstr "" + +#: ipaserver/plugins/dns.py:1504 +msgid "Target Uniform Resource Identifier" +msgstr "" + +#: ipaserver/plugins/dns.py:1505 +msgid "Target Uniform Resource Identifier according to RFC 3986" +msgstr "" + +#: ipaserver/plugins/dns.py:1587 +#, python-format +msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record" +msgstr "" + +#: ipaserver/plugins/dns.py:2056 +msgid "Managedby permission" +msgstr "" + +#: ipaserver/plugins/dns.py:2157 +msgid "cannot be used when a zone is specified" +msgstr "" + +#: ipaserver/plugins/dns.py:2169 +msgid "Only one zone type is allowed per zone name" +msgstr "" + +#: ipaserver/plugins/dns.py:2312 +#, python-format +msgid "Added system permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2342 +#, python-format +msgid "permission \"%(value)s\" already exists" +msgstr "" + +#: ipaserver/plugins/dns.py:2370 +#, python-format +msgid "Removed system permission \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2406 +msgid "DNS zone" +msgstr "" + +#: ipaserver/plugins/dns.py:2407 +msgid "DNS zones" +msgstr "" + +#: ipaserver/plugins/dns.py:2415 +msgid "DNS Zones" +msgstr "" + +#: ipaserver/plugins/dns.py:2416 +msgid "DNS Zone" +msgstr "" + +#: ipaserver/plugins/dns.py:2490 +msgid "Default time to live" +msgstr "" + +#: ipaserver/plugins/dns.py:2491 +msgid "Time to live for records without explicit TTL definition" +msgstr "" + +#: ipaserver/plugins/dns.py:2706 +msgid "setting Authoritative nameserver" +msgstr "" + +#: ipaserver/plugins/dns.py:2707 +msgid "It is used only for setting the SOA MNAME attribute." +msgstr "" + +#: ipaserver/plugins/dns.py:2709 +msgid "NS record(s) can be edited in zone apex - '@'. " +msgstr "" + +#: ipaserver/plugins/dns.py:2744 +msgid "" +msgstr "" + +#: ipaserver/plugins/dns.py:2808 +msgid "Nameserver for reverse zone cannot be a relative DNS name" +msgstr "" + +#: ipaserver/plugins/dns.py:2863 +#, python-format +msgid "Deleted DNS zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:2926 +msgid "is required" +msgstr "" + +#: ipaserver/plugins/dns.py:3008 +#, python-format +msgid "Disabled DNS zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:3019 +#, python-format +msgid "Enabled DNS zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:3044 +msgid "DNS resource record" +msgstr "" + +#: ipaserver/plugins/dns.py:3045 +msgid "DNS resource records" +msgstr "" + +#: ipaserver/plugins/dns.py:3052 +msgid "DNS Resource Records" +msgstr "" + +#: ipaserver/plugins/dns.py:3053 +msgid "DNS Resource Record" +msgstr "" + +#: ipaserver/plugins/dns.py:3088 +msgid "DS record must not be in zone apex (RFC 4035 section 2.4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3105 +msgid "" +"out-of-zone data: record name must be a subdomain of the zone or a relative " +"name" +msgstr "" + +#: ipaserver/plugins/dns.py:3116 +#, python-format +msgid "" +"owner of %(types)s records should not be a wildcard domain name (RFC 4592 " +"section 4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3161 +#, python-format +msgid "" +"Reverse zone %(name)s requires exactly %(count)d IP address components, " +"%(user_count)d given" +msgstr "" + +#: ipaserver/plugins/dns.py:3203 +msgid "only master zones can contain records" +msgstr "" + +#: ipaserver/plugins/dns.py:3301 +msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)" +msgstr "" + +#: ipaserver/plugins/dns.py:3307 +msgid "" +"CNAME record is not allowed to coexist with any other record (RFC 1034, " +"section 3.6.2)" +msgstr "" + +#: ipaserver/plugins/dns.py:3315 +msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3331 +#, python-format +msgid "" +"NS record is not allowed to coexist with an %(type)s record except when " +"located in a zone root record (RFC 2181, section 6.1)" +msgstr "" + +#: ipaserver/plugins/dns.py:3347 +msgid "" +"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC " +"4035 section 2.4)" +msgstr "" + +#: ipaserver/plugins/dns.py:3628 +#, python-format +msgid "Raw value of a DNS record was already set by \"%(name)s\" option" +msgstr "" + +#: ipaserver/plugins/dns.py:3754 +msgid "DNS zone root record cannot be renamed" +msgstr "" + +#: ipaserver/plugins/dns.py:3772 +msgid "DNS records can be only updated one at a time" +msgstr "" + +#: ipaserver/plugins/dns.py:3865 +#, python-format +msgid "Deleted record \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:3958 +#, python-format +msgid "Zone record '%s' cannot be deleted" +msgstr "" + +#: ipaserver/plugins/dns.py:4060 +#, python-format +msgid "Found '%(value)s'" +msgstr "" + +#: ipaserver/plugins/dns.py:4075 +#, python-format +msgid "Host '%(host)s' not found" +msgstr "" + +#: ipaserver/plugins/dns.py:4106 +msgid "DNS configuration options" +msgstr "" + +#: ipaserver/plugins/dns.py:4111 ipaserver/plugins/dns.py:4112 +msgid "DNS Global Configuration" +msgstr "" + +#: ipaserver/plugins/dns.py:4143 +msgid "IPA DNS version" +msgstr "" + +#: ipaserver/plugins/dns.py:4148 +msgid "List of IPA masters configured as DNS servers" +msgstr "" + +#: ipaserver/plugins/dns.py:4154 +msgid "IPA server configured as DNSSec key master" +msgstr "" + +#: ipaserver/plugins/dns.py:4205 +msgid "Global DNS configuration is empty" +msgstr "" + +#: ipaserver/plugins/dns.py:4286 +msgid "DNS forward zone" +msgstr "" + +#: ipaserver/plugins/dns.py:4287 +msgid "DNS forward zones" +msgstr "" + +#: ipaserver/plugins/dns.py:4289 +msgid "DNS Forward Zones" +msgstr "" + +#: ipaserver/plugins/dns.py:4290 +msgid "DNS Forward Zone" +msgstr "" + +#: ipaserver/plugins/dns.py:4397 ipaserver/plugins/dns.py:4447 +msgid "Please specify forwarders." +msgstr "" + +#: ipaserver/plugins/dns.py:4416 +#, python-format +msgid "Deleted DNS forward zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:4473 +#, python-format +msgid "Disabled DNS forward zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:4479 +#, python-format +msgid "Enabled DNS forward zone \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/dns.py:4502 +msgid "IPA DNS records" +msgstr "" + +#: ipaserver/plugins/dns.py:4506 +msgid "IPA location records" +msgstr "" + +#: ipaserver/plugins/dns.py:4513 +msgid "Update location and IPA server DNS records" +msgstr "" + +#: ipaserver/plugins/dns.py:4524 +msgid "Result of the command" +msgstr "" + +#: ipaserver/plugins/dns.py:4531 +msgid "Dry run" +msgstr "" + +#: ipaserver/plugins/dns.py:4532 +msgid "Do not update records only return expected records" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:108 +msgid "The deny type has been deprecated." +msgstr "" + +#: ipaserver/plugins/hbacrule.py:131 +msgid "HBAC rules" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:201 +msgid "HBAC Rules" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:302 +#, python-format +msgid "Added HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:316 +#, python-format +msgid "Deleted HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:333 +#, python-format +msgid "Modified HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:368 +#, python-format +msgid "%(count)d HBAC rule matched" +msgid_plural "%(count)d HBAC rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/hbacrule.py:383 +#, python-format +msgid "Enabled HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:413 +#, python-format +msgid "Disabled HBAC rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:447 ipaserver/plugins/hbacrule.py:478 +msgid "Access time" +msgstr "" + +#: ipaserver/plugins/hbacrule.py:565 +msgid "Add source hosts and hostgroups to an HBAC rule." +msgstr "" + +#: ipaserver/plugins/host.py:74 +msgid "" +"\n" +"Hosts/Machines\n" +"\n" +"A host represents a machine. It can be used in a number of contexts:\n" +"- service entries are associated with a host\n" +"- a host stores the host/ service principal\n" +"- a host can be used in Host-based Access Control (HBAC) rules\n" +"- every enrolled client generates a host entry\n" +msgstr "" + +#: ipaserver/plugins/host.py:82 +msgid "" +"\n" +"ENROLLMENT:\n" +"\n" +"There are three enrollment scenarios when enrolling a new client:\n" +"\n" +"1. You are enrolling as a full administrator. The host entry may exist\n" +" or not. A full administrator is a member of the hostadmin role\n" +" or the admins group.\n" +"2. You are enrolling as a limited administrator. The host must already\n" +" exist. A limited administrator is a member a role with the\n" +" Host Enrollment privilege.\n" +"3. The host has been created with a one-time password.\n" +msgstr "" + +#: ipaserver/plugins/host.py:94 +msgid "" +"\n" +"RE-ENROLLMENT:\n" +"\n" +"Host that has been enrolled at some point, and lost its configuration (e.g. " +"VM\n" +"destroyed) can be re-enrolled.\n" +"\n" +"For more information, consult the manual pages for ipa-client-install.\n" +"\n" +"A host can optionally store information such as where it is located,\n" +"the OS that it runs, etc.\n" +msgstr "" + +#: ipaserver/plugins/host.py:106 +msgid "" +"\n" +" Add a new host:\n" +" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." +"com\n" +msgstr "" + +#: ipaserver/plugins/host.py:109 +msgid "" +"\n" +" Delete a host:\n" +" ipa host-del test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:112 +msgid "" +"\n" +" Add a new host with a one-time password:\n" +" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:115 +msgid "" +"\n" +" Add a new host with a random one-time password:\n" +" ipa host-add --os='Fedora 12' --random test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:118 +msgid "" +"\n" +" Modify information about a host:\n" +" ipa host-mod --os='Fedora 12' test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:121 +msgid "" +"\n" +" Remove SSH public keys of a host and update DNS to reflect this change:\n" +" ipa host-mod --sshpubkey= --updatedns test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:124 +msgid "" +"\n" +" Disable the host Kerberos key, SSL certificate and all of its services:\n" +" ipa host-disable test.example.com\n" +msgstr "" + +#: ipaserver/plugins/host.py:127 +msgid "" +"\n" +" Add a host that can manage this host's keytab and certificate:\n" +" ipa host-add-managedby --hosts=test2 test\n" +msgstr "" + +#: ipaserver/plugins/host.py:130 +msgid "" +"\n" +" Allow user to create a keytab:\n" +" ipa host-allow-create-keytab test2 --users=tuser1\n" +msgstr "" + +#: ipaserver/plugins/host.py:462 ipaserver/plugins/internal.py:1172 +#: ipaserver/plugins/internal.py:1294 +msgid "Host" +msgstr "" + +#: ipaserver/plugins/host.py:514 +msgid "Base-64 encoded host certificate" +msgstr "" + +#: ipaserver/plugins/host.py:521 ipaserver/plugins/internal.py:697 +#: ipaserver/plugins/service.py:528 +msgid "Serial Number" +msgstr "" + +#: ipaserver/plugins/host.py:525 ipaserver/plugins/internal.py:698 +#: ipaserver/plugins/service.py:532 +msgid "Serial Number (hex)" +msgstr "" + +#: ipaserver/plugins/host.py:533 ipaserver/plugins/service.py:540 +#: ipaserver/plugins/cert.py:431 +msgid "Not Before" +msgstr "" + +#: ipaserver/plugins/host.py:537 ipaserver/plugins/service.py:544 +#: ipaserver/plugins/cert.py:436 +msgid "Not After" +msgstr "" + +#: ipaserver/plugins/host.py:541 ipaserver/plugins/service.py:548 +#: ipaserver/plugins/cert.py:441 +msgid "Fingerprint (SHA1)" +msgstr "" + +#: ipaserver/plugins/host.py:545 ipaserver/plugins/service.py:552 +#: ipaserver/plugins/cert.py:446 +msgid "Fingerprint (SHA256)" +msgstr "" + +#: ipaserver/plugins/host.py:549 ipaserver/plugins/internal.py:651 +#: ipaserver/plugins/internal.py:692 ipaserver/plugins/service.py:556 +#: ipaserver/plugins/cert.py:1280 +msgid "Revocation reason" +msgstr "" + +#: ipaserver/plugins/host.py:597 ipaserver/plugins/service.py:570 +msgid "Authentication Indicators" +msgstr "" + +#: ipaserver/plugins/host.py:598 +msgid "" +"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" +"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " +"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " +"'hardened' to allow brute-force hardened password authentication by SPAKE or " +"FAST. Use 'idp' to allow External Identity Provider authentications. With no " +"indicator specified, all authentication mechanisms are allowed." +msgstr "" + +#: ipaserver/plugins/host.py:670 +#, python-format +msgid "Added host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:794 +#, python-format +msgid "Deleted host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:799 +msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS" +msgstr "" + +#: ipaserver/plugins/host.py:871 +msgid "No A, AAAA, SSHFP or PTR records found." +msgstr "" + +#: ipaserver/plugins/host.py:887 +#, python-format +msgid "Modified host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:908 +msgid "Password cannot be set on enrolled host." +msgstr "" + +#: ipaserver/plugins/host.py:912 +msgid "cn is immutable" +msgstr "" + +#: ipaserver/plugins/host.py:1037 +#, python-format +msgid "%(count)d host matched" +msgid_plural "%(count)d hosts matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/host.py:1192 +#, python-format +msgid "Disabled host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1361 +#, python-format +msgid "Added certificates to host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1368 +#, python-format +msgid "Removed certificates from host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1384 +msgid "Add new principal alias to host entry" +msgstr "" + +#: ipaserver/plugins/host.py:1385 +#, python-format +msgid "Added new aliases to host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/host.py:1396 +msgid "Remove principal alias from a host entry" +msgstr "" + +#: ipaserver/plugins/host.py:1397 +#, python-format +msgid "Removed aliases from host \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idp.py:24 +msgid "" +"\n" +"External Identity Provider Servers\n" +msgstr "" + +#: ipaserver/plugins/idp.py:26 +msgid "" +"\n" +"Manage External Identity Provider Servers.\n" +msgstr "" + +#: ipaserver/plugins/idp.py:28 +msgid "" +"\n" +"IPA supports the use of an external Identity Provider for Oauth2.0 Device " +"Flow\n" +"authentication.\n" +msgstr "" + +#: ipaserver/plugins/idp.py:33 +msgid "" +"\n" +" Add a new external Identity Provider server:\n" +" ipa idp-add MyIdP --client-id jhkQty13 --auth-uri https://oauth2." +"idp.com/auth --token-uri https://oauth2.idp.com/token --secret\n" +msgstr "" + +#: ipaserver/plugins/idp.py:38 +msgid "" +"\n" +" Add a new external Identity Provider server using github predefined " +"endpoints:\n" +" ipa idp-add MyIdp --client-id jhkQty13 --provider github --secret\n" +msgstr "" + +#: ipaserver/plugins/idp.py:41 +msgid "" +"\n" +" Find all external Identity Provider servers whose entries include the " +"string\n" +" \"test.com\":\n" +" ipa idp-find test.com\n" +msgstr "" + +#: ipaserver/plugins/idp.py:45 +msgid "" +"\n" +" Examine the configuration of an external Identity Provider server:\n" +" ipa idp-show MyIdP\n" +msgstr "" + +#: ipaserver/plugins/idp.py:48 +msgid "" +"\n" +" Change the secret:\n" +" ipa idp-mod MyIdP --secret\n" +msgstr "" + +#: ipaserver/plugins/idp.py:51 +msgid "" +"\n" +" Delete an external Identity Provider server:\n" +" ipa idp-del MyIdP\n" +msgstr "" + +#: ipaserver/plugins/idp.py:69 +msgid "Invalid URI: not an https scheme" +msgstr "" + +#: ipaserver/plugins/idp.py:72 +msgid "Invalid URI: missing netloc" +msgstr "" + +#: ipaserver/plugins/idp.py:83 ipaserver/plugins/idp.py:99 +msgid "Identity Provider server" +msgstr "" + +#: ipaserver/plugins/idp.py:84 ipaserver/plugins/idp.py:98 +msgid "Identity Provider servers" +msgstr "" + +#: ipaserver/plugins/idp.py:104 +msgid "Identity Provider server name" +msgstr "" + +#: ipaserver/plugins/idp.py:110 +msgid "Authorization URI" +msgstr "" + +#: ipaserver/plugins/idp.py:111 +msgid "OAuth 2.0 authorization endpoint" +msgstr "" + +#: ipaserver/plugins/idp.py:116 +msgid "Device authorization URI" +msgstr "" + +#: ipaserver/plugins/idp.py:117 +msgid "Device authorization endpoint" +msgstr "" + +#: ipaserver/plugins/idp.py:122 +msgid "Token URI" +msgstr "" + +#: ipaserver/plugins/idp.py:123 +msgid "Token endpoint" +msgstr "" + +#: ipaserver/plugins/idp.py:128 +msgid "User info URI" +msgstr "" + +#: ipaserver/plugins/idp.py:129 +msgid "User information endpoint" +msgstr "" + +#: ipaserver/plugins/idp.py:134 +msgid "JWKS URI" +msgstr "" + +#: ipaserver/plugins/idp.py:135 +msgid "JWKS endpoint" +msgstr "" + +#: ipaserver/plugins/idp.py:139 +msgid "OIDC URL" +msgstr "" + +#: ipaserver/plugins/idp.py:141 +msgid "The Identity Provider OIDC URL" +msgstr "" + +#: ipaserver/plugins/idp.py:145 +msgid "Client identifier" +msgstr "" + +#: ipaserver/plugins/idp.py:147 +msgid "OAuth 2.0 client identifier" +msgstr "" + +#: ipaserver/plugins/idp.py:152 +msgid "OAuth 2.0 client secret" +msgstr "" + +#: ipaserver/plugins/idp.py:158 +msgid "Scope" +msgstr "" + +#: ipaserver/plugins/idp.py:159 +msgid "OAuth 2.0 scope. Multiple scopes separated by space" +msgstr "" + +#: ipaserver/plugins/idp.py:163 +msgid "External IdP user identifier attribute" +msgstr "" + +#: ipaserver/plugins/idp.py:164 +msgid "Attribute for user identity in OAuth 2.0 userinfo" +msgstr "" + +#: ipaserver/plugins/idp.py:228 +msgid "Add a new Identity Provider server." +msgstr "" + +#: ipaserver/plugins/idp.py:229 +#, python-format +msgid "Added Identity Provider server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idp.py:308 +msgid "IdP provider template" +msgstr "" + +#: ipaserver/plugins/idp.py:309 +msgid "Choose a pre-defined template to use" +msgstr "" + +#: ipaserver/plugins/idp.py:315 ipaserver/plugins/internal.py:680 +msgid "Organization" +msgstr "" + +#: ipaserver/plugins/idp.py:316 +msgid "Organization ID or Realm name for IdP provider templates" +msgstr "" + +#: ipaserver/plugins/idp.py:320 +msgid "Base URL" +msgstr "" + +#: ipaserver/plugins/idp.py:321 +msgid "Base URL for IdP provider templates" +msgstr "" + +#: ipaserver/plugins/idp.py:335 +msgid "unknown provider" +msgstr "" + +#: ipaserver/plugins/idp.py:350 +msgid "value is missing" +msgstr "" + +#: ipaserver/plugins/idp.py:381 +msgid "cannot specify both individual endpoints and IdP provider" +msgstr "" + +#: ipaserver/plugins/idp.py:412 +msgid "Delete an Identity Provider server." +msgstr "" + +#: ipaserver/plugins/idp.py:413 +#, python-format +msgid "Deleted Identity Provider server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idp.py:418 +msgid "Modify an Identity Provider server." +msgstr "" + +#: ipaserver/plugins/idp.py:419 +#, python-format +msgid "Modified Identity Provider server \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idp.py:424 +msgid "Search for Identity Provider servers." +msgstr "" + +#: ipaserver/plugins/idp.py:426 +#, python-format +msgid "%(count)d Identity Provider server matched" +msgid_plural "%(count)d Identity Provider servers matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idp.py:441 +msgid "Display information about an Identity Provider server." +msgstr "" + +#: ipaserver/plugins/internal.py:151 +msgid "Internationalization messages" +msgstr "" + +#: ipaserver/plugins/internal.py:157 +msgid "Your session has expired. Please log in again." +msgstr "" + +#: ipaserver/plugins/internal.py:161 ipaserver/plugins/internal.py:206 +msgid "Apply" +msgstr "" + +#: ipaserver/plugins/internal.py:162 +msgid "Rebuild auto membership" +msgstr "" + +#: ipaserver/plugins/internal.py:163 +msgid "Are you sure you want to rebuild auto membership?" +msgstr "" + +#: ipaserver/plugins/internal.py:165 +msgid "Are you sure you want to proceed with the action?" +msgstr "" + +#: ipaserver/plugins/internal.py:166 +#, python-brace-format +msgid "Are you sure you want to delete ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:167 +#, python-brace-format +msgid "Are you sure you want to disable ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:168 +#, python-brace-format +msgid "Are you sure you want to enable ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:169 +msgid "Actions" +msgstr "" + +#: ipaserver/plugins/internal.py:172 ipaserver/plugins/internal.py:201 +#: ipaserver/plugins/internal.py:263 +msgid "Add" +msgstr "" + +#: ipaserver/plugins/internal.py:173 +#, python-brace-format +msgid "${count} item(s) added" +msgstr "" + +#: ipaserver/plugins/internal.py:174 +msgid "Direct Membership" +msgstr "" + +#: ipaserver/plugins/internal.py:175 +#, python-brace-format +msgid "Filter available ${other_entity}" +msgstr "" + +#: ipaserver/plugins/internal.py:176 +msgid "Indirect Membership" +msgstr "" + +#: ipaserver/plugins/internal.py:177 +msgid "No entries." +msgstr "" + +#: ipaserver/plugins/internal.py:178 +#, python-brace-format +msgid "Showing ${start} to ${end} of ${total} entries." +msgstr "" + +#: ipaserver/plugins/internal.py:179 ipaserver/plugins/internal.py:278 +msgid "Remove" +msgstr "" + +#: ipaserver/plugins/internal.py:180 +#, python-brace-format +msgid "${count} item(s) removed" +msgstr "" + +#: ipaserver/plugins/internal.py:181 +msgid "Show Results" +msgstr "" + +#: ipaserver/plugins/internal.py:184 +msgid "Authentication indicators" +msgstr "" + +#: ipaserver/plugins/internal.py:185 +msgid "Authentication indicator" +msgstr "" + +#: ipaserver/plugins/internal.py:186 +msgid "" +"

Implicit method (password) will be used if no method is chosen.

Password + Two-factor: LDAP and Kerberos allow " +"authentication with either one of the authentication types but Kerberos uses " +"pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " +"but LDAP never does. LDAP only recognize the password and two-factor " +"authentication options.

" +msgstr "" + +#: ipaserver/plugins/internal.py:187 +msgid "Add Custom Authentication Indicator" +msgstr "" + +#: ipaserver/plugins/internal.py:189 +msgid "Two factor authentication (password + OTP)" +msgstr "" + +#: ipaserver/plugins/internal.py:191 +msgid "RADIUS" +msgstr "" + +#: ipaserver/plugins/internal.py:193 +msgid "Hardened Password (by SPAKE or FAST)" +msgstr "" + +#: ipaserver/plugins/internal.py:194 +msgid "External Identity Provider" +msgstr "" + +#: ipaserver/plugins/internal.py:195 +msgid "Disable per-user override" +msgstr "" + +#: ipaserver/plugins/internal.py:196 +msgid "" +"

Per-user setting, overwrites the global setting if any option is checked." +"

Password + Two-factor: LDAP and Kerberos allow " +"authentication with either one of the authentication types but Kerberos uses " +"pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " +"but LDAP never does. LDAP only recognize the password and two-factor " +"authentication options.

" +msgstr "" + +#: ipaserver/plugins/internal.py:199 ipaserver/plugins/internal.py:273 +#: ipaserver/plugins/internal.py:1739 +msgid "About" +msgstr "" + +#: ipaserver/plugins/internal.py:200 +msgid "Activate" +msgstr "" + +#: ipaserver/plugins/internal.py:202 +msgid "Add and Add Another" +msgstr "" + +#: ipaserver/plugins/internal.py:203 +msgid "Add and Close" +msgstr "" + +#: ipaserver/plugins/internal.py:204 +msgid "Add and Edit" +msgstr "" + +#: ipaserver/plugins/internal.py:205 +msgid "Add Many" +msgstr "" + +#: ipaserver/plugins/internal.py:207 +msgid "Back" +msgstr "" + +#: ipaserver/plugins/internal.py:208 +msgid "Cancel" +msgstr "" + +#: ipaserver/plugins/internal.py:209 +msgid "Clear" +msgstr "" + +#: ipaserver/plugins/internal.py:210 +msgid "Clear all fields on the page." +msgstr "" + +#: ipaserver/plugins/internal.py:211 +msgid "Close" +msgstr "" + +#: ipaserver/plugins/internal.py:212 ipaserver/plugins/internal.py:1943 +msgid "Disable" +msgstr "" + +#: ipaserver/plugins/internal.py:213 ipaserver/plugins/internal.py:644 +msgid "Download" +msgstr "" + +#: ipaserver/plugins/internal.py:214 +msgid "Download certificate as PEM formatted file." +msgstr "" + +#: ipaserver/plugins/internal.py:215 +msgid "Edit" +msgstr "" + +#: ipaserver/plugins/internal.py:216 ipaserver/plugins/internal.py:1945 +msgid "Enable" +msgstr "" + +#: ipaserver/plugins/internal.py:218 +msgid "Find" +msgstr "" + +#: ipaserver/plugins/internal.py:219 +msgid "Get" +msgstr "" + +#: ipaserver/plugins/internal.py:220 +msgid "Hide" +msgstr "" + +#: ipaserver/plugins/internal.py:221 +msgid "Issue" +msgstr "" + +#: ipaserver/plugins/internal.py:222 +msgid "Match" +msgstr "" + +#: ipaserver/plugins/internal.py:223 +msgid "Match users according to certificate." +msgstr "" + +#: ipaserver/plugins/internal.py:224 +msgid "Migrate" +msgstr "" + +#: ipaserver/plugins/internal.py:225 +msgid "OK" +msgstr "" + +#: ipaserver/plugins/internal.py:226 +msgid "Refresh" +msgstr "" + +#: ipaserver/plugins/internal.py:227 +msgid "Reload current settings from the server." +msgstr "" + +#: ipaserver/plugins/internal.py:228 +msgid "Delete" +msgstr "" + +#: ipaserver/plugins/internal.py:229 ipaserver/plugins/internal.py:685 +msgid "Remove hold" +msgstr "" + +#: ipaserver/plugins/internal.py:230 +msgid "Reset" +msgstr "" + +#: ipaserver/plugins/internal.py:231 ipaserver/plugins/internal.py:1732 +msgid "Reset Password" +msgstr "" + +#: ipaserver/plugins/internal.py:232 +msgid "Reset Password and Log in" +msgstr "" + +#: ipaserver/plugins/internal.py:233 +msgid "Restore" +msgstr "" + +#: ipaserver/plugins/internal.py:234 +msgid "Retry" +msgstr "" + +#: ipaserver/plugins/internal.py:235 +msgid "Revert" +msgstr "" + +#: ipaserver/plugins/internal.py:237 +msgid "Revoke" +msgstr "" + +#: ipaserver/plugins/internal.py:238 +msgid "Save" +msgstr "" + +#: ipaserver/plugins/internal.py:239 +msgid "Set" +msgstr "" + +#: ipaserver/plugins/internal.py:240 +msgid "Show" +msgstr "" + +#: ipaserver/plugins/internal.py:241 +msgid "Stage" +msgstr "" + +#: ipaserver/plugins/internal.py:243 +msgid "Update" +msgstr "" + +#: ipaserver/plugins/internal.py:244 +msgid "View" +msgstr "" + +#: ipaserver/plugins/internal.py:247 ipaserver/plugins/internal.py:1740 +msgid "Customization" +msgstr "" + +#: ipaserver/plugins/internal.py:248 +msgid "Pagination Size" +msgstr "" + +#: ipaserver/plugins/internal.py:251 +msgid "Collapse All" +msgstr "" + +#: ipaserver/plugins/internal.py:252 +msgid "Expand All" +msgstr "" + +#: ipaserver/plugins/internal.py:253 +msgid "General" +msgstr "" + +#: ipaserver/plugins/internal.py:254 +msgid "Identity Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:255 +msgid "Record Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:256 +#, python-brace-format +msgid "${entity} ${primary_key} Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:257 +msgid "Back to Top" +msgstr "" + +#: ipaserver/plugins/internal.py:258 +#, python-brace-format +msgid "${entity} ${primary_key} updated" +msgstr "" + +#: ipaserver/plugins/internal.py:261 +#, python-brace-format +msgid "${entity} successfully added" +msgstr "" + +#: ipaserver/plugins/internal.py:262 +msgid "Add custom value" +msgstr "" + +#: ipaserver/plugins/internal.py:264 +msgid "Available" +msgstr "" + +#: ipaserver/plugins/internal.py:265 +msgid "Some operations failed." +msgstr "" + +#: ipaserver/plugins/internal.py:266 +msgid "Operations Error" +msgstr "" + +#: ipaserver/plugins/internal.py:267 +msgid "Confirmation" +msgstr "" + +#: ipaserver/plugins/internal.py:268 +msgid "Custom value" +msgstr "" + +#: ipaserver/plugins/internal.py:269 +msgid "This page has unsaved changes. Please save or revert." +msgstr "" + +#: ipaserver/plugins/internal.py:270 +msgid "Unsaved Changes" +msgstr "" + +#: ipaserver/plugins/internal.py:271 +#, python-brace-format +msgid "Edit ${entity}" +msgstr "" + +#: ipaserver/plugins/internal.py:272 +msgid "Hide details" +msgstr "" + +#: ipaserver/plugins/internal.py:274 +#, python-brace-format +msgid "${product}, version: ${version}" +msgstr "" + +#: ipaserver/plugins/internal.py:275 +msgid "Prospective" +msgstr "" + +#: ipaserver/plugins/internal.py:276 +msgid "Redirection" +msgstr "" + +#: ipaserver/plugins/internal.py:277 +msgid "Select entries to be removed." +msgstr "" + +#: ipaserver/plugins/internal.py:279 +msgid "Result" +msgstr "" + +#: ipaserver/plugins/internal.py:280 +msgid "Show details" +msgstr "" + +#: ipaserver/plugins/internal.py:281 +msgid "Success" +msgstr "" + +#: ipaserver/plugins/internal.py:282 +msgid "Validation error" +msgstr "" + +#: ipaserver/plugins/internal.py:283 +msgid "Input form contains invalid or missing values." +msgstr "" + +#: ipaserver/plugins/internal.py:286 +msgid "Please try the following options:" +msgstr "" + +#: ipaserver/plugins/internal.py:287 +msgid "If the problem persists please contact the system administrator." +msgstr "" + +#: ipaserver/plugins/internal.py:288 +msgid "Refresh the page." +msgstr "" + +#: ipaserver/plugins/internal.py:289 +msgid "Reload the browser." +msgstr "" + +#: ipaserver/plugins/internal.py:290 +msgid "Return to the main page and retry the operation" +msgstr "" + +#: ipaserver/plugins/internal.py:291 +#, python-brace-format +msgid "An error has occurred (${error})" +msgstr "" + +#: ipaserver/plugins/internal.py:295 +msgid "HTTP Error" +msgstr "" + +#: ipaserver/plugins/internal.py:296 +msgid "Internal Error" +msgstr "" + +#: ipaserver/plugins/internal.py:297 +msgid "IPA Error" +msgstr "" + +#: ipaserver/plugins/internal.py:298 +msgid "No response" +msgstr "" + +#: ipaserver/plugins/internal.py:299 +msgid "Unknown Error" +msgstr "" + +#: ipaserver/plugins/internal.py:300 +msgid "URL" +msgstr "" + +#: ipaserver/plugins/internal.py:303 +#, python-brace-format +msgid "${primary_key} is managed by:" +msgstr "" + +#: ipaserver/plugins/internal.py:304 +#, python-brace-format +msgid "${primary_key} members:" +msgstr "" + +#: ipaserver/plugins/internal.py:305 +#, python-brace-format +msgid "${primary_key} is a member of:" +msgstr "" + +#: ipaserver/plugins/internal.py:306 +#, python-brace-format +msgid "${primary_key} member managers:" +msgstr "" + +#: ipaserver/plugins/internal.py:309 +msgid "Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:310 ipaserver/plugins/internal.py:1753 +msgid "Search" +msgstr "" + +#: ipaserver/plugins/internal.py:312 +msgid "False" +msgstr "" + +#: ipaserver/plugins/internal.py:315 +#, python-brace-format +msgid "Allow user groups to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:318 +#, python-brace-format +msgid "Allow user groups to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:321 +#, python-brace-format +msgid "Allow host groups to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:324 +#, python-brace-format +msgid "Allow host groups to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:327 +#, python-brace-format +msgid "Allow hosts to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:330 +#, python-brace-format +msgid "Allow hosts to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:333 +#, python-brace-format +msgid "Allow users to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:336 +#, python-brace-format +msgid "Allow users to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:338 +msgid "Allowed to create keytab" +msgstr "" + +#: ipaserver/plugins/internal.py:339 +msgid "Allowed to retrieve keytab" +msgstr "" + +#: ipaserver/plugins/internal.py:341 +#, python-brace-format +msgid "Disallow user groups to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:344 +#, python-brace-format +msgid "Disallow user groups to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:347 +#, python-brace-format +msgid "Disallow host groups to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:350 +#, python-brace-format +msgid "Disallow host groups to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:353 +#, python-brace-format +msgid "Disallow hosts to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:356 +#, python-brace-format +msgid "Disallow hosts to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:359 +#, python-brace-format +msgid "Disallow users to create keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:362 +#, python-brace-format +msgid "Disallow users to retrieve keytab of '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:366 +msgid "Add Kerberos Principal Alias" +msgstr "" + +#: ipaserver/plugins/internal.py:367 +msgid "New kerberos principal alias" +msgstr "" + +#: ipaserver/plugins/internal.py:368 +msgid "Remove Kerberos Alias" +msgstr "" + +#: ipaserver/plugins/internal.py:369 +#, python-brace-format +msgid "Do you want to remove kerberos alias ${alias}?" +msgstr "" + +#: ipaserver/plugins/internal.py:372 +msgid "Inherited from server configuration" +msgstr "" + +#: ipaserver/plugins/internal.py:373 +msgid "MS-PAC" +msgstr "" + +#: ipaserver/plugins/internal.py:374 +msgid "Override inherited settings" +msgstr "" + +#: ipaserver/plugins/internal.py:375 +msgid "PAD" +msgstr "" + +#: ipaserver/plugins/internal.py:378 +msgid "Authenticating" +msgstr "" + +#: ipaserver/plugins/internal.py:380 +msgid "Authentication with personal certificate failed" +msgstr "" + +#: ipaserver/plugins/internal.py:382 +msgid "" +" To log in with certificate, please make sure you have valid personal certificate. " +msgstr "" + +#: ipaserver/plugins/internal.py:386 +msgid "Continue to next page" +msgstr "" + +#: ipaserver/plugins/internal.py:388 +msgid "" +" To log in with username and " +"password, enter them in the corresponding fields, then click 'Log " +"in'." +msgstr "" + +#: ipaserver/plugins/internal.py:391 +msgid "Login failed due to an unknown reason" +msgstr "" + +#: ipaserver/plugins/internal.py:392 +msgid "Logged In As" +msgstr "" + +#: ipaserver/plugins/internal.py:393 +msgid "Authentication with Kerberos failed" +msgstr "" + +#: ipaserver/plugins/internal.py:395 +#, python-brace-format +msgid "" +" To log in with Kerberos, please make sure you have valid tickets (obtainable via kinit) and " +"configured the " +"browser correctly, then click 'Log in'." +msgstr "" + +#: ipaserver/plugins/internal.py:400 +msgid "Loading" +msgstr "" + +#: ipaserver/plugins/internal.py:402 +msgid "Kerberos Principal you entered is expired" +msgstr "" + +#: ipaserver/plugins/internal.py:403 +msgid "Loading data" +msgstr "" + +#: ipaserver/plugins/internal.py:404 +msgid "Log in" +msgstr "" + +#: ipaserver/plugins/internal.py:405 +msgid "Log In Using Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:406 +msgid "Log in using personal certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:407 ipaserver/plugins/internal.py:1741 +msgid "Log out" +msgstr "" + +#: ipaserver/plugins/internal.py:408 +msgid "Log out error" +msgstr "" + +#: ipaserver/plugins/internal.py:410 ipaserver/plugins/internal.py:1726 +msgid "Password or Password+One-Time Password" +msgstr "" + +#: ipaserver/plugins/internal.py:411 +#, python-brace-format +msgid "You will be redirected in ${count}s" +msgstr "" + +#: ipaserver/plugins/internal.py:412 +msgid "Sync OTP Token" +msgstr "" + +#: ipaserver/plugins/internal.py:413 +msgid "Synchronizing" +msgstr "" + +#: ipaserver/plugins/internal.py:415 +msgid "The user account you entered is locked" +msgstr "" + +#: ipaserver/plugins/internal.py:418 +msgid "number of passwords" +msgstr "" + +#: ipaserver/plugins/internal.py:419 +msgid "seconds" +msgstr "" + +#: ipaserver/plugins/internal.py:422 +msgid "Migrating" +msgstr "" + +#: ipaserver/plugins/internal.py:424 +msgid "There was a problem with your request. Please, try again later." +msgstr "" + +#: ipaserver/plugins/internal.py:427 +msgid "Password migration was not successful" +msgstr "" + +#: ipaserver/plugins/internal.py:429 +msgid "" +"

Password Migration

If you have been sent here by your " +"administrator, your personal information is being migrated to a new identity " +"management solution (IPA).

Please, enter your credentials in the form " +"to complete the process. Upon successful login your kerberos account will be " +"activated.

" +msgstr "" + +#: ipaserver/plugins/internal.py:436 ipaserver/plugins/internal.py:1708 +msgid "The password or username you entered is incorrect" +msgstr "" + +#: ipaserver/plugins/internal.py:437 +msgid "Password migration was successful" +msgstr "" + +#: ipaserver/plugins/internal.py:441 ipaserver/plugins/internal.py:526 +#: ipaserver/plugins/internal.py:1224 +msgid "Attribute" +msgstr "" + +#: ipaserver/plugins/internal.py:444 +msgid "Add delegation" +msgstr "" + +#: ipaserver/plugins/internal.py:445 +msgid "Remove delegations" +msgstr "" + +#: ipaserver/plugins/internal.py:448 ipaserver/plugins/internal.py:780 +msgid "Add permission" +msgstr "" + +#: ipaserver/plugins/internal.py:450 +#, python-brace-format +msgid "Add privileges into permission '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:452 +msgid "Remove permissions" +msgstr "" + +#: ipaserver/plugins/internal.py:454 +#, python-brace-format +msgid "Remove privileges from permission '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:458 +msgid "Add privilege" +msgstr "" + +#: ipaserver/plugins/internal.py:460 +#, python-brace-format +msgid "Add privilege '${primary_key}' into permissions" +msgstr "" + +#: ipaserver/plugins/internal.py:463 +#, python-brace-format +msgid "Add roles into privilege '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:465 +msgid "Remove privileges" +msgstr "" + +#: ipaserver/plugins/internal.py:467 +#, python-brace-format +msgid "Remove privilege '${primary_key}' from permissions" +msgstr "" + +#: ipaserver/plugins/internal.py:470 +#, python-brace-format +msgid "Remove roles from privilege '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:474 +msgid "Role Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:475 +msgid "Add role" +msgstr "" + +#: ipaserver/plugins/internal.py:477 +#, python-brace-format +msgid "Add user groups into role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:480 +#, python-brace-format +msgid "Add hosts into role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:483 +#, python-brace-format +msgid "Add host groups into role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:486 +#, python-brace-format +msgid "Add role '${primary_key}' into privileges" +msgstr "" + +#: ipaserver/plugins/internal.py:489 +#, python-brace-format +msgid "Add services into role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:492 +#, python-brace-format +msgid "Add users into role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:494 +msgid "Remove roles" +msgstr "" + +#: ipaserver/plugins/internal.py:496 +#, python-brace-format +msgid "Remove role '${primary_key}' from privileges" +msgstr "" + +#: ipaserver/plugins/internal.py:499 +#, python-brace-format +msgid "Remove user groups from role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:502 +#, python-brace-format +msgid "Remove hosts from role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:505 +#, python-brace-format +msgid "Remove host groups from role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:508 +#, python-brace-format +msgid "Remove services from role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:511 +#, python-brace-format +msgid "Remove users from role '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:515 +msgid "Add self service permission" +msgstr "" + +#: ipaserver/plugins/internal.py:516 +msgid "Remove self service permissions" +msgstr "" + +#: ipaserver/plugins/internal.py:519 +msgid "Add rule" +msgstr "" + +#: ipaserver/plugins/internal.py:521 +#, python-brace-format +msgid "Add inclusive condition into '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:524 +#, python-brace-format +msgid "Add exclusive condition into '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:528 +msgid "Are you sure you want to change default group?" +msgstr "" + +#: ipaserver/plugins/internal.py:530 +msgid "Default host group" +msgstr "" + +#: ipaserver/plugins/internal.py:531 +msgid "Default user group" +msgstr "" + +#: ipaserver/plugins/internal.py:532 +msgid "Exclusive" +msgstr "" + +#: ipaserver/plugins/internal.py:533 +msgid "Expression" +msgstr "" + +#: ipaserver/plugins/internal.py:534 +msgid "Host group rule" +msgstr "" + +#: ipaserver/plugins/internal.py:535 +msgid "Host group rules" +msgstr "" + +#: ipaserver/plugins/internal.py:536 +msgid "Inclusive" +msgstr "" + +#: ipaserver/plugins/internal.py:537 +msgid "Remove auto membership rules" +msgstr "" + +#: ipaserver/plugins/internal.py:539 +#, python-brace-format +msgid "Remove exclusive conditions from rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:542 +#, python-brace-format +msgid "Remove inclusive conditions from rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:544 +msgid "User group rule" +msgstr "" + +#: ipaserver/plugins/internal.py:545 +msgid "User group rules" +msgstr "" + +#: ipaserver/plugins/internal.py:548 +msgid "Add automount key" +msgstr "" + +#: ipaserver/plugins/internal.py:549 +msgid "Remove automount keys" +msgstr "" + +#: ipaserver/plugins/internal.py:552 +msgid "Add automount location" +msgstr "" + +#: ipaserver/plugins/internal.py:553 +msgid "Automount Location Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:554 +msgid "Remove automount locations" +msgstr "" + +#: ipaserver/plugins/internal.py:557 +msgid "Add automount map" +msgstr "" + +#: ipaserver/plugins/internal.py:558 +msgid "Map Type" +msgstr "" + +#: ipaserver/plugins/internal.py:559 +msgid "Direct" +msgstr "" + +#: ipaserver/plugins/internal.py:560 +msgid "Indirect" +msgstr "" + +#: ipaserver/plugins/internal.py:561 +msgid "Remove automount maps" +msgstr "" + +#: ipaserver/plugins/internal.py:564 +msgid "Add certificate authority" +msgstr "" + +#: ipaserver/plugins/internal.py:565 +msgid "Remove certificate authorities" +msgstr "" + +#: ipaserver/plugins/internal.py:568 +msgid "Add CA ACL" +msgstr "" + +#: ipaserver/plugins/internal.py:570 +#, python-brace-format +msgid "Add Certificate Authorities into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:574 +#, python-brace-format +msgid "Add user groups into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:577 +#, python-brace-format +msgid "Add host groups into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:580 +#, python-brace-format +msgid "Add hosts into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:583 +#, python-brace-format +msgid "Add certificate profiles into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:586 +#, python-brace-format +msgid "Add services into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:589 +#, python-brace-format +msgid "Add users into CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:591 +msgid "All" +msgstr "" + +#: ipaserver/plugins/internal.py:592 +msgid "Any CA" +msgstr "" + +#: ipaserver/plugins/internal.py:593 ipaserver/plugins/internal.py:902 +#: ipaserver/plugins/internal.py:1169 ipaserver/plugins/internal.py:1292 +#: ipaserver/plugins/internal.py:1461 +msgid "Any Host" +msgstr "" + +#: ipaserver/plugins/internal.py:594 ipaserver/plugins/internal.py:903 +msgid "Any Service" +msgstr "" + +#: ipaserver/plugins/internal.py:595 +msgid "Any Profile" +msgstr "" + +#: ipaserver/plugins/internal.py:596 ipaserver/plugins/internal.py:904 +#: ipaserver/plugins/internal.py:1170 ipaserver/plugins/internal.py:1293 +#: ipaserver/plugins/internal.py:1462 +msgid "Anyone" +msgstr "" + +#: ipaserver/plugins/internal.py:597 ipaserver/plugins/internal.py:906 +#: ipaserver/plugins/internal.py:1467 +msgid "Rule status" +msgstr "" + +#: ipaserver/plugins/internal.py:598 +msgid "If no CAs are specified, requests to the default CA are allowed." +msgstr "" + +#: ipaserver/plugins/internal.py:600 +msgid "Remove CA ACLs" +msgstr "" + +#: ipaserver/plugins/internal.py:602 +#, python-brace-format +msgid "Remove Certificate Authorities from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:606 +#, python-brace-format +msgid "Remove user groups from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:609 +#, python-brace-format +msgid "Remove host groups from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:612 +#, python-brace-format +msgid "Remove hosts from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:615 +#, python-brace-format +msgid "Remove certificate profiles from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:618 +#, python-brace-format +msgid "Remove services from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:621 +#, python-brace-format +msgid "Remove users from CA ACL '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:623 +msgid "Specified CAs" +msgstr "" + +#: ipaserver/plugins/internal.py:624 ipaserver/plugins/internal.py:928 +#: ipaserver/plugins/internal.py:1196 ipaserver/plugins/internal.py:1308 +#: ipaserver/plugins/internal.py:1512 +msgid "Specified Hosts and Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:625 +msgid "Specified Profiles" +msgstr "" + +#: ipaserver/plugins/internal.py:626 ipaserver/plugins/internal.py:929 +msgid "Specified Services and Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:627 ipaserver/plugins/internal.py:930 +#: ipaserver/plugins/internal.py:1197 ipaserver/plugins/internal.py:1309 +#: ipaserver/plugins/internal.py:1513 +msgid "Specified Users and Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:628 +msgid "Permitted to have certificates issued" +msgstr "" + +#: ipaserver/plugins/internal.py:631 +msgid "Remove certificate profiles" +msgstr "" + +#: ipaserver/plugins/internal.py:634 +msgid "AA Compromise" +msgstr "" + +#: ipaserver/plugins/internal.py:635 +msgid "Add principal" +msgstr "" + +#: ipaserver/plugins/internal.py:636 +msgid "Affiliation Changed" +msgstr "" + +#: ipaserver/plugins/internal.py:637 ipaserver/plugins/ca.py:351 +#: ipaserver/plugins/ca.py:360 ipaserver/plugins/ca.py:379 +#: ipaserver/plugins/ca.py:419 +msgid "CA" +msgstr "" + +#: ipaserver/plugins/internal.py:638 +msgid "CA Compromise" +msgstr "" + +#: ipaserver/plugins/internal.py:640 ipaserver/plugins/internal.py:1955 +msgid "Certificates" +msgstr "" + +#: ipaserver/plugins/internal.py:641 +msgid "Certificate Hold" +msgstr "" + +#: ipaserver/plugins/internal.py:642 +msgid "Cessation of Operation" +msgstr "" + +#: ipaserver/plugins/internal.py:643 +msgid "Common Name" +msgstr "" + +#: ipaserver/plugins/internal.py:645 +msgid "the certificate with serial number " +msgstr "" + +#: ipaserver/plugins/internal.py:646 +msgid "Expires On" +msgstr "" + +#: ipaserver/plugins/internal.py:647 +msgid "Issued on from" +msgstr "" + +#: ipaserver/plugins/internal.py:648 +msgid "Issued on to" +msgstr "" + +#: ipaserver/plugins/internal.py:649 +msgid "Maximum serial number" +msgstr "" + +#: ipaserver/plugins/internal.py:650 +msgid "Minimum serial number" +msgstr "" + +#: ipaserver/plugins/internal.py:652 +msgid "Revoked on from" +msgstr "" + +#: ipaserver/plugins/internal.py:653 +msgid "Revoked on to" +msgstr "" + +#: ipaserver/plugins/internal.py:655 +msgid "Valid not after from" +msgstr "" + +#: ipaserver/plugins/internal.py:656 +msgid "Valid not after to" +msgstr "" + +#: ipaserver/plugins/internal.py:657 +msgid "Valid not before from" +msgstr "" + +#: ipaserver/plugins/internal.py:658 +msgid "Valid not before to" +msgstr "" + +#: ipaserver/plugins/internal.py:659 +msgid "Fingerprints" +msgstr "" + +#: ipaserver/plugins/internal.py:660 +msgid "Get Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:661 +msgid "Certificate Hold Removed" +msgstr "" + +#: ipaserver/plugins/internal.py:663 +#, python-brace-format +msgid "Issue new certificate for host '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:666 +#, python-brace-format +msgid "Issue new certificate for service '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:669 +#, python-brace-format +msgid "Issue new certificate for user '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:671 +msgid "Issue new certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:672 +msgid "Issued By" +msgstr "" + +#: ipaserver/plugins/internal.py:673 +msgid "Issued On" +msgstr "" + +#: ipaserver/plugins/internal.py:674 +msgid "Issued To" +msgstr "" + +#: ipaserver/plugins/internal.py:675 +msgid "Key Compromise" +msgstr "" + +#: ipaserver/plugins/internal.py:676 +msgid "No Valid Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:677 +msgid "New Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:678 +msgid "Certificate in base64 or PEM format" +msgstr "" + +#: ipaserver/plugins/internal.py:679 +msgid "Note" +msgstr "" + +#: ipaserver/plugins/internal.py:681 +msgid "Organizational Unit" +msgstr "" + +#: ipaserver/plugins/internal.py:682 +#, python-brace-format +msgid "${count} certificate(s) present" +msgstr "" + +#: ipaserver/plugins/internal.py:683 +msgid "Privilege Withdrawn" +msgstr "" + +#: ipaserver/plugins/internal.py:684 +msgid "Reason for Revocation" +msgstr "" + +#: ipaserver/plugins/internal.py:686 +msgid "Remove certificate hold" +msgstr "" + +#: ipaserver/plugins/internal.py:687 +msgid "Do you want to remove the certificate hold?" +msgstr "" + +#: ipaserver/plugins/internal.py:688 +msgid "Remove from CRL" +msgstr "" + +#: ipaserver/plugins/internal.py:689 +#, python-brace-format +msgid "" +"
  1. Create a certificate database or use an existing one. To create a " +"new database:
    # certutil -N -d <database path>
  2. " +"
  3. Create a CSR with subject CN=<${cn_name}>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g " +"<key size> -s 'CN=${cn},O=${realm}'${san}
  4. Copy and " +"paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to " +"-----END NEW CERTIFICATE REQUEST-----) into the text area below:
" +msgstr "" + +#: ipaserver/plugins/internal.py:690 +#, python-brace-format +msgid " -8 '${cn}'" +msgstr "" + +#: ipaserver/plugins/internal.py:691 +msgid "Certificate requested" +msgstr "" + +#: ipaserver/plugins/internal.py:693 +msgid "Revoke certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:694 +msgid "" +"Do you want to revoke this certificate? Select a reason from the pull-down " +"list." +msgstr "" + +#: ipaserver/plugins/internal.py:695 +msgid "Certificate Revoked" +msgstr "" + +#: ipaserver/plugins/internal.py:696 +msgid "REVOKED" +msgstr "" + +#: ipaserver/plugins/internal.py:699 +msgid "SHA1 Fingerprint" +msgstr "" + +#: ipaserver/plugins/internal.py:700 +msgid "SHA256 Fingerprint" +msgstr "" + +#: ipaserver/plugins/internal.py:701 ipaserver/plugins/internal.py:1031 +#: ipaserver/plugins/internal.py:1344 ipaserver/plugins/internal.py:1947 +#: ipaserver/plugins/cert.py:1270 +msgid "Status" +msgstr "" + +#: ipaserver/plugins/internal.py:702 +msgid "Superseded" +msgstr "" + +#: ipaserver/plugins/internal.py:703 +msgid "Unspecified" +msgstr "" + +#: ipaserver/plugins/internal.py:704 +msgid "Valid Certificate Present" +msgstr "" + +#: ipaserver/plugins/internal.py:705 +msgid "Valid from" +msgstr "" + +#: ipaserver/plugins/internal.py:706 +msgid "Valid to" +msgstr "" + +#: ipaserver/plugins/internal.py:707 +msgid "Validity" +msgstr "" + +#: ipaserver/plugins/internal.py:708 +#, python-brace-format +msgid "Certificate for ${entity} ${primary_key}" +msgstr "" + +#: ipaserver/plugins/internal.py:709 +msgid "View Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:712 +msgid "Certificate Data" +msgstr "" + +#: ipaserver/plugins/internal.py:713 +msgid "Certificate For Match" +msgstr "" + +#: ipaserver/plugins/internal.py:714 +msgid "Certificate Mapping Match" +msgstr "" + +#: ipaserver/plugins/internal.py:716 +msgid "Matched Users" +msgstr "" + +#: ipaserver/plugins/internal.py:717 +msgid "User Login" +msgstr "" + +#: ipaserver/plugins/internal.py:720 +msgid "Add certificate identity mapping rule" +msgstr "" + +#: ipaserver/plugins/internal.py:721 +msgid "Add certificate mapping data" +msgstr "" + +#: ipaserver/plugins/internal.py:724 +msgid "Configuration string" +msgstr "" + +#: ipaserver/plugins/internal.py:725 +#, python-brace-format +msgid "Do you want to remove certificate mapping data ${data}?" +msgstr "" + +#: ipaserver/plugins/internal.py:726 +msgid "Remove certificate mapping data" +msgstr "" + +#: ipaserver/plugins/internal.py:728 +msgid "Issuer and subject" +msgstr "" + +#: ipaserver/plugins/internal.py:729 +msgid "Remove certificate identity mapping rules" +msgstr "" + +#: ipaserver/plugins/internal.py:734 +msgid "Group Options" +msgstr "" + +#: ipaserver/plugins/internal.py:735 +msgid "Search Options" +msgstr "" + +#: ipaserver/plugins/internal.py:736 +msgid "SELinux Options" +msgstr "" + +#: ipaserver/plugins/internal.py:737 +msgid "Server Options" +msgstr "" + +#: ipaserver/plugins/internal.py:738 +msgid "Service Options" +msgstr "" + +#: ipaserver/plugins/internal.py:739 +msgid "User Options" +msgstr "" + +#: ipaserver/plugins/internal.py:744 +msgid "Forward first" +msgstr "" + +#: ipaserver/plugins/internal.py:745 +msgid "Forwarding disabled" +msgstr "" + +#: ipaserver/plugins/internal.py:746 +msgid "Forward only" +msgstr "" + +#: ipaserver/plugins/internal.py:747 ipaserver/plugins/internal.py:1470 +#: ipaserver/plugins/internal.py:1576 +msgid "Options" +msgstr "" + +#: ipaserver/plugins/internal.py:748 +msgid "Update System DNS Records" +msgstr "" + +#: ipaserver/plugins/internal.py:749 +msgid "Do you want to update system DNS records?" +msgstr "" + +#: ipaserver/plugins/internal.py:750 +msgid "System DNS records updated" +msgstr "" + +#: ipaserver/plugins/internal.py:753 +msgid "Add DNS forward zone" +msgstr "" + +#: ipaserver/plugins/internal.py:754 +msgid "Remove DNS forward zones" +msgstr "" + +#: ipaserver/plugins/internal.py:757 +msgid "Add DNS resource record" +msgstr "" + +#: ipaserver/plugins/internal.py:759 +msgid "DNS record was deleted because it contained no data." +msgstr "" + +#: ipaserver/plugins/internal.py:760 +msgid "Other Record Types" +msgstr "" + +#: ipaserver/plugins/internal.py:761 +msgid "Address not valid, can't redirect" +msgstr "" + +#: ipaserver/plugins/internal.py:762 +msgid "Create dns record" +msgstr "" + +#: ipaserver/plugins/internal.py:763 +msgid "Creating record." +msgstr "" + +#: ipaserver/plugins/internal.py:764 +msgid "Record creation failed." +msgstr "" + +#: ipaserver/plugins/internal.py:765 +msgid "Checking if record exists." +msgstr "" + +#: ipaserver/plugins/internal.py:766 +msgid "Record not found." +msgstr "" + +#: ipaserver/plugins/internal.py:767 +msgid "Redirection to PTR record" +msgstr "" + +#: ipaserver/plugins/internal.py:768 +#, python-brace-format +msgid "Zone found: ${zone}" +msgstr "" + +#: ipaserver/plugins/internal.py:769 +msgid "Target reverse zone not found." +msgstr "" + +#: ipaserver/plugins/internal.py:770 +msgid "Fetching DNS zones." +msgstr "" + +#: ipaserver/plugins/internal.py:771 +msgid "An error occurred while fetching dns zones." +msgstr "" + +#: ipaserver/plugins/internal.py:772 +msgid "You will be redirected to DNS Zone." +msgstr "" + +#: ipaserver/plugins/internal.py:773 +msgid "Remove DNS resource records" +msgstr "" + +#: ipaserver/plugins/internal.py:774 +msgid "Standard Record Types" +msgstr "" + +#: ipaserver/plugins/internal.py:775 +msgid "Records for DNS Zone" +msgstr "" + +#: ipaserver/plugins/internal.py:776 +msgid "Record Type" +msgstr "" + +#: ipaserver/plugins/internal.py:779 +msgid "Add DNS zone" +msgstr "" + +#: ipaserver/plugins/internal.py:781 +#, python-brace-format +msgid "Are you sure you want to add permission for DNS Zone ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:782 +msgid "DNS Zone Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:783 +msgid "Remove DNS zones" +msgstr "" + +#: ipaserver/plugins/internal.py:784 +msgid "Remove Permission" +msgstr "" + +#: ipaserver/plugins/internal.py:785 +#, python-brace-format +msgid "Are you sure you want to remove permission for DNS Zone ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:786 +msgid "Skip DNS check" +msgstr "" + +#: ipaserver/plugins/internal.py:787 +msgid "Skip overlap check" +msgstr "" + +#: ipaserver/plugins/internal.py:788 +msgid "Do you want to check if new authoritative nameserver address is in DNS" +msgstr "" + +#: ipaserver/plugins/internal.py:789 +msgid "Authoritative nameserver change" +msgstr "" + +#: ipaserver/plugins/internal.py:794 +msgid "Level" +msgstr "" + +#: ipaserver/plugins/internal.py:795 +msgid "Set Domain Level" +msgstr "" + +#: ipaserver/plugins/internal.py:798 +msgid "Add user group" +msgstr "" + +#: ipaserver/plugins/internal.py:800 +#, python-brace-format +msgid "Add user groups into user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:803 +#, python-brace-format +msgid "Add user group '${primary_key}' into user groups" +msgstr "" + +#: ipaserver/plugins/internal.py:806 +#, python-brace-format +msgid "Add user group '${primary_key}' into HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:809 +#, python-brace-format +msgid "Add user group '${primary_key}' into netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:812 +#, python-brace-format +msgid "Add user group '${primary_key}' into roles" +msgstr "" + +#: ipaserver/plugins/internal.py:815 +#, python-brace-format +msgid "Add user group '${primary_key}' into sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:818 +#, python-brace-format +msgid "Add services into user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:821 +#, python-brace-format +msgid "Add users into user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:824 +#, python-brace-format +msgid "Add groups as member managers for user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:828 +#, python-brace-format +msgid "Remove groups from member managers for user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:832 +#, python-brace-format +msgid "Add users as member managers for user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:836 +#, python-brace-format +msgid "Remove users from member managers for user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:840 +#, python-brace-format +msgid "Add user ID override into user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:842 +msgid "Group Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:843 ipaserver/plugins/internal.py:1171 +#: ipaserver/plugins/internal.py:1465 +msgid "External" +msgstr "" + +#: ipaserver/plugins/internal.py:844 ipaserver/plugins/internal.py:1398 +msgid "Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:845 +msgid "Group categories" +msgstr "" + +#: ipaserver/plugins/internal.py:846 +msgid "Change to external group" +msgstr "" + +#: ipaserver/plugins/internal.py:847 +msgid "Change to POSIX group" +msgstr "" + +#: ipaserver/plugins/internal.py:848 +msgid "Non-POSIX" +msgstr "" + +#: ipaserver/plugins/internal.py:849 +msgid "POSIX" +msgstr "" + +#: ipaserver/plugins/internal.py:850 +msgid "Remove user groups" +msgstr "" + +#: ipaserver/plugins/internal.py:852 +#, python-brace-format +msgid "Remove user group '${primary_key}' from user groups" +msgstr "" + +#: ipaserver/plugins/internal.py:855 +#, python-brace-format +msgid "Remove user group '${primary_key}' from netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:858 +#, python-brace-format +msgid "Remove user group '${primary_key}' from roles" +msgstr "" + +#: ipaserver/plugins/internal.py:861 +#, python-brace-format +msgid "Remove user group '${primary_key}' from HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:864 +#, python-brace-format +msgid "Remove user group '${primary_key}' from sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:867 +#, python-brace-format +msgid "Remove user groups from user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:870 +#, python-brace-format +msgid "Remove services from user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:873 +#, python-brace-format +msgid "Remove users from user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:876 +#, python-brace-format +msgid "Remove user ID overrides from user group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:878 +msgid "Group Type" +msgstr "" + +#: ipaserver/plugins/internal.py:882 +msgid "Add HBAC rule" +msgstr "" + +#: ipaserver/plugins/internal.py:884 +#, python-brace-format +msgid "Add user groups into HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:887 +#, python-brace-format +msgid "Add host groups into HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:890 +#, python-brace-format +msgid "Add hosts into HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:893 +#, python-brace-format +msgid "Add HBAC service groups into HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:897 +#, python-brace-format +msgid "Add HBAC services into HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:900 +#, python-brace-format +msgid "Add users into HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:905 +msgid "Accessing" +msgstr "" + +#: ipaserver/plugins/internal.py:907 +msgid "Remove HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:909 +#, python-brace-format +msgid "Remove user groups from HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:912 +#, python-brace-format +msgid "Remove host groups from HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:915 +#, python-brace-format +msgid "Remove hosts from HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:918 +#, python-brace-format +msgid "Remove HBAC service groups from HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:922 +#, python-brace-format +msgid "Remove HBAC services from HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:925 +#, python-brace-format +msgid "Remove users from HBAC rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:927 +msgid "Via Service" +msgstr "" + +#: ipaserver/plugins/internal.py:931 ipaserver/plugins/internal.py:1514 +msgid "Who" +msgstr "" + +#: ipaserver/plugins/internal.py:934 +msgid "Add HBAC service" +msgstr "" + +#: ipaserver/plugins/internal.py:936 +#, python-brace-format +msgid "Add HBAC service '${primary_key}' into HBAC service groups" +msgstr "" + +#: ipaserver/plugins/internal.py:939 +msgid "Remove HBAC services" +msgstr "" + +#: ipaserver/plugins/internal.py:941 +#, python-brace-format +msgid "Remove HBAC service '${primary_key}' from HBAC service groups" +msgstr "" + +#: ipaserver/plugins/internal.py:946 +msgid "Add HBAC service group" +msgstr "" + +#: ipaserver/plugins/internal.py:948 +#, python-brace-format +msgid "Add HBAC services into HBAC service group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:951 +msgid "Remove HBAC service groups" +msgstr "" + +#: ipaserver/plugins/internal.py:953 +#, python-brace-format +msgid "Remove HBAC services from HBAC service group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:959 +msgid "Access Denied" +msgstr "" + +#: ipaserver/plugins/internal.py:960 +msgid "Access Granted" +msgstr "" + +#: ipaserver/plugins/internal.py:961 +msgid "Include Disabled" +msgstr "" + +#: ipaserver/plugins/internal.py:962 +msgid "Include Enabled" +msgstr "" + +#: ipaserver/plugins/internal.py:963 +msgid "HBAC Test" +msgstr "" + +#: ipaserver/plugins/internal.py:964 +msgid "Matched" +msgstr "" + +#: ipaserver/plugins/internal.py:965 +msgid "Missing values: " +msgstr "" + +#: ipaserver/plugins/internal.py:966 +msgid "New Test" +msgstr "" + +#: ipaserver/plugins/internal.py:967 +msgid "Rules" +msgstr "" + +#: ipaserver/plugins/internal.py:968 +msgid "Run Test" +msgstr "" + +#: ipaserver/plugins/internal.py:969 +#, python-brace-format +msgid "Specify external ${entity}" +msgstr "" + +#: ipaserver/plugins/internal.py:970 +msgid "Unmatched" +msgstr "" + +#: ipaserver/plugins/internal.py:973 +msgid "Add host" +msgstr "" + +#: ipaserver/plugins/internal.py:975 +#, python-brace-format +msgid "Add hosts managing host '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:978 +#, python-brace-format +msgid "Add host '${primary_key}' into host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:981 +#, python-brace-format +msgid "Add host '${primary_key}' into HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:984 +#, python-brace-format +msgid "Add host '${primary_key}' into netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:987 +#, python-brace-format +msgid "Add host '${primary_key}' into roles" +msgstr "" + +#: ipaserver/plugins/internal.py:990 +#, python-brace-format +msgid "Add host '${primary_key}' into sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:992 +msgid "Host Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:993 ipaserver/plugins/internal.py:1333 +msgid "Host Name" +msgstr "" + +#: ipaserver/plugins/internal.py:994 ipaserver/plugins/internal.py:1331 +msgid "Delete Key, Unprovision" +msgstr "" + +#: ipaserver/plugins/internal.py:995 +msgid "Host Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:996 +msgid "Enrolled" +msgstr "" + +#: ipaserver/plugins/internal.py:997 +msgid "Enrollment" +msgstr "" + +#: ipaserver/plugins/internal.py:998 +msgid "Fully Qualified Host Name" +msgstr "" + +#: ipaserver/plugins/internal.py:999 +msgid "Generate OTP" +msgstr "" + +#: ipaserver/plugins/internal.py:1000 +msgid "Generated OTP" +msgstr "" + +#: ipaserver/plugins/internal.py:1001 +msgid "Kerberos Key" +msgstr "" + +#: ipaserver/plugins/internal.py:1002 ipaserver/plugins/internal.py:1334 +msgid "Kerberos Key Not Present" +msgstr "" + +#: ipaserver/plugins/internal.py:1003 +msgid "Kerberos Key Present, Host Provisioned" +msgstr "" + +#: ipaserver/plugins/internal.py:1004 ipaserver/plugins/internal.py:1721 +msgid "One-Time Password" +msgstr "" + +#: ipaserver/plugins/internal.py:1005 +msgid "One-Time Password Not Present" +msgstr "" + +#: ipaserver/plugins/internal.py:1006 +msgid "One-Time Password Present" +msgstr "" + +#: ipaserver/plugins/internal.py:1007 +msgid "Reset OTP" +msgstr "" + +#: ipaserver/plugins/internal.py:1008 +msgid "Reset One-Time Password" +msgstr "" + +#: ipaserver/plugins/internal.py:1009 +msgid "Set OTP" +msgstr "" + +#: ipaserver/plugins/internal.py:1010 +msgid "OTP set" +msgstr "" + +#: ipaserver/plugins/internal.py:1011 +msgid "Set One-Time Password" +msgstr "" + +#: ipaserver/plugins/internal.py:1012 +msgid "Remove hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1014 +#, python-brace-format +msgid "Remove hosts managing host '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1017 +#, python-brace-format +msgid "Remove host '${primary_key}' from host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1020 +#, python-brace-format +msgid "Remove host '${primary_key}' from netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1023 +#, python-brace-format +msgid "Remove host '${primary_key}' from roles" +msgstr "" + +#: ipaserver/plugins/internal.py:1026 +#, python-brace-format +msgid "Remove host '${primary_key}' from HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1029 +#, python-brace-format +msgid "Remove host '${primary_key}' from sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1032 ipaserver/plugins/internal.py:1345 +msgid "Unprovision" +msgstr "" + +#: ipaserver/plugins/internal.py:1033 +msgid "Are you sure you want to unprovision this host?" +msgstr "" + +#: ipaserver/plugins/internal.py:1034 +msgid "Unprovisioning host" +msgstr "" + +#: ipaserver/plugins/internal.py:1035 +msgid "Host unprovisioned" +msgstr "" + +#: ipaserver/plugins/internal.py:1038 +msgid "Add host group" +msgstr "" + +#: ipaserver/plugins/internal.py:1040 +#, python-brace-format +msgid "Add hosts into host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1043 +#, python-brace-format +msgid "Add host groups into host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1046 +#, python-brace-format +msgid "Add host group '${primary_key}' into host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1049 +#, python-brace-format +msgid "Add host group '${primary_key}' into HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1052 +#, python-brace-format +msgid "Add host group '${primary_key}' into netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1055 +#, python-brace-format +msgid "Add host group '${primary_key}' into sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1058 +#, python-brace-format +msgid "Add groups as member managers for host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1062 +#, python-brace-format +msgid "Remove groups from member managers for host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1066 +#, python-brace-format +msgid "Add users as member managers for host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1070 +#, python-brace-format +msgid "Remove users from member managers for host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1074 +msgid "Host Group Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1075 +msgid "Remove host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1077 +#, python-brace-format +msgid "Remove host group '${primary_key}' from host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1080 +#, python-brace-format +msgid "Remove host group '${primary_key}' from netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1083 +#, python-brace-format +msgid "Remove host group '${primary_key}' from HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1086 +#, python-brace-format +msgid "Remove host group '${primary_key}' from sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1089 +#, python-brace-format +msgid "Remove hosts from host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1092 +#, python-brace-format +msgid "Remove host groups from host group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1096 +msgid "Keycloak or Red Hat SSO" +msgstr "" + +#: ipaserver/plugins/internal.py:1097 +msgid "Google" +msgstr "" + +#: ipaserver/plugins/internal.py:1098 +msgid "Github" +msgstr "" + +#: ipaserver/plugins/internal.py:1099 +msgid "Microsoft or Azure" +msgstr "" + +#: ipaserver/plugins/internal.py:1100 +msgid "Okta" +msgstr "" + +#: ipaserver/plugins/internal.py:1101 +msgid "OAuth 2.0 client details" +msgstr "" + +#: ipaserver/plugins/internal.py:1102 +msgid "Identity provider details" +msgstr "" + +#: ipaserver/plugins/internal.py:1103 +msgid "Verify secret" +msgstr "" + +#: ipaserver/plugins/internal.py:1106 +msgid "User to override" +msgstr "" + +#: ipaserver/plugins/internal.py:1107 +msgid "" +"Enter trusted or IPA user login. Note: search doesn't list users from " +"trusted domains." +msgstr "" + +#: ipaserver/plugins/internal.py:1108 +msgid "Enter trusted user login." +msgstr "" + +#: ipaserver/plugins/internal.py:1109 ipaserver/plugins/internal.py:1743 +msgid "Profile" +msgstr "" + +#: ipaserver/plugins/internal.py:1112 +msgid "Group to override" +msgstr "" + +#: ipaserver/plugins/internal.py:1113 +msgid "" +"Enter trusted or IPA group name. Note: search doesn't list groups from " +"trusted domains." +msgstr "" + +#: ipaserver/plugins/internal.py:1114 +msgid "Enter trusted group name." +msgstr "" + +#: ipaserver/plugins/internal.py:1117 +msgid "Add ID view" +msgstr "" + +#: ipaserver/plugins/internal.py:1118 +msgid "Add group ID override" +msgstr "" + +#: ipaserver/plugins/internal.py:1119 +msgid "Add user ID override" +msgstr "" + +#: ipaserver/plugins/internal.py:1120 +#, python-brace-format +msgid "${primary_key} applies to:" +msgstr "" + +#: ipaserver/plugins/internal.py:1121 ipaserver/plugins/internal.py:1122 +msgid "Applied to hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1123 +msgid "Apply to host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1125 +#, python-brace-format +msgid "Apply ID view '${primary_key}' on hosts of host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1127 +msgid "Apply to hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1129 +#, python-brace-format +msgid "Apply ID view '${primary_key}' on hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1132 +#, python-brace-format +msgid "${primary_key} overrides:" +msgstr "" + +#: ipaserver/plugins/internal.py:1133 +msgid "Remove ID views" +msgstr "" + +#: ipaserver/plugins/internal.py:1134 +msgid "Remove user ID overrides" +msgstr "" + +#: ipaserver/plugins/internal.py:1135 +msgid "Remove group ID overrides" +msgstr "" + +#: ipaserver/plugins/internal.py:1136 +msgid "Un-apply from host groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1137 +msgid "Un-apply ID Views from hosts of hostgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1138 +msgid "Un-apply" +msgstr "" + +#: ipaserver/plugins/internal.py:1139 +msgid "Un-apply from hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1140 +msgid "Un-apply ID Views from hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1141 +msgid "Are you sure you want to un-apply ID view from selected entries?" +msgstr "" + +#: ipaserver/plugins/internal.py:1143 +#, python-brace-format +msgid "Un-apply ID view '${primary_key}' from hosts" +msgstr "" + +#: ipaserver/plugins/internal.py:1147 ipaserver/plugins/krbtpolicy.py:128 +#: ipaserver/plugins/krbtpolicy.py:129 +msgid "Kerberos Ticket Policy" +msgstr "" + +#: ipaserver/plugins/internal.py:1150 +msgid "Add netgroup" +msgstr "" + +#: ipaserver/plugins/internal.py:1152 +#, python-brace-format +msgid "Add netgroup '${primary_key}' into netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1155 +#, python-brace-format +msgid "Add netgroups into netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1158 +#, python-brace-format +msgid "Add user groups into netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1161 +#, python-brace-format +msgid "Add hosts into netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1164 +#, python-brace-format +msgid "Add host groups into netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1167 +#, python-brace-format +msgid "Add users into netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1175 +msgid "Netgroup Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1177 +msgid "Remove netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1179 +#, python-brace-format +msgid "Remove netgroup '${primary_key}' from netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1182 +#, python-brace-format +msgid "Remove user groups from netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1185 +#, python-brace-format +msgid "Remove hosts from netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1188 +#, python-brace-format +msgid "Remove host groups from netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1191 +#, python-brace-format +msgid "Remove netgroups from netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1194 +#, python-brace-format +msgid "Remove users from netgroup '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1203 +msgid "Add OTP token" +msgstr "" + +#: ipaserver/plugins/internal.py:1205 +#, python-brace-format +msgid "Add users managing OTP token '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1207 +#, python-brace-format +msgid "" +"You can use FreeOTP as a software " +"OTP token application." +msgstr "" + +#: ipaserver/plugins/internal.py:1208 +msgid "Configure your token" +msgstr "" + +#: ipaserver/plugins/internal.py:1209 +msgid "" +"Configure your token by scanning the QR code below. Click on the QR code if " +"you see this on the device you want to configure." +msgstr "" + +#: ipaserver/plugins/internal.py:1210 +msgid "OTP Token Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1211 +msgid "Disable token" +msgstr "" + +#: ipaserver/plugins/internal.py:1212 +msgid "Enable token" +msgstr "" + +#: ipaserver/plugins/internal.py:1213 +msgid "Remove OTP tokens" +msgstr "" + +#: ipaserver/plugins/internal.py:1215 +#, python-brace-format +msgid "Remove users managing OTP token '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1217 +msgid "Show QR code" +msgstr "" + +#: ipaserver/plugins/internal.py:1218 +msgid "Show configuration uri" +msgstr "" + +#: ipaserver/plugins/internal.py:1219 +msgid "Counter-based (HOTP)" +msgstr "" + +#: ipaserver/plugins/internal.py:1220 +msgid "Time-based (TOTP)" +msgstr "" + +#: ipaserver/plugins/internal.py:1223 +msgid "Add Custom Attribute" +msgstr "" + +#: ipaserver/plugins/internal.py:1226 +msgid "Permission settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1227 +msgid "Attribute breakdown" +msgstr "" + +#: ipaserver/plugins/internal.py:1231 +msgid "Privilege Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1234 +msgid "Public key:" +msgstr "" + +#: ipaserver/plugins/internal.py:1235 +msgid "Set public key" +msgstr "" + +#: ipaserver/plugins/internal.py:1236 ipaserver/plugins/internal.py:1355 +msgid "Show/Set key" +msgstr "" + +#: ipaserver/plugins/internal.py:1237 ipaserver/plugins/internal.py:1356 +msgid "Modified: key not set" +msgstr "" + +#: ipaserver/plugins/internal.py:1238 ipaserver/plugins/internal.py:1357 +msgid "Modified" +msgstr "" + +#: ipaserver/plugins/internal.py:1239 ipaserver/plugins/internal.py:1358 +msgid "New: key not set" +msgstr "" + +#: ipaserver/plugins/internal.py:1240 ipaserver/plugins/internal.py:1359 +msgid "New: key set" +msgstr "" + +#: ipaserver/plugins/internal.py:1243 +msgid "Add password policy" +msgstr "" + +#: ipaserver/plugins/internal.py:1244 ipaserver/plugins/pwpolicy.py:302 +msgid "Password Policy" +msgstr "" + +#: ipaserver/plugins/internal.py:1245 +msgid "Remove password policies" +msgstr "" + +#: ipaserver/plugins/internal.py:1248 +msgid "Add ID range" +msgstr "" + +#: ipaserver/plugins/internal.py:1249 +msgid "Range Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1251 ipaserver/plugins/internal.py:1381 +msgid "Base ID" +msgstr "" + +#: ipaserver/plugins/internal.py:1252 +msgid "Primary RID base" +msgstr "" + +#: ipaserver/plugins/internal.py:1253 ipaserver/plugins/internal.py:1388 +msgid "Range size" +msgstr "" + +#: ipaserver/plugins/internal.py:1254 +msgid "Domain SID" +msgstr "" + +#: ipaserver/plugins/internal.py:1255 +msgid "Secondary RID base" +msgstr "" + +#: ipaserver/plugins/internal.py:1256 +msgid "Remove ID ranges" +msgstr "" + +#: ipaserver/plugins/internal.py:1259 +msgid "Active Directory domain with POSIX attributes" +msgstr "" + +#: ipaserver/plugins/internal.py:1260 +msgid "Detect" +msgstr "" + +#: ipaserver/plugins/internal.py:1261 +msgid "Local domain" +msgstr "" + +#: ipaserver/plugins/internal.py:1262 +msgid "IPA trust" +msgstr "" + +#: ipaserver/plugins/internal.py:1263 +msgid "Active Directory winsync" +msgstr "" + +#: ipaserver/plugins/internal.py:1266 +msgid "Add RADIUS server" +msgstr "" + +#: ipaserver/plugins/internal.py:1267 +msgid "RADIUS Proxy Server Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1268 +msgid "Remove RADIUS servers" +msgstr "" + +#: ipaserver/plugins/internal.py:1272 +msgid "Check DNS" +msgstr "" + +#: ipaserver/plugins/internal.py:1273 +msgid "Do you also want to perform DNS check?" +msgstr "" + +#: ipaserver/plugins/internal.py:1274 +msgid "Force Update" +msgstr "" + +#: ipaserver/plugins/internal.py:1279 +msgid "Add SELinux user map" +msgstr "" + +#: ipaserver/plugins/internal.py:1281 +#, python-brace-format +msgid "Add user groups into SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1284 +#, python-brace-format +msgid "Add host groups into SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1287 +#, python-brace-format +msgid "Add hosts into SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1290 +#, python-brace-format +msgid "Add users into SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1295 +msgid "Remove selinux user maps" +msgstr "" + +#: ipaserver/plugins/internal.py:1297 +#, python-brace-format +msgid "Remove user groups from SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1300 +#, python-brace-format +msgid "Remove host groups from SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1303 +#, python-brace-format +msgid "Remove hosts from SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1306 +#, python-brace-format +msgid "Remove users from SELinux user map '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1313 +msgid "Server Roles" +msgstr "" + +#: ipaserver/plugins/internal.py:1314 +msgid "Server Role" +msgstr "" + +#: ipaserver/plugins/internal.py:1317 +msgid "Warning: Consider service replication" +msgstr "" + +#: ipaserver/plugins/internal.py:1318 +msgid "" +"It is strongly recommended to keep the following services installed on more " +"than one server:" +msgstr "" + +#: ipaserver/plugins/internal.py:1319 +msgid "Delete Server" +msgstr "" + +#: ipaserver/plugins/internal.py:1320 +msgid "" +"Deleting a server removes it permanently from the topology. Note that this " +"is a non-reversible action." +msgstr "" + +#: ipaserver/plugins/internal.py:1323 +msgid "Add service" +msgstr "" + +#: ipaserver/plugins/internal.py:1325 +#, python-brace-format +msgid "Add hosts managing service '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1328 +#, python-brace-format +msgid "Add service '${primary_key}' into roles" +msgstr "" + +#: ipaserver/plugins/internal.py:1330 +msgid "Service Certificate" +msgstr "" + +#: ipaserver/plugins/internal.py:1332 +msgid "Service Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1335 +msgid "Provisioning" +msgstr "" + +#: ipaserver/plugins/internal.py:1336 +msgid "Remove services" +msgstr "" + +#: ipaserver/plugins/internal.py:1338 +#, python-brace-format +msgid "Remove service '${primary_key}' from roles" +msgstr "" + +#: ipaserver/plugins/internal.py:1341 +#, python-brace-format +msgid "Remove hosts managing service '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1346 +msgid "Are you sure you want to unprovision this service?" +msgstr "" + +#: ipaserver/plugins/internal.py:1347 +msgid "Unprovisioning service" +msgstr "" + +#: ipaserver/plugins/internal.py:1348 +msgid "Service unprovisioned" +msgstr "" + +#: ipaserver/plugins/internal.py:1349 +msgid "Kerberos Key Present, Service Provisioned" +msgstr "" + +#: ipaserver/plugins/internal.py:1352 +msgid "SSH public keys" +msgstr "" + +#: ipaserver/plugins/internal.py:1353 +msgid "SSH public key:" +msgstr "" + +#: ipaserver/plugins/internal.py:1354 +msgid "Set SSH key" +msgstr "" + +#: ipaserver/plugins/internal.py:1362 +msgid "Are you sure you want to activate selected users?" +msgstr "" + +#: ipaserver/plugins/internal.py:1363 +#, python-brace-format +msgid "Are you sure you want to activate ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:1364 +#, python-brace-format +msgid "${count} user(s) activated" +msgstr "" + +#: ipaserver/plugins/internal.py:1365 +msgid "Add stage user" +msgstr "" + +#: ipaserver/plugins/internal.py:1366 +msgid "Stage users" +msgstr "" + +#: ipaserver/plugins/internal.py:1367 +msgid "Preserved users" +msgstr "" + +#: ipaserver/plugins/internal.py:1368 +msgid "Remove preserved users" +msgstr "" + +#: ipaserver/plugins/internal.py:1369 +msgid "Remove stage users" +msgstr "" + +#: ipaserver/plugins/internal.py:1370 +msgid "Are you sure you want to stage selected users?" +msgstr "" + +#: ipaserver/plugins/internal.py:1371 +#, python-brace-format +msgid "${count} users(s) staged" +msgstr "" + +#: ipaserver/plugins/internal.py:1372 +#, python-brace-format +msgid "Are you sure you want to stage ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:1373 +msgid "Are you sure you want to restore selected users?" +msgstr "" + +#: ipaserver/plugins/internal.py:1374 +#, python-brace-format +msgid "Are you sure you want to restore ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:1375 +#, python-brace-format +msgid "${count} user(s) restored" +msgstr "" + +#: ipaserver/plugins/internal.py:1376 +msgid "User categories" +msgstr "" + +#: ipaserver/plugins/internal.py:1379 +msgid "Add subid" +msgstr "" + +#: ipaserver/plugins/internal.py:1380 +msgid "Assigned subids" +msgstr "" + +#: ipaserver/plugins/internal.py:1382 +msgid "DNA remaining" +msgstr "" + +#: ipaserver/plugins/internal.py:1389 +msgid "Remaining subids" +msgstr "" + +#: ipaserver/plugins/internal.py:1390 +msgid "Subordinate ID Statistics" +msgstr "" + +#: ipaserver/plugins/internal.py:1393 +msgid "Add sudo command" +msgstr "" + +#: ipaserver/plugins/internal.py:1395 +#, python-brace-format +msgid "Add sudo command '${primary_key}' into sudo command groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1399 +msgid "Remove sudo commands" +msgstr "" + +#: ipaserver/plugins/internal.py:1401 +#, python-brace-format +msgid "Remove sudo command '${primary_key}' from sudo command groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1406 +msgid "Add sudo command group" +msgstr "" + +#: ipaserver/plugins/internal.py:1408 +#, python-brace-format +msgid "Add sudo commands into sudo command group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1412 +msgid "Remove sudo command groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1414 +#, python-brace-format +msgid "Remove sudo commands from sudo command group '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1419 +msgid "Add sudo rule" +msgstr "" + +#: ipaserver/plugins/internal.py:1420 +msgid "Add sudo option" +msgstr "" + +#: ipaserver/plugins/internal.py:1422 +#, python-brace-format +msgid "Add allow sudo commands into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1426 +#, python-brace-format +msgid "Add allow sudo command groups into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1430 +#, python-brace-format +msgid "Add deny sudo commands into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1434 +#, python-brace-format +msgid "Add deny sudo command groups into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1438 +#, python-brace-format +msgid "Add user groups into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1441 +#, python-brace-format +msgid "Add host groups into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1444 +#, python-brace-format +msgid "Add hosts into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1447 +#, python-brace-format +msgid "Add RunAs users into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1450 +#, python-brace-format +msgid "Add RunAs user groups into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1453 +#, python-brace-format +msgid "Add RunAs groups into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1456 +#, python-brace-format +msgid "Add users into sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1458 +msgid "Allow" +msgstr "" + +#: ipaserver/plugins/internal.py:1459 +msgid "Any Command" +msgstr "" + +#: ipaserver/plugins/internal.py:1460 +msgid "Any Group" +msgstr "" + +#: ipaserver/plugins/internal.py:1463 +msgid "Run Commands" +msgstr "" + +#: ipaserver/plugins/internal.py:1464 +msgid "Deny" +msgstr "" + +#: ipaserver/plugins/internal.py:1466 +msgid "Access this host" +msgstr "" + +#: ipaserver/plugins/internal.py:1468 +msgid "Option added" +msgstr "" + +#: ipaserver/plugins/internal.py:1469 +#, python-brace-format +msgid "${count} option(s) removed" +msgstr "" + +#: ipaserver/plugins/internal.py:1471 +msgid "Remove sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1473 +#, python-brace-format +msgid "Remove allow sudo commands from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1477 +#, python-brace-format +msgid "Remove allow sudo command groups from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1481 +#, python-brace-format +msgid "Remove deny sudo commands from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1485 +#, python-brace-format +msgid "Remove deny sudo command groups from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1489 +#, python-brace-format +msgid "Remove user groups from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1492 +#, python-brace-format +msgid "Remove host groups from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1495 +#, python-brace-format +msgid "Remove hosts from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1498 +#, python-brace-format +msgid "Remove RunAs users from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1501 +#, python-brace-format +msgid "Remove RunAs user groups from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1504 +#, python-brace-format +msgid "Remove RunAs groups from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1507 +#, python-brace-format +msgid "Remove users from sudo rule '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1509 +msgid "As Whom" +msgstr "" + +#: ipaserver/plugins/internal.py:1510 +msgid "Specified Commands and Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1511 +msgid "Specified Groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1517 +msgid "Remove sudo options" +msgstr "" + +#: ipaserver/plugins/internal.py:1520 +msgid "Autogenerated" +msgstr "" + +#: ipaserver/plugins/internal.py:1521 +msgid "Segment details" +msgstr "" + +#: ipaserver/plugins/internal.py:1522 +msgid "Replication configuration" +msgstr "" + +#: ipaserver/plugins/internal.py:1523 +#, python-brace-format +msgid "Managed topology requires minimal domain level ${domainlevel}" +msgstr "" + +#: ipaserver/plugins/internal.py:1526 +msgid "Add IPA location" +msgstr "" + +#: ipaserver/plugins/internal.py:1528 +#, python-brace-format +msgid "Add IPA server into IPA location '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1530 +msgid "Remove IPA locations" +msgstr "" + +#: ipaserver/plugins/internal.py:1532 +#, python-brace-format +msgid "Remove IPA servers from IPA location '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1536 +msgid "Add topology segment" +msgstr "" + +#: ipaserver/plugins/internal.py:1537 +msgid "Remove topology segments" +msgstr "" + +#: ipaserver/plugins/internal.py:1540 +msgid "Account" +msgstr "" + +#: ipaserver/plugins/internal.py:1541 +msgid "Add trust" +msgstr "" + +#: ipaserver/plugins/internal.py:1542 +msgid "Administrative account" +msgstr "" + +#: ipaserver/plugins/internal.py:1543 +msgid "SID blocklists" +msgstr "" + +#: ipaserver/plugins/internal.py:1544 +msgid "Trust Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1546 +msgid "Establish using" +msgstr "" + +#: ipaserver/plugins/internal.py:1547 +msgid "Fetch domains" +msgstr "" + +#: ipaserver/plugins/internal.py:1550 +msgid "Pre-shared password" +msgstr "" + +#: ipaserver/plugins/internal.py:1551 +msgid "Remove trusts" +msgstr "" + +#: ipaserver/plugins/internal.py:1552 +msgid "Remove domains" +msgstr "" + +#: ipaserver/plugins/internal.py:1556 +msgid "Alternative UPN suffixes" +msgstr "" + +#: ipaserver/plugins/internal.py:1560 +msgid "User attributes for SMB services" +msgstr "" + +#: ipaserver/plugins/internal.py:1563 +msgid "Path to a script executed on a Windows system at logon" +msgstr "" + +#: ipaserver/plugins/internal.py:1566 +msgid "Path to a user profile, in UNC format \\\\server\\share\\" +msgstr "" + +#: ipaserver/plugins/internal.py:1569 +msgid "Path to a user home directory, in UNC format" +msgstr "" + +#: ipaserver/plugins/internal.py:1572 +msgid "Drive to mount a home directory" +msgstr "" + +#: ipaserver/plugins/internal.py:1579 +msgid "Account Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1580 +msgid "Account Status" +msgstr "" + +#: ipaserver/plugins/internal.py:1581 +msgid "Active users" +msgstr "" + +#: ipaserver/plugins/internal.py:1582 +msgid "Add user" +msgstr "" + +#: ipaserver/plugins/internal.py:1584 +#, python-brace-format +msgid "Add user '${primary_key}' into user groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1587 +#, python-brace-format +msgid "Add user '${primary_key}' into HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1590 +#, python-brace-format +msgid "Add user '${primary_key}' into netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1593 +#, python-brace-format +msgid "Add user '${primary_key}' into roles" +msgstr "" + +#: ipaserver/plugins/internal.py:1596 +#, python-brace-format +msgid "Add user '${primary_key}' into sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1598 +msgid "Auto assign subordinate ids" +msgstr "" + +#: ipaserver/plugins/internal.py:1600 +#, python-brace-format +msgid "" +"Are you sure you want to auto-assign a subordinate id to user ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:1603 +msgid "Contact Settings" +msgstr "" + +#: ipaserver/plugins/internal.py:1604 +msgid "Delete mode" +msgstr "" + +#: ipaserver/plugins/internal.py:1605 +msgid "Employee Information" +msgstr "" + +#: ipaserver/plugins/internal.py:1606 +msgid "Error changing account status" +msgstr "" + +#: ipaserver/plugins/internal.py:1607 +msgid "Password expiration" +msgstr "" + +#: ipaserver/plugins/internal.py:1608 +msgid "Mailing Address" +msgstr "" + +#: ipaserver/plugins/internal.py:1609 +msgid "Misc. Information" +msgstr "" + +#: ipaserver/plugins/internal.py:1610 +msgid "delete" +msgstr "" + +#: ipaserver/plugins/internal.py:1611 +msgid "preserve" +msgstr "" + +#: ipaserver/plugins/internal.py:1612 +msgid "No private group" +msgstr "" + +#: ipaserver/plugins/internal.py:1613 +msgid "Remove users" +msgstr "" + +#: ipaserver/plugins/internal.py:1615 +#, python-brace-format +msgid "Remove user '${primary_key}' from user groups" +msgstr "" + +#: ipaserver/plugins/internal.py:1618 +#, python-brace-format +msgid "Remove user '${primary_key}' from netgroups" +msgstr "" + +#: ipaserver/plugins/internal.py:1621 +#, python-brace-format +msgid "Remove user '${primary_key}' from roles" +msgstr "" + +#: ipaserver/plugins/internal.py:1624 +#, python-brace-format +msgid "Remove user '${primary_key}' from HBAC rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1627 +#, python-brace-format +msgid "Remove user '${primary_key}' from sudo rules" +msgstr "" + +#: ipaserver/plugins/internal.py:1629 +#, python-brace-format +msgid "" +"Are you sure you want to ${action} the user?
The change will take effect " +"immediately." +msgstr "" + +#: ipaserver/plugins/internal.py:1630 +#, python-brace-format +msgid "Click to ${action}" +msgstr "" + +#: ipaserver/plugins/internal.py:1631 +msgid "Unlock" +msgstr "" + +#: ipaserver/plugins/internal.py:1632 +#, python-brace-format +msgid "Are you sure you want to unlock user ${object}?" +msgstr "" + +#: ipaserver/plugins/internal.py:1635 +msgid "Add vault" +msgstr "" + +#: ipaserver/plugins/internal.py:1637 +#, python-brace-format +msgid "Add user groups into members of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1640 +#, python-brace-format +msgid "Add services into members of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1643 +#, python-brace-format +msgid "Add users into members of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1646 +#, python-brace-format +msgid "Add user groups into owners of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1649 +#, python-brace-format +msgid "Add services into owners of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1652 +#, python-brace-format +msgid "Add users into owners of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1655 +msgid "" +"Secrets can be added/retrieved to vault only by using vault-archive and " +"vault-retrieve from CLI." +msgstr "" + +#: ipaserver/plugins/internal.py:1659 +msgid "" +"Content of 'standard' vaults can be seen by users with higher privileges " +"(admins)." +msgstr "" + +#: ipaserver/plugins/internal.py:1662 +msgid "Asymmetric" +msgstr "" + +#: ipaserver/plugins/internal.py:1663 +msgid "Vaults Config" +msgstr "" + +#: ipaserver/plugins/internal.py:1665 +msgid "Members" +msgstr "" + +#: ipaserver/plugins/internal.py:1666 +msgid "My User Vaults" +msgstr "" + +#: ipaserver/plugins/internal.py:1667 +msgid "Owners" +msgstr "" + +#: ipaserver/plugins/internal.py:1668 +msgid "Remove vaults" +msgstr "" + +#: ipaserver/plugins/internal.py:1670 +#, python-brace-format +msgid "Remove user groups from members of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1673 +#, python-brace-format +msgid "Remove services from members of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1676 +#, python-brace-format +msgid "Remove users from members of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1679 +#, python-brace-format +msgid "Remove user groups from owners of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1682 +#, python-brace-format +msgid "Remove services from owners of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1685 +#, python-brace-format +msgid "Remove users from owners of vault '${primary_key}'" +msgstr "" + +#: ipaserver/plugins/internal.py:1688 +msgid "Service Vaults" +msgstr "" + +#: ipaserver/plugins/internal.py:1689 +msgid "Shared" +msgstr "" + +#: ipaserver/plugins/internal.py:1690 +msgid "Shared Vaults" +msgstr "" + +#: ipaserver/plugins/internal.py:1691 +msgid "Standard" +msgstr "" + +#: ipaserver/plugins/internal.py:1692 +msgid "Symmetric" +msgstr "" + +#: ipaserver/plugins/internal.py:1693 +msgid "Vault Type" +msgstr "" + +#: ipaserver/plugins/internal.py:1695 +msgid "" +"Only standard vaults can be created in WebUI, use CLI for other types of " +"vaults." +msgstr "" + +#: ipaserver/plugins/internal.py:1699 +msgid "User Vaults" +msgstr "" + +#: ipaserver/plugins/internal.py:1704 +msgid "Current password is required" +msgstr "" + +#: ipaserver/plugins/internal.py:1705 +#, python-brace-format +msgid "Your password expires in ${days} days." +msgstr "" + +#: ipaserver/plugins/internal.py:1706 +msgid "First OTP" +msgstr "" + +#: ipaserver/plugins/internal.py:1710 +msgid "New password is required" +msgstr "" + +#: ipaserver/plugins/internal.py:1713 +msgid "" +" OTP (One-Time Password):Generate new OTP code for each OTP field." +msgstr "" + +#: ipaserver/plugins/internal.py:1717 +msgid "" +" OTP (One-Time Password):Leave blank if you are not using OTP tokensfor authentication." +msgstr "" + +#: ipaserver/plugins/internal.py:1722 +msgid "Token synchronization failed" +msgstr "" + +#: ipaserver/plugins/internal.py:1723 +msgid "The username, password or token codes are not correct" +msgstr "" + +#: ipaserver/plugins/internal.py:1724 +msgid "Token was synchronized" +msgstr "" + +#: ipaserver/plugins/internal.py:1727 +msgid "Password change complete" +msgstr "" + +#: ipaserver/plugins/internal.py:1729 +msgid "Your password has expired. Please enter a new password." +msgstr "" + +#: ipaserver/plugins/internal.py:1730 +msgid "Passwords must match" +msgstr "" + +#: ipaserver/plugins/internal.py:1731 +msgid "Password reset was not successful." +msgstr "" + +#: ipaserver/plugins/internal.py:1733 +msgid "Reset your password." +msgstr "" + +#: ipaserver/plugins/internal.py:1734 +msgid "Second OTP" +msgstr "" + +#: ipaserver/plugins/internal.py:1736 +msgid "Verify Password" +msgstr "" + +#: ipaserver/plugins/internal.py:1746 +msgid "Are you sure you want to delete selected entries?" +msgstr "" + +#: ipaserver/plugins/internal.py:1747 +#, python-brace-format +msgid "${count} item(s) deleted" +msgstr "" + +#: ipaserver/plugins/internal.py:1748 +msgid "Are you sure you want to disable selected entries?" +msgstr "" + +#: ipaserver/plugins/internal.py:1749 +#, python-brace-format +msgid "${count} item(s) disabled" +msgstr "" + +#: ipaserver/plugins/internal.py:1750 +msgid "Are you sure you want to enable selected entries?" +msgstr "" + +#: ipaserver/plugins/internal.py:1751 +#, python-brace-format +msgid "${count} item(s) enabled" +msgstr "" + +#: ipaserver/plugins/internal.py:1752 +msgid "Some entries were not deleted" +msgstr "" + +#: ipaserver/plugins/internal.py:1755 +msgid "Quick Links" +msgstr "" + +#: ipaserver/plugins/internal.py:1756 +msgid "Select All" +msgstr "" + +#: ipaserver/plugins/internal.py:1757 +#, python-brace-format +msgid "" +"Query returned more results than the configured size limit. Displaying the " +"first ${counter} results." +msgstr "" + +#: ipaserver/plugins/internal.py:1758 +msgid "Unselect All" +msgstr "" + +#: ipaserver/plugins/internal.py:1762 +msgid "" +"

Browser Kerberos Setup

\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1766 +msgid "" +"

Firefox

\n" +"\n" +"

\n" +" You can configure Firefox to use Kerberos for Single Sign-on. " +"The following instructions will guide you in configuring your web browser to " +"send your Kerberos credentials to the appropriate Key Distribution Center " +"which enables Single Sign-on.\n" +"

\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1778 +msgid "" +"
    \n" +"
  1. \n" +"

    \n" +"Import " +"Certificate Authority certificate\n" +"

    \n" +"

    \n" +" Make sure you select all three checkboxes.\n" +"

    \n" +"
  2. \n" +"
  3. \n" +" In the address bar of Firefox, type about:config to display the list of current configuration options.\n" +"
  4. \n" +"
  5. \n" +" In the Filter field, type negotiate to restrict " +"the list of options.\n" +"
  6. \n" +"
  7. \n" +" Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.\n" +"
  8. \n" +"
  9. \n" +" Enter the name of the domain against which you want to " +"authenticate, for example, .example.com.\n" +"
  10. \n" +"
  11. Return to Web UI
  12. \n" +"
\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1814 +msgid "" +"

Chrome

\n" +"\n" +"

\n" +" You can configure Chrome to use Kerberos for Single Sign-on. The " +"following instructions will guide you in configuring your web browser to " +"send your Kerberos credentials to the appropriate Key Distribution Center " +"which enables Single Sign-on.\n" +"

\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1826 +msgid "" +"

Import CA Certificate

\n" +"
    \n" +"
  1. \n" +" Download the CA certificate. " +"Alternatively, if the host is also an IdM client, you can find the " +"certificate in /etc/ipa/ca.crt.\n" +"
  2. \n" +"
  3. \n" +" Click the menu button with the Customize and control " +"Google Chrome tooltip, which is by default in the top right-hand corner " +"of Chrome, and click Settings.\n" +"
  4. \n" +"
  5. \n" +" Click Show advanced settings to display more " +"options, and then click the Manage certificates button located " +"under the HTTPS/SSL heading.\n" +"
  6. \n" +"
  7. \n" +" In the Authorities tab, click the Import " +"button at the bottom.\n" +"
  8. \n" +"
  9. Select the CA certificate file that you downloaded in the first step.\n" +"
\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1855 +msgid "" +"

\n" +" Enable SPNEGO (Simple and Protected GSSAPI Negotiation " +"Mechanism) to Use Kerberos Authentication\n" +" in Chrome\n" +"

\n" +"
    \n" +"
  1. \n" +" Make sure you have the necessary directory created by " +"running:\n" +"
    \n" +" [root@client]# mkdir -p /etc/opt/chrome/policies/" +"managed/\n" +"
    \n" +"
  2. \n" +"
  3. \n" +" Create a new /etc/opt/chrome/policies/managed/mydomain." +"json file with write privileges limited to the system administrator " +"or root, and include the following line:\n" +"
    \n" +" { \"AuthServerWhitelist\": \"*.example.com\" }\n" +"
    \n" +"
    \n" +" You can do this by running:\n" +"
    \n" +"
    \n" +" [root@server]# echo '{ \"AuthServerWhitelist\": \"*.example.com\" }' > /etc/opt/chrome/policies/" +"managed/mydomain.json\n" +"
    \n" +"
  4. \n" +"
\n" +"
    \n" +"

    \n" +"Note: If using Chromium, use /etc/chromium/policies/" +"managed/ instead of /etc/opt/chrome/policies/managed/ " +"for the two SPNEGO Chrome configuration steps above.\n" +"

    \n" +"
\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1900 +msgid "" +"

Internet Explorer

\n" +"

WARNING: Internet Explorer is no longer a supported " +"browser.

\n" +"

\n" +" Once you are able to log into the workstation with your kerberos " +"key you are now able to use that ticket in Internet Explorer.\n" +"

\n" +"

\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1911 +msgid "" +"Log into the Windows machine using an account of your Kerberos realm " +"(administrative domain)\n" +"

\n" +"

\n" +"In Internet Explorer, click Tools, and then click Internet Options.\n" +"

\n" +"
\n" +"
    \n" +"
  1. Click the Security tab
  2. \n" +"
  3. Click Local intranet
  4. \n" +"
  5. Click Sites
  6. \n" +"
  7. Click Advanced
  8. \n" +"
  9. Add your domain to the list
  10. \n" +"
\n" +"
    \n" +"
  1. Click the Security tab
  2. \n" +"
  3. Click Local intranet
  4. \n" +"
  5. Click Custom Level
  6. \n" +"
  7. Select Automatic logon only in Intranet zone
  8. \n" +"
\n" +"\n" +"
    \n" +"
  1. Visit a kerberized web site using IE (You must use the fully-qualified " +"Domain Name in the URL)
  2. \n" +"
  3. You are all set.
  4. \n" +"
\n" +"
\n" +"\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1948 +msgid "Working" +msgstr "" + +#: ipaserver/plugins/internal.py:1951 +msgid "Audit" +msgstr "" + +#: ipaserver/plugins/internal.py:1952 +msgid "Authentication" +msgstr "" + +#: ipaserver/plugins/internal.py:1954 +msgid "Automount" +msgstr "" + +#: ipaserver/plugins/internal.py:1956 +msgid "DNS" +msgstr "" + +#: ipaserver/plugins/internal.py:1957 +msgid "Host-Based Access Control" +msgstr "" + +#: ipaserver/plugins/internal.py:1958 +msgid "Identity" +msgstr "" + +#: ipaserver/plugins/internal.py:1960 +msgid "Network Services" +msgstr "" + +#: ipaserver/plugins/internal.py:1961 +msgid "Policy" +msgstr "" + +#: ipaserver/plugins/internal.py:1962 +msgid "Role-Based Access Control" +msgstr "" + +#: ipaserver/plugins/internal.py:1963 +msgid "Subordinate IDs" +msgstr "" + +#: ipaserver/plugins/internal.py:1964 +msgid "Sudo" +msgstr "" + +#: ipaserver/plugins/internal.py:1965 +msgid "Topology" +msgstr "" + +#: ipaserver/plugins/internal.py:1968 +msgid "True" +msgstr "" + +#: ipaserver/plugins/internal.py:1970 +msgid "" +"

Unable to verify your Kerberos credentials

\n" +"

\n" +" Please make sure that you have valid Kerberos tickets " +"(obtainable via kinit), and that you have configured your " +"browser correctly.\n" +"

\n" +"\n" +"

Browser configuration

\n" +"\n" +"
\n" +"

\n" +" If this is your first time, please configure your browser.\n" +"

\n" +"
\n" +msgstr "" + +#: ipaserver/plugins/internal.py:1987 +msgid "API Browser" +msgstr "" + +#: ipaserver/plugins/internal.py:1988 +msgid "First" +msgstr "" + +#: ipaserver/plugins/internal.py:1989 +msgid "Last" +msgstr "" + +#: ipaserver/plugins/internal.py:1990 +msgid "Next" +msgstr "" + +#: ipaserver/plugins/internal.py:1991 +msgid "Page" +msgstr "" + +#: ipaserver/plugins/internal.py:1992 +msgid "Prev" +msgstr "" + +#: ipaserver/plugins/internal.py:1993 +msgid "Undo" +msgstr "" + +#: ipaserver/plugins/internal.py:1994 +msgid "Undo this change." +msgstr "" + +#: ipaserver/plugins/internal.py:1995 +msgid "Undo All" +msgstr "" + +#: ipaserver/plugins/internal.py:1996 +msgid "Undo all changes in this field." +msgstr "" + +#: ipaserver/plugins/internal.py:1998 +msgid "Text does not match field pattern" +msgstr "" + +#: ipaserver/plugins/internal.py:1999 +msgid "Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")" +msgstr "" + +#: ipaserver/plugins/internal.py:2000 +msgid "Must be a decimal number" +msgstr "" + +#: ipaserver/plugins/internal.py:2001 +msgid "Format error" +msgstr "" + +#: ipaserver/plugins/internal.py:2002 +msgid "Must be an integer" +msgstr "" + +#: ipaserver/plugins/internal.py:2003 +msgid "Not a valid IP address" +msgstr "" + +#: ipaserver/plugins/internal.py:2004 +msgid "Not a valid IPv4 address" +msgstr "" + +#: ipaserver/plugins/internal.py:2005 +msgid "Not a valid IPv6 address" +msgstr "" + +#: ipaserver/plugins/internal.py:2006 +#, python-brace-format +msgid "Maximum value is ${value}" +msgstr "" + +#: ipaserver/plugins/internal.py:2007 +#, python-brace-format +msgid "Minimum value is ${value}" +msgstr "" + +#: ipaserver/plugins/internal.py:2008 +msgid "Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)" +msgstr "" + +#: ipaserver/plugins/internal.py:2009 +msgid "Parse error" +msgstr "" + +#: ipaserver/plugins/internal.py:2010 +msgid "Must be a positive number" +msgstr "" + +#: ipaserver/plugins/internal.py:2011 +#, python-brace-format +msgid "'${port}' is not a valid port" +msgstr "" + +#: ipaserver/plugins/internal.py:2012 +msgid "Required field" +msgstr "" + +#: ipaserver/plugins/internal.py:2013 +msgid "Unsupported value" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:86 +msgid "kerberos ticket policy settings" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:152 +msgid "OTP max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:153 +msgid "OTP token maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:157 +msgid "OTP max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:158 +msgid "OTP token ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:162 +msgid "RADIUS max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:163 +msgid "RADIUS maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:167 +msgid "RADIUS max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:168 +msgid "RADIUS ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:172 +msgid "PKINIT max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:173 +msgid "PKINIT maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:177 +msgid "PKINIT max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:178 +msgid "PKINIT ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:182 +msgid "Hardened max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:183 +msgid "Hardened ticket maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:187 +msgid "Hardened max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:188 +msgid "Hardened ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:192 +msgid "IdP max life" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:193 +msgid "External Identity Provider ticket maximum ticket life (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:198 +msgid "IdP max renew" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:199 +msgid "External Identity Provider ticket maximum renewable age (seconds)" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:284 +#, python-format +msgid "Ticket policy for %s could not be read" +msgstr "" + +#: ipaserver/plugins/krbtpolicy.py:304 +msgid "Default ticket policy could not be read" +msgstr "" + +#: ipaserver/plugins/migration.py:46 +msgid "" +"\n" +"Migration to IPA\n" +"\n" +"Migrate users and groups from an LDAP server to IPA.\n" +"\n" +"This performs an LDAP query against the remote server searching for\n" +"users and groups in a container. In order to migrate passwords you need\n" +"to bind as a user that can read the userPassword attribute on the remote\n" +"server. This is generally restricted to high-level admins such as\n" +"cn=Directory Manager in 389-ds (this is the default bind user).\n" +"\n" +"The default user container is ou=People.\n" +"\n" +"The default group container is ou=Groups.\n" +"\n" +"Users and groups that already exist on the IPA server are skipped.\n" +"\n" +"Two LDAP schemas define how group members are stored: RFC2307 and\n" +"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" +"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" +"\n" +"The schema compat feature allows IPA to reformat data for systems that\n" +"do not support RFC2307bis. It is recommended that this feature is disabled\n" +"during migration to reduce system overhead. It can be re-enabled after\n" +"migration. To migrate with it enabled use the \"--with-compat\" option.\n" +"\n" +"Migrated users do not have Kerberos credentials, they have only their\n" +"LDAP password. To complete the migration process, users need to go\n" +"to http://ipa.example.com/ipa/migration and authenticate using their\n" +"LDAP password in order to generate their Kerberos credentials.\n" +"\n" +"Migration is disabled by default. Use the command ipa config-mod to\n" +"enable it:\n" +"\n" +" ipa config-mod --enable-migration=TRUE\n" +"\n" +"If a base DN is not provided with --basedn then IPA will use either\n" +"the value of defaultNamingContext if it is set or the first value\n" +"in namingContexts set in the root of the remote LDAP server.\n" +"\n" +"Users are added as members to the default user group. This can be a\n" +"time-intensive task so during migration this is done in a batch\n" +"mode for every 100 users. As a result there will be a window in which\n" +"users will be added to IPA but will not be members of the default\n" +"user group.\n" +"\n" +"EXAMPLES:\n" +"\n" +" The simplest migration, accepting all defaults:\n" +" ipa migrate-ds ldap://ds.example.com:389\n" +"\n" +" Specify the user and group container. This can be used to migrate user\n" +" and group data from an IPA v1 server:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" ldap://ds.example.com:389\n" +"\n" +" Since IPA v2 server already contain predefined groups that may collide " +"with\n" +" groups in migrated (IPA v1) server (for example admins, ipausers), users\n" +" having colliding group as their primary group may happen to belong to\n" +" an unknown group on new IPA v2 server.\n" +" Use --group-overwrite-gid option to overwrite GID of already existing " +"groups\n" +" to prevent this issue:\n" +" ipa migrate-ds --group-overwrite-gid \\\n" +" --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" ldap://ds.example.com:389\n" +"\n" +" Migrated users or groups may have object class and accompanied attributes\n" +" unknown to the IPA v2 server. These object classes and attributes may be\n" +" left out of the migration process:\n" +" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" +" --group-container='cn=groups,cn=accounts' \\\n" +" --user-ignore-objectclass=radiusprofile \\\n" +" --user-ignore-attribute=radiusgroupname \\\n" +" ldap://ds.example.com:389\n" +"\n" +"LOGGING\n" +"\n" +"Migration will log warnings and errors to the Apache error log. This\n" +"file should be evaluated post-migration to correct or investigate any\n" +"issues that were discovered.\n" +"\n" +"For every 100 users migrated an info-level message will be displayed to\n" +"give the current progress and duration to make it possible to track\n" +"the progress of migration.\n" +"\n" +"If the log level is debug, either by setting debug = True in\n" +"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " +"printed\n" +"for each user added plus a summary when the default user group is\n" +"updated.\n" +msgstr "" + +#: ipaserver/plugins/migration.py:145 +#, python-format +msgid "" +"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." +msgstr "" + +#: ipaserver/plugins/migration.py:146 +#, python-format +msgid "" +"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-" +"mod' to set it manually." +msgstr "" + +#: ipaserver/plugins/migration.py:147 +msgid "" +"Failed to add user to the default group. Use 'ipa group-add-member' to add " +"manually." +msgstr "" + +#: ipaserver/plugins/migration.py:148 +msgid "Migration of LDAP search reference is not supported." +msgstr "" + +#: ipaserver/plugins/migration.py:149 +msgid "Malformed DN" +msgstr "" + +#: ipaserver/plugins/migration.py:194 +#, python-format +msgid "%(user)s is not a POSIX user" +msgstr "" + +#: ipaserver/plugins/migration.py:461 +msgid "" +". Check GID of the existing group. Use --group-overwrite-gid option to " +"overwrite the GID" +msgstr "" + +#: ipaserver/plugins/migration.py:476 +msgid "Invalid LDAP URI." +msgstr "" + +#: ipaserver/plugins/migration.py:678 +#, python-format +msgid "%s to exclude from migration" +msgstr "" + +#: ipaserver/plugins/migration.py:680 +msgid "" +"search results for objects to be migrated\n" +"have been truncated by the server;\n" +"migration process might be incomplete\n" +msgstr "" + +#: ipaserver/plugins/migration.py:769 +#, python-format +msgid "" +"%(container)s LDAP search did not return any result (search base: " +"%(search_base)s, objectclass: %(objectclass)s)" +msgstr "" + +#: ipaserver/plugins/migration.py:804 ipaserver/plugins/user.py:593 +msgid "Default group for new users not found" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:43 +msgid "" +"\n" +"Password policy\n" +"\n" +"A password policy sets limitations on IPA passwords, including maximum\n" +"lifetime, minimum lifetime, the number of passwords to save in\n" +"history, the number of character classes required (for stronger passwords)\n" +"and the minimum password length.\n" +"\n" +"By default there is a single, global policy for all users. You can also\n" +"create a password policy to apply to a group. Each user is only subject\n" +"to one password policy, either the group policy or the global policy. A\n" +"group policy stands alone; it is not a super-set of the global policy plus\n" +"custom settings.\n" +"\n" +"Each group password policy requires a unique priority setting. If a user\n" +"is in multiple groups that have password policies, this priority determines\n" +"which password policy is applied. A lower value indicates a higher priority\n" +"policy.\n" +"\n" +"Group password policies are automatically removed when the groups they\n" +"are associated with are removed.\n" +"\n" +"Grace period defines the number of LDAP logins allowed after expiration.\n" +"-1 means do not enforce expiration to match previous behavior. 0 allows\n" +"no additional logins after expiration.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Modify the global policy:\n" +" ipa pwpolicy-mod --minlength=10\n" +"\n" +" Add a new group password policy:\n" +" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" +"minlength=8 --priority=10 localadmins\n" +"\n" +" Display the global password policy:\n" +" ipa pwpolicy-show\n" +"\n" +" Display a group password policy:\n" +" ipa pwpolicy-show localadmins\n" +"\n" +" Display the policy that would be applied to a given user:\n" +" ipa pwpolicy-show --user=tuser1\n" +"\n" +" Modify a group password policy:\n" +" ipa pwpolicy-mod --minclasses=2 localadmins\n" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:96 +msgid "Class of Service object used for linking policies with groups" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:147 +#, python-format +msgid "priority must be a unique value (%(prio)d already used by %(gname)s)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:175 +msgid "Add Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:198 +msgid "Delete Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:204 +msgid "Modify Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:222 +msgid "Display Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:228 +msgid "Search for Class of Service entry" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:241 +msgid "password policy" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:242 +msgid "password policies" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:301 +msgid "Password Policies" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:374 +msgid "Max repeat" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:375 +msgid "Maximum number of same consecutive characters" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:383 +msgid "Max sequence" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:384 +msgid "The max. length of monotonic character sequences (abcd)" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:392 +msgid "Dictionary check" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:393 +msgid "Check if the password is a dictionary word" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:399 +msgid "User check" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:400 +msgid "Check if the password contains the username" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:406 +msgid "Grace login limit" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:407 +msgid "Number of LDAP authentications allowed after expiration" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:482 +msgid "" +"Minimum length must be >= 6 if maxrepeat, maxsequence, dictcheck or " +"usercheck are defined" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:508 +msgid "Maximum password life must be equal to or greater than the minimum." +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:567 +msgid "cannot delete global password policy" +msgstr "" + +#: ipaserver/plugins/pwpolicy.py:603 +msgid "priority cannot be set on global policy" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:89 +msgid "HBAC rule and local members cannot both be set" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:128 +msgid "Invalid SELinux user name, must match {}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:142 +#, python-brace-format +msgid "Invalid MLS value, must match {mls}, where max level {mls_max}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:147 +#, python-brace-format +msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:161 +msgid "SELinux user map list not found in configuration" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:166 +#, python-format +msgid "SELinux user %(user)s not found in ordering list (in config)" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:176 +msgid "SELinux User Map rule" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:177 +msgid "SELinux User Map rules" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:233 +msgid "SELinux User Maps" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:234 +msgid "SELinux User Map" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:309 +#, python-format +msgid "HBAC rule %(rule)s not found" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:330 +#, python-format +msgid "Added SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:368 +#, python-format +msgid "Deleted SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:376 +#, python-format +msgid "Modified SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:449 +#, python-format +msgid "%(count)d SELinux User Map matched" +msgid_plural "%(count)d SELinux User Maps matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/selinuxusermap.py:499 +#, python-format +msgid "Enabled SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/selinuxusermap.py:529 +#, python-format +msgid "Disabled SELinux User Map \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:60 +msgid "" +"\n" +"Services\n" +"\n" +"A IPA service represents a service that runs on a host. The IPA service\n" +"record can store a Kerberos principal, an SSL certificate, or both.\n" +"\n" +"An IPA service can be managed directly from a machine, provided that\n" +"machine has been given the correct permission. This is true even for\n" +"machines other than the one the service is associated with. For example,\n" +"requesting an SSL certificate using the host service principal credentials\n" +"of the host. To manage a service using host credentials you need to\n" +"kinit as the host:\n" +"\n" +" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" +"\n" +"Adding an IPA service allows the associated service to request an SSL\n" +"certificate or keytab, but this is performed as a separate step; they\n" +"are not produced as a result of adding the service.\n" +"\n" +"Only the public aspect of a certificate is stored in a service record;\n" +"the private key is not stored.\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new IPA service:\n" +" ipa service-add HTTP/web.example.com\n" +"\n" +" Allow a host to manage an IPA service certificate:\n" +" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" +" ipa role-add-member --hosts=web.example.com certadmin\n" +"\n" +" Override a default list of supported PAC types for the service:\n" +" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" +"\n" +" A typical use case where overriding the PAC type is needed is NFS.\n" +" Currently the related code in the Linux kernel can only handle Kerberos\n" +" tickets up to a maximal size. Since the PAC data can become quite large " +"it\n" +" is recommended to set --pac-type=NONE for NFS services.\n" +"\n" +" Delete an IPA service:\n" +" ipa service-del HTTP/web.example.com\n" +"\n" +" Find all IPA services associated with a host:\n" +" ipa service-find web.example.com\n" +"\n" +" Find all HTTP services:\n" +" ipa service-find HTTP\n" +"\n" +" Disable the service Kerberos key and SSL certificate:\n" +" ipa service-disable HTTP/web.example.com\n" +"\n" +" Request a certificate for an IPA service:\n" +" ipa cert-request --principal=HTTP/web.example.com example.csr\n" +msgstr "" + +#: ipaserver/plugins/service.py:113 +msgid "" +"\n" +" Allow user to create a keytab:\n" +" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" +msgstr "" + +#: ipaserver/plugins/service.py:116 +msgid "" +"\n" +" Generate and retrieve a keytab for an IPA service:\n" +" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" +"httpd.keytab\n" +"\n" +msgstr "" + +#: ipaserver/plugins/service.py:180 +msgid "Trusted to authenticate as user" +msgstr "" + +#: ipaserver/plugins/service.py:181 +msgid "The service is allowed to authenticate on behalf of a client" +msgstr "" + +#: ipaserver/plugins/service.py:226 +#, python-format +msgid "authentication indicators not allowed in service \"%s\"" +msgstr "" + +#: ipaserver/plugins/service.py:242 +msgid "Malformed principal" +msgstr "" + +#: ipaserver/plugins/service.py:321 +msgid "{} is required by the IPA master" +msgstr "" + +#: ipaserver/plugins/service.py:395 +msgid "service" +msgstr "" + +#: ipaserver/plugins/service.py:396 +msgid "services" +msgstr "" + +#: ipaserver/plugins/service.py:512 +msgid "Service principal alias" +msgstr "" + +#: ipaserver/plugins/service.py:520 +msgid "Base-64 encoded service certificate" +msgstr "" + +#: ipaserver/plugins/service.py:571 +msgid "" +"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-" +"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " +"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " +"'hardened' to allow brute-force hardened password authentication by SPAKE or " +"FAST. With no indicator specified, all authentication mechanisms are allowed." +msgstr "" + +#: ipaserver/plugins/service.py:596 +msgid "NONE value cannot be combined with other PAC types" +msgstr "" + +#: ipaserver/plugins/service.py:648 +msgid "Add a new IPA service." +msgstr "" + +#: ipaserver/plugins/service.py:650 ipaserver/plugins/service.py:719 +#, python-format +msgid "Added service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:656 +msgid "force principal name even if host not in DNS" +msgstr "" + +#: ipaserver/plugins/service.py:659 +msgid "Skip host check" +msgstr "" + +#: ipaserver/plugins/service.py:660 +msgid "" +"force service to be created even when host object does not exist to manage it" +msgstr "" + +#: ipaserver/plugins/service.py:678 ipaserver/plugins/service.py:787 +#, python-format +msgid "The host '%s' does not exist to add a service to." +msgstr "" + +#: ipaserver/plugins/service.py:717 +msgid "Add a new SMB service." +msgstr "" + +#: ipaserver/plugins/service.py:733 +msgid "SMB service NetBIOS name" +msgstr "" + +#: ipaserver/plugins/service.py:847 +#, python-format +msgid "Deleted service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:867 +#, python-format +msgid "Modified service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:918 +#, python-format +msgid "%(count)d service matched" +msgid_plural "%(count)d services matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/service.py:1117 +#, python-format +msgid "Disabled service \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:1158 +#, python-format +msgid "Added certificates to service principal \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:1165 +#, python-format +msgid "Removed certificates from service principal \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:1181 +msgid "Add new principal alias to a service" +msgstr "" + +#: ipaserver/plugins/service.py:1182 +#, python-format +msgid "Added new aliases to the service principal \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/service.py:1193 +msgid "Remove principal alias from a service" +msgstr "" + +#: ipaserver/plugins/service.py:1194 +#, python-format +msgid "Removed aliases to the service principal \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:65 +msgid "" +"\n" +"Stageusers\n" +"\n" +"Manage stage user entries.\n" +"\n" +"Stage user entries are directly under the container: \"cn=stage users,\n" +"cn=accounts, cn=provisioning, SUFFIX\".\n" +"Users can not authenticate with those entries (even if the entries\n" +"contain credentials). Those entries are only candidate to become Active " +"entries.\n" +"\n" +"Active user entries are Posix users directly under the container: " +"\"cn=accounts, SUFFIX\".\n" +"Users can authenticate with Active entries, at the condition they have\n" +"credentials.\n" +"\n" +"Deleted user entries are Posix users directly under the container: " +"\"cn=deleted users,\n" +"cn=accounts, cn=provisioning, SUFFIX\".\n" +"Users can not authenticate with those entries, even if the entries contain " +"credentials.\n" +"\n" +"The stage user container contains entries:\n" +" - created by 'stageuser-add' commands that are Posix users,\n" +" - created by external provisioning system.\n" +"\n" +"A valid stage user entry MUST have:\n" +" - entry RDN is 'uid',\n" +" - ipaUniqueID is 'autogenerate'.\n" +"\n" +"IPA supports a wide range of username formats, but you need to be aware of " +"any\n" +"restrictions that may apply to your particular environment. For example,\n" +"usernames that start with a digit or usernames that exceed a certain length\n" +"may cause problems for some UNIX systems.\n" +"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" +"\n" +"\n" +"EXAMPLES:\n" +"\n" +" Add a new stageuser:\n" +" ipa stageuser-add --first=Tim --last=User --password tuser1\n" +"\n" +" Add a stageuser from the deleted users container:\n" +" ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" +"\n" +msgstr "" + +#: ipaserver/plugins/stageuser.py:128 +msgid "Stage Users" +msgstr "" + +#: ipaserver/plugins/stageuser.py:129 +msgid "Stage User" +msgstr "" + +#: ipaserver/plugins/stageuser.py:130 +msgid "stage user" +msgstr "" + +#: ipaserver/plugins/stageuser.py:131 +msgid "stage users" +msgstr "" + +#: ipaserver/plugins/stageuser.py:278 +#, python-format +msgid "Added stage user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:297 +msgid "givenname is required" +msgstr "" + +#: ipaserver/plugins/stageuser.py:300 +msgid "sn is required" +msgstr "" + +#: ipaserver/plugins/stageuser.py:431 +#, python-format +msgid "Deleted stage user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:437 +#, python-format +msgid "Modified stage user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:484 ipaserver/plugins/user.py:883 +#, python-format +msgid "%(count)d user matched" +msgid_plural "%(count)d users matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/stageuser.py:508 +#, python-format +msgid "Activate a stage user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:521 +msgid "Entry RDN is not 'uid'" +msgstr "" + +#: ipaserver/plugins/stageuser.py:527 +#, python-format +msgid "Entry has no '%(attribute)s'" +msgstr "" + +#: ipaserver/plugins/stageuser.py:703 +#, python-format +msgid "active user with name \"%(user)s\" already exists" +msgstr "" + +#: ipaserver/plugins/stageuser.py:767 +#, python-format +msgid "Stage user %s activated" +msgstr "" + +#: ipaserver/plugins/stageuser.py:784 +msgid "Add one or more certificates to the stageuser entry" +msgstr "" + +#: ipaserver/plugins/stageuser.py:785 +#, python-format +msgid "Added certificates to stageuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:790 +msgid "Remove one or more certificates to the stageuser entry" +msgstr "" + +#: ipaserver/plugins/stageuser.py:791 +#, python-format +msgid "Removed certificates from stageuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:796 +msgid "Add new principal alias to the stageuser entry" +msgstr "" + +#: ipaserver/plugins/stageuser.py:797 +#, python-format +msgid "Added new aliases to stageuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:802 +msgid "Remove principal alias from the stageuser entry" +msgstr "" + +#: ipaserver/plugins/stageuser.py:803 +#, python-format +msgid "Removed aliases from stageuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/stageuser.py:808 +msgid "Add one or more certificate mappings to the stage user entry." +msgstr "" + +#: ipaserver/plugins/stageuser.py:814 +msgid "Remove one or more certificate mappings from the stage user entry." +msgstr "" + +#: ipaserver/plugins/idviews.py:72 ipaserver/plugins/idviews.py:123 +#: ipaserver/plugins/idviews.py:131 ipaserver/plugins/idviews.py:352 +#: ipaserver/plugins/idviews.py:843 +msgid "ID View" +msgstr "" + +#: ipaserver/plugins/idviews.py:74 +msgid "system ID View" +msgstr "" + +#: ipaserver/plugins/idviews.py:124 ipaserver/plugins/idviews.py:130 +msgid "ID Views" +msgstr "" + +#: ipaserver/plugins/idviews.py:145 +msgid "User object overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:149 +msgid "Group object overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:153 +msgid "Hosts the view applies to" +msgstr "" + +#: ipaserver/plugins/idviews.py:197 +#, python-format +msgid "Added ID View \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:214 +#, python-format +msgid "Deleted ID View \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:227 +#, python-format +msgid "Modified an ID View \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:243 +#, python-format +msgid "%(count)d ID View matched" +msgid_plural "%(count)d ID Views matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:353 +msgid "Default Trust View cannot be applied on hosts" +msgstr "" + +#: ipaserver/plugins/idviews.py:381 ipaserver/plugins/idviews.py:414 +msgid "not found" +msgstr "" + +#: ipaserver/plugins/idviews.py:395 +msgid "ID View cannot be applied to IPA master" +msgstr "" + +#: ipaserver/plugins/idviews.py:412 +msgid "ID View already applied" +msgstr "" + +#: ipaserver/plugins/idviews.py:432 +msgid "value" +msgstr "" + +#: ipaserver/plugins/idviews.py:445 +#, python-format +msgid "ID View applied to %i host." +msgstr "" + +#: ipaserver/plugins/idviews.py:446 +#, python-format +msgid "ID View applied to %i hosts." +msgstr "" + +#: ipaserver/plugins/idviews.py:488 +#, python-format +msgid "ID View cleared from %i host." +msgstr "" + +#: ipaserver/plugins/idviews.py:489 +#, python-format +msgid "ID View cleared from %i hosts." +msgstr "" + +#: ipaserver/plugins/idviews.py:557 +msgid "" +"You are trying to reference a magic private group which is not allowed to be " +"overridden. Try overriding the GID attribute of the corresponding user " +"instead." +msgstr "" + +#: ipaserver/plugins/idviews.py:595 +msgid "IPA object" +msgstr "" + +#: ipaserver/plugins/idviews.py:596 +msgid "" +"system IPA objects (e.g. system groups, user private groups) cannot be " +"overridden" +msgstr "" + +#: ipaserver/plugins/idviews.py:690 +#, python-format +msgid "Anchor '%(anchor)s' could not be resolved." +msgstr "" + +#: ipaserver/plugins/idviews.py:844 +msgid "Default Trust View cannot contain IPA users" +msgstr "" + +#: ipaserver/plugins/idviews.py:888 +msgid "Add a new ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:889 +#, python-format +msgid "Added ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:904 +msgid "Delete an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:905 +#, python-format +msgid "Deleted ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:928 +msgid "Modify an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:929 +#, python-format +msgid "Modified an ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:936 +msgid "ID override" +msgstr "" + +#: ipaserver/plugins/idviews.py:937 +msgid "ID overrides cannot be renamed" +msgstr "" + +#: ipaserver/plugins/idviews.py:949 +msgid "Search for an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:950 +#, python-format +msgid "%(count)d ID override matched" +msgid_plural "%(count)d ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:962 +msgid "Display information about an ID override." +msgstr "" + +#: ipaserver/plugins/idviews.py:974 ipaserver/plugins/idviews.py:978 +msgid "User ID override" +msgstr "" + +#: ipaserver/plugins/idviews.py:975 ipaserver/plugins/idviews.py:977 +msgid "User ID overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:1097 ipaserver/plugins/idviews.py:1101 +msgid "Group ID override" +msgstr "" + +#: ipaserver/plugins/idviews.py:1098 ipaserver/plugins/idviews.py:1100 +msgid "Group ID overrides" +msgstr "" + +#: ipaserver/plugins/idviews.py:1142 +msgid "Add one or more certificates to the idoverrideuser entry" +msgstr "" + +#: ipaserver/plugins/idviews.py:1143 +#, python-format +msgid "Added certificates to idoverrideuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1165 +msgid "Remove one or more certificates to the idoverrideuser entry" +msgstr "" + +#: ipaserver/plugins/idviews.py:1166 +#, python-format +msgid "Removed certificates from idoverrideuser \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1190 +#, python-format +msgid "Added User ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1215 +#, python-format +msgid "Deleted User ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1221 +#, python-format +msgid "Modified an User ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1253 +#, python-format +msgid "%(count)d User ID override matched" +msgid_plural "%(count)d User ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/idviews.py:1289 +#, python-format +msgid "Added Group ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1295 +#, python-format +msgid "Deleted Group ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1301 +#, python-format +msgid "Modified an Group ID override \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/idviews.py:1307 +#, python-format +msgid "%(count)d Group ID override matched" +msgid_plural "%(count)d Group ID overrides matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/ldap2.py:278 +msgid "Could not read UPG Definition originfilter. Check your permissions." +msgstr "" + +#: ipaserver/plugins/ca.py:21 +msgid "" +"\n" +"Manage Certificate Authorities\n" +msgstr "" + +#: ipaserver/plugins/ca.py:23 +msgid "" +"\n" +"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped " +"issuance\n" +"of X.509 certificates.\n" +msgstr "" + +#: ipaserver/plugins/ca.py:26 +msgid "" +"\n" +"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n" +"operator has permission to bypass CA ACLs.\n" +msgstr "" + +#: ipaserver/plugins/ca.py:29 +msgid "" +"\n" +"All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n" +"prevents it from issuing certificates but does not affect the validity of " +"its\n" +"certificate.\n" +msgstr "" + +#: ipaserver/plugins/ca.py:33 +msgid "" +"\n" +"CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its " +"signing\n" +"certificate to be revoked and its private key deleted.\n" +msgstr "" + +#: ipaserver/plugins/ca.py:38 +msgid "" +"\n" +" Create new CA, subordinate to the IPA CA (requires permission\n" +" \"System: Add CA\"):\n" +"\n" +" ipa ca-add puppet --desc \"Puppet\" \\\n" +" --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n" +msgstr "" + +#: ipaserver/plugins/ca.py:44 +msgid "" +"\n" +" Disable a CA (requires permission \"System: Modify CA\"):\n" +"\n" +" ipa ca-disable puppet\n" +msgstr "" + +#: ipaserver/plugins/ca.py:48 +msgid "" +"\n" +" Re-enable a CA (requires permission \"System: Modify CA\"):\n" +"\n" +" ipa ca-enable puppet\n" +msgstr "" + +#: ipaserver/plugins/ca.py:52 +msgid "" +"\n" +" Delete a CA (requires permission \"System: Delete CA\"; also requires\n" +" CA to be disabled first):\n" +"\n" +" ipa ca-del puppet\n" +msgstr "" + +#: ipaserver/plugins/ca.py:69 ipaserver/plugins/ca.py:80 +msgid "Certificate Authority" +msgstr "" + +#: ipaserver/plugins/ca.py:70 ipaserver/plugins/ca.py:79 +msgid "Certificate Authorities" +msgstr "" + +#: ipaserver/plugins/ca.py:87 +msgid "Name for referencing the CA" +msgstr "" + +#: ipaserver/plugins/ca.py:92 +msgid "Description of the purpose of the CA" +msgstr "" + +#: ipaserver/plugins/ca.py:96 +msgid "Authority ID" +msgstr "" + +#: ipaserver/plugins/ca.py:97 +msgid "Dogtag Authority ID" +msgstr "" + +#: ipaserver/plugins/ca.py:102 ipaserver/plugins/ca.py:296 +msgid "Subject DN" +msgstr "" + +#: ipaserver/plugins/ca.py:103 +msgid "Subject Distinguished Name" +msgstr "" + +#: ipaserver/plugins/ca.py:108 ipaserver/plugins/cert.py:426 +msgid "Issuer DN" +msgstr "" + +#: ipaserver/plugins/ca.py:109 +msgid "Issuer Distinguished Name" +msgstr "" + +#: ipaserver/plugins/ca.py:115 ipaserver/plugins/cert.py:354 +msgid "Base-64 encoded certificate." +msgstr "" + +#: ipaserver/plugins/ca.py:120 ipaserver/plugins/cert.py:359 +msgid "Certificate chain" +msgstr "" + +#: ipaserver/plugins/ca.py:121 ipaserver/plugins/cert.py:360 +msgid "X.509 certificate chain" +msgstr "" + +#: ipaserver/plugins/ca.py:127 +msgid "RSN Version" +msgstr "" + +#: ipaserver/plugins/ca.py:128 +msgid "Random Serial Number Version" +msgstr "" + +#: ipaserver/plugins/ca.py:228 +msgid "Search for CAs." +msgstr "" + +#: ipaserver/plugins/ca.py:230 +#, python-format +msgid "%(count)d CA matched" +msgid_plural "%(count)d CAs matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/ca.py:247 ipaserver/plugins/cert.py:596 +msgid "Include certificate chain in output" +msgstr "" + +#: ipaserver/plugins/ca.py:253 +msgid "Display the properties of a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:270 +msgid "Create a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:271 +#, python-format +msgid "Created CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:281 +#, python-format +msgid "Insufficient 'add' privilege for entry '%s'." +msgstr "" + +#: ipaserver/plugins/ca.py:297 +#, python-format +msgid "Unrecognized attributes: %(attrs)s" +msgstr "" + +#: ipaserver/plugins/ca.py:312 +#, python-format +msgid "Subject DN is already used by CA '%s'" +msgstr "" + +#: ipaserver/plugins/ca.py:336 +msgid "Delete a CA (must be disabled first)." +msgstr "" + +#: ipaserver/plugins/ca.py:338 +#, python-format +msgid "Deleted CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:347 +msgid "Insufficient privilege to delete a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:353 +msgid "IPA CA cannot be deleted" +msgstr "" + +#: ipaserver/plugins/ca.py:362 +msgid "Must be disabled first" +msgstr "" + +#: ipaserver/plugins/ca.py:370 +msgid "Modify CA configuration." +msgstr "" + +#: ipaserver/plugins/ca.py:371 +#, python-format +msgid "Modified CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:397 +msgid "Insufficient privilege to modify a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:413 +msgid "Disable a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:414 +#, python-format +msgid "Disabled CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/ca.py:421 +msgid "IPA CA cannot be disabled" +msgstr "" + +#: ipaserver/plugins/ca.py:431 +msgid "Enable a CA." +msgstr "" + +#: ipaserver/plugins/ca.py:432 +#, python-format +msgid "Enabled CA \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/cert.py:69 +msgid "" +"\n" +"IPA certificate operations\n" +msgstr "" + +#: ipaserver/plugins/cert.py:71 +msgid "" +"\n" +"Implements a set of commands for managing server SSL certificates.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:73 +msgid "" +"\n" +"Certificate requests exist in the form of a Certificate Signing Request " +"(CSR)\n" +"in PEM format.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:76 +msgid "" +"\n" +"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" +"subject to values configured in the server.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:79 +msgid "" +"\n" +"A certificate is stored with a service principal and a service principal\n" +"needs a host.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:82 +msgid "" +"\n" +"In order to request a certificate:\n" +msgstr "" + +#: ipaserver/plugins/cert.py:84 +msgid "" +"\n" +"* The host must exist\n" +"* The service must exist (or you use the --add option to automatically add " +"it)\n" +msgstr "" + +#: ipaserver/plugins/cert.py:87 +msgid "" +"\n" +"SEARCHING:\n" +msgstr "" + +#: ipaserver/plugins/cert.py:89 +msgid "" +"\n" +"Certificates may be searched on by certificate subject, serial number,\n" +"revocation reason, validity dates and the issued date.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:92 +msgid "" +"\n" +"When searching on dates the _from date does a >= search and the _to date\n" +"does a <= search. When combined these are done as an AND.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:95 +msgid "" +"\n" +"Dates are treated as GMT to match the dates in the certificates.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:97 +msgid "" +"\n" +"The date format is YYYY-mm-dd.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:101 +msgid "" +"\n" +" Request a new certificate and add the principal:\n" +" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" +msgstr "" + +#: ipaserver/plugins/cert.py:104 +msgid "" +"\n" +" Retrieve an existing certificate:\n" +" ipa cert-show 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:107 +msgid "" +"\n" +" Revoke a certificate (see RFC 5280 for reason details):\n" +" ipa cert-revoke --revocation-reason=6 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:110 +msgid "" +"\n" +" Remove a certificate from revocation hold status:\n" +" ipa cert-remove-hold 1032\n" +msgstr "" + +#: ipaserver/plugins/cert.py:113 +msgid "" +"\n" +" Check the status of a signing request:\n" +" ipa cert-status 10\n" +msgstr "" + +#: ipaserver/plugins/cert.py:116 +msgid "" +"\n" +" Search for certificates by hostname:\n" +" ipa cert-find --subject=ipaserver.example.com\n" +msgstr "" + +#: ipaserver/plugins/cert.py:119 +msgid "" +"\n" +" Search for revoked certificates by reason:\n" +" ipa cert-find --revocation-reason=5\n" +msgstr "" + +#: ipaserver/plugins/cert.py:122 +msgid "" +"\n" +" Search for certificates based on issuance date\n" +" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" +msgstr "" + +#: ipaserver/plugins/cert.py:125 +msgid "" +"\n" +" Search for certificates owned by a specific user:\n" +" ipa cert-find --user=user\n" +msgstr "" + +#: ipaserver/plugins/cert.py:128 +msgid "" +"\n" +" Examine a certificate:\n" +" ipa cert-find --file=cert.pem --all\n" +msgstr "" + +#: ipaserver/plugins/cert.py:131 +msgid "" +"\n" +" Verify that a certificate is owned by a specific user:\n" +" ipa cert-find --file=cert.pem --user=user\n" +msgstr "" + +#: ipaserver/plugins/cert.py:134 +msgid "" +"\n" +"IPA currently immediately issues (or declines) all certificate requests so\n" +"the status of a request is not normally useful. This is for future use\n" +"or the case where a CA does not immediately issue a certificate.\n" +msgstr "" + +#: ipaserver/plugins/cert.py:138 +msgid "" +"\n" +"The following revocation reasons are supported:\n" +"\n" +msgstr "" + +#: ipaserver/plugins/cert.py:141 +msgid " * 0 - unspecified\n" +msgstr "" + +#: ipaserver/plugins/cert.py:142 +msgid " * 1 - keyCompromise\n" +msgstr "" + +#: ipaserver/plugins/cert.py:143 +msgid " * 2 - cACompromise\n" +msgstr "" + +#: ipaserver/plugins/cert.py:144 +msgid " * 3 - affiliationChanged\n" +msgstr "" + +#: ipaserver/plugins/cert.py:145 +msgid " * 4 - superseded\n" +msgstr "" + +#: ipaserver/plugins/cert.py:146 +msgid " * 5 - cessationOfOperation\n" +msgstr "" + +#: ipaserver/plugins/cert.py:147 +msgid " * 6 - certificateHold\n" +msgstr "" + +#: ipaserver/plugins/cert.py:148 +msgid " * 8 - removeFromCRL\n" +msgstr "" + +#: ipaserver/plugins/cert.py:149 +msgid " * 9 - privilegeWithdrawn\n" +msgstr "" + +#: ipaserver/plugins/cert.py:150 +msgid " * 10 - aACompromise\n" +msgstr "" + +#: ipaserver/plugins/cert.py:151 +msgid "" +"\n" +"Note that reason code 7 is not used. See RFC 5280 for more details:\n" +msgstr "" + +#: ipaserver/plugins/cert.py:153 +msgid "" +"\n" +"http://www.ietf.org/rfc/rfc5280.txt\n" +"\n" +msgstr "" + +#: ipaserver/plugins/cert.py:289 +#, python-format +msgid "" +"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile " +"'%(profile_id)s' for certificate issuance." +msgstr "" + +#: ipaserver/plugins/cert.py:309 +msgid "enabledService/configuredService not in ipaConfigString kdc entry" +msgstr "" + +#: ipaserver/plugins/cert.py:313 +#, python-format +msgid "Host '%(hostname)s' is not an active KDC" +msgstr "" + +#: ipaserver/plugins/cert.py:347 +msgid "Issuing CA" +msgstr "" + +#: ipaserver/plugins/cert.py:348 +msgid "Name of issuing CA" +msgstr "" + +#: ipaserver/plugins/cert.py:370 +msgid "Subject email address" +msgstr "" + +#: ipaserver/plugins/cert.py:375 +msgid "Subject DNS name" +msgstr "" + +#: ipaserver/plugins/cert.py:380 +msgid "Subject X.400 address" +msgstr "" + +#: ipaserver/plugins/cert.py:385 +msgid "Subject directory name" +msgstr "" + +#: ipaserver/plugins/cert.py:390 +msgid "Subject EDI Party name" +msgstr "" + +#: ipaserver/plugins/cert.py:395 +msgid "Subject URI" +msgstr "" + +#: ipaserver/plugins/cert.py:400 +msgid "Subject IP Address" +msgstr "" + +#: ipaserver/plugins/cert.py:405 +msgid "Subject OID" +msgstr "" + +#: ipaserver/plugins/cert.py:410 +msgid "Subject UPN" +msgstr "" + +#: ipaserver/plugins/cert.py:415 +msgid "Subject Kerberos principal name" +msgstr "" + +#: ipaserver/plugins/cert.py:420 +msgid "Subject Other Name" +msgstr "" + +#: ipaserver/plugins/cert.py:458 +msgid "Serial number (hex)" +msgstr "" + +#: ipaserver/plugins/cert.py:581 +msgid "Request status" +msgstr "" + +#: ipaserver/plugins/cert.py:627 +msgid "" +"automatically add the principal if it doesn't exist (service principals only)" +msgstr "" + +#: ipaserver/plugins/cert.py:676 +#, python-format +msgid "krbtgt certs can use only the %s profile" +msgstr "" + +#: ipaserver/plugins/cert.py:728 +msgid "No Common Name was found in subject of request." +msgstr "" + +#: ipaserver/plugins/cert.py:736 +#, python-format +msgid "" +"hostname in subject of request '%(cn)s' does not match name or aliases of " +"principal '%(principal)s'" +msgstr "" + +#: ipaserver/plugins/cert.py:742 +#, python-format +msgid "" +"hostname in subject of request '%(cn)s' does not match principal hostname " +"'%(hostname)s'" +msgstr "" + +#: ipaserver/plugins/cert.py:751 +msgid "DN commonName does not match user's login" +msgstr "" + +#: ipaserver/plugins/cert.py:765 +msgid "DN emailAddress does not match any of user's email addresses" +msgstr "" + +#: ipaserver/plugins/cert.py:774 +#, python-format +msgid "" +"Insufficient 'write' privilege to the 'userCertificate' attribute of entry " +"'%s'." +msgstr "" + +#: ipaserver/plugins/cert.py:795 ipaserver/plugins/cert.py:913 +#, python-format +msgid "subject alt name type %s is forbidden for user principals" +msgstr "" + +#: ipaserver/plugins/cert.py:840 +#, python-format +msgid "" +"The service principal for subject alt name %s in certificate request does " +"not exist" +msgstr "" + +#: ipaserver/plugins/cert.py:871 +#, python-format +msgid "" +"Insufficient privilege to create a certificate with subject alt name '%s'." +msgstr "" + +#: ipaserver/plugins/cert.py:889 +#, python-format +msgid "Principal '%s' in subject alt name does not match requested principal" +msgstr "" + +#: ipaserver/plugins/cert.py:898 +msgid "RFC822Name does not match any of user's email addresses" +msgstr "" + +#: ipaserver/plugins/cert.py:905 +#, python-format +msgid "subject alt name type %s is forbidden for non-user principals" +msgstr "" + +#: ipaserver/plugins/cert.py:922 +#, python-format +msgid "Subject alt name type %s is forbidden" +msgstr "" + +#: ipaserver/plugins/cert.py:940 +#, python-format +msgid "CA '%s' is disabled" +msgstr "" + +#: ipaserver/plugins/cert.py:1027 +msgid "'add' option" +msgstr "" + +#: ipaserver/plugins/cert.py:1031 +msgid "The principal for this request doesn't exist." +msgstr "" + +#: ipaserver/plugins/cert.py:1147 +#, python-format +msgid "IP address in subjectAltName (%s) unreachable from DNS names" +msgstr "" + +#: ipaserver/plugins/cert.py:1164 +#, python-format +msgid "IP address in subjectAltName (%s) does not have PTR record" +msgstr "" + +#: ipaserver/plugins/cert.py:1176 +#, python-format +msgid "PTR record for SAN IP (%s) does not match A/AAAA records" +msgstr "" + +#: ipaserver/plugins/cert.py:1275 +msgid "Revoked" +msgstr "" + +#: ipaserver/plugins/cert.py:1281 +msgid "" +"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for " +"revocation reason details. " +msgstr "" + +#: ipaserver/plugins/cert.py:1303 +#, python-format +msgid "Owner %s" +msgstr "" + +#: ipaserver/plugins/cert.py:1390 +#, python-format +msgid "" +"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found" +msgstr "" + +#: ipaserver/plugins/cert.py:1459 +msgid "7 is not a valid revocation reason" +msgstr "" + +#: ipaserver/plugins/cert.py:1559 +msgid "Status of the certificate" +msgstr "" + +#: ipaserver/plugins/cert.py:1565 +msgid "Results should contain primary key attribute only (\"certificate\")" +msgstr "" + +#: ipaserver/plugins/cert.py:1581 +#, python-format +msgid "%(count)d certificate matched" +msgid_plural "%(count)d certificates matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/cert.py:1603 +#, python-format +msgid "Search for certificates with these owner %s." +msgstr "" + +#: ipaserver/plugins/cert.py:1614 +#, python-format +msgid "Search for certificates without these owner %s." +msgstr "" + +#: ipaserver/plugins/sudorule.py:43 +msgid "" +"\n" +"Sudo Rules\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:45 +msgid "" +"\n" +"Sudo (su \"do\") allows a system administrator to delegate authority to\n" +"give certain users (or groups of users) the ability to run some (or all)\n" +"commands as root or another user while providing an audit trail of the\n" +"commands and their arguments.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:50 +msgid "" +"\n" +"IPA provides a means to configure the various aspects of Sudo:\n" +" Users: The user(s)/group(s) allowed to invoke Sudo.\n" +" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " +"Sudo.\n" +" Allow Command: The specific command(s) permitted to be run via Sudo.\n" +" Deny Command: The specific command(s) prohibited to be run via Sudo.\n" +" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " +"invoked with.\n" +" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" +" Options: The various Sudoers Options that can modify Sudo's behavior.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:59 +msgid "" +"\n" +"Each option needs to be added separately and no validation is done whether\n" +"the option is known by sudo or is in a valid format. Environment variables\n" +"also need to be set individually. For example env_keep=\"FOO BAR\" in " +"sudoers\n" +"needs be represented as --sudooption env_keep=FOO --sudooption " +"env_keep+=BAR.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:64 +msgid "" +"\n" +"An order can be added to a sudorule to control the order in which they\n" +"are evaluated (if the client supports it). This order is an integer and\n" +"must be unique.\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:68 +msgid "" +"\n" +"IPA provides a designated binddn to use with Sudo located at:\n" +"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:71 +msgid "" +"\n" +"To enable the binddn run the following command to set the password:\n" +"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -H ldap://ipa." +"example.com -ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc," +"dc=example,dc=com\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:78 +msgid "" +"\n" +" Create a new rule:\n" +" ipa sudorule-add readfiles\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:81 +msgid "" +"\n" +" Add sudo command object and add it as allowed command in the rule:\n" +" ipa sudocmd-add /usr/bin/less\n" +" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:85 +msgid "" +"\n" +" Add a host to the rule:\n" +" ipa sudorule-add-host readfiles --hosts server.example.com\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:88 +msgid "" +"\n" +" Add a user to the rule:\n" +" ipa sudorule-add-user readfiles --users jsmith\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:91 +msgid "" +"\n" +" Add a special Sudo rule for default Sudo server configuration:\n" +" ipa sudorule-add defaults\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:94 +msgid "" +"\n" +" Set a default Sudo option:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate'\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:97 +msgid "" +"\n" +" Set multiple default Sudo options:\n" +" ipa sudorule-add-option defaults --sudooption '!authenticate' --" +"sudooption mail_badpass\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:101 +msgid "" +"\n" +" Set SELinux type and role transitions on a rule:\n" +" ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n" +" ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n" +msgstr "" + +#: ipaserver/plugins/sudorule.py:120 +msgid "this option has been deprecated." +msgstr "" + +#: ipaserver/plugins/sudorule.py:148 +msgid "sudo rules" +msgstr "" + +#: ipaserver/plugins/sudorule.py:236 +msgid "Sudo Rules" +msgstr "" + +#: ipaserver/plugins/sudorule.py:237 +msgid "Sudo Rule" +msgstr "" + +#: ipaserver/plugins/sudorule.py:372 +#, python-format +msgid "order must be a unique value (%(order)d already used by %(rule)s)" +msgstr "" + +#: ipaserver/plugins/sudorule.py:403 +#, python-format +msgid "Added Sudo Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudorule.py:410 +#, python-format +msgid "Deleted Sudo Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudorule.py:417 +#, python-format +msgid "Modified Sudo Rule \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/sudorule.py:436 +#, python-format +msgid "" +"%(type)s category cannot be set to 'all' while there are allowed %(objects)s" +msgstr "" + +#: ipaserver/plugins/sudorule.py:442 ipaserver/plugins/user.py:165 +msgid "users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:452 +msgid "command" +msgstr "" + +#: ipaserver/plugins/sudorule.py:452 +msgid "commands" +msgstr "" + +#: ipaserver/plugins/sudorule.py:458 +msgid "runAs user" +msgstr "" + +#: ipaserver/plugins/sudorule.py:458 +msgid "runAs users" +msgstr "" + +#: ipaserver/plugins/sudorule.py:463 +msgid "group runAs" +msgstr "" + +#: ipaserver/plugins/sudorule.py:463 +msgid "runAs groups" +msgstr "" + +#: ipaserver/plugins/sudorule.py:484 +#, python-format +msgid "%(count)d Sudo Rule matched" +msgid_plural "%(count)d Sudo Rules matched" +msgstr[0] "" +msgstr[1] "" + +#: ipaserver/plugins/sudorule.py:556 +msgid "commands cannot be added when command category='all'" +msgstr "" + +#: ipaserver/plugins/sudorule.py:818 ipaserver/plugins/sudorule.py:940 +msgid "users cannot be added when runAs user or runAs group category='all'" +msgstr "" + +#: ipaserver/plugins/sudorule.py:825 +#, python-format +msgid "RunAsUser does not accept '%(name)s' as a user name" +msgstr "" + +#: ipaserver/plugins/sudorule.py:833 +#, python-format +msgid "RunAsUser does not accept '%(name)s' as a group name" +msgstr "" + +#: ipaserver/plugins/sudorule.py:947 +#, python-format +msgid "RunAsGroup does not accept '%(name)s' as a group name" +msgstr "" + +#: ipaserver/plugins/user.py:497 +#, python-format +msgid "Added user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:596 +msgid "Default group for new users is not POSIX" +msgstr "" + +#: ipaserver/plugins/user.py:704 +#, python-format +msgid "Deleted user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:705 +#, python-format +msgid "Preserved user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:723 +#, python-format +msgid "%s: user is already preserved" +msgstr "" + +#: ipaserver/plugins/user.py:847 +#, python-format +msgid "Modified user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:961 +#, python-format +msgid "Undeleted user account \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:975 +#, python-format +msgid "user \"%s\" is already active" +msgstr "" + +#: ipaserver/plugins/user.py:1006 +#, python-format +msgid "Staged user account \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1101 +#, python-format +msgid "Disabled user account \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1123 +#, python-format +msgid "Enabled user account \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1140 +msgid "" +"\n" +" Unlock a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator." +msgstr "" + +#: ipaserver/plugins/user.py:1149 +#, python-format +msgid "Unlocked account \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1181 +msgid "Failed logins" +msgstr "" + +#: ipaserver/plugins/user.py:1185 +msgid "Last successful authentication" +msgstr "" + +#: ipaserver/plugins/user.py:1189 +msgid "Last failed authentication" +msgstr "" + +#: ipaserver/plugins/user.py:1193 +msgid "Time now" +msgstr "" + +#: ipaserver/plugins/user.py:1197 +msgid "Password grace count" +msgstr "" + +#: ipaserver/plugins/user.py:1204 +msgid "" +"\n" +" Lockout status of a user account\n" +"\n" +" An account may become locked if the password is entered incorrectly too\n" +" many times within a specific time period as controlled by password\n" +" policy. A locked account is a temporary condition and may be unlocked " +"by\n" +" an administrator.\n" +"\n" +" This connects to each IPA master and displays the lockout status on\n" +" each one.\n" +"\n" +" To determine whether an account is locked on a given server you need\n" +" to compare the number of failed logins and the time of the last " +"failure.\n" +" For an account to be locked it must exceed the maxfail failures within\n" +" the failinterval duration as specified in the password policy " +"associated\n" +" with the user.\n" +"\n" +" The failed login counter is modified only when a user attempts a log in\n" +" so it is possible that an account may appear locked but the last failed\n" +" login attempt is older than the lockouttime of the password policy. " +"This\n" +" means that the user may attempt a login again. " +msgstr "" + +#: ipaserver/plugins/user.py:1260 +#, python-format +msgid "%(host)s failed: %(error)s" +msgstr "" + +#: ipaserver/plugins/user.py:1300 +#, python-format +msgid "%(host)s failed" +msgstr "" + +#: ipaserver/plugins/user.py:1310 +#, python-format +msgid "Account disabled: %(disabled)s" +msgstr "" + +#: ipaserver/plugins/user.py:1318 +#, python-format +msgid "Added certificates to user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1324 +#, python-format +msgid "Removed certificates from user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1349 +msgid "Add new principal alias to the user entry" +msgstr "" + +#: ipaserver/plugins/user.py:1350 +#, python-format +msgid "Added new aliases to user \"%(value)s\"" +msgstr "" + +#: ipaserver/plugins/user.py:1355 +msgid "Remove principal alias from the user entry" +msgstr "" + +#: ipaserver/plugins/user.py:1356 +#, python-format +msgid "Removed aliases from user \"%(value)s\"" +msgstr "" + +#: ipaserver/servroles.py:296 +#, python-format +msgid "all masters must have %(role)s role enabled" +msgstr "" + +#: ipaserver/servroles.py:401 +#, python-format +msgid "must have %(role)s role enabled" +msgstr "" + +#: ipaserver/servroles.py:443 +msgid "must be enabled only on a single master" +msgstr "" + +#: ipaserver/rpcserver.py:556 +msgid "Request must be a dict" +msgstr "" + +#: ipaserver/rpcserver.py:558 +msgid "Request is missing \"method\"" +msgstr "" + +#: ipaserver/rpcserver.py:560 +msgid "Request is missing \"params\"" +msgstr "" + +#: ipaserver/rpcserver.py:565 +msgid "params must be a list" +msgstr "" + +#: ipaserver/rpcserver.py:567 +msgid "params must contain [args, options]" +msgstr "" + +#: ipaserver/rpcserver.py:570 +msgid "params[0] (aka args) must be a list" +msgstr "" + +#: ipaserver/rpcserver.py:573 +msgid "params[1] (aka options) must be a dict" +msgstr "" + +#: ipaserver/topology.py:14 +#, python-format +msgid "" +"\n" +"Replication topology in suffix '%(suffix)s' is disconnected:\n" +"%(errors)s" +msgstr "" + +#: ipaserver/topology.py:18 +#, python-format +msgid "" +"\n" +"Removal of '%(hostname)s' leads to disconnected topology in suffix " +"'%(suffix)s':\n" +"%(errors)s" +msgstr "" + +#: ipaserver/topology.py:120 +#, python-format +msgid "Topology does not allow server %(server)s to replicate with servers:" +msgstr "" + +#: ipaserver/dcerpc.py:87 +msgid "" +"\n" +"Classes to manage trust joins using DCE-RPC calls\n" +"\n" +"The code in this module relies heavily on samba4-python package\n" +"and Samba4 python bindings.\n" +msgstr "" + +#: ipaserver/dcerpc.py:107 +msgid "CIFS server denied your credentials" +msgstr "" + +#: ipaserver/dcerpc.py:111 +msgid "communication with CIFS server was unsuccessful" +msgstr "" + +#: ipaserver/dcerpc.py:117 ipaserver/dcerpc.py:1376 +msgid "AD domain controller" +msgstr "" + +#: ipaserver/dcerpc.py:118 +msgid "unsupported functional level" +msgstr "" + +#: ipaserver/dcerpc.py:121 +msgid "" +"AD domain controller complains about communication sequence. It may mean " +"unsynchronized time on both sides, for example" +msgstr "" + +#: ipaserver/dcerpc.py:129 ipaserver/dcerpc.py:135 ipaserver/dcerpc.py:138 +msgid "Cannot find specified domain or server name" +msgstr "" + +#: ipaserver/dcerpc.py:141 ipaserver/dcerpc.py:147 +msgid "" +"AD DC was unable to reach any IPA domain controller. Most likely it is a DNS " +"or firewall issue" +msgstr "" + +#: ipaserver/dcerpc.py:151 +msgid "At least the domain or IP address should be specified" +msgstr "" + +#: ipaserver/dcerpc.py:189 +#, python-format +msgid "" +"CIFS server communication error: code \"%(num)s\", message " +"\"%(message)s\" (both may be \"None\")" +msgstr "" + +#: ipaserver/dcerpc.py:293 +msgid "no trusted domain is configured" +msgstr "" + +#: ipaserver/dcerpc.py:301 +msgid "domain is not configured" +msgstr "" + +#: ipaserver/dcerpc.py:308 +msgid "SID is not valid" +msgstr "" + +#: ipaserver/dcerpc.py:323 +msgid "SID does not match exactlywith any trusted domain's SID" +msgstr "" + +#: ipaserver/dcerpc.py:334 +msgid "SID does not match any trusted domain" +msgstr "" + +#: ipaserver/dcerpc.py:376 ipaserver/dcerpc.py:383 ipaserver/dcerpc.py:711 +msgid "Trust setup" +msgstr "" + +#: ipaserver/dcerpc.py:377 +msgid "Our domain is not configured" +msgstr "" + +#: ipaserver/dcerpc.py:384 +msgid "No trusted domain is not configured" +msgstr "" + +#: ipaserver/dcerpc.py:390 ipaserver/dcerpc.py:406 ipaserver/dcerpc.py:424 +#: ipaserver/dcerpc.py:430 ipaserver/dcerpc.py:438 ipaserver/dcerpc.py:453 +#: ipaserver/dcerpc.py:461 ipaserver/dcerpc.py:525 ipaserver/dcerpc.py:581 +msgid "trusted domain object" +msgstr "" + +#: ipaserver/dcerpc.py:391 +msgid "domain is not trusted" +msgstr "" + +#: ipaserver/dcerpc.py:407 +msgid "no trusted domain matched the specified flat name" +msgstr "" + +#: ipaserver/dcerpc.py:411 +msgid "trusted domain object not found" +msgstr "" + +#: ipaserver/dcerpc.py:425 +msgid "Object does not belong to a trusted domain" +msgstr "" + +#: ipaserver/dcerpc.py:431 +msgid "SSSD was unable to resolve the object to a valid SID" +msgstr "" + +#: ipaserver/dcerpc.py:439 ipaserver/dcerpc.py:582 +msgid "Ambiguous search, user domain was not specified" +msgstr "" + +#: ipaserver/dcerpc.py:454 ipaserver/dcerpc.py:526 +msgid "Trusted domain did not return a unique object" +msgstr "" + +#: ipaserver/dcerpc.py:462 +msgid "Trusted domain did not return a valid SID for the object" +msgstr "" + +#: ipaserver/dcerpc.py:566 ipaserver/dcerpc.py:577 +msgid "trusted domain user not found" +msgstr "" + +#: ipaserver/dcerpc.py:712 +msgid "Cannot retrieve trusted domain GC list" +msgstr "" + +#: ipaserver/dcerpc.py:861 +msgid "CIFS credentials object" +msgstr "" + +#: ipaserver/dcerpc.py:899 +#, python-format +msgid "CIFS server %(host)s denied your credentials" +msgstr "" + +#: ipaserver/dcerpc.py:904 +#, python-format +msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?" +msgstr "" + +#: ipaserver/dcerpc.py:1338 +#, python-format +msgid "" +"the IPA server and the remote domain cannot share the same NetBIOS name: %s" +msgstr "" + +#: ipaserver/dcerpc.py:1365 +#, python-brace-format +msgid "" +"There is already a trust to {ipa_domain} with unsupported type {trust_type}. " +"Please remove it manually on AD DC side." +msgstr "" + +#: ipaserver/dcerpc.py:1502 +#, python-format +msgid "" +"IPA master denied trust validation requests from AD DC %(count)d times. Most " +"likely AD DC contacted a replica that has no trust information replicated " +"yet. Additionally, please check that AD DNS is able to resolve %(records)s " +"SRV records to the correct IPA server." +msgstr "" + +#: ipaserver/dcerpc.py:1567 ipaserver/dcerpc.py:1697 +msgid "Credentials" +msgstr "" + +#: ipaserver/dcerpc.py:1568 +msgid "Missing credentials for cross-forest communication" +msgstr "" + +#: ipaserver/dcerpc.py:1698 +msgid "" +"Non-Kerberos user name was specified, please provide user@REALM variant " +"instead" +msgstr "" + +#: ipatests/test_ipalib/test_frontend.py:206 +#, python-format +msgid "must equal %r" +msgstr "" + +#: ipatests/test_ipalib/test_parameters.py:232 +msgid "Hello world" +msgstr "" + +#: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:63 +#: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:71 +#, python-format +msgid "%s: RADIUS proxy server not found" +msgstr "" + +#: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:119 +#, python-format +msgid "RADIUS proxy server with name \"%s\" already exists" +msgstr "" + +#: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:178 +msgid "must be at least 1" +msgstr "" + +#: util/ipa_krb5.c:813 util/ipa_krb5.c:828 +msgid "Out of memory\n" +msgstr "" + +#: util/ipa_krb5.c:846 +msgid "Warning unrecognized encryption type.\n" +msgstr "" + +#: util/ipa_krb5.c:860 +msgid "Warning unrecognized salt type.\n" +msgstr "" + +#: util/ipa_krb5.c:900 +msgid "Out of memory!?\n" +msgstr "" + +#: util/ipa_krb5.c:935 +msgid "Enctype comparison failed!\n" +msgstr "" + +#: util/ipa_krb5.c:988 +msgid "Password is too long!\n" +msgstr "" + +#: util/ipa_krb5.c:1004 +msgid "Failed to create random key!\n" +msgstr "" + +#: util/ipa_krb5.c:1017 util/ipa_krb5.c:1035 util/ipa_krb5.c:1043 +#: util/ipa_krb5.c:1083 +msgid "Failed to create key!\n" +msgstr "" + +#: util/ipa_krb5.c:1069 +msgid "Bad or unsupported salt type.\n" +msgstr "" + +#: util/ipa_ldap.c:79 +#, c-format +msgid "Unable to initialize connection to ldap server %1$s: %2$s\n" +msgstr "" + +#: util/ipa_ldap.c:89 +msgid "Unable to set LDAP_OPT_PROTOCOL_VERSION\n" +msgstr "" + +#: util/ipa_ldap.c:97 +msgid "Unable to set LDAP_OPT_X_SASL_NOCANON\n" +msgstr "" + +#: util/ipa_ldap.c:126 +msgid "Unable to set LDAP_OPT_X_TLS_CACERTFILE\n" +msgstr "" + +#: util/ipa_ldap.c:133 +msgid "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT\n" +msgstr "" + +#: util/ipa_ldap.c:140 +msgid "Unable to set LDAP_OPT_X_TLS_PROTOCOL_MIN\n" +msgstr "" + +#: util/ipa_ldap.c:147 +msgid "" +"Unable to create new TLS context (OpenSSL failed to initialize or to load " +"certificates)\n" +msgstr "" + +#: util/ipa_ldap.c:156 +msgid "Unable to initialize STARTTLS session\n" +msgstr ""