# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR FreeIPA Contributors # This file is distributed under the same license as the freeipa package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: freeipa 4.9.0.dev202006101925+gitba7974bfd\n" "Report-Msgid-Bugs-To: https://pagure.io/freeipa/new_issue\n" "POT-Creation-Date: 2020-06-10 22:26+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" #: ipalib/parameters.py:405 msgid "incorrect type" msgstr "" #: ipalib/parameters.py:408 msgid "Only one value is allowed" msgstr "" #: ipalib/parameters.py:875 msgid "this option is deprecated" msgstr "" #: ipalib/parameters.py:993 msgid "must be True or False" msgstr "" #: ipalib/parameters.py:1091 msgid "must be an integer" msgstr "" #: ipalib/parameters.py:1141 #, python-format msgid "must be at least %(minvalue)d" msgstr "" #: ipalib/parameters.py:1153 #, python-format msgid "can be at most %(maxvalue)d" msgstr "" #: ipalib/parameters.py:1171 msgid "must be a decimal number" msgstr "" #: ipalib/parameters.py:1217 #, python-format msgid "must be at least %(minvalue)s" msgstr "" #: ipalib/parameters.py:1229 #, python-format msgid "can be at most %(maxvalue)s" msgstr "" #: ipalib/parameters.py:1239 #, python-format msgid "" "number class '%(cls)s' is not included in a list of allowed number classes: " "%(allowed)s" msgstr "" #: ipalib/parameters.py:1362 #, python-format msgid "must match pattern \"%(pattern)s\"" msgstr "" #: ipalib/parameters.py:1382 msgid "must be binary data" msgstr "" #: ipalib/parameters.py:1401 #, python-format msgid "must be at least %(minlength)d bytes" msgstr "" #: ipalib/parameters.py:1413 #, python-format msgid "can be at most %(maxlength)d bytes" msgstr "" #: ipalib/parameters.py:1425 #, python-format msgid "must be exactly %(length)d bytes" msgstr "" #: ipalib/parameters.py:1442 msgid "must be a certificate" msgstr "" #: ipalib/parameters.py:1478 msgid "must be a certificate signing request" msgstr "" #: ipalib/parameters.py:1524 #, python-format msgid "Failure decoding Certificate Signing Request: %s" msgstr "" #: ipalib/parameters.py:1548 msgid "must be Unicode text" msgstr "" #: ipalib/parameters.py:1579 msgid "Leading and trailing spaces are not allowed" msgstr "" #: ipalib/parameters.py:1589 #, python-format msgid "must be at least %(minlength)d characters" msgstr "" #: ipalib/parameters.py:1601 #, python-format msgid "can be at most %(maxlength)d characters" msgstr "" #: ipalib/parameters.py:1613 #, python-format msgid "must be exactly %(length)d characters" msgstr "" #: ipalib/parameters.py:1635 #, python-format msgid "The character %(char)r is not allowed." msgstr "" #: ipalib/parameters.py:1683 #, python-format msgid "must be '%(value)s'" msgstr "" #: ipalib/parameters.py:1686 #, python-format msgid "must be one of %(values)s" msgstr "" #: ipalib/parameters.py:1803 msgid "must be datetime value" msgstr "" #: ipalib/parameters.py:1821 msgid "does not match any of accepted formats: " msgstr "" #: ipalib/parameters.py:2004 msgid "incomplete time value" msgstr "" #: ipalib/parameters.py:2081 msgid "must be DNS name" msgstr "" #: ipalib/parameters.py:2109 msgid "must be absolute" msgstr "" #: ipalib/parameters.py:2115 msgid "must be relative" msgstr "" #: ipalib/parameters.py:2126 msgid "must be dictionary" msgstr "" #: ipalib/parameters.py:2135 msgid "must be Kerberos principal" msgstr "" #: ipalib/parameters.py:2151 #, python-format msgid "Malformed principal: '%(value)s'" msgstr "" #: ipalib/parameters.py:2160 msgid "Service principal is required" msgstr "" #: ipalib/plugable.py:532 #, python-format msgid "%(filename)s: file not found" msgstr "" #: ipalib/crud.py:247 ipaclient/remote_plugins/2_114/aci.py:387 msgid "A string searched in all relevant object attributes" msgstr "" #: ipalib/errors.py:290 #, python-format msgid "%(cver)s client incompatible with %(sver)s server at '%(server)s'" msgstr "" #: ipalib/errors.py:308 #, python-format msgid "unknown error %(code)d from %(server)s: %(error)s" msgstr "" #: ipalib/errors.py:324 msgid "an internal error has occurred" msgstr "" #: ipalib/errors.py:346 #, python-format msgid "an internal error has occurred on server at '%(server)s'" msgstr "" #: ipalib/errors.py:362 #, python-format msgid "unknown command '%(name)s'" msgstr "" #: ipalib/errors.py:379 ipalib/errors.py:404 #, python-format msgid "error on server '%(server)s': %(error)s" msgstr "" #: ipalib/errors.py:395 #, python-format msgid "cannot connect to '%(uri)s': %(error)s" msgstr "" #: ipalib/errors.py:413 #, python-format msgid "Invalid JSON-RPC request: %(error)s" msgstr "" #: ipalib/errors.py:429 #, python-format msgid "error marshalling data for XML-RPC transport: %(error)s" msgstr "" #: ipalib/errors.py:445 #, python-format msgid "Missing or invalid HTTP Referer, %(referer)s" msgstr "" #: ipalib/errors.py:463 #, python-format msgid "" "System encoding must be UTF-8, '%(encoding)s' is not supported. Set LC_ALL=" "\"C.UTF-8\", or LC_ALL=\"\" and LC_CTYPE=\"C.UTF-8\"." msgstr "" #: ipalib/errors.py:491 #, python-format msgid "Kerberos error: %(major)s/%(minor)s" msgstr "" #: ipalib/errors.py:508 msgid "did not receive Kerberos credentials" msgstr "" #: ipalib/errors.py:524 #, python-format msgid "Service '%(service)s' not found in Kerberos database" msgstr "" #: ipalib/errors.py:540 msgid "No credentials cache found" msgstr "" #: ipalib/errors.py:556 msgid "Ticket expired" msgstr "" #: ipalib/errors.py:572 msgid "Credentials cache permissions incorrect" msgstr "" #: ipalib/errors.py:588 msgid "Bad format in credentials cache" msgstr "" #: ipalib/errors.py:604 msgid "Cannot resolve KDC for requested realm" msgstr "" #: ipalib/errors.py:616 msgid "Session error" msgstr "" #: ipalib/errors.py:624 #, python-format msgid "Principal %(principal)s cannot be authenticated: %(message)s" msgstr "" #: ipalib/errors.py:660 #, python-format msgid "Insufficient access: %(info)s" msgstr "" #: ipalib/errors.py:704 #, python-format msgid "command '%(name)s' takes no arguments" msgstr "" #: ipalib/errors.py:724 #, python-format msgid "command '%(name)s' takes at most %(count)d argument" msgid_plural "command '%(name)s' takes at most %(count)d arguments" msgstr[0] "" msgstr[1] "" #: ipalib/errors.py:754 #, python-format msgid "overlapping arguments and options: %(names)s" msgstr "" #: ipalib/errors.py:770 #, python-format msgid "'%(name)s' is required" msgstr "" #: ipalib/errors.py:786 ipalib/errors.py:802 #, python-format msgid "invalid '%(name)s': %(error)s" msgstr "" #: ipalib/errors.py:818 #, python-format msgid "api has no such namespace: '%(name)s'" msgstr "" #: ipalib/errors.py:827 msgid "Passwords do not match" msgstr "" #: ipalib/errors.py:836 msgid "Command not implemented" msgstr "" #: ipalib/errors.py:845 msgid "Client is not configured. Run ipa-client-install." msgstr "" #: ipalib/errors.py:854 #, python-format msgid "Could not get %(name)s interactively" msgstr "" #: ipalib/errors.py:869 #, python-format msgid "Command '%(name)s' has been deprecated" msgstr "" #: ipalib/errors.py:885 #, python-format msgid "Domain '%(domain)s' is not a root domain for forest '%(forest)s'" msgstr "" #: ipalib/errors.py:912 ipalib/errors.py:1152 ipalib/errors.py:1231 #: ipalib/errors.py:1397 ipalib/errors.py:1462 ipalib/errors.py:1770 #: ipalib/errors.py:1787 #, python-format msgid "%(reason)s" msgstr "" #: ipalib/errors.py:928 msgid "This entry already exists" msgstr "" #: ipalib/errors.py:944 msgid "You must enroll a host in order to create a host service" msgstr "" #: ipalib/errors.py:960 #, python-format msgid "" "Service principal is not of the form: service/fully-qualified host name: " "%(reason)s" msgstr "" #: ipalib/errors.py:976 msgid "" "The realm for the principal does not match the realm for this IPA server" msgstr "" #: ipalib/errors.py:992 msgid "This command requires root access" msgstr "" #: ipalib/errors.py:1008 msgid "This is already a posix group" msgstr "" #: ipalib/errors.py:1024 #, python-format msgid "Principal is not of the form user@REALM: '%(principal)s'" msgstr "" #: ipalib/errors.py:1040 msgid "This entry is already enabled" msgstr "" #: ipalib/errors.py:1056 msgid "This entry is already disabled" msgstr "" #: ipalib/errors.py:1072 msgid "This entry cannot be enabled or disabled" msgstr "" #: ipalib/errors.py:1088 msgid "This entry is not a member" msgstr "" #: ipalib/errors.py:1104 msgid "A group may not be a member of itself" msgstr "" #: ipalib/errors.py:1120 msgid "This entry is already a member" msgstr "" #: ipalib/errors.py:1136 #, python-format msgid "Base64 decoding failed: %(reason)s" msgstr "" #: ipalib/errors.py:1168 msgid "A group may not be added as a member of itself" msgstr "" #: ipalib/errors.py:1184 msgid "The default users group cannot be removed" msgstr "" #: ipalib/errors.py:1200 msgid "Deleting a managed group is not allowed. It must be detached first." msgstr "" #: ipalib/errors.py:1215 msgid "A managed group cannot have a password policy." msgstr "" #: ipalib/errors.py:1247 #, python-format msgid "'%(entry)s' doesn't have a certificate." msgstr "" #: ipalib/errors.py:1263 #, python-format msgid "Unable to create private group. A group '%(group)s' already exists." msgstr "" #: ipalib/errors.py:1279 #, python-format msgid "" "A problem was encountered when verifying that all members were %(verb)s: " "%(exc)s" msgstr "" #: ipalib/errors.py:1297 #, python-format msgid "%(attr)s does not contain '%(value)s'" msgstr "" #: ipalib/errors.py:1314 #, python-format msgid "" "The search criteria was not specific enough. Expected 1 and found %(found)d." msgstr "" #: ipalib/errors.py:1331 msgid "This group already allows external members" msgstr "" #: ipalib/errors.py:1348 msgid "This group cannot be posix because it is external" msgstr "" #: ipalib/errors.py:1365 msgid "This is already a posix group and cannot be converted to external one" msgstr "" #: ipalib/errors.py:1414 #, python-format msgid "Server removal aborted: %(reason)s." msgstr "" #: ipalib/errors.py:1424 #, python-format msgid "%(operation)s is not supported for %(principal_type)s principals" msgstr "" #: ipalib/errors.py:1434 #, python-format msgid "Request failed with status %(status)s: %(reason)s" msgstr "" #: ipalib/errors.py:1452 #, python-format msgid "" "Mapping ruleset \"%(ruleset)s\" has more than one rule for the %(helper)s " "helper" msgstr "" #: ipalib/errors.py:1486 #, python-format msgid "no command nor help topic '%(topic)s'" msgstr "" #: ipalib/errors.py:1510 msgid "change collided with another change" msgstr "" #: ipalib/errors.py:1526 msgid "no modifications to be performed" msgstr "" #: ipalib/errors.py:1542 #, python-format msgid "%(desc)s: %(info)s" msgstr "" #: ipalib/errors.py:1558 msgid "limits exceeded for this query" msgstr "" #: ipalib/errors.py:1573 #, python-format msgid "%(info)s" msgstr "" #: ipalib/errors.py:1588 msgid "modifying primary key is not allowed" msgstr "" #: ipalib/errors.py:1604 #, python-format msgid "%(attr)s: Only one value allowed." msgstr "" #: ipalib/errors.py:1620 #, python-format msgid "%(attr)s: Invalid syntax." msgstr "" #: ipalib/errors.py:1636 #, python-format msgid "Bad search filter %(info)s" msgstr "" #: ipalib/errors.py:1652 msgid "Not allowed on non-leaf entry" msgstr "" #: ipalib/errors.py:1668 msgid "LDAP timeout" msgstr "" #: ipalib/errors.py:1684 #, python-format msgid "%(task)s LDAP task timeout, Task DN: '%(task_dn)s'" msgstr "" #: ipalib/errors.py:1693 msgid "Configured time limit exceeded" msgstr "" #: ipalib/errors.py:1702 msgid "Configured size limit exceeded" msgstr "" #: ipalib/errors.py:1712 msgid "Configured administrative server limit exceeded" msgstr "" #: ipalib/errors.py:1737 #, python-format msgid "Certificate operation cannot be completed: %(error)s" msgstr "" #: ipalib/errors.py:1753 #, python-format msgid "Certificate format error: %(error)s" msgstr "" #: ipalib/errors.py:1804 msgid "Already registered" msgstr "" #: ipalib/errors.py:1820 msgid "Not registered yet" msgstr "" #: ipalib/errors.py:1836 #, python-format msgid "%(key)s cannot be deleted because %(label)s %(dependent)s requires it" msgstr "" #: ipalib/errors.py:1852 #, python-format msgid "" "%(key)s cannot be deleted or disabled because it is the last member of " "%(label)s %(container)s" msgstr "" #: ipalib/errors.py:1868 #, python-format msgid "%(label)s %(key)s cannot be deleted/modified: %(reason)s" msgstr "" #: ipalib/errors.py:1885 #, python-format msgid "%(name)s certificate is not valid" msgstr "" #: ipalib/errors.py:1903 #, python-format msgid "Schema is up to date (FP '%(fingerprint)s', TTL %(ttl)s s)" msgstr "" #: ipalib/errors.py:1930 #, python-format msgid "Host '%(hostname)s' does not have corresponding DNS A/AAAA record" msgstr "" #: ipalib/errors.py:1948 #, python-format msgid "DNS check failed: Expected {%(expected)s} got {%(got)s}" msgstr "" #: ipalib/errors.py:1964 #, python-format msgid "%(exception)s" msgstr "" #: ipalib/errors.py:1991 #, python-format msgid "" "Forest '%(forest)s' has existing trust to forest(s) %(domains)s which " "prevents a trust to '%(conflict)s'" msgstr "" #: ipalib/output.py:110 msgid "A dictionary representing an LDAP entry" msgstr "" #: ipalib/output.py:118 msgid "A list of LDAP entries" msgstr "" #: ipalib/output.py:170 msgid "All commands should at least have a result" msgstr "" #: ipalib/output.py:173 ipaclient/remote_plugins/2_114/aci.py:307 msgid "User-friendly description of action performed" msgstr "" #: ipalib/output.py:177 ipaclient/remote_plugins/2_114/aci.py:314 msgid "The primary_key value of the entry, e.g. 'jdoe' for a user" msgstr "" #: ipalib/output.py:192 ipaclient/remote_plugins/2_114/aci.py:506 msgid "Number of entries returned" msgstr "" #: ipalib/output.py:193 ipaclient/remote_plugins/2_114/aci.py:511 msgid "True if not all results were returned" msgstr "" #: ipalib/output.py:198 ipalib/output.py:204 msgid "List of deletions that failed" msgstr "" #: ipalib/output.py:210 ipalib/output.py:218 ipaserver/plugins/dns.py:348 msgid "True means the operation was successful" msgstr "" #: ipalib/util.py:207 msgid "Filename is empty" msgstr "" #: ipalib/util.py:211 #, python-format msgid "Permission denied: %(file)s" msgstr "" #: ipalib/util.py:408 ipalib/util.py:940 msgid "empty DNS label" msgstr "" #: ipalib/util.py:411 msgid "DNS label cannot be longer that 63 characters" msgstr "" #: ipalib/util.py:416 #, python-format msgid "" "only letters, numbers, %(chars)s are allowed. DNS label may not start or end " "with %(chars2)s" msgstr "" #: ipalib/util.py:432 msgid "single label {}s are not supported" msgstr "" #: ipalib/util.py:442 msgid "too many '@' characters" msgstr "" #: ipalib/util.py:471 msgid "cannot be longer that {} characters" msgstr "" #: ipalib/util.py:478 msgid "hostname contains empty label (consecutive dots)" msgstr "" #: ipalib/util.py:482 msgid "not fully qualified" msgstr "" #: ipalib/util.py:495 ipalib/util.py:504 msgid "invalid SSH public key" msgstr "" #: ipalib/util.py:507 msgid "options are not allowed" msgstr "" #: ipalib/util.py:743 msgid "invalid hostmask" msgstr "" #: ipalib/util.py:757 #, python-format msgid "query '%(owner)s %(rtype)s': %(error)s" msgstr "" #: ipalib/util.py:761 #, python-format msgid "query '%(owner)s %(rtype)s' with EDNS0: %(error)s" msgstr "" #: ipalib/util.py:765 #, python-format msgid "" "answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG " "data)" msgstr "" #: ipalib/util.py:770 #, python-format msgid "record '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)s" msgstr "" #: ipalib/util.py:938 msgid "invalid escape code in domain name" msgstr "" #: ipalib/util.py:942 msgid "domain name cannot be longer than 255 characters" msgstr "" #: ipalib/util.py:944 msgid "DNS label cannot be longer than 63 characters" msgstr "" #: ipalib/util.py:946 msgid "invalid domain name" msgstr "" #: ipalib/util.py:959 #, python-format msgid "domain name '%(domain)s' should be normalized to: %(normalized)s" msgstr "" #: ipalib/util.py:1071 #, python-format msgid "invalid domain-name: %s" msgstr "" #: ipalib/util.py:1083 #, python-format msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!" msgstr "" #: ipalib/util.py:1089 msgid "invalid IP address format" msgstr "" #: ipalib/util.py:1107 #, python-format msgid "%(port)s is not a valid port" msgstr "" #: ipalib/util.py:1140 msgid "" "at least one value equal to the canonical principal name must be present" msgstr "" #: ipalib/util.py:1227 msgid "realm or UPN suffix overlaps with trusted domain namespace" msgstr "" #: ipalib/messages.py:84 msgid "Additional instructions:" msgstr "" #: ipalib/messages.py:146 #, python-format msgid "" "API Version number was not sent, forward compatibility not guaranteed. " "Assuming server's API version, %(server_version)s" msgstr "" #: ipalib/messages.py:158 msgid "" "DNS forwarder semantics changed since IPA 4.0.\n" "You may want to use forward zones (dnsforwardzone-*) instead.\n" "For more details read the docs." msgstr "" #: ipalib/messages.py:170 #, python-format msgid "" "DNSSEC support is experimental.\n" "%(additional_info)s" msgstr "" #: ipalib/messages.py:180 #, python-format msgid "'%(option)s' option is deprecated. %(additional_info)s" msgstr "" #: ipalib/messages.py:190 #, python-format msgid "" "Semantic of %(label)s was changed. %(current_behavior)s\n" "%(hint)s" msgstr "" #: ipalib/messages.py:201 #, python-format msgid "DNS server %(server)s: %(error)s." msgstr "" #: ipalib/messages.py:211 #, python-format msgid "" "DNS server %(server)s does not support DNSSEC: %(error)s.\n" "If DNSSEC validation is enabled on IPA server(s), please disable it." msgstr "" #: ipalib/messages.py:224 #, python-format msgid "" "forward zone \"%(fwzone)s\" is not effective because of missing proper NS " "delegation in authoritative zone \"%(authzone)s\". Please add NS record " "\"%(ns_rec)s\" to parent zone \"%(authzone)s\"." msgstr "" #: ipalib/messages.py:238 #, python-format msgid "" "DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s.\n" "If DNSSEC validation is enabled on IPA server(s), please disable it." msgstr "" #: ipalib/messages.py:251 #, python-format msgid "" "DNSSEC validation failed: %(error)s.\n" "Please verify your DNSSEC configuration or disable DNSSEC validation on all " "IPA servers." msgstr "" #: ipalib/messages.py:265 #, python-format msgid "" "The _kerberos TXT record from domain %(domain)s could not be created " "(%(error)s).\n" "This can happen if the zone is not managed by IPA. Please create the record " "manually, containing the following value: '%(realm)s'" msgstr "" #: ipalib/messages.py:281 #, python-format msgid "" "The _kerberos TXT record from domain %(domain)s could not be removed " "(%(error)s).\n" "This can happen if the zone is not managed by IPA. Please remove the record " "manually." msgstr "" #: ipalib/messages.py:295 msgid "" "No DNSSEC key master is installed. DNSSEC zone signing will not work until " "the DNSSEC key master is installed." msgstr "" #: ipalib/messages.py:310 #, python-format msgid "" "Relative record name '%(record)s' contains the zone name '%(zone)s' as a " "suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused " "by a missing dot at the end of the name specification." msgstr "" #: ipalib/messages.py:323 #, python-format msgid "'%(command)s' is deprecated. %(additional_info)s" msgstr "" #: ipalib/messages.py:333 #, python-format msgid "%(line)s" msgstr "" #: ipalib/messages.py:343 #, python-format msgid "Search result has been truncated: %(reason)s" msgstr "" #: ipalib/messages.py:353 #, python-format msgid "" "Your trust to %(domain)s is broken. Please re-create it by running 'ipa " "trust-add' again." msgstr "" #: ipalib/messages.py:372 #, python-format msgid "DNS record(s) of host %(host)s could not be removed. (%(reason)s)" msgstr "" #: ipalib/messages.py:386 msgid "" "Forwarding policy conflicts with some automatic empty zones. Queries for " "zones specified by RFC 6303 will ignore forwarding and recursion and always " "result in NXDOMAIN answers. To override this behavior use forward policy " "'only'." msgstr "" #: ipalib/messages.py:400 #, python-format msgid "Update of system record '%(record)s' failed with error: %(error)s" msgstr "" #: ipalib/messages.py:411 #, python-format msgid "" "IPA does not manage the zone %(zone)s, please add records to your DNS server " "manually" msgstr "" #: ipalib/messages.py:423 msgid "" "Automatic update of DNS system records failed. Please re-run update of " "system records manually to get list of missing records." msgstr "" #: ipalib/messages.py:436 #, python-format msgid "" "Service %(service)s requires restart on IPA server %(server)s to apply " "configuration changes." msgstr "" #: ipalib/messages.py:448 #, python-format msgid "" "No DNS servers in IPA location %(location)s. Without DNS servers location is " "not working as expected." msgstr "" #: ipalib/messages.py:475 #, python-format msgid "%(subject)s: Malformed certificate. %(reason)s" msgstr "" #: ipalib/messages.py:486 #, python-format msgid "The host was added but the DNS update failed with: %(reason)s" msgstr "" #: ipalib/messages.py:496 #, python-format msgid "The certificate for %(ca)s is not available on this server." msgstr "" #: ipalib/cli.py:630 #, python-format msgid "Enter %(label)s again to verify: " msgstr "" #: ipalib/cli.py:639 msgid "Passwords do not match!" msgstr "" #: ipalib/cli.py:662 msgid "No matching entries found" msgstr "" #: ipalib/cli.py:737 msgid "Topic or Command" msgstr "" #: ipalib/cli.py:738 msgid "The topic or command name." msgstr "" #: ipalib/cli.py:910 msgid "Topic commands:" msgstr "" #: ipalib/cli.py:916 msgid "To get command help, use:" msgstr "" #: ipalib/cli.py:917 msgid " ipa --help" msgstr "" #: ipalib/cli.py:928 msgid "Command name" msgstr "" #: ipalib/cli.py:1143 msgid "Positional arguments" msgstr "" #: ipalib/cli.py:1289 #, python-format msgid "Same as --%s" msgstr "" #: ipalib/cli.py:1292 msgid "Deprecated options" msgstr "" #: ipalib/cli.py:1423 msgid "No file to read" msgstr "" #: ipalib/rpc.py:1112 msgid "any of the configured servers" msgstr "" #: ipalib/rpc.py:1195 msgid "Exceeded number of tries to forward a request." msgstr "" #: ipalib/frontend.py:424 msgid "Results are truncated, try a more specific search" msgstr "" #: ipalib/frontend.py:563 ipatests/test_xmlrpc/test_ping_plugin.py:52 #, python-format msgid "Unknown option: %(option)s" msgstr "" #: ipalib/frontend.py:953 ipaclient/remote_plugins/2_114/aci.py:290 msgid "" "Retrieve and print all attributes from the server. Affects command output." msgstr "" #: ipalib/frontend.py:959 ipaclient/remote_plugins/2_114/aci.py:297 msgid "Print entries as stored on the server. Only affects output format." msgstr "" #: ipalib/frontend.py:965 ipaserver/plugins/batch.py:83 msgid "Client version. Used to determine if server will accept request." msgstr "" #: ipalib/frontend.py:1177 ipaclient/remote_plugins/2_114/misc.py:41 msgid "Forward to server instead of running locally" msgstr "" #: ipalib/misc.py:20 ipaclient/remote_plugins/2_114/misc.py:28 msgid "Show environment variables." msgstr "" #: ipalib/misc.py:22 #, python-format msgid "%(count)d variables" msgstr "" #: ipalib/misc.py:32 ipalib/misc.py:103 msgid "" "retrieve and print all attributes from the server. Affects command output." msgstr "" #: ipalib/misc.py:44 ipaclient/plugins/csrgen.py:63 msgid "Dictionary mapping variable name to value" msgstr "" #: ipalib/misc.py:49 ipaclient/remote_plugins/2_114/misc.py:62 msgid "Total number of variables env (>= count)" msgstr "" #: ipalib/misc.py:55 ipaclient/remote_plugins/2_114/misc.py:67 msgid "Number of variables returned (<= total)" msgstr "" #: ipalib/misc.py:93 ipaclient/remote_plugins/2_114/misc.py:79 msgid "Show all loaded plugins." msgstr "" #: ipalib/misc.py:96 #, python-format msgid "%(count)d plugin loaded" msgid_plural "%(count)d plugins loaded" msgstr[0] "" msgstr[1] "" #: ipalib/misc.py:116 ipaclient/remote_plugins/2_114/misc.py:106 msgid "Number of plugins loaded" msgstr "" #: ipapython/dogtag.py:106 #, python-format msgid "Retrieving CA cert chain failed: %s" msgstr "" #: ipapython/dogtag.py:112 #, python-format msgid "request failed with HTTP status %d" msgstr "" #: ipapython/dogtag.py:124 #, python-format msgid "Retrieving CA status failed: %s" msgstr "" #: ipapython/dogtag.py:146 #, python-format msgid "Retrieving CA status failed with status %d" msgstr "" #: ipapython/ipaldap.py:1185 #, python-format msgid "objectclass %s not found" msgstr "" #: ipaserver/install/replication.py:1719 ipaserver/install/replication.py:1738 #, python-format msgid "Replication agreement for %(hostname)s not found" msgstr "" #: ipaserver/install/certs.py:480 #, python-format msgid "Unable to communicate with CMS (status %d)" msgstr "" #: ipaserver/plugins/netgroup.py:46 msgid "" "\n" "Netgroups\n" "\n" "A netgroup is a group used for permission checking. It can contain both\n" "user and host values.\n" "\n" "EXAMPLES:\n" "\n" " Add a new netgroup:\n" " ipa netgroup-add --desc=\"NFS admins\" admins\n" "\n" " Add members to the netgroup:\n" " ipa netgroup-add-member --users=tuser1 --users=tuser2 admins\n" "\n" " Remove a member from the netgroup:\n" " ipa netgroup-remove-member --users=tuser2 admins\n" "\n" " Display information about a netgroup:\n" " ipa netgroup-show admins\n" "\n" " Delete a netgroup:\n" " ipa netgroup-del admins\n" msgstr "" #: ipaserver/plugins/netgroup.py:88 msgid "Member Host" msgstr "" #: ipaserver/plugins/netgroup.py:102 msgid "netgroup" msgstr "" #: ipaserver/plugins/netgroup.py:103 msgid "netgroups" msgstr "" #: ipaserver/plugins/netgroup.py:196 ipaserver/plugins/internal.py:1159 msgid "Netgroups" msgstr "" #: ipaserver/plugins/netgroup.py:197 msgid "Netgroup" msgstr "" #: ipaserver/plugins/netgroup.py:204 msgid "Netgroup name" msgstr "" #: ipaserver/plugins/netgroup.py:210 ipaserver/plugins/radiusproxy.py:117 #: ipaserver/plugins/role.py:153 ipaserver/plugins/selinuxusermap.py:265 #: ipaserver/plugins/sudorule.py:232 ipaserver/plugins/automount.py:364 #: ipaserver/plugins/otptoken.py:174 ipaserver/plugins/privilege.py:159 #: ipaserver/plugins/idviews.py:142 ipaserver/plugins/idviews.py:740 #: ipaserver/plugins/hbacrule.py:253 ipaserver/plugins/hbacsvc.py:108 #: ipaserver/plugins/location.py:111 ipaserver/plugins/hbacsvcgroup.py:120 #: ipaserver/plugins/vault.py:594 ipaserver/plugins/ca.py:87 #: ipaserver/plugins/certmap.py:279 ipaserver/plugins/automember.py:257 #: ipaserver/plugins/host.py:462 ipaserver/plugins/hostgroup.py:193 #: ipaserver/plugins/sudocmd.py:122 ipaserver/plugins/sudocmdgroup.py:130 #: ipaserver/plugins/caacl.py:175 ipaserver/plugins/group.py:329 msgid "Description" msgstr "" #: ipaserver/plugins/netgroup.py:211 msgid "Netgroup description" msgstr "" #: ipaserver/plugins/netgroup.py:217 msgid "NIS domain name" msgstr "" #: ipaserver/plugins/netgroup.py:222 msgid "IPA unique ID" msgstr "" #: ipaserver/plugins/netgroup.py:227 ipaserver/plugins/selinuxusermap.py:253 #: ipaserver/plugins/sudorule.py:240 ipaserver/plugins/hbacrule.py:223 #: ipaserver/plugins/caacl.py:195 ipaclient/remote_plugins/2_114/hbacrule.py:87 msgid "User category" msgstr "" #: ipaserver/plugins/netgroup.py:228 ipaserver/plugins/selinuxusermap.py:254 #: ipaserver/plugins/sudorule.py:241 ipaserver/plugins/hbacrule.py:224 msgid "User category the rule applies to" msgstr "" #: ipaserver/plugins/netgroup.py:233 ipaserver/plugins/selinuxusermap.py:259 #: ipaserver/plugins/sudorule.py:246 ipaserver/plugins/hbacrule.py:229 #: ipaserver/plugins/caacl.py:201 ipaclient/remote_plugins/2_114/hbacrule.py:93 msgid "Host category" msgstr "" #: ipaserver/plugins/netgroup.py:234 ipaserver/plugins/selinuxusermap.py:260 #: ipaserver/plugins/sudorule.py:247 ipaserver/plugins/hbacrule.py:230 msgid "Host category the rule applies to" msgstr "" #: ipaserver/plugins/netgroup.py:263 msgid "Add a new netgroup." msgstr "" #: ipaserver/plugins/netgroup.py:266 #, python-format msgid "Added netgroup \"%(value)s\"" msgstr "" #: ipaserver/plugins/netgroup.py:268 #, python-format msgid "" "hostgroup with name \"%s\" already exists. Hostgroups and netgroups share a " "common namespace" msgstr "" #: ipaserver/plugins/netgroup.py:299 msgid "Delete a netgroup." msgstr "" #: ipaserver/plugins/netgroup.py:301 #, python-format msgid "Deleted netgroup \"%(value)s\"" msgstr "" #: ipaserver/plugins/netgroup.py:307 msgid "Modify a netgroup." msgstr "" #: ipaserver/plugins/netgroup.py:310 #, python-format msgid "Modified netgroup \"%(value)s\"" msgstr "" #: ipaserver/plugins/netgroup.py:321 ipaserver/plugins/hbacrule.py:345 #: ipaserver/plugins/caacl.py:294 msgid "user category cannot be set to 'all' while there are allowed users" msgstr "" #: ipaserver/plugins/netgroup.py:326 ipaserver/plugins/hbacrule.py:350 #: ipaserver/plugins/caacl.py:298 msgid "host category cannot be set to 'all' while there are allowed hosts" msgstr "" #: ipaserver/plugins/netgroup.py:334 msgid "Search for a netgroup." msgstr "" #: ipaserver/plugins/netgroup.py:339 #, python-format msgid "%(count)d netgroup matched" msgid_plural "%(count)d netgroups matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/netgroup.py:349 msgid "search for managed groups" msgstr "" #: ipaserver/plugins/netgroup.py:371 msgid "Display information about a netgroup." msgstr "" #: ipaserver/plugins/netgroup.py:378 msgid "Add members to a netgroup." msgstr "" #: ipaserver/plugins/netgroup.py:400 msgid "Remove members from a netgroup." msgstr "" #: ipaserver/plugins/pkinit.py:13 msgid "" "\n" "Kerberos PKINIT feature status reporting tools.\n" "\n" "Report IPA masters on which Kerberos PKINIT is enabled or disabled\n" "\n" "EXAMPLES:\n" " List PKINIT status on all masters:\n" " ipa pkinit-status\n" "\n" " Check PKINIT status on `ipa.example.com`:\n" " ipa pkinit-status --server ipa.example.com\n" "\n" " List all IPA masters with disabled PKINIT:\n" " ipa pkinit-status --status='disabled'\n" "\n" "For more info about PKINIT support see:\n" "\n" "https://www.freeipa.org/page/V4/Kerberos_PKINIT\n" msgstr "" #: ipaserver/plugins/pkinit.py:39 msgid "pkinit" msgstr "" #: ipaserver/plugins/pkinit.py:41 ipaserver/plugins/internal.py:192 msgid "PKINIT" msgstr "" #: ipaserver/plugins/pkinit.py:47 ipaserver/plugins/serverrole.py:58 #: ipaserver/plugins/dnsserver.py:112 ipaserver/plugins/server.py:103 msgid "Server name" msgstr "" #: ipaserver/plugins/pkinit.py:48 ipaserver/plugins/serverrole.py:59 #: ipaserver/plugins/server.py:104 ipaclient/remote_plugins/2_156/server.py:43 msgid "IPA server hostname" msgstr "" #: ipaserver/plugins/pkinit.py:53 msgid "PKINIT status" msgstr "" #: ipaserver/plugins/pkinit.py:54 msgid "Whether PKINIT is enabled or disabled" msgstr "" #: ipaserver/plugins/pkinit.py:63 msgid "Report PKINIT status on the IPA masters" msgstr "" #: ipaserver/plugins/pkinit.py:65 #, python-format msgid "%(count)s server matched" msgid_plural "%(count)s servers matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/pkinit.py:71 ipaserver/plugins/serverrole.py:123 #: ipaserver/plugins/baseldap.py:1892 ipaserver/plugins/cert.py:1566 msgid "Time Limit" msgstr "" #: ipaserver/plugins/pkinit.py:72 ipaserver/plugins/serverrole.py:124 #: ipaserver/plugins/baseldap.py:1893 ipaserver/plugins/cert.py:1567 msgid "Time limit of search in seconds (0 is unlimited)" msgstr "" #: ipaserver/plugins/pkinit.py:79 ipaserver/plugins/serverrole.py:131 #: ipaserver/plugins/hbactest.py:304 ipaserver/plugins/baseldap.py:1899 #: ipaserver/plugins/cert.py:1571 msgid "Size Limit" msgstr "" #: ipaserver/plugins/pkinit.py:80 ipaserver/plugins/serverrole.py:132 #: ipaserver/plugins/baseldap.py:1900 ipaserver/plugins/cert.py:1572 msgid "Maximum number of entries returned (0 is unlimited)" msgstr "" #: ipaserver/plugins/radiusproxy.py:35 msgid "" "\n" "RADIUS Proxy Servers\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:37 msgid "" "\n" "Manage RADIUS Proxy Servers.\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:39 msgid "" "\n" "IPA supports the use of an external RADIUS proxy server for krb5 OTP\n" "authentications. This permits a great deal of flexibility when\n" "integrating with third-party authentication services.\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:43 ipaserver/plugins/permission.py:97 #: ipaserver/plugins/serverrole.py:19 ipaserver/plugins/sudorule.py:70 #: ipaserver/plugins/otptoken.py:49 ipaserver/plugins/location.py:37 #: ipaserver/plugins/vault.py:90 ipaserver/plugins/ca.py:35 #: ipaserver/plugins/certmap.py:60 ipaserver/plugins/automember.py:63 #: ipaserver/plugins/host.py:106 ipaserver/plugins/schema.py:34 #: ipaserver/plugins/dnsserver.py:39 ipaserver/plugins/server.py:40 #: ipaserver/plugins/cert.py:98 ipaclient/plugins/otptoken_yubikey.py:47 msgid "" "\n" "EXAMPLES:\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:45 msgid "" "\n" " Add a new server:\n" " ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:48 msgid "" "\n" " Find all servers whose entries include the string \"example.com\":\n" " ipa radiusproxy-find example.com\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:51 msgid "" "\n" " Examine the configuration:\n" " ipa radiusproxy-show MyRADIUS\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:54 msgid "" "\n" " Change the secret:\n" " ipa radiusproxy-mod MyRADIUS --secret\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:57 msgid "" "\n" " Delete a configuration:\n" " ipa radiusproxy-del MyRADIUS\n" msgstr "" #: ipaserver/plugins/radiusproxy.py:68 msgid "invalid attribute name" msgstr "" #: ipaserver/plugins/radiusproxy.py:80 msgid "invalid port number" msgstr "" #: ipaserver/plugins/radiusproxy.py:98 msgid "RADIUS proxy server" msgstr "" #: ipaserver/plugins/radiusproxy.py:99 msgid "RADIUS proxy servers" msgstr "" #: ipaserver/plugins/radiusproxy.py:106 msgid "RADIUS Servers" msgstr "" #: ipaserver/plugins/radiusproxy.py:107 msgid "RADIUS Server" msgstr "" #: ipaserver/plugins/radiusproxy.py:112 msgid "RADIUS proxy server name" msgstr "" #: ipaserver/plugins/radiusproxy.py:118 msgid "A description of this RADIUS proxy server" msgstr "" #: ipaserver/plugins/radiusproxy.py:122 ipaserver/plugins/user.py:1093 msgid "Server" msgstr "" #: ipaserver/plugins/radiusproxy.py:123 msgid "The hostname or IP (with or without port)" msgstr "" #: ipaserver/plugins/radiusproxy.py:127 msgid "Secret" msgstr "" #: ipaserver/plugins/radiusproxy.py:128 msgid "The secret used to encrypt data" msgstr "" #: ipaserver/plugins/radiusproxy.py:133 msgid "Timeout" msgstr "" #: ipaserver/plugins/radiusproxy.py:134 msgid "The total timeout across all retries (in seconds)" msgstr "" #: ipaserver/plugins/radiusproxy.py:139 msgid "Retries" msgstr "" #: ipaserver/plugins/radiusproxy.py:140 msgid "The number of times to retry authentication" msgstr "" #: ipaserver/plugins/radiusproxy.py:146 msgid "User attribute" msgstr "" #: ipaserver/plugins/radiusproxy.py:147 msgid "The username attribute on the user object" msgstr "" #: ipaserver/plugins/radiusproxy.py:171 msgid "Add a new RADIUS proxy server." msgstr "" #: ipaserver/plugins/radiusproxy.py:172 #, python-format msgid "Added RADIUS proxy server \"%(value)s\"" msgstr "" #: ipaserver/plugins/radiusproxy.py:176 msgid "Delete a RADIUS proxy server." msgstr "" #: ipaserver/plugins/radiusproxy.py:177 #, python-format msgid "Deleted RADIUS proxy server \"%(value)s\"" msgstr "" #: ipaserver/plugins/radiusproxy.py:181 msgid "Modify a RADIUS proxy server." msgstr "" #: ipaserver/plugins/radiusproxy.py:182 #, python-format msgid "Modified RADIUS proxy server \"%(value)s\"" msgstr "" #: ipaserver/plugins/radiusproxy.py:186 msgid "Search for RADIUS proxy servers." msgstr "" #: ipaserver/plugins/radiusproxy.py:188 #, python-format msgid "%(count)d RADIUS proxy server matched" msgid_plural "%(count)d RADIUS proxy servers matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/radiusproxy.py:201 msgid "Display information about a RADIUS proxy server." msgstr "" #: ipaserver/plugins/selfservice.py:28 msgid "" "\n" "Self-service Permissions\n" "\n" "A permission enables fine-grained delegation of permissions. Access Control\n" "Rules, or instructions (ACIs), grant permission to permissions to perform\n" "given tasks such as adding a user, modifying a group, etc.\n" "\n" "A Self-service permission defines what an object can change in its own " "entry.\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add a self-service rule to allow users to manage their address (using Bash\n" " brace expansion):\n" " ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c," "st} \"Users manage their own address\"\n" "\n" " When managing the list of attributes you need to include all attributes\n" " in the list, including existing ones.\n" " Add telephoneNumber to the list (using Bash brace expansion):\n" " ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} " "\"Users manage their own address\"\n" "\n" " Display our updated rule:\n" " ipa selfservice-show \"Users manage their own address\"\n" "\n" " Delete a rule:\n" " ipa selfservice-del \"Users manage their own address\"\n" msgstr "" #: ipaserver/plugins/selfservice.py:68 msgid "self service permission" msgstr "" #: ipaserver/plugins/selfservice.py:69 msgid "self service permissions" msgstr "" #: ipaserver/plugins/selfservice.py:70 msgid "Self Service Permissions" msgstr "" #: ipaserver/plugins/selfservice.py:71 msgid "Self Service Permission" msgstr "" #: ipaserver/plugins/selfservice.py:76 ipaserver/plugins/selfservice.py:77 msgid "Self-service name" msgstr "" #: ipaserver/plugins/selfservice.py:84 ipaserver/plugins/permission.py:230 #: ipaserver/plugins/aci.py:463 ipaserver/plugins/baseldap.py:73 #: ipaserver/plugins/delegation.py:81 ipaclient/remote_plugins/2_114/aci.py:145 msgid "Permissions" msgstr "" #: ipaserver/plugins/selfservice.py:85 ipaserver/plugins/delegation.py:82 msgid "Permissions to grant (read, write). Default is write." msgstr "" #: ipaserver/plugins/selfservice.py:89 ipaserver/plugins/aci.py:472 #: ipaserver/plugins/delegation.py:86 ipaclient/remote_plugins/2_114/aci.py:153 msgid "Attributes" msgstr "" #: ipaserver/plugins/selfservice.py:90 msgid "Attributes to which the permission applies." msgstr "" #: ipaserver/plugins/selfservice.py:94 ipaserver/plugins/permission.py:359 #: ipaserver/plugins/aci.py:514 ipaserver/plugins/delegation.py:101 msgid "ACI" msgstr "" #: ipaserver/plugins/selfservice.py:122 msgid "Add a new self-service permission." msgstr "" #: ipaserver/plugins/selfservice.py:124 #, python-format msgid "Added selfservice \"%(value)s\"" msgstr "" #: ipaserver/plugins/selfservice.py:143 msgid "Delete a self-service permission." msgstr "" #: ipaserver/plugins/selfservice.py:146 #, python-format msgid "Deleted selfservice \"%(value)s\"" msgstr "" #: ipaserver/plugins/selfservice.py:161 msgid "Modify a self-service permission." msgstr "" #: ipaserver/plugins/selfservice.py:163 #, python-format msgid "Modified selfservice \"%(value)s\"" msgstr "" #: ipaserver/plugins/selfservice.py:182 msgid "Search for a self-service permission." msgstr "" #: ipaserver/plugins/selfservice.py:185 #, python-format msgid "%(count)d selfservice matched" msgid_plural "%(count)d selfservices matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/selfservice.py:208 msgid "Display information about a self-service permission." msgstr "" #: ipaserver/plugins/permission.py:40 msgid "" "\n" "Permissions\n" msgstr "" #: ipaserver/plugins/permission.py:42 msgid "" "\n" "A permission enables fine-grained delegation of rights. A permission is\n" "a human-readable wrapper around a 389-ds Access Control Rule,\n" "or instruction (ACI).\n" "A permission grants the right to perform a specific task such as adding a\n" "user, modifying a group, etc.\n" msgstr "" #: ipaserver/plugins/permission.py:48 msgid "" "\n" "A permission may not contain other permissions.\n" msgstr "" #: ipaserver/plugins/permission.py:50 msgid "" "\n" "* A permission grants access to read, write, add, delete, read, search,\n" " or compare.\n" "* A privilege combines similar permissions (for example all the permissions\n" " needed to add a user).\n" "* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" msgstr "" #: ipaserver/plugins/permission.py:56 msgid "" "\n" "A permission is made up of a number of different parts:\n" "\n" "1. The name of the permission.\n" "2. The target of the permission.\n" "3. The rights granted by the permission.\n" msgstr "" #: ipaserver/plugins/permission.py:62 msgid "" "\n" "Rights define what operations are allowed, and may be one or more\n" "of the following:\n" "1. write - write one or more attributes\n" "2. read - read one or more attributes\n" "3. search - search on one or more attributes\n" "4. compare - compare one or more attributes\n" "5. add - add a new entry to the tree\n" "6. delete - delete an existing entry\n" "7. all - all permissions are granted\n" msgstr "" #: ipaserver/plugins/permission.py:72 msgid "" "\n" "Note the distinction between attributes and entries. The permissions are\n" "independent, so being able to add a user does not mean that the user will\n" "be editable.\n" msgstr "" #: ipaserver/plugins/permission.py:76 msgid "" "\n" "There are a number of allowed targets:\n" "1. subtree: a DN; the permission applies to the subtree under this DN\n" "2. target filter: an LDAP filter\n" "3. target: DN with possible wildcards, specifies entries permission applies " "to\n" msgstr "" #: ipaserver/plugins/permission.py:81 msgid "" "\n" "Additionally, there are the following convenience options.\n" "Setting one of these options will set the corresponding attribute(s).\n" "1. type: a type of object (user, group, etc); sets subtree and target " "filter.\n" "2. memberof: apply to members of a group; sets target filter\n" "3. targetgroup: grant access to modify a specific group (such as granting\n" " the rights to manage group membership); sets target.\n" msgstr "" #: ipaserver/plugins/permission.py:88 msgid "" "\n" "Managed permissions\n" msgstr "" #: ipaserver/plugins/permission.py:90 msgid "" "\n" "Permissions that come with IPA by default can be so-called \"managed\"\n" "permissions. These have a default set of attributes they apply to,\n" "but the administrator can add/remove individual attributes to/from the set.\n" msgstr "" #: ipaserver/plugins/permission.py:94 msgid "" "\n" "Deleting or renaming a managed permission, as well as changing its target,\n" "is not allowed.\n" msgstr "" #: ipaserver/plugins/permission.py:99 msgid "" "\n" " Add a permission that grants the creation of users:\n" " ipa permission-add --type=user --permissions=add \"Add Users\"\n" msgstr "" #: ipaserver/plugins/permission.py:102 msgid "" "\n" " Add a permission that grants the ability to manage group membership:\n" " ipa permission-add --attrs=member --permissions=write --type=group " "\"Manage Group Members\"\n" msgstr "" #: ipaserver/plugins/permission.py:129 msgid "must be enclosed in parentheses" msgstr "" #: ipaserver/plugins/permission.py:149 #, python-format msgid "\"%s\" is not an object type" msgstr "" #: ipaserver/plugins/permission.py:151 ipaserver/plugins/permission.py:897 #, python-format msgid "\"%s\" is not a valid permission type" msgstr "" #: ipaserver/plugins/permission.py:169 msgid "Permission flags" msgstr "" #: ipaserver/plugins/permission.py:180 msgid "permission" msgstr "" #: ipaserver/plugins/permission.py:181 msgid "permissions" msgstr "" #: ipaserver/plugins/permission.py:231 ipaserver/plugins/aci.py:451 msgid "Permission" msgstr "" #: ipaserver/plugins/permission.py:236 msgid "Permission name" msgstr "" #: ipaserver/plugins/permission.py:245 msgid "Granted rights" msgstr "" #: ipaserver/plugins/permission.py:246 msgid "Rights to grant (read, search, compare, write, add, delete, all)" msgstr "" #: ipaserver/plugins/permission.py:253 msgid "Effective attributes" msgstr "" #: ipaserver/plugins/permission.py:254 msgid "All attributes to which the permission applies" msgstr "" #: ipaserver/plugins/permission.py:259 msgid "Included attributes" msgstr "" #: ipaserver/plugins/permission.py:260 msgid "User-specified attributes to which the permission applies" msgstr "" #: ipaserver/plugins/permission.py:265 msgid "Excluded attributes" msgstr "" #: ipaserver/plugins/permission.py:266 msgid "" "User-specified attributes to which the permission explicitly does not apply" msgstr "" #: ipaserver/plugins/permission.py:272 msgid "Default attributes" msgstr "" #: ipaserver/plugins/permission.py:273 msgid "Attributes to which the permission applies by default" msgstr "" #: ipaserver/plugins/permission.py:279 ipaserver/plugins/permission.py:280 msgid "Bind rule type" msgstr "" #: ipaserver/plugins/permission.py:289 ipaserver/plugins/aci.py:496 msgid "Subtree" msgstr "" #: ipaserver/plugins/permission.py:290 msgid "Subtree to apply permissions to" msgstr "" #: ipaserver/plugins/permission.py:298 ipaserver/plugins/permission.py:299 msgid "Extra target filter" msgstr "" #: ipaserver/plugins/permission.py:305 msgid "Raw target filter" msgstr "" #: ipaserver/plugins/permission.py:306 msgid "All target filters, including those implied by type and memberof" msgstr "" #: ipaserver/plugins/permission.py:313 msgid "Target DN" msgstr "" #: ipaserver/plugins/permission.py:314 msgid "" "Optional DN to apply the permission to (must be in the subtree, but may not " "yet exist)" msgstr "" #: ipaserver/plugins/permission.py:321 msgid "Target DN subtree" msgstr "" #: ipaserver/plugins/permission.py:322 msgid "" "Optional DN subtree where an entry can be moved to (must be in the subtree, " "but may not yet exist)" msgstr "" #: ipaserver/plugins/permission.py:329 msgid "Origin DN subtree" msgstr "" #: ipaserver/plugins/permission.py:330 msgid "" "Optional DN subtree from where an entry can be moved (must be in the " "subtree, but may not yet exist)" msgstr "" #: ipaserver/plugins/permission.py:335 msgid "Member of group" msgstr "" #: ipaserver/plugins/permission.py:336 msgid "Target members of a group (sets memberOf targetfilter)" msgstr "" #: ipaserver/plugins/permission.py:340 ipaserver/plugins/aci.py:502 msgid "Target group" msgstr "" #: ipaserver/plugins/permission.py:341 msgid "User group to apply permissions to (sets target)" msgstr "" #: ipaserver/plugins/permission.py:346 ipaserver/plugins/otptoken.py:165 #: ipaserver/plugins/vault.py:600 ipaserver/plugins/aci.py:477 #: ipaserver/plugins/schema.py:447 ipaclient/remote_plugins/2_114/aci.py:158 msgid "Type" msgstr "" #: ipaserver/plugins/permission.py:347 msgid "Type of IPA object (sets subtree and objectClass targetfilter)" msgstr "" #: ipaserver/plugins/permission.py:353 #, python-format msgid "Deprecated; use %s" msgstr "" #: ipaserver/plugins/permission.py:370 #, python-format msgid "Permission with unknown flag %s may not be modified or removed" msgstr "" #: ipaserver/plugins/permission.py:374 msgid "A SYSTEM permission may not be modified or removed" msgstr "" #: ipaserver/plugins/permission.py:624 #, python-format msgid "Entry %s not found" msgstr "" #: ipaserver/plugins/permission.py:716 #, python-format msgid "The ACI for permission %(name)s was not found in %(dn)s " msgstr "" #: ipaserver/plugins/permission.py:820 msgid "" "cannot specify full target filter and extra target filter simultaneously" msgstr "" #: ipaserver/plugins/permission.py:843 #, python-format msgid "option was renamed; use %s" msgstr "" #: ipaserver/plugins/permission.py:847 #, python-format msgid "Cannot use %(old_name)s with %(new_name)s" msgstr "" #: ipaserver/plugins/permission.py:861 ipaserver/plugins/permission.py:876 #, python-format msgid "%s: group not found" msgstr "" #: ipaserver/plugins/permission.py:871 msgid "target and targetgroup are mutually exclusive" msgstr "" #: ipaserver/plugins/permission.py:892 msgid "subtree and type are mutually exclusive" msgstr "" #: ipaserver/plugins/permission.py:930 msgid "Bad search filter" msgstr "" #: ipaserver/plugins/permission.py:940 #, python-format msgid "Entry %s does not exist" msgstr "" #: ipaserver/plugins/permission.py:949 msgid "" "there must be at least one target entry specifier (e.g. target, " "targetfilter, attrs)" msgstr "" #: ipaserver/plugins/permission.py:959 msgid "Add a system permission without an ACI (internal command)" msgstr "" #: ipaserver/plugins/permission.py:961 ipaserver/plugins/permission.py:989 #, python-format msgid "Added permission \"%(value)s\"" msgstr "" #: ipaserver/plugins/permission.py:987 msgid "Add a new permission." msgstr "" #: ipaserver/plugins/permission.py:1014 msgid "attrs and included attributes are mutually exclusive" msgstr "" #: ipaserver/plugins/permission.py:1046 #, python-format msgid "Cannot store permission ACI to %s" msgstr "" #: ipaserver/plugins/permission.py:1055 msgid "Delete a permission." msgstr "" #: ipaserver/plugins/permission.py:1057 #, python-format msgid "Deleted permission \"%(value)s\"" msgstr "" #: ipaserver/plugins/permission.py:1061 ipaserver/plugins/service.py:628 #: ipaserver/plugins/dns.py:2867 ipaserver/plugins/dns.py:3554 #: ipaserver/plugins/host.py:661 ipaserver/plugins/realmdomains.py:151 msgid "Force" msgstr "" #: ipaserver/plugins/permission.py:1063 msgid "force delete of SYSTEM permissions" msgstr "" #: ipaserver/plugins/permission.py:1077 msgid "cannot delete managed permissions" msgstr "" #: ipaserver/plugins/permission.py:1083 #, python-format msgid "ACI of permission %s was not found" msgstr "" #: ipaserver/plugins/permission.py:1090 msgid "Modify a permission." msgstr "" #: ipaserver/plugins/permission.py:1092 #, python-format msgid "Modified permission \"%(value)s\"" msgstr "" #: ipaserver/plugins/permission.py:1125 msgid "cannot rename managed permissions" msgstr "" #: ipaserver/plugins/permission.py:1132 ipaserver/plugins/permission.py:1136 msgid "not modifiable on managed permissions" msgstr "" #: ipaserver/plugins/permission.py:1143 msgid "only available on managed permissions" msgstr "" #: ipaserver/plugins/permission.py:1150 ipaserver/plugins/permission.py:1269 msgid "attrs and included/excluded attributes are mutually exclusive" msgstr "" #: ipaserver/plugins/permission.py:1161 msgid "cannot set bindtype for a permission that is assigned to a privilege" msgstr "" #: ipaserver/plugins/permission.py:1255 msgid "Search for permissions." msgstr "" #: ipaserver/plugins/permission.py:1258 #, python-format msgid "%(count)d permission matched" msgid_plural "%(count)d permissions matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/permission.py:1388 msgid "Display information about a permission." msgstr "" #: ipaserver/plugins/permission.py:1398 msgid "Add members to a permission." msgstr "" #: ipaserver/plugins/permission.py:1410 msgid "Remove members from a permission." msgstr "" #: ipaserver/plugins/role.py:38 ipaclient/remote_plugins/2_114/role.py:19 msgid "" "\n" "Roles\n" "\n" "A role is used for fine-grained delegation. A permission grants the ability\n" "to perform given low-level tasks (add a user, modify a group, etc.). A\n" "privilege combines one or more permissions into a higher-level abstraction\n" "such as useradmin. A useradmin would be able to add, delete and modify " "users.\n" "\n" "Privileges are assigned to Roles.\n" "\n" "Users, groups, hosts and hostgroups may be members of a Role.\n" "\n" "Roles can not contain other roles.\n" "\n" "EXAMPLES:\n" "\n" " Add a new role:\n" " ipa role-add --desc=\"Junior-level admin\" junioradmin\n" "\n" " Add some privileges to this role:\n" " ipa role-add-privilege --privileges=addusers junioradmin\n" " ipa role-add-privilege --privileges=change_password junioradmin\n" " ipa role-add-privilege --privileges=add_user_to_default_group " "junioradmin\n" "\n" " Add a group of users to this role:\n" " ipa group-add --desc=\"User admins\" useradmins\n" " ipa role-add-member --groups=useradmins junioradmin\n" "\n" " Display information about a role:\n" " ipa role-show junioradmin\n" "\n" " The result of this is that any users in the group 'junioradmin' can\n" " add users, reset passwords or add a user to the default IPA user group.\n" msgstr "" #: ipaserver/plugins/role.py:81 ipaserver/plugins/serverrole.py:185 msgid "role" msgstr "" #: ipaserver/plugins/role.py:82 ipaserver/plugins/serverrole.py:186 msgid "roles" msgstr "" #: ipaserver/plugins/role.py:142 ipaserver/plugins/baseldap.py:79 msgid "Roles" msgstr "" #: ipaserver/plugins/role.py:143 msgid "Role" msgstr "" #: ipaserver/plugins/role.py:148 ipaserver/plugins/serverrole.py:64 #: ipaserver/plugins/serverrole.py:191 msgid "Role name" msgstr "" #: ipaserver/plugins/role.py:154 ipaclient/remote_plugins/2_114/role.py:69 msgid "A description of this role-group" msgstr "" #: ipaserver/plugins/role.py:162 ipaclient/remote_plugins/2_114/role.py:106 msgid "Add a new role." msgstr "" #: ipaserver/plugins/role.py:164 #, python-format msgid "Added role \"%(value)s\"" msgstr "" #: ipaserver/plugins/role.py:170 ipaclient/remote_plugins/2_114/role.py:333 msgid "Delete a role." msgstr "" #: ipaserver/plugins/role.py:172 #, python-format msgid "Deleted role \"%(value)s\"" msgstr "" #: ipaserver/plugins/role.py:178 ipaclient/remote_plugins/2_114/role.py:459 msgid "Modify a role." msgstr "" #: ipaserver/plugins/role.py:180 #, python-format msgid "Modified role \"%(value)s\"" msgstr "" #: ipaserver/plugins/role.py:186 ipaclient/remote_plugins/2_114/role.py:370 msgid "Search for roles." msgstr "" #: ipaserver/plugins/role.py:189 #, python-format msgid "%(count)d role matched" msgid_plural "%(count)d roles matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/role.py:196 ipaclient/remote_plugins/2_114/role.py:706 msgid "Display information about a role." msgstr "" #: ipaserver/plugins/role.py:202 ipaclient/remote_plugins/2_114/role.py:177 msgid "Add members to a role." msgstr "" #: ipaserver/plugins/role.py:214 ipaclient/remote_plugins/2_114/role.py:550 msgid "Remove members from a role." msgstr "" #: ipaserver/plugins/role.py:220 ipaclient/remote_plugins/2_114/role.py:273 msgid "Add privileges to a role." msgstr "" #: ipaserver/plugins/role.py:231 ipaserver/plugins/role.py:255 #: ipaserver/plugins/privilege.py:226 ipaserver/plugins/privilege.py:257 #: ipaserver/plugins/baseldap.py:1683 ipaserver/plugins/baseldap.py:2170 msgid "Members that could not be added" msgstr "" #: ipaserver/plugins/role.py:235 ipaclient/remote_plugins/2_114/role.py:326 msgid "Number of privileges added" msgstr "" #: ipaserver/plugins/role.py:243 ipaclient/remote_plugins/2_114/role.py:646 msgid "Remove privileges from a role." msgstr "" #: ipaserver/plugins/role.py:260 ipaclient/remote_plugins/2_114/role.py:699 msgid "Number of privileges removed" msgstr "" #: ipaserver/plugins/service.py:60 msgid "" "\n" "Services\n" "\n" "A IPA service represents a service that runs on a host. The IPA service\n" "record can store a Kerberos principal, an SSL certificate, or both.\n" "\n" "An IPA service can be managed directly from a machine, provided that\n" "machine has been given the correct permission. This is true even for\n" "machines other than the one the service is associated with. For example,\n" "requesting an SSL certificate using the host service principal credentials\n" "of the host. To manage a service using host credentials you need to\n" "kinit as the host:\n" "\n" " # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" "\n" "Adding an IPA service allows the associated service to request an SSL\n" "certificate or keytab, but this is performed as a separate step; they\n" "are not produced as a result of adding the service.\n" "\n" "Only the public aspect of a certificate is stored in a service record;\n" "the private key is not stored.\n" "\n" "EXAMPLES:\n" "\n" " Add a new IPA service:\n" " ipa service-add HTTP/web.example.com\n" "\n" " Allow a host to manage an IPA service certificate:\n" " ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" " ipa role-add-member --hosts=web.example.com certadmin\n" "\n" " Override a default list of supported PAC types for the service:\n" " ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" "\n" " A typical use case where overriding the PAC type is needed is NFS.\n" " Currently the related code in the Linux kernel can only handle Kerberos\n" " tickets up to a maximal size. Since the PAC data can become quite large " "it\n" " is recommended to set --pac-type=NONE for NFS services.\n" "\n" " Delete an IPA service:\n" " ipa service-del HTTP/web.example.com\n" "\n" " Find all IPA services associated with a host:\n" " ipa service-find web.example.com\n" "\n" " Find all HTTP services:\n" " ipa service-find HTTP\n" "\n" " Disable the service Kerberos key and SSL certificate:\n" " ipa service-disable HTTP/web.example.com\n" "\n" " Request a certificate for an IPA service:\n" " ipa cert-request --principal=HTTP/web.example.com example.csr\n" msgstr "" #: ipaserver/plugins/service.py:113 msgid "" "\n" " Allow user to create a keytab:\n" " ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" msgstr "" #: ipaserver/plugins/service.py:116 msgid "" "\n" " Generate and retrieve a keytab for an IPA service:\n" " ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" "httpd.keytab\n" "\n" msgstr "" #: ipaserver/plugins/service.py:128 ipaserver/plugins/host.py:202 msgid "Keytab" msgstr "" #: ipaserver/plugins/service.py:134 ipaserver/plugins/host.py:214 msgid "Users allowed to retrieve keytab" msgstr "" #: ipaserver/plugins/service.py:137 ipaserver/plugins/host.py:217 msgid "Groups allowed to retrieve keytab" msgstr "" #: ipaserver/plugins/service.py:140 ipaserver/plugins/host.py:220 msgid "Hosts allowed to retrieve keytab" msgstr "" #: ipaserver/plugins/service.py:143 ipaserver/plugins/host.py:223 msgid "Host Groups allowed to retrieve keytab" msgstr "" #: ipaserver/plugins/service.py:146 ipaserver/plugins/host.py:226 msgid "Users allowed to create keytab" msgstr "" #: ipaserver/plugins/service.py:149 ipaserver/plugins/host.py:229 msgid "Groups allowed to create keytab" msgstr "" #: ipaserver/plugins/service.py:152 ipaserver/plugins/host.py:232 msgid "Hosts allowed to create keytab" msgstr "" #: ipaserver/plugins/service.py:155 ipaserver/plugins/host.py:235 msgid "Host Groups allowed to create keytab" msgstr "" #: ipaserver/plugins/service.py:158 ipaserver/plugins/host.py:238 #: ipaclient/frontend.py:81 msgid "Failed allowed to retrieve keytab" msgstr "" #: ipaserver/plugins/service.py:161 ipaserver/plugins/host.py:241 #: ipaclient/frontend.py:85 msgid "Failed allowed to create keytab" msgstr "" #: ipaserver/plugins/service.py:168 ipaclient/remote_plugins/2_114/host.py:176 msgid "Requires pre-authentication" msgstr "" #: ipaserver/plugins/service.py:169 ipaclient/remote_plugins/2_114/host.py:177 msgid "Pre-authentication is required for the service" msgstr "" #: ipaserver/plugins/service.py:174 ipaclient/remote_plugins/2_114/host.py:182 msgid "Trusted for delegation" msgstr "" #: ipaserver/plugins/service.py:175 ipaclient/remote_plugins/2_114/host.py:183 msgid "Client credentials may be delegated to the service" msgstr "" #: ipaserver/plugins/service.py:180 msgid "Trusted to authenticate as user" msgstr "" #: ipaserver/plugins/service.py:181 msgid "The service is allowed to authenticate on behalf of a client" msgstr "" #: ipaserver/plugins/service.py:215 msgid "Malformed principal" msgstr "" #: ipaserver/plugins/service.py:294 msgid "{} is required by the IPA master" msgstr "" #: ipaserver/plugins/service.py:368 msgid "service" msgstr "" #: ipaserver/plugins/service.py:369 msgid "services" msgstr "" #: ipaserver/plugins/service.py:466 ipaserver/plugins/internal.py:949 #: ipaserver/plugins/caacl.py:236 msgid "Services" msgstr "" #: ipaserver/plugins/service.py:467 ipaserver/plugins/internal.py:1325 #: ipaserver/plugins/internal.py:1650 ipaserver/plugins/dns.py:1311 #: ipaserver/plugins/hbactest.py:285 ipaclient/remote_plugins/2_114/dns.py:721 msgid "Service" msgstr "" #: ipaserver/plugins/service.py:474 ipaserver/plugins/host.py:544 #: ipaserver/plugins/baseuser.py:249 ipaclient/remote_plugins/2_114/host.py:146 msgid "Principal name" msgstr "" #: ipaserver/plugins/service.py:475 msgid "Service principal" msgstr "" #: ipaserver/plugins/service.py:484 ipaserver/plugins/host.py:551 #: ipaserver/plugins/baseuser.py:257 msgid "Principal alias" msgstr "" #: ipaserver/plugins/service.py:485 msgid "Service principal alias" msgstr "" #: ipaserver/plugins/service.py:492 ipaserver/plugins/internal.py:638 #: ipaserver/plugins/internal.py:722 ipaserver/plugins/idviews.py:1020 #: ipaserver/plugins/ca.py:110 ipaserver/plugins/certmap.py:605 #: ipaserver/plugins/host.py:502 ipaserver/plugins/baseuser.py:398 #: ipaserver/plugins/baseuser.py:838 ipaserver/plugins/cert.py:351 msgid "Certificate" msgstr "" #: ipaserver/plugins/service.py:493 msgid "Base-64 encoded service certificate" msgstr "" #: ipaserver/plugins/service.py:497 ipaserver/plugins/internal.py:653 #: ipaserver/plugins/internal.py:729 ipaserver/plugins/host.py:506 #: ipaserver/plugins/baseuser.py:831 ipaserver/plugins/cert.py:363 #: ipaserver/plugins/cert.py:1500 msgid "Subject" msgstr "" #: ipaserver/plugins/service.py:501 ipaserver/plugins/internal.py:696 #: ipaserver/plugins/host.py:510 msgid "Serial Number" msgstr "" #: ipaserver/plugins/service.py:505 ipaserver/plugins/internal.py:697 #: ipaserver/plugins/host.py:514 msgid "Serial Number (hex)" msgstr "" #: ipaserver/plugins/service.py:509 ipaserver/plugins/internal.py:726 #: ipaserver/plugins/host.py:518 ipaserver/plugins/baseuser.py:824 #: ipaserver/plugins/cert.py:423 msgid "Issuer" msgstr "" #: ipaserver/plugins/service.py:513 ipaserver/plugins/host.py:522 #: ipaserver/plugins/cert.py:429 msgid "Not Before" msgstr "" #: ipaserver/plugins/service.py:517 ipaserver/plugins/host.py:526 #: ipaserver/plugins/cert.py:434 msgid "Not After" msgstr "" #: ipaserver/plugins/service.py:521 ipaserver/plugins/host.py:530 #: ipaserver/plugins/cert.py:439 msgid "Fingerprint (SHA1)" msgstr "" #: ipaserver/plugins/service.py:525 ipaserver/plugins/host.py:534 #: ipaserver/plugins/cert.py:444 msgid "Fingerprint (SHA256)" msgstr "" #: ipaserver/plugins/service.py:529 ipaserver/plugins/internal.py:650 #: ipaserver/plugins/internal.py:691 ipaserver/plugins/host.py:538 #: ipaserver/plugins/cert.py:1281 msgid "Revocation reason" msgstr "" #: ipaserver/plugins/service.py:534 msgid "PAC type" msgstr "" #: ipaserver/plugins/service.py:535 msgid "" "Override default list of supported PAC types. Use 'NONE' to disable PAC " "support for this service, e.g. this might be necessary for NFS services." msgstr "" #: ipaserver/plugins/service.py:543 ipaserver/plugins/host.py:586 msgid "Authentication Indicators" msgstr "" #: ipaserver/plugins/service.py:544 ipaserver/plugins/host.py:587 msgid "" "Defines a whitelist for Authentication Indicators. Use 'otp' to allow OTP-" "based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA " "authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use " "'hardened' to allow brute-force hardened password authentication by SPAKE or " "FAST. With no indicator specified, all authentication mechanisms are allowed." msgstr "" #: ipaserver/plugins/service.py:569 msgid "NONE value cannot be combined with other PAC types" msgstr "" #: ipaserver/plugins/service.py:621 msgid "Add a new IPA service." msgstr "" #: ipaserver/plugins/service.py:623 ipaserver/plugins/service.py:691 #, python-format msgid "Added service \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:629 msgid "force principal name even if host not in DNS" msgstr "" #: ipaserver/plugins/service.py:632 msgid "Skip host check" msgstr "" #: ipaserver/plugins/service.py:633 msgid "" "force service to be created even when host object does not exist to manage it" msgstr "" #: ipaserver/plugins/service.py:651 ipaserver/plugins/service.py:759 #, python-format msgid "The host '%s' does not exist to add a service to." msgstr "" #: ipaserver/plugins/service.py:689 msgid "Add a new SMB service." msgstr "" #: ipaserver/plugins/service.py:697 ipaserver/plugins/host.py:456 msgid "Host name" msgstr "" #: ipaserver/plugins/service.py:705 msgid "SMB service NetBIOS name" msgstr "" #: ipaserver/plugins/service.py:817 msgid "Delete an IPA service." msgstr "" #: ipaserver/plugins/service.py:819 #, python-format msgid "Deleted service \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:837 msgid "Modify an existing IPA service." msgstr "" #: ipaserver/plugins/service.py:839 #, python-format msgid "Modified service \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:886 msgid "Search for IPA services." msgstr "" #: ipaserver/plugins/service.py:889 #, python-format msgid "%(count)d service matched" msgid_plural "%(count)d services matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/service.py:953 msgid "Display information about an IPA service." msgstr "" #: ipaserver/plugins/service.py:958 ipaserver/plugins/user.py:857 #: ipaserver/plugins/host.py:1129 ipaclient/remote_plugins/2_114/host.py:1519 msgid "file to store certificate in" msgstr "" #: ipaserver/plugins/service.py:990 msgid "Add hosts that can manage this service." msgstr "" #: ipaserver/plugins/service.py:999 msgid "Remove hosts that can manage this service." msgstr "" #: ipaserver/plugins/service.py:1007 msgid "" "Allow users, groups, hosts or host groups to retrieve a keytab of this " "service." msgstr "" #: ipaserver/plugins/service.py:1027 msgid "" "Disallow users, groups, hosts or host groups to retrieve a keytab of this " "service." msgstr "" #: ipaserver/plugins/service.py:1046 msgid "" "Allow users, groups, hosts or host groups to create a keytab of this service." msgstr "" #: ipaserver/plugins/service.py:1066 msgid "" "Disallow users, groups, hosts or host groups to create a keytab of this " "service." msgstr "" #: ipaserver/plugins/service.py:1085 msgid "Disable the Kerberos key and SSL certificate of a service." msgstr "" #: ipaserver/plugins/service.py:1088 #, python-format msgid "Disabled service \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:1128 msgid "Add new certificates to a service" msgstr "" #: ipaserver/plugins/service.py:1129 #, python-format msgid "Added certificates to service principal \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:1135 msgid "Remove certificates from a service" msgstr "" #: ipaserver/plugins/service.py:1136 #, python-format msgid "Removed certificates from service principal \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:1152 msgid "Add new principal alias to a service" msgstr "" #: ipaserver/plugins/service.py:1153 #, python-format msgid "Added new aliases to the service principal \"%(value)s\"" msgstr "" #: ipaserver/plugins/service.py:1164 msgid "Remove principal alias from a service" msgstr "" #: ipaserver/plugins/service.py:1165 #, python-format msgid "Removed aliases to the service principal \"%(value)s\"" msgstr "" #: ipaserver/plugins/ping.py:26 ipaclient/remote_plugins/2_114/ping.py:19 msgid "" "\n" "Ping the remote IPA server to ensure it is running.\n" "\n" "The ping command sends an echo request to an IPA server. The server\n" "returns its version information. This is used by an IPA client\n" "to confirm that the server is available and accepting requests.\n" "\n" "The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n" "If it does not respond then the client will contact any servers defined\n" "by ldap SRV records in DNS.\n" "\n" "EXAMPLES:\n" "\n" " Ping an IPA server:\n" " ipa ping\n" " ------------------------------------------\n" " IPA server version 2.1.9. API version 2.20\n" " ------------------------------------------\n" "\n" " Ping an IPA server verbosely:\n" " ipa -v ping\n" " ipa: INFO: trying https://ipa.example.com/ipa/xml\n" " ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'\n" " -----------------------------------------------------\n" " IPA server version 2.1.9. API version 2.20\n" " -----------------------------------------------------\n" msgstr "" #: ipaserver/plugins/ping.py:59 ipaclient/remote_plugins/2_114/ping.py:52 msgid "Ping a remote server." msgstr "" #: ipaserver/plugins/selinuxusermap.py:42 msgid "" "\n" "SELinux User Mapping\n" "\n" "Map IPA users to SELinux users by host.\n" "\n" "Hosts, hostgroups, users and groups can be either defined within\n" "the rule or it may point to an existing HBAC rule. When using\n" "--hbacrule option to selinuxusermap-find an exact match is made on the\n" "HBAC rule name, so only one or zero entries will be returned.\n" "\n" "EXAMPLES:\n" "\n" " Create a rule, \"test1\", that sets all users to xguest_u:s0 on the host " "\"server\":\n" " ipa selinuxusermap-add --usercat=all --selinuxuser=xguest_u:s0 test1\n" " ipa selinuxusermap-add-host --hosts=server.example.com test1\n" "\n" " Create a rule, \"test2\", that sets all users to guest_u:s0 and uses an " "existing HBAC rule for users and hosts:\n" " ipa selinuxusermap-add --usercat=all --hbacrule=webserver --" "selinuxuser=guest_u:s0 test2\n" "\n" " Display the properties of a rule:\n" " ipa selinuxusermap-show test2\n" "\n" " Create a rule for a specific user. This sets the SELinux context for\n" " user john to unconfined_u:s0-s0:c0.c1023 on any machine:\n" " ipa selinuxusermap-add --hostcat=all --selinuxuser=unconfined_u:s0-s0:c0." "c1023 john_unconfined\n" " ipa selinuxusermap-add-user --users=john john_unconfined\n" "\n" " Disable a rule:\n" " ipa selinuxusermap-disable test1\n" "\n" " Enable a rule:\n" " ipa selinuxusermap-enable test1\n" "\n" " Find a rule referencing a specific HBAC rule:\n" " ipa selinuxusermap-find --hbacrule=allow_some\n" "\n" " Remove a rule:\n" " ipa selinuxusermap-del john_unconfined\n" "\n" "SEEALSO:\n" "\n" " The list controlling the order in which the SELinux user map is applied\n" " and the default SELinux user are available in the config-show command.\n" msgstr "" #: ipaserver/plugins/selinuxusermap.py:89 msgid "HBAC rule and local members cannot both be set" msgstr "" #: ipaserver/plugins/selinuxusermap.py:128 msgid "Invalid SELinux user name, must match {}" msgstr "" #: ipaserver/plugins/selinuxusermap.py:142 #, python-brace-format msgid "Invalid MLS value, must match {mls}, where max level {mls_max}" msgstr "" #: ipaserver/plugins/selinuxusermap.py:147 #, python-brace-format msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}" msgstr "" #: ipaserver/plugins/selinuxusermap.py:161 msgid "SELinux user map list not found in configuration" msgstr "" #: ipaserver/plugins/selinuxusermap.py:166 #, python-format msgid "SELinux user %(user)s not found in ordering list (in config)" msgstr "" #: ipaserver/plugins/selinuxusermap.py:176 msgid "SELinux User Map rule" msgstr "" #: ipaserver/plugins/selinuxusermap.py:177 msgid "SELinux User Map rules" msgstr "" #: ipaserver/plugins/selinuxusermap.py:233 msgid "SELinux User Maps" msgstr "" #: ipaserver/plugins/selinuxusermap.py:234 msgid "SELinux User Map" msgstr "" #: ipaserver/plugins/selinuxusermap.py:239 ipaserver/plugins/sudorule.py:227 #: ipaserver/plugins/hbacrule.py:207 ipaserver/plugins/certmap.py:273 msgid "Rule name" msgstr "" #: ipaserver/plugins/selinuxusermap.py:244 msgid "SELinux User" msgstr "" #: ipaserver/plugins/selinuxusermap.py:248 ipaserver/plugins/hbacrule.py:202 msgid "HBAC Rule" msgstr "" #: ipaserver/plugins/selinuxusermap.py:249 msgid "HBAC Rule that defines the users, groups and hostgroups" msgstr "" #: ipaserver/plugins/selinuxusermap.py:268 ipaserver/plugins/sudorule.py:235 #: ipaserver/plugins/internal.py:1901 ipaserver/plugins/hbacrule.py:256 #: ipaserver/plugins/certmap.py:310 ipaserver/plugins/caacl.py:178 msgid "Enabled" msgstr "" #: ipaserver/plugins/selinuxusermap.py:272 ipaserver/plugins/sudorule.py:276 #: ipaserver/plugins/internal.py:1183 ipaserver/plugins/hbacrule.py:260 #: ipaserver/plugins/user.py:154 ipaserver/plugins/automember.py:697 #: ipaserver/plugins/baseuser.py:196 ipaserver/plugins/caacl.py:220 msgid "Users" msgstr "" #: ipaserver/plugins/selinuxusermap.py:276 ipaserver/plugins/sudorule.py:280 #: ipaserver/plugins/internal.py:872 ipaserver/plugins/internal.py:1182 #: ipaserver/plugins/hbacrule.py:264 ipaserver/plugins/caacl.py:224 #: ipaserver/plugins/group.py:314 msgid "User Groups" msgstr "" #: ipaserver/plugins/selinuxusermap.py:280 ipaserver/plugins/sudorule.py:289 #: ipaserver/plugins/internal.py:1157 ipaserver/plugins/hbacrule.py:268 #: ipaserver/plugins/automember.py:702 ipaserver/plugins/host.py:450 #: ipaserver/plugins/caacl.py:228 msgid "Hosts" msgstr "" #: ipaserver/plugins/selinuxusermap.py:284 ipaserver/plugins/sudorule.py:293 #: ipaserver/plugins/internal.py:1066 ipaserver/plugins/internal.py:1156 #: ipaserver/plugins/hbacrule.py:272 ipaserver/plugins/hostgroup.py:178 #: ipaserver/plugins/caacl.py:232 msgid "Host Groups" msgstr "" #: ipaserver/plugins/selinuxusermap.py:309 #, python-format msgid "HBAC rule %(rule)s not found" msgstr "" #: ipaserver/plugins/selinuxusermap.py:328 msgid "Create a new SELinux User Map." msgstr "" #: ipaserver/plugins/selinuxusermap.py:330 #, python-format msgid "Added SELinux User Map \"%(value)s\"" msgstr "" #: ipaserver/plugins/selinuxusermap.py:366 msgid "Delete a SELinux User Map." msgstr "" #: ipaserver/plugins/selinuxusermap.py:368 #, python-format msgid "Deleted SELinux User Map \"%(value)s\"" msgstr "" #: ipaserver/plugins/selinuxusermap.py:374 msgid "Modify a SELinux User Map." msgstr "" #: ipaserver/plugins/selinuxusermap.py:376 #, python-format msgid "Modified SELinux User Map \"%(value)s\"" msgstr "" #: ipaserver/plugins/selinuxusermap.py:446 msgid "Search for SELinux User Maps." msgstr "" #: ipaserver/plugins/selinuxusermap.py:449 #, python-format msgid "%(count)d SELinux User Map matched" msgid_plural "%(count)d SELinux User Maps matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/selinuxusermap.py:478 msgid "Display the properties of a SELinux User Map rule." msgstr "" #: ipaserver/plugins/selinuxusermap.py:489 msgid "Enable an SELinux User Map rule." msgstr "" #: ipaserver/plugins/selinuxusermap.py:491 #, python-format msgid "Enabled SELinux User Map \"%(value)s\"" msgstr "" #: ipaserver/plugins/selinuxusermap.py:519 msgid "Disable an SELinux User Map rule." msgstr "" #: ipaserver/plugins/selinuxusermap.py:521 #, python-format msgid "Disabled SELinux User Map \"%(value)s\"" msgstr "" #: ipaserver/plugins/selinuxusermap.py:549 msgid "Add users and groups to an SELinux User Map rule." msgstr "" #: ipaserver/plugins/selinuxusermap.py:564 ipaserver/plugins/sudorule.py:593 #: ipaserver/plugins/hbacrule.py:518 ipaserver/plugins/caacl.py:397 msgid "users cannot be added when user category='all'" msgstr "" #: ipaserver/plugins/selinuxusermap.py:573 msgid "Remove users and groups from an SELinux User Map rule." msgstr "" #: ipaserver/plugins/selinuxusermap.py:582 msgid "Add target hosts and hostgroups to an SELinux User Map rule." msgstr "" #: ipaserver/plugins/selinuxusermap.py:597 ipaserver/plugins/sudorule.py:647 #: ipaserver/plugins/hbacrule.py:549 ipaserver/plugins/caacl.py:429 msgid "hosts cannot be added when host category='all'" msgstr "" #: ipaserver/plugins/selinuxusermap.py:606 msgid "Remove target hosts and hostgroups from an SELinux User Map rule." msgstr "" #: ipaserver/plugins/serverrole.py:13 msgid "" "\n" "IPA server roles\n" msgstr "" #: ipaserver/plugins/serverrole.py:15 msgid "" "\n" "Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n" msgstr "" #: ipaserver/plugins/serverrole.py:17 msgid "" "\n" "The status of a role is either enabled, configured, or absent.\n" msgstr "" #: ipaserver/plugins/serverrole.py:21 msgid "" "\n" " Show status of 'DNS server' role on a server:\n" " ipa server-role-show ipa.example.com \"DNS server\"\n" msgstr "" #: ipaserver/plugins/serverrole.py:24 msgid "" "\n" " Show status of all roles containing 'AD' on a server:\n" " ipa server-role-find --server ipa.example.com --role=\"AD trust " "controller\"\n" msgstr "" #: ipaserver/plugins/serverrole.py:27 msgid "" "\n" " Show status of all configured roles on a server:\n" " ipa server-role-find ipa.example.com\n" msgstr "" #: ipaserver/plugins/serverrole.py:30 msgid "" "\n" " Show implicit IPA master role:\n" " ipa server-role-find --include-master\n" msgstr "" #: ipaserver/plugins/serverrole.py:46 msgid "server role" msgstr "" #: ipaserver/plugins/serverrole.py:47 msgid "server roles" msgstr "" #: ipaserver/plugins/serverrole.py:51 msgid "IPA Server Roles" msgstr "" #: ipaserver/plugins/serverrole.py:52 msgid "IPA Server Role" msgstr "" #: ipaserver/plugins/serverrole.py:65 msgid "IPA server role name" msgstr "" #: ipaserver/plugins/serverrole.py:71 msgid "Role status" msgstr "" #: ipaserver/plugins/serverrole.py:72 msgid "Status of the role" msgstr "" #: ipaserver/plugins/serverrole.py:89 msgid "Show role status on a server" msgstr "" #: ipaserver/plugins/serverrole.py:113 msgid "Find a server role on a server(s)" msgstr "" #: ipaserver/plugins/serverrole.py:118 #, python-format msgid "%(count)s server role matched" msgid_plural "%(count)s server roles matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/serverrole.py:139 msgid "Include IPA master entries" msgstr "" #: ipaserver/plugins/serverrole.py:192 msgid "IPA role name" msgstr "" #: ipaserver/plugins/sudorule.py:42 msgid "" "\n" "Sudo Rules\n" msgstr "" #: ipaserver/plugins/sudorule.py:44 msgid "" "\n" "Sudo (su \"do\") allows a system administrator to delegate authority to\n" "give certain users (or groups of users) the ability to run some (or all)\n" "commands as root or another user while providing an audit trail of the\n" "commands and their arguments.\n" msgstr "" #: ipaserver/plugins/sudorule.py:49 msgid "" "\n" "FreeIPA provides a means to configure the various aspects of Sudo:\n" " Users: The user(s)/group(s) allowed to invoke Sudo.\n" " Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " "Sudo.\n" " Allow Command: The specific command(s) permitted to be run via Sudo.\n" " Deny Command: The specific command(s) prohibited to be run via Sudo.\n" " RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " "invoked with.\n" " RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" " Options: The various Sudoers Options that can modify Sudo's behavior.\n" msgstr "" #: ipaserver/plugins/sudorule.py:58 msgid "" "\n" "An order can be added to a sudorule to control the order in which they\n" "are evaluated (if the client supports it). This order is an integer and\n" "must be unique.\n" msgstr "" #: ipaserver/plugins/sudorule.py:62 msgid "" "\n" "FreeIPA provides a designated binddn to use with Sudo located at:\n" "uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" msgstr "" #: ipaserver/plugins/sudorule.py:65 msgid "" "\n" "To enable the binddn run the following command to set the password:\n" "LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" "ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," "dc=com\n" msgstr "" #: ipaserver/plugins/sudorule.py:72 msgid "" "\n" " Create a new rule:\n" " ipa sudorule-add readfiles\n" msgstr "" #: ipaserver/plugins/sudorule.py:75 msgid "" "\n" " Add sudo command object and add it as allowed command in the rule:\n" " ipa sudocmd-add /usr/bin/less\n" " ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" msgstr "" #: ipaserver/plugins/sudorule.py:79 msgid "" "\n" " Add a host to the rule:\n" " ipa sudorule-add-host readfiles --hosts server.example.com\n" msgstr "" #: ipaserver/plugins/sudorule.py:82 msgid "" "\n" " Add a user to the rule:\n" " ipa sudorule-add-user readfiles --users jsmith\n" msgstr "" #: ipaserver/plugins/sudorule.py:85 msgid "" "\n" " Add a special Sudo rule for default Sudo server configuration:\n" " ipa sudorule-add defaults\n" msgstr "" #: ipaserver/plugins/sudorule.py:88 msgid "" "\n" " Set a default Sudo option:\n" " ipa sudorule-add-option defaults --sudooption '!authenticate'\n" msgstr "" #: ipaserver/plugins/sudorule.py:91 msgid "" "\n" " Set SELinux type and role transitions on a rule:\n" " ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n" " ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n" msgstr "" #: ipaserver/plugins/sudorule.py:105 msgid "this option has been deprecated." msgstr "" #: ipaserver/plugins/sudorule.py:109 msgid "host masks of allowed hosts" msgstr "" #: ipaserver/plugins/sudorule.py:132 msgid "sudo rule" msgstr "" #: ipaserver/plugins/sudorule.py:133 msgid "sudo rules" msgstr "" #: ipaserver/plugins/sudorule.py:221 msgid "Sudo Rules" msgstr "" #: ipaserver/plugins/sudorule.py:222 msgid "Sudo Rule" msgstr "" #: ipaserver/plugins/sudorule.py:252 msgid "Command category" msgstr "" #: ipaserver/plugins/sudorule.py:253 msgid "Command category the rule applies to" msgstr "" #: ipaserver/plugins/sudorule.py:258 msgid "RunAs User category" msgstr "" #: ipaserver/plugins/sudorule.py:259 msgid "RunAs User category the rule applies to" msgstr "" #: ipaserver/plugins/sudorule.py:264 msgid "RunAs Group category" msgstr "" #: ipaserver/plugins/sudorule.py:265 msgid "RunAs Group category the rule applies to" msgstr "" #: ipaserver/plugins/sudorule.py:270 msgid "Sudo order" msgstr "" #: ipaserver/plugins/sudorule.py:271 msgid "integer to order the Sudo rules" msgstr "" #: ipaserver/plugins/sudorule.py:285 msgid "External User" msgstr "" #: ipaserver/plugins/sudorule.py:286 msgid "External User the rule applies to (sudorule-find only)" msgstr "" #: ipaserver/plugins/sudorule.py:298 msgid "Host Masks" msgstr "" #: ipaserver/plugins/sudorule.py:304 msgid "Sudo Allow Commands" msgstr "" #: ipaserver/plugins/sudorule.py:308 msgid "Sudo Deny Commands" msgstr "" #: ipaserver/plugins/sudorule.py:312 msgid "Sudo Allow Command Groups" msgstr "" #: ipaserver/plugins/sudorule.py:316 msgid "Sudo Deny Command Groups" msgstr "" #: ipaserver/plugins/sudorule.py:320 msgid "RunAs Users" msgstr "" #: ipaserver/plugins/sudorule.py:321 msgid "Run as a user" msgstr "" #: ipaserver/plugins/sudorule.py:325 msgid "Groups of RunAs Users" msgstr "" #: ipaserver/plugins/sudorule.py:326 msgid "Run as any user within a specified group" msgstr "" #: ipaserver/plugins/sudorule.py:331 msgid "RunAs External User" msgstr "" #: ipaserver/plugins/sudorule.py:332 msgid "External User the commands can run as (sudorule-find only)" msgstr "" #: ipaserver/plugins/sudorule.py:336 msgid "External Groups of RunAs Users" msgstr "" #: ipaserver/plugins/sudorule.py:337 msgid "External Groups of users that the command can run as" msgstr "" #: ipaserver/plugins/sudorule.py:341 msgid "RunAs Groups" msgstr "" #: ipaserver/plugins/sudorule.py:342 msgid "Run with the gid of a specified POSIX group" msgstr "" #: ipaserver/plugins/sudorule.py:347 msgid "RunAs External Group" msgstr "" #: ipaserver/plugins/sudorule.py:348 msgid "External Group the commands can run as (sudorule-find only)" msgstr "" #: ipaserver/plugins/sudorule.py:351 ipaserver/plugins/sudorule.py:920 #: ipaserver/plugins/sudorule.py:968 msgid "Sudo Option" msgstr "" #: ipaserver/plugins/sudorule.py:357 #, python-format msgid "order must be a unique value (%(order)d already used by %(rule)s)" msgstr "" #: ipaserver/plugins/sudorule.py:379 msgid "Create new Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:388 #, python-format msgid "Added Sudo Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudorule.py:393 msgid "Delete Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:395 #, python-format msgid "Deleted Sudo Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudorule.py:400 msgid "Modify Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:402 #, python-format msgid "Modified Sudo Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudorule.py:422 #, python-format msgid "" "%(type)s category cannot be set to 'all' while there are allowed %(objects)s" msgstr "" #: ipaserver/plugins/sudorule.py:428 ipaserver/plugins/user.py:156 #: ipaserver/plugins/cert.py:1024 ipaclient/remote_plugins/2_114/host.py:1176 msgid "user" msgstr "" #: ipaserver/plugins/sudorule.py:428 ipaserver/plugins/user.py:157 msgid "users" msgstr "" #: ipaserver/plugins/sudorule.py:433 ipaserver/plugins/host.py:275 #: ipaserver/plugins/cert.py:1026 ipaclient/remote_plugins/2_114/host.py:1192 msgid "host" msgstr "" #: ipaserver/plugins/sudorule.py:433 ipaserver/plugins/idviews.py:453 #: ipaserver/plugins/idviews.py:496 ipaserver/plugins/host.py:276 msgid "hosts" msgstr "" #: ipaserver/plugins/sudorule.py:438 msgid "command" msgstr "" #: ipaserver/plugins/sudorule.py:438 msgid "commands" msgstr "" #: ipaserver/plugins/sudorule.py:444 msgid "runAs user" msgstr "" #: ipaserver/plugins/sudorule.py:444 msgid "runAs users" msgstr "" #: ipaserver/plugins/sudorule.py:449 msgid "group runAs" msgstr "" #: ipaserver/plugins/sudorule.py:449 msgid "runAs groups" msgstr "" #: ipaserver/plugins/sudorule.py:467 msgid "Search for Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:470 #, python-format msgid "%(count)d Sudo Rule matched" msgid_plural "%(count)d Sudo Rules matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/sudorule.py:476 msgid "Display Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:481 msgid "Enable a Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:504 msgid "Disable a Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:527 ipaserver/plugins/sudorule.py:558 msgid "Add commands and sudo command groups affected by Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:542 msgid "commands cannot be added when command category='all'" msgstr "" #: ipaserver/plugins/sudorule.py:550 ipaserver/plugins/sudorule.py:570 msgid "Remove commands and sudo command groups affected by Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:578 msgid "Add users and groups affected by Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:610 msgid "Remove users and groups affected by Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:628 msgid "Add hosts and hostgroups affected by Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:686 msgid "Remove hosts and hostgroups affected by Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:732 msgid "Add users and groups for Sudo to execute as." msgstr "" #: ipaserver/plugins/sudorule.py:755 ipaserver/plugins/sudorule.py:868 msgid "users cannot be added when runAs user or runAs group category='all'" msgstr "" #: ipaserver/plugins/sudorule.py:762 #, python-format msgid "RunAsUser does not accept '%(name)s' as a user name" msgstr "" #: ipaserver/plugins/sudorule.py:770 #, python-format msgid "RunAsUser does not accept '%(name)s' as a group name" msgstr "" #: ipaserver/plugins/sudorule.py:809 msgid "Remove users and groups for Sudo to execute as." msgstr "" #: ipaserver/plugins/sudorule.py:847 msgid "Add group for Sudo to execute as." msgstr "" #: ipaserver/plugins/sudorule.py:875 #, python-format msgid "RunAsGroup does not accept '%(name)s' as a group name" msgstr "" #: ipaserver/plugins/sudorule.py:895 msgid "Remove group for Sudo to execute as." msgstr "" #: ipaserver/plugins/sudorule.py:914 msgid "Add an option to the Sudo Rule." msgstr "" #: ipaserver/plugins/sudorule.py:962 msgid "Remove an option from Sudo Rule." msgstr "" #: ipaserver/plugins/automount.py:41 msgid "" "\n" "Automount\n" "\n" "Stores automount(8) configuration for autofs(8) in IPA.\n" "\n" "The base of an automount configuration is the configuration file auto." "master.\n" "This is also the base location in IPA. Multiple auto.master configurations\n" "can be stored in separate locations. A location is implementation-specific\n" "with the default being a location named 'default'. For example, you can " "have\n" "locations by geographic region, by floor, by type, etc.\n" "\n" "Automount has three basic object types: locations, maps and keys.\n" "\n" "A location defines a set of maps anchored in auto.master. This allows you\n" "to store multiple automount configurations. A location in itself isn't\n" "very interesting, it is just a point to start a new automount map.\n" "\n" "A map is roughly equivalent to a discrete automount file and provides\n" "storage for keys.\n" "\n" "A key is a mount point associated with a map.\n" "\n" "When a new location is created, two maps are automatically created for\n" "it: auto.master and auto.direct. auto.master is the root map for all\n" "automount maps for the location. auto.direct is the default map for\n" "direct mounts and is mounted on /-.\n" "\n" "An automount map may contain a submount key. This key defines a mount\n" "location within the map that references another map. This can be done\n" "either using automountmap-add-indirect --parentmap or manually\n" "with automountkey-add and setting info to \"-type=autofs :\".\n" "\n" "EXAMPLES:\n" "\n" "Locations:\n" "\n" " Create a named location, \"Baltimore\":\n" " ipa automountlocation-add baltimore\n" "\n" " Display the new location:\n" " ipa automountlocation-show baltimore\n" "\n" " Find available locations:\n" " ipa automountlocation-find\n" "\n" " Remove a named automount location:\n" " ipa automountlocation-del baltimore\n" "\n" " Show what the automount maps would look like if they were in the " "filesystem:\n" " ipa automountlocation-tofiles baltimore\n" "\n" " Import an existing configuration into a location:\n" " ipa automountlocation-import baltimore /etc/auto.master\n" "\n" " The import will fail if any duplicate entries are found. For\n" " continuous operation where errors are ignored, use the --continue\n" " option.\n" "\n" "Maps:\n" "\n" " Create a new map, \"auto.share\":\n" " ipa automountmap-add baltimore auto.share\n" "\n" " Display the new map:\n" " ipa automountmap-show baltimore auto.share\n" "\n" " Find maps in the location baltimore:\n" " ipa automountmap-find baltimore\n" "\n" " Create an indirect map with auto.share as a submount:\n" " ipa automountmap-add-indirect baltimore --parentmap=auto.share --" "mount=sub auto.man\n" "\n" " This is equivalent to:\n" "\n" " ipa automountmap-add-indirect baltimore --mount=/man auto.man\n" " ipa automountkey-add baltimore auto.man --key=sub --info=\"-" "fstype=autofs ldap:auto.share\"\n" "\n" " Remove the auto.share map:\n" " ipa automountmap-del baltimore auto.share\n" "\n" "Keys:\n" "\n" " Create a new key for the auto.share map in location baltimore. This ties\n" " the map we previously created to auto.master:\n" " ipa automountkey-add baltimore auto.master --key=/share --info=auto." "share\n" "\n" " Create a new key for our auto.share map, an NFS mount for man pages:\n" " ipa automountkey-add baltimore auto.share --key=man --info=\"-ro,soft," "rsize=8192,wsize=8192 ipa.example.com:/shared/man\"\n" "\n" " Find all keys for the auto.share map:\n" " ipa automountkey-find baltimore auto.share\n" "\n" " Find all direct automount keys:\n" " ipa automountkey-find baltimore --key=/-\n" "\n" " Remove the man key from the auto.share map:\n" " ipa automountkey-del baltimore auto.share --key=man\n" msgstr "" #: ipaserver/plugins/automount.py:218 msgid "automount location" msgstr "" #: ipaserver/plugins/automount.py:219 msgid "automount locations" msgstr "" #: ipaserver/plugins/automount.py:222 msgid "Automount Locations" msgstr "" #: ipaserver/plugins/automount.py:223 msgid "Automount Location" msgstr "" #: ipaserver/plugins/automount.py:252 ipaserver/plugins/host.py:472 #: ipaserver/plugins/server.py:132 msgid "Location" msgstr "" #: ipaserver/plugins/automount.py:253 msgid "Automount location name." msgstr "" #: ipaserver/plugins/automount.py:261 msgid "Create a new automount location." msgstr "" #: ipaserver/plugins/automount.py:263 #, python-format msgid "Added automount location \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:281 msgid "Delete an automount location." msgstr "" #: ipaserver/plugins/automount.py:283 #, python-format msgid "Deleted automount location \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:288 msgid "Display an automount location." msgstr "" #: ipaserver/plugins/automount.py:293 msgid "Search for an automount location." msgstr "" #: ipaserver/plugins/automount.py:296 #, python-format msgid "%(count)d automount location matched" msgid_plural "%(count)d automount locations matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/automount.py:303 msgid "Generate automount files for a specific location." msgstr "" #: ipaserver/plugins/automount.py:349 msgid "automount map" msgstr "" #: ipaserver/plugins/automount.py:350 msgid "automount maps" msgstr "" #: ipaserver/plugins/automount.py:358 msgid "Map" msgstr "" #: ipaserver/plugins/automount.py:359 msgid "Automount map name." msgstr "" #: ipaserver/plugins/automount.py:393 msgid "Automount Maps" msgstr "" #: ipaserver/plugins/automount.py:394 msgid "Automount Map" msgstr "" #: ipaserver/plugins/automount.py:399 msgid "Create a new automount map." msgstr "" #: ipaserver/plugins/automount.py:401 #, python-format msgid "Added automount map \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:406 msgid "Delete an automount map." msgstr "" #: ipaserver/plugins/automount.py:408 #, python-format msgid "Deleted automount map \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:426 msgid "Modify an automount map." msgstr "" #: ipaserver/plugins/automount.py:428 #, python-format msgid "Modified automount map \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:433 msgid "Search for an automount map." msgstr "" #: ipaserver/plugins/automount.py:436 #, python-format msgid "%(count)d automount map matched" msgid_plural "%(count)d automount maps matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/automount.py:443 msgid "Display an automount map." msgstr "" #: ipaserver/plugins/automount.py:448 msgid "Automount key object." msgstr "" #: ipaserver/plugins/automount.py:452 msgid "automount key" msgstr "" #: ipaserver/plugins/automount.py:453 msgid "automount keys" msgstr "" #: ipaserver/plugins/automount.py:465 ipaserver/plugins/automount.py:712 #: ipaserver/plugins/automount.py:819 ipaserver/plugins/otptoken.py:219 msgid "Key" msgstr "" #: ipaserver/plugins/automount.py:466 ipaserver/plugins/automount.py:713 #: ipaserver/plugins/automount.py:820 msgid "Automount key name." msgstr "" #: ipaserver/plugins/automount.py:471 ipaserver/plugins/automount.py:717 #: ipaserver/plugins/automount.py:824 msgid "Mount information" msgstr "" #: ipaserver/plugins/automount.py:474 msgid "description" msgstr "" #: ipaserver/plugins/automount.py:512 msgid "Automount Keys" msgstr "" #: ipaserver/plugins/automount.py:513 msgid "Automount Key" msgstr "" #: ipaserver/plugins/automount.py:514 #, python-format msgid "" "The key,info pair must be unique. A key named %(key)s with info %(info)s " "already exists" msgstr "" #: ipaserver/plugins/automount.py:515 #, python-format msgid "key named %(key)s already exists" msgstr "" #: ipaserver/plugins/automount.py:516 #, python-format msgid "The automount key %(key)s with info %(info)s does not exist" msgstr "" #: ipaserver/plugins/automount.py:566 #, python-format msgid "" "More than one entry with key %(key)s found, use --info to select specific " "entry." msgstr "" #: ipaserver/plugins/automount.py:623 msgid "Create a new automount key." msgstr "" #: ipaserver/plugins/automount.py:625 #, python-format msgid "Added automount key \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:652 msgid "Create a new indirect mount point." msgstr "" #: ipaserver/plugins/automount.py:654 #, python-format msgid "Added automount indirect map \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:659 msgid "Mount point" msgstr "" #: ipaserver/plugins/automount.py:663 msgid "Parent map" msgstr "" #: ipaserver/plugins/automount.py:664 msgid "Name of parent automount map (default: auto.master)." msgstr "" #: ipaserver/plugins/automount.py:678 msgid "mount point is relative to parent map, cannot begin with /" msgstr "" #: ipaserver/plugins/automount.py:705 msgid "Delete an automount key." msgstr "" #: ipaserver/plugins/automount.py:707 #, python-format msgid "Deleted automount key \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:746 msgid "Modify an automount key." msgstr "" #: ipaserver/plugins/automount.py:748 #, python-format msgid "Modified automount key \"%(value)s\"" msgstr "" #: ipaserver/plugins/automount.py:755 msgid "New mount information" msgstr "" #: ipaserver/plugins/automount.py:804 msgid "Search for an automount key." msgstr "" #: ipaserver/plugins/automount.py:807 #, python-format msgid "%(count)d automount key matched" msgid_plural "%(count)d automount keys matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/automount.py:814 msgid "Display an automount key." msgstr "" #: ipaserver/plugins/pwpolicy.py:43 msgid "" "\n" "Password policy\n" "\n" "A password policy sets limitations on IPA passwords, including maximum\n" "lifetime, minimum lifetime, the number of passwords to save in\n" "history, the number of character classes required (for stronger passwords)\n" "and the minimum password length.\n" "\n" "By default there is a single, global policy for all users. You can also\n" "create a password policy to apply to a group. Each user is only subject\n" "to one password policy, either the group policy or the global policy. A\n" "group policy stands alone; it is not a super-set of the global policy plus\n" "custom settings.\n" "\n" "Each group password policy requires a unique priority setting. If a user\n" "is in multiple groups that have password policies, this priority determines\n" "which password policy is applied. A lower value indicates a higher priority\n" "policy.\n" "\n" "Group password policies are automatically removed when the groups they\n" "are associated with are removed.\n" "\n" "EXAMPLES:\n" "\n" " Modify the global policy:\n" " ipa pwpolicy-mod --minlength=10\n" "\n" " Add a new group password policy:\n" " ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --" "minlength=8 --priority=10 localadmins\n" "\n" " Display the global password policy:\n" " ipa pwpolicy-show\n" "\n" " Display a group password policy:\n" " ipa pwpolicy-show localadmins\n" "\n" " Display the policy that would be applied to a given user:\n" " ipa pwpolicy-show --user=tuser1\n" "\n" " Modify a group password policy:\n" " ipa pwpolicy-mod --minclasses=2 localadmins\n" msgstr "" #: ipaserver/plugins/pwpolicy.py:92 msgid "Class of Service object used for linking policies with groups" msgstr "" #: ipaserver/plugins/pwpolicy.py:143 #, python-format msgid "priority must be a unique value (%(prio)d already used by %(gname)s)" msgstr "" #: ipaserver/plugins/pwpolicy.py:171 msgid "Add Class of Service entry" msgstr "" #: ipaserver/plugins/pwpolicy.py:194 msgid "Delete Class of Service entry" msgstr "" #: ipaserver/plugins/pwpolicy.py:200 msgid "Modify Class of Service entry" msgstr "" #: ipaserver/plugins/pwpolicy.py:218 msgid "Display Class of Service entry" msgstr "" #: ipaserver/plugins/pwpolicy.py:224 msgid "Search for Class of Service entry" msgstr "" #: ipaserver/plugins/pwpolicy.py:237 msgid "password policy" msgstr "" #: ipaserver/plugins/pwpolicy.py:238 msgid "password policies" msgstr "" #: ipaserver/plugins/pwpolicy.py:291 msgid "Password Policies" msgstr "" #: ipaserver/plugins/pwpolicy.py:292 ipaserver/plugins/internal.py:1227 msgid "Password Policy" msgstr "" #: ipaserver/plugins/pwpolicy.py:297 ipaserver/plugins/internal.py:1627 msgid "Group" msgstr "" #: ipaserver/plugins/pwpolicy.py:298 msgid "Manage password policy for specific group" msgstr "" #: ipaserver/plugins/pwpolicy.py:303 msgid "Max lifetime (days)" msgstr "" #: ipaserver/plugins/pwpolicy.py:304 msgid "Maximum password lifetime (in days)" msgstr "" #: ipaserver/plugins/pwpolicy.py:310 msgid "Min lifetime (hours)" msgstr "" #: ipaserver/plugins/pwpolicy.py:311 msgid "Minimum password lifetime (in hours)" msgstr "" #: ipaserver/plugins/pwpolicy.py:316 msgid "History size" msgstr "" #: ipaserver/plugins/pwpolicy.py:317 msgid "Password history size" msgstr "" #: ipaserver/plugins/pwpolicy.py:322 msgid "Character classes" msgstr "" #: ipaserver/plugins/pwpolicy.py:323 msgid "Minimum number of character classes" msgstr "" #: ipaserver/plugins/pwpolicy.py:329 msgid "Min length" msgstr "" #: ipaserver/plugins/pwpolicy.py:330 msgid "Minimum length of password" msgstr "" #: ipaserver/plugins/pwpolicy.py:335 ipaserver/plugins/certmap.py:304 msgid "Priority" msgstr "" #: ipaserver/plugins/pwpolicy.py:336 msgid "Priority of the policy (higher number means lower priority" msgstr "" #: ipaserver/plugins/pwpolicy.py:343 msgid "Max failures" msgstr "" #: ipaserver/plugins/pwpolicy.py:344 msgid "Consecutive failures before lockout" msgstr "" #: ipaserver/plugins/pwpolicy.py:350 msgid "Failure reset interval" msgstr "" #: ipaserver/plugins/pwpolicy.py:351 msgid "Period after which failure count will be reset (seconds)" msgstr "" #: ipaserver/plugins/pwpolicy.py:357 msgid "Lockout duration" msgstr "" #: ipaserver/plugins/pwpolicy.py:358 msgid "Period for which lockout is enforced (seconds)" msgstr "" #: ipaserver/plugins/pwpolicy.py:411 msgid "Maximum password life must be greater than minimum." msgstr "" #: ipaserver/plugins/pwpolicy.py:429 msgid "Add a new group password policy." msgstr "" #: ipaserver/plugins/pwpolicy.py:455 msgid "Delete a group password policy." msgstr "" #: ipaserver/plugins/pwpolicy.py:467 msgid "cannot delete global password policy" msgstr "" #: ipaserver/plugins/pwpolicy.py:482 msgid "Modify a group password policy." msgstr "" #: ipaserver/plugins/pwpolicy.py:496 msgid "priority cannot be set on global policy" msgstr "" #: ipaserver/plugins/pwpolicy.py:528 msgid "Display information about password policy." msgstr "" #: ipaserver/plugins/pwpolicy.py:532 ipaserver/plugins/internal.py:1181 #: ipaserver/plugins/internal.py:1292 ipaserver/plugins/internal.py:1661 #: ipaserver/plugins/user.py:155 ipaserver/plugins/baseuser.py:197 msgid "User" msgstr "" #: ipaserver/plugins/pwpolicy.py:533 msgid "Display effective policy for a specific user" msgstr "" #: ipaserver/plugins/pwpolicy.py:560 msgid "Search for group password policies." msgstr "" #: ipaserver/plugins/serverroles.py:84 #, python-brace-format msgid "{role}: role not found" msgstr "" #: ipaserver/plugins/serverroles.py:178 #, python-brace-format msgid "{attr}: no such attribute" msgstr "" #: ipaserver/plugins/domainlevel.py:18 msgid "" "\n" "Raise the IPA Domain Level.\n" msgstr "" #: ipaserver/plugins/domainlevel.py:27 msgid "Current domain level:" msgstr "" #: ipaserver/plugins/domainlevel.py:69 #, python-brace-format msgid "" "Domain Level cannot be raised to {0}, existing replication conflicts have to " "be resolved." msgstr "" #: ipaserver/plugins/domainlevel.py:93 msgid "Query current Domain Level." msgstr "" #: ipaserver/plugins/domainlevel.py:112 msgid "Server does not support domain level functionality" msgstr "" #: ipaserver/plugins/domainlevel.py:117 msgid "Change current Domain Level." msgstr "" #: ipaserver/plugins/domainlevel.py:124 ipaserver/plugins/internal.py:791 #: ipaserver/plugins/internal.py:792 msgid "Domain Level" msgstr "" #: ipaserver/plugins/domainlevel.py:147 msgid "Domain Level cannot be lowered." msgstr "" #: ipaserver/plugins/domainlevel.py:155 #, python-brace-format msgid "Domain Level cannot be raised to {0}, server {1} does not support it." msgstr "" #: ipaserver/plugins/otptoken.py:42 msgid "" "\n" "OTP Tokens\n" msgstr "" #: ipaserver/plugins/otptoken.py:44 msgid "" "\n" "Manage OTP tokens.\n" msgstr "" #: ipaserver/plugins/otptoken.py:46 msgid "" "\n" "IPA supports the use of OTP tokens for multi-factor authentication. This\n" "code enables the management of OTP tokens.\n" msgstr "" #: ipaserver/plugins/otptoken.py:51 msgid "" "\n" " Add a new token:\n" " ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" msgstr "" #: ipaserver/plugins/otptoken.py:54 msgid "" "\n" " Examine the token:\n" " ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" #: ipaserver/plugins/otptoken.py:57 msgid "" "\n" " Change the vendor:\n" " ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat" "\"\n" msgstr "" #: ipaserver/plugins/otptoken.py:60 msgid "" "\n" " Delete a token:\n" " ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" #: ipaserver/plugins/otptoken.py:137 msgid "OTP token" msgstr "" #: ipaserver/plugins/otptoken.py:138 msgid "OTP tokens" msgstr "" #: ipaserver/plugins/otptoken.py:154 msgid "OTP Tokens" msgstr "" #: ipaserver/plugins/otptoken.py:155 msgid "OTP Token" msgstr "" #: ipaserver/plugins/otptoken.py:160 msgid "Unique ID" msgstr "" #: ipaserver/plugins/otptoken.py:166 msgid "Type of the token" msgstr "" #: ipaserver/plugins/otptoken.py:175 msgid "Token description (informational only)" msgstr "" #: ipaserver/plugins/otptoken.py:179 msgid "Owner" msgstr "" #: ipaserver/plugins/otptoken.py:180 msgid "Assigned user of the token (default: self)" msgstr "" #: ipaserver/plugins/otptoken.py:183 ipaserver/plugins/baseuser.py:341 msgid "Manager" msgstr "" #: ipaserver/plugins/otptoken.py:184 msgid "Assigned manager of the token (default: self)" msgstr "" #: ipaserver/plugins/otptoken.py:189 ipaserver/plugins/internal.py:1899 msgid "Disabled" msgstr "" #: ipaserver/plugins/otptoken.py:190 msgid "Mark the token as disabled (default: false)" msgstr "" #: ipaserver/plugins/otptoken.py:194 msgid "Validity start" msgstr "" #: ipaserver/plugins/otptoken.py:195 msgid "First date/time the token can be used" msgstr "" #: ipaserver/plugins/otptoken.py:199 msgid "Validity end" msgstr "" #: ipaserver/plugins/otptoken.py:200 msgid "Last date/time the token can be used" msgstr "" #: ipaserver/plugins/otptoken.py:204 msgid "Vendor" msgstr "" #: ipaserver/plugins/otptoken.py:205 msgid "Token vendor name (informational only)" msgstr "" #: ipaserver/plugins/otptoken.py:209 msgid "Model" msgstr "" #: ipaserver/plugins/otptoken.py:210 msgid "Token model (informational only)" msgstr "" #: ipaserver/plugins/otptoken.py:214 msgid "Serial" msgstr "" #: ipaserver/plugins/otptoken.py:215 msgid "Token serial (informational only)" msgstr "" #: ipaserver/plugins/otptoken.py:220 msgid "Token secret (Base32; default: random)" msgstr "" #: ipaserver/plugins/otptoken.py:229 ipaserver/plugins/dns.py:1007 #: ipaserver/plugins/dns.py:1050 ipaserver/plugins/dns.py:1399 msgid "Algorithm" msgstr "" #: ipaserver/plugins/otptoken.py:230 msgid "Token hash algorithm" msgstr "" #: ipaserver/plugins/otptoken.py:238 msgid "Digits" msgstr "" #: ipaserver/plugins/otptoken.py:239 msgid "Number of digits each token code will have" msgstr "" #: ipaserver/plugins/otptoken.py:247 msgid "Clock offset" msgstr "" #: ipaserver/plugins/otptoken.py:248 msgid "TOTP token / FreeIPA server time difference" msgstr "" #: ipaserver/plugins/otptoken.py:255 msgid "Clock interval" msgstr "" #: ipaserver/plugins/otptoken.py:256 msgid "Length of TOTP token code validity" msgstr "" #: ipaserver/plugins/otptoken.py:264 msgid "Counter" msgstr "" #: ipaserver/plugins/otptoken.py:265 msgid "Initial counter for the HOTP token" msgstr "" #: ipaserver/plugins/otptoken.py:272 msgid "URI" msgstr "" #: ipaserver/plugins/otptoken.py:280 msgid "Add a new OTP token." msgstr "" #: ipaserver/plugins/otptoken.py:281 #, python-format msgid "Added OTP token \"%(value)s\"" msgstr "" #: ipaserver/plugins/otptoken.py:284 msgid "(deprecated)" msgstr "" #: ipaserver/plugins/otptoken.py:285 msgid "Do not display QR code" msgstr "" #: ipaserver/plugins/otptoken.py:335 msgid "cannot be empty" msgstr "" #: ipaserver/plugins/otptoken.py:366 msgid "Delete an OTP token." msgstr "" #: ipaserver/plugins/otptoken.py:367 #, python-format msgid "Deleted OTP token \"%(value)s\"" msgstr "" #: ipaserver/plugins/otptoken.py:372 msgid "Modify a OTP token." msgstr "" #: ipaserver/plugins/otptoken.py:373 #, python-format msgid "Modified OTP token \"%(value)s\"" msgstr "" #: ipaserver/plugins/otptoken.py:421 msgid "Search for OTP token." msgstr "" #: ipaserver/plugins/otptoken.py:422 #, python-format msgid "%(count)d OTP token matched" msgid_plural "%(count)d OTP tokens matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/otptoken.py:450 msgid "Display information about an OTP token." msgstr "" #: ipaserver/plugins/otptoken.py:463 msgid "Add users that can manage this token." msgstr "" #: ipaserver/plugins/otptoken.py:469 msgid "Remove users that can manage this token." msgstr "" #: ipaserver/plugins/internal.py:30 msgid "" "\n" "Plugins not accessible directly through the CLI, commands used internally\n" msgstr "" #: ipaserver/plugins/internal.py:38 msgid "Export plugin meta-data for the webUI." msgstr "" #: ipaserver/plugins/internal.py:44 ipaserver/plugins/internal.py:53 msgid "Name of object to export" msgstr "" #: ipaserver/plugins/internal.py:47 ipaserver/plugins/internal.py:56 msgid "Name of method to export" msgstr "" #: ipaserver/plugins/internal.py:59 msgid "Name of command to export" msgstr "" #: ipaserver/plugins/internal.py:64 msgid "Dict of JSON encoded IPA Objects" msgstr "" #: ipaserver/plugins/internal.py:65 msgid "Dict of JSON encoded IPA Methods" msgstr "" #: ipaserver/plugins/internal.py:66 msgid "Dict of JSON encoded IPA Commands" msgstr "" #: ipaserver/plugins/internal.py:151 msgid "Internationalization messages" msgstr "" #: ipaserver/plugins/internal.py:157 msgid "Your session has expired. Please log in again." msgstr "" #: ipaserver/plugins/internal.py:161 ipaserver/plugins/internal.py:205 msgid "Apply" msgstr "" #: ipaserver/plugins/internal.py:162 msgid "Rebuild auto membership" msgstr "" #: ipaserver/plugins/internal.py:163 msgid "Are you sure you want to rebuild auto membership?" msgstr "" #: ipaserver/plugins/internal.py:164 ipaserver/plugins/automember.py:799 msgid "Automember rebuild membership task completed" msgstr "" #: ipaserver/plugins/internal.py:165 msgid "Are you sure you want to proceed with the action?" msgstr "" #: ipaserver/plugins/internal.py:166 #, python-brace-format msgid "Are you sure you want to delete ${object}?" msgstr "" #: ipaserver/plugins/internal.py:167 #, python-brace-format msgid "Are you sure you want to disable ${object}?" msgstr "" #: ipaserver/plugins/internal.py:168 #, python-brace-format msgid "Are you sure you want to enable ${object}?" msgstr "" #: ipaserver/plugins/internal.py:169 msgid "Actions" msgstr "" #: ipaserver/plugins/internal.py:172 ipaserver/plugins/internal.py:200 #: ipaserver/plugins/internal.py:262 msgid "Add" msgstr "" #: ipaserver/plugins/internal.py:173 #, python-brace-format msgid "${count} item(s) added" msgstr "" #: ipaserver/plugins/internal.py:174 msgid "Direct Membership" msgstr "" #: ipaserver/plugins/internal.py:175 #, python-brace-format msgid "Filter available ${other_entity}" msgstr "" #: ipaserver/plugins/internal.py:176 msgid "Indirect Membership" msgstr "" #: ipaserver/plugins/internal.py:177 msgid "No entries." msgstr "" #: ipaserver/plugins/internal.py:178 #, python-brace-format msgid "Showing ${start} to ${end} of ${total} entries." msgstr "" #: ipaserver/plugins/internal.py:179 ipaserver/plugins/internal.py:277 msgid "Remove" msgstr "" #: ipaserver/plugins/internal.py:180 #, python-brace-format msgid "${count} item(s) removed" msgstr "" #: ipaserver/plugins/internal.py:181 msgid "Show Results" msgstr "" #: ipaserver/plugins/internal.py:184 msgid "Authentication indicators" msgstr "" #: ipaserver/plugins/internal.py:185 msgid "Authentication indicator" msgstr "" #: ipaserver/plugins/internal.py:186 msgid "" "

Implicit method (password) will be used if no method is chosen.

Password + Two-factor: LDAP and Kerberos allow " "authentication with either one of the authentication types but Kerberos uses " "pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " "but LDAP never does. LDAP only recognize the password and two-factor " "authentication options.

" msgstr "" #: ipaserver/plugins/internal.py:187 msgid "Add Custom Authentication Indicator" msgstr "" #: ipaserver/plugins/internal.py:188 ipaserver/plugins/internal.py:1674 #: ipaserver/plugins/passwd.py:107 ipaclient/remote_plugins/2_114/passwd.py:74 msgid "OTP" msgstr "" #: ipaserver/plugins/internal.py:189 msgid "Two factor authentication (password + OTP)" msgstr "" #: ipaserver/plugins/internal.py:190 ipaserver/plugins/internal.py:408 #: ipaserver/plugins/internal.py:1680 ipaserver/plugins/migration.py:534 #: ipaserver/plugins/baseldap.py:49 ipaserver/plugins/baseuser.py:277 #: ipaclient/plugins/otptoken.py:143 ipaclient/remote_plugins/2_114/host.py:187 msgid "Password" msgstr "" #: ipaserver/plugins/internal.py:191 msgid "RADIUS" msgstr "" #: ipaserver/plugins/internal.py:193 msgid "Hardened Password (by SPAKE or FAST)" msgstr "" #: ipaserver/plugins/internal.py:194 msgid "Disable per-user override" msgstr "" #: ipaserver/plugins/internal.py:195 msgid "" "

Per-user setting, overwrites the global setting if any option is checked." "

Password + Two-factor: LDAP and Kerberos allow " "authentication with either one of the authentication types but Kerberos uses " "pre-authentication method which requires to use armor ccache.

RADIUS with another type: Kerberos always use RADIUS, " "but LDAP never does. LDAP only recognize the password and two-factor " "authentication options.

" msgstr "" #: ipaserver/plugins/internal.py:198 ipaserver/plugins/internal.py:272 #: ipaserver/plugins/internal.py:1694 msgid "About" msgstr "" #: ipaserver/plugins/internal.py:199 msgid "Activate" msgstr "" #: ipaserver/plugins/internal.py:201 msgid "Add and Add Another" msgstr "" #: ipaserver/plugins/internal.py:202 msgid "Add and Close" msgstr "" #: ipaserver/plugins/internal.py:203 msgid "Add and Edit" msgstr "" #: ipaserver/plugins/internal.py:204 msgid "Add Many" msgstr "" #: ipaserver/plugins/internal.py:206 msgid "Back" msgstr "" #: ipaserver/plugins/internal.py:207 msgid "Cancel" msgstr "" #: ipaserver/plugins/internal.py:208 msgid "Clear" msgstr "" #: ipaserver/plugins/internal.py:209 msgid "Clear all fields on the page." msgstr "" #: ipaserver/plugins/internal.py:210 msgid "Close" msgstr "" #: ipaserver/plugins/internal.py:211 ipaserver/plugins/internal.py:1898 msgid "Disable" msgstr "" #: ipaserver/plugins/internal.py:212 ipaserver/plugins/internal.py:643 msgid "Download" msgstr "" #: ipaserver/plugins/internal.py:213 msgid "Download certificate as PEM formatted file." msgstr "" #: ipaserver/plugins/internal.py:214 msgid "Edit" msgstr "" #: ipaserver/plugins/internal.py:215 ipaserver/plugins/internal.py:1900 msgid "Enable" msgstr "" #: ipaserver/plugins/internal.py:216 ipaserver/plugins/internal.py:1208 #: ipaserver/plugins/internal.py:1709 ipaserver/plugins/aci.py:490 msgid "Filter" msgstr "" #: ipaserver/plugins/internal.py:217 msgid "Find" msgstr "" #: ipaserver/plugins/internal.py:218 msgid "Get" msgstr "" #: ipaserver/plugins/internal.py:219 msgid "Hide" msgstr "" #: ipaserver/plugins/internal.py:220 msgid "Issue" msgstr "" #: ipaserver/plugins/internal.py:221 msgid "Match" msgstr "" #: ipaserver/plugins/internal.py:222 msgid "Match users according to certificate." msgstr "" #: ipaserver/plugins/internal.py:223 msgid "Migrate" msgstr "" #: ipaserver/plugins/internal.py:224 msgid "OK" msgstr "" #: ipaserver/plugins/internal.py:225 msgid "Refresh" msgstr "" #: ipaserver/plugins/internal.py:226 msgid "Reload current settings from the server." msgstr "" #: ipaserver/plugins/internal.py:227 msgid "Delete" msgstr "" #: ipaserver/plugins/internal.py:228 ipaserver/plugins/internal.py:684 msgid "Remove hold" msgstr "" #: ipaserver/plugins/internal.py:229 msgid "Reset" msgstr "" #: ipaserver/plugins/internal.py:230 ipaserver/plugins/internal.py:1687 msgid "Reset Password" msgstr "" #: ipaserver/plugins/internal.py:231 msgid "Reset Password and Log in" msgstr "" #: ipaserver/plugins/internal.py:232 msgid "Restore" msgstr "" #: ipaserver/plugins/internal.py:233 msgid "Retry" msgstr "" #: ipaserver/plugins/internal.py:234 msgid "Revert" msgstr "" #: ipaserver/plugins/internal.py:236 msgid "Revoke" msgstr "" #: ipaserver/plugins/internal.py:237 msgid "Save" msgstr "" #: ipaserver/plugins/internal.py:238 msgid "Set" msgstr "" #: ipaserver/plugins/internal.py:239 msgid "Show" msgstr "" #: ipaserver/plugins/internal.py:240 msgid "Stage" msgstr "" #: ipaserver/plugins/internal.py:242 msgid "Update" msgstr "" #: ipaserver/plugins/internal.py:243 msgid "View" msgstr "" #: ipaserver/plugins/internal.py:246 ipaserver/plugins/internal.py:1695 msgid "Customization" msgstr "" #: ipaserver/plugins/internal.py:247 msgid "Pagination Size" msgstr "" #: ipaserver/plugins/internal.py:250 msgid "Collapse All" msgstr "" #: ipaserver/plugins/internal.py:251 msgid "Expand All" msgstr "" #: ipaserver/plugins/internal.py:252 msgid "General" msgstr "" #: ipaserver/plugins/internal.py:253 msgid "Identity Settings" msgstr "" #: ipaserver/plugins/internal.py:254 msgid "Record Settings" msgstr "" #: ipaserver/plugins/internal.py:255 #, python-brace-format msgid "${entity} ${primary_key} Settings" msgstr "" #: ipaserver/plugins/internal.py:256 msgid "Back to Top" msgstr "" #: ipaserver/plugins/internal.py:257 #, python-brace-format msgid "${entity} ${primary_key} updated" msgstr "" #: ipaserver/plugins/internal.py:260 #, python-brace-format msgid "${entity} successfully added" msgstr "" #: ipaserver/plugins/internal.py:261 msgid "Add custom value" msgstr "" #: ipaserver/plugins/internal.py:263 msgid "Available" msgstr "" #: ipaserver/plugins/internal.py:264 msgid "Some operations failed." msgstr "" #: ipaserver/plugins/internal.py:265 msgid "Operations Error" msgstr "" #: ipaserver/plugins/internal.py:266 msgid "Confirmation" msgstr "" #: ipaserver/plugins/internal.py:267 msgid "Custom value" msgstr "" #: ipaserver/plugins/internal.py:268 msgid "This page has unsaved changes. Please save or revert." msgstr "" #: ipaserver/plugins/internal.py:269 msgid "Unsaved Changes" msgstr "" #: ipaserver/plugins/internal.py:270 #, python-brace-format msgid "Edit ${entity}" msgstr "" #: ipaserver/plugins/internal.py:271 msgid "Hide details" msgstr "" #: ipaserver/plugins/internal.py:273 #, python-brace-format msgid "${product}, version: ${version}" msgstr "" #: ipaserver/plugins/internal.py:274 msgid "Prospective" msgstr "" #: ipaserver/plugins/internal.py:275 msgid "Redirection" msgstr "" #: ipaserver/plugins/internal.py:276 msgid "Select entries to be removed." msgstr "" #: ipaserver/plugins/internal.py:278 msgid "Result" msgstr "" #: ipaserver/plugins/internal.py:279 msgid "Show details" msgstr "" #: ipaserver/plugins/internal.py:280 msgid "Success" msgstr "" #: ipaserver/plugins/internal.py:281 msgid "Validation error" msgstr "" #: ipaserver/plugins/internal.py:282 msgid "Input form contains invalid or missing values." msgstr "" #: ipaserver/plugins/internal.py:285 msgid "Please try the following options:" msgstr "" #: ipaserver/plugins/internal.py:286 msgid "If the problem persists please contact the system administrator." msgstr "" #: ipaserver/plugins/internal.py:287 msgid "Refresh the page." msgstr "" #: ipaserver/plugins/internal.py:288 msgid "Reload the browser." msgstr "" #: ipaserver/plugins/internal.py:289 msgid "Return to the main page and retry the operation" msgstr "" #: ipaserver/plugins/internal.py:290 #, python-brace-format msgid "An error has occurred (${error})" msgstr "" #: ipaserver/plugins/internal.py:293 ipaclient/plugins/cert.py:190 msgid "Error" msgstr "" #: ipaserver/plugins/internal.py:294 msgid "HTTP Error" msgstr "" #: ipaserver/plugins/internal.py:295 msgid "Internal Error" msgstr "" #: ipaserver/plugins/internal.py:296 msgid "IPA Error" msgstr "" #: ipaserver/plugins/internal.py:297 msgid "No response" msgstr "" #: ipaserver/plugins/internal.py:298 msgid "Unknown Error" msgstr "" #: ipaserver/plugins/internal.py:299 msgid "URL" msgstr "" #: ipaserver/plugins/internal.py:302 #, python-brace-format msgid "${primary_key} is managed by:" msgstr "" #: ipaserver/plugins/internal.py:303 #, python-brace-format msgid "${primary_key} members:" msgstr "" #: ipaserver/plugins/internal.py:304 #, python-brace-format msgid "${primary_key} is a member of:" msgstr "" #: ipaserver/plugins/internal.py:305 #, python-brace-format msgid "${primary_key} member managers:" msgstr "" #: ipaserver/plugins/internal.py:308 msgid "Settings" msgstr "" #: ipaserver/plugins/internal.py:309 ipaserver/plugins/internal.py:1708 msgid "Search" msgstr "" #: ipaserver/plugins/internal.py:311 msgid "False" msgstr "" #: ipaserver/plugins/internal.py:314 #, python-brace-format msgid "Allow user groups to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:317 #, python-brace-format msgid "Allow user groups to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:320 #, python-brace-format msgid "Allow host groups to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:323 #, python-brace-format msgid "Allow host groups to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:326 #, python-brace-format msgid "Allow hosts to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:329 #, python-brace-format msgid "Allow hosts to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:332 #, python-brace-format msgid "Allow users to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:335 #, python-brace-format msgid "Allow users to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:337 msgid "Allowed to create keytab" msgstr "" #: ipaserver/plugins/internal.py:338 msgid "Allowed to retrieve keytab" msgstr "" #: ipaserver/plugins/internal.py:340 #, python-brace-format msgid "Disallow user groups to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:343 #, python-brace-format msgid "Disallow user groups to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:346 #, python-brace-format msgid "Disallow host groups to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:349 #, python-brace-format msgid "Disallow host groups to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:352 #, python-brace-format msgid "Disallow hosts to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:355 #, python-brace-format msgid "Disallow hosts to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:358 #, python-brace-format msgid "Disallow users to create keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:361 #, python-brace-format msgid "Disallow users to retrieve keytab of '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:365 msgid "Add Kerberos Principal Alias" msgstr "" #: ipaserver/plugins/internal.py:366 msgid "New kerberos principal alias" msgstr "" #: ipaserver/plugins/internal.py:367 msgid "Remove Kerberos Alias" msgstr "" #: ipaserver/plugins/internal.py:368 #, python-brace-format msgid "Do you want to remove kerberos alias ${alias}?" msgstr "" #: ipaserver/plugins/internal.py:371 msgid "Inherited from server configuration" msgstr "" #: ipaserver/plugins/internal.py:372 msgid "MS-PAC" msgstr "" #: ipaserver/plugins/internal.py:373 msgid "Override inherited settings" msgstr "" #: ipaserver/plugins/internal.py:374 msgid "PAD" msgstr "" #: ipaserver/plugins/internal.py:377 msgid "Authenticating" msgstr "" #: ipaserver/plugins/internal.py:379 msgid "Authentication with personal certificate failed" msgstr "" #: ipaserver/plugins/internal.py:381 msgid "" " To log in with certificate, please make sure you have valid personal certificate. " msgstr "" #: ipaserver/plugins/internal.py:385 msgid "Continue to next page" msgstr "" #: ipaserver/plugins/internal.py:387 msgid "" " To log in with username and " "password, enter them in the corresponding fields, then click 'Log " "in'." msgstr "" #: ipaserver/plugins/internal.py:390 msgid "Login failed due to an unknown reason" msgstr "" #: ipaserver/plugins/internal.py:391 msgid "Logged In As" msgstr "" #: ipaserver/plugins/internal.py:392 msgid "Authentication with Kerberos failed" msgstr "" #: ipaserver/plugins/internal.py:394 #, python-brace-format msgid "" " To log in with Kerberos, please make sure you have valid tickets (obtainable via kinit) and " "configured the " "browser correctly, then click 'Log in'." msgstr "" #: ipaserver/plugins/internal.py:399 msgid "Loading" msgstr "" #: ipaserver/plugins/internal.py:401 msgid "Kerberos Principal you entered is expired" msgstr "" #: ipaserver/plugins/internal.py:402 msgid "Loading data" msgstr "" #: ipaserver/plugins/internal.py:403 msgid "Log in" msgstr "" #: ipaserver/plugins/internal.py:404 msgid "Log In Using Certificate" msgstr "" #: ipaserver/plugins/internal.py:405 msgid "Log in using personal certificate" msgstr "" #: ipaserver/plugins/internal.py:406 ipaserver/plugins/internal.py:1696 msgid "Log out" msgstr "" #: ipaserver/plugins/internal.py:407 msgid "Log out error" msgstr "" #: ipaserver/plugins/internal.py:409 ipaserver/plugins/internal.py:1681 msgid "Password or Password+One-Time-Password" msgstr "" #: ipaserver/plugins/internal.py:410 #, python-brace-format msgid "You will be redirected in ${count}s" msgstr "" #: ipaserver/plugins/internal.py:411 msgid "Sync OTP Token" msgstr "" #: ipaserver/plugins/internal.py:412 msgid "Synchronizing" msgstr "" #: ipaserver/plugins/internal.py:413 msgid "Username" msgstr "" #: ipaserver/plugins/internal.py:414 msgid "The user account you entered is locked" msgstr "" #: ipaserver/plugins/internal.py:417 msgid "number of passwords" msgstr "" #: ipaserver/plugins/internal.py:418 msgid "seconds" msgstr "" #: ipaserver/plugins/internal.py:421 msgid "Migrating" msgstr "" #: ipaserver/plugins/internal.py:423 msgid "There was a problem with your request. Please, try again later." msgstr "" #: ipaserver/plugins/internal.py:426 msgid "Password migration was not successful" msgstr "" #: ipaserver/plugins/internal.py:428 msgid "" "

Password Migration

If you have been sent here by your " "administrator, your personal information is being migrated to a new identity " "management solution (IPA).

Please, enter your credentials in the form " "to complete the process. Upon successful login your kerberos account will be " "activated.

" msgstr "" #: ipaserver/plugins/internal.py:435 ipaserver/plugins/internal.py:1671 msgid "The password or username you entered is incorrect" msgstr "" #: ipaserver/plugins/internal.py:436 msgid "Password migration was successful" msgstr "" #: ipaserver/plugins/internal.py:440 ipaserver/plugins/internal.py:525 #: ipaserver/plugins/internal.py:1207 msgid "Attribute" msgstr "" #: ipaserver/plugins/internal.py:443 msgid "Add delegation" msgstr "" #: ipaserver/plugins/internal.py:444 msgid "Remove delegations" msgstr "" #: ipaserver/plugins/internal.py:447 ipaserver/plugins/internal.py:779 msgid "Add permission" msgstr "" #: ipaserver/plugins/internal.py:449 #, python-brace-format msgid "Add privileges into permission '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:451 msgid "Remove permissions" msgstr "" #: ipaserver/plugins/internal.py:453 #, python-brace-format msgid "Remove privileges from permission '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:457 msgid "Add privilege" msgstr "" #: ipaserver/plugins/internal.py:459 #, python-brace-format msgid "Add privilege '${primary_key}' into permissions" msgstr "" #: ipaserver/plugins/internal.py:462 #, python-brace-format msgid "Add roles into privilege '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:464 msgid "Remove privileges" msgstr "" #: ipaserver/plugins/internal.py:466 #, python-brace-format msgid "Remove privilege '${primary_key}' from permissions" msgstr "" #: ipaserver/plugins/internal.py:469 #, python-brace-format msgid "Remove roles from privilege '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:473 msgid "Role Settings" msgstr "" #: ipaserver/plugins/internal.py:474 msgid "Add role" msgstr "" #: ipaserver/plugins/internal.py:476 #, python-brace-format msgid "Add user groups into role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:479 #, python-brace-format msgid "Add hosts into role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:482 #, python-brace-format msgid "Add host groups into role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:485 #, python-brace-format msgid "Add role '${primary_key}' into privileges" msgstr "" #: ipaserver/plugins/internal.py:488 #, python-brace-format msgid "Add services into role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:491 #, python-brace-format msgid "Add users into role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:493 msgid "Remove roles" msgstr "" #: ipaserver/plugins/internal.py:495 #, python-brace-format msgid "Remove role '${primary_key}' from privileges" msgstr "" #: ipaserver/plugins/internal.py:498 #, python-brace-format msgid "Remove user groups from role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:501 #, python-brace-format msgid "Remove hosts from role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:504 #, python-brace-format msgid "Remove host groups from role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:507 #, python-brace-format msgid "Remove services from role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:510 #, python-brace-format msgid "Remove users from role '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:514 msgid "Add self service permission" msgstr "" #: ipaserver/plugins/internal.py:515 msgid "Remove self service permissions" msgstr "" #: ipaserver/plugins/internal.py:518 msgid "Add rule" msgstr "" #: ipaserver/plugins/internal.py:520 #, python-brace-format msgid "Add inclusive condition into '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:523 #, python-brace-format msgid "Add exclusive condition into '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:527 msgid "Are you sure you want to change default group?" msgstr "" #: ipaserver/plugins/internal.py:529 msgid "Default host group" msgstr "" #: ipaserver/plugins/internal.py:530 msgid "Default user group" msgstr "" #: ipaserver/plugins/internal.py:531 msgid "Exclusive" msgstr "" #: ipaserver/plugins/internal.py:532 msgid "Expression" msgstr "" #: ipaserver/plugins/internal.py:533 msgid "Host group rule" msgstr "" #: ipaserver/plugins/internal.py:534 msgid "Host group rules" msgstr "" #: ipaserver/plugins/internal.py:535 msgid "Inclusive" msgstr "" #: ipaserver/plugins/internal.py:536 msgid "Remove auto membership rules" msgstr "" #: ipaserver/plugins/internal.py:538 #, python-brace-format msgid "Remove exclusive conditions from rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:541 #, python-brace-format msgid "Remove inclusive conditions from rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:543 msgid "User group rule" msgstr "" #: ipaserver/plugins/internal.py:544 msgid "User group rules" msgstr "" #: ipaserver/plugins/internal.py:547 msgid "Add automount key" msgstr "" #: ipaserver/plugins/internal.py:548 msgid "Remove automount keys" msgstr "" #: ipaserver/plugins/internal.py:551 msgid "Add automount location" msgstr "" #: ipaserver/plugins/internal.py:552 msgid "Automount Location Settings" msgstr "" #: ipaserver/plugins/internal.py:553 msgid "Remove automount locations" msgstr "" #: ipaserver/plugins/internal.py:556 msgid "Add automount map" msgstr "" #: ipaserver/plugins/internal.py:557 msgid "Map Type" msgstr "" #: ipaserver/plugins/internal.py:558 msgid "Direct" msgstr "" #: ipaserver/plugins/internal.py:559 msgid "Indirect" msgstr "" #: ipaserver/plugins/internal.py:560 msgid "Remove automount maps" msgstr "" #: ipaserver/plugins/internal.py:563 msgid "Add certificate authority" msgstr "" #: ipaserver/plugins/internal.py:564 msgid "Remove certificate authorities" msgstr "" #: ipaserver/plugins/internal.py:567 msgid "Add CA ACL" msgstr "" #: ipaserver/plugins/internal.py:569 #, python-brace-format msgid "Add Certificate Authorities into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:573 #, python-brace-format msgid "Add user groups into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:576 #, python-brace-format msgid "Add host groups into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:579 #, python-brace-format msgid "Add hosts into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:582 #, python-brace-format msgid "Add certificate profiles into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:585 #, python-brace-format msgid "Add services into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:588 #, python-brace-format msgid "Add users into CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:590 msgid "All" msgstr "" #: ipaserver/plugins/internal.py:591 msgid "Any CA" msgstr "" #: ipaserver/plugins/internal.py:592 ipaserver/plugins/internal.py:895 #: ipaserver/plugins/internal.py:1152 ipaserver/plugins/internal.py:1274 #: ipaserver/plugins/internal.py:1429 msgid "Any Host" msgstr "" #: ipaserver/plugins/internal.py:593 ipaserver/plugins/internal.py:896 msgid "Any Service" msgstr "" #: ipaserver/plugins/internal.py:594 msgid "Any Profile" msgstr "" #: ipaserver/plugins/internal.py:595 ipaserver/plugins/internal.py:897 #: ipaserver/plugins/internal.py:1153 ipaserver/plugins/internal.py:1275 #: ipaserver/plugins/internal.py:1430 msgid "Anyone" msgstr "" #: ipaserver/plugins/internal.py:596 ipaserver/plugins/internal.py:899 #: ipaserver/plugins/internal.py:1435 msgid "Rule status" msgstr "" #: ipaserver/plugins/internal.py:597 msgid "If no CAs are specified, requests to the default CA are allowed." msgstr "" #: ipaserver/plugins/internal.py:598 ipaserver/plugins/caacl.py:216 msgid "Profiles" msgstr "" #: ipaserver/plugins/internal.py:599 msgid "Remove CA ACLs" msgstr "" #: ipaserver/plugins/internal.py:601 #, python-brace-format msgid "Remove Certificate Authorities from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:605 #, python-brace-format msgid "Remove user groups from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:608 #, python-brace-format msgid "Remove host groups from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:611 #, python-brace-format msgid "Remove hosts from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:614 #, python-brace-format msgid "Remove certificate profiles from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:617 #, python-brace-format msgid "Remove services from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:620 #, python-brace-format msgid "Remove users from CA ACL '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:622 msgid "Specified CAs" msgstr "" #: ipaserver/plugins/internal.py:623 ipaserver/plugins/internal.py:921 #: ipaserver/plugins/internal.py:1179 ipaserver/plugins/internal.py:1290 #: ipaserver/plugins/internal.py:1480 msgid "Specified Hosts and Groups" msgstr "" #: ipaserver/plugins/internal.py:624 msgid "Specified Profiles" msgstr "" #: ipaserver/plugins/internal.py:625 ipaserver/plugins/internal.py:922 msgid "Specified Services and Groups" msgstr "" #: ipaserver/plugins/internal.py:626 ipaserver/plugins/internal.py:923 #: ipaserver/plugins/internal.py:1180 ipaserver/plugins/internal.py:1291 #: ipaserver/plugins/internal.py:1481 msgid "Specified Users and Groups" msgstr "" #: ipaserver/plugins/internal.py:627 msgid "Permitted to have certificates issued" msgstr "" #: ipaserver/plugins/internal.py:630 msgid "Remove certificate profiles" msgstr "" #: ipaserver/plugins/internal.py:633 msgid "AA Compromise" msgstr "" #: ipaserver/plugins/internal.py:634 msgid "Add principal" msgstr "" #: ipaserver/plugins/internal.py:635 msgid "Affiliation Changed" msgstr "" #: ipaserver/plugins/internal.py:636 ipaserver/plugins/ca.py:339 #: ipaserver/plugins/ca.py:362 ipaserver/plugins/ca.py:402 msgid "CA" msgstr "" #: ipaserver/plugins/internal.py:637 msgid "CA Compromise" msgstr "" #: ipaserver/plugins/internal.py:639 ipaserver/plugins/internal.py:1910 msgid "Certificates" msgstr "" #: ipaserver/plugins/internal.py:640 msgid "Certificate Hold" msgstr "" #: ipaserver/plugins/internal.py:641 msgid "Cessation of Operation" msgstr "" #: ipaserver/plugins/internal.py:642 msgid "Common Name" msgstr "" #: ipaserver/plugins/internal.py:644 msgid "the certificate with serial number " msgstr "" #: ipaserver/plugins/internal.py:645 msgid "Expires On" msgstr "" #: ipaserver/plugins/internal.py:646 msgid "Issued on from" msgstr "" #: ipaserver/plugins/internal.py:647 msgid "Issued on to" msgstr "" #: ipaserver/plugins/internal.py:648 msgid "Maximum serial number" msgstr "" #: ipaserver/plugins/internal.py:649 msgid "Minimum serial number" msgstr "" #: ipaserver/plugins/internal.py:651 msgid "Revoked on from" msgstr "" #: ipaserver/plugins/internal.py:652 msgid "Revoked on to" msgstr "" #: ipaserver/plugins/internal.py:654 msgid "Valid not after from" msgstr "" #: ipaserver/plugins/internal.py:655 msgid "Valid not after to" msgstr "" #: ipaserver/plugins/internal.py:656 msgid "Valid not before from" msgstr "" #: ipaserver/plugins/internal.py:657 msgid "Valid not before to" msgstr "" #: ipaserver/plugins/internal.py:658 msgid "Fingerprints" msgstr "" #: ipaserver/plugins/internal.py:659 msgid "Get Certificate" msgstr "" #: ipaserver/plugins/internal.py:660 msgid "Certificate Hold Removed" msgstr "" #: ipaserver/plugins/internal.py:662 #, python-brace-format msgid "Issue new certificate for host '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:665 #, python-brace-format msgid "Issue new certificate for service '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:668 #, python-brace-format msgid "Issue new certificate for user '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:670 msgid "Issue new certificate" msgstr "" #: ipaserver/plugins/internal.py:671 msgid "Issued By" msgstr "" #: ipaserver/plugins/internal.py:672 msgid "Issued On" msgstr "" #: ipaserver/plugins/internal.py:673 msgid "Issued To" msgstr "" #: ipaserver/plugins/internal.py:674 msgid "Key Compromise" msgstr "" #: ipaserver/plugins/internal.py:675 msgid "No Valid Certificate" msgstr "" #: ipaserver/plugins/internal.py:676 msgid "New Certificate" msgstr "" #: ipaserver/plugins/internal.py:677 msgid "Certificate in base64 or PEM format" msgstr "" #: ipaserver/plugins/internal.py:678 msgid "Note" msgstr "" #: ipaserver/plugins/internal.py:679 msgid "Organization" msgstr "" #: ipaserver/plugins/internal.py:680 msgid "Organizational Unit" msgstr "" #: ipaserver/plugins/internal.py:681 #, python-brace-format msgid "${count} certificate(s) present" msgstr "" #: ipaserver/plugins/internal.py:682 msgid "Privilege Withdrawn" msgstr "" #: ipaserver/plugins/internal.py:683 msgid "Reason for Revocation" msgstr "" #: ipaserver/plugins/internal.py:685 msgid "Remove certificate hold" msgstr "" #: ipaserver/plugins/internal.py:686 msgid "Do you want to remove the certificate hold?" msgstr "" #: ipaserver/plugins/internal.py:687 msgid "Remove from CRL" msgstr "" #: ipaserver/plugins/internal.py:688 #, python-brace-format msgid "" "
  1. Create a certificate database or use an existing one. To create a " "new database:
    # certutil -N -d <database path>
    2. " "
  2. Create a CSR with subject CN=<${cn_name}>,O=<realm>, for example:
    # certutil -R -d <database path> -a -g " "<key size> -s 'CN=${cn},O=${realm}'${san}
  3. Copy and " "paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to " "-----END NEW CERTIFICATE REQUEST-----) into the text area below:
" msgstr "" #: ipaserver/plugins/internal.py:689 #, python-brace-format msgid " -8 '${cn}'" msgstr "" #: ipaserver/plugins/internal.py:690 msgid "Certificate requested" msgstr "" #: ipaserver/plugins/internal.py:692 msgid "Revoke certificate" msgstr "" #: ipaserver/plugins/internal.py:693 msgid "" "Do you want to revoke this certificate? Select a reason from the pull-down " "list." msgstr "" #: ipaserver/plugins/internal.py:694 msgid "Certificate Revoked" msgstr "" #: ipaserver/plugins/internal.py:695 msgid "REVOKED" msgstr "" #: ipaserver/plugins/internal.py:698 msgid "SHA1 Fingerprint" msgstr "" #: ipaserver/plugins/internal.py:699 msgid "SHA256 Fingerprint" msgstr "" #: ipaserver/plugins/internal.py:700 ipaserver/plugins/internal.py:1024 #: ipaserver/plugins/internal.py:1326 ipaserver/plugins/internal.py:1902 #: ipaserver/plugins/cert.py:1271 msgid "Status" msgstr "" #: ipaserver/plugins/internal.py:701 msgid "Superseded" msgstr "" #: ipaserver/plugins/internal.py:702 msgid "Unspecified" msgstr "" #: ipaserver/plugins/internal.py:703 msgid "Valid Certificate Present" msgstr "" #: ipaserver/plugins/internal.py:704 msgid "Valid from" msgstr "" #: ipaserver/plugins/internal.py:705 msgid "Valid to" msgstr "" #: ipaserver/plugins/internal.py:706 msgid "Validity" msgstr "" #: ipaserver/plugins/internal.py:707 #, python-brace-format msgid "Certificate for ${entity} ${primary_key}" msgstr "" #: ipaserver/plugins/internal.py:708 msgid "View Certificate" msgstr "" #: ipaserver/plugins/internal.py:711 msgid "Certificate Data" msgstr "" #: ipaserver/plugins/internal.py:712 msgid "Certificate For Match" msgstr "" #: ipaserver/plugins/internal.py:713 msgid "Certificate Mapping Match" msgstr "" #: ipaserver/plugins/internal.py:714 ipaserver/plugins/internal.py:1513 #: ipaserver/plugins/certmap.py:566 ipaserver/plugins/realmdomains.py:115 #: ipaserver/plugins/trust.py:1245 msgid "Domain" msgstr "" #: ipaserver/plugins/internal.py:715 msgid "Matched Users" msgstr "" #: ipaserver/plugins/internal.py:716 msgid "User Login" msgstr "" #: ipaserver/plugins/internal.py:719 msgid "Add certificate identity mapping rule" msgstr "" #: ipaserver/plugins/internal.py:720 msgid "Add certificate mapping data" msgstr "" #: ipaserver/plugins/internal.py:721 ipaserver/plugins/baseuser.py:404 #: ipaserver/plugins/baseuser.py:405 msgid "Certificate mapping data" msgstr "" #: ipaserver/plugins/internal.py:723 msgid "Configuration string" msgstr "" #: ipaserver/plugins/internal.py:724 #, python-brace-format msgid "Do you want to remove certificate mapping data ${data}?" msgstr "" #: ipaserver/plugins/internal.py:725 msgid "Remove certificate mapping data" msgstr "" #: ipaserver/plugins/internal.py:727 msgid "Issuer and subject" msgstr "" #: ipaserver/plugins/internal.py:728 msgid "Remove certificate identity mapping rules" msgstr "" #: ipaserver/plugins/internal.py:730 ipaserver/plugins/schema.py:153 msgid "Version" msgstr "" #: ipaserver/plugins/internal.py:733 msgid "Group Options" msgstr "" #: ipaserver/plugins/internal.py:734 msgid "Search Options" msgstr "" #: ipaserver/plugins/internal.py:735 msgid "SELinux Options" msgstr "" #: ipaserver/plugins/internal.py:736 msgid "Server Options" msgstr "" #: ipaserver/plugins/internal.py:737 msgid "Service Options" msgstr "" #: ipaserver/plugins/internal.py:738 msgid "User Options" msgstr "" #: ipaserver/plugins/internal.py:743 msgid "Forward first" msgstr "" #: ipaserver/plugins/internal.py:744 msgid "Forwarding disabled" msgstr "" #: ipaserver/plugins/internal.py:745 msgid "Forward only" msgstr "" #: ipaserver/plugins/internal.py:746 ipaserver/plugins/internal.py:1438 #: ipaserver/plugins/internal.py:1544 msgid "Options" msgstr "" #: ipaserver/plugins/internal.py:747 msgid "Update System DNS Records" msgstr "" #: ipaserver/plugins/internal.py:748 msgid "Do you want to update system DNS records?" msgstr "" #: ipaserver/plugins/internal.py:749 msgid "System DNS records updated" msgstr "" #: ipaserver/plugins/internal.py:752 msgid "Add DNS forward zone" msgstr "" #: ipaserver/plugins/internal.py:753 msgid "Remove DNS forward zones" msgstr "" #: ipaserver/plugins/internal.py:756 msgid "Add DNS resource record" msgstr "" #: ipaserver/plugins/internal.py:757 ipaclient/plugins/vault.py:981 msgid "Data" msgstr "" #: ipaserver/plugins/internal.py:758 msgid "DNS record was deleted because it contained no data." msgstr "" #: ipaserver/plugins/internal.py:759 msgid "Other Record Types" msgstr "" #: ipaserver/plugins/internal.py:760 msgid "Address not valid, can't redirect" msgstr "" #: ipaserver/plugins/internal.py:761 msgid "Create dns record" msgstr "" #: ipaserver/plugins/internal.py:762 msgid "Creating record." msgstr "" #: ipaserver/plugins/internal.py:763 msgid "Record creation failed." msgstr "" #: ipaserver/plugins/internal.py:764 msgid "Checking if record exists." msgstr "" #: ipaserver/plugins/internal.py:765 msgid "Record not found." msgstr "" #: ipaserver/plugins/internal.py:766 msgid "Redirection to PTR record" msgstr "" #: ipaserver/plugins/internal.py:767 #, python-brace-format msgid "Zone found: ${zone}" msgstr "" #: ipaserver/plugins/internal.py:768 msgid "Target reverse zone not found." msgstr "" #: ipaserver/plugins/internal.py:769 msgid "Fetching DNS zones." msgstr "" #: ipaserver/plugins/internal.py:770 msgid "An error occurred while fetching dns zones." msgstr "" #: ipaserver/plugins/internal.py:771 msgid "You will be redirected to DNS Zone." msgstr "" #: ipaserver/plugins/internal.py:772 msgid "Remove DNS resource records" msgstr "" #: ipaserver/plugins/internal.py:773 msgid "Standard Record Types" msgstr "" #: ipaserver/plugins/internal.py:774 msgid "Records for DNS Zone" msgstr "" #: ipaserver/plugins/internal.py:775 msgid "Record Type" msgstr "" #: ipaserver/plugins/internal.py:778 msgid "Add DNS zone" msgstr "" #: ipaserver/plugins/internal.py:780 #, python-brace-format msgid "Are you sure you want to add permission for DNS Zone ${object}?" msgstr "" #: ipaserver/plugins/internal.py:781 msgid "DNS Zone Settings" msgstr "" #: ipaserver/plugins/internal.py:782 msgid "Remove DNS zones" msgstr "" #: ipaserver/plugins/internal.py:783 msgid "Remove Permission" msgstr "" #: ipaserver/plugins/internal.py:784 #, python-brace-format msgid "Are you sure you want to remove permission for DNS Zone ${object}?" msgstr "" #: ipaserver/plugins/internal.py:785 msgid "Skip DNS check" msgstr "" #: ipaserver/plugins/internal.py:786 msgid "Skip overlap check" msgstr "" #: ipaserver/plugins/internal.py:787 msgid "Do you want to check if new authoritative nameserver address is in DNS" msgstr "" #: ipaserver/plugins/internal.py:788 msgid "Authoritative nameserver change" msgstr "" #: ipaserver/plugins/internal.py:793 msgid "Level" msgstr "" #: ipaserver/plugins/internal.py:794 msgid "Set Domain Level" msgstr "" #: ipaserver/plugins/internal.py:797 msgid "Add user group" msgstr "" #: ipaserver/plugins/internal.py:799 #, python-brace-format msgid "Add user groups into user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:802 #, python-brace-format msgid "Add user group '${primary_key}' into user groups" msgstr "" #: ipaserver/plugins/internal.py:805 #, python-brace-format msgid "Add user group '${primary_key}' into HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:808 #, python-brace-format msgid "Add user group '${primary_key}' into netgroups" msgstr "" #: ipaserver/plugins/internal.py:811 #, python-brace-format msgid "Add user group '${primary_key}' into roles" msgstr "" #: ipaserver/plugins/internal.py:814 #, python-brace-format msgid "Add user group '${primary_key}' into sudo rules" msgstr "" #: ipaserver/plugins/internal.py:817 #, python-brace-format msgid "Add services into user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:820 #, python-brace-format msgid "Add users into user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:823 #, python-brace-format msgid "Add groups as member managers for user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:827 #, python-brace-format msgid "Remove groups from member managers for user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:831 #, python-brace-format msgid "Add users as member managers for user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:835 #, python-brace-format msgid "Remove users from member managers for user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:838 msgid "Group Settings" msgstr "" #: ipaserver/plugins/internal.py:839 ipaserver/plugins/internal.py:1154 #: ipaserver/plugins/internal.py:1433 msgid "External" msgstr "" #: ipaserver/plugins/internal.py:840 ipaserver/plugins/internal.py:1366 msgid "Groups" msgstr "" #: ipaserver/plugins/internal.py:841 msgid "Group categories" msgstr "" #: ipaserver/plugins/internal.py:842 msgid "Change to external group" msgstr "" #: ipaserver/plugins/internal.py:843 msgid "Change to POSIX group" msgstr "" #: ipaserver/plugins/internal.py:844 msgid "Non-POSIX" msgstr "" #: ipaserver/plugins/internal.py:845 msgid "POSIX" msgstr "" #: ipaserver/plugins/internal.py:846 msgid "Remove user groups" msgstr "" #: ipaserver/plugins/internal.py:848 #, python-brace-format msgid "Remove user group '${primary_key}' from user groups" msgstr "" #: ipaserver/plugins/internal.py:851 #, python-brace-format msgid "Remove user group '${primary_key}' from netgroups" msgstr "" #: ipaserver/plugins/internal.py:854 #, python-brace-format msgid "Remove user group '${primary_key}' from roles" msgstr "" #: ipaserver/plugins/internal.py:857 #, python-brace-format msgid "Remove user group '${primary_key}' from HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:860 #, python-brace-format msgid "Remove user group '${primary_key}' from sudo rules" msgstr "" #: ipaserver/plugins/internal.py:863 #, python-brace-format msgid "Remove user groups from user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:866 #, python-brace-format msgid "Remove services from user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:869 #, python-brace-format msgid "Remove users from user group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:871 msgid "Group Type" msgstr "" #: ipaserver/plugins/internal.py:875 msgid "Add HBAC rule" msgstr "" #: ipaserver/plugins/internal.py:877 #, python-brace-format msgid "Add user groups into HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:880 #, python-brace-format msgid "Add host groups into HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:883 #, python-brace-format msgid "Add hosts into HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:886 #, python-brace-format msgid "Add HBAC service groups into HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:890 #, python-brace-format msgid "Add HBAC services into HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:893 #, python-brace-format msgid "Add users into HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:898 msgid "Accessing" msgstr "" #: ipaserver/plugins/internal.py:900 msgid "Remove HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:902 #, python-brace-format msgid "Remove user groups from HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:905 #, python-brace-format msgid "Remove host groups from HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:908 #, python-brace-format msgid "Remove hosts from HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:911 #, python-brace-format msgid "Remove HBAC service groups from HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:915 #, python-brace-format msgid "Remove HBAC services from HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:918 #, python-brace-format msgid "Remove users from HBAC rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:920 msgid "Via Service" msgstr "" #: ipaserver/plugins/internal.py:924 ipaserver/plugins/internal.py:1482 msgid "Who" msgstr "" #: ipaserver/plugins/internal.py:927 msgid "Add HBAC service" msgstr "" #: ipaserver/plugins/internal.py:929 #, python-brace-format msgid "Add HBAC service '${primary_key}' into HBAC service groups" msgstr "" #: ipaserver/plugins/internal.py:932 msgid "Remove HBAC services" msgstr "" #: ipaserver/plugins/internal.py:934 #, python-brace-format msgid "Remove HBAC service '${primary_key}' from HBAC service groups" msgstr "" #: ipaserver/plugins/internal.py:939 msgid "Add HBAC service group" msgstr "" #: ipaserver/plugins/internal.py:941 #, python-brace-format msgid "Add HBAC services into HBAC service group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:944 msgid "Remove HBAC service groups" msgstr "" #: ipaserver/plugins/internal.py:946 #, python-brace-format msgid "Remove HBAC services from HBAC service group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:952 msgid "Access Denied" msgstr "" #: ipaserver/plugins/internal.py:953 msgid "Access Granted" msgstr "" #: ipaserver/plugins/internal.py:954 msgid "Include Disabled" msgstr "" #: ipaserver/plugins/internal.py:955 msgid "Include Enabled" msgstr "" #: ipaserver/plugins/internal.py:956 msgid "HBAC Test" msgstr "" #: ipaserver/plugins/internal.py:957 msgid "Matched" msgstr "" #: ipaserver/plugins/internal.py:958 msgid "Missing values: " msgstr "" #: ipaserver/plugins/internal.py:959 msgid "New Test" msgstr "" #: ipaserver/plugins/internal.py:960 msgid "Rules" msgstr "" #: ipaserver/plugins/internal.py:961 msgid "Run Test" msgstr "" #: ipaserver/plugins/internal.py:962 #, python-brace-format msgid "Specify external ${entity}" msgstr "" #: ipaserver/plugins/internal.py:963 msgid "Unmatched" msgstr "" #: ipaserver/plugins/internal.py:966 msgid "Add host" msgstr "" #: ipaserver/plugins/internal.py:968 #, python-brace-format msgid "Add hosts managing host '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:971 #, python-brace-format msgid "Add host '${primary_key}' into host groups" msgstr "" #: ipaserver/plugins/internal.py:974 #, python-brace-format msgid "Add host '${primary_key}' into HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:977 #, python-brace-format msgid "Add host '${primary_key}' into netgroups" msgstr "" #: ipaserver/plugins/internal.py:980 #, python-brace-format msgid "Add host '${primary_key}' into roles" msgstr "" #: ipaserver/plugins/internal.py:983 #, python-brace-format msgid "Add host '${primary_key}' into sudo rules" msgstr "" #: ipaserver/plugins/internal.py:985 msgid "Host Certificate" msgstr "" #: ipaserver/plugins/internal.py:986 ipaserver/plugins/internal.py:1315 msgid "Host Name" msgstr "" #: ipaserver/plugins/internal.py:987 ipaserver/plugins/internal.py:1313 msgid "Delete Key, Unprovision" msgstr "" #: ipaserver/plugins/internal.py:988 msgid "Host Settings" msgstr "" #: ipaserver/plugins/internal.py:989 msgid "Enrolled" msgstr "" #: ipaserver/plugins/internal.py:990 msgid "Enrollment" msgstr "" #: ipaserver/plugins/internal.py:991 msgid "Fully Qualified Host Name" msgstr "" #: ipaserver/plugins/internal.py:992 msgid "Generate OTP" msgstr "" #: ipaserver/plugins/internal.py:993 msgid "Generated OTP" msgstr "" #: ipaserver/plugins/internal.py:994 msgid "Kerberos Key" msgstr "" #: ipaserver/plugins/internal.py:995 ipaserver/plugins/internal.py:1316 msgid "Kerberos Key Not Present" msgstr "" #: ipaserver/plugins/internal.py:996 msgid "Kerberos Key Present, Host Provisioned" msgstr "" #: ipaserver/plugins/internal.py:997 ipaserver/plugins/internal.py:1676 msgid "One-Time-Password" msgstr "" #: ipaserver/plugins/internal.py:998 msgid "One-Time-Password Not Present" msgstr "" #: ipaserver/plugins/internal.py:999 msgid "One-Time-Password Present" msgstr "" #: ipaserver/plugins/internal.py:1000 msgid "Reset OTP" msgstr "" #: ipaserver/plugins/internal.py:1001 msgid "Reset One-Time-Password" msgstr "" #: ipaserver/plugins/internal.py:1002 msgid "Set OTP" msgstr "" #: ipaserver/plugins/internal.py:1003 msgid "OTP set" msgstr "" #: ipaserver/plugins/internal.py:1004 msgid "Set One-Time-Password" msgstr "" #: ipaserver/plugins/internal.py:1005 msgid "Remove hosts" msgstr "" #: ipaserver/plugins/internal.py:1007 #, python-brace-format msgid "Remove hosts managing host '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1010 #, python-brace-format msgid "Remove host '${primary_key}' from host groups" msgstr "" #: ipaserver/plugins/internal.py:1013 #, python-brace-format msgid "Remove host '${primary_key}' from netgroups" msgstr "" #: ipaserver/plugins/internal.py:1016 #, python-brace-format msgid "Remove host '${primary_key}' from roles" msgstr "" #: ipaserver/plugins/internal.py:1019 #, python-brace-format msgid "Remove host '${primary_key}' from HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:1022 #, python-brace-format msgid "Remove host '${primary_key}' from sudo rules" msgstr "" #: ipaserver/plugins/internal.py:1025 ipaserver/plugins/internal.py:1327 msgid "Unprovision" msgstr "" #: ipaserver/plugins/internal.py:1026 msgid "Are you sure you want to unprovision this host?" msgstr "" #: ipaserver/plugins/internal.py:1027 msgid "Unprovisioning host" msgstr "" #: ipaserver/plugins/internal.py:1028 msgid "Host unprovisioned" msgstr "" #: ipaserver/plugins/internal.py:1031 msgid "Add host group" msgstr "" #: ipaserver/plugins/internal.py:1033 #, python-brace-format msgid "Add hosts into host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1036 #, python-brace-format msgid "Add host groups into host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1039 #, python-brace-format msgid "Add host group '${primary_key}' into host groups" msgstr "" #: ipaserver/plugins/internal.py:1042 #, python-brace-format msgid "Add host group '${primary_key}' into HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:1045 #, python-brace-format msgid "Add host group '${primary_key}' into netgroups" msgstr "" #: ipaserver/plugins/internal.py:1048 #, python-brace-format msgid "Add host group '${primary_key}' into sudo rules" msgstr "" #: ipaserver/plugins/internal.py:1051 #, python-brace-format msgid "Add groups as member managers for host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1055 #, python-brace-format msgid "Remove groups from member managers for host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1059 #, python-brace-format msgid "Add users as member managers for host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1063 #, python-brace-format msgid "Remove users from member managers for host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1067 msgid "Host Group Settings" msgstr "" #: ipaserver/plugins/internal.py:1068 msgid "Remove host groups" msgstr "" #: ipaserver/plugins/internal.py:1070 #, python-brace-format msgid "Remove host group '${primary_key}' from host groups" msgstr "" #: ipaserver/plugins/internal.py:1073 #, python-brace-format msgid "Remove host group '${primary_key}' from netgroups" msgstr "" #: ipaserver/plugins/internal.py:1076 #, python-brace-format msgid "Remove host group '${primary_key}' from HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:1079 #, python-brace-format msgid "Remove host group '${primary_key}' from sudo rules" msgstr "" #: ipaserver/plugins/internal.py:1082 #, python-brace-format msgid "Remove hosts from host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1085 #, python-brace-format msgid "Remove host groups from host group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1089 msgid "User to override" msgstr "" #: ipaserver/plugins/internal.py:1090 msgid "" "Enter trusted or IPA user login. Note: search doesn't list users from " "trusted domains." msgstr "" #: ipaserver/plugins/internal.py:1091 msgid "Enter trusted user login." msgstr "" #: ipaserver/plugins/internal.py:1092 ipaserver/plugins/internal.py:1698 msgid "Profile" msgstr "" #: ipaserver/plugins/internal.py:1095 msgid "Group to override" msgstr "" #: ipaserver/plugins/internal.py:1096 msgid "" "Enter trusted or IPA group name. Note: search doesn't list groups from " "trusted domains." msgstr "" #: ipaserver/plugins/internal.py:1097 msgid "Enter trusted group name." msgstr "" #: ipaserver/plugins/internal.py:1100 msgid "Add ID view" msgstr "" #: ipaserver/plugins/internal.py:1101 msgid "Add group ID override" msgstr "" #: ipaserver/plugins/internal.py:1102 msgid "Add user ID override" msgstr "" #: ipaserver/plugins/internal.py:1103 #, python-brace-format msgid "${primary_key} applies to:" msgstr "" #: ipaserver/plugins/internal.py:1104 ipaserver/plugins/internal.py:1105 msgid "Applied to hosts" msgstr "" #: ipaserver/plugins/internal.py:1106 msgid "Apply to host groups" msgstr "" #: ipaserver/plugins/internal.py:1108 #, python-brace-format msgid "Apply ID view '${primary_key}' on hosts of host groups" msgstr "" #: ipaserver/plugins/internal.py:1110 msgid "Apply to hosts" msgstr "" #: ipaserver/plugins/internal.py:1112 #, python-brace-format msgid "Apply ID view '${primary_key}' on hosts" msgstr "" #: ipaserver/plugins/internal.py:1114 ipaserver/plugins/host.py:580 msgid "Assigned ID View" msgstr "" #: ipaserver/plugins/internal.py:1115 #, python-brace-format msgid "${primary_key} overrides:" msgstr "" #: ipaserver/plugins/internal.py:1116 msgid "Remove ID views" msgstr "" #: ipaserver/plugins/internal.py:1117 msgid "Remove user ID overrides" msgstr "" #: ipaserver/plugins/internal.py:1118 msgid "Remove group ID overrides" msgstr "" #: ipaserver/plugins/internal.py:1119 msgid "Un-apply from host groups" msgstr "" #: ipaserver/plugins/internal.py:1120 msgid "Un-apply ID Views from hosts of hostgroups" msgstr "" #: ipaserver/plugins/internal.py:1121 msgid "Un-apply" msgstr "" #: ipaserver/plugins/internal.py:1122 msgid "Un-apply from hosts" msgstr "" #: ipaserver/plugins/internal.py:1123 msgid "Un-apply ID Views from hosts" msgstr "" #: ipaserver/plugins/internal.py:1124 msgid "Are you sure you want to un-apply ID view from selected entries?" msgstr "" #: ipaserver/plugins/internal.py:1126 #, python-brace-format msgid "Un-apply ID view '${primary_key}' from hosts" msgstr "" #: ipaserver/plugins/internal.py:1130 ipaserver/plugins/krbtpolicy.py:128 #: ipaserver/plugins/krbtpolicy.py:129 msgid "Kerberos Ticket Policy" msgstr "" #: ipaserver/plugins/internal.py:1133 msgid "Add netgroup" msgstr "" #: ipaserver/plugins/internal.py:1135 #, python-brace-format msgid "Add netgroup '${primary_key}' into netgroups" msgstr "" #: ipaserver/plugins/internal.py:1138 #, python-brace-format msgid "Add netgroups into netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1141 #, python-brace-format msgid "Add user groups into netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1144 #, python-brace-format msgid "Add hosts into netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1147 #, python-brace-format msgid "Add host groups into netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1150 #, python-brace-format msgid "Add users into netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1155 ipaserver/plugins/internal.py:1276 #: ipaserver/plugins/host.py:451 msgid "Host" msgstr "" #: ipaserver/plugins/internal.py:1158 msgid "Netgroup Settings" msgstr "" #: ipaserver/plugins/internal.py:1160 msgid "Remove netgroups" msgstr "" #: ipaserver/plugins/internal.py:1162 #, python-brace-format msgid "Remove netgroup '${primary_key}' from netgroups" msgstr "" #: ipaserver/plugins/internal.py:1165 #, python-brace-format msgid "Remove user groups from netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1168 #, python-brace-format msgid "Remove hosts from netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1171 #, python-brace-format msgid "Remove host groups from netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1174 #, python-brace-format msgid "Remove netgroups from netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1177 #, python-brace-format msgid "Remove users from netgroup '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1186 msgid "Add OTP token" msgstr "" #: ipaserver/plugins/internal.py:1188 #, python-brace-format msgid "Add users managing OTP token '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1190 #, python-brace-format msgid "" "You can use FreeOTP as a software " "OTP token application." msgstr "" #: ipaserver/plugins/internal.py:1191 msgid "Configure your token" msgstr "" #: ipaserver/plugins/internal.py:1192 msgid "" "Configure your token by scanning the QR code below. Click on the QR code if " "you see this on the device you want to configure." msgstr "" #: ipaserver/plugins/internal.py:1193 msgid "OTP Token Settings" msgstr "" #: ipaserver/plugins/internal.py:1194 msgid "Disable token" msgstr "" #: ipaserver/plugins/internal.py:1195 msgid "Enable token" msgstr "" #: ipaserver/plugins/internal.py:1196 msgid "Remove OTP tokens" msgstr "" #: ipaserver/plugins/internal.py:1198 #, python-brace-format msgid "Remove users managing OTP token '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1200 msgid "Show QR code" msgstr "" #: ipaserver/plugins/internal.py:1201 msgid "Show configuration uri" msgstr "" #: ipaserver/plugins/internal.py:1202 msgid "Counter-based (HOTP)" msgstr "" #: ipaserver/plugins/internal.py:1203 msgid "Time-based (TOTP)" msgstr "" #: ipaserver/plugins/internal.py:1206 msgid "Add Custom Attribute" msgstr "" #: ipaserver/plugins/internal.py:1209 msgid "Permission settings" msgstr "" #: ipaserver/plugins/internal.py:1210 msgid "Attribute breakdown" msgstr "" #: ipaserver/plugins/internal.py:1211 ipaserver/plugins/dns.py:1035 #: ipaserver/plugins/dns.py:1366 ipaclient/remote_plugins/2_114/dns.py:514 msgid "Target" msgstr "" #: ipaserver/plugins/internal.py:1214 msgid "Privilege Settings" msgstr "" #: ipaserver/plugins/internal.py:1217 msgid "Public key:" msgstr "" #: ipaserver/plugins/internal.py:1218 msgid "Set public key" msgstr "" #: ipaserver/plugins/internal.py:1219 ipaserver/plugins/internal.py:1337 msgid "Show/Set key" msgstr "" #: ipaserver/plugins/internal.py:1220 ipaserver/plugins/internal.py:1338 msgid "Modified: key not set" msgstr "" #: ipaserver/plugins/internal.py:1221 ipaserver/plugins/internal.py:1339 msgid "Modified" msgstr "" #: ipaserver/plugins/internal.py:1222 ipaserver/plugins/internal.py:1340 msgid "New: key not set" msgstr "" #: ipaserver/plugins/internal.py:1223 ipaserver/plugins/internal.py:1341 msgid "New: key set" msgstr "" #: ipaserver/plugins/internal.py:1226 msgid "Add password policy" msgstr "" #: ipaserver/plugins/internal.py:1228 msgid "Remove password policies" msgstr "" #: ipaserver/plugins/internal.py:1231 msgid "Add ID range" msgstr "" #: ipaserver/plugins/internal.py:1232 msgid "Range Settings" msgstr "" #: ipaserver/plugins/internal.py:1233 msgid "Base ID" msgstr "" #: ipaserver/plugins/internal.py:1234 msgid "Primary RID base" msgstr "" #: ipaserver/plugins/internal.py:1235 msgid "Range size" msgstr "" #: ipaserver/plugins/internal.py:1236 msgid "Domain SID" msgstr "" #: ipaserver/plugins/internal.py:1237 msgid "Secondary RID base" msgstr "" #: ipaserver/plugins/internal.py:1238 msgid "Remove ID ranges" msgstr "" #: ipaserver/plugins/internal.py:1239 ipaserver/plugins/idrange.py:244 #: ipaserver/plugins/trust.py:710 ipaclient/remote_plugins/2_114/trust.py:316 msgid "Range type" msgstr "" #: ipaserver/plugins/internal.py:1240 ipaserver/dcerpc_common.py:37 msgid "Active Directory domain" msgstr "" #: ipaserver/plugins/internal.py:1241 msgid "Active Directory domain with POSIX attributes" msgstr "" #: ipaserver/plugins/internal.py:1242 msgid "Detect" msgstr "" #: ipaserver/plugins/internal.py:1243 msgid "Local domain" msgstr "" #: ipaserver/plugins/internal.py:1244 msgid "IPA trust" msgstr "" #: ipaserver/plugins/internal.py:1245 msgid "Active Directory winsync" msgstr "" #: ipaserver/plugins/internal.py:1248 msgid "Add RADIUS server" msgstr "" #: ipaserver/plugins/internal.py:1249 msgid "RADIUS Proxy Server Settings" msgstr "" #: ipaserver/plugins/internal.py:1250 msgid "Remove RADIUS servers" msgstr "" #: ipaserver/plugins/internal.py:1253 ipaserver/plugins/realmdomains.py:107 #: ipaserver/plugins/realmdomains.py:108 msgid "Realm Domains" msgstr "" #: ipaserver/plugins/internal.py:1254 msgid "Check DNS" msgstr "" #: ipaserver/plugins/internal.py:1255 msgid "Do you also want to perform DNS check?" msgstr "" #: ipaserver/plugins/internal.py:1256 msgid "Force Update" msgstr "" #: ipaserver/plugins/internal.py:1261 msgid "Add SELinux user map" msgstr "" #: ipaserver/plugins/internal.py:1263 #, python-brace-format msgid "Add user groups into SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1266 #, python-brace-format msgid "Add host groups into SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1269 #, python-brace-format msgid "Add hosts into SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1272 #, python-brace-format msgid "Add users into SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1277 msgid "Remove selinux user maps" msgstr "" #: ipaserver/plugins/internal.py:1279 #, python-brace-format msgid "Remove user groups from SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1282 #, python-brace-format msgid "Remove host groups from SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1285 #, python-brace-format msgid "Remove hosts from SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1288 #, python-brace-format msgid "Remove users from SELinux user map '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1295 msgid "Server Roles" msgstr "" #: ipaserver/plugins/internal.py:1296 msgid "Server Role" msgstr "" #: ipaserver/plugins/internal.py:1299 msgid "Warning: Consider service replication" msgstr "" #: ipaserver/plugins/internal.py:1300 msgid "" "It is strongly recommended to keep the following services installed on more " "than one server:" msgstr "" #: ipaserver/plugins/internal.py:1301 msgid "Delete Server" msgstr "" #: ipaserver/plugins/internal.py:1302 msgid "" "Deleting a server removes it permanently from the topology. Note that this " "is a non-reversible action." msgstr "" #: ipaserver/plugins/internal.py:1305 msgid "Add service" msgstr "" #: ipaserver/plugins/internal.py:1307 #, python-brace-format msgid "Add hosts managing service '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1310 #, python-brace-format msgid "Add service '${primary_key}' into roles" msgstr "" #: ipaserver/plugins/internal.py:1312 msgid "Service Certificate" msgstr "" #: ipaserver/plugins/internal.py:1314 msgid "Service Settings" msgstr "" #: ipaserver/plugins/internal.py:1317 msgid "Provisioning" msgstr "" #: ipaserver/plugins/internal.py:1318 msgid "Remove services" msgstr "" #: ipaserver/plugins/internal.py:1320 #, python-brace-format msgid "Remove service '${primary_key}' from roles" msgstr "" #: ipaserver/plugins/internal.py:1323 #, python-brace-format msgid "Remove hosts managing service '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1328 msgid "Are you sure you want to unprovision this service?" msgstr "" #: ipaserver/plugins/internal.py:1329 msgid "Unprovisioning service" msgstr "" #: ipaserver/plugins/internal.py:1330 msgid "Service unprovisioned" msgstr "" #: ipaserver/plugins/internal.py:1331 msgid "Kerberos Key Present, Service Provisioned" msgstr "" #: ipaserver/plugins/internal.py:1334 msgid "SSH public keys" msgstr "" #: ipaserver/plugins/internal.py:1335 msgid "SSH public key:" msgstr "" #: ipaserver/plugins/internal.py:1336 msgid "Set SSH key" msgstr "" #: ipaserver/plugins/internal.py:1344 msgid "Are you sure you want to activate selected users?" msgstr "" #: ipaserver/plugins/internal.py:1345 #, python-brace-format msgid "Are you sure you want to activate ${object}?" msgstr "" #: ipaserver/plugins/internal.py:1346 #, python-brace-format msgid "${count} user(s) activated" msgstr "" #: ipaserver/plugins/internal.py:1347 msgid "Add stage user" msgstr "" #: ipaserver/plugins/internal.py:1348 msgid "Stage users" msgstr "" #: ipaserver/plugins/internal.py:1349 msgid "Preserved users" msgstr "" #: ipaserver/plugins/internal.py:1350 msgid "Remove preserved users" msgstr "" #: ipaserver/plugins/internal.py:1351 msgid "Remove stage users" msgstr "" #: ipaserver/plugins/internal.py:1352 msgid "Are you sure you want to stage selected users?" msgstr "" #: ipaserver/plugins/internal.py:1353 #, python-brace-format msgid "${count} users(s) staged" msgstr "" #: ipaserver/plugins/internal.py:1354 #, python-brace-format msgid "Are you sure you want to stage ${object}?" msgstr "" #: ipaserver/plugins/internal.py:1355 msgid "Are you sure you want to restore selected users?" msgstr "" #: ipaserver/plugins/internal.py:1356 #, python-brace-format msgid "Are you sure you want to restore ${object}?" msgstr "" #: ipaserver/plugins/internal.py:1357 #, python-brace-format msgid "${count} user(s) restored" msgstr "" #: ipaserver/plugins/internal.py:1358 msgid "User categories" msgstr "" #: ipaserver/plugins/internal.py:1361 msgid "Add sudo command" msgstr "" #: ipaserver/plugins/internal.py:1363 #, python-brace-format msgid "Add sudo command '${primary_key}' into sudo command groups" msgstr "" #: ipaserver/plugins/internal.py:1367 msgid "Remove sudo commands" msgstr "" #: ipaserver/plugins/internal.py:1369 #, python-brace-format msgid "Remove sudo command '${primary_key}' from sudo command groups" msgstr "" #: ipaserver/plugins/internal.py:1374 msgid "Add sudo command group" msgstr "" #: ipaserver/plugins/internal.py:1376 #, python-brace-format msgid "Add sudo commands into sudo command group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1379 ipaserver/plugins/sudocmdgroup.py:134 msgid "Commands" msgstr "" #: ipaserver/plugins/internal.py:1380 msgid "Remove sudo command groups" msgstr "" #: ipaserver/plugins/internal.py:1382 #, python-brace-format msgid "Remove sudo commands from sudo command group '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1387 msgid "Add sudo rule" msgstr "" #: ipaserver/plugins/internal.py:1388 msgid "Add sudo option" msgstr "" #: ipaserver/plugins/internal.py:1390 #, python-brace-format msgid "Add allow sudo commands into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1394 #, python-brace-format msgid "Add allow sudo command groups into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1398 #, python-brace-format msgid "Add deny sudo commands into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1402 #, python-brace-format msgid "Add deny sudo command groups into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1406 #, python-brace-format msgid "Add user groups into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1409 #, python-brace-format msgid "Add host groups into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1412 #, python-brace-format msgid "Add hosts into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1415 #, python-brace-format msgid "Add RunAs users into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1418 #, python-brace-format msgid "Add RunAs user groups into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1421 #, python-brace-format msgid "Add RunAs groups into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1424 #, python-brace-format msgid "Add users into sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1426 msgid "Allow" msgstr "" #: ipaserver/plugins/internal.py:1427 msgid "Any Command" msgstr "" #: ipaserver/plugins/internal.py:1428 msgid "Any Group" msgstr "" #: ipaserver/plugins/internal.py:1431 msgid "Run Commands" msgstr "" #: ipaserver/plugins/internal.py:1432 msgid "Deny" msgstr "" #: ipaserver/plugins/internal.py:1434 msgid "Access this host" msgstr "" #: ipaserver/plugins/internal.py:1436 msgid "Option added" msgstr "" #: ipaserver/plugins/internal.py:1437 #, python-brace-format msgid "${count} option(s) removed" msgstr "" #: ipaserver/plugins/internal.py:1439 msgid "Remove sudo rules" msgstr "" #: ipaserver/plugins/internal.py:1441 #, python-brace-format msgid "Remove allow sudo commands from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1445 #, python-brace-format msgid "Remove allow sudo command groups from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1449 #, python-brace-format msgid "Remove deny sudo commands from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1453 #, python-brace-format msgid "Remove deny sudo command groups from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1457 #, python-brace-format msgid "Remove user groups from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1460 #, python-brace-format msgid "Remove host groups from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1463 #, python-brace-format msgid "Remove hosts from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1466 #, python-brace-format msgid "Remove RunAs users from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1469 #, python-brace-format msgid "Remove RunAs user groups from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1472 #, python-brace-format msgid "Remove RunAs groups from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1475 #, python-brace-format msgid "Remove users from sudo rule '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1477 msgid "As Whom" msgstr "" #: ipaserver/plugins/internal.py:1478 msgid "Specified Commands and Groups" msgstr "" #: ipaserver/plugins/internal.py:1479 msgid "Specified Groups" msgstr "" #: ipaserver/plugins/internal.py:1485 msgid "Remove sudo options" msgstr "" #: ipaserver/plugins/internal.py:1488 msgid "Autogenerated" msgstr "" #: ipaserver/plugins/internal.py:1489 msgid "Segment details" msgstr "" #: ipaserver/plugins/internal.py:1490 msgid "Replication configuration" msgstr "" #: ipaserver/plugins/internal.py:1491 #, python-brace-format msgid "Managed topology requires minimal domain level ${domainlevel}" msgstr "" #: ipaserver/plugins/internal.py:1494 msgid "Add IPA location" msgstr "" #: ipaserver/plugins/internal.py:1496 #, python-brace-format msgid "Add IPA server into IPA location '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1498 msgid "Remove IPA locations" msgstr "" #: ipaserver/plugins/internal.py:1500 #, python-brace-format msgid "Remove IPA servers from IPA location '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1504 msgid "Add topology segment" msgstr "" #: ipaserver/plugins/internal.py:1505 msgid "Remove topology segments" msgstr "" #: ipaserver/plugins/internal.py:1508 msgid "Account" msgstr "" #: ipaserver/plugins/internal.py:1509 msgid "Add trust" msgstr "" #: ipaserver/plugins/internal.py:1510 msgid "Administrative account" msgstr "" #: ipaserver/plugins/internal.py:1511 msgid "SID blacklists" msgstr "" #: ipaserver/plugins/internal.py:1512 msgid "Trust Settings" msgstr "" #: ipaserver/plugins/internal.py:1514 msgid "Establish using" msgstr "" #: ipaserver/plugins/internal.py:1515 msgid "Fetch domains" msgstr "" #: ipaserver/plugins/internal.py:1516 ipaserver/plugins/trust.py:541 #: ipaserver/plugins/trust.py:1585 ipaclient/remote_plugins/2_114/trust.py:115 msgid "Domain NetBIOS name" msgstr "" #: ipaserver/plugins/internal.py:1517 ipaserver/plugins/trust.py:545 #: ipaserver/plugins/trust.py:1588 ipaclient/remote_plugins/2_114/trust.py:119 msgid "Domain Security Identifier" msgstr "" #: ipaserver/plugins/internal.py:1518 msgid "Pre-shared password" msgstr "" #: ipaserver/plugins/internal.py:1519 msgid "Remove trusts" msgstr "" #: ipaserver/plugins/internal.py:1520 msgid "Remove domains" msgstr "" #: ipaserver/plugins/internal.py:1521 ipaserver/plugins/trust.py:556 msgid "Trust direction" msgstr "" #: ipaserver/plugins/internal.py:1522 ipaserver/plugins/trust.py:564 msgid "Trust status" msgstr "" #: ipaserver/plugins/internal.py:1523 ipaserver/plugins/trust.py:560 msgid "Trust type" msgstr "" #: ipaserver/plugins/internal.py:1524 msgid "Alternative UPN suffixes" msgstr "" #: ipaserver/plugins/internal.py:1528 msgid "User attributes for SMB services" msgstr "" #: ipaserver/plugins/internal.py:1531 msgid "Path to a script executed on a Windows system at logon" msgstr "" #: ipaserver/plugins/internal.py:1534 msgid "Path to a user profile, in UNC format \\\\server\\share\\" msgstr "" #: ipaserver/plugins/internal.py:1537 msgid "Path to a user home directory, in UNC format" msgstr "" #: ipaserver/plugins/internal.py:1540 msgid "Drive to mount a home directory" msgstr "" #: ipaserver/plugins/internal.py:1547 msgid "Account Settings" msgstr "" #: ipaserver/plugins/internal.py:1548 msgid "Account Status" msgstr "" #: ipaserver/plugins/internal.py:1549 msgid "Active users" msgstr "" #: ipaserver/plugins/internal.py:1550 msgid "Add user" msgstr "" #: ipaserver/plugins/internal.py:1552 #, python-brace-format msgid "Add user '${primary_key}' into user groups" msgstr "" #: ipaserver/plugins/internal.py:1555 #, python-brace-format msgid "Add user '${primary_key}' into HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:1558 #, python-brace-format msgid "Add user '${primary_key}' into netgroups" msgstr "" #: ipaserver/plugins/internal.py:1561 #, python-brace-format msgid "Add user '${primary_key}' into roles" msgstr "" #: ipaserver/plugins/internal.py:1564 #, python-brace-format msgid "Add user '${primary_key}' into sudo rules" msgstr "" #: ipaserver/plugins/internal.py:1566 msgid "Contact Settings" msgstr "" #: ipaserver/plugins/internal.py:1567 msgid "Delete mode" msgstr "" #: ipaserver/plugins/internal.py:1568 msgid "Employee Information" msgstr "" #: ipaserver/plugins/internal.py:1569 msgid "Error changing account status" msgstr "" #: ipaserver/plugins/internal.py:1570 msgid "Password expiration" msgstr "" #: ipaserver/plugins/internal.py:1571 msgid "Mailing Address" msgstr "" #: ipaserver/plugins/internal.py:1572 msgid "Misc. Information" msgstr "" #: ipaserver/plugins/internal.py:1573 msgid "delete" msgstr "" #: ipaserver/plugins/internal.py:1574 msgid "preserve" msgstr "" #: ipaserver/plugins/internal.py:1575 msgid "No private group" msgstr "" #: ipaserver/plugins/internal.py:1576 msgid "Remove users" msgstr "" #: ipaserver/plugins/internal.py:1578 #, python-brace-format msgid "Remove user '${primary_key}' from user groups" msgstr "" #: ipaserver/plugins/internal.py:1581 #, python-brace-format msgid "Remove user '${primary_key}' from netgroups" msgstr "" #: ipaserver/plugins/internal.py:1584 #, python-brace-format msgid "Remove user '${primary_key}' from roles" msgstr "" #: ipaserver/plugins/internal.py:1587 #, python-brace-format msgid "Remove user '${primary_key}' from HBAC rules" msgstr "" #: ipaserver/plugins/internal.py:1590 #, python-brace-format msgid "Remove user '${primary_key}' from sudo rules" msgstr "" #: ipaserver/plugins/internal.py:1592 #, python-brace-format msgid "" "Are you sure you want to ${action} the user?
The change will take effect " "immediately." msgstr "" #: ipaserver/plugins/internal.py:1593 #, python-brace-format msgid "Click to ${action}" msgstr "" #: ipaserver/plugins/internal.py:1594 msgid "Unlock" msgstr "" #: ipaserver/plugins/internal.py:1595 #, python-brace-format msgid "Are you sure you want to unlock user ${object}?" msgstr "" #: ipaserver/plugins/internal.py:1598 msgid "Add vault" msgstr "" #: ipaserver/plugins/internal.py:1600 #, python-brace-format msgid "Add user groups into members of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1603 #, python-brace-format msgid "Add services into members of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1606 #, python-brace-format msgid "Add users into members of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1609 #, python-brace-format msgid "Add user groups into owners of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1612 #, python-brace-format msgid "Add services into owners of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1615 #, python-brace-format msgid "Add users into owners of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1618 msgid "" "Secrets can be added/retrieved to vault only by using vault-archive and " "vault-retrieve from CLI." msgstr "" #: ipaserver/plugins/internal.py:1622 msgid "" "Content of 'standard' vaults can be seen by users with higher privileges " "(admins)." msgstr "" #: ipaserver/plugins/internal.py:1625 msgid "Asymmetric" msgstr "" #: ipaserver/plugins/internal.py:1626 msgid "Vaults Config" msgstr "" #: ipaserver/plugins/internal.py:1628 msgid "Members" msgstr "" #: ipaserver/plugins/internal.py:1629 msgid "My User Vaults" msgstr "" #: ipaserver/plugins/internal.py:1630 msgid "Owners" msgstr "" #: ipaserver/plugins/internal.py:1631 msgid "Remove vaults" msgstr "" #: ipaserver/plugins/internal.py:1633 #, python-brace-format msgid "Remove user groups from members of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1636 #, python-brace-format msgid "Remove services from members of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1639 #, python-brace-format msgid "Remove users from members of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1642 #, python-brace-format msgid "Remove user groups from owners of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1645 #, python-brace-format msgid "Remove services from owners of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1648 #, python-brace-format msgid "Remove users from owners of vault '${primary_key}'" msgstr "" #: ipaserver/plugins/internal.py:1651 msgid "Service Vaults" msgstr "" #: ipaserver/plugins/internal.py:1652 msgid "Shared" msgstr "" #: ipaserver/plugins/internal.py:1653 msgid "Shared Vaults" msgstr "" #: ipaserver/plugins/internal.py:1654 msgid "Standard" msgstr "" #: ipaserver/plugins/internal.py:1655 msgid "Symmetric" msgstr "" #: ipaserver/plugins/internal.py:1656 msgid "Vault Type" msgstr "" #: ipaserver/plugins/internal.py:1658 msgid "" "Only standard vaults can be created in WebUI, use CLI for other types of " "vaults." msgstr "" #: ipaserver/plugins/internal.py:1662 msgid "User Vaults" msgstr "" #: ipaserver/plugins/internal.py:1666 ipaserver/plugins/passwd.py:98 msgid "Current Password" msgstr "" #: ipaserver/plugins/internal.py:1667 msgid "Current password is required" msgstr "" #: ipaserver/plugins/internal.py:1668 #, python-brace-format msgid "Your password expires in ${days} days." msgstr "" #: ipaserver/plugins/internal.py:1669 msgid "First OTP" msgstr "" #: ipaserver/plugins/internal.py:1672 ipaserver/plugins/passwd.py:95 msgid "New Password" msgstr "" #: ipaserver/plugins/internal.py:1673 msgid "New password is required" msgstr "" #: ipaserver/plugins/internal.py:1675 msgid "" " One-Time-Password(OTP): " "Generate new OTP code for each OTP field." msgstr "" #: ipaserver/plugins/internal.py:1677 msgid "Token synchronization failed" msgstr "" #: ipaserver/plugins/internal.py:1678 msgid "The username, password or token codes are not correct" msgstr "" #: ipaserver/plugins/internal.py:1679 msgid "Token was synchronized" msgstr "" #: ipaserver/plugins/internal.py:1682 msgid "Password change complete" msgstr "" #: ipaserver/plugins/internal.py:1684 msgid "Your password has expired. Please enter a new password." msgstr "" #: ipaserver/plugins/internal.py:1685 msgid "Passwords must match" msgstr "" #: ipaserver/plugins/internal.py:1686 msgid "Password reset was not successful." msgstr "" #: ipaserver/plugins/internal.py:1688 msgid "Reset your password." msgstr "" #: ipaserver/plugins/internal.py:1689 msgid "Second OTP" msgstr "" #: ipaserver/plugins/internal.py:1690 ipaclient/plugins/otptoken.py:149 msgid "Token ID" msgstr "" #: ipaserver/plugins/internal.py:1691 msgid "Verify Password" msgstr "" #: ipaserver/plugins/internal.py:1697 ipaclient/plugins/vault.py:373 msgid "Change password" msgstr "" #: ipaserver/plugins/internal.py:1701 msgid "Are you sure you want to delete selected entries?" msgstr "" #: ipaserver/plugins/internal.py:1702 #, python-brace-format msgid "${count} item(s) deleted" msgstr "" #: ipaserver/plugins/internal.py:1703 msgid "Are you sure you want to disable selected entries?" msgstr "" #: ipaserver/plugins/internal.py:1704 #, python-brace-format msgid "${count} item(s) disabled" msgstr "" #: ipaserver/plugins/internal.py:1705 msgid "Are you sure you want to enable selected entries?" msgstr "" #: ipaserver/plugins/internal.py:1706 #, python-brace-format msgid "${count} item(s) enabled" msgstr "" #: ipaserver/plugins/internal.py:1707 msgid "Some entries were not deleted" msgstr "" #: ipaserver/plugins/internal.py:1710 msgid "Quick Links" msgstr "" #: ipaserver/plugins/internal.py:1711 msgid "Select All" msgstr "" #: ipaserver/plugins/internal.py:1712 #, python-brace-format msgid "" "Query returned more results than the configured size limit. Displaying the " "first ${counter} results." msgstr "" #: ipaserver/plugins/internal.py:1713 msgid "Unselect All" msgstr "" #: ipaserver/plugins/internal.py:1717 msgid "" "

Browser Kerberos Setup

\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1721 msgid "" "

Firefox

\n" "\n" "

\n" " You can configure Firefox to use Kerberos for Single Sign-on. " "The following instructions will guide you in configuring your web browser to " "send your Kerberos credentials to the appropriate Key Distribution Center " "which enables Single Sign-on.\n" "

\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1733 msgid "" "
    \n" "
  1. \n" "

    \n" "Import " "Certificate Authority certificate\n" "

    \n" "

    \n" " Make sure you select all three checkboxes.\n" "

    \n" "
    2. \n" "
  2. \n" " In the address bar of Firefox, type about:config to display the list of current configuration options.\n" "
    3. \n" "
  3. \n" " In the Filter field, type negotiate to restrict " "the list of options.\n" "
    4. \n" "
  4. \n" " Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.\n" "
    5. \n" "
  5. \n" " Enter the name of the domain against which you want to " "authenticate, for example, .example.com.\n" "
    6. \n" "
  6. Return to Web UI
    7. \n" "
\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1769 msgid "" "

Chrome

\n" "\n" "

\n" " You can configure Chrome to use Kerberos for Single Sign-on. The " "following instructions will guide you in configuring your web browser to " "send your Kerberos credentials to the appropriate Key Distribution Center " "which enables Single Sign-on.\n" "

\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1781 msgid "" "

Import CA Certificate

\n" "
    \n" "
  1. \n" " Download the CA certificate. " "Alternatively, if the host is also an IdM client, you can find the " "certificate in /etc/ipa/ca.crt.\n" "
    2. \n" "
  2. \n" " Click the menu button with the Customize and control " "Google Chrome tooltip, which is by default in the top right-hand corner " "of Chrome, and click Settings.\n" "
    3. \n" "
  3. \n" " Click Show advanced settings to display more " "options, and then click the Manage certificates button located " "under the HTTPS/SSL heading.\n" "
    4. \n" "
  4. \n" " In the Authorities tab, click the Import " "button at the bottom.\n" "
    5. \n" "
  5. Select the CA certificate file that you downloaded in the first step.\n" "
\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1810 msgid "" "

\n" " Enable SPNEGO (Simple and Protected GSSAPI Negotiation " "Mechanism) to Use Kerberos Authentication\n" " in Chrome\n" "

\n" "
    \n" "
  1. \n" " Make sure you have the necessary directory created by " "running:\n" "
    \n" " [root@client]# mkdir -p /etc/opt/chrome/policies/" "managed/\n" "
    \n" "
    2. \n" "
  2. \n" " Create a new /etc/opt/chrome/policies/managed/mydomain." "json file with write privileges limited to the system administrator " "or root, and include the following line:\n" "
    \n" " { \"AuthServerWhitelist\": \"*.example.com\" }\n" "
    \n" "
    \n" " You can do this by running:\n" "
    \n" "
    \n" " [root@server]# echo '{ \"AuthServerWhitelist\": \"*.example.com\" }' > /etc/opt/chrome/policies/" "managed/mydomain.json\n" "
    \n" "
    3. \n" "
\n" "
    \n" "

    \n" "Note: If using Chromium, use /etc/chromium/policies/" "managed/ instead of /etc/opt/chrome/policies/managed/ " "for the two SPNEGO Chrome configuration steps above.\n" "

    \n" "
\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1855 msgid "" "

Internet Explorer

\n" "

WARNING: Internet Explorer is no longer a supported " "browser.

\n" "

\n" " Once you are able to log into the workstation with your kerberos " "key you are now able to use that ticket in Internet Explorer.\n" "

\n" "

\n" msgstr "" #: ipaserver/plugins/internal.py:1866 msgid "" "Log into the Windows machine using an account of your Kerberos realm " "(administrative domain)\n" "

\n" "

\n" "In Internet Explorer, click Tools, and then click Internet Options.\n" "

\n" "
\n" "
    \n" "
  1. Click the Security tab
    2. \n" "
  2. Click Local intranet
    3. \n" "
  3. Click Sites
    4. \n" "
  4. Click Advanced
    5. \n" "
  5. Add your domain to the list
    6. \n" "
\n" "
    \n" "
  1. Click the Security tab
    2. \n" "
  2. Click Local intranet
    3. \n" "
  3. Click Custom Level
    4. \n" "
  4. Select Automatic logon only in Intranet zone
    5. \n" "
\n" "\n" "
    \n" "
  1. Visit a kerberized web site using IE (You must use the fully-qualified " "Domain Name in the URL)
    2. \n" "
  2. You are all set.
    3. \n" "
\n" "
\n" "\n" msgstr "" #: ipaserver/plugins/internal.py:1903 msgid "Working" msgstr "" #: ipaserver/plugins/internal.py:1906 msgid "Audit" msgstr "" #: ipaserver/plugins/internal.py:1907 msgid "Authentication" msgstr "" #: ipaserver/plugins/internal.py:1908 ipaserver/plugins/automember.py:818 msgid "Automember" msgstr "" #: ipaserver/plugins/internal.py:1909 msgid "Automount" msgstr "" #: ipaserver/plugins/internal.py:1911 msgid "DNS" msgstr "" #: ipaserver/plugins/internal.py:1912 msgid "Host-Based Access Control" msgstr "" #: ipaserver/plugins/internal.py:1913 msgid "Identity" msgstr "" #: ipaserver/plugins/internal.py:1914 ipaserver/plugins/location.py:157 #: ipaserver/plugins/server.py:71 msgid "IPA Server" msgstr "" #: ipaserver/plugins/internal.py:1915 msgid "Network Services" msgstr "" #: ipaserver/plugins/internal.py:1916 msgid "Policy" msgstr "" #: ipaserver/plugins/internal.py:1917 msgid "Role-Based Access Control" msgstr "" #: ipaserver/plugins/internal.py:1918 msgid "Sudo" msgstr "" #: ipaserver/plugins/internal.py:1919 msgid "Topology" msgstr "" #: ipaserver/plugins/internal.py:1920 ipaserver/plugins/trust.py:530 msgid "Trusts" msgstr "" #: ipaserver/plugins/internal.py:1922 msgid "True" msgstr "" #: ipaserver/plugins/internal.py:1924 msgid "" "

Unable to verify your Kerberos credentials

\n" "

\n" " Please make sure that you have valid Kerberos tickets " "(obtainable via kinit), and that you have configured your " "browser correctly.\n" "

\n" "\n" "

Browser configuration

\n" "\n" "
\n" "

\n" " If this is your first time, please configure your browser.\n" "

\n" "
\n" msgstr "" #: ipaserver/plugins/internal.py:1941 msgid "API Browser" msgstr "" #: ipaserver/plugins/internal.py:1942 msgid "First" msgstr "" #: ipaserver/plugins/internal.py:1943 msgid "Last" msgstr "" #: ipaserver/plugins/internal.py:1944 msgid "Next" msgstr "" #: ipaserver/plugins/internal.py:1945 msgid "Page" msgstr "" #: ipaserver/plugins/internal.py:1946 msgid "Prev" msgstr "" #: ipaserver/plugins/internal.py:1947 msgid "Undo" msgstr "" #: ipaserver/plugins/internal.py:1948 msgid "Undo this change." msgstr "" #: ipaserver/plugins/internal.py:1949 msgid "Undo All" msgstr "" #: ipaserver/plugins/internal.py:1950 msgid "Undo all changes in this field." msgstr "" #: ipaserver/plugins/internal.py:1952 msgid "Text does not match field pattern" msgstr "" #: ipaserver/plugins/internal.py:1953 msgid "Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")" msgstr "" #: ipaserver/plugins/internal.py:1954 msgid "Must be a decimal number" msgstr "" #: ipaserver/plugins/internal.py:1955 msgid "Format error" msgstr "" #: ipaserver/plugins/internal.py:1956 msgid "Must be an integer" msgstr "" #: ipaserver/plugins/internal.py:1957 msgid "Not a valid IP address" msgstr "" #: ipaserver/plugins/internal.py:1958 msgid "Not a valid IPv4 address" msgstr "" #: ipaserver/plugins/internal.py:1959 msgid "Not a valid IPv6 address" msgstr "" #: ipaserver/plugins/internal.py:1960 #, python-brace-format msgid "Maximum value is ${value}" msgstr "" #: ipaserver/plugins/internal.py:1961 #, python-brace-format msgid "Minimum value is ${value}" msgstr "" #: ipaserver/plugins/internal.py:1962 msgid "Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)" msgstr "" #: ipaserver/plugins/internal.py:1963 msgid "Parse error" msgstr "" #: ipaserver/plugins/internal.py:1964 msgid "Must be a positive number" msgstr "" #: ipaserver/plugins/internal.py:1965 #, python-brace-format msgid "'${port}' is not a valid port" msgstr "" #: ipaserver/plugins/internal.py:1966 msgid "Required field" msgstr "" #: ipaserver/plugins/internal.py:1967 msgid "Unsupported value" msgstr "" #: ipaserver/plugins/internal.py:1972 msgid "Dict of I18N messages" msgstr "" #: ipaserver/plugins/servicedelegation.py:26 msgid "" "\n" "Service Constrained Delegation\n" "\n" "Manage rules to allow constrained delegation of credentials so\n" "that a service can impersonate a user when communicating with another\n" "service without requiring the user to actually forward their TGT.\n" "This makes for a much better method of delegating credentials as it\n" "prevents exposure of the short term secret of the user.\n" "\n" "The naming convention is to append the word \"target\" or \"targets\" to\n" "a matching rule name. This is not mandatory but helps conceptually\n" "to associate rules and targets.\n" "\n" "A rule consists of two things:\n" " - A list of targets the rule applies to\n" " - A list of memberPrincipals that are allowed to delegate for\n" " those targets\n" "\n" "A target consists of a list of principals that can be delegated.\n" "\n" "In English, a rule says that this principal can delegate as this\n" "list of principals, as defined by these targets.\n" "\n" "In both a rule and a target Kerberos principals may be specified\n" "by their name or an alias and the realm can be omitted. Additionally,\n" "hosts can be specified by their names. If Kerberos principal specified\n" "has a single component and does not end with '$' sign, it will be treated\n" "as a host name. Kerberos principal names ending with '$' are typically\n" "used as aliases for Active Directory-related services.\n" "\n" "EXAMPLES:\n" "\n" " Add a new constrained delegation rule:\n" " ipa servicedelegationrule-add ftp-delegation\n" "\n" " Add a new constrained delegation target:\n" " ipa servicedelegationtarget-add ftp-delegation-target\n" "\n" " Add a principal to the rule:\n" " ipa servicedelegationrule-add-member --principals=ftp/ipa.example." "com ftp-delegation\n" "\n" " Add a host principal of the host 'ipa.example.com' to the rule:\n" " ipa servicedelegationrule-add-member --principals=ipa.example.com " "ftp-delegation\n" "\n" " Add our target to the rule:\n" " ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-" "delegation-target ftp-delegation\n" "\n" " Add a principal to the target:\n" " ipa servicedelegationtarget-add-member --principals=ldap/ipa.example." "com ftp-delegation-target\n" "\n" " Display information about a named delegation rule and target:\n" " ipa servicedelegationrule_show ftp-delegation\n" " ipa servicedelegationtarget_show ftp-delegation-target\n" "\n" " Remove a constrained delegation:\n" " ipa servicedelegationrule-del ftp-delegation-target\n" " ipa servicedelegationtarget-del ftp-delegation\n" "\n" "In this example the ftp service can get a TGT for the ldap service on\n" "the bound user's behalf.\n" "\n" "It is strongly discouraged to modify the delegations that ship with\n" "IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n" "ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n" "to delegate, causing the framework to stop functioning.\n" msgstr "" #: ipaserver/plugins/servicedelegation.py:162 #: ipaserver/plugins/delegation.py:75 ipaserver/plugins/delegation.py:76 msgid "Delegation name" msgstr "" #: ipaserver/plugins/servicedelegation.py:167 msgid "Allowed Target" msgstr "" #: ipaserver/plugins/servicedelegation.py:172 msgid "Allowed to Impersonate" msgstr "" #: ipaserver/plugins/servicedelegation.py:177 msgid "Member principals" msgstr "" #: ipaserver/plugins/servicedelegation.py:189 #, python-format msgid "Malformed principal: %(error)s" msgstr "" #: ipaserver/plugins/servicedelegation.py:199 msgid "Add target to a named service delegation." msgstr "" #: ipaserver/plugins/servicedelegation.py:213 #: ipaserver/plugins/servicedelegation.py:303 #: ipaserver/plugins/baseldap.py:1633 #, python-format msgid "member %s" msgstr "" #: ipaserver/plugins/servicedelegation.py:287 msgid "Remove member from a named service delegation." msgstr "" #: ipaserver/plugins/servicedelegation.py:378 #: ipaserver/plugins/servicedelegation.py:411 msgid "service delegation rule" msgstr "" #: ipaserver/plugins/servicedelegation.py:379 msgid "service delegation rules" msgstr "" #: ipaserver/plugins/servicedelegation.py:390 msgid "Service delegation rules" msgstr "" #: ipaserver/plugins/servicedelegation.py:391 msgid "Service delegation rule" msgstr "" #: ipaserver/plugins/servicedelegation.py:396 msgid "Create a new service delegation rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:398 #, python-format msgid "Added service delegation rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/servicedelegation.py:403 msgid "Delete service delegation." msgstr "" #: ipaserver/plugins/servicedelegation.py:405 #, python-format msgid "Deleted service delegation \"%(value)s\"" msgstr "" #: ipaserver/plugins/servicedelegation.py:413 msgid "privileged service delegation rule" msgstr "" #: ipaserver/plugins/servicedelegation.py:420 msgid "Search for service delegations rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:423 #, python-format msgid "%(count)d service delegation rule matched" msgid_plural "%(count)d service delegation rules matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/servicedelegation.py:430 msgid "Display information about a named service delegation rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:435 msgid "Add member to a named service delegation rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:444 msgid "Remove member from a named service delegation rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:452 msgid "Add target to a named service delegation rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:462 msgid "Remove target from a named service delegation rule." msgstr "" #: ipaserver/plugins/servicedelegation.py:471 #: ipaserver/plugins/servicedelegation.py:500 msgid "service delegation target" msgstr "" #: ipaserver/plugins/servicedelegation.py:472 msgid "service delegation targets" msgstr "" #: ipaserver/plugins/servicedelegation.py:479 msgid "Service delegation targets" msgstr "" #: ipaserver/plugins/servicedelegation.py:480 msgid "Service delegation target" msgstr "" #: ipaserver/plugins/servicedelegation.py:485 msgid "Create a new service delegation target." msgstr "" #: ipaserver/plugins/servicedelegation.py:487 #, python-format msgid "Added service delegation target \"%(value)s\"" msgstr "" #: ipaserver/plugins/servicedelegation.py:492 msgid "Delete service delegation target." msgstr "" #: ipaserver/plugins/servicedelegation.py:494 #, python-format msgid "Deleted service delegation target \"%(value)s\"" msgstr "" #: ipaserver/plugins/servicedelegation.py:502 msgid "privileged service delegation target" msgstr "" #: ipaserver/plugins/servicedelegation.py:509 msgid "Search for service delegation target." msgstr "" #: ipaserver/plugins/servicedelegation.py:512 #, python-format msgid "%(count)d service delegation target matched" msgid_plural "%(count)d service delegation targets matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/servicedelegation.py:545 msgid "Display information about a named service delegation target." msgstr "" #: ipaserver/plugins/servicedelegation.py:550 msgid "Add member to a named service delegation target." msgstr "" #: ipaserver/plugins/servicedelegation.py:559 msgid "Remove member from a named service delegation target." msgstr "" #: ipaserver/plugins/batch.py:35 msgid "" "\n" "Plugin to make multiple ipa calls via one remote procedure call\n" "\n" "To run this code in the lite-server\n" "\n" "curl -H \"Content-Type:application/json\" -H \"Accept:application/" "json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" "etc/ipa/ca.crt -d @batch_request.json -X POST http://" "localhost:8888/ipa/json\n" "\n" "where the contents of the file batch_request.json follow the below example\n" "\n" "{\"method\":\"batch\",\"params\":[[\n" " {\"method\":\"group_find\",\"params\":[[],{}]},\n" " {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all" "\":\"true\"}]},\n" " {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" " ],{}],\"id\":1}\n" "\n" "The format of the response is nested the same way. At the top you will see\n" " \"error\": null,\n" " \"id\": 1,\n" " \"result\": {\n" " \"count\": 3,\n" " \"results\": [\n" "\n" "\n" "And then a nested response for each IPA command method sent in the request\n" "\n" msgstr "" #: ipaserver/plugins/batch.py:71 msgid "Make multiple ipa calls via one remote procedure call" msgstr "" #: ipaserver/plugins/batch.py:76 ipaclient/remote_plugins/2_114/batch.py:57 msgid "Nested Methods to execute" msgstr "" #: ipaserver/plugins/batch.py:122 msgid "must contain a tuple (list, dict)" msgstr "" #: ipaserver/plugins/privilege.py:37 msgid "" "\n" "Privileges\n" "\n" "A privilege combines permissions into a logical task. A permission provides\n" "the rights to do a single task. There are some IPA operations that require\n" "multiple permissions to succeed. A privilege is where permissions are\n" "combined in order to perform a specific task.\n" "\n" "For example, adding a user requires the following permissions:\n" " * Creating a new user entry\n" " * Resetting a user password\n" " * Adding the new user to the default IPA users group\n" "\n" "Combining these three low-level tasks into a higher level task in the\n" "form of a privilege named \"Add User\" makes it easier to manage Roles.\n" "\n" "A privilege may not contain other privileges.\n" "\n" "See role and permission for additional information.\n" msgstr "" #: ipaserver/plugins/privilege.py:76 #, python-format msgid "" "cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a " "privilege" msgstr "" #: ipaserver/plugins/privilege.py:106 msgid "privilege" msgstr "" #: ipaserver/plugins/privilege.py:107 msgid "privileges" msgstr "" #: ipaserver/plugins/privilege.py:148 ipaclient/remote_plugins/2_114/role.py:94 msgid "Privileges" msgstr "" #: ipaserver/plugins/privilege.py:149 msgid "Privilege" msgstr "" #: ipaserver/plugins/privilege.py:154 msgid "Privilege name" msgstr "" #: ipaserver/plugins/privilege.py:160 msgid "Privilege description" msgstr "" #: ipaserver/plugins/privilege.py:167 msgid "Add a new privilege." msgstr "" #: ipaserver/plugins/privilege.py:169 #, python-format msgid "Added privilege \"%(value)s\"" msgstr "" #: ipaserver/plugins/privilege.py:174 msgid "Delete a privilege." msgstr "" #: ipaserver/plugins/privilege.py:176 #, python-format msgid "Deleted privilege \"%(value)s\"" msgstr "" #: ipaserver/plugins/privilege.py:181 msgid "Modify a privilege." msgstr "" #: ipaserver/plugins/privilege.py:183 #, python-format msgid "Modified privilege \"%(value)s\"" msgstr "" #: ipaserver/plugins/privilege.py:188 msgid "Search for privileges." msgstr "" #: ipaserver/plugins/privilege.py:191 #, python-format msgid "%(count)d privilege matched" msgid_plural "%(count)d privileges matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/privilege.py:197 msgid "Display information about a privilege." msgstr "" #: ipaserver/plugins/privilege.py:202 msgid "Add members to a privilege." msgstr "" #: ipaserver/plugins/privilege.py:209 msgid "Remove members from a privilege" msgstr "" #: ipaserver/plugins/privilege.py:215 msgid "Add permissions to a privilege." msgstr "" #: ipaserver/plugins/privilege.py:230 msgid "Number of permissions added" msgstr "" #: ipaserver/plugins/privilege.py:244 msgid "Remove permissions from a privilege." msgstr "" #: ipaserver/plugins/privilege.py:262 msgid "Number of permissions removed" msgstr "" #: ipaserver/plugins/idviews.py:59 ipaclient/remote_plugins/2_114/idviews.py:19 msgid "" "\n" "ID Views\n" "\n" "Manage ID Views\n" "\n" "IPA allows to override certain properties of users and groups per each " "host.\n" "This functionality is primarily used to allow migration from older systems " "or\n" "other Identity Management solutions.\n" msgstr "" #: ipaserver/plugins/idviews.py:72 ipaserver/plugins/idviews.py:123 #: ipaserver/plugins/idviews.py:131 ipaserver/plugins/idviews.py:351 #: ipaserver/plugins/idviews.py:803 msgid "ID View" msgstr "" #: ipaserver/plugins/idviews.py:74 msgid "system ID View" msgstr "" #: ipaserver/plugins/idviews.py:80 msgid "Fallback to AD DC LDAP" msgstr "" #: ipaserver/plugins/idviews.py:81 msgid "" "Allow falling back to AD DC LDAP when resolving AD trusted objects. For two-" "way trusts only." msgstr "" #: ipaserver/plugins/idviews.py:124 ipaserver/plugins/idviews.py:130 msgid "ID Views" msgstr "" #: ipaserver/plugins/idviews.py:136 msgid "ID View Name" msgstr "" #: ipaserver/plugins/idviews.py:145 msgid "User object overrides" msgstr "" #: ipaserver/plugins/idviews.py:149 msgid "Group object overrides" msgstr "" #: ipaserver/plugins/idviews.py:153 msgid "Hosts the view applies to" msgstr "" #: ipaserver/plugins/idviews.py:159 ipaserver/plugins/config.py:315 msgid "Domain resolution order" msgstr "" #: ipaserver/plugins/idviews.py:160 ipaserver/plugins/config.py:316 msgid "colon-separated list of domains used for short name qualification" msgstr "" #: ipaserver/plugins/idviews.py:195 msgid "Add a new ID View." msgstr "" #: ipaserver/plugins/idviews.py:196 #, python-format msgid "Added ID View \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:212 msgid "Delete an ID View." msgstr "" #: ipaserver/plugins/idviews.py:213 #, python-format msgid "Deleted ID View \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:225 msgid "Modify an ID View." msgstr "" #: ipaserver/plugins/idviews.py:226 #, python-format msgid "Modified an ID View \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:241 msgid "Search for an ID View." msgstr "" #: ipaserver/plugins/idviews.py:242 #, python-format msgid "%(count)d ID View matched" msgid_plural "%(count)d ID Views matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/idviews.py:248 msgid "Display information about an ID View." msgstr "" #: ipaserver/plugins/idviews.py:253 msgid "Enumerate all the hosts the view applies to." msgstr "" #: ipaserver/plugins/idviews.py:352 msgid "Default Trust View cannot be applied on hosts" msgstr "" #: ipaserver/plugins/idviews.py:380 ipaserver/plugins/idviews.py:413 msgid "not found" msgstr "" #: ipaserver/plugins/idviews.py:394 msgid "ID View cannot be applied to IPA master" msgstr "" #: ipaserver/plugins/idviews.py:411 msgid "ID View already applied" msgstr "" #: ipaserver/plugins/idviews.py:431 msgid "value" msgstr "" #: ipaserver/plugins/idviews.py:440 msgid "" "Applies ID View to specified hosts or current members of specified " "hostgroups. If any other ID View is applied to the host, it is overridden." msgstr "" #: ipaserver/plugins/idviews.py:444 #, python-format msgid "ID View applied to %i host." msgstr "" #: ipaserver/plugins/idviews.py:445 #, python-format msgid "ID View applied to %i hosts." msgstr "" #: ipaserver/plugins/idviews.py:452 msgid "Hosts to apply the ID View to" msgstr "" #: ipaserver/plugins/idviews.py:457 msgid "" "Hostgroups to whose hosts apply the ID View to. Please note that view is not " "applied automatically to any hosts added to the hostgroup after running the " "idview-apply command." msgstr "" #: ipaserver/plugins/idviews.py:460 ipaserver/plugins/idviews.py:503 msgid "hostgroups" msgstr "" #: ipaserver/plugins/idviews.py:468 msgid "Hosts that this ID View was applied to." msgstr "" #: ipaserver/plugins/idviews.py:472 msgid "Hosts or hostgroups that this ID View could not be applied to." msgstr "" #: ipaserver/plugins/idviews.py:477 msgid "Number of hosts the ID View was applied to:" msgstr "" #: ipaserver/plugins/idviews.py:484 msgid "" "Clears ID View from specified hosts or current members of specified " "hostgroups." msgstr "" #: ipaserver/plugins/idviews.py:487 #, python-format msgid "ID View cleared from %i host." msgstr "" #: ipaserver/plugins/idviews.py:488 #, python-format msgid "ID View cleared from %i hosts." msgstr "" #: ipaserver/plugins/idviews.py:495 msgid "Hosts to clear (any) ID View from." msgstr "" #: ipaserver/plugins/idviews.py:500 msgid "" "Hostgroups whose hosts should have ID Views cleared. Note that view is not " "cleared automatically from any host added to the hostgroup after running " "idview-unapply command." msgstr "" #: ipaserver/plugins/idviews.py:511 msgid "Hosts that ID View was cleared from." msgstr "" #: ipaserver/plugins/idviews.py:515 msgid "Hosts or hostgroups that ID View could not be cleared from." msgstr "" #: ipaserver/plugins/idviews.py:520 msgid "Number of hosts that had a ID View was unset:" msgstr "" #: ipaserver/plugins/idviews.py:556 msgid "" "You are trying to reference a magic private group which is not allowed to be " "overridden. Try overriding the GID attribute of the corresponding user " "instead." msgstr "" #: ipaserver/plugins/idviews.py:594 msgid "IPA object" msgstr "" #: ipaserver/plugins/idviews.py:595 msgid "" "system IPA objects (e.g. system groups, user private groups) cannot be " "overridden" msgstr "" #: ipaserver/plugins/idviews.py:689 #, python-format msgid "Anchor '%(anchor)s' could not be resolved." msgstr "" #: ipaserver/plugins/idviews.py:736 msgid "Anchor to override" msgstr "" #: ipaserver/plugins/idviews.py:804 msgid "Default Trust View cannot contain IPA users" msgstr "" #: ipaserver/plugins/idviews.py:848 msgid "Add a new ID override." msgstr "" #: ipaserver/plugins/idviews.py:849 #, python-format msgid "Added ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:864 msgid "Delete an ID override." msgstr "" #: ipaserver/plugins/idviews.py:865 #, python-format msgid "Deleted ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:888 msgid "Modify an ID override." msgstr "" #: ipaserver/plugins/idviews.py:889 #, python-format msgid "Modified an ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:896 msgid "ID override" msgstr "" #: ipaserver/plugins/idviews.py:897 msgid "ID overrides cannot be renamed" msgstr "" #: ipaserver/plugins/idviews.py:909 msgid "Search for an ID override." msgstr "" #: ipaserver/plugins/idviews.py:910 #, python-format msgid "%(count)d ID override matched" msgid_plural "%(count)d ID overrides matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/idviews.py:922 msgid "Display information about an ID override." msgstr "" #: ipaserver/plugins/idviews.py:934 ipaserver/plugins/idviews.py:938 msgid "User ID override" msgstr "" #: ipaserver/plugins/idviews.py:935 ipaserver/plugins/idviews.py:937 msgid "User ID overrides" msgstr "" #: ipaserver/plugins/idviews.py:984 ipaserver/plugins/baseuser.py:205 msgid "User login" msgstr "" #: ipaserver/plugins/idviews.py:989 ipaserver/plugins/baseuser.py:294 msgid "UID" msgstr "" #: ipaserver/plugins/idviews.py:990 msgid "User ID Number" msgstr "" #: ipaserver/plugins/idviews.py:994 ipaserver/plugins/baseuser.py:238 msgid "GECOS" msgstr "" #: ipaserver/plugins/idviews.py:997 ipaserver/plugins/idviews.py:1092 #: ipaserver/plugins/baseuser.py:299 ipaserver/plugins/group.py:334 msgid "GID" msgstr "" #: ipaserver/plugins/idviews.py:998 ipaserver/plugins/idviews.py:1093 #: ipaserver/plugins/baseuser.py:300 ipaclient/remote_plugins/2_114/user.py:153 msgid "Group ID Number" msgstr "" #: ipaserver/plugins/idviews.py:1003 ipaserver/plugins/baseuser.py:235 msgid "Home directory" msgstr "" #: ipaserver/plugins/idviews.py:1007 ipaserver/plugins/baseuser.py:244 msgid "Login shell" msgstr "" #: ipaserver/plugins/idviews.py:1014 ipaserver/plugins/host.py:565 #: ipaserver/plugins/baseuser.py:348 ipaclient/remote_plugins/2_114/host.py:159 msgid "SSH public key" msgstr "" #: ipaserver/plugins/idviews.py:1021 ipaserver/plugins/certmap.py:606 #: ipaserver/plugins/baseuser.py:399 ipaserver/plugins/baseuser.py:839 msgid "Base-64 encoded user certificate" msgstr "" #: ipaserver/plugins/idviews.py:1057 ipaserver/plugins/idviews.py:1061 msgid "Group ID override" msgstr "" #: ipaserver/plugins/idviews.py:1058 ipaserver/plugins/idviews.py:1060 msgid "Group ID overrides" msgstr "" #: ipaserver/plugins/idviews.py:1087 ipaserver/plugins/group.py:323 msgid "Group name" msgstr "" #: ipaserver/plugins/idviews.py:1102 msgid "Add one or more certificates to the idoverrideuser entry" msgstr "" #: ipaserver/plugins/idviews.py:1103 #, python-format msgid "Added certificates to idoverrideuser \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1125 msgid "Remove one or more certificates to the idoverrideuser entry" msgstr "" #: ipaserver/plugins/idviews.py:1126 #, python-format msgid "Removed certificates from idoverrideuser \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1149 msgid "Add a new User ID override." msgstr "" #: ipaserver/plugins/idviews.py:1150 #, python-format msgid "Added User ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1174 msgid "Delete an User ID override." msgstr "" #: ipaserver/plugins/idviews.py:1175 #, python-format msgid "Deleted User ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1180 msgid "Modify an User ID override." msgstr "" #: ipaserver/plugins/idviews.py:1181 #, python-format msgid "Modified an User ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1212 msgid "Search for an User ID override." msgstr "" #: ipaserver/plugins/idviews.py:1213 #, python-format msgid "%(count)d User ID override matched" msgid_plural "%(count)d User ID overrides matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/idviews.py:1236 msgid "Display information about an User ID override." msgstr "" #: ipaserver/plugins/idviews.py:1248 msgid "Add a new Group ID override." msgstr "" #: ipaserver/plugins/idviews.py:1249 #, python-format msgid "Added Group ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1254 msgid "Delete an Group ID override." msgstr "" #: ipaserver/plugins/idviews.py:1255 #, python-format msgid "Deleted Group ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1260 msgid "Modify an Group ID override." msgstr "" #: ipaserver/plugins/idviews.py:1261 #, python-format msgid "Modified an Group ID override \"%(value)s\"" msgstr "" #: ipaserver/plugins/idviews.py:1266 msgid "Search for an Group ID override." msgstr "" #: ipaserver/plugins/idviews.py:1267 #, python-format msgid "%(count)d Group ID override matched" msgid_plural "%(count)d Group ID overrides matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/idviews.py:1282 msgid "Display information about an Group ID override." msgstr "" #: ipaserver/plugins/krbtpolicy.py:27 msgid "" "\n" "Kerberos ticket policy\n" "\n" "There is a single Kerberos ticket policy. This policy defines the\n" "maximum ticket lifetime and the maximum renewal age, the period during\n" "which the ticket is renewable.\n" "\n" "You can also create a per-user ticket policy by specifying the user login.\n" "\n" "For changes to the global policy to take effect, restarting the KDC service\n" "is required, which can be achieved using:\n" "\n" "service krb5kdc restart\n" "\n" "Changes to per-user policies take effect immediately for newly requested\n" "tickets (e.g. when the user next runs kinit).\n" "\n" "EXAMPLES:\n" "\n" " Display the current Kerberos ticket policy:\n" " ipa krbtpolicy-show\n" "\n" " Reset the policy to the default:\n" " ipa krbtpolicy-reset\n" "\n" " Modify the policy to 8 hours max life, 1-day max renewal:\n" " ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400\n" "\n" " Display effective Kerberos ticket policy for user 'admin':\n" " ipa krbtpolicy-show admin\n" "\n" " Reset per-user policy for user 'admin':\n" " ipa krbtpolicy-reset admin\n" "\n" " Modify per-user policy for user 'admin':\n" " ipa krbtpolicy-mod admin --maxlife=3600\n" msgstr "" #: ipaserver/plugins/krbtpolicy.py:86 msgid "kerberos ticket policy settings" msgstr "" #: ipaserver/plugins/krbtpolicy.py:134 ipaserver/plugins/passwd.py:88 #: ipaserver/plugins/hbactest.py:270 msgid "User name" msgstr "" #: ipaserver/plugins/krbtpolicy.py:135 msgid "Manage ticket policy for specific user" msgstr "" #: ipaserver/plugins/krbtpolicy.py:140 msgid "Max life" msgstr "" #: ipaserver/plugins/krbtpolicy.py:141 msgid "Maximum ticket life (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:146 msgid "Max renew" msgstr "" #: ipaserver/plugins/krbtpolicy.py:147 msgid "Maximum renewable age (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:152 msgid "OTP max life" msgstr "" #: ipaserver/plugins/krbtpolicy.py:153 msgid "OTP token maximum ticket life (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:157 msgid "OTP max renew" msgstr "" #: ipaserver/plugins/krbtpolicy.py:158 msgid "OTP token ticket maximum renewable age (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:162 msgid "RADIUS max life" msgstr "" #: ipaserver/plugins/krbtpolicy.py:163 msgid "RADIUS maximum ticket life (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:167 msgid "RADIUS max renew" msgstr "" #: ipaserver/plugins/krbtpolicy.py:168 msgid "RADIUS ticket maximum renewable age (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:172 msgid "PKINIT max life" msgstr "" #: ipaserver/plugins/krbtpolicy.py:173 msgid "PKINIT maximum ticket life (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:177 msgid "PKINIT max renew" msgstr "" #: ipaserver/plugins/krbtpolicy.py:178 msgid "PKINIT ticket maximum renewable age (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:182 msgid "Hardened max life" msgstr "" #: ipaserver/plugins/krbtpolicy.py:183 msgid "Hardened ticket maximum ticket life (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:187 msgid "Hardened max renew" msgstr "" #: ipaserver/plugins/krbtpolicy.py:188 msgid "Hardened ticket maximum renewable age (seconds)" msgstr "" #: ipaserver/plugins/krbtpolicy.py:221 msgid "Modify Kerberos ticket policy." msgstr "" #: ipaserver/plugins/krbtpolicy.py:246 msgid "Display the current Kerberos ticket policy." msgstr "" #: ipaserver/plugins/krbtpolicy.py:272 #, python-format msgid "Ticket policy for %s could not be read" msgstr "" #: ipaserver/plugins/krbtpolicy.py:292 msgid "Default ticket policy could not be read" msgstr "" #: ipaserver/plugins/krbtpolicy.py:300 msgid "Reset Kerberos ticket policy to the default values." msgstr "" #: ipaserver/plugins/dns.py:94 msgid "" "\n" "Domain Name System (DNS)\n" msgstr "" #: ipaserver/plugins/dns.py:96 msgid "" "\n" "Manage DNS zone and resource records.\n" msgstr "" #: ipaserver/plugins/dns.py:98 msgid "" "\n" "SUPPORTED ZONE TYPES\n" "\n" " * Master zone (dnszone-*), contains authoritative data.\n" " * Forward zone (dnsforwardzone-*), forwards queries to configured " "forwarders\n" " (a set of DNS servers).\n" msgstr "" #: ipaserver/plugins/dns.py:104 msgid "" "\n" "USING STRUCTURED PER-TYPE OPTIONS\n" msgstr "" #: ipaserver/plugins/dns.py:106 msgid "" "\n" "There are many structured DNS RR types where DNS data stored in LDAP server\n" "is not just a scalar value, for example an IP address or a domain name, but\n" "a data structure which may be often complex. A good example is a LOC record\n" "[RFC1876] which consists of many mandatory and optional parts (degrees,\n" "minutes, seconds of latitude and longitude, altitude or precision).\n" msgstr "" #: ipaserver/plugins/dns.py:112 msgid "" "\n" "It may be difficult to manipulate such DNS records without making a mistake\n" "and entering an invalid value. DNS module provides an abstraction over " "these\n" "raw records and allows to manipulate each RR type with specific options. " "For\n" "each supported RR type, DNS module provides a standard option to manipulate\n" "a raw records with format ---rec, e.g. --mx-rec, and special " "options\n" "for every part of the RR structure with format ---, e.g.\n" "--mx-preference and --mx-exchanger.\n" msgstr "" #: ipaserver/plugins/dns.py:120 msgid "" "\n" "When adding a record, either RR specific options or standard option for a " "raw\n" "value can be used, they just should not be combined in one add operation. " "When\n" "modifying an existing entry, new RR specific options can be used to change\n" "one part of a DNS record, where the standard option for raw value is used\n" "to specify the modified value. The following example demonstrates\n" "a modification of MX record preference from 0 to 1 in a record without\n" "modifying the exchanger:\n" "ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" msgstr "" #: ipaserver/plugins/dns.py:129 msgid "" "\n" "\n" "EXAMPLES:\n" msgstr "" #: ipaserver/plugins/dns.py:132 msgid "" "\n" " Add new zone:\n" " ipa dnszone-add example.com --admin-email=admin@example.com\n" msgstr "" #: ipaserver/plugins/dns.py:135 msgid "" "\n" " Add system permission that can be used for per-zone privilege delegation:\n" " ipa dnszone-add-permission example.com\n" msgstr "" #: ipaserver/plugins/dns.py:138 msgid "" "\n" " Modify the zone to allow dynamic updates for hosts own records in realm " "EXAMPLE.COM:\n" " ipa dnszone-mod example.com --dynamic-update=TRUE\n" msgstr "" #: ipaserver/plugins/dns.py:141 msgid "" "\n" " This is the equivalent of:\n" " ipa dnszone-mod example.com --dynamic-update=TRUE \\\n" " --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM " "krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n" msgstr "" #: ipaserver/plugins/dns.py:145 msgid "" "\n" " Modify the zone to allow zone transfers for local network only:\n" " ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" msgstr "" #: ipaserver/plugins/dns.py:148 msgid "" "\n" " Add new reverse zone specified by network IP address:\n" " ipa dnszone-add --name-from-ip=192.0.2.0/24\n" msgstr "" #: ipaserver/plugins/dns.py:151 msgid "" "\n" " Add second nameserver for example.com:\n" " ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" msgstr "" #: ipaserver/plugins/dns.py:154 msgid "" "\n" " Add a mail server for example.com:\n" " ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" msgstr "" #: ipaserver/plugins/dns.py:157 msgid "" "\n" " Add another record using MX record specific options:\n" " ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" msgstr "" #: ipaserver/plugins/dns.py:160 msgid "" "\n" " Add another record using interactive mode (started when dnsrecord-add, " "dnsrecord-mod,\n" " or dnsrecord-del are executed with no options):\n" " ipa dnsrecord-add example.com @\n" " Please choose a type of DNS resource record to be added\n" " The most common types for this type of zone are: NS, MX, LOC\n" "\n" " DNS resource record type: MX\n" " MX Preference: 30\n" " MX Exchanger: mail3\n" " Record name: example.com\n" " MX record: 10 mail1, 20 mail2, 30 mail3\n" " NS record: nameserver.example.com., nameserver2.example.com.\n" msgstr "" #: ipaserver/plugins/dns.py:173 msgid "" "\n" " Delete previously added nameserver from example.com:\n" " ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" msgstr "" #: ipaserver/plugins/dns.py:176 msgid "" "\n" " Add LOC record for example.com:\n" " ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " "227.64m\"\n" msgstr "" #: ipaserver/plugins/dns.py:179 msgid "" "\n" " Add new A record for www.example.com. Create a reverse record in " "appropriate\n" " reverse zone as well. In this case a PTR record \"2\" pointing to www." "example.com\n" " will be created in zone 2.0.192.in-addr.arpa.\n" " ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" msgstr "" #: ipaserver/plugins/dns.py:184 msgid "" "\n" " Add new PTR record for www.example.com\n" " ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" msgstr "" #: ipaserver/plugins/dns.py:187 msgid "" "\n" " Add new SRV records for LDAP servers. Three quarters of the requests\n" " should go to fast.example.com, one quarter to slow.example.com. If neither\n" " is available, switch to backup.example.com.\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." "com\"\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." "com\"\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." "example.com\"\n" msgstr "" #: ipaserver/plugins/dns.py:194 msgid "" "\n" " The interactive mode can be used for easy modification:\n" " ipa dnsrecord-mod example.com _ldap._tcp\n" " No option to modify specific record provided.\n" " Current DNS record contents:\n" "\n" " SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " "backup.example.com\n" "\n" " Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" " Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" " SRV Priority [0]: (keep the default value)\n" " SRV Weight [1]: 2 (modified value)\n" " SRV Port [389]: (keep the default value)\n" " SRV Target [slow.example.com]: (keep the default value)\n" " 1 SRV record skipped. Only one value per DNS record type can be modified " "at one time.\n" " Record name: _ldap._tcp\n" " SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " "389 slow.example.com\n" msgstr "" #: ipaserver/plugins/dns.py:211 msgid "" "\n" " After this modification, three fifths of the requests should go to\n" " fast.example.com and two fifths to slow.example.com.\n" msgstr "" #: ipaserver/plugins/dns.py:214 msgid "" "\n" " An example of the interactive mode for dnsrecord-del command:\n" " ipa dnsrecord-del example.com www\n" " No option to delete specific record provided.\n" " Delete all? Yes/No (default No): (do not delete all records)\n" " Current DNS record contents:\n" "\n" " A record: 192.0.2.2, 192.0.2.3\n" "\n" " Delete A record '192.0.2.2'? Yes/No (default No):\n" " Delete A record '192.0.2.3'? Yes/No (default No): y\n" " Record name: www\n" " A record: 192.0.2.2 (A record 192.0.2.3 has been " "deleted)\n" msgstr "" #: ipaserver/plugins/dns.py:227 msgid "" "\n" " Show zone example.com:\n" " ipa dnszone-show example.com\n" msgstr "" #: ipaserver/plugins/dns.py:230 msgid "" "\n" " Find zone with \"example\" in its domain name:\n" " ipa dnszone-find example\n" msgstr "" #: ipaserver/plugins/dns.py:233 msgid "" "\n" " Find records for resources with \"www\" in their name in zone example.com:\n" " ipa dnsrecord-find example.com www\n" msgstr "" #: ipaserver/plugins/dns.py:236 msgid "" "\n" " Find A records with value 192.0.2.2 in zone example.com\n" " ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" msgstr "" #: ipaserver/plugins/dns.py:239 msgid "" "\n" " Show records for resource www in zone example.com\n" " ipa dnsrecord-show example.com www\n" msgstr "" #: ipaserver/plugins/dns.py:242 msgid "" "\n" " Delegate zone sub.example to another nameserver:\n" " ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" " ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" msgstr "" #: ipaserver/plugins/dns.py:246 msgid "" "\n" " Delete zone example.com with all resource records:\n" " ipa dnszone-del example.com\n" msgstr "" #: ipaserver/plugins/dns.py:249 msgid "" "\n" " If a global forwarder is configured, all queries for which this server is " "not\n" " authoritative (e.g. sub.example.com) will be routed to the global " "forwarder.\n" " Global forwarding configuration can be overridden per-zone.\n" msgstr "" #: ipaserver/plugins/dns.py:253 msgid "" "\n" " Semantics of forwarding in IPA matches BIND semantics and depends on the " "type\n" " of zone:\n" " * Master zone: local BIND replies authoritatively to queries for data in\n" " the given zone (including authoritative NXDOMAIN answers) and forwarding\n" " affects only queries for names below zone cuts (NS records) of locally\n" " served zones.\n" "\n" " * Forward zone: forward zone contains no authoritative data. BIND " "forwards\n" " queries, which cannot be answered from its local cache, to configured\n" " forwarders.\n" msgstr "" #: ipaserver/plugins/dns.py:264 msgid "" "\n" " Semantics of the --forward-policy option:\n" " * none - disable forwarding for the given zone.\n" " * first - forward all queries to configured forwarders. If they fail,\n" " do resolution using DNS root servers.\n" " * only - forward all queries to configured forwarders and if they fail,\n" " return failure.\n" msgstr "" #: ipaserver/plugins/dns.py:271 msgid "" "\n" " Disable global forwarding for given sub-tree:\n" " ipa dnszone-mod example.com --forward-policy=none\n" msgstr "" #: ipaserver/plugins/dns.py:274 msgid "" "\n" " This configuration forwards all queries for names outside the example.com\n" " sub-tree to global forwarders. Normal recursive resolution process is used\n" " for names inside the example.com sub-tree (i.e. NS records are followed " "etc.).\n" msgstr "" #: ipaserver/plugins/dns.py:278 msgid "" "\n" " Forward all requests for the zone external.example.com to another " "forwarder\n" " using a \"first\" policy (it will send the queries to the selected " "forwarder\n" " and if not answered it will use global root servers):\n" " ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n" " --forwarder=203.0.113.1\n" msgstr "" #: ipaserver/plugins/dns.py:284 msgid "" "\n" " Change forward-policy for external.example.com:\n" " ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" msgstr "" #: ipaserver/plugins/dns.py:287 msgid "" "\n" " Show forward zone external.example.com:\n" " ipa dnsforwardzone-show external.example.com\n" msgstr "" #: ipaserver/plugins/dns.py:290 msgid "" "\n" " List all forward zones:\n" " ipa dnsforwardzone-find\n" msgstr "" #: ipaserver/plugins/dns.py:293 msgid "" "\n" " Delete forward zone external.example.com:\n" " ipa dnsforwardzone-del external.example.com\n" msgstr "" #: ipaserver/plugins/dns.py:296 msgid "" "\n" " Resolve a host name to see if it exists (will add default IPA domain\n" " if one is not included):\n" " ipa dns-resolve www.example.com\n" " ipa dns-resolve www\n" msgstr "" #: ipaserver/plugins/dns.py:301 msgid "" "\n" "\n" "GLOBAL DNS CONFIGURATION\n" msgstr "" #: ipaserver/plugins/dns.py:304 msgid "" "\n" "DNS configuration passed to command line install script is stored in a " "local\n" "configuration file on each IPA server where DNS service is configured. " "These\n" "local settings can be overridden with a common configuration stored in LDAP\n" "server:\n" msgstr "" #: ipaserver/plugins/dns.py:309 msgid "" "\n" " Show global DNS configuration:\n" " ipa dnsconfig-show\n" msgstr "" #: ipaserver/plugins/dns.py:312 msgid "" "\n" " Modify global DNS configuration and set a list of global forwarders:\n" " ipa dnsconfig-mod --forwarder=203.0.113.113\n" msgstr "" #: ipaserver/plugins/dns.py:349 ipaclient/remote_plugins/2_114/dns.py:1360 msgid "Permission value" msgstr "" #: ipaserver/plugins/dns.py:400 msgid "invalid IP network format" msgstr "" #: ipaserver/plugins/dns.py:409 msgid "each ACL element must be terminated with a semicolon" msgstr "" #: ipaserver/plugins/dns.py:425 msgid "invalid address format" msgstr "" #: ipaserver/plugins/dns.py:469 msgid "" "expected format: <0-255> <0-255> <0-65535> even-" "length_hexadecimal_digits_or_hyphen" msgstr "" #: ipaserver/plugins/dns.py:478 msgid "algorithm value: allowed interval 0-255" msgstr "" #: ipaserver/plugins/dns.py:481 msgid "flags value: allowed interval 0-255" msgstr "" #: ipaserver/plugins/dns.py:484 msgid "iterations value: allowed interval 0-65535" msgstr "" #: ipaserver/plugins/dns.py:492 #, python-format msgid "salt value: %(err)s" msgstr "" #: ipaserver/plugins/dns.py:499 msgid "invalid domain-name: not fully qualified" msgstr "" #: ipaserver/plugins/dns.py:508 msgid "should not be a wildcard domain name (RFC 4592 section 4)" msgstr "" #: ipaserver/plugins/dns.py:549 #, python-format msgid "" "All nameservers failed to answer the query for DNS reverse zone %(revdns)s" msgstr "" #: ipaserver/plugins/dns.py:558 #, python-format msgid "" "DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this " "server" msgstr "" #: ipaserver/plugins/dns.py:575 #, python-format msgid "DNS zone %(zone)s not found" msgstr "" #: ipaserver/plugins/dns.py:590 #, python-format msgid "IP address %(ip)s is already assigned in domain %(domain)s." msgstr "" #: ipaserver/plugins/dns.py:600 #, python-format msgid "" "Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s." msgstr "" #: ipaserver/plugins/dns.py:675 #, python-format msgid "%s record" msgstr "" #: ipaserver/plugins/dns.py:677 #, python-format msgid "Raw %s records" msgstr "" #: ipaserver/plugins/dns.py:678 #, python-format msgid "%s Record" msgstr "" #: ipaserver/plugins/dns.py:679 #, python-format msgid "(see RFC %s for details)" msgstr "" #: ipaserver/plugins/dns.py:741 #, python-format msgid "'%s' is a required part of DNS record" msgstr "" #: ipaserver/plugins/dns.py:748 msgid "Invalid number of parts!" msgstr "" #: ipaserver/plugins/dns.py:800 #, python-format msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin" msgstr "" #: ipaserver/plugins/dns.py:816 #, python-format msgid "format must be specified as \"%(format)s\" %(rfcs)s" msgstr "" #: ipaserver/plugins/dns.py:891 msgid "Create reverse" msgstr "" #: ipaserver/plugins/dns.py:892 ipaclient/remote_plugins/2_114/dns.py:361 msgid "Create reverse record for this IP Address" msgstr "" #: ipaserver/plugins/dns.py:927 #, python-format msgid "Cannot create reverse record for \"%(value)s\": %(exc)s" msgstr "" #: ipaserver/plugins/dns.py:947 ipaserver/plugins/dns.py:970 #: ipaserver/plugins/host.py:669 ipaclient/remote_plugins/2_114/host.py:429 msgid "IP Address" msgstr "" #: ipaserver/plugins/dns.py:956 ipaserver/plugins/dns.py:1543 msgid "Record data" msgstr "" #: ipaserver/plugins/dns.py:979 ipaclient/remote_plugins/2_114/dns.py:406 msgid "Subtype" msgstr "" #: ipaserver/plugins/dns.py:984 ipaserver/plugins/dns.py:1021 #: ipaserver/plugins/dns.py:1270 ipaserver/plugins/dns.py:1333 msgid "Hostname" msgstr "" #: ipaserver/plugins/dns.py:997 ipaclient/remote_plugins/2_114/dns.py:432 msgid "Certificate Type" msgstr "" #: ipaserver/plugins/dns.py:1002 ipaserver/plugins/dns.py:1045 msgid "Key Tag" msgstr "" #: ipaserver/plugins/dns.py:1012 ipaclient/remote_plugins/2_114/dns.py:450 msgid "Certificate/CRL" msgstr "" #: ipaserver/plugins/dns.py:1022 ipaclient/remote_plugins/2_114/dns.py:463 msgid "A hostname which this alias hostname points to" msgstr "" #: ipaserver/plugins/dns.py:1055 ipaclient/remote_plugins/2_114/dns.py:495 msgid "Digest Type" msgstr "" #: ipaserver/plugins/dns.py:1060 ipaclient/remote_plugins/2_114/dns.py:501 msgid "Digest" msgstr "" #: ipaserver/plugins/dns.py:1096 ipaserver/plugins/dns.py:1253 #: ipaserver/plugins/dns.py:1301 ipaclient/remote_plugins/2_114/dns.py:709 msgid "Preference" msgstr "" #: ipaserver/plugins/dns.py:1097 ipaserver/plugins/dns.py:1254 msgid "Preference given to this exchanger. Lower values are more preferred" msgstr "" #: ipaserver/plugins/dns.py:1102 ipaserver/plugins/dns.py:1259 msgid "Exchanger" msgstr "" #: ipaserver/plugins/dns.py:1103 ipaclient/remote_plugins/2_114/dns.py:592 msgid "A host willing to act as a key exchanger" msgstr "" #: ipaserver/plugins/dns.py:1112 ipaclient/remote_plugins/2_114/dns.py:605 msgid "Degrees Latitude" msgstr "" #: ipaserver/plugins/dns.py:1117 ipaclient/remote_plugins/2_114/dns.py:611 msgid "Minutes Latitude" msgstr "" #: ipaserver/plugins/dns.py:1122 ipaclient/remote_plugins/2_114/dns.py:617 msgid "Seconds Latitude" msgstr "" #: ipaserver/plugins/dns.py:1128 ipaclient/remote_plugins/2_114/dns.py:623 msgid "Direction Latitude" msgstr "" #: ipaserver/plugins/dns.py:1132 ipaclient/remote_plugins/2_114/dns.py:629 msgid "Degrees Longitude" msgstr "" #: ipaserver/plugins/dns.py:1137 ipaclient/remote_plugins/2_114/dns.py:635 msgid "Minutes Longitude" msgstr "" #: ipaserver/plugins/dns.py:1142 ipaclient/remote_plugins/2_114/dns.py:641 msgid "Seconds Longitude" msgstr "" #: ipaserver/plugins/dns.py:1148 ipaclient/remote_plugins/2_114/dns.py:647 msgid "Direction Longitude" msgstr "" #: ipaserver/plugins/dns.py:1152 ipaclient/remote_plugins/2_114/dns.py:653 msgid "Altitude" msgstr "" #: ipaserver/plugins/dns.py:1158 ipaclient/remote_plugins/2_114/dns.py:659 msgid "Size" msgstr "" #: ipaserver/plugins/dns.py:1164 ipaclient/remote_plugins/2_114/dns.py:665 msgid "Horizontal Precision" msgstr "" #: ipaserver/plugins/dns.py:1170 ipaclient/remote_plugins/2_114/dns.py:671 msgid "Vertical Precision" msgstr "" #: ipaserver/plugins/dns.py:1177 msgid "" "format must be specified as\n" " \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] " "[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n" " where:\n" " d1: [0 .. 90] (degrees latitude)\n" " d2: [0 .. 180] (degrees longitude)\n" " m1, m2: [0 .. 59] (minutes latitude/longitude)\n" " s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n" " alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n" " siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n" " See RFC 1876 for details" msgstr "" #: ipaserver/plugins/dns.py:1231 #, python-format msgid "'%(required)s' must not be empty when '%(name)s' is set" msgstr "" #: ipaserver/plugins/dns.py:1260 ipaclient/remote_plugins/2_114/dns.py:690 msgid "A host willing to act as a mail exchanger" msgstr "" #: ipaserver/plugins/dns.py:1286 msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\"" msgstr "" #: ipaserver/plugins/dns.py:1296 ipaclient/remote_plugins/2_114/dns.py:703 msgid "Order" msgstr "" #: ipaserver/plugins/dns.py:1307 ipaclient/remote_plugins/2_114/dns.py:715 msgid "Flags" msgstr "" #: ipaserver/plugins/dns.py:1314 ipaclient/remote_plugins/2_114/dns.py:727 msgid "Regular Expression" msgstr "" #: ipaserver/plugins/dns.py:1317 ipaclient/remote_plugins/2_114/dns.py:733 msgid "Replacement" msgstr "" #: ipaserver/plugins/dns.py:1334 ipaclient/remote_plugins/2_114/dns.py:773 msgid "The hostname this reverse record points to" msgstr "" #: ipaserver/plugins/dns.py:1347 ipaserver/plugins/dns.py:1477 msgid "Priority (order)" msgstr "" #: ipaserver/plugins/dns.py:1348 msgid "" "Lower number means higher priority. Clients will attempt to contact the " "server with the lowest-numbered priority they can reach." msgstr "" #: ipaserver/plugins/dns.py:1355 ipaserver/plugins/dns.py:1485 msgid "Weight" msgstr "" #: ipaserver/plugins/dns.py:1356 ipaserver/plugins/dns.py:1486 msgid "Relative weight for entries with the same priority." msgstr "" #: ipaserver/plugins/dns.py:1361 ipaclient/remote_plugins/2_114/dns.py:826 msgid "Port" msgstr "" #: ipaserver/plugins/dns.py:1367 ipaclient/remote_plugins/2_114/dns.py:832 msgid "" "The domain name of the target host or '.' if the service is decidedly not " "available at this domain" msgstr "" #: ipaserver/plugins/dns.py:1376 msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format" msgstr "" #: ipaserver/plugins/dns.py:1404 ipaclient/remote_plugins/2_114/dns.py:851 msgid "Fingerprint Type" msgstr "" #: ipaserver/plugins/dns.py:1409 ipaclient/remote_plugins/2_114/dns.py:857 msgid "Fingerprint" msgstr "" #: ipaserver/plugins/dns.py:1426 ipaclient/remote_plugins/2_114/dns.py:877 msgid "Certificate Usage" msgstr "" #: ipaserver/plugins/dns.py:1431 ipaclient/remote_plugins/2_114/dns.py:883 msgid "Selector" msgstr "" #: ipaserver/plugins/dns.py:1436 ipaclient/remote_plugins/2_114/dns.py:889 msgid "Matching Type" msgstr "" #: ipaserver/plugins/dns.py:1441 ipaclient/remote_plugins/2_114/dns.py:895 msgid "Certificate Association Data" msgstr "" #: ipaserver/plugins/dns.py:1451 ipaclient/remote_plugins/2_114/dns.py:922 msgid "Text Data" msgstr "" #: ipaserver/plugins/dns.py:1478 msgid "" "Lower number means higher priority. Clients will attempt to contact the URI " "with the lowest-numbered priority they can reach." msgstr "" #: ipaserver/plugins/dns.py:1491 msgid "Target Uniform Resource Identifier" msgstr "" #: ipaserver/plugins/dns.py:1492 msgid "Target Uniform Resource Identifier according to RFC 3986" msgstr "" #: ipaserver/plugins/dns.py:1537 ipaclient/remote_plugins/2_114/dns.py:332 msgid "Records" msgstr "" #: ipaserver/plugins/dns.py:1540 ipaclient/remote_plugins/2_114/dns.py:337 msgid "Record type" msgstr "" #: ipaserver/plugins/dns.py:1574 #, python-format msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record" msgstr "" #: ipaserver/plugins/dns.py:2009 ipaclient/remote_plugins/2_114/dns.py:281 msgid "Zone name" msgstr "" #: ipaserver/plugins/dns.py:2010 ipaclient/remote_plugins/2_114/dns.py:282 msgid "Zone name (FQDN)" msgstr "" #: ipaserver/plugins/dns.py:2016 ipaclient/remote_plugins/2_114/dns.py:287 msgid "Reverse zone IP network" msgstr "" #: ipaserver/plugins/dns.py:2017 ipaclient/remote_plugins/2_114/dns.py:288 msgid "IP network to create reverse zone name from" msgstr "" #: ipaserver/plugins/dns.py:2022 ipaclient/remote_plugins/2_114/dns.py:293 msgid "Active zone" msgstr "" #: ipaserver/plugins/dns.py:2023 ipaclient/remote_plugins/2_114/dns.py:294 msgid "Is zone active?" msgstr "" #: ipaserver/plugins/dns.py:2030 ipaclient/remote_plugins/2_114/dns.py:300 msgid "Zone forwarders" msgstr "" #: ipaserver/plugins/dns.py:2031 ipaclient/remote_plugins/2_114/dns.py:301 msgid "" "Per-zone forwarders. A custom port can be specified for each forwarder using " "a standard format \"IP_ADDRESS port PORT\"" msgstr "" #: ipaserver/plugins/dns.py:2036 ipaserver/plugins/dns.py:4081 #: ipaserver/plugins/dnsserver.py:136 ipaclient/remote_plugins/2_114/dns.py:258 msgid "Forward policy" msgstr "" #: ipaserver/plugins/dns.py:2037 ipaclient/remote_plugins/2_114/dns.py:307 msgid "" "Per-zone conditional forwarding policy. Set to \"none\" to disable " "forwarding to global forwarder for this zone. In that case, conditional zone " "forwarders are disregarded." msgstr "" #: ipaserver/plugins/dns.py:2043 msgid "Managedby permission" msgstr "" #: ipaserver/plugins/dns.py:2050 ipaserver/plugins/dns.py:2216 #: ipaserver/plugins/dns.py:3167 ipaserver/plugins/dns.py:4148 #: ipaserver/plugins/dnsserver.py:148 msgid "DNS is not configured" msgstr "" #: ipaserver/plugins/dns.py:2131 ipaclient/remote_plugins/2_164/dns.py:1266 msgid "Force DNS zone creation even if it will overlap with an existing zone." msgstr "" #: ipaserver/plugins/dns.py:2148 msgid "Only one zone type is allowed per zone name" msgstr "" #: ipaserver/plugins/dns.py:2187 ipaserver/plugins/dns.py:2906 msgid "Search for DNS zones (SOA records)." msgstr "" #: ipaserver/plugins/dns.py:2291 #, python-format msgid "Added system permission \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:2321 #, python-format msgid "permission \"%(value)s\" already exists" msgstr "" #: ipaserver/plugins/dns.py:2349 #, python-format msgid "Removed system permission \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:2385 msgid "DNS zone" msgstr "" #: ipaserver/plugins/dns.py:2386 msgid "DNS zones" msgstr "" #: ipaserver/plugins/dns.py:2394 msgid "DNS Zones" msgstr "" #: ipaserver/plugins/dns.py:2395 msgid "DNS Zone" msgstr "" #: ipaserver/plugins/dns.py:2400 ipaclient/remote_plugins/2_114/dns.py:964 msgid "Authoritative nameserver" msgstr "" #: ipaserver/plugins/dns.py:2401 ipaclient/remote_plugins/2_114/dns.py:965 msgid "Authoritative nameserver domain name" msgstr "" #: ipaserver/plugins/dns.py:2407 ipaserver/plugins/dns.py:2408 msgid "Administrator e-mail address" msgstr "" #: ipaserver/plugins/dns.py:2415 ipaclient/remote_plugins/2_114/dns.py:973 msgid "SOA serial" msgstr "" #: ipaserver/plugins/dns.py:2416 ipaclient/remote_plugins/2_114/dns.py:974 msgid "SOA record serial number" msgstr "" #: ipaserver/plugins/dns.py:2424 ipaclient/remote_plugins/2_114/dns.py:978 msgid "SOA refresh" msgstr "" #: ipaserver/plugins/dns.py:2425 ipaclient/remote_plugins/2_114/dns.py:979 msgid "SOA record refresh time" msgstr "" #: ipaserver/plugins/dns.py:2433 ipaclient/remote_plugins/2_114/dns.py:983 msgid "SOA retry" msgstr "" #: ipaserver/plugins/dns.py:2434 ipaclient/remote_plugins/2_114/dns.py:984 msgid "SOA record retry time" msgstr "" #: ipaserver/plugins/dns.py:2442 ipaclient/remote_plugins/2_114/dns.py:988 msgid "SOA expire" msgstr "" #: ipaserver/plugins/dns.py:2443 ipaclient/remote_plugins/2_114/dns.py:989 msgid "SOA record expire time" msgstr "" #: ipaserver/plugins/dns.py:2451 ipaclient/remote_plugins/2_114/dns.py:993 msgid "SOA minimum" msgstr "" #: ipaserver/plugins/dns.py:2452 ipaclient/remote_plugins/2_114/dns.py:994 msgid "How long should negative responses be cached" msgstr "" #: ipaserver/plugins/dns.py:2460 ipaserver/plugins/dns.py:3022 #: ipaserver/plugins/dns.py:3023 ipaclient/remote_plugins/2_114/dns.py:323 msgid "Time to live" msgstr "" #: ipaserver/plugins/dns.py:2461 ipaclient/remote_plugins/2_114/dns.py:1000 msgid "Time to live for records at zone apex" msgstr "" #: ipaserver/plugins/dns.py:2467 msgid "Default time to live" msgstr "" #: ipaserver/plugins/dns.py:2468 msgid "Time to live for records without explicit TTL definition" msgstr "" #: ipaserver/plugins/dns.py:2480 ipaserver/plugins/dns.py:2481 msgid "BIND update policy" msgstr "" #: ipaserver/plugins/dns.py:2487 ipaclient/remote_plugins/2_114/dns.py:1014 msgid "Dynamic update" msgstr "" #: ipaserver/plugins/dns.py:2488 ipaclient/remote_plugins/2_114/dns.py:1015 msgid "Allow dynamic updates." msgstr "" #: ipaserver/plugins/dns.py:2497 ipaclient/remote_plugins/2_114/dns.py:1020 msgid "Allow query" msgstr "" #: ipaserver/plugins/dns.py:2498 ipaclient/remote_plugins/2_114/dns.py:1021 msgid "" "Semicolon separated list of IP addresses or networks which are allowed to " "issue queries" msgstr "" #: ipaserver/plugins/dns.py:2506 ipaclient/remote_plugins/2_114/dns.py:1026 msgid "Allow transfer" msgstr "" #: ipaserver/plugins/dns.py:2507 ipaclient/remote_plugins/2_114/dns.py:1027 msgid "" "Semicolon separated list of IP addresses or networks which are allowed to " "transfer the zone" msgstr "" #: ipaserver/plugins/dns.py:2513 ipaserver/plugins/dns.py:4088 msgid "Allow PTR sync" msgstr "" #: ipaserver/plugins/dns.py:2514 ipaclient/remote_plugins/2_114/dns.py:1033 msgid "" "Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the " "zone" msgstr "" #: ipaserver/plugins/dns.py:2519 ipaclient/remote_plugins/2_114/dns.py:1038 msgid "Allow in-line DNSSEC signing" msgstr "" #: ipaserver/plugins/dns.py:2520 ipaclient/remote_plugins/2_114/dns.py:1039 msgid "Allow inline DNSSEC signing of records in the zone" msgstr "" #: ipaserver/plugins/dns.py:2525 ipaclient/remote_plugins/2_114/dns.py:1044 msgid "NSEC3PARAM record" msgstr "" #: ipaserver/plugins/dns.py:2526 ipaclient/remote_plugins/2_114/dns.py:1045 msgid "" "NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt" msgstr "" #: ipaserver/plugins/dns.py:2683 msgid "setting Authoritative nameserver" msgstr "" #: ipaserver/plugins/dns.py:2684 msgid "It is used only for setting the SOA MNAME attribute." msgstr "" #: ipaserver/plugins/dns.py:2686 msgid "NS record(s) can be edited in zone apex - '@'. " msgstr "" #: ipaserver/plugins/dns.py:2721 msgid "" msgstr "" #: ipaserver/plugins/dns.py:2728 ipaclient/remote_plugins/2_114/dns.py:4403 msgid "Create new DNS zone (SOA record)." msgstr "" #: ipaserver/plugins/dns.py:2732 ipaclient/remote_plugins/2_164/dns.py:4386 msgid "" "Force DNS zone creation even if nameserver is not resolvable. (Deprecated)" msgstr "" #: ipaserver/plugins/dns.py:2737 ipaclient/remote_plugins/2_114/dns.py:4598 msgid "Force DNS zone creation even if nameserver is not resolvable." msgstr "" #: ipaserver/plugins/dns.py:2777 msgid "Nameserver for reverse zone cannot be a relative DNS name" msgstr "" #: ipaserver/plugins/dns.py:2830 ipaclient/remote_plugins/2_114/dns.py:4677 msgid "Delete DNS zone (SOA record)." msgstr "" #: ipaserver/plugins/dns.py:2832 #, python-format msgid "Deleted DNS zone \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:2863 ipaclient/remote_plugins/2_114/dns.py:5044 msgid "Modify DNS zone (SOA record)." msgstr "" #: ipaserver/plugins/dns.py:2868 ipaclient/remote_plugins/2_114/dns.py:5249 msgid "Force nameserver change even if nameserver not in DNS" msgstr "" #: ipaserver/plugins/dns.py:2885 msgid "is required" msgstr "" #: ipaserver/plugins/dns.py:2910 ipaclient/remote_plugins/2_114/dns.py:4992 msgid "Forward zones only" msgstr "" #: ipaserver/plugins/dns.py:2912 ipaclient/remote_plugins/2_114/dns.py:4993 msgid "Search for forward zones only" msgstr "" #: ipaserver/plugins/dns.py:2947 ipaclient/remote_plugins/2_114/dns.py:5323 msgid "Display information about a DNS zone (SOA record)." msgstr "" #: ipaserver/plugins/dns.py:2965 ipaclient/remote_plugins/2_114/dns.py:4719 msgid "Disable DNS Zone." msgstr "" #: ipaserver/plugins/dns.py:2966 #, python-format msgid "Disabled DNS zone \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:2976 ipaclient/remote_plugins/2_114/dns.py:4755 msgid "Enable DNS Zone." msgstr "" #: ipaserver/plugins/dns.py:2977 #, python-format msgid "Enabled DNS zone \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:2987 ipaclient/remote_plugins/2_114/dns.py:4640 msgid "Add a permission for per-zone access delegation." msgstr "" #: ipaserver/plugins/dns.py:2992 ipaclient/remote_plugins/2_114/dns.py:5286 msgid "Remove a permission for per-zone access delegation." msgstr "" #: ipaserver/plugins/dns.py:3002 msgid "DNS resource record" msgstr "" #: ipaserver/plugins/dns.py:3003 msgid "DNS resource records" msgstr "" #: ipaserver/plugins/dns.py:3010 msgid "DNS Resource Records" msgstr "" #: ipaserver/plugins/dns.py:3011 msgid "DNS Resource Record" msgstr "" #: ipaserver/plugins/dns.py:3016 ipaserver/plugins/dns.py:3017 msgid "Record name" msgstr "" #: ipaserver/plugins/dns.py:3036 ipaclient/remote_plugins/2_114/dns.py:2627 msgid "Structured" msgstr "" #: ipaserver/plugins/dns.py:3037 ipaclient/remote_plugins/2_114/dns.py:2628 msgid "Parse all raw DNS records and return them in a structured way" msgstr "" #: ipaserver/plugins/dns.py:3046 msgid "DS record must not be in zone apex (RFC 4035 section 2.4)" msgstr "" #: ipaserver/plugins/dns.py:3063 msgid "" "out-of-zone data: record name must be a subdomain of the zone or a relative " "name" msgstr "" #: ipaserver/plugins/dns.py:3074 #, python-format msgid "" "owner of %(types)s records should not be a wildcard domain name (RFC 4592 " "section 4)" msgstr "" #: ipaserver/plugins/dns.py:3103 #, python-format msgid "" "Reverse zone for PTR record should be a sub-zone of one the following fully " "qualified domains: %s" msgstr "" #: ipaserver/plugins/dns.py:3118 #, python-format msgid "" "Reverse zone %(name)s requires exactly %(count)d IP address components, " "%(user_count)d given" msgstr "" #: ipaserver/plugins/dns.py:3160 msgid "only master zones can contain records" msgstr "" #: ipaserver/plugins/dns.py:3258 msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)" msgstr "" #: ipaserver/plugins/dns.py:3264 msgid "" "CNAME record is not allowed to coexist with any other record (RFC 1034, " "section 3.6.2)" msgstr "" #: ipaserver/plugins/dns.py:3272 msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)" msgstr "" #: ipaserver/plugins/dns.py:3288 #, python-format msgid "" "NS record is not allowed to coexist with an %(type)s record except when " "located in a zone root record (RFC 2181, section 6.1)" msgstr "" #: ipaserver/plugins/dns.py:3304 msgid "" "DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC " "4035 section 2.4)" msgstr "" #: ipaserver/plugins/dns.py:3533 ipaclient/plugins/dns.py:137 msgid "Split DNS record to parts" msgstr "" #: ipaserver/plugins/dns.py:3548 ipaclient/remote_plugins/2_114/dns.py:1780 msgid "Add new DNS resource record." msgstr "" #: ipaserver/plugins/dns.py:3555 ipaclient/remote_plugins/2_114/dns.py:2620 msgid "force NS record creation even if its hostname is not in DNS" msgstr "" #: ipaserver/plugins/dns.py:3585 #, python-format msgid "Raw value of a DNS record was already set by \"%(name)s\" option" msgstr "" #: ipaserver/plugins/dns.py:3694 ipaclient/remote_plugins/2_114/dns.py:3459 msgid "Modify a DNS resource record." msgstr "" #: ipaserver/plugins/dns.py:3711 msgid "DNS zone root record cannot be renamed" msgstr "" #: ipaserver/plugins/dns.py:3729 msgid "DNS records can be only updated one at a time" msgstr "" #: ipaserver/plugins/dns.py:3821 ipaclient/remote_plugins/2_114/dns.py:3018 msgid "Delete DNS record entry." msgstr "" #: ipaserver/plugins/dns.py:3822 #, python-format msgid "Deleted record \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:3829 ipaclient/remote_plugins/2_114/dns.py:2665 msgid "Delete DNS resource record." msgstr "" #: ipaserver/plugins/dns.py:3833 ipaclient/plugins/dns.py:329 msgid "" "Neither --del-all nor options to delete a specific record provided.\n" "Command help may be consulted for all supported record types." msgstr "" #: ipaserver/plugins/dns.py:3839 ipaclient/remote_plugins/2_114/dns.py:2987 msgid "Delete all associated records" msgstr "" #: ipaserver/plugins/dns.py:3915 #, python-format msgid "Zone record '%s' cannot be deleted" msgstr "" #: ipaserver/plugins/dns.py:3956 ipaclient/remote_plugins/2_114/dns.py:4336 msgid "Display DNS resource." msgstr "" #: ipaserver/plugins/dns.py:3973 ipaclient/remote_plugins/2_114/dns.py:3067 msgid "Search for DNS resources." msgstr "" #: ipaserver/plugins/dns.py:4012 ipaclient/remote_plugins/2_164/dns.py:1043 msgid "Resolve a host name in DNS. (Deprecated)" msgstr "" #: ipaserver/plugins/dns.py:4017 #, python-format msgid "Found '%(value)s'" msgstr "" #: ipaserver/plugins/dns.py:4021 ipaclient/remote_plugins/2_164/dns.py:1050 msgid "Hostname (FQDN)" msgstr "" #: ipaserver/plugins/dns.py:4032 #, python-format msgid "Host '%(host)s' not found" msgstr "" #: ipaserver/plugins/dns.py:4049 ipaclient/remote_plugins/2_114/dns.py:1052 msgid "Checks if any of the servers has the DNS service enabled." msgstr "" #: ipaserver/plugins/dns.py:4063 msgid "DNS configuration options" msgstr "" #: ipaserver/plugins/dns.py:4068 ipaserver/plugins/dns.py:4069 msgid "DNS Global Configuration" msgstr "" #: ipaserver/plugins/dns.py:4075 ipaclient/remote_plugins/2_114/dns.py:252 msgid "Global forwarders" msgstr "" #: ipaserver/plugins/dns.py:4076 ipaclient/remote_plugins/2_114/dns.py:253 msgid "" "Global forwarders. A custom port can be specified for each forwarder using a " "standard format \"IP_ADDRESS port PORT\"" msgstr "" #: ipaserver/plugins/dns.py:4082 ipaclient/remote_plugins/2_114/dns.py:259 msgid "" "Global forwarding policy. Set to \"none\" to disable any configured global " "forwarders." msgstr "" #: ipaserver/plugins/dns.py:4089 ipaclient/remote_plugins/2_114/dns.py:265 msgid "Allow synchronization of forward (A, AAAA) and reverse (PTR) records" msgstr "" #: ipaserver/plugins/dns.py:4094 ipaclient/remote_plugins/2_114/dns.py:270 msgid "Zone refresh interval" msgstr "" #: ipaserver/plugins/dns.py:4095 ipaclient/remote_plugins/2_49/dns.py:235 msgid "An interval between regular polls of the name server for new DNS zones" msgstr "" #: ipaserver/plugins/dns.py:4100 msgid "IPA DNS version" msgstr "" #: ipaserver/plugins/dns.py:4104 ipaserver/plugins/config.py:321 msgid "IPA DNS servers" msgstr "" #: ipaserver/plugins/dns.py:4105 msgid "List of IPA masters configured as DNS servers" msgstr "" #: ipaserver/plugins/dns.py:4110 ipaserver/plugins/config.py:333 msgid "IPA DNSSec key master" msgstr "" #: ipaserver/plugins/dns.py:4111 msgid "IPA server configured as DNSSec key master" msgstr "" #: ipaserver/plugins/dns.py:4162 msgid "Global DNS configuration is empty" msgstr "" #: ipaserver/plugins/dns.py:4166 ipaclient/remote_plugins/2_114/dns.py:1108 msgid "Modify global DNS configuration." msgstr "" #: ipaserver/plugins/dns.py:4224 ipaclient/remote_plugins/2_114/dns.py:1203 msgid "Show the current global DNS configuration." msgstr "" #: ipaserver/plugins/dns.py:4243 msgid "DNS forward zone" msgstr "" #: ipaserver/plugins/dns.py:4244 msgid "DNS forward zones" msgstr "" #: ipaserver/plugins/dns.py:4246 msgid "DNS Forward Zones" msgstr "" #: ipaserver/plugins/dns.py:4247 msgid "DNS Forward Zone" msgstr "" #: ipaserver/plugins/dns.py:4340 ipaclient/remote_plugins/2_114/dns.py:1246 msgid "Create new DNS forward zone." msgstr "" #: ipaserver/plugins/dns.py:4354 ipaserver/plugins/dns.py:4404 msgid "Please specify forwarders." msgstr "" #: ipaserver/plugins/dns.py:4371 ipaclient/remote_plugins/2_114/dns.py:1367 msgid "Delete DNS forward zone." msgstr "" #: ipaserver/plugins/dns.py:4373 #, python-format msgid "Deleted DNS forward zone \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:4378 ipaclient/remote_plugins/2_114/dns.py:1590 msgid "Modify DNS forward zone." msgstr "" #: ipaserver/plugins/dns.py:4419 ipaclient/remote_plugins/2_114/dns.py:1481 msgid "Search for DNS forward zones." msgstr "" #: ipaserver/plugins/dns.py:4424 ipaclient/remote_plugins/2_114/dns.py:1725 msgid "Display information about a DNS forward zone." msgstr "" #: ipaserver/plugins/dns.py:4429 ipaclient/remote_plugins/2_114/dns.py:1409 msgid "Disable DNS Forward Zone." msgstr "" #: ipaserver/plugins/dns.py:4430 #, python-format msgid "Disabled DNS forward zone \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:4435 ipaclient/remote_plugins/2_114/dns.py:1445 msgid "Enable DNS Forward Zone." msgstr "" #: ipaserver/plugins/dns.py:4436 #, python-format msgid "Enabled DNS forward zone \"%(value)s\"" msgstr "" #: ipaserver/plugins/dns.py:4446 ipaclient/remote_plugins/2_114/dns.py:1330 msgid "Add a permission for per-forward zone access delegation." msgstr "" #: ipaserver/plugins/dns.py:4451 ipaclient/remote_plugins/2_114/dns.py:1688 msgid "Remove a permission for per-forward zone access delegation." msgstr "" #: ipaserver/plugins/dns.py:4459 msgid "IPA DNS records" msgstr "" #: ipaserver/plugins/dns.py:4463 msgid "IPA location records" msgstr "" #: ipaserver/plugins/dns.py:4470 msgid "Update location and IPA server DNS records" msgstr "" #: ipaserver/plugins/dns.py:4481 msgid "Result of the command" msgstr "" #: ipaserver/plugins/dns.py:4488 msgid "Dry run" msgstr "" #: ipaserver/plugins/dns.py:4489 msgid "Do not update records only return expected records" msgstr "" #: ipaserver/plugins/dogtag.py:1315 msgid "Failed to authenticate to CA REST API" msgstr "" #: ipaserver/plugins/dogtag.py:1355 msgid "REST API is not logged in." msgstr "" #: ipaserver/plugins/dogtag.py:1377 #, python-format msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s" msgstr "" #: ipaserver/plugins/dogtag.py:1403 msgid "Unable to communicate with CMS" msgstr "" #: ipaserver/plugins/dogtag.py:1681 ipaserver/plugins/dogtag.py:2188 #: ipaserver/plugins/dogtag.py:2198 msgid "Response from CA was not valid JSON" msgstr "" #: ipaserver/plugins/hbacrule.py:39 msgid "" "\n" "Host-based access control\n" "\n" "Control who can access what services on what hosts. You\n" "can use HBAC to control which users or groups can\n" "access a service, or group of services, on a target host.\n" "\n" "You can also specify a category of users and target hosts.\n" "This is currently limited to \"all\", but might be expanded in the\n" "future.\n" "\n" "Target hosts in HBAC rules must be hosts managed by IPA.\n" "\n" "The available services and groups of services are controlled by the\n" "hbacsvc and hbacsvcgroup plug-ins respectively.\n" "\n" "EXAMPLES:\n" "\n" " Create a rule, \"test1\", that grants all users access to the host \"server" "\" from\n" " anywhere:\n" " ipa hbacrule-add --usercat=all test1\n" " ipa hbacrule-add-host --hosts=server.example.com test1\n" "\n" " Display the properties of a named HBAC rule:\n" " ipa hbacrule-show test1\n" "\n" " Create a rule for a specific service. This lets the user john access\n" " the sshd service on any machine from any machine:\n" " ipa hbacrule-add --hostcat=all john_sshd\n" " ipa hbacrule-add-user --users=john john_sshd\n" " ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n" "\n" " Create a rule for a new service group. This lets the user john access\n" " the FTP service on any machine from any machine:\n" " ipa hbacsvcgroup-add ftpers\n" " ipa hbacsvc-add sftp\n" " ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers\n" " ipa hbacrule-add --hostcat=all john_ftp\n" " ipa hbacrule-add-user --users=john john_ftp\n" " ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n" "\n" " Disable a named HBAC rule:\n" " ipa hbacrule-disable test1\n" "\n" " Remove a named HBAC rule:\n" " ipa hbacrule-del allow_server\n" msgstr "" #: ipaserver/plugins/hbacrule.py:108 msgid "The deny type has been deprecated." msgstr "" #: ipaserver/plugins/hbacrule.py:130 msgid "HBAC rule" msgstr "" #: ipaserver/plugins/hbacrule.py:131 msgid "HBAC rules" msgstr "" #: ipaserver/plugins/hbacrule.py:201 msgid "HBAC Rules" msgstr "" #: ipaserver/plugins/hbacrule.py:212 msgid "Rule type (allow)" msgstr "" #: ipaserver/plugins/hbacrule.py:213 msgid "Rule type" msgstr "" #: ipaserver/plugins/hbacrule.py:236 msgid "Source host category" msgstr "" #: ipaserver/plugins/hbacrule.py:237 msgid "Source host category the rule applies to" msgstr "" #: ipaserver/plugins/hbacrule.py:243 ipaserver/plugins/caacl.py:207 msgid "Service category" msgstr "" #: ipaserver/plugins/hbacrule.py:244 msgid "Service category the rule applies to" msgstr "" #: ipaserver/plugins/hbacrule.py:277 msgid "Source Hosts" msgstr "" #: ipaserver/plugins/hbacrule.py:282 msgid "Source Host Groups" msgstr "" #: ipaserver/plugins/hbacrule.py:286 ipaserver/plugins/hbacsvc.py:95 msgid "HBAC Services" msgstr "" #: ipaserver/plugins/hbacrule.py:290 ipaserver/plugins/hbacsvcgroup.py:108 msgid "HBAC Service Groups" msgstr "" #: ipaserver/plugins/hbacrule.py:300 msgid "Create a new HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:302 #, python-format msgid "Added HBAC rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacrule.py:314 msgid "Delete an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:316 #, python-format msgid "Deleted HBAC rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacrule.py:331 msgid "Modify an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:333 #, python-format msgid "Modified HBAC rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacrule.py:356 ipaserver/plugins/caacl.py:302 msgid "" "service category cannot be set to 'all' while there are allowed services" msgstr "" #: ipaserver/plugins/hbacrule.py:365 msgid "Search for HBAC rules." msgstr "" #: ipaserver/plugins/hbacrule.py:368 #, python-format msgid "%(count)d HBAC rule matched" msgid_plural "%(count)d HBAC rules matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/hbacrule.py:375 msgid "Display the properties of an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:381 msgid "Enable an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:383 #, python-format msgid "Enabled HBAC rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacrule.py:411 msgid "Disable an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:413 #, python-format msgid "Disabled HBAC rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacrule.py:447 ipaserver/plugins/hbacrule.py:478 msgid "Access time" msgstr "" #: ipaserver/plugins/hbacrule.py:503 msgid "Add users and groups to an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:525 msgid "Remove users and groups from an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:534 msgid "Add target hosts and hostgroups to an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:556 msgid "Remove target hosts and hostgroups from an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:565 msgid "Add source hosts and hostgroups to an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:578 msgid "Remove source hosts and hostgroups from an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:591 msgid "Add services to an HBAC rule." msgstr "" #: ipaserver/plugins/hbacrule.py:606 ipaserver/plugins/caacl.py:459 msgid "services cannot be added when service category='all'" msgstr "" #: ipaserver/plugins/hbacrule.py:613 msgid "Remove service and service groups from an HBAC rule." msgstr "" #: ipaserver/plugins/ldap2.py:270 msgid "Could not read UPG Definition originfilter. Check your permissions." msgstr "" #: ipaserver/plugins/hbacsvc.py:28 msgid "" "\n" "HBAC Services\n" "\n" "The PAM services that HBAC can control access to. The name used here\n" "must match the service name that PAM is evaluating.\n" "\n" "EXAMPLES:\n" "\n" " Add a new HBAC service:\n" " ipa hbacsvc-add tftp\n" "\n" " Modify an existing HBAC service:\n" " ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n" "\n" " Search for HBAC services. This example will return two results, the FTP\n" " service and the newly-added tftp service:\n" " ipa hbacsvc-find ftp\n" "\n" " Delete an HBAC service:\n" " ipa hbacsvc-del tftp\n" "\n" msgstr "" #: ipaserver/plugins/hbacsvc.py:61 ipaserver/plugins/hbacsvc.py:102 msgid "HBAC service" msgstr "" #: ipaserver/plugins/hbacsvc.py:62 msgid "HBAC services" msgstr "" #: ipaserver/plugins/hbacsvc.py:96 msgid "HBAC Service" msgstr "" #: ipaserver/plugins/hbacsvc.py:101 msgid "Service name" msgstr "" #: ipaserver/plugins/hbacsvc.py:109 msgid "HBAC service description" msgstr "" #: ipaserver/plugins/hbacsvc.py:117 msgid "Add a new HBAC service." msgstr "" #: ipaserver/plugins/hbacsvc.py:119 #, python-format msgid "Added HBAC service \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacsvc.py:125 msgid "Delete an existing HBAC service." msgstr "" #: ipaserver/plugins/hbacsvc.py:127 #, python-format msgid "Deleted HBAC service \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacsvc.py:133 msgid "Modify an HBAC service." msgstr "" #: ipaserver/plugins/hbacsvc.py:135 #, python-format msgid "Modified HBAC service \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacsvc.py:141 msgid "Search for HBAC services." msgstr "" #: ipaserver/plugins/hbacsvc.py:144 #, python-format msgid "%(count)d HBAC service matched" msgid_plural "%(count)d HBAC services matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/hbacsvc.py:151 msgid "Display information about an HBAC service." msgstr "" #: ipaserver/plugins/topology.py:24 msgid "" "\n" "Topology\n" "\n" "Management of a replication topology at domain level 1.\n" msgstr "" #: ipaserver/plugins/topology.py:28 msgid "" "\n" "IPA server's data is stored in LDAP server in two suffixes:\n" "* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " "data\n" "* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" " contains data for Certificate Server component\n" msgstr "" #: ipaserver/plugins/topology.py:33 msgid "" "\n" "Data stored on IPA servers is replicated to other IPA servers. The way it " "is\n" "replicated is defined by replication agreements. Replication agreements " "needs\n" "to be set for both suffixes separately. On domain level 0 they are managed\n" "using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " "1\n" "they are managed centrally using `ipa topology*` commands.\n" msgstr "" #: ipaserver/plugins/topology.py:39 msgid "" "\n" "Agreements are represented by topology segments. By default topology " "segment\n" "represents 2 replication agreements - one for each direction, e.g., A to B " "and\n" "B to A. Creation of unidirectional segments is not allowed.\n" msgstr "" #: ipaserver/plugins/topology.py:43 msgid "" "\n" "To verify that no server is disconnected in the topology of the given " "suffix,\n" "use:\n" " ipa topologysuffix-verify $suffix\n" msgstr "" #: ipaserver/plugins/topology.py:47 msgid "" "\n" "\n" "Examples:\n" " Find all IPA servers:\n" " ipa server-find\n" msgstr "" #: ipaserver/plugins/topology.py:52 msgid "" "\n" " Find all suffixes:\n" " ipa topologysuffix-find\n" msgstr "" #: ipaserver/plugins/topology.py:55 msgid "" "\n" " Add topology segment to 'domain' suffix:\n" " ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" msgstr "" #: ipaserver/plugins/topology.py:58 msgid "" "\n" " Add topology segment to 'ca' suffix:\n" " ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" msgstr "" #: ipaserver/plugins/topology.py:61 msgid "" "\n" " List all topology segments in 'domain' suffix:\n" " ipa topologysegment-find domain\n" msgstr "" #: ipaserver/plugins/topology.py:64 msgid "" "\n" " List all topology segments in 'ca' suffix:\n" " ipa topologysegment-find ca\n" msgstr "" #: ipaserver/plugins/topology.py:67 msgid "" "\n" " Delete topology segment in 'domain' suffix:\n" " ipa topologysegment-del domain segment_name\n" msgstr "" #: ipaserver/plugins/topology.py:70 msgid "" "\n" " Delete topology segment in 'ca' suffix:\n" " ipa topologysegment-del ca segment_name\n" msgstr "" #: ipaserver/plugins/topology.py:73 msgid "" "\n" " Verify topology of 'domain' suffix:\n" " ipa topologysuffix-verify domain\n" msgstr "" #: ipaserver/plugins/topology.py:76 msgid "" "\n" " Verify topology of 'ca' suffix:\n" " ipa topologysuffix-verify ca\n" msgstr "" #: ipaserver/plugins/topology.py:92 #, python-brace-format msgid "Topology management requires minimum domain level {0} " msgstr "" #: ipaserver/plugins/topology.py:104 msgid "segment" msgstr "" #: ipaserver/plugins/topology.py:105 msgid "segments" msgstr "" #: ipaserver/plugins/topology.py:119 msgid "Topology Segments" msgstr "" #: ipaserver/plugins/topology.py:120 msgid "Topology Segment" msgstr "" #: ipaserver/plugins/topology.py:128 msgid "Segment name" msgstr "" #: ipaserver/plugins/topology.py:132 msgid "Arbitrary string identifying the segment" msgstr "" #: ipaserver/plugins/topology.py:140 msgid "Left node" msgstr "" #: ipaserver/plugins/topology.py:142 msgid "Left replication node - an IPA server" msgstr "" #: ipaserver/plugins/topology.py:151 msgid "Right node" msgstr "" #: ipaserver/plugins/topology.py:153 msgid "Right replication node - an IPA server" msgstr "" #: ipaserver/plugins/topology.py:159 msgid "Connectivity" msgstr "" #: ipaserver/plugins/topology.py:163 msgid "Direction of replication between left and right replication node" msgstr "" #: ipaserver/plugins/topology.py:170 msgid "Attributes to strip" msgstr "" #: ipaserver/plugins/topology.py:172 msgid "" "A space separated list of attributes which are removed from replication " "updates." msgstr "" #: ipaserver/plugins/topology.py:179 msgid "" "Attributes that are not replicated to a consumer server during a fractional " "update. E.g., `(objectclass=*) $ EXCLUDE accountlockout memberof" msgstr "" #: ipaserver/plugins/topology.py:186 msgid "Attributes for total update" msgstr "" #: ipaserver/plugins/topology.py:187 msgid "" "Attributes that are not replicated to a consumer server during a total " "update. E.g. (objectclass=*) $ EXCLUDE accountlockout" msgstr "" #: ipaserver/plugins/topology.py:194 msgid "Session timeout" msgstr "" #: ipaserver/plugins/topology.py:196 msgid "" "Number of seconds outbound LDAP operations waits for a response from the " "remote replica before timing out and failing" msgstr "" #: ipaserver/plugins/topology.py:203 msgid "Replication agreement enabled" msgstr "" #: ipaserver/plugins/topology.py:204 msgid "" "Whether a replication agreement is active, meaning whether replication is " "occurring per that agreement" msgstr "" #: ipaserver/plugins/topology.py:226 #, python-format msgid "left node is not a topology node: %(leftnode)s" msgstr "" #: ipaserver/plugins/topology.py:233 #, python-format msgid "right node is not a topology node: %(rightnode)s" msgstr "" #: ipaserver/plugins/topology.py:250 msgid "left node and right node must not be the same" msgstr "" #: ipaserver/plugins/topology.py:261 #, python-brace-format msgid "left node ({host}) does not support suffix '{suff}'" msgstr "" #: ipaserver/plugins/topology.py:269 #, python-brace-format msgid "right node ({host}) does not support suffix '{suff}'" msgstr "" #: ipaserver/plugins/topology.py:277 msgid "Search for topology segments." msgstr "" #: ipaserver/plugins/topology.py:280 #, python-format msgid "%(count)d segment matched" msgid_plural "%(count)d segments matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/topology.py:287 msgid "Add a new segment." msgstr "" #: ipaserver/plugins/topology.py:289 #, python-format msgid "Added segment \"%(value)s\"" msgstr "" #: ipaserver/plugins/topology.py:300 msgid "Delete a segment." msgstr "" #: ipaserver/plugins/topology.py:302 #, python-format msgid "Deleted segment \"%(value)s\"" msgstr "" #: ipaserver/plugins/topology.py:312 msgid "Modify a segment." msgstr "" #: ipaserver/plugins/topology.py:314 #, python-format msgid "Modified segment \"%(value)s\"" msgstr "" #: ipaserver/plugins/topology.py:325 msgid "" "Request a full re-initialization of the node retrieving data from the other " "node." msgstr "" #: ipaserver/plugins/topology.py:329 #, python-format msgid "%(value)s" msgstr "" #: ipaserver/plugins/topology.py:334 msgid "Initialize left node" msgstr "" #: ipaserver/plugins/topology.py:339 msgid "Initialize right node" msgstr "" #: ipaserver/plugins/topology.py:344 msgid "Stop already started refresh of chosen node(s)" msgstr "" #: ipaserver/plugins/topology.py:365 msgid "left or right node has to be specified" msgstr "" #: ipaserver/plugins/topology.py:370 msgid "only one node can be specified" msgstr "" #: ipaserver/plugins/topology.py:374 #, python-format msgid "Replication refresh for segment: \"%(pkey)s\" requested." msgstr "" #: ipaserver/plugins/topology.py:377 #, python-format msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested." msgstr "" #: ipaserver/plugins/topology.py:398 msgid "Display a segment." msgstr "" #: ipaserver/plugins/topology.py:407 msgid "suffix" msgstr "" #: ipaserver/plugins/topology.py:408 msgid "suffixes" msgstr "" #: ipaserver/plugins/topology.py:412 msgid "Topology suffixes" msgstr "" #: ipaserver/plugins/topology.py:413 msgid "Topology suffix" msgstr "" #: ipaserver/plugins/topology.py:420 msgid "Suffix name" msgstr "" #: ipaserver/plugins/topology.py:425 msgid "Managed LDAP suffix DN" msgstr "" #: ipaserver/plugins/topology.py:432 msgid "Search for topology suffixes." msgstr "" #: ipaserver/plugins/topology.py:435 #, python-format msgid "%(count)d topology suffix matched" msgid_plural "%(count)d topology suffixes matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/topology.py:442 msgid "Delete a topology suffix." msgstr "" #: ipaserver/plugins/topology.py:446 #, python-format msgid "Deleted topology suffix \"%(value)s\"" msgstr "" #: ipaserver/plugins/topology.py:456 msgid "Add a new topology suffix to be managed." msgstr "" #: ipaserver/plugins/topology.py:460 #, python-format msgid "Added topology suffix \"%(value)s\"" msgstr "" #: ipaserver/plugins/topology.py:470 msgid "Modify a topology suffix." msgstr "" #: ipaserver/plugins/topology.py:474 #, python-format msgid "Modified topology suffix \"%(value)s\"" msgstr "" #: ipaserver/plugins/topology.py:484 msgid "Show managed suffix." msgstr "" #: ipaserver/plugins/topology.py:489 msgid "" "\n" "Verify replication topology for suffix.\n" "\n" "Checks done:\n" " 1. check if a topology is not disconnected. In other words if there are\n" " replication paths between all servers.\n" " 2. check if servers don't have more than the recommended number of\n" " replication agreements\n" msgstr "" #: ipaserver/plugins/user.py:78 ipaclient/remote_plugins/2_114/user.py:19 msgid "" "\n" "Users\n" "\n" "Manage user entries. All users are POSIX users.\n" "\n" "IPA supports a wide range of username formats, but you need to be aware of " "any\n" "restrictions that may apply to your particular environment. For example,\n" "usernames that start with a digit or usernames that exceed a certain length\n" "may cause problems for some UNIX systems.\n" "Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" "\n" "Disabling a user account prevents that user from obtaining new Kerberos\n" "credentials. It does not invalidate any credentials that have already\n" "been issued.\n" "\n" "Password management is not a part of this module. For more information\n" "about this topic please see: ipa help passwd\n" "\n" "Account lockout on password failure happens per IPA master. The user-status\n" "command can be used to identify which master the user is locked out on.\n" "It is on that master the administrator must unlock the user.\n" "\n" "EXAMPLES:\n" "\n" " Add a new user:\n" " ipa user-add --first=Tim --last=User --password tuser1\n" "\n" " Find all users whose entries include the string \"Tim\":\n" " ipa user-find Tim\n" "\n" " Find all users with \"Tim\" as the first name:\n" " ipa user-find --first=Tim\n" "\n" " Disable a user account:\n" " ipa user-disable tuser1\n" "\n" " Enable a user account:\n" " ipa user-enable tuser1\n" "\n" " Delete a user:\n" " ipa user-del tuser1\n" msgstr "" #: ipaserver/plugins/user.py:144 ipaserver/plugins/group.py:193 #: ipaserver/plugins/group.py:395 ipaserver/plugins/group.py:656 msgid "group" msgstr "" #: ipaserver/plugins/user.py:389 ipaclient/remote_plugins/2_114/user.py:223 msgid "Account disabled" msgstr "" #: ipaserver/plugins/user.py:392 ipaserver/plugins/user.py:1089 msgid "Preserved user" msgstr "" #: ipaserver/plugins/user.py:448 ipaclient/remote_plugins/2_114/user.py:339 msgid "Add a new user." msgstr "" #: ipaserver/plugins/user.py:450 #, python-format msgid "Added user \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:457 ipaclient/remote_plugins/2_114/user.py:601 msgid "Don't create user private group" msgstr "" #: ipaserver/plugins/user.py:516 ipaserver/plugins/stageuser.py:329 #: ipaserver/plugins/stageuser.py:533 ipaserver/plugins/host.py:681 #: ipaserver/plugins/baseuser.py:567 #, python-format msgid "can be at most %(len)d characters" msgstr "" #: ipaserver/plugins/user.py:546 ipaserver/plugins/migration.py:800 msgid "Default group for new users not found" msgstr "" #: ipaserver/plugins/user.py:549 msgid "Default group for new users is not POSIX" msgstr "" #: ipaserver/plugins/user.py:636 ipaclient/remote_plugins/2_114/user.py:645 msgid "Delete a user." msgstr "" #: ipaserver/plugins/user.py:638 #, python-format msgid "Deleted user \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:656 #, python-format msgid "%s: user is already preserved" msgstr "" #: ipaserver/plugins/user.py:765 ipaclient/remote_plugins/2_114/user.py:1138 msgid "Modify a user." msgstr "" #: ipaserver/plugins/user.py:767 #, python-format msgid "Modified user \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:794 ipaclient/remote_plugins/2_114/user.py:750 msgid "Search for users." msgstr "" #: ipaserver/plugins/user.py:800 ipaserver/plugins/stageuser.py:471 #, python-format msgid "%(count)d user matched" msgid_plural "%(count)d users matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/user.py:805 ipaclient/remote_plugins/2_114/user.py:999 msgid "Self" msgstr "" #: ipaserver/plugins/user.py:806 ipaclient/remote_plugins/2_114/user.py:1000 msgid "Display user record for current Kerberos principal" msgstr "" #: ipaserver/plugins/user.py:852 ipaclient/remote_plugins/2_114/user.py:1450 msgid "Display information about a user." msgstr "" #: ipaserver/plugins/user.py:875 ipaclient/remote_plugins/2_156/user.py:1801 msgid "Undelete a delete user account." msgstr "" #: ipaserver/plugins/user.py:878 #, python-format msgid "Undeleted user account \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:892 #, python-format msgid "user \"%s\" is already active" msgstr "" #: ipaserver/plugins/user.py:920 ipaclient/remote_plugins/2_156/user.py:1683 msgid "Move deleted user into staged area" msgstr "" #: ipaserver/plugins/user.py:923 #, python-format msgid "Staged user account \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1014 ipaclient/remote_plugins/2_114/user.py:684 msgid "Disable a user account." msgstr "" #: ipaserver/plugins/user.py:1017 #, python-format msgid "Disabled user account \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1035 ipaclient/remote_plugins/2_114/user.py:717 msgid "Enable a user account." msgstr "" #: ipaserver/plugins/user.py:1039 #, python-format msgid "Enabled user account \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1056 msgid "" "\n" " Unlock a user account\n" "\n" " An account may become locked if the password is entered incorrectly too\n" " many times within a specific time period as controlled by password\n" " policy. A locked account is a temporary condition and may be unlocked " "by\n" " an administrator." msgstr "" #: ipaserver/plugins/user.py:1065 #, python-format msgid "Unlocked account \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1097 msgid "Failed logins" msgstr "" #: ipaserver/plugins/user.py:1101 msgid "Last successful authentication" msgstr "" #: ipaserver/plugins/user.py:1105 msgid "Last failed authentication" msgstr "" #: ipaserver/plugins/user.py:1109 msgid "Time now" msgstr "" #: ipaserver/plugins/user.py:1117 msgid "" "\n" " Lockout status of a user account\n" "\n" " An account may become locked if the password is entered incorrectly too\n" " many times within a specific time period as controlled by password\n" " policy. A locked account is a temporary condition and may be unlocked " "by\n" " an administrator.\n" "\n" " This connects to each IPA master and displays the lockout status on\n" " each one.\n" "\n" " To determine whether an account is locked on a given server you need\n" " to compare the number of failed logins and the time of the last " "failure.\n" " For an account to be locked it must exceed the maxfail failures within\n" " the failinterval duration as specified in the password policy " "associated\n" " with the user.\n" "\n" " The failed login counter is modified only when a user attempts a log in\n" " so it is possible that an account may appear locked but the last failed\n" " login attempt is older than the lockouttime of the password policy. " "This\n" " means that the user may attempt a login again. " msgstr "" #: ipaserver/plugins/user.py:1171 #, python-format msgid "%(host)s failed: %(error)s" msgstr "" #: ipaserver/plugins/user.py:1209 #, python-format msgid "%(host)s failed" msgstr "" #: ipaserver/plugins/user.py:1219 #, python-format msgid "Account disabled: %(disabled)s" msgstr "" #: ipaserver/plugins/user.py:1226 ipaclient/remote_plugins/2_156/user.py:665 msgid "Add one or more certificates to the user entry" msgstr "" #: ipaserver/plugins/user.py:1227 #, python-format msgid "Added certificates to user \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1232 ipaclient/remote_plugins/2_156/user.py:1558 msgid "Remove one or more certificates to the user entry" msgstr "" #: ipaserver/plugins/user.py:1233 #, python-format msgid "Removed certificates from user \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1238 ipaserver/plugins/baseuser.py:945 msgid "Add one or more certificate mappings to the user entry." msgstr "" #: ipaserver/plugins/user.py:1243 ipaserver/plugins/baseuser.py:964 msgid "Remove one or more certificate mappings from the user entry." msgstr "" #: ipaserver/plugins/user.py:1248 ipaclient/remote_plugins/2_164/user.py:726 msgid "Add a manager to the user entry" msgstr "" #: ipaserver/plugins/user.py:1253 ipaclient/remote_plugins/2_164/user.py:1681 msgid "Remove a manager to the user entry" msgstr "" #: ipaserver/plugins/user.py:1258 msgid "Add new principal alias to the user entry" msgstr "" #: ipaserver/plugins/user.py:1259 #, python-format msgid "Added new aliases to user \"%(value)s\"" msgstr "" #: ipaserver/plugins/user.py:1264 msgid "Remove principal alias from the user entry" msgstr "" #: ipaserver/plugins/user.py:1265 #, python-format msgid "Removed aliases from user \"%(value)s\"" msgstr "" #: ipaserver/plugins/location.py:33 msgid "" "\n" "IPA locations\n" msgstr "" #: ipaserver/plugins/location.py:35 msgid "" "\n" "Manipulate DNS locations\n" msgstr "" #: ipaserver/plugins/location.py:39 msgid "" "\n" " Find all locations:\n" " ipa location-find\n" msgstr "" #: ipaserver/plugins/location.py:42 msgid "" "\n" " Show specific location:\n" " ipa location-show location\n" msgstr "" #: ipaserver/plugins/location.py:45 msgid "" "\n" " Add location:\n" " ipa location-add location --description 'My location'\n" msgstr "" #: ipaserver/plugins/location.py:48 msgid "" "\n" " Delete location:\n" " ipa location-del location\n" msgstr "" #: ipaserver/plugins/location.py:62 msgid "location" msgstr "" #: ipaserver/plugins/location.py:63 msgid "locations" msgstr "" #: ipaserver/plugins/location.py:69 msgid "IPA Locations" msgstr "" #: ipaserver/plugins/location.py:70 msgid "IPA Location" msgstr "" #: ipaserver/plugins/location.py:103 msgid "Location name" msgstr "" #: ipaserver/plugins/location.py:104 msgid "IPA location name" msgstr "" #: ipaserver/plugins/location.py:112 msgid "IPA Location description" msgstr "" #: ipaserver/plugins/location.py:116 msgid "Servers" msgstr "" #: ipaserver/plugins/location.py:117 msgid "Servers that belongs to the IPA location" msgstr "" #: ipaserver/plugins/location.py:122 msgid "Advertised by servers" msgstr "" #: ipaserver/plugins/location.py:123 msgid "List of servers which advertise the given location" msgstr "" #: ipaserver/plugins/location.py:138 msgid "Add a new IPA location." msgstr "" #: ipaserver/plugins/location.py:140 #, python-format msgid "Added IPA location \"%(value)s\"" msgstr "" #: ipaserver/plugins/location.py:145 msgid "Delete an IPA location." msgstr "" #: ipaserver/plugins/location.py:147 #, python-format msgid "Deleted IPA location \"%(value)s\"" msgstr "" #: ipaserver/plugins/location.py:170 msgid "Modify information about an IPA location." msgstr "" #: ipaserver/plugins/location.py:172 #, python-format msgid "Modified IPA location \"%(value)s\"" msgstr "" #: ipaserver/plugins/location.py:177 msgid "Search for IPA locations." msgstr "" #: ipaserver/plugins/location.py:180 #, python-format msgid "%(count)d IPA location matched" msgid_plural "%(count)d IPA locations matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/location.py:187 msgid "Display information about an IPA location." msgstr "" #: ipaserver/plugins/location.py:193 msgid "Servers in location" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:33 msgid "" "\n" "HBAC Service Groups\n" "\n" "HBAC service groups can contain any number of individual services,\n" "or \"members\". Every group must have a description.\n" "\n" "EXAMPLES:\n" "\n" " Add a new HBAC service group:\n" " ipa hbacsvcgroup-add --desc=\"login services\" login\n" "\n" " Add members to an HBAC service group:\n" " ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login\n" "\n" " Display information about a named group:\n" " ipa hbacsvcgroup-show login\n" "\n" " Delete an HBAC service group:\n" " ipa hbacsvcgroup-del login\n" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:64 msgid "HBAC service group" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:65 msgid "HBAC service groups" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:109 msgid "HBAC Service Group" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:114 msgid "Service group name" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:121 msgid "HBAC service group description" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:129 msgid "Add a new HBAC service group." msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:131 #, python-format msgid "Added HBAC service group \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:137 msgid "Delete an HBAC service group." msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:139 #, python-format msgid "Deleted HBAC service group \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:145 msgid "Modify an HBAC service group." msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:147 #, python-format msgid "Modified HBAC service group \"%(value)s\"" msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:153 msgid "Search for an HBAC service group." msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:156 #, python-format msgid "%(count)d HBAC service group matched" msgid_plural "%(count)d HBAC service groups matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/hbacsvcgroup.py:163 msgid "Display information about an HBAC service group." msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:169 msgid "Add members to an HBAC service group." msgstr "" #: ipaserver/plugins/hbacsvcgroup.py:175 msgid "Remove members from an HBAC service group." msgstr "" #: ipaserver/plugins/misc.py:24 ipaclient/remote_plugins/2_114/misc.py:19 msgid "" "\n" "Misc plug-ins\n" msgstr "" #: ipaserver/plugins/vault.py:54 msgid "" "\n" "Vaults\n" msgstr "" #: ipaserver/plugins/vault.py:56 msgid "" "\n" "Manage vaults.\n" msgstr "" #: ipaserver/plugins/vault.py:58 msgid "" "\n" "Vault is a secure place to store a secret. One vault can only\n" "store one secret. When archiving a secret in a vault, the\n" "existing secret (if any) is overwritten.\n" msgstr "" #: ipaserver/plugins/vault.py:62 msgid "" "\n" "Based on the ownership there are three vault categories:\n" "* user/private vault\n" "* service vault\n" "* shared vault\n" msgstr "" #: ipaserver/plugins/vault.py:67 msgid "" "\n" "User vaults are vaults owned used by a particular user. Private\n" "vaults are vaults owned the current user. Service vaults are\n" "vaults owned by a service. Shared vaults are owned by the admin\n" "but they can be used by other users or services.\n" msgstr "" #: ipaserver/plugins/vault.py:72 msgid "" "\n" "Based on the security mechanism there are three types of\n" "vaults:\n" "* standard vault\n" "* symmetric vault\n" "* asymmetric vault\n" msgstr "" #: ipaserver/plugins/vault.py:78 msgid "" "\n" "Standard vault uses a secure mechanism to transport and\n" "store the secret. The secret can only be retrieved by users\n" "that have access to the vault.\n" msgstr "" #: ipaserver/plugins/vault.py:82 msgid "" "\n" "Symmetric vault is similar to the standard vault, but it\n" "pre-encrypts the secret using a password before transport.\n" "The secret can only be retrieved using the same password.\n" msgstr "" #: ipaserver/plugins/vault.py:86 msgid "" "\n" "Asymmetric vault is similar to the standard vault, but it\n" "pre-encrypts the secret using a public key before transport.\n" "The secret can only be retrieved using the private key.\n" msgstr "" #: ipaserver/plugins/vault.py:92 msgid "" "\n" " List vaults:\n" " ipa vault-find\n" " [--user |--service |--shared]\n" msgstr "" #: ipaserver/plugins/vault.py:96 msgid "" "\n" " Add a standard vault:\n" " ipa vault-add \n" " [--user |--service |--shared]\n" " --type standard\n" msgstr "" #: ipaserver/plugins/vault.py:101 msgid "" "\n" " Add a symmetric vault:\n" " ipa vault-add \n" " [--user |--service |--shared]\n" " --type symmetric --password-file password.txt\n" msgstr "" #: ipaserver/plugins/vault.py:106 msgid "" "\n" " Add an asymmetric vault:\n" " ipa vault-add \n" " [--user |--service |--shared]\n" " --type asymmetric --public-key-file public.pem\n" msgstr "" #: ipaserver/plugins/vault.py:111 msgid "" "\n" " Show a vault:\n" " ipa vault-show \n" " [--user |--service |--shared]\n" msgstr "" #: ipaserver/plugins/vault.py:115 msgid "" "\n" " Modify vault description:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --desc \n" msgstr "" #: ipaserver/plugins/vault.py:120 msgid "" "\n" " Modify vault type:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --type \n" " [old password/private key]\n" " [new password/public key]\n" msgstr "" #: ipaserver/plugins/vault.py:127 msgid "" "\n" " Modify symmetric vault password:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --change-password\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --old-password \n" " --new-password \n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --old-password-file \n" " --new-password-file \n" msgstr "" #: ipaserver/plugins/vault.py:140 msgid "" "\n" " Modify asymmetric vault keys:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --private-key-file \n" " --public-key-file \n" msgstr "" #: ipaserver/plugins/vault.py:146 msgid "" "\n" " Delete a vault:\n" " ipa vault-del \n" " [--user |--service |--shared]\n" msgstr "" #: ipaserver/plugins/vault.py:150 msgid "" "\n" " Display vault configuration:\n" " ipa vaultconfig-show\n" msgstr "" #: ipaserver/plugins/vault.py:153 msgid "" "\n" " Archive data into standard vault:\n" " ipa vault-archive \n" " [--user |--service |--shared]\n" " --in \n" msgstr "" #: ipaserver/plugins/vault.py:158 msgid "" "\n" " Archive data into symmetric vault:\n" " ipa vault-archive \n" " [--user |--service |--shared]\n" " --in \n" " --password-file password.txt\n" msgstr "" #: ipaserver/plugins/vault.py:164 msgid "" "\n" " Archive data into asymmetric vault:\n" " ipa vault-archive \n" " [--user |--service |--shared]\n" " --in \n" msgstr "" #: ipaserver/plugins/vault.py:169 msgid "" "\n" " Retrieve data from standard vault:\n" " ipa vault-retrieve \n" " [--user |--service |--shared]\n" " --out \n" msgstr "" #: ipaserver/plugins/vault.py:174 msgid "" "\n" " Retrieve data from symmetric vault:\n" " ipa vault-retrieve \n" " [--user |--service |--shared]\n" " --out \n" " --password-file password.txt\n" msgstr "" #: ipaserver/plugins/vault.py:180 msgid "" "\n" " Retrieve data from asymmetric vault:\n" " ipa vault-retrieve \n" " [--user |--service |--shared]\n" " --out --private-key-file private.pem\n" msgstr "" #: ipaserver/plugins/vault.py:185 msgid "" "\n" " Add vault owners:\n" " ipa vault-add-owner \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" msgstr "" #: ipaserver/plugins/vault.py:190 msgid "" "\n" " Delete vault owners:\n" " ipa vault-remove-owner \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" msgstr "" #: ipaserver/plugins/vault.py:195 msgid "" "\n" " Add vault members:\n" " ipa vault-add-member \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" msgstr "" #: ipaserver/plugins/vault.py:200 msgid "" "\n" " Delete vault members:\n" " ipa vault-remove-member \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" msgstr "" #: ipaserver/plugins/vault.py:214 ipaclient/remote_plugins/2_156/vault.py:379 msgid "Service name of the service vault" msgstr "" #: ipaserver/plugins/vault.py:219 ipaserver/plugins/vault.py:336 #: ipaserver/plugins/vault.py:647 ipaclient/remote_plugins/2_156/vault.py:233 msgid "Shared vault" msgstr "" #: ipaserver/plugins/vault.py:224 ipaclient/remote_plugins/2_156/vault.py:393 msgid "Username of the user vault" msgstr "" #: ipaserver/plugins/vault.py:252 msgid "" "\n" " Vault Container object.\n" " " msgstr "" #: ipaserver/plugins/vault.py:258 msgid "vaultcontainer" msgstr "" #: ipaserver/plugins/vault.py:259 msgid "vaultcontainers" msgstr "" #: ipaserver/plugins/vault.py:267 msgid "Vault Containers" msgstr "" #: ipaserver/plugins/vault.py:268 msgid "Vault Container" msgstr "" #: ipaserver/plugins/vault.py:315 ipaserver/plugins/vault.py:622 msgid "Owner users" msgstr "" #: ipaserver/plugins/vault.py:319 ipaserver/plugins/vault.py:627 msgid "Owner groups" msgstr "" #: ipaserver/plugins/vault.py:323 ipaserver/plugins/vault.py:632 msgid "Owner services" msgstr "" #: ipaserver/plugins/vault.py:327 ipaserver/plugins/vault.py:637 msgid "Failed owners" msgstr "" #: ipaserver/plugins/vault.py:331 ipaserver/plugins/vault.py:642 msgid "Vault service" msgstr "" #: ipaserver/plugins/vault.py:341 ipaserver/plugins/vault.py:652 msgid "Vault user" msgstr "" #: ipaserver/plugins/vault.py:357 msgid "Service, shared and user options cannot be specified simultaneously" msgstr "" #: ipaserver/plugins/vault.py:367 ipaserver/plugins/vault.py:683 msgid "Host is not supported" msgstr "" #: ipaserver/plugins/vault.py:398 ipaclient/remote_plugins/2_156/vault.py:1616 msgid "Display information about a vault container." msgstr "" #: ipaserver/plugins/vault.py:409 ipaserver/plugins/vault.py:433 #: ipaserver/plugins/vault.py:786 ipaserver/plugins/vault.py:824 #: ipaserver/plugins/vault.py:880 ipaserver/plugins/vault.py:936 #: ipaserver/plugins/vault.py:958 ipaserver/plugins/vault.py:1000 #: ipaserver/plugins/vault.py:1044 ipaserver/plugins/vault.py:1113 msgid "KRA service is not enabled" msgstr "" #: ipaserver/plugins/vault.py:420 ipaclient/remote_plugins/2_156/vault.py:1479 msgid "Delete a vault container." msgstr "" #: ipaserver/plugins/vault.py:424 msgid "Deleted vault container" msgstr "" #: ipaserver/plugins/vault.py:444 ipaclient/remote_plugins/2_156/vault.py:1390 msgid "Add owners to a vault container." msgstr "" #: ipaserver/plugins/vault.py:449 ipaserver/plugins/vault.py:474 #: ipaserver/plugins/vault.py:1164 ipaserver/plugins/vault.py:1189 #, python-format msgid "owner %s" msgstr "" #: ipaserver/plugins/vault.py:457 ipaserver/plugins/vault.py:1172 msgid "Owners that could not be added" msgstr "" #: ipaserver/plugins/vault.py:462 ipaserver/plugins/vault.py:1177 msgid "Number of owners added" msgstr "" #: ipaserver/plugins/vault.py:469 ipaclient/remote_plugins/2_156/vault.py:1527 msgid "Remove owners from a vault container." msgstr "" #: ipaserver/plugins/vault.py:482 ipaserver/plugins/vault.py:1197 msgid "Owners that could not be removed" msgstr "" #: ipaserver/plugins/vault.py:487 ipaserver/plugins/vault.py:1202 msgid "Number of owners removed" msgstr "" #: ipaserver/plugins/vault.py:494 msgid "" "\n" " Vault object.\n" " " msgstr "" #: ipaserver/plugins/vault.py:500 msgid "vault" msgstr "" #: ipaserver/plugins/vault.py:501 msgid "vaults" msgstr "" #: ipaserver/plugins/vault.py:524 msgid "Vaults" msgstr "" #: ipaserver/plugins/vault.py:525 msgid "Vault" msgstr "" #: ipaserver/plugins/vault.py:585 ipaclient/remote_plugins/2_156/vault.py:179 msgid "Vault name" msgstr "" #: ipaserver/plugins/vault.py:595 ipaclient/remote_plugins/2_156/vault.py:185 msgid "Vault description" msgstr "" #: ipaserver/plugins/vault.py:601 ipaclient/remote_plugins/2_156/vault.py:191 msgid "Vault type" msgstr "" #: ipaserver/plugins/vault.py:609 ipaclient/remote_plugins/2_156/vault.py:196 msgid "Salt" msgstr "" #: ipaserver/plugins/vault.py:610 ipaclient/remote_plugins/2_156/vault.py:197 msgid "Vault salt" msgstr "" #: ipaserver/plugins/vault.py:616 ipaclient/remote_plugins/2_156/vault.py:202 msgid "Public key" msgstr "" #: ipaserver/plugins/vault.py:617 ipaclient/remote_plugins/2_156/vault.py:203 msgid "Vault public key" msgstr "" #: ipaserver/plugins/vault.py:668 msgid "Service, shared, and user options cannot be specified simultaneously" msgstr "" #: ipaserver/plugins/vault.py:772 msgid "Add a vault." msgstr "" #: ipaserver/plugins/vault.py:778 #, python-format msgid "Added vault \"%(value)s\"" msgstr "" #: ipaserver/plugins/vault.py:813 ipaclient/remote_plugins/2_156/vault.py:701 msgid "Delete a vault." msgstr "" #: ipaserver/plugins/vault.py:817 #, python-format msgid "Deleted vault \"%(value)s\"" msgstr "" #: ipaserver/plugins/vault.py:853 ipaclient/remote_plugins/2_156/vault.py:757 msgid "Search for vaults." msgstr "" #: ipaserver/plugins/vault.py:858 ipaclient/remote_plugins/2_156/vault.py:823 msgid "List all service vaults" msgstr "" #: ipaserver/plugins/vault.py:862 ipaclient/remote_plugins/2_156/vault.py:830 msgid "List all user vaults" msgstr "" #: ipaserver/plugins/vault.py:869 #, python-format msgid "%(count)d vault matched" msgid_plural "%(count)d vaults matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/vault.py:887 msgid "" "Service(s), shared, and user(s) options cannot be specified simultaneously" msgstr "" #: ipaserver/plugins/vault.py:921 ipaclient/plugins/vault.py:368 msgid "Modify a vault." msgstr "" #: ipaserver/plugins/vault.py:927 #, python-format msgid "Modified vault \"%(value)s\"" msgstr "" #: ipaserver/plugins/vault.py:947 ipaclient/remote_plugins/2_156/vault.py:1273 msgid "Display information about a vault." msgstr "" #: ipaserver/plugins/vault.py:969 msgid "Vault configuration" msgstr "" #: ipaserver/plugins/vault.py:974 ipaclient/remote_plugins/2_156/vault.py:263 msgid "Transport Certificate" msgstr "" #: ipaserver/plugins/vault.py:978 ipaserver/plugins/config.py:302 msgid "IPA KRA servers" msgstr "" #: ipaserver/plugins/vault.py:979 msgid "IPA servers configured as key recovery agents" msgstr "" #: ipaserver/plugins/vault.py:987 ipaclient/remote_plugins/2_156/vault.py:1349 msgid "Show vault configuration." msgstr "" #: ipaserver/plugins/vault.py:992 ipaclient/remote_plugins/2_156/vault.py:1355 msgid "Output file to store the transport certificate" msgstr "" #: ipaserver/plugins/vault.py:1017 ipaclient/plugins/vault.py:712 msgid "Archive data into a vault." msgstr "" #: ipaserver/plugins/vault.py:1024 ipaserver/plugins/vault.py:1101 msgid "Session key wrapped with transport certificate" msgstr "" #: ipaserver/plugins/vault.py:1028 ipaclient/remote_plugins/2_156/vault.py:662 msgid "Vault data encrypted with session key" msgstr "" #: ipaserver/plugins/vault.py:1032 ipaclient/remote_plugins/2_156/vault.py:666 msgid "Nonce" msgstr "" #: ipaserver/plugins/vault.py:1038 #, python-format msgid "Archived data into vault \"%(value)s\"" msgstr "" #: ipaserver/plugins/vault.py:1094 msgid "Retrieve data from a vault." msgstr "" #: ipaserver/plugins/vault.py:1107 #, python-format msgid "Retrieved data from vault \"%(value)s\"" msgstr "" #: ipaserver/plugins/vault.py:1133 msgid "No archived data." msgstr "" #: ipaserver/plugins/vault.py:1159 ipaclient/remote_plugins/2_156/vault.py:531 msgid "Add owners to a vault." msgstr "" #: ipaserver/plugins/vault.py:1184 ipaclient/remote_plugins/2_156/vault.py:1111 msgid "Remove owners from a vault." msgstr "" #: ipaserver/plugins/vault.py:1209 ipaclient/remote_plugins/2_156/vault.py:435 msgid "Add members to a vault." msgstr "" #: ipaserver/plugins/vault.py:1216 ipaclient/remote_plugins/2_156/vault.py:1015 msgid "Remove members from a vault." msgstr "" #: ipaserver/plugins/vault.py:1223 msgid "Checks if any of the servers has the KRA service enabled" msgstr "" #: ipaserver/plugins/stageuser.py:65 msgid "" "\n" "Stageusers\n" "\n" "Manage stage user entries.\n" "\n" "Stage user entries are directly under the container: \"cn=stage users,\n" "cn=accounts, cn=provisioning, SUFFIX\".\n" "Users can not authenticate with those entries (even if the entries\n" "contain credentials). Those entries are only candidate to become Active " "entries.\n" "\n" "Active user entries are Posix users directly under the container: " "\"cn=accounts, SUFFIX\".\n" "Users can authenticate with Active entries, at the condition they have\n" "credentials.\n" "\n" "Deleted user entries are Posix users directly under the container: " "\"cn=deleted users,\n" "cn=accounts, cn=provisioning, SUFFIX\".\n" "Users can not authenticate with those entries, even if the entries contain " "credentials.\n" "\n" "The stage user container contains entries:\n" " - created by 'stageuser-add' commands that are Posix users,\n" " - created by external provisioning system.\n" "\n" "A valid stage user entry MUST have:\n" " - entry RDN is 'uid',\n" " - ipaUniqueID is 'autogenerate'.\n" "\n" "IPA supports a wide range of username formats, but you need to be aware of " "any\n" "restrictions that may apply to your particular environment. For example,\n" "usernames that start with a digit or usernames that exceed a certain length\n" "may cause problems for some UNIX systems.\n" "Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add a new stageuser:\n" " ipa stageuser-add --first=Tim --last=User --password tuser1\n" "\n" " Add a stageuser from the deleted users container:\n" " ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" "\n" msgstr "" #: ipaserver/plugins/stageuser.py:128 msgid "Stage Users" msgstr "" #: ipaserver/plugins/stageuser.py:129 msgid "Stage User" msgstr "" #: ipaserver/plugins/stageuser.py:130 msgid "stage user" msgstr "" #: ipaserver/plugins/stageuser.py:131 msgid "stage users" msgstr "" #: ipaserver/plugins/stageuser.py:276 msgid "Add a new stage user." msgstr "" #: ipaserver/plugins/stageuser.py:278 #, python-format msgid "Added stage user \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:286 msgid "Create Stage user in from a delete user" msgstr "" #: ipaserver/plugins/stageuser.py:297 msgid "givenname is required" msgstr "" #: ipaserver/plugins/stageuser.py:300 msgid "sn is required" msgstr "" #: ipaserver/plugins/stageuser.py:416 msgid "Delete a stage user." msgstr "" #: ipaserver/plugins/stageuser.py:418 #, python-format msgid "Deleted stage user \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:422 msgid "Modify a stage user." msgstr "" #: ipaserver/plugins/stageuser.py:424 #, python-format msgid "Modified stage user \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:444 msgid "Search for stage users." msgstr "" #: ipaserver/plugins/stageuser.py:476 msgid "Display information about a stage user." msgstr "" #: ipaserver/plugins/stageuser.py:493 msgid "Activate a stage user." msgstr "" #: ipaserver/plugins/stageuser.py:495 #, python-format msgid "Activate a stage user \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:508 msgid "Entry RDN is not 'uid'" msgstr "" #: ipaserver/plugins/stageuser.py:514 #, python-format msgid "Entry has no '%(attribute)s'" msgstr "" #: ipaserver/plugins/stageuser.py:690 #, python-format msgid "active user with name \"%(user)s\" already exists" msgstr "" #: ipaserver/plugins/stageuser.py:754 #, python-format msgid "Stage user %s activated" msgstr "" #: ipaserver/plugins/stageuser.py:761 msgid "Add a manager to the stage user entry" msgstr "" #: ipaserver/plugins/stageuser.py:766 msgid "Remove a manager to the stage user entry" msgstr "" #: ipaserver/plugins/stageuser.py:771 msgid "Add one or more certificates to the stageuser entry" msgstr "" #: ipaserver/plugins/stageuser.py:772 #, python-format msgid "Added certificates to stageuser \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:777 msgid "Remove one or more certificates to the stageuser entry" msgstr "" #: ipaserver/plugins/stageuser.py:778 #, python-format msgid "Removed certificates from stageuser \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:783 msgid "Add new principal alias to the stageuser entry" msgstr "" #: ipaserver/plugins/stageuser.py:784 #, python-format msgid "Added new aliases to stageuser \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:789 msgid "Remove principal alias from the stageuser entry" msgstr "" #: ipaserver/plugins/stageuser.py:790 #, python-format msgid "Removed aliases from stageuser \"%(value)s\"" msgstr "" #: ipaserver/plugins/stageuser.py:795 msgid "Add one or more certificate mappings to the stage user entry." msgstr "" #: ipaserver/plugins/stageuser.py:801 msgid "Remove one or more certificate mappings from the stage user entry." msgstr "" #: ipaserver/plugins/sudo.py:7 msgid "commands for controlling sudo configuration" msgstr "" #: ipaserver/plugins/passwd.py:40 ipaclient/remote_plugins/2_114/passwd.py:19 msgid "" "\n" "Set a user's password\n" "\n" "If someone other than a user changes that user's password (e.g., Helpdesk\n" "resets it) then the password will need to be changed the first time it\n" "is used. This is so the end-user is the only one who knows the password.\n" "\n" "The IPA password policy controls how often a password may be changed,\n" "what strength requirements exist, and the length of the password history.\n" "\n" "EXAMPLES:\n" "\n" " To reset your own password:\n" " ipa passwd\n" "\n" " To change another user's password:\n" " ipa passwd tuser1\n" msgstr "" #: ipaserver/plugins/passwd.py:81 ipaclient/remote_plugins/2_114/passwd.py:43 msgid "Set a user's password." msgstr "" #: ipaserver/plugins/passwd.py:108 ipaclient/remote_plugins/2_114/passwd.py:75 msgid "One Time Password" msgstr "" #: ipaserver/plugins/passwd.py:114 #, python-format msgid "Changed password for \"%(value)s\"" msgstr "" #: ipaserver/plugins/passwd.py:143 ipaclient/plugins/vault.py:144 #: ipaclient/plugins/vault.py:163 msgid "Invalid credentials" msgstr "" #: ipaserver/plugins/ca.py:20 msgid "" "\n" "Manage Certificate Authorities\n" msgstr "" #: ipaserver/plugins/ca.py:22 msgid "" "\n" "Subordinate Certificate Authorities (Sub-CAs) can be added for scoped " "issuance\n" "of X.509 certificates.\n" msgstr "" #: ipaserver/plugins/ca.py:25 msgid "" "\n" "CAs are enabled on creation, but their use is subject to CA ACLs unless the\n" "operator has permission to bypass CA ACLs.\n" msgstr "" #: ipaserver/plugins/ca.py:28 msgid "" "\n" "All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n" "prevents it from issuing certificates but does not affect the validity of " "its\n" "certificate.\n" msgstr "" #: ipaserver/plugins/ca.py:32 msgid "" "\n" "CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its " "signing\n" "certificate to be revoked and its private key deleted.\n" msgstr "" #: ipaserver/plugins/ca.py:37 msgid "" "\n" " Create new CA, subordinate to the IPA CA.\n" "\n" " ipa ca-add puppet --desc \"Puppet\" \\\n" " --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n" msgstr "" #: ipaserver/plugins/ca.py:42 msgid "" "\n" " Disable a CA.\n" "\n" " ipa ca-disable puppet\n" msgstr "" #: ipaserver/plugins/ca.py:46 msgid "" "\n" " Re-enable a CA.\n" "\n" " ipa ca-enable puppet\n" msgstr "" #: ipaserver/plugins/ca.py:50 msgid "" "\n" " Delete a CA.\n" "\n" " ipa ca-del puppet\n" msgstr "" #: ipaserver/plugins/ca.py:66 ipaserver/plugins/ca.py:76 msgid "Certificate Authority" msgstr "" #: ipaserver/plugins/ca.py:67 ipaserver/plugins/ca.py:75 msgid "Certificate Authorities" msgstr "" #: ipaserver/plugins/ca.py:82 ipaserver/plugins/schema.py:54 #: ipaserver/plugins/trust.py:1418 msgid "Name" msgstr "" #: ipaserver/plugins/ca.py:83 msgid "Name for referencing the CA" msgstr "" #: ipaserver/plugins/ca.py:88 msgid "Description of the purpose of the CA" msgstr "" #: ipaserver/plugins/ca.py:92 msgid "Authority ID" msgstr "" #: ipaserver/plugins/ca.py:93 msgid "Dogtag Authority ID" msgstr "" #: ipaserver/plugins/ca.py:98 ipaserver/plugins/ca.py:284 msgid "Subject DN" msgstr "" #: ipaserver/plugins/ca.py:99 msgid "Subject Distinguished Name" msgstr "" #: ipaserver/plugins/ca.py:104 ipaserver/plugins/cert.py:424 msgid "Issuer DN" msgstr "" #: ipaserver/plugins/ca.py:105 msgid "Issuer Distinguished Name" msgstr "" #: ipaserver/plugins/ca.py:111 ipaserver/plugins/cert.py:352 msgid "Base-64 encoded certificate." msgstr "" #: ipaserver/plugins/ca.py:116 ipaserver/plugins/cert.py:357 msgid "Certificate chain" msgstr "" #: ipaserver/plugins/ca.py:117 ipaserver/plugins/cert.py:358 msgid "X.509 certificate chain" msgstr "" #: ipaserver/plugins/ca.py:216 msgid "Search for CAs." msgstr "" #: ipaserver/plugins/ca.py:218 #, python-format msgid "%(count)d CA matched" msgid_plural "%(count)d CAs matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/ca.py:235 ipaserver/plugins/cert.py:597 msgid "Include certificate chain in output" msgstr "" #: ipaserver/plugins/ca.py:241 msgid "Display the properties of a CA." msgstr "" #: ipaserver/plugins/ca.py:258 msgid "Create a CA." msgstr "" #: ipaserver/plugins/ca.py:259 #, python-format msgid "Created CA \"%(value)s\"" msgstr "" #: ipaserver/plugins/ca.py:269 #, python-format msgid "Insufficient 'add' privilege for entry '%s'." msgstr "" #: ipaserver/plugins/ca.py:285 #, python-format msgid "Unrecognized attributes: %(attrs)s" msgstr "" #: ipaserver/plugins/ca.py:300 #, python-format msgid "Subject DN is already used by CA '%s'" msgstr "" #: ipaserver/plugins/ca.py:324 msgid "Delete a CA." msgstr "" #: ipaserver/plugins/ca.py:326 #, python-format msgid "Deleted CA \"%(value)s\"" msgstr "" #: ipaserver/plugins/ca.py:335 msgid "Insufficient privilege to delete a CA." msgstr "" #: ipaserver/plugins/ca.py:341 msgid "IPA CA cannot be deleted" msgstr "" #: ipaserver/plugins/ca.py:353 msgid "Modify CA configuration." msgstr "" #: ipaserver/plugins/ca.py:354 #, python-format msgid "Modified CA \"%(value)s\"" msgstr "" #: ipaserver/plugins/ca.py:380 msgid "Insufficient privilege to modify a CA." msgstr "" #: ipaserver/plugins/ca.py:396 msgid "Disable a CA." msgstr "" #: ipaserver/plugins/ca.py:397 #, python-format msgid "Disabled CA \"%(value)s\"" msgstr "" #: ipaserver/plugins/ca.py:404 msgid "IPA CA cannot be disabled" msgstr "" #: ipaserver/plugins/ca.py:414 msgid "Enable a CA." msgstr "" #: ipaserver/plugins/ca.py:415 #, python-format msgid "Enabled CA \"%(value)s\"" msgstr "" #: ipaserver/plugins/join.py:30 ipaclient/remote_plugins/2_114/join.py:19 msgid "" "\n" "Joining an IPA domain\n" msgstr "" #: ipaserver/plugins/join.py:54 ipaclient/remote_plugins/2_114/join.py:28 msgid "Join an IPA domain" msgstr "" #: ipaserver/plugins/join.py:62 ipaclient/remote_plugins/2_114/join.py:34 msgid "The hostname to register as" msgstr "" #: ipaserver/plugins/join.py:71 ipaclient/remote_plugins/2_114/join.py:44 msgid "The IPA realm" msgstr "" #: ipaserver/plugins/join.py:77 ipaclient/remote_plugins/2_114/join.py:54 msgid "Hardware platform of the host (e.g. Lenovo T61)" msgstr "" #: ipaserver/plugins/join.py:81 ipaclient/remote_plugins/2_114/join.py:60 msgid "Operating System and version of the host (e.g. Fedora 9)" msgstr "" #: ipaserver/plugins/join.py:121 #, python-format msgid "" "Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry " "'%s'." msgstr "" #: ipaserver/plugins/aci.py:36 ipaclient/remote_plugins/2_114/aci.py:19 msgid "" "\n" "Directory Server Access Control Instructions (ACIs)\n" "\n" "ACIs are used to allow or deny access to information. This module is\n" "currently designed to allow, not deny, access.\n" "\n" "The aci commands are designed to grant permissions that allow updating\n" "existing entries or adding or deleting new ones. The goal of the ACIs\n" "that ship with IPA is to provide a set of low-level permissions that\n" "grant access to special groups called taskgroups. These low-level\n" "permissions can be combined into roles that grant broader access. These\n" "roles are another type of group, roles.\n" "\n" "For example, if you have taskgroups that allow adding and modifying users " "you\n" "could create a role, useradmin. You would assign users to the useradmin\n" "role to allow them to do the operations defined by the taskgroups.\n" "\n" "You can create ACIs that delegate permission so users in group A can write\n" "attributes on group B.\n" "\n" "The type option is a map that applies to all entries in the users, groups " "or\n" "host location. It is primarily designed to be used when granting add\n" "permissions (to write new entries).\n" "\n" "An ACI consists of three parts:\n" "1. target\n" "2. permissions\n" "3. bind rules\n" "\n" "The target is a set of rules that define which LDAP objects are being\n" "targeted. This can include a list of attributes, an area of that LDAP\n" "tree or an LDAP filter.\n" "\n" "The targets include:\n" "- attrs: list of attributes affected\n" "- type: an object type (user, group, host, service, etc)\n" "- memberof: members of a group\n" "- targetgroup: grant access to modify a specific group. This is primarily\n" " designed to enable users to add or remove members of a specific group.\n" "- filter: A legal LDAP filter used to narrow the scope of the target.\n" "- subtree: Used to apply a rule across an entire set of objects. For " "example,\n" " to allow adding users you need to grant \"add\" permission to the subtree\n" " ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n" " is a fail-safe for objects that may not be covered by the type option.\n" "\n" "The permissions define what the ACI is allowed to do, and are one or\n" "more of:\n" "1. write - write one or more attributes\n" "2. read - read one or more attributes\n" "3. add - add a new entry to the tree\n" "4. delete - delete an existing entry\n" "5. all - all permissions are granted\n" "\n" "Note the distinction between attributes and entries. The permissions are\n" "independent, so being able to add a user does not mean that the user will\n" "be editable.\n" "\n" "The bind rule defines who this ACI grants permissions to. The LDAP server\n" "allows this to be any valid LDAP entry but we encourage the use of\n" "taskgroups so that the rights can be easily shared through roles.\n" "\n" "For a more thorough description of access controls see\n" "http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control." "html\n" "\n" "EXAMPLES:\n" "\n" "NOTE: ACIs are now added via the permission plugin. These examples are to\n" "demonstrate how the various options work but this is done via the " "permission\n" "command-line now (see last example).\n" "\n" " Add an ACI so that the group \"secretaries\" can update the address on any " "user:\n" " ipa group-add --desc=\"Office secretaries\" secretaries\n" " ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries " "--permissions=write --prefix=none \"Secretaries write addresses\"\n" "\n" " Show the new ACI:\n" " ipa aci-show --prefix=none \"Secretaries write addresses\"\n" "\n" " Add an ACI that allows members of the \"addusers\" permission to add new " "users:\n" " ipa aci-add --type=user --permission=addusers --permissions=add --" "prefix=none \"Add new users\"\n" "\n" " Add an ACI that allows members of the editors manage members of the admins " "group:\n" " ipa aci-add --permissions=write --attrs=member --targetgroup=admins --" "group=editors --prefix=none \"Editors manage admins\"\n" "\n" " Add an ACI that allows members of the admins group to manage the street and " "zip code of those in the editors group:\n" " ipa aci-add --permissions=write --memberof=editors --group=admins --" "attrs=street --attrs=postalcode --prefix=none \"admins edit the address of " "editors\"\n" "\n" " Add an ACI that allows the admins group manage the street and zipcode of " "those who work for the boss:\n" " ipa aci-add --permissions=write --group=admins --attrs=street --" "attrs=postalcode --filter=\"(manager=uid=boss,cn=users,cn=accounts," "dc=example,dc=com)\" --prefix=none \"Edit the address of those who work for " "the boss\"\n" "\n" " Add an entirely new kind of record to IPA that isn't covered by any of the " "--type options, creating a permission:\n" " ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange," "cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n" "\n" "\n" "The show command shows the raw 389-ds ACI.\n" "\n" "IMPORTANT: When modifying the target attributes of an existing ACI you\n" "must include all existing attributes as well. When doing an aci-mod the\n" "targetattr REPLACES the current attributes, it does not add to them.\n" msgstr "" #: ipaserver/plugins/aci.py:165 msgid "A list of ACI values" msgstr "" #: ipaserver/plugins/aci.py:229 msgid "type, filter, subtree and targetgroup are mutually exclusive" msgstr "" #: ipaserver/plugins/aci.py:232 msgid "ACI prefix is required" msgstr "" #: ipaserver/plugins/aci.py:235 msgid "" "at least one of: type, filter, subtree, targetgroup, attrs or memberof are " "required" msgstr "" #: ipaserver/plugins/aci.py:238 msgid "filter and memberof are mutually exclusive" msgstr "" #: ipaserver/plugins/aci.py:244 msgid "group, permission and self are mutually exclusive" msgstr "" #: ipaserver/plugins/aci.py:246 msgid "One of group, permission or self is required" msgstr "" #: ipaserver/plugins/aci.py:269 #, python-format msgid "Group '%s' does not exist" msgstr "" #: ipaserver/plugins/aci.py:295 msgid "empty filter" msgstr "" #: ipaserver/plugins/aci.py:316 #, python-format msgid "Syntax Error: %(error)s" msgstr "" #: ipaserver/plugins/aci.py:361 #, python-format msgid "invalid DN (%s)" msgstr "" #: ipaserver/plugins/aci.py:408 #, python-format msgid "ACI with name \"%s\" not found" msgstr "" #: ipaserver/plugins/aci.py:427 ipaclient/remote_plugins/2_114/aci.py:278 msgid "ACI prefix" msgstr "" #: ipaserver/plugins/aci.py:428 ipaclient/remote_plugins/2_114/aci.py:279 msgid "" "Prefix used to distinguish ACI types (permission, delegation, selfservice, " "none)" msgstr "" #: ipaserver/plugins/aci.py:437 msgid "ACI object." msgstr "" #: ipaserver/plugins/aci.py:440 msgid "ACIs" msgstr "" #: ipaserver/plugins/aci.py:445 ipaclient/remote_plugins/2_114/aci.py:128 msgid "ACI name" msgstr "" #: ipaserver/plugins/aci.py:452 ipaclient/remote_plugins/2_114/aci.py:134 msgid "Permission ACI grants access to" msgstr "" #: ipaserver/plugins/aci.py:457 ipaserver/plugins/delegation.py:97 msgid "User group" msgstr "" #: ipaserver/plugins/aci.py:458 ipaserver/plugins/delegation.py:98 msgid "User group ACI grants access to" msgstr "" #: ipaserver/plugins/aci.py:464 ipaclient/remote_plugins/2_114/aci.py:146 msgid "Permissions to grant(read, write, add, delete, all)" msgstr "" #: ipaserver/plugins/aci.py:471 ipaclient/remote_plugins/2_114/aci.py:152 msgid "Attributes to which the permission applies" msgstr "" #: ipaserver/plugins/aci.py:478 ipaclient/remote_plugins/2_114/aci.py:159 msgid "type of IPA object (user, group, host, hostgroup, service, netgroup)" msgstr "" #: ipaserver/plugins/aci.py:484 ipaclient/remote_plugins/2_114/aci.py:164 msgid "Member of" msgstr "" #: ipaserver/plugins/aci.py:485 ipaclient/remote_plugins/2_114/aci.py:165 msgid "Member of a group" msgstr "" #: ipaserver/plugins/aci.py:491 ipaclient/remote_plugins/2_114/aci.py:171 msgid "Legal LDAP filter (e.g. ou=Engineering)" msgstr "" #: ipaserver/plugins/aci.py:497 ipaclient/remote_plugins/2_114/aci.py:177 msgid "Subtree to apply ACI to" msgstr "" #: ipaserver/plugins/aci.py:503 ipaclient/remote_plugins/2_114/aci.py:183 msgid "Group to apply ACI to" msgstr "" #: ipaserver/plugins/aci.py:508 ipaclient/remote_plugins/2_114/aci.py:188 msgid "Target your own entry (self)" msgstr "" #: ipaserver/plugins/aci.py:509 ipaclient/remote_plugins/2_114/aci.py:189 msgid "Apply ACI to your own entry (self)" msgstr "" #: ipaserver/plugins/aci.py:522 ipaclient/remote_plugins/2_114/aci.py:196 msgid "Create new ACI." msgstr "" #: ipaserver/plugins/aci.py:524 #, python-format msgid "Created ACI \"%(value)s\"" msgstr "" #: ipaserver/plugins/aci.py:529 ipaclient/remote_plugins/2_114/aci.py:284 msgid "Test the ACI syntax but don't write anything" msgstr "" #: ipaserver/plugins/aci.py:574 ipaclient/remote_plugins/2_114/aci.py:321 msgid "Delete ACI." msgstr "" #: ipaserver/plugins/aci.py:577 #, python-format msgid "Deleted ACI \"%(value)s\"" msgstr "" #: ipaserver/plugins/aci.py:613 ipaclient/remote_plugins/2_114/aci.py:518 msgid "Modify ACI." msgstr "" #: ipaserver/plugins/aci.py:620 #, python-format msgid "Modified ACI \"%(value)s\"" msgstr "" #: ipaserver/plugins/aci.py:674 ipaclient/remote_plugins/2_114/aci.py:361 msgid "" "\n" "Search for ACIs.\n" "\n" " Returns a list of ACIs\n" "\n" " EXAMPLES:\n" "\n" " To find all ACIs that apply directly to members of the group ipausers:\n" " ipa aci-find --memberof=ipausers\n" "\n" " To find all ACIs that grant add access:\n" " ipa aci-find --permissions=add\n" "\n" " Note that the find command only looks for the given text in the set of\n" " ACIs, it does not evaluate the ACIs to see if something would apply.\n" " For example, searching on memberof=ipausers will find all ACIs that\n" " have ipausers as a memberof. There may be other ACIs that apply to\n" " members of that group indirectly.\n" " " msgstr "" #: ipaserver/plugins/aci.py:694 #, python-format msgid "%(count)d ACI matched" msgid_plural "%(count)d ACIs matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/aci.py:880 ipaclient/remote_plugins/2_114/aci.py:760 msgid "Display a single ACI given an ACI name." msgstr "" #: ipaserver/plugins/aci.py:886 ipaclient/remote_plugins/2_114/aci.py:782 msgid "Location of the ACI" msgstr "" #: ipaserver/plugins/aci.py:919 ipaclient/remote_plugins/2_114/aci.py:637 msgid "Rename an ACI." msgstr "" #: ipaserver/plugins/aci.py:925 ipaclient/remote_plugins/2_114/aci.py:725 msgid "New ACI name" msgstr "" #: ipaserver/plugins/aci.py:929 #, python-format msgid "Renamed ACI to \"%(value)s\"" msgstr "" #: ipaserver/plugins/virtual.py:57 msgid "operation not defined" msgstr "" #: ipaserver/plugins/virtual.py:70 #, python-format msgid "not allowed to perform operation: %s" msgstr "" #: ipaserver/plugins/virtual.py:72 msgid "No such virtual command" msgstr "" #: ipaserver/plugins/certmap.py:50 msgid "" "\n" "Certificate Identity Mapping\n" msgstr "" #: ipaserver/plugins/certmap.py:52 msgid "" "\n" "Manage Certificate Identity Mapping configuration and rules.\n" msgstr "" #: ipaserver/plugins/certmap.py:54 msgid "" "\n" "IPA supports the use of certificates for authentication. Certificates can\n" "either be stored in the user entry (full certificate in the usercertificate\n" "attribute), or simply linked to the user entry through a mapping.\n" "This code enables the management of the rules allowing to link a\n" "certificate to a user entry.\n" msgstr "" #: ipaserver/plugins/certmap.py:62 msgid "" "\n" " Display the Certificate Identity Mapping global configuration:\n" " ipa certmapconfig-show\n" msgstr "" #: ipaserver/plugins/certmap.py:65 msgid "" "\n" " Modify Certificate Identity Mapping global configuration:\n" " ipa certmapconfig-mod --promptusername=TRUE\n" msgstr "" #: ipaserver/plugins/certmap.py:68 msgid "" "\n" " Create a new Certificate Identity Mapping Rule:\n" " ipa certmaprule-add rule1 --desc=\"Link certificate with subject and " "issuer\"\n" msgstr "" #: ipaserver/plugins/certmap.py:71 msgid "" "\n" " Modify a Certificate Identity Mapping Rule:\n" " ipa certmaprule-mod rule1 --maprule=\"\"\n" msgstr "" #: ipaserver/plugins/certmap.py:74 msgid "" "\n" " Disable a Certificate Identity Mapping Rule:\n" " ipa certmaprule-disable rule1\n" msgstr "" #: ipaserver/plugins/certmap.py:77 msgid "" "\n" " Enable a Certificate Identity Mapping Rule:\n" " ipa certmaprule-enable rule1\n" msgstr "" #: ipaserver/plugins/certmap.py:80 msgid "" "\n" " Display information about a Certificate Identity Mapping Rule:\n" " ipa certmaprule-show rule1\n" msgstr "" #: ipaserver/plugins/certmap.py:83 msgid "" "\n" " Find all Certificate Identity Mapping Rules with the specified domain:\n" " ipa certmaprule-find --domain example.com\n" msgstr "" #: ipaserver/plugins/certmap.py:86 msgid "" "\n" " Delete a Certificate Identity Mapping Rule:\n" " ipa certmaprule-del rule1\n" msgstr "" #: ipaserver/plugins/certmap.py:141 ipaserver/plugins/certmap.py:148 #: ipaserver/plugins/certmap.py:175 ipaserver/plugins/trust.py:848 msgid "domain" msgstr "" #: ipaserver/plugins/certmap.py:142 #, python-format msgid "" "The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check." msgstr "" #: ipaserver/plugins/certmap.py:149 msgid "" "The mapping rule with altSecurityIdentities should be applied to a trusted " "Active Directory domain but no domain was associated with the rule." msgstr "" #: ipaserver/plugins/certmap.py:176 #, python-format msgid "The domain %s is neither IPA domain nor a trusteddomain." msgstr "" #: ipaserver/plugins/certmap.py:186 msgid "Certificate Identity Mapping configuration options" msgstr "" #: ipaserver/plugins/certmap.py:191 ipaserver/plugins/certmap.py:192 msgid "Certificate Identity Mapping Global Configuration" msgstr "" #: ipaserver/plugins/certmap.py:198 msgid "Prompt for the username" msgstr "" #: ipaserver/plugins/certmap.py:199 msgid "" "Prompt for the username when multiple identities are mapped to a certificate" msgstr "" #: ipaserver/plugins/certmap.py:229 msgid "Modify Certificate Identity Mapping configuration." msgstr "" #: ipaserver/plugins/certmap.py:234 msgid "Show the current Certificate Identity Mapping configuration." msgstr "" #: ipaserver/plugins/certmap.py:243 ipaserver/plugins/certmap.py:247 msgid "Certificate Identity Mapping Rules" msgstr "" #: ipaserver/plugins/certmap.py:244 ipaserver/plugins/certmap.py:246 msgid "Certificate Identity Mapping Rule" msgstr "" #: ipaserver/plugins/certmap.py:274 msgid "Certificate Identity Mapping Rule name" msgstr "" #: ipaserver/plugins/certmap.py:280 msgid "Certificate Identity Mapping Rule description" msgstr "" #: ipaserver/plugins/certmap.py:285 msgid "Mapping rule" msgstr "" #: ipaserver/plugins/certmap.py:286 msgid "Rule used to map the certificate with a user entry" msgstr "" #: ipaserver/plugins/certmap.py:291 msgid "Matching rule" msgstr "" #: ipaserver/plugins/certmap.py:292 msgid "Rule used to check if a certificate can be used for authentication" msgstr "" #: ipaserver/plugins/certmap.py:298 ipaserver/plugins/trust.py:1580 msgid "Domain name" msgstr "" #: ipaserver/plugins/certmap.py:299 msgid "Domain where the user entry will be searched" msgstr "" #: ipaserver/plugins/certmap.py:305 msgid "Priority of the rule (higher number means lower priority" msgstr "" #: ipaserver/plugins/certmap.py:356 msgid "Create a new Certificate Identity Mapping Rule." msgstr "" #: ipaserver/plugins/certmap.py:358 #, python-format msgid "Added Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/certmap.py:369 msgid "Modify a Certificate Identity Mapping Rule." msgstr "" #: ipaserver/plugins/certmap.py:371 #, python-format msgid "Modified Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/certmap.py:392 msgid "Search for Certificate Identity Mapping Rules." msgstr "" #: ipaserver/plugins/certmap.py:395 #, python-format msgid "%(count)d Certificate Identity Mapping Rule matched" msgid_plural "%(count)d Certificate Identity Mapping Rules matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/certmap.py:402 msgid "Display information about a Certificate Identity Mapping Rule." msgstr "" #: ipaserver/plugins/certmap.py:408 msgid "Delete a Certificate Identity Mapping Rule." msgstr "" #: ipaserver/plugins/certmap.py:410 #, python-format msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/certmap.py:415 msgid "Enable a Certificate Identity Mapping Rule." msgstr "" #: ipaserver/plugins/certmap.py:417 #, python-format msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/certmap.py:444 msgid "Disable a Certificate Identity Mapping Rule." msgstr "" #: ipaserver/plugins/certmap.py:446 #, python-format msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/certmap.py:500 msgid "Failed to connect to sssd over SystemBus. See details in the error_log" msgstr "" #: ipaserver/plugins/certmap.py:554 msgid "Failed to find users over SystemBus. See details in the error_log" msgstr "" #: ipaserver/plugins/certmap.py:571 msgid "User logins" msgstr "" #: ipaserver/plugins/certmap.py:579 msgid "" "\n" " Search for users matching the provided certificate.\n" "\n" " This command relies on SSSD to retrieve the list of matching users and\n" " may return cached data. For more information on purging SSSD cache,\n" " please refer to sss_cache documentation.\n" " " msgstr "" #: ipaserver/plugins/certmap.py:587 #, python-format msgid "%(count)s user matched" msgid_plural "%(count)s users matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/migration.py:46 msgid "" "\n" "Migration to IPA\n" "\n" "Migrate users and groups from an LDAP server to IPA.\n" "\n" "This performs an LDAP query against the remote server searching for\n" "users and groups in a container. In order to migrate passwords you need\n" "to bind as a user that can read the userPassword attribute on the remote\n" "server. This is generally restricted to high-level admins such as\n" "cn=Directory Manager in 389-ds (this is the default bind user).\n" "\n" "The default user container is ou=People.\n" "\n" "The default group container is ou=Groups.\n" "\n" "Users and groups that already exist on the IPA server are skipped.\n" "\n" "Two LDAP schemas define how group members are stored: RFC2307 and\n" "RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" "members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" "\n" "The schema compat feature allows IPA to reformat data for systems that\n" "do not support RFC2307bis. It is recommended that this feature is disabled\n" "during migration to reduce system overhead. It can be re-enabled after\n" "migration. To migrate with it enabled use the \"--with-compat\" option.\n" "\n" "Migrated users do not have Kerberos credentials, they have only their\n" "LDAP password. To complete the migration process, users need to go\n" "to http://ipa.example.com/ipa/migration and authenticate using their\n" "LDAP password in order to generate their Kerberos credentials.\n" "\n" "Migration is disabled by default. Use the command ipa config-mod to\n" "enable it:\n" "\n" " ipa config-mod --enable-migration=TRUE\n" "\n" "If a base DN is not provided with --basedn then IPA will use either\n" "the value of defaultNamingContext if it is set or the first value\n" "in namingContexts set in the root of the remote LDAP server.\n" "\n" "Users are added as members to the default user group. This can be a\n" "time-intensive task so during migration this is done in a batch\n" "mode for every 100 users. As a result there will be a window in which\n" "users will be added to IPA but will not be members of the default\n" "user group.\n" "\n" "EXAMPLES:\n" "\n" " The simplest migration, accepting all defaults:\n" " ipa migrate-ds ldap://ds.example.com:389\n" "\n" " Specify the user and group container. This can be used to migrate user\n" " and group data from an IPA v1 server:\n" " ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" " --group-container='cn=groups,cn=accounts' \\\n" " ldap://ds.example.com:389\n" "\n" " Since IPA v2 server already contain predefined groups that may collide " "with\n" " groups in migrated (IPA v1) server (for example admins, ipausers), users\n" " having colliding group as their primary group may happen to belong to\n" " an unknown group on new IPA v2 server.\n" " Use --group-overwrite-gid option to overwrite GID of already existing " "groups\n" " to prevent this issue:\n" " ipa migrate-ds --group-overwrite-gid \\\n" " --user-container='cn=users,cn=accounts' \\\n" " --group-container='cn=groups,cn=accounts' \\\n" " ldap://ds.example.com:389\n" "\n" " Migrated users or groups may have object class and accompanied attributes\n" " unknown to the IPA v2 server. These object classes and attributes may be\n" " left out of the migration process:\n" " ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n" " --group-container='cn=groups,cn=accounts' \\\n" " --user-ignore-objectclass=radiusprofile \\\n" " --user-ignore-attribute=radiusgroupname \\\n" " ldap://ds.example.com:389\n" "\n" "LOGGING\n" "\n" "Migration will log warnings and errors to the Apache error log. This\n" "file should be evaluated post-migration to correct or investigate any\n" "issues that were discovered.\n" "\n" "For every 100 users migrated an info-level message will be displayed to\n" "give the current progress and duration to make it possible to track\n" "the progress of migration.\n" "\n" "If the log level is debug, either by setting debug = True in\n" "/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " "printed\n" "for each user added plus a summary when the default user group is\n" "updated.\n" msgstr "" #: ipaserver/plugins/migration.py:145 #, python-format msgid "" "Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually." msgstr "" #: ipaserver/plugins/migration.py:146 #, python-format msgid "" "Unable to determine if Kerberos principal %s already exists. Use 'ipa user-" "mod' to set it manually." msgstr "" #: ipaserver/plugins/migration.py:147 msgid "" "Failed to add user to the default group. Use 'ipa group-add-member' to add " "manually." msgstr "" #: ipaserver/plugins/migration.py:148 msgid "Migration of LDAP search reference is not supported." msgstr "" #: ipaserver/plugins/migration.py:149 msgid "Malformed DN" msgstr "" #: ipaserver/plugins/migration.py:194 #, python-format msgid "%(user)s is not a POSIX user" msgstr "" #: ipaserver/plugins/migration.py:461 msgid "" ". Check GID of the existing group. Use --group-overwrite-gid option to " "overwrite the GID" msgstr "" #: ipaserver/plugins/migration.py:476 msgid "Invalid LDAP URI." msgstr "" #: ipaserver/plugins/migration.py:482 msgid "Migrate users and groups from DS to IPA." msgstr "" #: ipaserver/plugins/migration.py:529 msgid "LDAP URI" msgstr "" #: ipaserver/plugins/migration.py:530 msgid "LDAP URI of DS server to migrate from" msgstr "" #: ipaserver/plugins/migration.py:536 msgid "bind password" msgstr "" #: ipaserver/plugins/migration.py:543 msgid "Bind DN" msgstr "" #: ipaserver/plugins/migration.py:549 msgid "User container" msgstr "" #: ipaserver/plugins/migration.py:550 msgid "DN of container for users in DS relative to base DN" msgstr "" #: ipaserver/plugins/migration.py:556 msgid "Group container" msgstr "" #: ipaserver/plugins/migration.py:557 msgid "DN of container for groups in DS relative to base DN" msgstr "" #: ipaserver/plugins/migration.py:563 msgid "User object class" msgstr "" #: ipaserver/plugins/migration.py:564 msgid "Objectclasses used to search for user entries in DS" msgstr "" #: ipaserver/plugins/migration.py:570 msgid "Group object class" msgstr "" #: ipaserver/plugins/migration.py:571 msgid "Objectclasses used to search for group entries in DS" msgstr "" #: ipaserver/plugins/migration.py:577 msgid "Ignore user object class" msgstr "" #: ipaserver/plugins/migration.py:578 msgid "Objectclasses to be ignored for user entries in DS" msgstr "" #: ipaserver/plugins/migration.py:584 msgid "Ignore user attribute" msgstr "" #: ipaserver/plugins/migration.py:585 msgid "Attributes to be ignored for user entries in DS" msgstr "" #: ipaserver/plugins/migration.py:591 msgid "Ignore group object class" msgstr "" #: ipaserver/plugins/migration.py:592 msgid "Objectclasses to be ignored for group entries in DS" msgstr "" #: ipaserver/plugins/migration.py:598 msgid "Ignore group attribute" msgstr "" #: ipaserver/plugins/migration.py:599 msgid "Attributes to be ignored for group entries in DS" msgstr "" #: ipaserver/plugins/migration.py:605 msgid "Overwrite GID" msgstr "" #: ipaserver/plugins/migration.py:606 msgid "" "When migrating a group already existing in IPA domain overwrite the group " "GID and report as success" msgstr "" #: ipaserver/plugins/migration.py:611 msgid "LDAP schema" msgstr "" #: ipaserver/plugins/migration.py:612 msgid "" "The schema used on the LDAP server. Supported values are RFC2307 and " "RFC2307bis. The default is RFC2307bis" msgstr "" #: ipaserver/plugins/migration.py:618 msgid "Continue" msgstr "" #: ipaserver/plugins/migration.py:619 msgid "" "Continuous operation mode. Errors are reported but the process continues" msgstr "" #: ipaserver/plugins/migration.py:624 msgid "Base DN" msgstr "" #: ipaserver/plugins/migration.py:625 msgid "Base DN on remote LDAP server" msgstr "" #: ipaserver/plugins/migration.py:629 msgid "Ignore compat plugin" msgstr "" #: ipaserver/plugins/migration.py:630 msgid "Allows migration despite the usage of compat plugin" msgstr "" #: ipaserver/plugins/migration.py:635 msgid "CA certificate" msgstr "" #: ipaserver/plugins/migration.py:636 msgid "Load CA certificate of LDAP server from FILE" msgstr "" #: ipaserver/plugins/migration.py:642 msgid "Add to default group" msgstr "" #: ipaserver/plugins/migration.py:643 msgid "Add migrated users without a group to a default group (default: true)" msgstr "" #: ipaserver/plugins/migration.py:650 msgid "Search scope" msgstr "" #: ipaserver/plugins/migration.py:651 msgid "" "LDAP search scope for users and groups: base, onelevel, or subtree. Defaults " "to onelevel" msgstr "" #: ipaserver/plugins/migration.py:662 msgid "Lists of objects migrated; categorized by type." msgstr "" #: ipaserver/plugins/migration.py:666 msgid "Lists of objects that could not be migrated; categorized by type." msgstr "" #: ipaserver/plugins/migration.py:670 msgid "False if migration mode was disabled." msgstr "" #: ipaserver/plugins/migration.py:674 msgid "False if migration fails because the compatibility plug-in is enabled." msgstr "" #: ipaserver/plugins/migration.py:678 #, python-format msgid "%s to exclude from migration" msgstr "" #: ipaserver/plugins/migration.py:680 msgid "" "search results for objects to be migrated\n" "have been truncated by the server;\n" "migration process might be incomplete\n" msgstr "" #: ipaserver/plugins/migration.py:769 #, python-format msgid "" "%(container)s LDAP search did not return any result (search base: " "%(search_base)s, objectclass: %(objectclass)s)" msgstr "" #: ipaserver/plugins/automember.py:43 msgid "" "\n" "Auto Membership Rule.\n" msgstr "" #: ipaserver/plugins/automember.py:45 msgid "" "\n" "Bring clarity to the membership of hosts and users by configuring inclusive\n" "or exclusive regex patterns, you can automatically assign a new entries " "into\n" "a group or hostgroup based upon attribute information.\n" msgstr "" #: ipaserver/plugins/automember.py:49 msgid "" "\n" "A rule is directly associated with a group by name, so you cannot create\n" "a rule without an accompanying group or hostgroup.\n" msgstr "" #: ipaserver/plugins/automember.py:52 msgid "" "\n" "A condition is a regular expression used by 389-ds to match a new incoming\n" "entry with an automember rule. If it matches an inclusive rule then the\n" "entry is added to the appropriate group or hostgroup.\n" msgstr "" #: ipaserver/plugins/automember.py:56 msgid "" "\n" "A default group or hostgroup could be specified for entries that do not\n" "match any rule. In case of user entries this group will be a fallback group\n" "because all users are by default members of group specified in IPA config.\n" msgstr "" #: ipaserver/plugins/automember.py:60 msgid "" "\n" "The automember-rebuild command can be used to retroactively run automember " "rules\n" "against existing entries, thus rebuilding their membership.\n" msgstr "" #: ipaserver/plugins/automember.py:65 msgid "" "\n" " Add the initial group or hostgroup:\n" " ipa hostgroup-add --desc=\"Web Servers\" webservers\n" " ipa group-add --desc=\"Developers\" devel\n" msgstr "" #: ipaserver/plugins/automember.py:69 msgid "" "\n" " Add the initial rule:\n" " ipa automember-add --type=hostgroup webservers\n" " ipa automember-add --type=group devel\n" msgstr "" #: ipaserver/plugins/automember.py:73 msgid "" "\n" " Add a condition to the rule:\n" " ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" "regex=^web[1-9]+\\.example\\.com webservers\n" " ipa automember-add-condition --key=manager --type=group --inclusive-" "regex=^uid=mscott devel\n" msgstr "" #: ipaserver/plugins/automember.py:77 msgid "" "\n" " Add an exclusive condition to the rule to prevent auto assignment:\n" " ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" "regex=^web5\\.example\\.com webservers\n" msgstr "" #: ipaserver/plugins/automember.py:80 msgid "" "\n" " Add a host:\n" " ipa host-add web1.example.com\n" msgstr "" #: ipaserver/plugins/automember.py:83 msgid "" "\n" " Add a user:\n" " ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" msgstr "" #: ipaserver/plugins/automember.py:86 msgid "" "\n" " Verify automembership:\n" " ipa hostgroup-show webservers\n" " Host-group: webservers\n" " Description: Web Servers\n" " Member hosts: web1.example.com\n" "\n" " ipa group-show devel\n" " Group name: devel\n" " Description: Developers\n" " GID: 1004200000\n" " Member users: tuser\n" msgstr "" #: ipaserver/plugins/automember.py:98 msgid "" "\n" " Remove a condition from the rule:\n" " ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" "regex=^web[1-9]+\\.example\\.com webservers\n" msgstr "" #: ipaserver/plugins/automember.py:101 msgid "" "\n" " Modify the automember rule:\n" " ipa automember-mod\n" msgstr "" #: ipaserver/plugins/automember.py:104 msgid "" "\n" " Set the default (fallback) target group:\n" " ipa automember-default-group-set --default-group=webservers --" "type=hostgroup\n" " ipa automember-default-group-set --default-group=ipausers --type=group\n" msgstr "" #: ipaserver/plugins/automember.py:108 msgid "" "\n" " Remove the default (fallback) target group:\n" " ipa automember-default-group-remove --type=hostgroup\n" " ipa automember-default-group-remove --type=group\n" msgstr "" #: ipaserver/plugins/automember.py:112 msgid "" "\n" " Show the default (fallback) target group:\n" " ipa automember-default-group-show --type=hostgroup\n" " ipa automember-default-group-show --type=group\n" msgstr "" #: ipaserver/plugins/automember.py:116 msgid "" "\n" " Find all of the automember rules:\n" " ipa automember-find\n" msgstr "" #: ipaserver/plugins/automember.py:119 msgid "" "\n" " Find all of the orphan automember rules:\n" " ipa automember-find-orphans --type=hostgroup\n" " Find all of the orphan automember rules and remove them:\n" " ipa automember-find-orphans --type=hostgroup --remove\n" msgstr "" #: ipaserver/plugins/automember.py:124 msgid "" "\n" " Display a automember rule:\n" " ipa automember-show --type=hostgroup webservers\n" " ipa automember-show --type=group devel\n" msgstr "" #: ipaserver/plugins/automember.py:128 msgid "" "\n" " Delete an automember rule:\n" " ipa automember-del --type=hostgroup webservers\n" " ipa automember-del --type=group devel\n" msgstr "" #: ipaserver/plugins/automember.py:132 msgid "" "\n" " Rebuild membership for all users:\n" " ipa automember-rebuild --type=group\n" msgstr "" #: ipaserver/plugins/automember.py:135 msgid "" "\n" " Rebuild membership for all hosts:\n" " ipa automember-rebuild --type=hostgroup\n" msgstr "" #: ipaserver/plugins/automember.py:138 msgid "" "\n" " Rebuild membership for specified users:\n" " ipa automember-rebuild --users=tuser1 --users=tuser2\n" msgstr "" #: ipaserver/plugins/automember.py:141 msgid "" "\n" " Rebuild membership for specified hosts:\n" " ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." "com\n" msgstr "" #: ipaserver/plugins/automember.py:160 ipaserver/plugins/automember.py:161 msgid "Inclusive Regex" msgstr "" #: ipaserver/plugins/automember.py:167 ipaserver/plugins/automember.py:168 msgid "Exclusive Regex" msgstr "" #: ipaserver/plugins/automember.py:176 msgid "Attribute Key" msgstr "" #: ipaserver/plugins/automember.py:177 msgid "" "Attribute to filter via regex. For example fqdn for a host, or manager for a " "user" msgstr "" #: ipaserver/plugins/automember.py:184 msgid "Grouping Type" msgstr "" #: ipaserver/plugins/automember.py:185 msgid "Grouping to which the rule applies" msgstr "" #: ipaserver/plugins/automember.py:244 msgid "Auto Membership Rule" msgstr "" #: ipaserver/plugins/automember.py:249 ipaserver/plugins/automember.py:250 msgid "Automember Rule" msgstr "" #: ipaserver/plugins/automember.py:258 msgid "A description of this auto member rule" msgstr "" #: ipaserver/plugins/automember.py:262 ipaserver/plugins/automember.py:585 msgid "Default (fallback) Group" msgstr "" #: ipaserver/plugins/automember.py:263 msgid "Default group for entries to land" msgstr "" #: ipaserver/plugins/automember.py:275 #, python-format msgid "%(otype)s \"%(oname)s\" not found" msgstr "" #: ipaserver/plugins/automember.py:301 #, python-format msgid "%s is not a valid attribute." msgstr "" #: ipaserver/plugins/automember.py:314 msgid "" "\n" " Add an automember rule.\n" " " msgstr "" #: ipaserver/plugins/automember.py:318 #, python-format msgid "Added automember rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:325 msgid "Auto Membership is not configured" msgstr "" #: ipaserver/plugins/automember.py:337 msgid "" "\n" " Add conditions to an automember rule.\n" " " msgstr "" #: ipaserver/plugins/automember.py:342 ipaclient/plugins/automember.py:33 msgid "Failed to add" msgstr "" #: ipaserver/plugins/automember.py:348 #, python-format msgid "Added condition(s) to \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:357 msgid "Conditions that could not be added" msgstr "" #: ipaserver/plugins/automember.py:361 msgid "Number of conditions added" msgstr "" #: ipaserver/plugins/automember.py:371 ipaserver/plugins/automember.py:455 #, python-format msgid "Auto member rule: %s not found!" msgstr "" #: ipaserver/plugins/automember.py:413 msgid "" "\n" " Override this so we can add completed and failed to the return " "result.\n" " " msgstr "" #: ipaserver/plugins/automember.py:428 msgid "" "\n" " Remove conditions from an automember rule.\n" " " msgstr "" #: ipaserver/plugins/automember.py:432 #, python-format msgid "Removed condition(s) from \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:441 msgid "Conditions that could not be removed" msgstr "" #: ipaserver/plugins/automember.py:445 msgid "Number of conditions removed" msgstr "" #: ipaserver/plugins/automember.py:496 msgid "" "\n" " Override this so we can set completed and failed.\n" " " msgstr "" #: ipaserver/plugins/automember.py:511 msgid "" "\n" " Modify an automember rule.\n" " " msgstr "" #: ipaserver/plugins/automember.py:515 #, python-format msgid "Modified automember rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:525 msgid "" "\n" " Delete an automember rule.\n" " " msgstr "" #: ipaserver/plugins/automember.py:529 #, python-format msgid "Deleted automember rule \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:534 msgid "" "\n" " Search for automember rules.\n" " " msgstr "" #: ipaserver/plugins/automember.py:540 ipaserver/plugins/automember.py:840 #, python-format msgid "%(count)d rules matched" msgid_plural "%(count)d rules matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/automember.py:552 msgid "" "\n" " Display information about an automember rule.\n" " " msgstr "" #: ipaserver/plugins/automember.py:576 msgid "" "\n" " Set default (fallback) group for all unmatched entries.\n" " " msgstr "" #: ipaserver/plugins/automember.py:586 msgid "Default (fallback) group for entries to land" msgstr "" #: ipaserver/plugins/automember.py:590 #, python-format msgid "Set default (fallback) group for automember \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:607 msgid "" "\n" " Remove default (fallback) group for all unmatched entries.\n" " " msgstr "" #: ipaserver/plugins/automember.py:614 #, python-format msgid "Removed default (fallback) group for automember \"%(value)s\"" msgstr "" #: ipaserver/plugins/automember.py:625 ipaserver/plugins/automember.py:633 #: ipaserver/plugins/automember.py:661 msgid "No default (fallback) group set" msgstr "" #: ipaserver/plugins/automember.py:644 msgid "" "\n" " Display information about the default (fallback) automember groups.\n" " " msgstr "" #: ipaserver/plugins/automember.py:675 msgid "Task DN" msgstr "" #: ipaserver/plugins/automember.py:676 msgid "DN of the started task" msgstr "" #: ipaserver/plugins/automember.py:683 msgid "Rebuild auto membership." msgstr "" #: ipaserver/plugins/automember.py:693 msgid "Rebuild membership for all members of a grouping" msgstr "" #: ipaserver/plugins/automember.py:698 msgid "Rebuild membership for specified users" msgstr "" #: ipaserver/plugins/automember.py:703 msgid "Rebuild membership for specified hosts" msgstr "" #: ipaserver/plugins/automember.py:708 msgid "No wait" msgstr "" #: ipaserver/plugins/automember.py:709 msgid "Don't wait for rebuilding membership" msgstr "" #: ipaserver/plugins/automember.py:727 msgid "at least one of options: type, users, hosts must be specified" msgstr "" #: ipaserver/plugins/automember.py:733 msgid "users and hosts cannot both be set" msgstr "" #: ipaserver/plugins/automember.py:737 msgid "hosts cannot be set when type is 'group'" msgstr "" #: ipaserver/plugins/automember.py:741 msgid "users cannot be set when type is 'hostgroup'" msgstr "" #: ipaserver/plugins/automember.py:795 msgid "Automember rebuild membership task started" msgstr "" #: ipaserver/plugins/automember.py:815 #, python-format msgid "Task DN = '%s'" msgstr "" #: ipaserver/plugins/automember.py:828 msgid "" "\n" " Search for orphan automember rules. The command might need to be run as\n" " a privileged user user to get all orphan rules.\n" " " msgstr "" #: ipaserver/plugins/automember.py:835 msgid "Remove orphan automember rules" msgstr "" #: ipaserver/plugins/hbactest.py:39 ipaserver/plugins/cert.py:63 msgid "pyhbac is not installed." msgstr "" #: ipaserver/plugins/hbactest.py:45 msgid "" "\n" "Simulate use of Host-based access controls\n" "\n" "HBAC rules control who can access what services on what hosts.\n" "You can use HBAC to control which users or groups can access a service,\n" "or group of services, on a target host.\n" "\n" "Since applying HBAC rules implies use of a production environment,\n" "this plugin aims to provide simulation of HBAC rules evaluation without\n" "having access to the production environment.\n" "\n" " Test user coming to a service on a named host against\n" " existing enabled rules.\n" "\n" " ipa hbactest --user= --host= --service=\n" " [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" " [--sizelimit= ]\n" "\n" " --user, --host, and --service are mandatory, others are optional.\n" "\n" " If --rules is specified simulate enabling of the specified rules and test\n" " the login of the user using only these rules.\n" "\n" " If --enabled is specified, all enabled HBAC rules will be added to " "simulation\n" "\n" " If --disabled is specified, all disabled HBAC rules will be added to " "simulation\n" "\n" " If --nodetail is specified, do not return information about rules matched/" "not matched.\n" "\n" " If both --rules and --enabled are specified, apply simulation to --rules " "_and_\n" " all IPA enabled rules.\n" "\n" " If no --rules specified, simulation is run against all IPA enabled rules.\n" " By default there is a IPA-wide limit to number of entries fetched, you can " "change it\n" " with --sizelimit option.\n" "\n" "EXAMPLES:\n" "\n" " 1. Use all enabled HBAC rules in IPA database to simulate:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Matched rules: allow_all\n" "\n" " 2. Disable detailed summary of how rules were applied:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" " --------------------\n" " Access granted: True\n" " --------------------\n" "\n" " 3. Test explicitly specified HBAC rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" " --rules=myrule --rules=my-second-rule\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: myrule\n" "\n" " 4. Use all enabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" " --rules=myrule --rules=my-second-rule --enabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Matched rules: allow_all\n" "\n" " 5. Test all disabled HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: new-rule\n" "\n" " 6. Test all disabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" " --rules=myrule --rules=my-second-rule --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" "\n" " 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n" " --enabled --disabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Not matched rules: new-rule\n" " Matched rules: allow_all\n" "\n" "\n" "HBACTEST AND TRUSTED DOMAINS\n" "\n" "When an external trusted domain is configured in IPA, HBAC rules are also " "applied\n" "on users accessing IPA resources from the trusted domain. Trusted domain " "users and\n" "groups (and their SIDs) can be then assigned to external groups which can " "be\n" "members of POSIX groups in IPA which can be used in HBAC rules and thus " "allowing\n" "access to resources protected by the HBAC system.\n" "\n" "hbactest plugin is capable of testing access for both local IPA users and " "users\n" "from the trusted domains, either by a fully qualified user name or by user " "SID.\n" "Such user names need to have a trusted domain specified as a short name\n" "(DOMAIN\\Administrator) or with a user principal name (UPN), " "Administrator@ad.test.\n" "\n" "Please note that hbactest executed with a trusted domain user as --user " "parameter\n" "can be only run by members of \"trust admins\" group.\n" "\n" "EXAMPLES:\n" "\n" " 1. Test if a user from a trusted domain specified by its shortname " "matches any\n" " rule:\n" "\n" " $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 2. Test if a user from a trusted domain specified by its domain name " "matches\n" " any rule:\n" "\n" " $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 3. Test if a user from a trusted domain specified by its SID matches any " "rule:\n" "\n" " $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\\\n" " --host `hostname` --service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 4. Test if other user from a trusted domain specified by its SID matches " "any rule:\n" "\n" " $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\" "\\\n" " --host `hostname` --service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Not matched rules: can_login\n" "\n" " 5. Test if other user from a trusted domain specified by its shortname " "matches\n" " any rule:\n" "\n" " $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " "sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Not matched rules: can_login\n" msgstr "" #: ipaserver/plugins/hbactest.py:256 msgid "Simulate use of Host-based access controls" msgstr "" #: ipaserver/plugins/hbactest.py:260 msgid "Warning" msgstr "" #: ipaserver/plugins/hbactest.py:261 msgid "Matched rules" msgstr "" #: ipaserver/plugins/hbactest.py:262 msgid "Not matched rules" msgstr "" #: ipaserver/plugins/hbactest.py:263 msgid "Non-existent or invalid rules" msgstr "" #: ipaserver/plugins/hbactest.py:264 msgid "Result of simulation" msgstr "" #: ipaserver/plugins/hbactest.py:276 msgid "Source host" msgstr "" #: ipaserver/plugins/hbactest.py:281 msgid "Target host" msgstr "" #: ipaserver/plugins/hbactest.py:289 msgid "Rules to test. If not specified, --enabled is assumed" msgstr "" #: ipaserver/plugins/hbactest.py:293 msgid "Hide details which rules are matched, not matched, or invalid" msgstr "" #: ipaserver/plugins/hbactest.py:297 msgid "Include all enabled IPA rules into test [default]" msgstr "" #: ipaserver/plugins/hbactest.py:301 msgid "Include all disabled IPA rules into test" msgstr "" #: ipaserver/plugins/hbactest.py:305 msgid "Maximum number of rules to process when no --rules is specified" msgstr "" #: ipaserver/plugins/hbactest.py:384 msgid "Unresolved rules in --rules" msgstr "" #: ipaserver/plugins/hbactest.py:402 ipaserver/plugins/group.py:607 #: ipaserver/plugins/group.py:664 msgid "" "Cannot perform external member validation without Samba 4 support installed. " "Make sure you have installed server-trust-ad sub-package of IPA on the server" msgstr "" #: ipaserver/plugins/hbactest.py:408 ipaserver/plugins/trust.py:345 msgid "" "Cannot search in trusted domains without own domain configured. Make sure " "you have run ipa-adtrust-install on the IPA server first" msgstr "" #: ipaserver/plugins/hbactest.py:497 #, python-format msgid "Access granted: %s" msgstr "" #: ipaserver/plugins/host.py:76 msgid "" "\n" "Hosts/Machines\n" "\n" "A host represents a machine. It can be used in a number of contexts:\n" "- service entries are associated with a host\n" "- a host stores the host/ service principal\n" "- a host can be used in Host-based Access Control (HBAC) rules\n" "- every enrolled client generates a host entry\n" msgstr "" #: ipaserver/plugins/host.py:84 msgid "" "\n" "ENROLLMENT:\n" "\n" "There are three enrollment scenarios when enrolling a new client:\n" "\n" "1. You are enrolling as a full administrator. The host entry may exist\n" " or not. A full administrator is a member of the hostadmin role\n" " or the admins group.\n" "2. You are enrolling as a limited administrator. The host must already\n" " exist. A limited administrator is a member a role with the\n" " Host Enrollment privilege.\n" "3. The host has been created with a one-time password.\n" msgstr "" #: ipaserver/plugins/host.py:96 msgid "" "\n" "RE-ENROLLMENT:\n" "\n" "Host that has been enrolled at some point, and lost its configuration (e.g. " "VM\n" "destroyed) can be re-enrolled.\n" "\n" "For more information, consult the manual pages for ipa-client-install.\n" "\n" "A host can optionally store information such as where it is located,\n" "the OS that it runs, etc.\n" msgstr "" #: ipaserver/plugins/host.py:108 msgid "" "\n" " Add a new host:\n" " ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." "com\n" msgstr "" #: ipaserver/plugins/host.py:111 msgid "" "\n" " Delete a host:\n" " ipa host-del test.example.com\n" msgstr "" #: ipaserver/plugins/host.py:114 msgid "" "\n" " Add a new host with a one-time password:\n" " ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" msgstr "" #: ipaserver/plugins/host.py:117 msgid "" "\n" " Add a new host with a random one-time password:\n" " ipa host-add --os='Fedora 12' --random test.example.com\n" msgstr "" #: ipaserver/plugins/host.py:120 msgid "" "\n" " Modify information about a host:\n" " ipa host-mod --os='Fedora 12' test.example.com\n" msgstr "" #: ipaserver/plugins/host.py:123 msgid "" "\n" " Remove SSH public keys of a host and update DNS to reflect this change:\n" " ipa host-mod --sshpubkey= --updatedns test.example.com\n" msgstr "" #: ipaserver/plugins/host.py:126 msgid "" "\n" " Disable the host Kerberos key, SSL certificate and all of its services:\n" " ipa host-disable test.example.com\n" msgstr "" #: ipaserver/plugins/host.py:129 msgid "" "\n" " Add a host that can manage this host's keytab and certificate:\n" " ipa host-add-managedby --hosts=test2 test\n" msgstr "" #: ipaserver/plugins/host.py:132 msgid "" "\n" " Allow user to create a keytab:\n" " ipa host-allow-create-keytab test2 --users=tuser1\n" msgstr "" #: ipaserver/plugins/host.py:211 ipaclient/frontend.py:76 msgid "Failed managedby" msgstr "" #: ipaserver/plugins/host.py:463 ipaclient/remote_plugins/2_114/host.py:95 msgid "A description of this host" msgstr "" #: ipaserver/plugins/host.py:467 ipaclient/remote_plugins/2_114/host.py:100 msgid "Locality" msgstr "" #: ipaserver/plugins/host.py:468 ipaclient/remote_plugins/2_114/host.py:101 msgid "Host locality (e.g. \"Baltimore, MD\")" msgstr "" #: ipaserver/plugins/host.py:473 ipaclient/remote_plugins/2_114/host.py:107 msgid "Host location (e.g. \"Lab 2\")" msgstr "" #: ipaserver/plugins/host.py:477 ipaclient/remote_plugins/2_114/host.py:112 msgid "Platform" msgstr "" #: ipaserver/plugins/host.py:478 ipaclient/remote_plugins/2_114/host.py:113 msgid "Host hardware platform (e.g. \"Lenovo T61\")" msgstr "" #: ipaserver/plugins/host.py:482 ipaclient/remote_plugins/2_114/host.py:118 msgid "Operating system" msgstr "" #: ipaserver/plugins/host.py:483 ipaclient/remote_plugins/2_114/host.py:119 msgid "Host operating system and version (e.g. \"Fedora 9\")" msgstr "" #: ipaserver/plugins/host.py:487 ipaclient/remote_plugins/2_114/host.py:124 msgid "User password" msgstr "" #: ipaserver/plugins/host.py:488 ipaclient/remote_plugins/2_114/host.py:125 msgid "Password used in bulk enrollment" msgstr "" #: ipaserver/plugins/host.py:492 ipaclient/remote_plugins/2_114/host.py:130 msgid "Generate a random password to be used in bulk enrollment" msgstr "" #: ipaserver/plugins/host.py:497 ipaserver/plugins/baseuser.py:289 msgid "Random password" msgstr "" #: ipaserver/plugins/host.py:503 msgid "Base-64 encoded host certificate" msgstr "" #: ipaserver/plugins/host.py:560 ipaclient/remote_plugins/2_114/host.py:152 msgid "MAC address" msgstr "" #: ipaserver/plugins/host.py:561 ipaclient/remote_plugins/2_114/host.py:153 msgid "Hardware MAC address(es) on this host" msgstr "" #: ipaserver/plugins/host.py:570 ipaserver/plugins/baseuser.py:353 msgid "SSH public key fingerprint" msgstr "" #: ipaserver/plugins/host.py:575 ipaserver/plugins/baseuser.py:365 msgid "Class" msgstr "" #: ipaserver/plugins/host.py:576 ipaclient/remote_plugins/2_114/host.py:166 msgid "" "Host category (semantics placed on this attribute are for local " "interpretation)" msgstr "" #: ipaserver/plugins/host.py:654 ipaclient/remote_plugins/2_114/host.py:288 msgid "Add a new host." msgstr "" #: ipaserver/plugins/host.py:657 #, python-format msgid "Added host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:662 ipaclient/remote_plugins/2_114/host.py:416 msgid "force host name even if not in DNS" msgstr "" #: ipaserver/plugins/host.py:665 ipaclient/remote_plugins/2_114/host.py:422 msgid "skip reverse DNS detection" msgstr "" #: ipaserver/plugins/host.py:668 ipaclient/remote_plugins/2_114/host.py:430 msgid "Add the host to DNS with this IP address" msgstr "" #: ipaserver/plugins/host.py:777 ipaclient/remote_plugins/2_114/host.py:709 msgid "Delete a host." msgstr "" #: ipaserver/plugins/host.py:779 #, python-format msgid "Deleted host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:784 msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS" msgstr "" #: ipaserver/plugins/host.py:863 msgid "No A, AAAA, SSHFP or PTR records found." msgstr "" #: ipaserver/plugins/host.py:876 ipaclient/remote_plugins/2_114/host.py:1244 msgid "Modify information about a host." msgstr "" #: ipaserver/plugins/host.py:879 #, python-format msgid "Modified host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:884 ipaclient/remote_plugins/2_114/host.py:1393 msgid "Update DNS entries" msgstr "" #: ipaserver/plugins/host.py:899 msgid "Password cannot be set on enrolled host." msgstr "" #: ipaserver/plugins/host.py:903 msgid "cn is immutable" msgstr "" #: ipaserver/plugins/host.py:1023 ipaclient/remote_plugins/2_114/host.py:962 msgid "Search for hosts." msgstr "" #: ipaserver/plugins/host.py:1027 #, python-format msgid "%(count)d host matched" msgid_plural "%(count)d hosts matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/host.py:1124 ipaclient/remote_plugins/2_114/host.py:1498 msgid "Display information about a host." msgstr "" #: ipaserver/plugins/host.py:1179 ipaclient/remote_plugins/2_114/host.py:754 msgid "Disable the Kerberos key, SSL certificate and all services of a host." msgstr "" #: ipaserver/plugins/host.py:1182 #, python-format msgid "Disabled host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:1255 ipaclient/remote_plugins/2_114/host.py:472 msgid "Add hosts that can manage this host." msgstr "" #: ipaserver/plugins/host.py:1269 ipaclient/remote_plugins/2_114/host.py:1437 msgid "Remove hosts that can manage this host." msgstr "" #: ipaserver/plugins/host.py:1282 ipaclient/remote_plugins/2_114/host.py:621 msgid "" "Allow users, groups, hosts or host groups to retrieve a keytab of this host." msgstr "" #: ipaserver/plugins/host.py:1301 ipaclient/remote_plugins/2_114/host.py:874 msgid "" "Disallow users, groups, hosts or host groups to retrieve a keytab of this " "host." msgstr "" #: ipaserver/plugins/host.py:1319 ipaclient/remote_plugins/2_114/host.py:533 msgid "" "Allow users, groups, hosts or host groups to create a keytab of this host." msgstr "" #: ipaserver/plugins/host.py:1338 ipaclient/remote_plugins/2_114/host.py:786 msgid "" "Disallow users, groups, hosts or host groups to create a keytab of this host." msgstr "" #: ipaserver/plugins/host.py:1356 ipaclient/remote_plugins/2_156/host.py:474 msgid "Add certificates to host entry" msgstr "" #: ipaserver/plugins/host.py:1357 #, python-format msgid "Added certificates to host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:1363 ipaclient/remote_plugins/2_156/host.py:1501 msgid "Remove certificates from host entry" msgstr "" #: ipaserver/plugins/host.py:1364 #, python-format msgid "Removed certificates from host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:1380 msgid "Add new principal alias to host entry" msgstr "" #: ipaserver/plugins/host.py:1381 #, python-format msgid "Added new aliases to host \"%(value)s\"" msgstr "" #: ipaserver/plugins/host.py:1392 msgid "Remove principal alias from a host entry" msgstr "" #: ipaserver/plugins/host.py:1393 #, python-format msgid "Removed aliases from host \"%(value)s\"" msgstr "" #: ipaserver/plugins/hostgroup.py:35 msgid "" "\n" "Groups of hosts.\n" "\n" "Manage groups of hosts. This is useful for applying access control to a\n" "number of hosts by using Host-based Access Control.\n" "\n" "EXAMPLES:\n" "\n" " Add a new host group:\n" " ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" "\n" " Add another new host group:\n" " ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" "\n" " Add members to the hostgroup (using Bash brace expansion):\n" " ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" "\n" " Add a hostgroup as a member of another hostgroup:\n" " ipa hostgroup-add-member --hostgroups=baltimore maryland\n" "\n" " Remove a host from the hostgroup:\n" " ipa hostgroup-remove-member --hosts=box2 baltimore\n" "\n" " Display a host group:\n" " ipa hostgroup-show baltimore\n" "\n" " Add a member manager:\n" " ipa hostgroup-add-member-manager --users=user1 baltimore\n" "\n" " Remove a member manager\n" " ipa hostgroup-remove-member-manager --users=user1 baltimore\n" "\n" " Delete a hostgroup:\n" " ipa hostgroup-del baltimore\n" msgstr "" #: ipaserver/plugins/hostgroup.py:95 ipaserver/plugins/group.py:182 #: ipaclient/frontend.py:71 msgid "Failed member manager" msgstr "" #: ipaserver/plugins/hostgroup.py:106 msgid "host group" msgstr "" #: ipaserver/plugins/hostgroup.py:107 msgid "host groups" msgstr "" #: ipaserver/plugins/hostgroup.py:179 msgid "Host Group" msgstr "" #: ipaserver/plugins/hostgroup.py:186 msgid "Host-group" msgstr "" #: ipaserver/plugins/hostgroup.py:187 msgid "Name of host-group" msgstr "" #: ipaserver/plugins/hostgroup.py:194 msgid "A description of this host-group" msgstr "" #: ipaserver/plugins/hostgroup.py:220 msgid "Add a new hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:223 #, python-format msgid "Added hostgroup \"%(value)s\"" msgstr "" #: ipaserver/plugins/hostgroup.py:239 #, python-format msgid "" "netgroup with name \"%s\" already exists. Hostgroups and netgroups share a " "common namespace" msgstr "" #: ipaserver/plugins/hostgroup.py:260 msgid "Delete a hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:262 #, python-format msgid "Deleted hostgroup \"%(value)s\"" msgstr "" #: ipaserver/plugins/hostgroup.py:266 ipaserver/plugins/hostgroup.py:284 #: ipaserver/plugins/hostgroup.py:349 msgid "hostgroup" msgstr "" #: ipaserver/plugins/hostgroup.py:268 ipaserver/plugins/hostgroup.py:286 msgid "privileged hostgroup" msgstr "" #: ipaserver/plugins/hostgroup.py:275 msgid "Modify a hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:278 #, python-format msgid "Modified hostgroup \"%(value)s\"" msgstr "" #: ipaserver/plugins/hostgroup.py:298 msgid "Search for hostgroups." msgstr "" #: ipaserver/plugins/hostgroup.py:303 #, python-format msgid "%(count)d hostgroup matched" msgid_plural "%(count)d hostgroups matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/hostgroup.py:316 msgid "Display information about a hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:330 msgid "Add members to a hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:340 msgid "Remove members from a hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:362 msgid "Add users that can manage members of this hostgroup." msgstr "" #: ipaserver/plugins/hostgroup.py:372 msgid "Remove users that can manage members of this hostgroup." msgstr "" #: ipaserver/plugins/schema.py:30 msgid "" "\n" "API Schema\n" msgstr "" #: ipaserver/plugins/schema.py:32 msgid "" "\n" "Provides API introspection capabilities.\n" msgstr "" #: ipaserver/plugins/schema.py:36 msgid "" "\n" " Show user-find details:\n" " ipa command-show user-find\n" msgstr "" #: ipaserver/plugins/schema.py:39 msgid "" "\n" " Find user-find parameters:\n" " ipa param-find user-find\n" msgstr "" #: ipaserver/plugins/schema.py:60 msgid "Documentation" msgstr "" #: ipaserver/plugins/schema.py:65 msgid "Exclude from" msgstr "" #: ipaserver/plugins/schema.py:70 msgid "Include in" msgstr "" #: ipaserver/plugins/schema.py:127 ipaserver/plugins/baseldap.py:1873 #: ipaserver/plugins/cert.py:1561 ipaclient/remote_plugins/2_114/aci.py:474 msgid "Primary key only" msgstr "" #: ipaserver/plugins/schema.py:128 ipaserver/plugins/baseldap.py:1874 #, python-format msgid "Results should contain primary key attribute only (\"%s\")" msgstr "" #: ipaserver/plugins/schema.py:141 msgid "Help topic" msgstr "" #: ipaserver/plugins/schema.py:158 ipaserver/plugins/baseuser.py:219 msgid "Full name" msgstr "" #: ipaserver/plugins/schema.py:178 msgid "Parameters" msgstr "" #: ipaserver/plugins/schema.py:213 msgid "Method of" msgstr "" #: ipaserver/plugins/schema.py:218 msgid "Method name" msgstr "" #: ipaserver/plugins/schema.py:263 ipaserver/plugins/schema.py:332 #: ipaserver/plugins/schema.py:423 ipaserver/plugins/schema.py:658 #: ipaserver/plugins/schema.py:751 ipaserver/plugins/baseldap.py:583 #, python-format msgid "%(pkey)s: %(oname)s not found" msgstr "" #: ipaserver/plugins/schema.py:276 msgid "Display information about a command." msgstr "" #: ipaserver/plugins/schema.py:281 msgid "Search for commands." msgstr "" #: ipaserver/plugins/schema.py:286 msgid "Return command defaults" msgstr "" #: ipaserver/plugins/schema.py:343 msgid "Display information about a class." msgstr "" #: ipaserver/plugins/schema.py:348 msgid "Search for classes." msgstr "" #: ipaserver/plugins/schema.py:435 msgid "Display information about a help topic." msgstr "" #: ipaserver/plugins/schema.py:440 msgid "Search for help topics." msgstr "" #: ipaserver/plugins/schema.py:452 msgid "Required" msgstr "" #: ipaserver/plugins/schema.py:457 msgid "Multi-value" msgstr "" #: ipaserver/plugins/schema.py:505 msgid "Always ask" msgstr "" #: ipaserver/plugins/schema.py:510 msgid "CLI metavar" msgstr "" #: ipaserver/plugins/schema.py:515 msgid "CLI name" msgstr "" #: ipaserver/plugins/schema.py:520 msgid "Confirm (password)" msgstr "" #: ipaserver/plugins/schema.py:525 msgid "Default" msgstr "" #: ipaserver/plugins/schema.py:530 msgid "Default from" msgstr "" #: ipaserver/plugins/schema.py:535 msgid "Label" msgstr "" #: ipaserver/plugins/schema.py:540 msgid "Convert on server" msgstr "" #: ipaserver/plugins/schema.py:545 msgid "Option group" msgstr "" #: ipaserver/plugins/schema.py:550 msgid "Sensitive" msgstr "" #: ipaserver/plugins/schema.py:555 msgid "Positional argument" msgstr "" #: ipaserver/plugins/schema.py:640 #, python-format msgid "%(metaobject)s: %(oname)s not found" msgstr "" #: ipaserver/plugins/schema.py:679 msgid "Display information about a command parameter." msgstr "" #: ipaserver/plugins/schema.py:684 msgid "Search command parameters." msgstr "" #: ipaserver/plugins/schema.py:741 #, python-format msgid "%(command_name)s: %(oname)s not found" msgstr "" #: ipaserver/plugins/schema.py:766 msgid "Display information about a command output." msgstr "" #: ipaserver/plugins/schema.py:771 msgid "Search for command outputs." msgstr "" #: ipaserver/plugins/schema.py:776 msgid "Store and provide schema for commands and topics" msgstr "" #: ipaserver/plugins/schema.py:782 msgid "Fingerprint of schema cached by client" msgstr "" #: ipaserver/plugins/config.py:41 msgid "" "\n" "Server configuration\n" "\n" "Manage the default values that IPA uses and some of its tuning parameters.\n" "\n" "NOTES:\n" "\n" "The password notification value (--pwdexpnotify) is stored here so it will\n" "be replicated. It is not currently used to notify users in advance of an\n" "expiring password.\n" "\n" "Some attributes are read-only, provided only for information purposes. " "These\n" "include:\n" "\n" "Certificate Subject base: the configured certificate subject base,\n" " e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" "Password plug-in features: currently defines additional hashes that the\n" " password will generate (there may be other conditions).\n" "\n" "When setting the order list for mapping SELinux users you may need to\n" "quote the value so it isn't interpreted by the shell.\n" "\n" "The maximum length of a hostname in Linux is controlled by\n" "MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n" "systems, Solaris for example, allows hostnames up to 255 characters.\n" "This option will allow flexibility in length but by default limiting\n" "to the Linux maximum length.\n" "\n" "EXAMPLES:\n" "\n" " Show basic server configuration:\n" " ipa config-show\n" "\n" " Show all configuration options:\n" " ipa config-show --all\n" "\n" " Change maximum username length to 99 characters:\n" " ipa config-mod --maxusername=99\n" "\n" " Change maximum host name length to 255 characters:\n" " ipa config-mod --maxhostname=255\n" "\n" " Increase default time and size limits for maximum IPA server search:\n" " ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" "\n" " Set default user e-mail domain:\n" " ipa config-mod --emaildomain=example.com\n" "\n" " Enable migration mode to make \"ipa migrate-ds\" command operational:\n" " ipa config-mod --enable-migration=TRUE\n" "\n" " Define SELinux user map order:\n" " ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" "s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" msgstr "" #: ipaserver/plugins/config.py:107 msgid "must be at least 10" msgstr "" #: ipaserver/plugins/config.py:115 msgid "configuration options" msgstr "" #: ipaserver/plugins/config.py:150 ipaserver/plugins/config.py:151 msgid "Configuration" msgstr "" #: ipaserver/plugins/config.py:156 ipaclient/remote_plugins/2_114/config.py:73 msgid "Maximum username length" msgstr "" #: ipaserver/plugins/config.py:162 msgid "Maximum hostname length" msgstr "" #: ipaserver/plugins/config.py:167 ipaclient/remote_plugins/2_114/config.py:77 msgid "Home directory base" msgstr "" #: ipaserver/plugins/config.py:168 ipaclient/remote_plugins/2_114/config.py:78 msgid "Default location of home directories" msgstr "" #: ipaserver/plugins/config.py:172 ipaclient/remote_plugins/2_114/config.py:82 msgid "Default shell" msgstr "" #: ipaserver/plugins/config.py:173 ipaclient/remote_plugins/2_114/config.py:83 msgid "Default shell for new users" msgstr "" #: ipaserver/plugins/config.py:177 ipaclient/remote_plugins/2_114/config.py:87 msgid "Default users group" msgstr "" #: ipaserver/plugins/config.py:178 ipaclient/remote_plugins/2_114/config.py:88 msgid "Default group for new users" msgstr "" #: ipaserver/plugins/config.py:182 ipaserver/plugins/config.py:183 msgid "Default e-mail domain" msgstr "" #: ipaserver/plugins/config.py:187 ipaclient/remote_plugins/2_114/config.py:97 msgid "Search time limit" msgstr "" #: ipaserver/plugins/config.py:188 ipaclient/remote_plugins/2_156/config.py:98 msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)" msgstr "" #: ipaserver/plugins/config.py:194 ipaclient/remote_plugins/2_114/config.py:102 msgid "Search size limit" msgstr "" #: ipaserver/plugins/config.py:195 ipaclient/remote_plugins/2_156/config.py:103 msgid "Maximum number of records to search (-1 or 0 is unlimited)" msgstr "" #: ipaserver/plugins/config.py:199 ipaclient/remote_plugins/2_114/config.py:107 msgid "User search fields" msgstr "" #: ipaserver/plugins/config.py:200 ipaclient/remote_plugins/2_114/config.py:108 msgid "A comma-separated list of fields to search in when searching for users" msgstr "" #: ipaserver/plugins/config.py:204 ipaclient/remote_plugins/2_114/config.py:112 msgid "Group search fields" msgstr "" #: ipaserver/plugins/config.py:205 ipaclient/remote_plugins/2_114/config.py:113 msgid "A comma-separated list of fields to search in when searching for groups" msgstr "" #: ipaserver/plugins/config.py:209 ipaserver/plugins/config.py:210 msgid "Enable migration mode" msgstr "" #: ipaserver/plugins/config.py:214 ipaclient/remote_plugins/2_114/config.py:121 msgid "Certificate Subject base" msgstr "" #: ipaserver/plugins/config.py:215 ipaclient/remote_plugins/2_114/config.py:122 msgid "Base for certificate subjects (OU=Test,O=Example)" msgstr "" #: ipaserver/plugins/config.py:220 ipaclient/remote_plugins/2_114/config.py:127 msgid "Default group objectclasses" msgstr "" #: ipaserver/plugins/config.py:221 ipaclient/remote_plugins/2_114/config.py:128 msgid "Default group objectclasses (comma-separated list)" msgstr "" #: ipaserver/plugins/config.py:225 ipaclient/remote_plugins/2_114/config.py:133 msgid "Default user objectclasses" msgstr "" #: ipaserver/plugins/config.py:226 ipaclient/remote_plugins/2_114/config.py:134 msgid "Default user objectclasses (comma-separated list)" msgstr "" #: ipaserver/plugins/config.py:230 ipaclient/remote_plugins/2_114/config.py:138 msgid "Password Expiration Notification (days)" msgstr "" #: ipaserver/plugins/config.py:231 ipaclient/remote_plugins/2_114/config.py:139 msgid "Number of days's notice of impending password expiration" msgstr "" #: ipaserver/plugins/config.py:236 ipaclient/remote_plugins/2_114/config.py:145 msgid "Password plugin features" msgstr "" #: ipaserver/plugins/config.py:237 ipaclient/remote_plugins/2_114/config.py:146 msgid "Extra hashes to generate in password plug-in" msgstr "" #: ipaserver/plugins/config.py:243 ipaclient/remote_plugins/2_114/config.py:150 msgid "SELinux user map order" msgstr "" #: ipaserver/plugins/config.py:244 ipaclient/remote_plugins/2_114/config.py:151 msgid "Order in increasing priority of SELinux users, delimited by $" msgstr "" #: ipaserver/plugins/config.py:247 ipaclient/remote_plugins/2_114/config.py:156 msgid "Default SELinux user" msgstr "" #: ipaserver/plugins/config.py:248 ipaclient/remote_plugins/2_114/config.py:157 msgid "Default SELinux user when no match is found in SELinux map rule" msgstr "" #: ipaserver/plugins/config.py:252 ipaclient/remote_plugins/2_114/config.py:163 msgid "Default PAC types" msgstr "" #: ipaserver/plugins/config.py:253 ipaclient/remote_plugins/2_114/config.py:164 msgid "Default types of PAC supported for services" msgstr "" #: ipaserver/plugins/config.py:259 ipaclient/remote_plugins/2_114/config.py:170 msgid "Default user authentication types" msgstr "" #: ipaserver/plugins/config.py:260 ipaclient/remote_plugins/2_114/config.py:171 msgid "Default types of supported user authentication" msgstr "" #: ipaserver/plugins/config.py:266 msgid "IPA masters" msgstr "" #: ipaserver/plugins/config.py:267 msgid "List of all IPA masters" msgstr "" #: ipaserver/plugins/config.py:272 msgid "Hidden IPA masters" msgstr "" #: ipaserver/plugins/config.py:273 msgid "List of all hidden IPA masters" msgstr "" #: ipaserver/plugins/config.py:278 msgid "IPA master capable of PKINIT" msgstr "" #: ipaserver/plugins/config.py:279 msgid "IPA master which can process PKINIT requests" msgstr "" #: ipaserver/plugins/config.py:284 msgid "IPA CA servers" msgstr "" #: ipaserver/plugins/config.py:285 msgid "IPA servers configured as certificate authority" msgstr "" #: ipaserver/plugins/config.py:290 msgid "Hidden IPA CA servers" msgstr "" #: ipaserver/plugins/config.py:291 msgid "Hidden IPA servers configured as certificate authority" msgstr "" #: ipaserver/plugins/config.py:296 msgid "IPA CA renewal master" msgstr "" #: ipaserver/plugins/config.py:297 msgid "Renewal master for IPA certificate authority" msgstr "" #: ipaserver/plugins/config.py:303 msgid "IPA servers configured as key recovery agent" msgstr "" #: ipaserver/plugins/config.py:308 msgid "Hidden IPA KRA servers" msgstr "" #: ipaserver/plugins/config.py:309 msgid "Hidden IPA servers configured as key recovery agent" msgstr "" #: ipaserver/plugins/config.py:322 msgid "IPA servers configured as domain name server" msgstr "" #: ipaserver/plugins/config.py:327 msgid "Hidden IPA DNS servers" msgstr "" #: ipaserver/plugins/config.py:328 msgid "Hidden IPA servers configured as domain name server" msgstr "" #: ipaserver/plugins/config.py:334 msgid "DNSec key master" msgstr "" #: ipaserver/plugins/config.py:411 msgid "Empty domain is not allowed" msgstr "" #: ipaserver/plugins/config.py:419 #, python-format msgid "Invalid domain name '%(domain)s': %(e)s" msgstr "" #: ipaserver/plugins/config.py:424 #, python-format msgid "Server has no information about domain '%(domain)s'" msgstr "" #: ipaserver/plugins/config.py:431 #, python-format msgid "Disabled domain '%(domain)s' is not allowed" msgstr "" #: ipaserver/plugins/config.py:474 ipaclient/remote_plugins/2_114/config.py:178 msgid "Modify configuration options." msgstr "" #: ipaserver/plugins/config.py:483 msgid "The group doesn't exist" msgstr "" #: ipaserver/plugins/config.py:501 #, python-format msgid "attribute \"%s\" not allowed" msgstr "" #: ipaserver/plugins/config.py:521 msgid "May not be empty" msgstr "" #: ipaserver/plugins/config.py:540 #, python-format msgid "%(obj)s default attribute %(attr)s would not be allowed!" msgstr "" #: ipaserver/plugins/config.py:572 msgid "A list of SELinux users delimited by $ expected" msgstr "" #: ipaserver/plugins/config.py:576 #, python-format msgid "SELinux user '%(user)s' is not valid: %(error)s" msgstr "" #: ipaserver/plugins/config.py:588 msgid "SELinux user map default user not in order list" msgstr "" #: ipaserver/plugins/config.py:624 ipaclient/remote_plugins/2_114/config.py:370 msgid "Show the current configuration." msgstr "" #: ipaserver/plugins/session.py:12 msgid "" "\n" "Session Support for IPA\n" msgstr "" #: ipaserver/plugins/session.py:23 msgid "RPC command used to log the current user out of their session." msgstr "" #: ipaserver/plugins/otp.py:7 msgid "One time password commands" msgstr "" #: ipaserver/plugins/whoami.py:15 msgid "" "\n" "Return information about currently authenticated identity\n" "\n" "Who am I command returns information on how to get\n" "more details about the identity authenticated for this\n" "request. The information includes:\n" "\n" " * type of object\n" " * command to retrieve details of the object\n" " * arguments and options to pass to the command\n" "\n" "The information is returned as a dictionary. Examples below use\n" "'key: value' output for illustrative purposes.\n" "\n" "EXAMPLES:\n" "\n" " Look up as IPA user:\n" " kinit admin\n" " ipa console\n" " >> api.Command.whoami()\n" " ------------------------------------------\n" " object: user\n" " command: user_show/1\n" " arguments: admin\n" " ------------------------------------------\n" "\n" " Look up as a user from a trusted domain:\n" " kinit user@AD.DOMAIN\n" " ipa console\n" " >> api.Command.whoami()\n" " ------------------------------------------\n" " object: idoverrideuser\n" " command: idoverrideuser_show/1\n" " arguments: ('default trust view', 'user@ad.domain')\n" " ------------------------------------------\n" "\n" " Look up as a host:\n" " kinit -k\n" " ipa console\n" " >> api.Command.whoami()\n" " ------------------------------------------\n" " object: host\n" " command: host_show/1\n" " arguments: ipa.example.com\n" " ------------------------------------------\n" "\n" " Look up as a Kerberos service:\n" " kinit -k -t /path/to/keytab HTTP/ipa.example.com\n" " ipa console\n" " >> api.Command.whoami()\n" " ------------------------------------------\n" " object: service\n" " command: service_show/1\n" " arguments: HTTP/ipa.example.com\n" " ------------------------------------------\n" msgstr "" #: ipaserver/plugins/whoami.py:77 msgid "Describe currently authenticated identity." msgstr "" #: ipaserver/plugins/whoami.py:82 ipaserver/plugins/whoami.py:88 msgid "Object class name" msgstr "" #: ipaserver/plugins/whoami.py:83 ipaserver/plugins/whoami.py:89 msgid "Function to get details" msgstr "" #: ipaserver/plugins/whoami.py:84 ipaserver/plugins/whoami.py:91 msgid "Arguments to details function" msgstr "" #: ipaserver/plugins/whoami.py:111 msgid "Cannot query Directory Manager with API" msgstr "" #: ipaserver/plugins/realmdomains.py:34 msgid "" "\n" "Realm domains\n" "\n" "Manage the list of domains associated with IPA realm.\n" "\n" "This list is useful for Domain Controllers from other realms which have\n" "established trust with this IPA realm. They need the information to know\n" "which request should be forwarded to KDC of this IPA realm.\n" "\n" "Automatic management: a domain is automatically added to the realm domains\n" "list when a new DNS Zone managed by IPA is created. Same applies for " "deletion.\n" "\n" "Externally managed DNS: domains which are not managed in IPA server DNS\n" "need to be manually added to the list using ipa realmdomains-mod command.\n" "\n" "EXAMPLES:\n" "\n" " Display the current list of realm domains:\n" " ipa realmdomains-show\n" "\n" " Replace the list of realm domains:\n" " ipa realmdomains-mod --domain=example.com\n" " ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" "\n" " Add a domain to the list of realm domains:\n" " ipa realmdomains-mod --add-domain=newdomain.com\n" "\n" " Delete a domain from the list of realm domains:\n" " ipa realmdomains-mod --del-domain=olddomain.com\n" msgstr "" #: ipaserver/plugins/realmdomains.py:85 msgid "Realm domains" msgstr "" #: ipaserver/plugins/realmdomains.py:121 msgid "Add domain" msgstr "" #: ipaserver/plugins/realmdomains.py:127 msgid "Delete domain" msgstr "" #: ipaserver/plugins/realmdomains.py:134 msgid "" "\n" " Modify realm domains\n" "\n" " DNS check: When manually adding a domain to the list, a DNS check is\n" " performed by default. It ensures that the domain is associated with\n" " the IPA realm, by checking whether the domain has a _kerberos TXT " "record\n" " containing the IPA realm name. This check can be skipped by specifying\n" " --force option.\n" "\n" " Removal: when a realm domain which has a matching DNS zone managed by\n" " IPA is being removed, a corresponding _kerberos TXT record in the zone " "is\n" " removed automatically as well. Other records in the zone or the zone\n" " itself are not affected.\n" " " msgstr "" #: ipaserver/plugins/realmdomains.py:152 msgid "Force adding domain even if not in DNS" msgstr "" #: ipaserver/plugins/realmdomains.py:177 #, python-format msgid "" "DNS zone for each realmdomain must contain SOA or NS records. No records " "found for: %s" msgstr "" #: ipaserver/plugins/realmdomains.py:203 #, python-format msgid "The following domains do not belong to this realm: %(domains)s" msgstr "" #: ipaserver/plugins/realmdomains.py:218 #, python-format msgid "" "The realm of the following domains could not be detected: %(domains)s. If " "these are domains that belong to the this realm, please create a _kerberos " "TXT record containing \"%(realm)s\" in each of them." msgstr "" #: ipaserver/plugins/realmdomains.py:241 msgid "" "The --domain option cannot be used together with --add-domain or --del-" "domain. Use --domain to specify the whole realm domain list explicitly, to " "add/remove individual domains, use --add-domain/del-domain." msgstr "" #: ipaserver/plugins/realmdomains.py:252 msgid "IPA server domain cannot be omitted" msgstr "" #: ipaserver/plugins/realmdomains.py:274 msgid "IPA server domain cannot be deleted" msgstr "" #: ipaserver/plugins/realmdomains.py:361 msgid "Display the list of realm domains." msgstr "" #: ipaserver/plugins/idrange.py:43 msgid "" "=======\n" "WARNING:\n" "\n" "DNA plugin in 389-ds will allocate IDs based on the ranges configured for " "the\n" "local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" "on the local ranges set via this family of commands.\n" "\n" "Manual configuration change has to be done in the DNA plugin configuration " "for\n" "the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" "IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " "be\n" "modified to match the new range.\n" "=======\n" msgstr "" #: ipaserver/plugins/idrange.py:57 msgid "" "\n" "ID ranges\n" "\n" "Manage ID ranges used to map Posix IDs to SIDs and back.\n" "\n" "There are two type of ID ranges which are both handled by this utility:\n" "\n" " - the ID ranges of the local domain\n" " - the ID ranges of trusted remote domains\n" "\n" "Both types have the following attributes in common:\n" "\n" " - base-id: the first ID of the Posix ID range\n" " - range-size: the size of the range\n" "\n" "With those two attributes a range object can reserve the Posix IDs starting\n" "with base-id up to but not including base-id+range-size exclusively.\n" "\n" "Additionally an ID range of the local domain may set\n" " - rid-base: the first RID(*) of the corresponding RID range\n" " - secondary-rid-base: first RID of the secondary RID range\n" "\n" "and an ID range of a trusted domain must set\n" " - rid-base: the first RID of the corresponding RID range\n" " - sid: domain SID of the trusted domain\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for a trusted domain\n" "\n" "Since there might be more than one trusted domain the domain SID must be " "given\n" "while creating the ID range.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n" " --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" "\n" "This ID range is then used by the IPA server and the SSSD IPA provider to\n" "assign Posix UIDs to users from the trusted domain.\n" "\n" "If e.g. a range for a trusted domain is configured with the following " "values:\n" " base-id = 1200000\n" " range-size = 200000\n" " rid-base = 0\n" "the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " "So\n" "RID 1000 <-> Posix ID 1201000\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for the local domain\n" "\n" "To create an ID range for the local domain it is not necessary to specify a\n" "domain SID. But since it is possible that a user and a group can have the " "same\n" "value as Posix ID a second RID interval is needed to handle conflicts.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n" " --secondary-rid-base=1000000 local_range\n" "\n" "The data from the ID ranges of the local domain are used by the IPA server\n" "internally to assign SIDs to IPA users and groups. The SID will then be " "stored\n" "in the user or group objects.\n" "\n" "If e.g. the ID range for the local domain is configured with the values " "from\n" "the example above then a new user with the UID 1200007 will get the RID " "1007.\n" "If this RID is already used by a group the RID will be 1000007. This can " "only\n" "happen if a user or a group object was created with a fixed ID because the\n" "automatic assignment will not assign the same ID twice. Since there are " "only\n" "users and groups sharing the same ID namespace it is sufficient to have " "only\n" "one fallback range to handle conflicts.\n" "\n" "To find the Posix ID for a given RID from the local domain it has to be\n" "checked first if the RID falls in the primary or secondary RID range and\n" "the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" "and the base-id has to be added to get the Posix ID.\n" "\n" "Typically the creation of ID ranges happens behind the scenes and this CLI\n" "must not be used at all. The ID range for the local domain will be created\n" "during installation or upgrade from an older version. The ID range for a\n" "trusted domain will be created together with the trust by 'ipa trust-" "add ...'.\n" "\n" "USE CASES:\n" "\n" " Add an ID range from a transitively trusted domain\n" "\n" " If the trusted domain (A) trusts another domain (B) as well and this " "trust\n" " is transitive 'ipa trust-add domain-A' will only create a range for\n" " domain A. The ID range for domain B must be added manually.\n" "\n" " Add an additional ID range for the local domain\n" "\n" " If the ID range of the local domain is exhausted, i.e. no new IDs can " "be\n" " assigned to Posix users or groups by the DNA plugin, a new range has to " "be\n" " created to allow new users and groups to be added. (Currently there is " "no\n" " connection between this range CLI and the DNA plugin, but a future " "version\n" " might be able to modify the configuration of the DNS plugin as well)\n" "\n" "In general it is not necessary to modify or delete ID ranges. If there is " "no\n" "other way to achieve a certain configuration than to modify or delete an ID\n" "range it should be done with great care. Because UIDs are stored in the " "file\n" "system and are used for access control it might be possible that users are\n" "allowed to access files of other users if an ID range got deleted and " "reused\n" "for a different domain.\n" "\n" "(*) The RID is typically the last integer of a user or group SID which " "follows\n" "the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " "from\n" "this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " "the\n" "user. RIDs are unique in a domain, 32bit values and are used for users and\n" "groups.\n" "\n" msgstr "" #: ipaserver/plugins/idrange.py:198 msgid "ID Ranges" msgstr "" #: ipaserver/plugins/idrange.py:199 msgid "ID Range" msgstr "" #: ipaserver/plugins/idrange.py:203 msgid "local domain range" msgstr "" #: ipaserver/plugins/idrange.py:205 ipaserver/plugins/trust.py:674 msgid "Active Directory domain range" msgstr "" #: ipaserver/plugins/idrange.py:206 ipaserver/plugins/trust.py:675 msgid "Active Directory trust range with POSIX attributes" msgstr "" #: ipaserver/plugins/idrange.py:214 msgid "Range name" msgstr "" #: ipaserver/plugins/idrange.py:219 msgid "First Posix ID of the range" msgstr "" #: ipaserver/plugins/idrange.py:223 msgid "Number of IDs in the range" msgstr "" #: ipaserver/plugins/idrange.py:227 msgid "First RID of the corresponding RID range" msgstr "" #: ipaserver/plugins/idrange.py:231 msgid "First RID of the secondary RID range" msgstr "" #: ipaserver/plugins/idrange.py:236 ipaserver/plugins/idrange.py:626 msgid "Domain SID of the trusted domain" msgstr "" #: ipaserver/plugins/idrange.py:241 ipaserver/plugins/idrange.py:634 msgid "Name of the trusted domain" msgstr "" #: ipaserver/plugins/idrange.py:246 msgid "ID range type, one of allowed values" msgstr "" #: ipaserver/plugins/idrange.py:321 msgid "" "range modification leaving objects with ID out of the defined range is not " "allowed" msgstr "" #: ipaserver/plugins/idrange.py:326 msgid "" "Cannot perform SID validation without Samba 4 support installed. Make sure " "you have installed server-trust-ad sub-package of IPA on the server" msgstr "" #: ipaserver/plugins/idrange.py:333 msgid "" "Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-" "install on the IPA server first" msgstr "" #: ipaserver/plugins/idrange.py:345 msgid "SID is not recognized as a valid SID for a trusted domain" msgstr "" #: ipaserver/plugins/idrange.py:382 msgid "" "\n" " Add new ID range.\n" "\n" " To add a new ID range you always have to specify\n" "\n" " --base-id\n" " --range-size\n" "\n" " Additionally\n" "\n" " --rid-base\n" " --secondary-rid-base\n" "\n" " may be given for a new ID range for the local domain while\n" "\n" " --rid-base\n" " --dom-sid\n" "\n" " must be given to add a new range for a trusted AD domain.\n" "\n" msgstr "" #: ipaserver/plugins/idrange.py:404 #, python-format msgid "Added ID range \"%(value)s\"" msgstr "" #: ipaserver/plugins/idrange.py:416 ipaserver/plugins/idrange.py:666 msgid "Options dom-sid and dom-name cannot be used together" msgstr "" #: ipaserver/plugins/idrange.py:427 msgid "Specified trusted domain name could not be found." msgstr "" #: ipaserver/plugins/idrange.py:442 msgid "Options dom-sid/dom-name and rid-base must be used together" msgstr "" #: ipaserver/plugins/idrange.py:449 ipaserver/plugins/idrange.py:701 msgid "" "Option rid-base must not be used when IPA range type is ipa-ad-trust-posix" msgstr "" #: ipaserver/plugins/idrange.py:456 msgid "" "IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of " "the trusted domain is specified" msgstr "" #: ipaserver/plugins/idrange.py:462 msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together" msgstr "" #: ipaserver/plugins/idrange.py:481 msgid "" "IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when " "SID of the trusted domain is not specified." msgstr "" #: ipaserver/plugins/idrange.py:488 ipaserver/plugins/idrange.py:720 msgid "Options secondary-rid-base and rid-base must be used together" msgstr "" #: ipaserver/plugins/idrange.py:498 ipaserver/plugins/idrange.py:743 msgid "Primary RID range and secondary RID range cannot overlap" msgstr "" #: ipaserver/plugins/idrange.py:510 msgid "" "You must specify both rid-base and secondary-rid-base options, because ipa-" "adtrust-install has already been run." msgstr "" #: ipaserver/plugins/idrange.py:527 msgid "Delete an ID range." msgstr "" #: ipaserver/plugins/idrange.py:529 #, python-format msgid "Deleted ID range \"%(value)s\"" msgstr "" #: ipaserver/plugins/idrange.py:575 msgid "Search for ranges." msgstr "" #: ipaserver/plugins/idrange.py:578 #, python-format msgid "%(count)d range matched" msgid_plural "%(count)d ranges matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/idrange.py:598 msgid "Display information about a range." msgstr "" #: ipaserver/plugins/idrange.py:614 msgid "" "Modify ID range.\n" "\n" msgstr "" #: ipaserver/plugins/idrange.py:618 #, python-format msgid "Modified ID range \"%(value)s\"" msgstr "" #: ipaserver/plugins/idrange.py:650 msgid "" "This command can not be used to change ID allocation for local IPA domain. " "Run `ipa help idrange` for more information" msgstr "" #: ipaserver/plugins/idrange.py:678 msgid "" "SID for the specified trusted domain name could not be found. Please specify " "the SID directly using dom-sid option." msgstr "" #: ipaserver/plugins/idrange.py:685 msgid "Options dom-sid and secondary-rid-base cannot be used together" msgstr "" #: ipaserver/plugins/idrange.py:692 msgid "Options dom-sid and rid-base must be used together" msgstr "" #: ipaserver/plugins/hbac.py:7 msgid "Host-based access control commands" msgstr "" #: ipaserver/plugins/otpconfig.py:24 msgid "" "\n" "OTP configuration\n" "\n" "Manage the default values that IPA uses for OTP tokens.\n" "\n" "EXAMPLES:\n" "\n" " Show basic OTP configuration:\n" " ipa otpconfig-show\n" "\n" " Show all OTP configuration options:\n" " ipa otpconfig-show --all\n" "\n" " Change maximum TOTP authentication window to 10 minutes:\n" " ipa otpconfig-mod --totp-auth-window=600\n" "\n" " Change maximum TOTP synchronization window to 12 hours:\n" " ipa otpconfig-mod --totp-sync-window=43200\n" "\n" " Change maximum HOTP authentication window to 5:\n" " ipa hotpconfig-mod --hotp-auth-window=5\n" "\n" " Change maximum HOTP synchronization window to 50:\n" " ipa hotpconfig-mod --hotp-sync-window=50\n" msgstr "" #: ipaserver/plugins/otpconfig.py:57 msgid "OTP configuration options" msgstr "" #: ipaserver/plugins/otpconfig.py:80 ipaserver/plugins/otpconfig.py:81 msgid "OTP Configuration" msgstr "" #: ipaserver/plugins/otpconfig.py:86 msgid "TOTP authentication Window" msgstr "" #: ipaserver/plugins/otpconfig.py:87 msgid "TOTP authentication time variance (seconds)" msgstr "" #: ipaserver/plugins/otpconfig.py:92 msgid "TOTP Synchronization Window" msgstr "" #: ipaserver/plugins/otpconfig.py:93 msgid "TOTP synchronization time variance (seconds)" msgstr "" #: ipaserver/plugins/otpconfig.py:98 msgid "HOTP Authentication Window" msgstr "" #: ipaserver/plugins/otpconfig.py:99 msgid "HOTP authentication skip-ahead" msgstr "" #: ipaserver/plugins/otpconfig.py:104 msgid "HOTP Synchronization Window" msgstr "" #: ipaserver/plugins/otpconfig.py:105 msgid "HOTP synchronization skip-ahead" msgstr "" #: ipaserver/plugins/otpconfig.py:116 msgid "Modify OTP configuration options." msgstr "" #: ipaserver/plugins/otpconfig.py:121 msgid "Show the current OTP configuration." msgstr "" #: ipaserver/plugins/trust.py:83 msgid "" "\n" "Cross-realm trusts\n" "\n" "Manage trust relationship between IPA and Active Directory domains.\n" "\n" "In order to allow users from a remote domain to access resources in IPA " "domain,\n" "trust relationship needs to be established. Currently IPA supports only " "trusts\n" "between IPA and Active Directory domains under control of Windows Server " "2008\n" "or later, with functional level 2008 or later.\n" "\n" "Please note that DNS on both IPA and Active Directory domain sides should " "be\n" "configured properly to discover each other. Trust relationship relies on\n" "ability to discover special resources in the other domain via DNS records.\n" "\n" "Examples:\n" "\n" "1. Establish cross-realm trust with Active Directory using AD administrator\n" " credentials:\n" "\n" " ipa trust-add --type=ad --admin --password\n" "\n" "2. List all existing trust relationships:\n" "\n" " ipa trust-find\n" "\n" "3. Show details of the specific trust relationship:\n" "\n" " ipa trust-show \n" "\n" "4. Delete existing trust relationship:\n" "\n" " ipa trust-del \n" "\n" "Once trust relationship is established, remote users will need to be mapped\n" "to local POSIX groups in order to actually use IPA resources. The mapping\n" "should be done via use of external membership of non-POSIX group and then\n" "this group should be included into one of local POSIX groups.\n" "\n" "Example:\n" "\n" "1. Create group for the trusted domain admins' mapping and their local " "POSIX\n" "group:\n" "\n" " ipa group-add --desc=' admins external map' " "ad_admins_external --external\n" " ipa group-add --desc=' admins' ad_admins\n" "\n" "2. Add security identifier of Domain Admins of the to the\n" " ad_admins_external group:\n" "\n" " ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" "3. Allow members of ad_admins_external group to be associated with\n" " ad_admins POSIX group:\n" "\n" " ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" "4. List members of external members of ad_admins_external group to see\n" " their SIDs:\n" "\n" " ipa group-show ad_admins_external\n" "\n" "\n" "GLOBAL TRUST CONFIGURATION\n" "\n" "When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n" "local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" "identifiers are then used when communicating with a trusted domain of the\n" "particular type.\n" "\n" "1. Show global trust configuration for Active Directory type of trusts:\n" "\n" " ipa trustconfig-show --type ad\n" "\n" "2. Modify global configuration for all trusts of Active Directory type and " "set\n" " a different fallback primary group (fallback primary group GID is used as " "a\n" " primary user GID if user authenticating to IPA domain does not have any\n" " other primary GID already set):\n" "\n" " ipa trustconfig-mod --type ad --fallback-primary-group \"another AD group" "\"\n" "\n" "3. Change primary fallback group back to default hidden group (any group " "with\n" " posixGroup object class is allowed):\n" "\n" " ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group" "\"\n" msgstr "" #: ipaserver/plugins/trust.py:178 ipaclient/remote_plugins/2_114/trust.py:275 msgid "Trust type (ad for Active Directory, default)" msgstr "" #: ipaserver/plugins/trust.py:226 #, python-format msgid "" " Alternatively, following servers are capable of running this command: " "%(masters)s" msgstr "" #: ipaserver/plugins/trust.py:239 ipaserver/plugins/trust.py:871 #: ipaserver/plugins/trust.py:887 ipaserver/plugins/trust.py:908 #: ipaserver/plugins/trust.py:918 ipaserver/plugins/trust.py:1071 #: ipaserver/plugins/trust.py:1106 msgid "AD Trust setup" msgstr "" #: ipaserver/plugins/trust.py:250 msgid "" "Cannot perform the selected command without Samba 4 support installed. Make " "sure you have installed server-trust-ad sub-package of IPA." msgstr "" #: ipaserver/plugins/trust.py:260 msgid "" "Cannot perform the selected command without Samba 4 instance configured on " "this machine. Make sure you have run ipa-adtrust-install on this server." msgstr "" #: ipaserver/plugins/trust.py:474 msgid "" "Fetching domains from trusted forest failed. See details in the error_log" msgstr "" #: ipaserver/plugins/trust.py:487 msgid "trust" msgstr "" #: ipaserver/plugins/trust.py:488 msgid "trusts" msgstr "" #: ipaserver/plugins/trust.py:531 msgid "Trust" msgstr "" #: ipaserver/plugins/trust.py:536 client/ipa-rmkeytab.c:176 msgid "Realm name" msgstr "" #: ipaserver/plugins/trust.py:549 ipaclient/remote_plugins/2_114/trust.py:125 msgid "SID blacklist incoming" msgstr "" #: ipaserver/plugins/trust.py:553 ipaclient/remote_plugins/2_114/trust.py:131 msgid "SID blacklist outgoing" msgstr "" #: ipaserver/plugins/trust.py:569 msgid "UPN suffixes" msgstr "" #: ipaserver/plugins/trust.py:586 #, python-brace-format msgid "invalid SID: {SID}" msgstr "" #: ipaserver/plugins/trust.py:654 msgid "" "\n" "Add new trust to use.\n" "\n" "This command establishes trust relationship to another domain\n" "which becomes 'trusted'. As result, users of the trusted domain\n" "may access resources of this domain.\n" "\n" "Only trusts to Active Directory domains are supported right now.\n" "\n" "The command can be safely run multiple times against the same domain,\n" "this will cause change to trust relationship credentials on both\n" "sides.\n" "\n" "Note that if the command was previously run with a specific range type,\n" "or with automatic detection of the range type, and you want to configure a\n" "different range type, you may need to delete first the ID range using\n" "ipa idrange-del before retrying the command with the desired range type.\n" " " msgstr "" #: ipaserver/plugins/trust.py:683 ipaserver/plugins/trust.py:1795 msgid "Active Directory domain administrator" msgstr "" #: ipaserver/plugins/trust.py:687 ipaserver/plugins/trust.py:1799 msgid "Active Directory domain administrator's password" msgstr "" #: ipaserver/plugins/trust.py:692 ipaserver/plugins/trust.py:1804 msgid "Domain controller for the Active Directory domain (optional)" msgstr "" #: ipaserver/plugins/trust.py:697 ipaclient/remote_plugins/2_114/trust.py:300 msgid "Shared secret for the trust" msgstr "" #: ipaserver/plugins/trust.py:702 ipaclient/remote_plugins/2_114/trust.py:305 msgid "First Posix ID of the range reserved for the trusted domain" msgstr "" #: ipaserver/plugins/trust.py:707 ipaclient/remote_plugins/2_114/trust.py:310 msgid "Size of the ID range reserved for the trusted domain" msgstr "" #: ipaserver/plugins/trust.py:712 msgid "Type of trusted domain ID range, one of allowed values" msgstr "" #: ipaserver/plugins/trust.py:717 ipaserver/dcerpc_common.py:22 msgid "Two-way trust" msgstr "" #: ipaserver/plugins/trust.py:719 ipaclient/remote_plugins/2_156/trust.py:324 msgid "" "Establish bi-directional trust. By default trust is inbound one-way only." msgstr "" #: ipaserver/plugins/trust.py:724 msgid "External trust" msgstr "" #: ipaserver/plugins/trust.py:726 msgid "" "Establish external trust to a domain in another forest. The trust is not " "transitive beyond the domain." msgstr "" #: ipaserver/plugins/trust.py:732 #, python-format msgid "Added Active Directory trust for realm \"%(value)s\"" msgstr "" #: ipaserver/plugins/trust.py:733 #, python-format msgid "Re-established trust to domain \"%(value)s\"" msgstr "" #: ipaserver/plugins/trust.py:829 msgid "missing base_id" msgstr "" #: ipaserver/plugins/trust.py:831 msgid "pysss_murmur is not available on the server and no base-id is given." msgstr "" #: ipaserver/plugins/trust.py:841 msgid "trust type" msgstr "" #: ipaserver/plugins/trust.py:842 msgid "only \"ad\" is supported" msgstr "" #: ipaserver/plugins/trust.py:849 msgid "" "Cannot establish a trust to AD deployed in the same domain as IPA. Such " "setup is not supported." msgstr "" #: ipaserver/plugins/trust.py:862 msgid "Realm-domain mismatch" msgstr "" #: ipaserver/plugins/trust.py:863 msgid "" "To establish trust with Active Directory, the domain name and the realm name " "of the IPA server must match" msgstr "" #: ipaserver/plugins/trust.py:873 ipaserver/plugins/group.py:612 #: ipaserver/plugins/group.py:669 msgid "" "Cannot perform join operation without own domain configured. Make sure you " "have run ipa-adtrust-install on the IPA server first" msgstr "" #: ipaserver/plugins/trust.py:889 #, python-format msgid "" "Trusted domain %(domain)s is included among IPA realm domains. It needs to " "be removed prior to establishing the trust. See the \"ipa realmdomains-mod --" "del-domain\" command." msgstr "" #: ipaserver/plugins/trust.py:910 msgid "Trusted domain and administrator account use different realms" msgstr "" #: ipaserver/plugins/trust.py:919 msgid "Realm administrator password should be specified" msgstr "" #: ipaserver/plugins/trust.py:940 msgid "id range type" msgstr "" #: ipaserver/plugins/trust.py:942 msgid "" "Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-" "type when adding an AD trust." msgstr "" #: ipaserver/plugins/trust.py:952 msgid "id range" msgstr "" #: ipaserver/plugins/trust.py:954 msgid "" "An id range already exists for this trust. You should either delete the old " "range, or exclude --base-id/--range-size options from the command." msgstr "" #: ipaserver/plugins/trust.py:976 msgid "range exists" msgstr "" #: ipaserver/plugins/trust.py:978 msgid "" "ID range with the same name but different domain SID already exists. The ID " "range for the new trusted domain must be created manually." msgstr "" #: ipaserver/plugins/trust.py:986 msgid "range type change" msgstr "" #: ipaserver/plugins/trust.py:987 msgid "" "ID range for the trusted domain already exists, but it has a different type. " "Please remove the old range manually, or do not enforce type via --range-" "type option." msgstr "" #: ipaserver/plugins/trust.py:1025 #, python-brace-format msgid "Unable to resolve domain controller for {domain} domain. " msgstr "" #: ipaserver/plugins/trust.py:1039 msgid "" "Forward policy is defined for it in IPA DNS, perhaps forwarder points to " "incorrect host?" msgstr "" #: ipaserver/plugins/trust.py:1045 #, python-brace-format msgid "" "IPA manages DNS, please verify your DNS configuration and make sure that " "service records of the '{domain}' domain can be resolved. Examples how to " "configure DNS with CLI commands or the Web UI can be found in the " "documentation. " msgstr "" #: ipaserver/plugins/trust.py:1057 #, python-brace-format msgid "" "Since IPA does not manage DNS records, ensure DNS is configured to resolve " "'{domain}' domain from IPA hosts and back." msgstr "" #: ipaserver/plugins/trust.py:1072 msgid "Unable to verify write permissions to the AD" msgstr "" #: ipaserver/plugins/trust.py:1107 msgid "Not enough arguments specified to perform trust setup" msgstr "" #: ipaserver/plugins/trust.py:1113 ipaclient/remote_plugins/2_114/trust.py:352 msgid "Delete a trust." msgstr "" #: ipaserver/plugins/trust.py:1115 #, python-format msgid "Deleted trust \"%(value)s\"" msgstr "" #: ipaserver/plugins/trust.py:1120 msgid "" "\n" " Modify a trust (for future use).\n" "\n" " Currently only the default option to modify the LDAP attributes is\n" " available. More specific options will be added in coming releases.\n" " " msgstr "" #: ipaserver/plugins/trust.py:1127 #, python-format msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)" msgstr "" #: ipaserver/plugins/trust.py:1140 ipaclient/remote_plugins/2_114/trust.py:445 msgid "Search for trusts." msgstr "" #: ipaserver/plugins/trust.py:1145 #, python-format msgid "%(count)d trust matched" msgid_plural "%(count)d trusts matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/trust.py:1183 ipaclient/remote_plugins/2_114/trust.py:670 msgid "Display information about a trust." msgstr "" #: ipaserver/plugins/trust.py:1234 msgid "trust configuration" msgstr "" #: ipaserver/plugins/trust.py:1240 ipaserver/plugins/trust.py:1241 msgid "Global Trust Configuration" msgstr "" #: ipaserver/plugins/trust.py:1249 ipaclient/remote_plugins/2_114/trust.py:145 msgid "Security Identifier" msgstr "" #: ipaserver/plugins/trust.py:1253 ipaclient/remote_plugins/2_114/trust.py:149 msgid "NetBIOS name" msgstr "" #: ipaserver/plugins/trust.py:1257 ipaclient/remote_plugins/2_114/trust.py:153 msgid "Domain GUID" msgstr "" #: ipaserver/plugins/trust.py:1262 ipaclient/remote_plugins/2_114/trust.py:157 msgid "Fallback primary group" msgstr "" #: ipaserver/plugins/trust.py:1266 msgid "IPA AD trust agents" msgstr "" #: ipaserver/plugins/trust.py:1267 msgid "IPA servers configured as AD trust agents" msgstr "" #: ipaserver/plugins/trust.py:1272 msgid "IPA AD trust controllers" msgstr "" #: ipaserver/plugins/trust.py:1273 msgid "IPA servers configured as AD trust controllers" msgstr "" #: ipaserver/plugins/trust.py:1287 msgid "unsupported trust type" msgstr "" #: ipaserver/plugins/trust.py:1351 ipaclient/remote_plugins/2_114/trust.py:720 msgid "Modify global trust configuration." msgstr "" #: ipaserver/plugins/trust.py:1354 #, python-format msgid "Modified \"%(value)s\" trust configuration" msgstr "" #: ipaserver/plugins/trust.py:1375 ipaclient/remote_plugins/2_114/trust.py:798 msgid "Show global trust configuration." msgstr "" #: ipaserver/plugins/trust.py:1408 ipaclient/remote_plugins/2_114/trust.py:636 msgid "Resolve security identifiers of users and groups in trusted domains" msgstr "" #: ipaserver/plugins/trust.py:1413 ipaclient/remote_plugins/2_114/trust.py:644 msgid "Security Identifiers (SIDs)" msgstr "" #: ipaserver/plugins/trust.py:1419 msgid "SID" msgstr "" #: ipaserver/plugins/trust.py:1451 ipaclient/remote_plugins/2_114/trust.py:190 msgid "Determine whether ipa-adtrust-install has been run on this system" msgstr "" #: ipaserver/plugins/trust.py:1477 ipaclient/remote_plugins/2_114/trust.py:205 msgid "" "Determine whether Schema Compatibility plugin is configured to serve trusted " "domain users and groups" msgstr "" #: ipaserver/plugins/trust.py:1529 ipaclient/remote_plugins/2_114/trust.py:220 msgid "Determine whether ipa-adtrust-install has been run with sidgen task" msgstr "" #: ipaserver/plugins/trust.py:1545 msgid "sidgen_was_run" msgstr "" #: ipaserver/plugins/trust.py:1547 msgid "" "This command relies on the existence of the \"editors\" group, but this " "group was not found." msgstr "" #: ipaserver/plugins/trust.py:1566 msgid "trust domain" msgstr "" #: ipaserver/plugins/trust.py:1567 msgid "trust domains" msgstr "" #: ipaserver/plugins/trust.py:1575 msgid "Trusted domains" msgstr "" #: ipaserver/plugins/trust.py:1576 msgid "Trusted domain" msgstr "" #: ipaserver/plugins/trust.py:1590 msgid "Domain enabled" msgstr "" #: ipaserver/plugins/trust.py:1611 ipaclient/remote_plugins/2_114/trust.py:1053 msgid "Search domains of the trust" msgstr "" #: ipaserver/plugins/trust.py:1637 ipaclient/remote_plugins/2_114/trust.py:1151 msgid "Modify trustdomain of the trust" msgstr "" #: ipaserver/plugins/trust.py:1645 ipaclient/remote_plugins/2_114/trust.py:849 msgid "Allow access from the trusted domain" msgstr "" #: ipaserver/plugins/trust.py:1659 ipaclient/remote_plugins/2_114/trust.py:939 msgid "Remove information about the domain associated with the trust." msgstr "" #: ipaserver/plugins/trust.py:1662 #, python-format msgid "Removed information about the trusted domain \"%(value)s\"" msgstr "" #: ipaserver/plugins/trust.py:1680 msgid "" "cannot delete root domain of the trust, use trust-del to delete the trust " "itself" msgstr "" #: ipaserver/plugins/trust.py:1789 ipaclient/remote_plugins/2_114/trust.py:389 msgid "Refresh list of the domains associated with the trust" msgstr "" #: ipaserver/plugins/trust.py:1828 msgid "" "List of trust domains successfully refreshed. Use trustdomain-find command " "to list them." msgstr "" #: ipaserver/plugins/trust.py:1836 msgid "Configure this server as a trust agent." msgstr "" #: ipaserver/plugins/trust.py:1845 ipaserver/plugins/server.py:903 msgid "Remote server name" msgstr "" #: ipaserver/plugins/trust.py:1846 ipaserver/plugins/server.py:904 msgid "Remote IPA server hostname" msgstr "" #: ipaserver/plugins/trust.py:1852 msgid "Enable support for trusted domains for old clients" msgstr "" #: ipaserver/plugins/trust.py:1862 ipaserver/plugins/server.py:914 #, python-format msgid "must be \"%s\"" msgstr "" #: ipaserver/plugins/trust.py:1868 msgid "not allowed to remotely add agent" msgstr "" #: ipaserver/plugins/trust.py:1901 ipaclient/remote_plugins/2_114/trust.py:1017 msgid "Allow use of IPA resources by the domain of the trust" msgstr "" #: ipaserver/plugins/trust.py:1904 #, python-format msgid "Enabled trust domain \"%(value)s\"" msgstr "" #: ipaserver/plugins/trust.py:1913 msgid "Root domain of the trust is always enabled for the existing trust" msgstr "" #: ipaserver/plugins/trust.py:1943 ipaclient/remote_plugins/2_114/trust.py:981 msgid "Disable use of IPA resources by the domain of the trust" msgstr "" #: ipaserver/plugins/trust.py:1946 #, python-format msgid "Disabled trust domain \"%(value)s\"" msgstr "" #: ipaserver/plugins/trust.py:1955 msgid "" "cannot disable root domain of the trust, use trust-del to delete the trust " "itself" msgstr "" #: ipaserver/plugins/dnsserver.py:35 msgid "" "\n" "DNS server configuration\n" msgstr "" #: ipaserver/plugins/dnsserver.py:37 msgid "" "\n" "Manipulate DNS server configuration\n" msgstr "" #: ipaserver/plugins/dnsserver.py:41 msgid "" "\n" " Show configuration of a specific DNS server:\n" " ipa dnsserver-show\n" msgstr "" #: ipaserver/plugins/dnsserver.py:44 msgid "" "\n" " Update configuration of a specific DNS server:\n" " ipa dnsserver-mod\n" msgstr "" #: ipaserver/plugins/dnsserver.py:62 msgid "DNS server" msgstr "" #: ipaserver/plugins/dnsserver.py:63 msgid "DNS servers" msgstr "" #: ipaserver/plugins/dnsserver.py:71 msgid "DNS Servers" msgstr "" #: ipaserver/plugins/dnsserver.py:72 msgid "DNS Server" msgstr "" #: ipaserver/plugins/dnsserver.py:113 msgid "DNS Server name" msgstr "" #: ipaserver/plugins/dnsserver.py:119 msgid "SOA mname override" msgstr "" #: ipaserver/plugins/dnsserver.py:120 msgid "SOA mname (authoritative server) override" msgstr "" #: ipaserver/plugins/dnsserver.py:126 msgid "Forwarders" msgstr "" #: ipaserver/plugins/dnsserver.py:128 msgid "" "Per-server forwarders. A custom port can be specified for each forwarder " "using a standard format \"IP_ADDRESS port PORT\"" msgstr "" #: ipaserver/plugins/dnsserver.py:138 msgid "" "Per-server conditional forwarding policy. Set to \"none\" to disable " "forwarding to global forwarder for this zone. In that case, conditional zone " "forwarders are disregarded." msgstr "" #: ipaserver/plugins/dnsserver.py:154 msgid "Modify DNS server configuration" msgstr "" #: ipaserver/plugins/dnsserver.py:157 #, python-format msgid "Modified DNS server \"%(value)s\"" msgstr "" #: ipaserver/plugins/dnsserver.py:162 msgid "Search for DNS servers." msgstr "" #: ipaserver/plugins/dnsserver.py:166 #, python-format msgid "%(count)d DNS server matched" msgid_plural "%(count)d DNS servers matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/dnsserver.py:176 msgid "IPA DNS Server is not installed" msgstr "" #: ipaserver/plugins/dnsserver.py:183 msgid "Display configuration of a DNS server." msgstr "" #: ipaserver/plugins/dnsserver.py:193 msgid "Add a new DNS server." msgstr "" #: ipaserver/plugins/dnsserver.py:196 #, python-format msgid "Added new DNS server \"%(value)s\"" msgstr "" #: ipaserver/plugins/dnsserver.py:205 msgid "Delete a DNS server" msgstr "" #: ipaserver/plugins/dnsserver.py:208 #, python-format msgid "Deleted DNS server \"%(value)s\"" msgstr "" #: ipaserver/plugins/server.py:36 msgid "" "\n" "IPA servers\n" msgstr "" #: ipaserver/plugins/server.py:38 msgid "" "\n" "Get information about installed IPA servers.\n" msgstr "" #: ipaserver/plugins/server.py:42 msgid "" "\n" " Find all servers:\n" " ipa server-find\n" msgstr "" #: ipaserver/plugins/server.py:45 msgid "" "\n" " Show specific server:\n" " ipa server-show ipa.example.com\n" msgstr "" #: ipaserver/plugins/server.py:61 msgid "server" msgstr "" #: ipaserver/plugins/server.py:62 msgid "servers" msgstr "" #: ipaserver/plugins/server.py:70 msgid "IPA Servers" msgstr "" #: ipaserver/plugins/server.py:112 ipaclient/remote_plugins/2_164/server.py:54 msgid "Managed suffixes" msgstr "" #: ipaserver/plugins/server.py:118 ipaclient/remote_plugins/2_156/server.py:51 msgid "Min domain level" msgstr "" #: ipaserver/plugins/server.py:119 ipaclient/remote_plugins/2_156/server.py:52 msgid "Minimum domain level" msgstr "" #: ipaserver/plugins/server.py:125 ipaclient/remote_plugins/2_156/server.py:56 msgid "Max domain level" msgstr "" #: ipaserver/plugins/server.py:126 ipaclient/remote_plugins/2_156/server.py:57 msgid "Maximum domain level" msgstr "" #: ipaserver/plugins/server.py:133 msgid "Server location" msgstr "" #: ipaserver/plugins/server.py:140 msgid "Service weight" msgstr "" #: ipaserver/plugins/server.py:141 msgid "Weight for server services" msgstr "" #: ipaserver/plugins/server.py:148 msgid "Service relative weight" msgstr "" #: ipaserver/plugins/server.py:149 msgid "Relative weight for server services (counts per location)" msgstr "" #: ipaserver/plugins/server.py:154 msgid "Enabled server roles" msgstr "" #: ipaserver/plugins/server.py:155 msgid "List of enabled roles" msgstr "" #: ipaserver/plugins/server.py:222 msgid "Modify information about an IPA server." msgstr "" #: ipaserver/plugins/server.py:224 #, python-format msgid "Modified IPA server \"%(value)s\"" msgstr "" #: ipaserver/plugins/server.py:303 ipaclient/remote_plugins/2_156/server.py:104 msgid "Search for IPA servers." msgstr "" #: ipaserver/plugins/server.py:306 #, python-format msgid "%(count)d IPA server matched" msgid_plural "%(count)d IPA servers matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/server.py:428 ipaclient/remote_plugins/2_156/server.py:200 msgid "Show IPA server." msgstr "" #: ipaserver/plugins/server.py:443 ipaclient/remote_plugins/2_156/server.py:64 msgid "Delete IPA server." msgstr "" #: ipaserver/plugins/server.py:444 #, python-format msgid "Deleted IPA server \"%(value)s\"" msgstr "" #: ipaserver/plugins/server.py:449 msgid "Ignore topology errors" msgstr "" #: ipaserver/plugins/server.py:450 msgid "Ignore topology connectivity problems after removal" msgstr "" #: ipaserver/plugins/server.py:455 msgid "Ignore check for last remaining CA or DNS server" msgstr "" #: ipaserver/plugins/server.py:456 msgid "Skip a check whether the last CA master or DNS server is removed" msgstr "" #: ipaserver/plugins/server.py:462 msgid "Force server removal" msgstr "" #: ipaserver/plugins/server.py:463 msgid "Force server removal even if it does not exist" msgstr "" #: ipaserver/plugins/server.py:500 msgid "" "Replica is active DNSSEC key master. Uninstall could break your DNS system. " "Please disable or replace DNSSEC key master first." msgstr "" #: ipaserver/plugins/server.py:506 msgid "Deleting this server will leave your installation without a DNS." msgstr "" #: ipaserver/plugins/server.py:519 msgid "" "Deleting this server is not allowed as it would leave your installation " "without a KRA." msgstr "" #: ipaserver/plugins/server.py:529 msgid "" "Deleting this server is not allowed as it would leave your installation " "without a CA." msgstr "" #: ipaserver/plugins/server.py:544 msgid "Ignoring these warnings and proceeding with removal" msgstr "" #: ipaserver/plugins/server.py:594 #, python-format msgid "" "Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: " "%(err)s" msgstr "" #: ipaserver/plugins/server.py:615 #, python-format msgid "Failed to clean up DNA hostname entries for %(master)s: %(err)s" msgstr "" #: ipaserver/plugins/server.py:636 #, python-format msgid "Failed to remove server %(master)s from server list: %(err)s" msgstr "" #: ipaserver/plugins/server.py:662 #, python-format msgid "Failed to clean up Custodia keys for %(master)s: %(err)s" msgstr "" #: ipaserver/plugins/server.py:700 #, python-format msgid "Failed to cleanup server principals/keys: %(err)s" msgstr "" #: ipaserver/plugins/server.py:716 #, python-format msgid "Failed to cleanup %(hostname)s DNS entries: %(err)s" msgstr "" #: ipaserver/plugins/server.py:721 msgid "You may need to manually remove them from the tree" msgstr "" #: ipaserver/plugins/server.py:736 #, python-format msgid "Forcing removal of %(hostname)s" msgstr "" #: ipaserver/plugins/server.py:746 msgid "Ignoring topology connectivity errors." msgstr "" #: ipaserver/plugins/server.py:780 msgid "Server has already been deleted" msgstr "" #: ipaserver/plugins/server.py:830 msgid "Agreements deleted" msgstr "" #: ipaserver/plugins/server.py:841 msgid "Following segments were not deleted:" msgstr "" #: ipaserver/plugins/server.py:895 ipaclient/remote_plugins/2_164/server.py:71 msgid "Check connection to remote IPA server." msgstr "" #: ipaserver/plugins/server.py:926 msgid "not allowed to perform server connection check" msgstr "" #: ipaserver/plugins/server.py:952 msgid "Set enabled/hidden state of a server." msgstr "" #: ipaserver/plugins/server.py:958 msgid "State" msgstr "" #: ipaserver/plugins/server.py:959 msgid "Server state" msgstr "" #: ipaserver/plugins/server.py:964 #, python-format msgid "Changed server state of \"%(value)s\"." msgstr "" #: ipaserver/plugins/server.py:973 msgid "Cannot hide CA renewal master." msgstr "" #: ipaserver/plugins/server.py:975 msgid "Cannot hide DNSSec key master." msgstr "" #: ipaserver/plugins/server.py:987 #, python-format msgid "Cannot hide last enabled %(name)s server." msgstr "" #: ipaserver/plugins/baseldap.py:52 ipaclient/frontend.py:28 #: ipaclient/frontend.py:90 msgid "Failed members" msgstr "" #: ipaserver/plugins/baseldap.py:55 ipaclient/remote_plugins/2_114/role.py:74 msgid "Member users" msgstr "" #: ipaserver/plugins/baseldap.py:58 ipaclient/remote_plugins/2_114/role.py:79 msgid "Member groups" msgstr "" #: ipaserver/plugins/baseldap.py:61 ipaclient/remote_plugins/2_114/user.py:283 msgid "Member of groups" msgstr "" #: ipaserver/plugins/baseldap.py:64 msgid "Member hosts" msgstr "" #: ipaserver/plugins/baseldap.py:67 msgid "Member host-groups" msgstr "" #: ipaserver/plugins/baseldap.py:70 ipaclient/remote_plugins/2_114/host.py:192 msgid "Member of host-groups" msgstr "" #: ipaserver/plugins/baseldap.py:82 ipaserver/plugins/sudocmdgroup.py:118 #: ipaserver/plugins/sudocmdgroup.py:138 msgid "Sudo Command Groups" msgstr "" #: ipaserver/plugins/baseldap.py:88 msgid "Granting privilege to roles" msgstr "" #: ipaserver/plugins/baseldap.py:91 msgid "Member netgroups" msgstr "" #: ipaserver/plugins/baseldap.py:94 ipaclient/remote_plugins/2_114/host.py:202 msgid "Member of netgroups" msgstr "" #: ipaserver/plugins/baseldap.py:97 ipaclient/remote_plugins/2_114/role.py:99 msgid "Member services" msgstr "" #: ipaserver/plugins/baseldap.py:100 msgid "Member service groups" msgstr "" #: ipaserver/plugins/baseldap.py:106 msgid "Member HBAC service" msgstr "" #: ipaserver/plugins/baseldap.py:109 msgid "Member HBAC service groups" msgstr "" #: ipaserver/plugins/baseldap.py:124 msgid "Member ID user overrides" msgstr "" #: ipaserver/plugins/baseldap.py:126 msgid "Indirect Member ID user overrides" msgstr "" #: ipaserver/plugins/baseldap.py:128 msgid "Indirect Member users" msgstr "" #: ipaserver/plugins/baseldap.py:131 msgid "Indirect Member groups" msgstr "" #: ipaserver/plugins/baseldap.py:134 msgid "Indirect Member hosts" msgstr "" #: ipaserver/plugins/baseldap.py:137 msgid "Indirect Member host-groups" msgstr "" #: ipaserver/plugins/baseldap.py:140 msgid "Indirect Member of roles" msgstr "" #: ipaserver/plugins/baseldap.py:143 msgid "Indirect Member permissions" msgstr "" #: ipaserver/plugins/baseldap.py:146 msgid "Indirect Member HBAC service" msgstr "" #: ipaserver/plugins/baseldap.py:149 msgid "Indirect Member HBAC service group" msgstr "" #: ipaserver/plugins/baseldap.py:152 msgid "Indirect Member netgroups" msgstr "" #: ipaserver/plugins/baseldap.py:173 ipaclient/frontend.py:32 msgid "Failed source hosts/hostgroups" msgstr "" #: ipaserver/plugins/baseldap.py:176 ipaclient/frontend.py:36 msgid "Failed hosts/hostgroups" msgstr "" #: ipaserver/plugins/baseldap.py:179 ipaclient/frontend.py:40 msgid "Failed users/groups" msgstr "" #: ipaserver/plugins/baseldap.py:182 ipaclient/frontend.py:44 msgid "Failed service/service groups" msgstr "" #: ipaserver/plugins/baseldap.py:185 ipaclient/frontend.py:48 msgid "Failed to remove" msgstr "" #: ipaserver/plugins/baseldap.py:189 ipaclient/frontend.py:53 msgid "Failed RunAs" msgstr "" #: ipaserver/plugins/baseldap.py:192 ipaclient/frontend.py:57 msgid "Failed RunAsGroup" msgstr "" #: ipaserver/plugins/baseldap.py:210 msgid "Invalid format. Should be name=value" msgstr "" #: ipaserver/plugins/baseldap.py:330 msgid "External host" msgstr "" #: ipaserver/plugins/baseldap.py:507 msgid "An IPA master host cannot be deleted or disabled" msgstr "" #: ipaserver/plugins/baseldap.py:538 msgid "entry" msgstr "" #: ipaserver/plugins/baseldap.py:539 msgid "entries" msgstr "" #: ipaserver/plugins/baseldap.py:577 ipaserver/plugins/baseldap.py:578 msgid "Entry" msgstr "" #: ipaserver/plugins/baseldap.py:581 #, python-format msgid "container entry (%(container)s) not found" msgstr "" #: ipaserver/plugins/baseldap.py:582 #, python-format msgid "%(parent)s: %(oname)s not found" msgstr "" #: ipaserver/plugins/baseldap.py:584 #, python-format msgid "%(oname)s with name \"%(pkey)s\" already exists" msgstr "" #: ipaserver/plugins/baseldap.py:871 ipaserver/plugins/baseldap.py:879 #, python-format msgid "attribute \"%(attribute)s\" not allowed" msgstr "" #: ipaserver/plugins/baseldap.py:884 #, python-format msgid "these attributes are not allowed: %(attrs)s" msgstr "" #: ipaserver/plugins/baseldap.py:894 msgid "" "Set an attribute to a name/value pair. Format is attr=value.\n" "For multi-valued attributes, the command replaces the values already present." msgstr "" #: ipaserver/plugins/baseldap.py:900 msgid "" "Add an attribute/value pair. Format is attr=value. The attribute\n" "must be part of the schema." msgstr "" #: ipaserver/plugins/baseldap.py:906 msgid "" "Delete an attribute/value pair. The option will be evaluated\n" "last, after all sets and adds." msgstr "" #: ipaserver/plugins/baseldap.py:942 msgid "attribute is not configurable" msgstr "" #: ipaserver/plugins/baseldap.py:1045 msgid "No such attribute on this entry" msgstr "" #: ipaserver/plugins/baseldap.py:1140 ipaserver/plugins/cert.py:1342 msgid "Suppress processing of membership attributes." msgstr "" #: ipaserver/plugins/baseldap.py:1294 msgid "Continuous mode: Don't stop on errors." msgstr "" #: ipaserver/plugins/baseldap.py:1315 ipaserver/plugins/baseldap.py:1390 msgid "Rights" msgstr "" #: ipaserver/plugins/baseldap.py:1316 ipaserver/plugins/baseldap.py:1391 msgid "" "Display the access rights of this entry (requires --all). See ipa man page " "for details." msgstr "" #: ipaserver/plugins/baseldap.py:1400 msgid "Rename" msgstr "" #: ipaserver/plugins/baseldap.py:1401 #, python-format msgid "Rename the %(ldap_obj_name)s object" msgstr "" #: ipaserver/plugins/baseldap.py:1499 ipaserver/plugins/baseldap.py:2407 msgid "the entry was deleted while being modified" msgstr "" #: ipaserver/plugins/baseldap.py:1632 ipaserver/plugins/baseldap.py:2134 #, python-format msgid "%s" msgstr "" #: ipaserver/plugins/baseldap.py:1675 ipaserver/plugins/baseldap.py:2158 #, python-format msgid "%s to add" msgstr "" #: ipaserver/plugins/baseldap.py:1687 ipaserver/plugins/baseldap.py:2174 msgid "Number of members added" msgstr "" #: ipaserver/plugins/baseldap.py:1774 ipaserver/plugins/baseldap.py:2257 #, python-format msgid "%s to remove" msgstr "" #: ipaserver/plugins/baseldap.py:1781 ipaserver/plugins/baseldap.py:2269 msgid "Members that could not be removed" msgstr "" #: ipaserver/plugins/baseldap.py:1785 ipaserver/plugins/baseldap.py:2273 msgid "Number of members removed" msgstr "" #: ipaserver/plugins/baseldap.py:1882 #, python-format msgid "" "Search for %(searched_object)s with these %(relationship)s %(ldap_object)s." msgstr "" #: ipaserver/plugins/baseldap.py:1883 #, python-format msgid "" "Search for %(searched_object)s without these %(relationship)s " "%(ldap_object)s." msgstr "" #: ipaserver/plugins/baseldap.py:2438 #, python-format msgid "added attribute value to entry %(value)s" msgstr "" #: ipaserver/plugins/baseldap.py:2447 #, python-format msgid "'%(attr)s' already contains one or more values" msgstr "" #: ipaserver/plugins/baseldap.py:2454 #, python-format msgid "removed attribute values from entry %(value)s" msgstr "" #: ipaserver/plugins/baseldap.py:2463 msgid "one or more values to remove" msgstr "" #: ipaserver/plugins/baseuser.py:57 msgid "" "\n" "Baseuser\n" "\n" "This contains common definitions for user/stageuser\n" msgstr "" #: ipaserver/plugins/baseuser.py:69 ipaclient/remote_plugins/2_114/user.py:332 msgid "Kerberos keys available" msgstr "" #: ipaserver/plugins/baseuser.py:88 msgid "must be TRUE or FALSE" msgstr "" #: ipaserver/plugins/baseuser.py:145 msgid "" "Object class ipaNTUserAttrs is missing, user entry cannot have SMB " "attributes." msgstr "" #: ipaserver/plugins/baseuser.py:212 ipaclient/remote_plugins/2_114/user.py:75 msgid "First name" msgstr "" #: ipaserver/plugins/baseuser.py:216 ipaclient/remote_plugins/2_114/user.py:79 msgid "Last name" msgstr "" #: ipaserver/plugins/baseuser.py:224 ipaclient/remote_plugins/2_114/user.py:88 msgid "Display name" msgstr "" #: ipaserver/plugins/baseuser.py:229 ipaclient/remote_plugins/2_114/user.py:93 msgid "Initials" msgstr "" #: ipaserver/plugins/baseuser.py:265 ipaclient/remote_plugins/2_114/user.py:118 msgid "Kerberos principal expiration" msgstr "" #: ipaserver/plugins/baseuser.py:269 msgid "User password expiration" msgstr "" #: ipaserver/plugins/baseuser.py:273 ipaclient/remote_plugins/2_114/user.py:124 msgid "Email address" msgstr "" #: ipaserver/plugins/baseuser.py:278 ipaclient/remote_plugins/2_114/user.py:130 msgid "Prompt to set the user password" msgstr "" #: ipaserver/plugins/baseuser.py:284 ipaclient/remote_plugins/2_114/user.py:136 msgid "Generate a random user password" msgstr "" #: ipaserver/plugins/baseuser.py:295 ipaclient/remote_plugins/2_114/user.py:147 msgid "User ID Number (system will assign one if not provided)" msgstr "" #: ipaserver/plugins/baseuser.py:305 ipaclient/remote_plugins/2_114/user.py:158 msgid "Street address" msgstr "" #: ipaserver/plugins/baseuser.py:309 ipaclient/remote_plugins/2_114/user.py:163 msgid "City" msgstr "" #: ipaserver/plugins/baseuser.py:313 ipaclient/remote_plugins/2_114/user.py:168 msgid "State/Province" msgstr "" #: ipaserver/plugins/baseuser.py:316 ipaclient/remote_plugins/2_114/user.py:173 msgid "ZIP" msgstr "" #: ipaserver/plugins/baseuser.py:320 ipaclient/remote_plugins/2_114/user.py:179 msgid "Telephone Number" msgstr "" #: ipaserver/plugins/baseuser.py:323 ipaclient/remote_plugins/2_114/user.py:185 msgid "Mobile Telephone Number" msgstr "" #: ipaserver/plugins/baseuser.py:326 ipaclient/remote_plugins/2_114/user.py:191 msgid "Pager Number" msgstr "" #: ipaserver/plugins/baseuser.py:330 ipaclient/remote_plugins/2_114/user.py:197 msgid "Fax Number" msgstr "" #: ipaserver/plugins/baseuser.py:334 ipaclient/remote_plugins/2_114/user.py:202 msgid "Org. Unit" msgstr "" #: ipaserver/plugins/baseuser.py:337 ipaclient/remote_plugins/2_114/user.py:207 msgid "Job Title" msgstr "" #: ipaserver/plugins/baseuser.py:344 ipaclient/remote_plugins/2_114/user.py:218 msgid "Car License" msgstr "" #: ipaserver/plugins/baseuser.py:359 ipaclient/remote_plugins/2_114/user.py:235 msgid "User authentication types" msgstr "" #: ipaserver/plugins/baseuser.py:360 ipaclient/remote_plugins/2_114/user.py:236 msgid "Types of supported user authentication" msgstr "" #: ipaserver/plugins/baseuser.py:366 ipaclient/remote_plugins/2_114/user.py:243 msgid "" "User category (semantics placed on this attribute are for local " "interpretation)" msgstr "" #: ipaserver/plugins/baseuser.py:371 ipaclient/remote_plugins/2_114/user.py:248 msgid "RADIUS proxy configuration" msgstr "" #: ipaserver/plugins/baseuser.py:375 ipaclient/remote_plugins/2_114/user.py:253 msgid "RADIUS proxy username" msgstr "" #: ipaserver/plugins/baseuser.py:378 ipaclient/remote_plugins/2_114/user.py:259 msgid "Department Number" msgstr "" #: ipaserver/plugins/baseuser.py:381 ipaclient/remote_plugins/2_114/user.py:264 msgid "Employee Number" msgstr "" #: ipaserver/plugins/baseuser.py:384 ipaclient/remote_plugins/2_114/user.py:269 msgid "Employee Type" msgstr "" #: ipaserver/plugins/baseuser.py:387 ipaclient/remote_plugins/2_114/user.py:274 msgid "Preferred Language" msgstr "" #: ipaserver/plugins/baseuser.py:410 msgid "SMB logon script path" msgstr "" #: ipaserver/plugins/baseuser.py:415 msgid "SMB profile path" msgstr "" #: ipaserver/plugins/baseuser.py:420 msgid "SMB Home Directory" msgstr "" #: ipaserver/plugins/baseuser.py:425 msgid "SMB Home Directory Drive" msgstr "" #: ipaserver/plugins/baseuser.py:449 ipaserver/plugins/baseuser.py:453 #, python-format msgid "invalid e-mail format: %(email)s" msgstr "" #: ipaserver/plugins/baseuser.py:480 #, python-format msgid "manager %(manager)s not found" msgstr "" #: ipaserver/plugins/baseuser.py:825 msgid "Issuer of the certificate" msgstr "" #: ipaserver/plugins/baseuser.py:832 msgid "Subject of the certificate" msgstr "" #: ipaserver/plugins/baseuser.py:877 msgid "cannot have an empty subject" msgstr "" #: ipaserver/plugins/baseuser.py:917 msgid "cannot specify both subject/issuer and certificate" msgstr "" #: ipaserver/plugins/baseuser.py:921 msgid "cannot specify both subject/issuer and ipacertmapdata" msgstr "" #: ipaserver/plugins/baseuser.py:946 #, python-format msgid "Added certificate mappings to user \"%(value)s\"" msgstr "" #: ipaserver/plugins/baseuser.py:965 #, python-format msgid "Removed certificate mappings from user \"%(value)s\"" msgstr "" #: ipaserver/plugins/cert.py:68 msgid "" "\n" "IPA certificate operations\n" msgstr "" #: ipaserver/plugins/cert.py:70 msgid "" "\n" "Implements a set of commands for managing server SSL certificates.\n" msgstr "" #: ipaserver/plugins/cert.py:72 msgid "" "\n" "Certificate requests exist in the form of a Certificate Signing Request " "(CSR)\n" "in PEM format.\n" msgstr "" #: ipaserver/plugins/cert.py:75 msgid "" "\n" "The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" "subject to values configured in the server.\n" msgstr "" #: ipaserver/plugins/cert.py:78 msgid "" "\n" "A certificate is stored with a service principal and a service principal\n" "needs a host.\n" msgstr "" #: ipaserver/plugins/cert.py:81 msgid "" "\n" "In order to request a certificate:\n" msgstr "" #: ipaserver/plugins/cert.py:83 msgid "" "\n" "* The host must exist\n" "* The service must exist (or you use the --add option to automatically add " "it)\n" msgstr "" #: ipaserver/plugins/cert.py:86 msgid "" "\n" "SEARCHING:\n" msgstr "" #: ipaserver/plugins/cert.py:88 msgid "" "\n" "Certificates may be searched on by certificate subject, serial number,\n" "revocation reason, validity dates and the issued date.\n" msgstr "" #: ipaserver/plugins/cert.py:91 msgid "" "\n" "When searching on dates the _from date does a >= search and the _to date\n" "does a <= search. When combined these are done as an AND.\n" msgstr "" #: ipaserver/plugins/cert.py:94 msgid "" "\n" "Dates are treated as GMT to match the dates in the certificates.\n" msgstr "" #: ipaserver/plugins/cert.py:96 msgid "" "\n" "The date format is YYYY-mm-dd.\n" msgstr "" #: ipaserver/plugins/cert.py:100 msgid "" "\n" " Request a new certificate and add the principal:\n" " ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" msgstr "" #: ipaserver/plugins/cert.py:103 msgid "" "\n" " Retrieve an existing certificate:\n" " ipa cert-show 1032\n" msgstr "" #: ipaserver/plugins/cert.py:106 msgid "" "\n" " Revoke a certificate (see RFC 5280 for reason details):\n" " ipa cert-revoke --revocation-reason=6 1032\n" msgstr "" #: ipaserver/plugins/cert.py:109 msgid "" "\n" " Remove a certificate from revocation hold status:\n" " ipa cert-remove-hold 1032\n" msgstr "" #: ipaserver/plugins/cert.py:112 msgid "" "\n" " Check the status of a signing request:\n" " ipa cert-status 10\n" msgstr "" #: ipaserver/plugins/cert.py:115 msgid "" "\n" " Search for certificates by hostname:\n" " ipa cert-find --subject=ipaserver.example.com\n" msgstr "" #: ipaserver/plugins/cert.py:118 msgid "" "\n" " Search for revoked certificates by reason:\n" " ipa cert-find --revocation-reason=5\n" msgstr "" #: ipaserver/plugins/cert.py:121 msgid "" "\n" " Search for certificates based on issuance date\n" " ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" msgstr "" #: ipaserver/plugins/cert.py:124 msgid "" "\n" " Search for certificates owned by a specific user:\n" " ipa cert-find --user=user\n" msgstr "" #: ipaserver/plugins/cert.py:127 msgid "" "\n" " Examine a certificate:\n" " ipa cert-find --file=cert.pem --all\n" msgstr "" #: ipaserver/plugins/cert.py:130 msgid "" "\n" " Verify that a certificate is owned by a specific user:\n" " ipa cert-find --file=cert.pem --user=user\n" msgstr "" #: ipaserver/plugins/cert.py:133 msgid "" "\n" "IPA currently immediately issues (or declines) all certificate requests so\n" "the status of a request is not normally useful. This is for future use\n" "or the case where a CA does not immediately issue a certificate.\n" msgstr "" #: ipaserver/plugins/cert.py:137 msgid "" "\n" "The following revocation reasons are supported:\n" "\n" msgstr "" #: ipaserver/plugins/cert.py:140 msgid " * 0 - unspecified\n" msgstr "" #: ipaserver/plugins/cert.py:141 msgid " * 1 - keyCompromise\n" msgstr "" #: ipaserver/plugins/cert.py:142 msgid " * 2 - cACompromise\n" msgstr "" #: ipaserver/plugins/cert.py:143 msgid " * 3 - affiliationChanged\n" msgstr "" #: ipaserver/plugins/cert.py:144 msgid " * 4 - superseded\n" msgstr "" #: ipaserver/plugins/cert.py:145 msgid " * 5 - cessationOfOperation\n" msgstr "" #: ipaserver/plugins/cert.py:146 msgid " * 6 - certificateHold\n" msgstr "" #: ipaserver/plugins/cert.py:147 msgid " * 8 - removeFromCRL\n" msgstr "" #: ipaserver/plugins/cert.py:148 msgid " * 9 - privilegeWithdrawn\n" msgstr "" #: ipaserver/plugins/cert.py:149 msgid " * 10 - aACompromise\n" msgstr "" #: ipaserver/plugins/cert.py:150 msgid "" "\n" "Note that reason code 7 is not used. See RFC 5280 for more details:\n" msgstr "" #: ipaserver/plugins/cert.py:152 msgid "" "\n" "http://www.ietf.org/rfc/rfc5280.txt\n" "\n" msgstr "" #: ipaserver/plugins/cert.py:281 ipaserver/plugins/certprofile.py:86 msgid "CA is not configured" msgstr "" #: ipaserver/plugins/cert.py:287 #, python-format msgid "" "Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile " "'%(profile_id)s' for certificate issuance." msgstr "" #: ipaserver/plugins/cert.py:307 msgid "enabledService/configuredService not in ipaConfigString kdc entry" msgstr "" #: ipaserver/plugins/cert.py:311 #, python-format msgid "Host '%(hostname)s' is not an active KDC" msgstr "" #: ipaserver/plugins/cert.py:345 msgid "Issuing CA" msgstr "" #: ipaserver/plugins/cert.py:346 msgid "Name of issuing CA" msgstr "" #: ipaserver/plugins/cert.py:368 msgid "Subject email address" msgstr "" #: ipaserver/plugins/cert.py:373 msgid "Subject DNS name" msgstr "" #: ipaserver/plugins/cert.py:378 msgid "Subject X.400 address" msgstr "" #: ipaserver/plugins/cert.py:383 msgid "Subject directory name" msgstr "" #: ipaserver/plugins/cert.py:388 msgid "Subject EDI Party name" msgstr "" #: ipaserver/plugins/cert.py:393 msgid "Subject URI" msgstr "" #: ipaserver/plugins/cert.py:398 msgid "Subject IP Address" msgstr "" #: ipaserver/plugins/cert.py:403 msgid "Subject OID" msgstr "" #: ipaserver/plugins/cert.py:408 msgid "Subject UPN" msgstr "" #: ipaserver/plugins/cert.py:413 msgid "Subject Kerberos principal name" msgstr "" #: ipaserver/plugins/cert.py:418 msgid "Subject Other Name" msgstr "" #: ipaserver/plugins/cert.py:449 ipaclient/remote_plugins/2_114/cert.py:251 msgid "Serial number" msgstr "" #: ipaserver/plugins/cert.py:450 ipaclient/remote_plugins/2_114/cert.py:252 msgid "Serial number in decimal or if prefixed with 0x in hexadecimal" msgstr "" #: ipaserver/plugins/cert.py:456 msgid "Serial number (hex)" msgstr "" #: ipaserver/plugins/cert.py:576 ipaserver/plugins/certprofile.py:122 #: ipaclient/plugins/csrgen.py:45 msgid "Profile ID" msgstr "" #: ipaserver/plugins/cert.py:577 ipaclient/remote_plugins/2_156/cert.py:298 msgid "Certificate Profile to use" msgstr "" #: ipaserver/plugins/cert.py:582 msgid "Request status" msgstr "" #: ipaserver/plugins/cert.py:587 ipaclient/remote_plugins/2_114/cert.py:367 msgid "Request id" msgstr "" #: ipaserver/plugins/cert.py:603 ipaclient/remote_plugins/2_114/cert.py:267 msgid "Submit a certificate signing request." msgstr "" #: ipaserver/plugins/cert.py:611 ipaclient/remote_plugins/2_114/cert.py:273 msgid "CSR" msgstr "" #: ipaserver/plugins/cert.py:621 ipaclient/plugins/csrgen.py:39 msgid "Principal" msgstr "" #: ipaserver/plugins/cert.py:622 ipaclient/plugins/csrgen.py:40 msgid "Principal for this certificate (e.g. HTTP/test.example.com)" msgstr "" #: ipaserver/plugins/cert.py:628 msgid "" "automatically add the principal if it doesn't exist (service principals only)" msgstr "" #: ipaserver/plugins/cert.py:677 #, python-format msgid "krbtgt certs can use only the %s profile" msgstr "" #: ipaserver/plugins/cert.py:729 msgid "No Common Name was found in subject of request." msgstr "" #: ipaserver/plugins/cert.py:737 #, python-format msgid "" "hostname in subject of request '%(cn)s' does not match name or aliases of " "principal '%(principal)s'" msgstr "" #: ipaserver/plugins/cert.py:743 #, python-format msgid "" "hostname in subject of request '%(cn)s' does not match principal hostname " "'%(hostname)s'" msgstr "" #: ipaserver/plugins/cert.py:752 msgid "DN commonName does not match user's login" msgstr "" #: ipaserver/plugins/cert.py:766 msgid "DN emailAddress does not match any of user's email addresses" msgstr "" #: ipaserver/plugins/cert.py:775 #, python-format msgid "" "Insufficient 'write' privilege to the 'userCertificate' attribute of entry " "'%s'." msgstr "" #: ipaserver/plugins/cert.py:796 ipaserver/plugins/cert.py:914 #, python-format msgid "subject alt name type %s is forbidden for user principals" msgstr "" #: ipaserver/plugins/cert.py:841 #, python-format msgid "" "The service principal for subject alt name %s in certificate request does " "not exist" msgstr "" #: ipaserver/plugins/cert.py:872 #, python-format msgid "" "Insufficient privilege to create a certificate with subject alt name '%s'." msgstr "" #: ipaserver/plugins/cert.py:890 #, python-format msgid "Principal '%s' in subject alt name does not match requested principal" msgstr "" #: ipaserver/plugins/cert.py:899 msgid "RFC822Name does not match any of user's email addresses" msgstr "" #: ipaserver/plugins/cert.py:906 #, python-format msgid "subject alt name type %s is forbidden for non-user principals" msgstr "" #: ipaserver/plugins/cert.py:923 #, python-format msgid "Subject alt name type %s is forbidden" msgstr "" #: ipaserver/plugins/cert.py:941 #, python-format msgid "CA '%s' is disabled" msgstr "" #: ipaserver/plugins/cert.py:1028 msgid "'add' option" msgstr "" #: ipaserver/plugins/cert.py:1032 ipaclient/plugins/csrgen.py:109 msgid "The principal for this request doesn't exist." msgstr "" #: ipaserver/plugins/cert.py:1148 #, python-format msgid "IP address in subjectAltName (%s) unreachable from DNS names" msgstr "" #: ipaserver/plugins/cert.py:1165 #, python-format msgid "IP address in subjectAltName (%s) does not have PTR record" msgstr "" #: ipaserver/plugins/cert.py:1177 #, python-format msgid "PTR record for SAN IP (%s) does not match A/AAAA records" msgstr "" #: ipaserver/plugins/cert.py:1242 ipaclient/remote_plugins/2_114/cert.py:362 msgid "Check the status of a certificate signing request." msgstr "" #: ipaserver/plugins/cert.py:1276 msgid "Revoked" msgstr "" #: ipaserver/plugins/cert.py:1282 msgid "" "Reason for revoking the certificate (0-10). Type \"ipa help cert\" for " "revocation reason details. " msgstr "" #: ipaserver/plugins/cert.py:1304 #, python-format msgid "Owner %s" msgstr "" #: ipaserver/plugins/cert.py:1351 ipaclient/remote_plugins/2_114/cert.py:334 msgid "Retrieve an existing certificate." msgstr "" #: ipaserver/plugins/cert.py:1355 ipaclient/remote_plugins/2_114/cert.py:348 msgid "Output filename" msgstr "" #: ipaserver/plugins/cert.py:1356 ipaclient/remote_plugins/2_114/cert.py:349 msgid "File to store the certificate in." msgstr "" #: ipaserver/plugins/cert.py:1391 #, python-format msgid "" "Certificate with serial number %(serial)s issued by CA '%(ca)s' not found" msgstr "" #: ipaserver/plugins/cert.py:1425 ipaclient/remote_plugins/2_114/cert.py:306 msgid "Revoke a certificate." msgstr "" #: ipaserver/plugins/cert.py:1460 msgid "7 is not a valid revocation reason" msgstr "" #: ipaserver/plugins/cert.py:1473 ipaclient/remote_plugins/2_114/cert.py:246 msgid "Take a revoked certificate off hold." msgstr "" #: ipaserver/plugins/cert.py:1496 ipaclient/remote_plugins/2_114/cert.py:129 msgid "Search for existing certificates." msgstr "" #: ipaserver/plugins/cert.py:1501 ipaclient/remote_plugins/2_114/cert.py:135 msgid "Match cn attribute in subject" msgstr "" #: ipaserver/plugins/cert.py:1505 ipaclient/remote_plugins/2_114/cert.py:146 msgid "minimum serial number" msgstr "" #: ipaserver/plugins/cert.py:1511 ipaclient/remote_plugins/2_114/cert.py:151 msgid "maximum serial number" msgstr "" #: ipaserver/plugins/cert.py:1517 ipaclient/remote_plugins/2_114/cert.py:156 msgid "match the common name exactly" msgstr "" #: ipaserver/plugins/cert.py:1521 ipaclient/remote_plugins/2_114/cert.py:163 msgid "Valid not after from this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1526 ipaclient/remote_plugins/2_114/cert.py:168 msgid "Valid not after to this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1531 ipaclient/remote_plugins/2_114/cert.py:173 msgid "Valid not before from this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1536 ipaclient/remote_plugins/2_114/cert.py:178 msgid "Valid not before to this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1541 ipaclient/remote_plugins/2_114/cert.py:183 msgid "Issued on from this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1546 ipaclient/remote_plugins/2_114/cert.py:188 msgid "Issued on to this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1551 ipaclient/remote_plugins/2_114/cert.py:193 msgid "Revoked on from this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1556 ipaclient/remote_plugins/2_114/cert.py:198 msgid "Revoked on to this date (YYYY-mm-dd)" msgstr "" #: ipaserver/plugins/cert.py:1562 msgid "Results should contain primary key attribute only (\"certificate\")" msgstr "" #: ipaserver/plugins/cert.py:1578 #, python-format msgid "%(count)d certificate matched" msgid_plural "%(count)d certificates matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/cert.py:1600 #, python-format msgid "Search for certificates with these owner %s." msgstr "" #: ipaserver/plugins/cert.py:1611 #, python-format msgid "Search for certificates without these owner %s." msgstr "" #: ipaserver/plugins/cert.py:1924 ipaclient/remote_plugins/2_114/cert.py:103 msgid "Checks if any of the servers has the CA service enabled." msgstr "" #: ipaserver/plugins/certprofile.py:21 msgid "" "\n" "Manage Certificate Profiles\n" "\n" "Certificate Profiles are used by Certificate Authority (CA) in the signing " "of\n" "certificates to determine if a Certificate Signing Request (CSR) is " "acceptable,\n" "and if so what features and extensions will be present on the certificate.\n" "\n" "The Certificate Profile format is the property-list format understood by " "the\n" "Dogtag or Red Hat Certificate System CA.\n" "\n" "PROFILE ID SYNTAX:\n" "\n" "A Profile ID is a string without spaces or punctuation starting with a " "letter\n" "and followed by a sequence of letters, digits or underscore (\"_\").\n" "\n" "EXAMPLES:\n" "\n" " Import a profile that will not store issued certificates:\n" " ipa certprofile-import ShortLivedUserCert \\\n" " --file UserCert.profile --desc \"User Certificates\" \\\n" " --store=false\n" "\n" " Delete a certificate profile:\n" " ipa certprofile-del ShortLivedUserCert\n" "\n" " Show information about a profile:\n" " ipa certprofile-show ShortLivedUserCert\n" "\n" " Save profile configuration to a file:\n" " ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" "\n" " Search for profiles that do not store certificates:\n" " ipa certprofile-find --store=false\n" "\n" "PROFILE CONFIGURATION FORMAT:\n" "\n" "The profile configuration format is the raw property-list format\n" "used by Dogtag Certificate System. The XML format is not supported.\n" "\n" "The following restrictions apply to profiles managed by FreeIPA:\n" "\n" "- When importing a profile the \"profileId\" field, if present, must\n" " match the ID given on the command line.\n" "\n" "- The \"classId\" field must be set to \"caEnrollImpl\"\n" "\n" "- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" "\n" "- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" " class must be used.\n" "\n" msgstr "" #: ipaserver/plugins/certprofile.py:95 msgid "invalid Profile ID" msgstr "" #: ipaserver/plugins/certprofile.py:106 ipaserver/plugins/certprofile.py:116 msgid "Certificate Profile" msgstr "" #: ipaserver/plugins/certprofile.py:107 ipaserver/plugins/certprofile.py:115 msgid "Certificate Profiles" msgstr "" #: ipaserver/plugins/certprofile.py:123 msgid "Profile ID for referring to this profile" msgstr "" #: ipaserver/plugins/certprofile.py:126 msgid "Profile configuration" msgstr "" #: ipaserver/plugins/certprofile.py:132 msgid "Profile description" msgstr "" #: ipaserver/plugins/certprofile.py:133 msgid "Brief description of this profile" msgstr "" #: ipaserver/plugins/certprofile.py:138 msgid "Store issued certificates" msgstr "" #: ipaserver/plugins/certprofile.py:139 msgid "Whether to store certs issued using this profile" msgstr "" #: ipaserver/plugins/certprofile.py:188 msgid "Search for Certificate Profiles." msgstr "" #: ipaserver/plugins/certprofile.py:190 #, python-format msgid "%(count)d profile matched" msgid_plural "%(count)d profiles matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/certprofile.py:200 msgid "Display the properties of a Certificate Profile." msgstr "" #: ipaserver/plugins/certprofile.py:204 msgid "Write profile configuration to file" msgstr "" #: ipaserver/plugins/certprofile.py:221 msgid "Import a Certificate Profile." msgstr "" #: ipaserver/plugins/certprofile.py:222 #, python-format msgid "Imported profile \"%(value)s\"" msgstr "" #: ipaserver/plugins/certprofile.py:226 msgid "Filename of a raw profile. The XML format is not supported." msgstr "" #: ipaserver/plugins/certprofile.py:247 #, python-format msgid "Profile data specifies profileId multiple times: %(values)s" msgstr "" #: ipaserver/plugins/certprofile.py:255 #, python-format msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'" msgstr "" #: ipaserver/plugins/certprofile.py:281 msgid "Delete a Certificate Profile." msgstr "" #: ipaserver/plugins/certprofile.py:282 #, python-format msgid "Deleted profile \"%(value)s\"" msgstr "" #: ipaserver/plugins/certprofile.py:289 #, python-format msgid "Predefined profile '%(profile_id)s' cannot be deleted" msgstr "" #: ipaserver/plugins/certprofile.py:304 msgid "Modify Certificate Profile configuration." msgstr "" #: ipaserver/plugins/certprofile.py:305 #, python-format msgid "Modified Certificate Profile \"%(value)s\"" msgstr "" #: ipaserver/plugins/certprofile.py:310 msgid "File containing profile configuration" msgstr "" #: ipaserver/plugins/certprofile.py:322 msgid "Certificate profiles cannot be renamed" msgstr "" #: ipaserver/plugins/certprofile.py:327 msgid "Insufficient privilege to modify a certificate profile." msgstr "" #: ipaserver/plugins/sudocmd.py:33 msgid "" "\n" "Sudo Commands\n" "\n" "Commands used as building blocks for sudo\n" "\n" "EXAMPLES:\n" "\n" " Create a new command\n" " ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" "\n" " Remove a command\n" " ipa sudocmd-del /usr/bin/less\n" "\n" msgstr "" #: ipaserver/plugins/sudocmd.py:58 msgid "sudo command" msgstr "" #: ipaserver/plugins/sudocmd.py:59 msgid "sudo commands" msgstr "" #: ipaserver/plugins/sudocmd.py:111 msgid "Sudo Commands" msgstr "" #: ipaserver/plugins/sudocmd.py:112 ipaserver/plugins/sudocmd.py:117 msgid "Sudo Command" msgstr "" #: ipaserver/plugins/sudocmd.py:123 msgid "A description of this command" msgstr "" #: ipaserver/plugins/sudocmd.py:146 msgid "Create new Sudo Command." msgstr "" #: ipaserver/plugins/sudocmd.py:148 #, python-format msgid "Added Sudo Command \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudocmd.py:153 msgid "Delete Sudo Command." msgstr "" #: ipaserver/plugins/sudocmd.py:155 #, python-format msgid "Deleted Sudo Command \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudocmd.py:186 msgid "Modify Sudo Command." msgstr "" #: ipaserver/plugins/sudocmd.py:188 #, python-format msgid "Modified Sudo Command \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudocmd.py:193 msgid "Search for Sudo Commands." msgstr "" #: ipaserver/plugins/sudocmd.py:196 #, python-format msgid "%(count)d Sudo Command matched" msgid_plural "%(count)d Sudo Commands matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/sudocmd.py:202 msgid "Display Sudo Command." msgstr "" #: ipaserver/plugins/delegation.py:29 msgid "" "\n" "Group to Group Delegation\n" "\n" "A permission enables fine-grained delegation of permissions. Access Control\n" "Rules, or instructions (ACIs), grant permission to permissions to perform\n" "given tasks such as adding a user, modifying a group, etc.\n" "\n" "Group to Group Delegations grants the members of one group to update a set\n" "of attributes of members of another group.\n" "\n" "EXAMPLES:\n" "\n" " Add a delegation rule to allow managers to edit employee's addresses:\n" " ipa delegation-add --attrs=street --group=managers --" "membergroup=employees \"managers edit employees' street\"\n" "\n" " When managing the list of attributes you need to include all attributes\n" " in the list, including existing ones. Add postalCode to the list:\n" " ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --" "membergroup=employees \"managers edit employees' street\"\n" "\n" " Display our updated rule:\n" " ipa delegation-show \"managers edit employees' street\"\n" "\n" " Delete a rule:\n" " ipa delegation-del \"managers edit employees' street\"\n" msgstr "" #: ipaserver/plugins/delegation.py:67 msgid "delegation" msgstr "" #: ipaserver/plugins/delegation.py:68 msgid "delegations" msgstr "" #: ipaserver/plugins/delegation.py:69 msgid "Delegations" msgstr "" #: ipaserver/plugins/delegation.py:70 msgid "Delegation" msgstr "" #: ipaserver/plugins/delegation.py:87 msgid "Attributes to which the delegation applies" msgstr "" #: ipaserver/plugins/delegation.py:92 msgid "Member user group" msgstr "" #: ipaserver/plugins/delegation.py:93 msgid "User group to apply delegation to" msgstr "" #: ipaserver/plugins/delegation.py:130 msgid "Add a new delegation." msgstr "" #: ipaserver/plugins/delegation.py:132 #, python-format msgid "Added delegation \"%(value)s\"" msgstr "" #: ipaserver/plugins/delegation.py:150 msgid "Delete a delegation." msgstr "" #: ipaserver/plugins/delegation.py:153 #, python-format msgid "Deleted delegation \"%(value)s\"" msgstr "" #: ipaserver/plugins/delegation.py:168 msgid "Modify a delegation." msgstr "" #: ipaserver/plugins/delegation.py:170 #, python-format msgid "Modified delegation \"%(value)s\"" msgstr "" #: ipaserver/plugins/delegation.py:186 msgid "Search for delegations." msgstr "" #: ipaserver/plugins/delegation.py:189 #, python-format msgid "%(count)d delegation matched" msgid_plural "%(count)d delegations matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/delegation.py:211 msgid "Display information about a delegation." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:34 msgid "" "\n" "Groups of Sudo Commands\n" "\n" "Manage groups of Sudo Commands.\n" "\n" "EXAMPLES:\n" "\n" " Add a new Sudo Command Group:\n" " ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" "\n" " Remove a Sudo Command Group:\n" " ipa sudocmdgroup-del admincmds\n" "\n" " Manage Sudo Command Group membership, commands:\n" " ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" "vim admincmds\n" "\n" " Manage Sudo Command Group membership, commands:\n" " ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n" "\n" " Show a Sudo Command Group:\n" " ipa sudocmdgroup-show admincmds\n" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:67 msgid "sudo command group" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:68 msgid "sudo command groups" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:119 ipaserver/plugins/sudocmdgroup.py:124 msgid "Sudo Command Group" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:131 ipaserver/plugins/group.py:330 msgid "Group description" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:147 msgid "Create new Sudo Command Group." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:149 #, python-format msgid "Added Sudo Command Group \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:155 msgid "Delete Sudo Command Group." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:157 #, python-format msgid "Deleted Sudo Command Group \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:163 msgid "Modify Sudo Command Group." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:165 #, python-format msgid "Modified Sudo Command Group \"%(value)s\"" msgstr "" #: ipaserver/plugins/sudocmdgroup.py:171 msgid "Search for Sudo Command Groups." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:174 #, python-format msgid "%(count)d Sudo Command Group matched" msgid_plural "%(count)d Sudo Command Groups matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/sudocmdgroup.py:182 msgid "Display Sudo Command Group." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:188 msgid "Add members to Sudo Command Group." msgstr "" #: ipaserver/plugins/sudocmdgroup.py:194 msgid "Remove members from Sudo Command Group." msgstr "" #: ipaserver/plugins/caacl.py:21 msgid "" "\n" "Manage CA ACL rules.\n" "\n" "This plugin is used to define rules governing which CAs and profiles\n" "may be used to issue certificates to particular principals or groups\n" "of principals.\n" "\n" "SUBJECT PRINCIPAL SCOPE:\n" "\n" "For a certificate request to be allowed, the principal(s) that are\n" "the subject of a certificate request (not necessarily the principal\n" "actually requesting the certificate) must be included in the scope\n" "of a CA ACL that also includes the target CA and profile.\n" "\n" "Users can be included by name, group or the \"all users\" category.\n" "Hosts can be included by name, hostgroup or the \"all hosts\"\n" "category. Services can be included by service name or the \"all\n" "services\" category. CA ACLs may be associated with a single type of\n" "principal, or multiple types.\n" "\n" "CERTIFICATE AUTHORITY SCOPE:\n" "\n" "A CA ACL can be associated with one or more CAs by name, or by the\n" "\"all CAs\" category. For compatibility reasons, a CA ACL with no CA\n" "association implies an association with the 'ipa' CA (and only this\n" "CA).\n" "\n" "PROFILE SCOPE:\n" "\n" "A CA ACL can be associated with one or more profiles by Profile ID.\n" "The Profile ID is a string without spaces or punctuation starting\n" "with a letter and followed by a sequence of letters, digits or\n" "underscore (\"_\").\n" "\n" "EXAMPLES:\n" "\n" " Create a CA ACL \"test\" that grants all users access to the\n" " \"UserCert\" profile on all CAs:\n" " ipa caacl-add test --usercat=all --cacat=all\n" " ipa caacl-add-profile test --certprofiles UserCert\n" "\n" " Display the properties of a named CA ACL:\n" " ipa caacl-show test\n" "\n" " Create a CA ACL to let user \"alice\" use the \"DNP3\" profile on \"DNP3-CA" "\":\n" " ipa caacl-add alice_dnp3\n" " ipa caacl-add-ca alice_dnp3 --cas DNP3-CA\n" " ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" " ipa caacl-add-user alice_dnp3 --user=alice\n" "\n" " Disable a CA ACL:\n" " ipa caacl-disable test\n" "\n" " Remove a CA ACL:\n" " ipa caacl-del test\n" msgstr "" #: ipaserver/plugins/caacl.py:87 ipaserver/plugins/caacl.py:165 #: ipaserver/plugins/caacl.py:263 msgid "CA ACL" msgstr "" #: ipaserver/plugins/caacl.py:88 ipaserver/plugins/caacl.py:164 msgid "CA ACLs" msgstr "" #: ipaserver/plugins/caacl.py:170 ipaclient/remote_plugins/2_156/caacl.py:61 msgid "ACL name" msgstr "" #: ipaserver/plugins/caacl.py:183 msgid "CA category" msgstr "" #: ipaserver/plugins/caacl.py:184 msgid "CA category the ACL applies to" msgstr "" #: ipaserver/plugins/caacl.py:189 ipaclient/remote_plugins/2_156/caacl.py:76 msgid "Profile category" msgstr "" #: ipaserver/plugins/caacl.py:190 ipaclient/remote_plugins/2_156/caacl.py:77 msgid "Profile category the ACL applies to" msgstr "" #: ipaserver/plugins/caacl.py:196 ipaclient/remote_plugins/2_156/caacl.py:83 msgid "User category the ACL applies to" msgstr "" #: ipaserver/plugins/caacl.py:202 ipaclient/remote_plugins/2_156/caacl.py:89 msgid "Host category the ACL applies to" msgstr "" #: ipaserver/plugins/caacl.py:208 ipaclient/remote_plugins/2_156/caacl.py:95 msgid "Service category the ACL applies to" msgstr "" #: ipaserver/plugins/caacl.py:212 msgid "CAs" msgstr "" #: ipaserver/plugins/caacl.py:244 ipaclient/remote_plugins/2_156/caacl.py:132 msgid "Create a new CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:246 #, python-format msgid "Added CA ACL \"%(value)s\"" msgstr "" #: ipaserver/plugins/caacl.py:256 ipaclient/remote_plugins/2_156/caacl.py:498 msgid "Delete a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:258 #, python-format msgid "Deleted CA ACL \"%(value)s\"" msgstr "" #: ipaserver/plugins/caacl.py:265 msgid "default CA ACL can be only disabled" msgstr "" #: ipaserver/plugins/caacl.py:271 ipaclient/remote_plugins/2_156/caacl.py:723 msgid "Modify a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:273 #, python-format msgid "Modified CA ACL \"%(value)s\"" msgstr "" #: ipaserver/plugins/caacl.py:285 msgid "CA category cannot be set to 'all' while there are allowed CAs" msgstr "" #: ipaserver/plugins/caacl.py:290 msgid "" "profile category cannot be set to 'all' while there are allowed profiles" msgstr "" #: ipaserver/plugins/caacl.py:309 ipaclient/remote_plugins/2_156/caacl.py:597 msgid "Search for CA ACLs." msgstr "" #: ipaserver/plugins/caacl.py:312 #, python-format msgid "%(count)d CA ACL matched" msgid_plural "%(count)d CA ACLs matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/caacl.py:318 ipaclient/remote_plugins/2_156/caacl.py:1103 msgid "Display the properties of a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:323 ipaclient/remote_plugins/2_156/caacl.py:566 msgid "Enable a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:325 #, python-format msgid "Enabled CA ACL \"%(value)s\"" msgstr "" #: ipaserver/plugins/caacl.py:352 ipaclient/remote_plugins/2_156/caacl.py:535 msgid "Disable a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:354 #, python-format msgid "Disabled CA ACL \"%(value)s\"" msgstr "" #: ipaserver/plugins/caacl.py:381 ipaclient/remote_plugins/2_156/caacl.py:429 msgid "Add users and groups to a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:385 #, python-format msgid "%i user or group added." msgstr "" #: ipaserver/plugins/caacl.py:386 #, python-format msgid "%i users or groups added." msgstr "" #: ipaserver/plugins/caacl.py:403 ipaclient/remote_plugins/2_156/caacl.py:1034 msgid "Remove users and groups from a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:407 #, python-format msgid "%i user or group removed." msgstr "" #: ipaserver/plugins/caacl.py:408 #, python-format msgid "%i users or groups removed." msgstr "" #: ipaserver/plugins/caacl.py:413 ipaclient/remote_plugins/2_156/caacl.py:240 msgid "Add target hosts and hostgroups to a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:417 #, python-format msgid "%i host or hostgroup added." msgstr "" #: ipaserver/plugins/caacl.py:418 #, python-format msgid "%i hosts or hostgroups added." msgstr "" #: ipaserver/plugins/caacl.py:435 ipaclient/remote_plugins/2_156/caacl.py:845 msgid "Remove target hosts and hostgroups from a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:439 #, python-format msgid "%i host or hostgroup removed." msgstr "" #: ipaserver/plugins/caacl.py:440 #, python-format msgid "%i hosts or hostgroups removed." msgstr "" #: ipaserver/plugins/caacl.py:445 ipaclient/remote_plugins/2_156/caacl.py:369 msgid "Add services to a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:448 #, python-format msgid "%i service added." msgstr "" #: ipaserver/plugins/caacl.py:448 #, python-format msgid "%i services added." msgstr "" #: ipaserver/plugins/caacl.py:465 ipaclient/remote_plugins/2_156/caacl.py:974 msgid "Remove services from a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:468 #, python-format msgid "%i service removed." msgstr "" #: ipaserver/plugins/caacl.py:468 #, python-format msgid "%i services removed." msgstr "" #: ipaserver/plugins/caacl.py:473 ipaclient/frontend.py:62 msgid "Failed profiles" msgstr "" #: ipaserver/plugins/caacl.py:476 ipaclient/frontend.py:66 msgid "Failed CAs" msgstr "" #: ipaserver/plugins/caacl.py:483 ipaclient/remote_plugins/2_156/caacl.py:309 msgid "Add profiles to a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:488 #, python-format msgid "%i profile added." msgstr "" #: ipaserver/plugins/caacl.py:488 #, python-format msgid "%i profiles added." msgstr "" #: ipaserver/plugins/caacl.py:499 msgid "profiles cannot be added when profile category='all'" msgstr "" #: ipaserver/plugins/caacl.py:505 ipaclient/remote_plugins/2_156/caacl.py:914 msgid "Remove profiles from a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:510 #, python-format msgid "%i profile removed." msgstr "" #: ipaserver/plugins/caacl.py:510 #, python-format msgid "%i profiles removed." msgstr "" #: ipaserver/plugins/caacl.py:515 msgid "Add CAs to a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:520 #, python-format msgid "%i CA added." msgstr "" #: ipaserver/plugins/caacl.py:520 #, python-format msgid "%i CAs added." msgstr "" #: ipaserver/plugins/caacl.py:531 msgid "CAs cannot be added when CA category='all'" msgstr "" #: ipaserver/plugins/caacl.py:537 msgid "Remove CAs from a CA ACL." msgstr "" #: ipaserver/plugins/caacl.py:542 #, python-format msgid "%i CA removed." msgstr "" #: ipaserver/plugins/caacl.py:542 #, python-format msgid "%i CAs removed." msgstr "" #: ipaserver/plugins/group.py:62 msgid "" "\n" "Groups of users\n" "\n" "Manage groups of users, groups, or services. By default, new groups are " "POSIX\n" "groups. You can add the --nonposix option to the group-add command to mark " "a\n" "new group as non-POSIX. You can use the --posix argument with the group-mod\n" "command to convert a non-POSIX group into a POSIX group. POSIX groups cannot " "be\n" "converted to non-POSIX groups.\n" "\n" "Every group must have a description.\n" "\n" "POSIX groups must have a Group ID (GID) number. Changing a GID is\n" "supported but can have an impact on your file permissions. It is not " "necessary\n" "to supply a GID when creating a group. IPA will generate one automatically\n" "if it is not provided.\n" "\n" "Groups members can be users, other groups, and Kerberos services. In POSIX\n" "environments only users will be visible as group members, but nested groups " "and\n" "groups of services can be used for IPA management purposes.\n" "\n" "EXAMPLES:\n" "\n" " Add a new group:\n" " ipa group-add --desc='local administrators' localadmins\n" "\n" " Add a new non-POSIX group:\n" " ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" "\n" " Convert a non-POSIX group to posix:\n" " ipa group-mod --posix remoteadmins\n" "\n" " Add a new POSIX group with a specific Group ID number:\n" " ipa group-add --gid=500 --desc='unix admins' unixadmins\n" "\n" " Add a new POSIX group and let IPA assign a Group ID number:\n" " ipa group-add --desc='printer admins' printeradmins\n" "\n" " Remove a group:\n" " ipa group-del unixadmins\n" "\n" " To add the \"remoteadmins\" group to the \"localadmins\" group:\n" " ipa group-add-member --groups=remoteadmins localadmins\n" "\n" " Add multiple users to the \"localadmins\" group:\n" " ipa group-add-member --users=test1 --users=test2 localadmins\n" "\n" " To add Kerberos services to the \"printer admins\" group:\n" " ipa group-add-member --services=CUPS/some.host printeradmins\n" "\n" " Remove a user from the \"localadmins\" group:\n" " ipa group-remove-member --users=test2 localadmins\n" "\n" " Display information about a named group.\n" " ipa group-show localadmins\n" "\n" "Group membership managers are users or groups that can add members to a\n" "group or remove members from a group.\n" "\n" " Allow user \"test2\" to add or remove members from group \"localadmins\":\n" " ipa group-add-member-manager --users=test2 localadmins\n" "\n" " Revoke membership management rights for user \"test2\" from \"localadmins" "\":\n" " ipa group-remove-member-manager --users=test2 localadmins\n" "\n" "External group membership is designed to allow users from trusted domains\n" "to be mapped to local POSIX groups in order to actually use IPA resources.\n" "External members should be added to groups that specifically created as\n" "external and non-POSIX. Such group later should be included into one of " "POSIX\n" "groups.\n" "\n" "An external group member is currently a Security Identifier (SID) as defined " "by\n" "the trusted domain. When adding external group members, it is possible to\n" "specify them in either SID, or DOM\\name, or name@domain format. IPA will " "attempt\n" "to resolve passed name to SID with the use of Global Catalog of the trusted " "domain.\n" "\n" "Example:\n" "\n" "1. Create group for the trusted domain admins' mapping and their local POSIX " "group:\n" "\n" " ipa group-add --desc=' admins external map' ad_admins_external " "--external\n" " ipa group-add --desc=' admins' ad_admins\n" "\n" "2. Add security identifier of Domain Admins of the to the " "ad_admins_external\n" " group:\n" "\n" " ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" "3. Allow members of ad_admins_external group to be associated with ad_admins " "POSIX group:\n" "\n" " ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" "4. List members of external members of ad_admins_external group to see their " "SIDs:\n" "\n" " ipa group-show ad_admins_external\n" msgstr "" #: ipaserver/plugins/group.py:165 ipaclient/remote_plugins/2_114/group.py:304 msgid "External member" msgstr "" #: ipaserver/plugins/group.py:166 ipaclient/remote_plugins/2_114/group.py:305 msgid "Members of a trusted domain in DOM\\name or name@domain form" msgstr "" #: ipaserver/plugins/group.py:194 msgid "groups" msgstr "" #: ipaserver/plugins/group.py:315 msgid "User Group" msgstr "" #: ipaserver/plugins/group.py:335 ipaclient/remote_plugins/2_114/group.py:120 msgid "GID (use this option to set it manually)" msgstr "" #: ipaserver/plugins/group.py:344 ipaclient/remote_plugins/2_114/group.py:197 msgid "Create a new group." msgstr "" #: ipaserver/plugins/group.py:347 #, python-format msgid "Added group \"%(value)s\"" msgstr "" #: ipaserver/plugins/group.py:352 ipaclient/remote_plugins/2_114/group.py:238 msgid "Create as a non-POSIX group" msgstr "" #: ipaserver/plugins/group.py:357 ipaclient/remote_plugins/2_114/group.py:244 msgid "Allow adding external non-IPA members from trusted domains" msgstr "" #: ipaserver/plugins/group.py:370 msgid "gid cannot be set for external group" msgstr "" #: ipaserver/plugins/group.py:380 ipaclient/remote_plugins/2_114/group.py:366 msgid "Delete group." msgstr "" #: ipaserver/plugins/group.py:382 #, python-format msgid "Deleted group \"%(value)s\"" msgstr "" #: ipaserver/plugins/group.py:396 msgid "privileged group" msgstr "" #: ipaserver/plugins/group.py:426 ipaclient/remote_plugins/2_114/group.py:669 msgid "Modify a group." msgstr "" #: ipaserver/plugins/group.py:429 #, python-format msgid "Modified group \"%(value)s\"" msgstr "" #: ipaserver/plugins/group.py:434 ipaclient/remote_plugins/2_114/group.py:724 msgid "change to a POSIX group" msgstr "" #: ipaserver/plugins/group.py:438 ipaclient/remote_plugins/2_114/group.py:730 msgid "change to support external non-IPA members from trusted domains" msgstr "" #: ipaserver/plugins/group.py:498 ipaclient/remote_plugins/2_114/group.py:436 msgid "Search for groups." msgstr "" #: ipaserver/plugins/group.py:504 #, python-format msgid "%(count)d group matched" msgid_plural "%(count)d groups matched" msgstr[0] "" msgstr[1] "" #: ipaserver/plugins/group.py:510 ipaclient/remote_plugins/2_114/group.py:481 msgid "search for private groups" msgstr "" #: ipaserver/plugins/group.py:514 ipaclient/remote_plugins/2_114/group.py:487 msgid "search for POSIX groups" msgstr "" #: ipaserver/plugins/group.py:518 ipaclient/remote_plugins/2_114/group.py:493 msgid "" "search for groups with support of external non-IPA members from trusted " "domains" msgstr "" #: ipaserver/plugins/group.py:522 ipaclient/remote_plugins/2_114/group.py:499 msgid "search for non-POSIX groups" msgstr "" #: ipaserver/plugins/group.py:569 ipaclient/remote_plugins/2_114/group.py:859 msgid "Display information about a named group." msgstr "" #: ipaserver/plugins/group.py:592 ipaclient/remote_plugins/2_114/group.py:288 msgid "Add members to a group." msgstr "" #: ipaserver/plugins/group.py:643 ipaclient/remote_plugins/2_114/group.py:781 msgid "Remove members from a group." msgstr "" #: ipaserver/plugins/group.py:700 ipaclient/remote_plugins/2_114/group.py:404 msgid "Detach a managed group from a user." msgstr "" #: ipaserver/plugins/group.py:703 #, python-format msgid "Detached group \"%(value)s\" from user \"%(value)s\"" msgstr "" #: ipaserver/plugins/group.py:728 msgid "not allowed to modify user entries" msgstr "" #: ipaserver/plugins/group.py:739 msgid "not allowed to modify group entries" msgstr "" #: ipaserver/plugins/group.py:759 msgid "Not a managed group" msgstr "" #: ipaserver/plugins/group.py:781 msgid "Add users that can manage members of this group." msgstr "" #: ipaserver/plugins/group.py:789 msgid "Remove users that can manage members of this group." msgstr "" #: ipaserver/rpcserver.py:531 msgid "Request must be a dict" msgstr "" #: ipaserver/rpcserver.py:533 msgid "Request is missing \"method\"" msgstr "" #: ipaserver/rpcserver.py:535 msgid "Request is missing \"params\"" msgstr "" #: ipaserver/rpcserver.py:540 msgid "params must be a list" msgstr "" #: ipaserver/rpcserver.py:542 msgid "params must contain [args, options]" msgstr "" #: ipaserver/rpcserver.py:545 msgid "params[0] (aka args) must be a list" msgstr "" #: ipaserver/rpcserver.py:548 msgid "params[1] (aka options) must be a dict" msgstr "" #: ipaserver/dcerpc_common.py:20 msgid "Trusting forest" msgstr "" #: ipaserver/dcerpc_common.py:21 msgid "Trusted forest" msgstr "" #: ipaserver/dcerpc_common.py:26 msgid "Established and verified" msgstr "" #: ipaserver/dcerpc_common.py:27 msgid "Waiting for confirmation by remote side" msgstr "" #: ipaserver/dcerpc_common.py:30 msgid "Unknown" msgstr "" #: ipaserver/dcerpc_common.py:36 msgid "Non-Active Directory domain" msgstr "" #: ipaserver/dcerpc_common.py:38 msgid "RFC4120-compliant Kerberos realm" msgstr "" #: ipaserver/dcerpc_common.py:39 msgid "" "Non-transitive external trust to a domain in another Active Directory forest" msgstr "" #: ipaserver/dcerpc_common.py:41 msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm" msgstr "" #: ipaserver/topology.py:14 #, python-format msgid "" "\n" "Replication topology in suffix '%(suffix)s' is disconnected:\n" "%(errors)s" msgstr "" #: ipaserver/topology.py:18 #, python-format msgid "" "\n" "Removal of '%(hostname)s' leads to disconnected topology in suffix " "'%(suffix)s':\n" "%(errors)s" msgstr "" #: ipaserver/topology.py:121 #, python-format msgid "Topology does not allow server %(server)s to replicate with servers:" msgstr "" #: ipaserver/dcerpc.py:77 msgid "" "\n" "Classes to manage trust joins using DCE-RPC calls\n" "\n" "The code in this module relies heavily on samba4-python package\n" "and Samba4 python bindings.\n" msgstr "" #: ipaserver/dcerpc.py:97 msgid "CIFS server denied your credentials" msgstr "" #: ipaserver/dcerpc.py:101 msgid "communication with CIFS server was unsuccessful" msgstr "" #: ipaserver/dcerpc.py:107 ipaserver/dcerpc.py:1348 msgid "AD domain controller" msgstr "" #: ipaserver/dcerpc.py:108 msgid "unsupported functional level" msgstr "" #: ipaserver/dcerpc.py:111 msgid "" "AD domain controller complains about communication sequence. It may mean " "unsynchronized time on both sides, for example" msgstr "" #: ipaserver/dcerpc.py:119 ipaserver/dcerpc.py:125 ipaserver/dcerpc.py:128 msgid "Cannot find specified domain or server name" msgstr "" #: ipaserver/dcerpc.py:131 ipaserver/dcerpc.py:137 msgid "" "AD DC was unable to reach any IPA domain controller. Most likely it is a DNS " "or firewall issue" msgstr "" #: ipaserver/dcerpc.py:141 msgid "At least the domain or IP address should be specified" msgstr "" #: ipaserver/dcerpc.py:179 #, python-format msgid "" "CIFS server communication error: code \"%(num)s\", message \"%(message)s" "\" (both may be \"None\")" msgstr "" #: ipaserver/dcerpc.py:283 msgid "no trusted domain is configured" msgstr "" #: ipaserver/dcerpc.py:291 msgid "domain is not configured" msgstr "" #: ipaserver/dcerpc.py:298 msgid "SID is not valid" msgstr "" #: ipaserver/dcerpc.py:313 msgid "SID does not match exactlywith any trusted domain's SID" msgstr "" #: ipaserver/dcerpc.py:324 msgid "SID does not match any trusted domain" msgstr "" #: ipaserver/dcerpc.py:366 ipaserver/dcerpc.py:373 ipaserver/dcerpc.py:701 msgid "Trust setup" msgstr "" #: ipaserver/dcerpc.py:367 msgid "Our domain is not configured" msgstr "" #: ipaserver/dcerpc.py:374 msgid "No trusted domain is not configured" msgstr "" #: ipaserver/dcerpc.py:380 ipaserver/dcerpc.py:396 ipaserver/dcerpc.py:414 #: ipaserver/dcerpc.py:420 ipaserver/dcerpc.py:428 ipaserver/dcerpc.py:443 #: ipaserver/dcerpc.py:451 ipaserver/dcerpc.py:515 ipaserver/dcerpc.py:571 msgid "trusted domain object" msgstr "" #: ipaserver/dcerpc.py:381 msgid "domain is not trusted" msgstr "" #: ipaserver/dcerpc.py:397 msgid "no trusted domain matched the specified flat name" msgstr "" #: ipaserver/dcerpc.py:401 msgid "trusted domain object not found" msgstr "" #: ipaserver/dcerpc.py:415 msgid "Object does not belong to a trusted domain" msgstr "" #: ipaserver/dcerpc.py:421 msgid "SSSD was unable to resolve the object to a valid SID" msgstr "" #: ipaserver/dcerpc.py:429 ipaserver/dcerpc.py:572 msgid "Ambiguous search, user domain was not specified" msgstr "" #: ipaserver/dcerpc.py:444 ipaserver/dcerpc.py:516 msgid "Trusted domain did not return a unique object" msgstr "" #: ipaserver/dcerpc.py:452 msgid "Trusted domain did not return a valid SID for the object" msgstr "" #: ipaserver/dcerpc.py:556 ipaserver/dcerpc.py:567 msgid "trusted domain user not found" msgstr "" #: ipaserver/dcerpc.py:702 msgid "Cannot retrieve trusted domain GC list" msgstr "" #: ipaserver/dcerpc.py:850 msgid "CIFS credentials object" msgstr "" #: ipaserver/dcerpc.py:888 #, python-format msgid "CIFS server %(host)s denied your credentials" msgstr "" #: ipaserver/dcerpc.py:893 #, python-format msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?" msgstr "" #: ipaserver/dcerpc.py:1309 #, python-format msgid "" "the IPA server and the remote domain cannot share the same NetBIOS name: %s" msgstr "" #: ipaserver/dcerpc.py:1337 #, python-brace-format msgid "" "There is already a trust to {ipa_domain} with unsupported type {trust_type}. " "Please remove it manually on AD DC side." msgstr "" #: ipaserver/dcerpc.py:1465 #, python-format msgid "" "IPA master denied trust validation requests from AD DC %(count)d times. Most " "likely AD DC contacted a replica that has no trust information replicated " "yet. Additionally, please check that AD DNS is able to resolve %(records)s " "SRV records to the correct IPA server." msgstr "" #: ipaserver/dcerpc.py:1535 msgid "Credentials" msgstr "" #: ipaserver/dcerpc.py:1536 msgid "Missing credentials for cross-forest communication" msgstr "" #: ipaserver/servroles.py:296 #, python-format msgid "all masters must have %(role)s role enabled" msgstr "" #: ipaserver/servroles.py:401 #, python-format msgid "must have %(role)s role enabled" msgstr "" #: ipaserver/servroles.py:443 msgid "must be enabled only on a single master" msgstr "" #: ipatests/test_ipalib/test_frontend.py:206 #, python-format msgid "must equal %r" msgstr "" #: ipatests/test_ipalib/test_parameters.py:232 msgid "Hello world" msgstr "" #: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:63 #: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:71 #, python-format msgid "%s: RADIUS proxy server not found" msgstr "" #: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:119 #, python-format msgid "RADIUS proxy server with name \"%s\" already exists" msgstr "" #: ipatests/test_xmlrpc/test_radiusproxy_plugin.py:178 msgid "must be at least 1" msgstr "" #: util/ipa_ldap.c:79 #, c-format msgid "Unable to initialize connection to ldap server %1$s: %2$s\n" msgstr "" #: util/ipa_ldap.c:89 msgid "Unable to set LDAP_OPT_PROTOCOL_VERSION\n" msgstr "" #: util/ipa_ldap.c:97 msgid "Unable to set LDAP_OPT_X_SASL_NOCANON\n" msgstr "" #: util/ipa_ldap.c:126 msgid "Unable to set LDAP_OPT_X_TLS_CACERTFILE\n" msgstr "" #: util/ipa_ldap.c:133 msgid "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT\n" msgstr "" #: util/ipa_ldap.c:140 msgid "Unable to set LDAP_OPT_X_TLS_PROTOCOL_MIN\n" msgstr "" #: util/ipa_ldap.c:147 msgid "" "Unable to create new TLS context (OpenSSL failed to initialize or to load " "certificates)\n" msgstr "" #: util/ipa_ldap.c:156 msgid "Unable to initialize STARTTLS session\n" msgstr "" #: util/ipa_krb5.c:813 util/ipa_krb5.c:828 msgid "Out of memory\n" msgstr "" #: util/ipa_krb5.c:846 msgid "Warning unrecognized encryption type.\n" msgstr "" #: util/ipa_krb5.c:860 msgid "Warning unrecognized salt type.\n" msgstr "" #: util/ipa_krb5.c:892 client/ipa-getkeytab.c:835 #, c-format msgid "No system preferred enctypes ?!\n" msgstr "" #: util/ipa_krb5.c:900 msgid "Out of memory!?\n" msgstr "" #: util/ipa_krb5.c:935 msgid "Enctype comparison failed!\n" msgstr "" #: util/ipa_krb5.c:988 msgid "Password is too long!\n" msgstr "" #: util/ipa_krb5.c:1004 msgid "Failed to create random key!\n" msgstr "" #: util/ipa_krb5.c:1017 util/ipa_krb5.c:1035 util/ipa_krb5.c:1043 #: util/ipa_krb5.c:1083 msgid "Failed to create key!\n" msgstr "" #: util/ipa_krb5.c:1024 util/ipa_krb5.c:1058 client/ipa-join.c:404 #: client/ipa-join.c:422 client/ipa-join.c:521 client/ipa-join.c:715 #: client/ipa-join.c:779 #, c-format msgid "Out of memory!\n" msgstr "" #: util/ipa_krb5.c:1069 msgid "Bad or unsupported salt type.\n" msgstr "" #: client/ipa-rmkeytab.c:43 #, c-format msgid "Unable to parse principal name\n" msgstr "" #: client/ipa-rmkeytab.c:45 #, c-format msgid "krb5_parse_name %1$d: %2$s\n" msgstr "" #: client/ipa-rmkeytab.c:55 #, c-format msgid "Removing principal %s\n" msgstr "" #: client/ipa-rmkeytab.c:68 #, c-format msgid "Failed to open keytab\n" msgstr "" #: client/ipa-rmkeytab.c:72 #, c-format msgid "principal not found\n" msgstr "" #: client/ipa-rmkeytab.c:74 #, c-format msgid "krb5_kt_get_entry %1$d: %2$s\n" msgstr "" #: client/ipa-rmkeytab.c:82 #, c-format msgid "Unable to remove entry\n" msgstr "" #: client/ipa-rmkeytab.c:84 #, c-format msgid "kvno %d\n" msgstr "" #: client/ipa-rmkeytab.c:85 #, c-format msgid "krb5_kt_remove_entry %1$d: %2$s\n" msgstr "" #: client/ipa-rmkeytab.c:119 #, c-format msgid "Unable to parse principal\n" msgstr "" #: client/ipa-rmkeytab.c:121 #, c-format msgid "krb5_unparse_name %1$d: %2$s\n" msgstr "" #: client/ipa-rmkeytab.c:143 #, c-format msgid "realm not found\n" msgstr "" #: client/ipa-rmkeytab.c:169 msgid "Print debugging information" msgstr "" #: client/ipa-rmkeytab.c:169 msgid "Debugging output" msgstr "" #: client/ipa-rmkeytab.c:171 msgid "" "The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)" msgstr "" #: client/ipa-rmkeytab.c:172 client/ipa-getkeytab.c:769 msgid "Kerberos Service Principal Name" msgstr "" #: client/ipa-rmkeytab.c:174 msgid "The keytab file to remove the principcal(s) from" msgstr "" #: client/ipa-rmkeytab.c:174 client/ipa-getkeytab.c:773 msgid "Keytab File Name" msgstr "" #: client/ipa-rmkeytab.c:176 msgid "Remove all principals in this realm" msgstr "" #: client/ipa-rmkeytab.c:190 client/ipa-getkeytab.c:822 #, c-format msgid "Kerberos context initialization failed\n" msgstr "" #: client/ipa-rmkeytab.c:230 client/ipa-rmkeytab.c:237 #, c-format msgid "Failed to open keytab '%1$s': %2$s\n" msgstr "" #: client/ipa-rmkeytab.c:253 #, c-format msgid "Closing keytab failed\n" msgstr "" #: client/ipa-rmkeytab.c:255 #, c-format msgid "krb5_kt_close %1$d: %2$s\n" msgstr "" #: client/ipa-join.c:64 #, c-format msgid "No permission to join this host to the IPA domain.\n" msgstr "" #: client/ipa-join.c:93 client/ipa-join.c:105 #, c-format msgid "No write permissions on keytab file '%s'\n" msgstr "" #: client/ipa-join.c:110 #, c-format msgid "access() on %1$s failed: errno = %2$d\n" msgstr "" #: client/ipa-join.c:133 client/ipa-join.c:162 client/ipa-join.c:214 #, c-format msgid "Out of memory!" msgstr "" #: client/ipa-join.c:225 #, c-format msgid "Unable to enable SSL in LDAP\n" msgstr "" #: client/ipa-join.c:243 client/ipa-getkeytab.c:221 msgid "SASL Bind failed\n" msgstr "" #: client/ipa-join.c:317 #, c-format msgid "Search for %1$s on rootdse failed with error %2$d\n" msgstr "" #: client/ipa-join.c:337 #, c-format msgid "No values for %s" msgstr "" #: client/ipa-join.c:347 #, c-format msgid "Search for IPA namingContext failed with error %d\n" msgstr "" #: client/ipa-join.c:353 #, c-format msgid "IPA namingContext not found\n" msgstr "" #: client/ipa-join.c:411 #, c-format msgid "Unable to determine root DN of %s\n" msgstr "" #: client/ipa-join.c:457 #, c-format msgid "Enrollment failed. %s\n" msgstr "" #: client/ipa-join.c:580 #, c-format msgid "principal not found in XML-RPC response\n" msgstr "" #: client/ipa-join.c:595 #, c-format msgid "Host is already joined.\n" msgstr "" #: client/ipa-join.c:658 client/ipa-join.c:865 #, c-format msgid "Unable to determine IPA server from %s\n" msgstr "" #: client/ipa-join.c:679 client/ipa-join.c:880 #, c-format msgid "The hostname must be fully-qualified: %s\n" msgstr "" #: client/ipa-join.c:688 client/ipa-join.c:896 #, c-format msgid "Unable to join host: Kerberos context initialization failed\n" msgstr "" #: client/ipa-join.c:696 #, c-format msgid "Error resolving keytab: %s.\n" msgstr "" #: client/ipa-join.c:705 #, c-format msgid "Error getting default Kerberos realm: %s.\n" msgstr "" #: client/ipa-join.c:723 #, c-format msgid "Error parsing \"%1$s\": %2$s.\n" msgstr "" #: client/ipa-join.c:742 #, c-format msgid "Error obtaining initial credentials: %s.\n" msgstr "" #: client/ipa-join.c:754 #, c-format msgid "Unable to generate Kerberos Credential Cache\n" msgstr "" #: client/ipa-join.c:762 #, c-format msgid "Error storing creds in credential cache: %s.\n" msgstr "" #: client/ipa-join.c:810 #, c-format msgid "Unenrollment successful.\n" msgstr "" #: client/ipa-join.c:813 #, c-format msgid "Unenrollment failed.\n" msgstr "" #: client/ipa-join.c:818 #, c-format msgid "result not found in XML-RPC response\n" msgstr "" #: client/ipa-join.c:886 #, c-format msgid "The hostname must not be: %s\n" msgstr "" #: client/ipa-join.c:903 #, c-format msgid "Unable to join host: Kerberos Credential Cache not found\n" msgstr "" #: client/ipa-join.c:911 #, c-format msgid "" "Unable to join host: Kerberos User Principal not found and host password not " "provided.\n" msgstr "" #: client/ipa-join.c:926 #, c-format msgid "fork() failed\n" msgstr "" #: client/ipa-join.c:955 #, c-format msgid "ipa-getkeytab not found\n" msgstr "" #: client/ipa-join.c:958 #, c-format msgid "ipa-getkeytab has bad permissions?\n" msgstr "" #: client/ipa-join.c:961 #, c-format msgid "executing ipa-getkeytab failed, errno %d\n" msgstr "" #: client/ipa-join.c:973 #, c-format msgid "child exited with %d\n" msgstr "" #: client/ipa-join.c:1013 msgid "Print the raw XML-RPC output in GSSAPI mode" msgstr "" #: client/ipa-join.c:1015 msgid "Quiet mode. Only errors are displayed." msgstr "" #: client/ipa-join.c:1017 msgid "Unenroll this host from IPA server" msgstr "" #: client/ipa-join.c:1019 msgid "Hostname of this server" msgstr "" #: client/ipa-join.c:1019 client/ipa-join.c:1021 msgid "hostname" msgstr "" #: client/ipa-join.c:1021 msgid "IPA Server to use" msgstr "" #: client/ipa-join.c:1023 msgid "Specifies where to store keytab information." msgstr "" #: client/ipa-join.c:1023 msgid "filename" msgstr "" #: client/ipa-join.c:1025 msgid "Force the host join. Rejoin even if already joined." msgstr "" #: client/ipa-join.c:1027 msgid "LDAP password (if not using Kerberos)" msgstr "" #: client/ipa-join.c:1027 msgid "password" msgstr "" #: client/ipa-join.c:1029 msgid "LDAP basedn" msgstr "" #: client/ipa-join.c:1029 msgid "basedn" msgstr "" #: client/config.c:56 #, c-format msgid "cannot open configuration file %s\n" msgstr "" #: client/config.c:63 #, c-format msgid "cannot stat() configuration file %s\n" msgstr "" #: client/config.c:69 #, c-format msgid "out of memory\n" msgstr "" #: client/config.c:80 #, c-format msgid "read error\n" msgstr "" #: client/ipa-getkeytab.c:84 #, c-format msgid "Kerberos context initialization failed: %1$s (%2$d)\n" msgstr "" #: client/ipa-getkeytab.c:95 #, c-format msgid "Unable to parse principal: %1$s (%2$d)\n" msgstr "" #: client/ipa-getkeytab.c:150 #, c-format msgid "No keys accepted by KDC\n" msgstr "" #: client/ipa-getkeytab.c:168 #, c-format msgid "Out of memory \n" msgstr "" #: client/ipa-getkeytab.c:191 #, c-format msgid "Unable to initialize ldap library!\n" msgstr "" #: client/ipa-getkeytab.c:207 msgid "Simple bind failed\n" msgstr "" #: client/ipa-getkeytab.c:252 #, c-format msgid "Operation failed: %s\n" msgstr "" #: client/ipa-getkeytab.c:261 #, c-format msgid "Failed to get result: %s\n" msgstr "" #: client/ipa-getkeytab.c:265 #, c-format msgid "Timeout exceeded." msgstr "" #: client/ipa-getkeytab.c:271 #, c-format msgid "Failed to parse extended result: %s\n" msgstr "" #: client/ipa-getkeytab.c:278 #, c-format msgid "Failed to parse result: %s\n" msgstr "" #: client/ipa-getkeytab.c:297 #, c-format msgid "Missing reply control list!\n" msgstr "" #: client/ipa-getkeytab.c:307 #, c-format msgid "Missing reply control!\n" msgstr "" #: client/ipa-getkeytab.c:349 #, c-format msgid "Out of Memory!\n" msgstr "" #: client/ipa-getkeytab.c:356 client/ipa-getkeytab.c:518 #, c-format msgid "Failed to create control!\n" msgstr "" #: client/ipa-getkeytab.c:362 client/ipa-getkeytab.c:526 #, c-format msgid "Failed to bind to server!\n" msgstr "" #: client/ipa-getkeytab.c:369 #, c-format msgid "Failed to get keytab!\n" msgstr "" #: client/ipa-getkeytab.c:378 #, c-format msgid "ber_init() failed, Invalid control ?!\n" msgstr "" #: client/ipa-getkeytab.c:397 #, c-format msgid "ber_scanf() failed, unable to find kvno ?!\n" msgstr "" #: client/ipa-getkeytab.c:409 #, c-format msgid "Failed to retrieve encryption type type #%d\n" msgstr "" #: client/ipa-getkeytab.c:413 #, c-format msgid "Failed to retrieve encryption type %1$s (#%2$d)\n" msgstr "" #: client/ipa-getkeytab.c:423 #, c-format msgid "Failed to retrieve any keys" msgstr "" #: client/ipa-getkeytab.c:541 msgid "Failed to decode control reply!\n" msgstr "" #: client/ipa-getkeytab.c:603 #, c-format msgid "Passwords do not match!\n" msgstr "" #: client/ipa-getkeytab.c:632 #, c-format msgid "Failed to open config file %s\n" msgstr "" #: client/ipa-getkeytab.c:642 #, c-format msgid "Failed to parse config file %s\n" msgstr "" #: client/ipa-getkeytab.c:720 msgid "Failed to resolve symlink to keytab.\n" msgstr "" #: client/ipa-getkeytab.c:731 msgid "keytab is a dangling symlink and owned by another user.\n" msgstr "" #: client/ipa-getkeytab.c:763 msgid "Print as little as possible" msgstr "" #: client/ipa-getkeytab.c:763 msgid "Output only on errors" msgstr "" #: client/ipa-getkeytab.c:765 msgid "Contact this specific KDC Server" msgstr "" #: client/ipa-getkeytab.c:766 msgid "Server Name" msgstr "" #: client/ipa-getkeytab.c:768 msgid "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)" msgstr "" #: client/ipa-getkeytab.c:771 msgid "" "The keytab file to append the new key to (will be created if it does not " "exist)." msgstr "" #: client/ipa-getkeytab.c:775 msgid "Encryption types to request" msgstr "" #: client/ipa-getkeytab.c:776 msgid "Comma separated encryption types list" msgstr "" #: client/ipa-getkeytab.c:778 msgid "Show the list of permitted encryption types and exit" msgstr "" #: client/ipa-getkeytab.c:779 msgid "Permitted Encryption Types" msgstr "" #: client/ipa-getkeytab.c:781 msgid "Asks for a non-random password to use for the principal" msgstr "" #: client/ipa-getkeytab.c:783 msgid "LDAP DN" msgstr "" #: client/ipa-getkeytab.c:783 msgid "DN to bind as if not using kerberos" msgstr "" #: client/ipa-getkeytab.c:785 msgid "LDAP password" msgstr "" #: client/ipa-getkeytab.c:785 msgid "password to use if not using kerberos" msgstr "" #: client/ipa-getkeytab.c:787 msgid "Prompt for LDAP password" msgstr "" #: client/ipa-getkeytab.c:789 msgid "Path to the IPA CA certificate" msgstr "" #: client/ipa-getkeytab.c:789 msgid "IPA CA certificate" msgstr "" #: client/ipa-getkeytab.c:791 msgid "LDAP uri to connect to. Mutually exclusive with --server" msgstr "" #: client/ipa-getkeytab.c:792 msgid "url" msgstr "" #: client/ipa-getkeytab.c:794 msgid "LDAP SASL bind mechanism if no bindd/bindpw" msgstr "" #: client/ipa-getkeytab.c:795 msgid "GSSAPI|EXTERNAL" msgstr "" #: client/ipa-getkeytab.c:797 msgid "Retrieve current keys without changing them" msgstr "" #: client/ipa-getkeytab.c:838 #, c-format msgid "Supported encryption types:\n" msgstr "" #: client/ipa-getkeytab.c:842 #, c-format msgid "Warning: failed to convert type (#%d)\n" msgstr "" #: client/ipa-getkeytab.c:860 #, c-format msgid "Bind password already provided (-w).\n" msgstr "" #: client/ipa-getkeytab.c:868 msgid "Enter LDAP password" msgstr "" #: client/ipa-getkeytab.c:876 #, c-format msgid "Bind password required when using a bind DN (-w or -W).\n" msgstr "" #: client/ipa-getkeytab.c:883 #, c-format msgid "Cannot specify both SASL mechanism and bind DN simultaneously.\n" msgstr "" #: client/ipa-getkeytab.c:891 #, c-format msgid "Invalid SASL bind mechanism\n" msgstr "" #: client/ipa-getkeytab.c:902 #, c-format msgid "Cannot specify server and LDAP uri simultaneously.\n" msgstr "" #: client/ipa-getkeytab.c:919 #, c-format msgid "Server name not provided and unavailable\n" msgstr "" #: client/ipa-getkeytab.c:935 #, c-format msgid "Incompatible options provided (-r and -P)\n" msgstr "" #: client/ipa-getkeytab.c:940 msgid "New Principal Password" msgstr "" #: client/ipa-getkeytab.c:941 msgid "Verify Principal Password" msgstr "" #: client/ipa-getkeytab.c:947 #, c-format msgid "" "Warning: salt types are not honored with randomized passwords (see opt. -P)\n" msgstr "" #: client/ipa-getkeytab.c:954 #, c-format msgid "Invalid Service Principal Name\n" msgstr "" #: client/ipa-getkeytab.c:962 #, c-format msgid "Kerberos Credential Cache not found. Do you have a Kerberos Ticket?\n" msgstr "" #: client/ipa-getkeytab.c:970 #, c-format msgid "" "Kerberos User Principal not found. Do you have a valid Credential Cache?\n" msgstr "" #: client/ipa-getkeytab.c:984 #, c-format msgid "Failed to open Keytab\n" msgstr "" #: client/ipa-getkeytab.c:1002 #, c-format msgid "Retrying with pre-4.0 keytab retrieval method...\n" msgstr "" #: client/ipa-getkeytab.c:1012 #, c-format msgid "Failed to create key material\n" msgstr "" #: client/ipa-getkeytab.c:1022 #, c-format msgid "Failed to get keytab\n" msgstr "" #: client/ipa-getkeytab.c:1036 #, c-format msgid "Failed to add key to the keytab\n" msgstr "" #: client/ipa-getkeytab.c:1045 #, c-format msgid "Failed to close the keytab\n" msgstr "" #: client/ipa-getkeytab.c:1051 #, c-format msgid "Keytab successfully retrieved and stored in: %s\n" msgstr "" #: ipaclient/plugins/automount.py:101 msgid "maps not connected to /etc/auto.master:" msgstr "" #: ipaclient/plugins/automount.py:118 msgid "Import automount files for a specific location." msgstr "" #: ipaclient/plugins/automount.py:122 msgid "Master file" msgstr "" #: ipaclient/plugins/automount.py:123 msgid "Automount master file." msgstr "" #: ipaclient/plugins/automount.py:130 msgid "" "Continuous operation mode. Errors are reported but the process continues." msgstr "" #: ipaclient/plugins/automount.py:148 #, python-format msgid "File %(file)s not found" msgstr "" #: ipaclient/plugins/automount.py:198 #, python-format msgid "key %(key)s already exists" msgstr "" #: ipaclient/plugins/automount.py:213 #, python-format msgid "map %(map)s already exists" msgstr "" #: ipaclient/plugins/automount.py:262 msgid "Imported maps:" msgstr "" #: ipaclient/plugins/automount.py:265 #, python-format msgid "Added %(map)s" msgstr "" #: ipaclient/plugins/automount.py:269 msgid "Imported keys:" msgstr "" #: ipaclient/plugins/automount.py:272 #, python-format msgid "Added %(src)s to %(dst)s" msgstr "" #: ipaclient/plugins/automount.py:279 msgid "Ignored keys:" msgstr "" #: ipaclient/plugins/automount.py:282 #, python-format msgid "Ignored %(src)s to %(dst)s" msgstr "" #: ipaclient/plugins/automount.py:290 msgid "Duplicate maps skipped:" msgstr "" #: ipaclient/plugins/automount.py:293 #, python-format msgid "Skipped %(map)s" msgstr "" #: ipaclient/plugins/automount.py:299 msgid "Duplicate keys skipped:" msgstr "" #: ipaclient/plugins/automount.py:302 #, python-format msgid "Skipped %(key)s" msgstr "" #: ipaclient/plugins/certprofile.py:25 #, python-format msgid "Profile configuration stored in file '%(file)s'" msgstr "" #: ipaclient/plugins/location.py:23 msgid "Servers details:" msgstr "" #: ipaclient/plugins/server.py:20 #, python-format msgid "Removing %(servers)s from replication topology, please wait..." msgstr "" #: ipaclient/plugins/sudorule.py:30 #, python-format msgid "Enabled Sudo Rule \"%s\"" msgstr "" #: ipaclient/plugins/sudorule.py:36 #, python-format msgid "Disabled Sudo Rule \"%s\"" msgstr "" #: ipaclient/plugins/sudorule.py:43 #, python-format msgid "Added option \"%(option)s\" to Sudo Rule \"%(rule)s\"" msgstr "" #: ipaclient/plugins/sudorule.py:54 #, python-format msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\"" msgstr "" #: ipaclient/plugins/topology.py:25 #, python-format msgid "Replication topology of suffix \"%(suffix)s\" is in order." msgstr "" #: ipaclient/plugins/topology.py:30 #, python-format msgid "Replication topology of suffix \"%(suffix)s\" contains errors." msgstr "" #: ipaclient/plugins/topology.py:33 msgid "Topology is disconnected" msgstr "" #: ipaclient/plugins/topology.py:35 #, python-format msgid "Server %(srv)s can't contact servers: %(replicas)s" msgstr "" #: ipaclient/plugins/topology.py:40 msgid "Recommended maximum number of agreements per replica exceeded" msgstr "" #: ipaclient/plugins/topology.py:43 msgid "Maximum number of agreements per replica" msgstr "" #: ipaclient/plugins/topology.py:47 #, python-format msgid "Server \"%(srv)s\" has %(n)d agreements with servers:" msgstr "" #: ipaclient/plugins/service.py:43 ipaclient/plugins/user.py:74 #: ipaclient/plugins/host.py:41 #, python-format msgid "Certificate(s) stored in file '%(file)s'" msgstr "" #: ipaclient/plugins/user.py:40 msgid "Delete a user, keeping the entry available for future use" msgstr "" #: ipaclient/plugins/user.py:45 msgid "Delete a user" msgstr "" #: ipaclient/plugins/user.py:54 msgid "preserve and no-preserve cannot be both set" msgstr "" #: ipaclient/plugins/otptoken.py:66 msgid "" "Unable to display QR code using the configured output encoding. Please use " "the token URI to configure your OTP device" msgstr "" #: ipaclient/plugins/otptoken.py:82 msgid "" "QR code width is greater than that of the output tty. Please resize your " "terminal." msgstr "" #: ipaclient/plugins/otptoken.py:137 msgid "Synchronize an OTP token." msgstr "" #: ipaclient/plugins/otptoken.py:142 msgid "User ID" msgstr "" #: ipaclient/plugins/otptoken.py:144 msgid "First Code" msgstr "" #: ipaclient/plugins/otptoken.py:145 msgid "Second Code" msgstr "" #: ipaclient/plugins/vault.py:67 ipaclient/plugins/vault.py:831 #, python-format msgid "Cannot read file '%(filename)s': %(exc)s" msgstr "" #: ipaclient/plugins/vault.py:74 #, python-format msgid "Cannot decode file '%(filename)s': %(exc)s" msgstr "" #: ipaclient/plugins/vault.py:181 msgid "Create a new vault." msgstr "" #: ipaclient/plugins/vault.py:187 ipaclient/plugins/vault.py:726 #: ipaclient/plugins/vault.py:959 msgid "Vault password" msgstr "" #: ipaclient/plugins/vault.py:192 ipaclient/plugins/vault.py:731 #: ipaclient/plugins/vault.py:964 msgid "File containing the vault password" msgstr "" #: ipaclient/plugins/vault.py:197 msgid "File containing the vault public key" msgstr "" #: ipaclient/plugins/vault.py:257 msgid "Password can be specified only for symmetric vault" msgstr "" #: ipaclient/plugins/vault.py:263 msgid "Public key can be specified only for asymmetric vault" msgstr "" #: ipaclient/plugins/vault.py:283 ipaclient/plugins/vault.py:864 #: ipaclient/plugins/vault.py:1092 msgid "Password specified multiple times" msgstr "" #: ipaclient/plugins/vault.py:306 msgid "Public key specified multiple times" msgstr "" #: ipaclient/plugins/vault.py:322 msgid "Missing vault public key" msgstr "" #: ipaclient/plugins/vault.py:334 #, python-format msgid "Invalid or unsupported vault public key: %s" msgstr "" #: ipaclient/plugins/vault.py:378 msgid "Old vault password" msgstr "" #: ipaclient/plugins/vault.py:383 msgid "File containing the old vault password" msgstr "" #: ipaclient/plugins/vault.py:388 msgid "New vault password" msgstr "" #: ipaclient/plugins/vault.py:393 msgid "File containing the new vault password" msgstr "" #: ipaclient/plugins/vault.py:398 msgid "Old vault private key" msgstr "" #: ipaclient/plugins/vault.py:403 msgid "File containing the old vault private key" msgstr "" #: ipaclient/plugins/vault.py:408 msgid "File containing the new vault public key" msgstr "" #: ipaclient/plugins/vault.py:514 msgid "New public key specified multiple times" msgstr "" #: ipaclient/plugins/vault.py:527 msgid "Missing new vault public key" msgstr "" #: ipaclient/plugins/vault.py:717 msgid "Binary data to archive" msgstr "" #: ipaclient/plugins/vault.py:721 msgid "File containing data to archive" msgstr "" #: ipaclient/plugins/vault.py:735 msgid "Override existing password" msgstr "" #: ipaclient/plugins/vault.py:817 msgid "Input data specified multiple times" msgstr "" #: ipaclient/plugins/vault.py:822 ipaclient/plugins/vault.py:835 #, python-format msgid "" "Size of data exceeds the limit. Current vault data size limit is %(limit)d B" msgstr "" #: ipaclient/plugins/vault.py:918 ipaclient/plugins/vault.py:1142 msgid "Invalid vault type" msgstr "" #: ipaclient/plugins/vault.py:949 msgid "Retrieve a data from a vault." msgstr "" #: ipaclient/plugins/vault.py:954 msgid "File to store retrieved data" msgstr "" #: ipaclient/plugins/vault.py:969 msgid "Vault private key" msgstr "" #: ipaclient/plugins/vault.py:974 msgid "File containing the vault private key" msgstr "" #: ipaclient/plugins/vault.py:1118 msgid "Private key specified multiple times" msgstr "" #: ipaclient/plugins/vault.py:1131 msgid "Missing vault private key" msgstr "" #: ipaclient/plugins/cert.py:44 ipaclient/plugins/ca.py:19 msgid "Write certificate (chain if --chain used) to file" msgstr "" #: ipaclient/plugins/cert.py:79 msgid "Path to NSS database" msgstr "" #: ipaclient/plugins/cert.py:80 msgid "Path to NSS database to use for private key" msgstr "" #: ipaclient/plugins/cert.py:84 msgid "Path to private key file" msgstr "" #: ipaclient/plugins/cert.py:85 msgid "Path to PEM file containing a private key" msgstr "" #: ipaclient/plugins/cert.py:90 msgid "File containing a password for the private key or database" msgstr "" #: ipaclient/plugins/cert.py:94 msgid "Name of CSR generation profile (if not the same as profile_id)" msgstr "" #: ipaclient/plugins/cert.py:147 msgid "Generated CSR was empty" msgstr "" #: ipaclient/plugins/cert.py:152 msgid "Options 'database' and 'private_key' are not compatible with 'csr'" msgstr "" #: ipaclient/plugins/cert.py:187 msgid "Unrevoked" msgstr "" #: ipaclient/plugins/cert.py:200 msgid "Input filename" msgstr "" #: ipaclient/plugins/cert.py:201 msgid "File to load the certificate from." msgstr "" #: ipaclient/plugins/cert.py:210 ipaclient/plugins/certmap.py:41 msgid "cannot specify both raw certificate and file" msgstr "" #: ipaclient/plugins/certmap.py:19 msgid "Input file" msgstr "" #: ipaclient/plugins/certmap.py:20 msgid "File to load the certificate from" msgstr "" #: ipaclient/plugins/csrgen.py:25 msgid "" "\n" "Commands to build certificate requests automatically\n" msgstr "" #: ipaclient/plugins/csrgen.py:32 msgid "Gather data for a certificate signing request." msgstr "" #: ipaclient/plugins/csrgen.py:46 msgid "CSR Generation Profile to use" msgstr "" #: ipaclient/plugins/csrgen.py:50 msgid "Subject Public Key Info" msgstr "" #: ipaclient/plugins/csrgen.py:51 msgid "DER-encoded SubjectPublicKeyInfo structure" msgstr "" #: ipaclient/plugins/csrgen.py:55 msgid "Write CertificationRequestInfo to file" msgstr "" #: ipaclient/plugins/csrgen.py:70 msgid "CertificationRequestInfo structure" msgstr "" #: ipaclient/plugins/migration.py:37 msgid "" "Migration mode is disabled.\n" "Use 'ipa config-mod --enable-migration=TRUE' to enable it." msgstr "" #: ipaclient/plugins/migration.py:41 msgid "" "Passwords have been migrated in pre-hashed format.\n" "IPA is unable to generate Kerberos keys unless provided\n" "with clear text passwords. All migrated users need to\n" "login at https://your.domain/ipa/migration/ before they\n" "can use their Kerberos accounts." msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:35 msgid "python-yubico is not installed." msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:40 msgid "" "\n" "YubiKey Tokens\n" msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:42 msgid "" "\n" "Manage YubiKey tokens.\n" msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:44 msgid "" "\n" "This code is an extension to the otptoken plugin and provides support for\n" "reading/writing YubiKey tokens directly.\n" msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:49 msgid "" "\n" " Add a new token:\n" " ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n" msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:72 msgid "Add a new YubiKey OTP token." msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:77 msgid "YubiKey slot" msgstr "" #: ipaclient/plugins/otptoken_yubikey.py:146 msgid "No free YubiKey slot!" msgstr "" #: ipaclient/plugins/dns.py:237 msgid "Please choose a type of DNS resource record to be added" msgstr "" #: ipaclient/plugins/dns.py:238 #, python-format msgid "The most common types for this type of zone are: %s\n" msgstr "" #: ipaclient/plugins/dns.py:243 msgid "DNS resource record type" msgstr "" #: ipaclient/plugins/dns.py:261 #, python-format msgid "Invalid or unsupported type. Allowed values are: %s" msgstr "" #: ipaclient/plugins/dns.py:286 msgid "No option to modify specific record provided." msgstr "" #: ipaclient/plugins/dns.py:289 ipaclient/plugins/dns.py:355 msgid "Current DNS record contents:\n" msgstr "" #: ipaclient/plugins/dns.py:312 #, python-format msgid "Modify %(name)s '%(value)s'?" msgstr "" #: ipaclient/plugins/dns.py:321 #, python-format msgid "" "%(count)d %(type)s record skipped. Only one value per DNS record type can be " "modified at one time." msgid_plural "" "%(count)d %(type)s records skipped. Only one value per DNS record type can " "be modified at one time." msgstr[0] "" msgstr[1] "" #: ipaclient/plugins/dns.py:347 msgid "No option to delete specific record provided." msgstr "" #: ipaclient/plugins/dns.py:348 msgid "Delete all?" msgstr "" #: ipaclient/plugins/dns.py:376 #, python-format msgid "Delete %(name)s '%(value)s'?" msgstr "" #: ipaclient/plugins/dns.py:392 ipaclient/plugins/dns.py:409 #: ipaclient/plugins/dns.py:421 msgid "Server will check DNS forwarder(s)." msgstr "" #: ipaclient/plugins/dns.py:394 ipaclient/plugins/dns.py:411 #: ipaclient/plugins/dns.py:423 msgid "This may take some time, please wait ..." msgstr "" #: ipaclient/plugins/dns.py:403 msgid "DNS forwarder" msgstr "" #: ipaclient/plugins/dns.py:434 msgid "file to store DNS records in nsupdate format" msgstr "" msgid "Results should contain primary key attribute only (\"name\")" msgstr "" msgid "Time limit of search in seconds" msgstr "" msgid "Maximum number of entries returned" msgstr "" msgid "Rename the automount key object" msgstr "" msgid "Results should contain primary key attribute only (\"location\")" msgstr "" msgid "Results should contain primary key attribute only (\"map\")" msgstr "" msgid "" "\n" "Plugin to make multiple ipa calls via one remote procedure call\n" "\n" "To run this code in the lite-server\n" "\n" "curl -H \"Content-Type:application/json\" -H \"Accept:application/" "json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /" "etc/ipa/ca.crt -d @batch_request.json -X POST http://" "localhost:8888/ipa/json\n" "\n" "where the contents of the file batch_request.json follow the below example\n" "\n" "{\"method\":\"batch\",\"params\":[[\n" " {\"method\":\"group_find\",\"params\":[[],{}]},\n" " {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all" "\":\"true\"}]},\n" " {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n" " ],{}],\"id\":1}\n" "\n" "The format of the response is nested the same way. At the top you will see\n" " \"error\": null,\n" " \"id\": 1,\n" " \"result\": {\n" " \"count\": 3,\n" " \"results\": [\n" "\n" "\n" "And then a nested response for each IPA command method sent in the request\n" msgstr "" msgid "" "\n" "Server configuration\n" "\n" "Manage the default values that IPA uses and some of its tuning parameters.\n" "\n" "NOTES:\n" "\n" "The password notification value (--pwdexpnotify) is stored here so it will\n" "be replicated. It is not currently used to notify users in advance of an\n" "expiring password.\n" "\n" "Some attributes are read-only, provided only for information purposes. " "These\n" "include:\n" "\n" "Certificate Subject base: the configured certificate subject base,\n" " e.g. O=EXAMPLE.COM. This is configurable only at install time.\n" "Password plug-in features: currently defines additional hashes that the\n" " password will generate (there may be other conditions).\n" "\n" "When setting the order list for mapping SELinux users you may need to\n" "quote the value so it isn't interpreted by the shell.\n" "\n" "EXAMPLES:\n" "\n" " Show basic server configuration:\n" " ipa config-show\n" "\n" " Show all configuration options:\n" " ipa config-show --all\n" "\n" " Change maximum username length to 99 characters:\n" " ipa config-mod --maxusername=99\n" "\n" " Increase default time and size limits for maximum IPA server search:\n" " ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n" "\n" " Set default user e-mail domain:\n" " ipa config-mod --emaildomain=example.com\n" "\n" " Enable migration mode to make \"ipa migrate-ds\" command operational:\n" " ipa config-mod --enable-migration=TRUE\n" "\n" " Define SELinux user map order:\n" " ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-" "s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n" msgstr "" msgid "" "Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)" msgstr "" msgid "Maximum number of records to search (-1 is unlimited)" msgstr "" msgid "Service Groups" msgstr "" msgid "member host" msgstr "" msgid "hosts to add" msgstr "" msgid "member host group" msgstr "" msgid "host groups to add" msgstr "" msgid "member HBAC service" msgstr "" msgid "HBAC services to add" msgstr "" msgid "member HBAC service group" msgstr "" msgid "HBAC service groups to add" msgstr "" msgid "member user" msgstr "" msgid "users to add" msgstr "" msgid "member group" msgstr "" msgid "groups to add" msgstr "" msgid "hosts to remove" msgstr "" msgid "host groups to remove" msgstr "" msgid "HBAC services to remove" msgstr "" msgid "HBAC service groups to remove" msgstr "" msgid "users to remove" msgstr "" msgid "groups to remove" msgstr "" msgid "" "\n" "HBAC Services\n" "\n" "The PAM services that HBAC can control access to. The name used here\n" "must match the service name that PAM is evaluating.\n" "\n" "EXAMPLES:\n" "\n" " Add a new HBAC service:\n" " ipa hbacsvc-add tftp\n" "\n" " Modify an existing HBAC service:\n" " ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n" "\n" " Search for HBAC services. This example will return two results, the FTP\n" " service and the newly-added tftp service:\n" " ipa hbacsvc-find ftp\n" "\n" " Delete an HBAC service:\n" " ipa hbacsvc-del tftp\n" msgstr "" msgid "Member of HBAC service groups" msgstr "" msgid "Results should contain primary key attribute only (\"service\")" msgstr "" msgid "" "\n" "Hosts/Machines\n" "\n" "A host represents a machine. It can be used in a number of contexts:\n" "- service entries are associated with a host\n" "- a host stores the host/ service principal\n" "- a host can be used in Host-based Access Control (HBAC) rules\n" "- every enrolled client generates a host entry\n" "\n" "ENROLLMENT:\n" "\n" "There are three enrollment scenarios when enrolling a new client:\n" "\n" "1. You are enrolling as a full administrator. The host entry may exist\n" " or not. A full administrator is a member of the hostadmin role\n" " or the admins group.\n" "2. You are enrolling as a limited administrator. The host must already\n" " exist. A limited administrator is a member a role with the\n" " Host Enrollment privilege.\n" "3. The host has been created with a one-time password.\n" "\n" "RE-ENROLLMENT:\n" "\n" "Host that has been enrolled at some point, and lost its configuration (e.g. " "VM\n" "destroyed) can be re-enrolled.\n" "\n" "For more information, consult the manual pages for ipa-client-install.\n" "\n" "A host can optionally store information such as where it is located,\n" "the OS that it runs, etc.\n" "\n" "EXAMPLES:\n" "\n" " Add a new host:\n" " ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." "com\n" "\n" " Delete a host:\n" " ipa host-del test.example.com\n" "\n" " Add a new host with a one-time password:\n" " ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" "\n" " Add a new host with a random one-time password:\n" " ipa host-add --os='Fedora 12' --random test.example.com\n" "\n" " Modify information about a host:\n" " ipa host-mod --os='Fedora 12' test.example.com\n" "\n" " Remove SSH public keys of a host and update DNS to reflect this change:\n" " ipa host-mod --sshpubkey= --updatedns test.example.com\n" "\n" " Disable the host Kerberos key, SSL certificate and all of its services:\n" " ipa host-disable test.example.com\n" "\n" " Add a host that can manage this host's keytab and certificate:\n" " ipa host-add-managedby --hosts=test2 test\n" "\n" " Allow user to create a keytab:\n" " ipa host-allow-create-keytab test2 --users=tuser1\n" msgstr "" msgid "Base-64 encoded server certificate" msgstr "" msgid "Member of Sudo rule" msgstr "" msgid "Member of HBAC rule" msgstr "" msgid "Indirect Member of netgroup" msgstr "" msgid "Indirect Member of host-group" msgstr "" msgid "Indirect Member of role" msgstr "" msgid "Indirect Member of Sudo rule" msgstr "" msgid "Indirect Member of HBAC rule" msgstr "" msgid "Managed by" msgstr "" msgid "Managing" msgstr "" msgid "Remove entries from DNS" msgstr "" msgid "Results should contain primary key attribute only (\"hostname\")" msgstr "" msgid "Search for hosts with these member of host groups." msgstr "" msgid "Search for hosts without these member of host groups." msgstr "" msgid "Search for hosts with these member of netgroups." msgstr "" msgid "Search for hosts without these member of netgroups." msgstr "" msgid "Search for hosts with these member of roles." msgstr "" msgid "Search for hosts without these member of roles." msgstr "" msgid "Search for hosts with these member of HBAC rules." msgstr "" msgid "Search for hosts without these member of HBAC rules." msgstr "" msgid "Search for hosts with these member of sudo rules." msgstr "" msgid "Search for hosts without these member of sudo rules." msgstr "" msgid "Search for hosts with these enrolled by users." msgstr "" msgid "Search for hosts without these enrolled by users." msgstr "" msgid "Search for hosts with these managed by hosts." msgstr "" msgid "Search for hosts without these managed by hosts." msgstr "" msgid "Search for hosts with these managing hosts." msgstr "" msgid "Search for hosts without these managing hosts." msgstr "" msgid "Kerberos principal name for this host" msgstr "" msgid "" "\n" "Groups of hosts.\n" "\n" "Manage groups of hosts. This is useful for applying access control to a\n" "number of hosts by using Host-based Access Control.\n" "\n" "EXAMPLES:\n" "\n" " Add a new host group:\n" " ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" "\n" " Add another new host group:\n" " ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" "\n" " Add members to the hostgroup (using Bash brace expansion):\n" " ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n" "\n" " Add a hostgroup as a member of another hostgroup:\n" " ipa hostgroup-add-member --hostgroups=baltimore maryland\n" "\n" " Remove a host from the hostgroup:\n" " ipa hostgroup-remove-member --hosts=box2 baltimore\n" "\n" " Display a host group:\n" " ipa hostgroup-show baltimore\n" "\n" " Delete a hostgroup:\n" " ipa hostgroup-del baltimore\n" msgstr "" msgid "Results should contain primary key attribute only (\"hostgroup-name\")" msgstr "" msgid "Search for host groups with these member hosts." msgstr "" msgid "Search for host groups without these member hosts." msgstr "" msgid "Search for host groups with these member host groups." msgstr "" msgid "Search for host groups without these member host groups." msgstr "" msgid "Search for host groups with these member of host groups." msgstr "" msgid "Search for host groups without these member of host groups." msgstr "" msgid "Search for host groups with these member of netgroups." msgstr "" msgid "Search for host groups without these member of netgroups." msgstr "" msgid "Search for host groups with these member of HBAC rules." msgstr "" msgid "Search for host groups without these member of HBAC rules." msgstr "" msgid "Search for host groups with these member of sudo rules." msgstr "" msgid "Search for host groups without these member of sudo rules." msgstr "" msgid "" "\n" "Migration to IPA\n" "\n" "Migrate users and groups from an LDAP server to IPA.\n" "\n" "This performs an LDAP query against the remote server searching for\n" "users and groups in a container. In order to migrate passwords you need\n" "to bind as a user that can read the userPassword attribute on the remote\n" "server. This is generally restricted to high-level admins such as\n" "cn=Directory Manager in 389-ds (this is the default bind user).\n" "\n" "The default user container is ou=People.\n" "\n" "The default group container is ou=Groups.\n" "\n" "Users and groups that already exist on the IPA server are skipped.\n" "\n" "Two LDAP schemas define how group members are stored: RFC2307 and\n" "RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n" "members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n" "\n" "The schema compat feature allows IPA to reformat data for systems that\n" "do not support RFC2307bis. It is recommended that this feature is disabled\n" "during migration to reduce system overhead. It can be re-enabled after\n" "migration. To migrate with it enabled use the \"--with-compat\" option.\n" "\n" "Migrated users do not have Kerberos credentials, they have only their\n" "LDAP password. To complete the migration process, users need to go\n" "to http://ipa.example.com/ipa/migration and authenticate using their\n" "LDAP password in order to generate their Kerberos credentials.\n" "\n" "Migration is disabled by default. Use the command ipa config-mod to\n" "enable it:\n" "\n" " ipa config-mod --enable-migration=TRUE\n" "\n" "If a base DN is not provided with --basedn then IPA will use either\n" "the value of defaultNamingContext if it is set or the first value\n" "in namingContexts set in the root of the remote LDAP server.\n" "\n" "Users are added as members to the default user group. This can be a\n" "time-intensive task so during migration this is done in a batch\n" "mode for every 100 users. As a result there will be a window in which\n" "users will be added to IPA but will not be members of the default\n" "user group.\n" "\n" "EXAMPLES:\n" "\n" " The simplest migration, accepting all defaults:\n" " ipa migrate-ds ldap://ds.example.com:389\n" "\n" " Specify the user and group container. This can be used to migrate user\n" " and group data from an IPA v1 server:\n" " ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" "container='cn=groups,cn=accounts' ldap://ds.example.com:389\n" "\n" " Since IPA v2 server already contain predefined groups that may collide " "with\n" " groups in migrated (IPA v1) server (for example admins, ipausers), users\n" " having colliding group as their primary group may happen to belong to\n" " an unknown group on new IPA v2 server.\n" " Use --group-overwrite-gid option to overwrite GID of already existing " "groups\n" " to prevent this issue:\n" " ipa migrate-ds --group-overwrite-gid --user-container='cn=users," "cn=accounts' --group-container='cn=groups,cn=accounts' " "ldap://ds.example.com:389\n" "\n" " Migrated users or groups may have object class and accompanied attributes\n" " unknown to the IPA v2 server. These object classes and attributes may be\n" " left out of the migration process:\n" " ipa migrate-ds --user-container='cn=users,cn=accounts' --group-" "container='cn=groups,cn=accounts' --user-ignore-" "objectclass=radiusprofile --user-ignore-" "attribute=radiusgroupname ldap://ds.example.com:389\n" "\n" "LOGGING\n" "\n" "Migration will log warnings and errors to the Apache error log. This\n" "file should be evaluated post-migration to correct or investigate any\n" "issues that were discovered.\n" "\n" "For every 100 users migrated an info-level message will be displayed to\n" "give the current progress and duration to make it possible to track\n" "the progress of migration.\n" "\n" "If the log level is debug, either by setting debug = True in\n" "/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be " "printed\n" "for each user added plus a summary when the default user group is\n" "updated.\n" msgstr "" msgid "groups to exclude from migration" msgstr "" msgid "users to exclude from migration" msgstr "" msgid "Dictionary mapping plugin names to bases" msgstr "" msgid "Member User" msgstr "" msgid "Member Group" msgstr "" msgid "Member Hostgroup" msgstr "" msgid "member netgroup" msgstr "" msgid "netgroups to add" msgstr "" msgid "Search for netgroups with these member netgroups." msgstr "" msgid "Search for netgroups without these member netgroups." msgstr "" msgid "Search for netgroups with these member users." msgstr "" msgid "Search for netgroups without these member users." msgstr "" msgid "Search for netgroups with these member groups." msgstr "" msgid "Search for netgroups without these member groups." msgstr "" msgid "Search for netgroups with these member hosts." msgstr "" msgid "Search for netgroups without these member hosts." msgstr "" msgid "Search for netgroups with these member host groups." msgstr "" msgid "Search for netgroups without these member host groups." msgstr "" msgid "Search for netgroups with these member of netgroups." msgstr "" msgid "Search for netgroups without these member of netgroups." msgstr "" msgid "netgroups to remove" msgstr "" msgid "" "\n" "OTP Tokens\n" "\n" "Manage OTP tokens.\n" "\n" "IPA supports the use of OTP tokens for multi-factor authentication. This\n" "code enables the management of OTP tokens.\n" "\n" "EXAMPLES:\n" "\n" " Add a new token:\n" " ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n" "\n" " Examine the token:\n" " ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n" "\n" " Change the vendor:\n" " ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat" "\"\n" "\n" " Delete a token:\n" " ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n" msgstr "" msgid "Results should contain primary key attribute only (\"id\")" msgstr "" msgid "Rename the OTP token object" msgstr "" msgid "" "\n" "YubiKey Tokens\n" "\n" "Manage YubiKey tokens.\n" "\n" "This code is an extension to the otptoken plugin and provides support for\n" "reading/writing YubiKey tokens directly.\n" "\n" "EXAMPLES:\n" "\n" " Add a new token:\n" " ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n" msgstr "" msgid "" "\n" "Permissions\n" "\n" "A permission enables fine-grained delegation of rights. A permission is\n" "a human-readable wrapper around a 389-ds Access Control Rule,\n" "or instruction (ACI).\n" "A permission grants the right to perform a specific task such as adding a\n" "user, modifying a group, etc.\n" "\n" "A permission may not contain other permissions.\n" "\n" "* A permission grants access to read, write, add, delete, read, search,\n" " or compare.\n" "* A privilege combines similar permissions (for example all the permissions\n" " needed to add a user).\n" "* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" "\n" "A permission is made up of a number of different parts:\n" "\n" "1. The name of the permission.\n" "2. The target of the permission.\n" "3. The rights granted by the permission.\n" "\n" "Rights define what operations are allowed, and may be one or more\n" "of the following:\n" "1. write - write one or more attributes\n" "2. read - read one or more attributes\n" "3. search - search on one or more attributes\n" "4. compare - compare one or more attributes\n" "5. add - add a new entry to the tree\n" "6. delete - delete an existing entry\n" "7. all - all permissions are granted\n" "\n" "Note the distinction between attributes and entries. The permissions are\n" "independent, so being able to add a user does not mean that the user will\n" "be editable.\n" "\n" "There are a number of allowed targets:\n" "1. subtree: a DN; the permission applies to the subtree under this DN\n" "2. target filter: an LDAP filter\n" "3. target: DN with possible wildcards, specifies entries permission applies " "to\n" "\n" "Additionally, there are the following convenience options.\n" "Setting one of these options will set the corresponding attribute(s).\n" "1. type: a type of object (user, group, etc); sets subtree and target " "filter.\n" "2. memberof: apply to members of a group; sets target filter\n" "3. targetgroup: grant access to modify a specific group (such as granting\n" " the rights to manage group membership); sets target.\n" "\n" "Managed permissions\n" "\n" "Permissions that come with IPA by default can be so-called \"managed\"\n" "permissions. These have a default set of attributes they apply to,\n" "but the administrator can add/remove individual attributes to/from the set.\n" "\n" "Deleting or renaming a managed permission, as well as changing its target,\n" "is not allowed.\n" "\n" "EXAMPLES:\n" "\n" " Add a permission that grants the creation of users:\n" " ipa permission-add --type=user --permissions=add \"Add Users\"\n" "\n" " Add a permission that grants the ability to manage group membership:\n" " ipa permission-add --attrs=member --permissions=write --type=group " "\"Manage Group Members\"\n" msgstr "" msgid "Deprecated; use extratargetfilter" msgstr "" msgid "Deprecated; use ipapermlocation" msgstr "" msgid "Deprecated; use ipapermright" msgstr "" msgid "Granted to Privilege" msgstr "" msgid "member privilege" msgstr "" msgid "privileges to add" msgstr "" msgid "Rename the permission object" msgstr "" msgid "privileges to remove" msgstr "" msgid "" "\n" "Kerberos pkinit options\n" "\n" "Enable or disable anonymous pkinit using the principal\n" "WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with\n" "pkinit support.\n" "\n" "EXAMPLES:\n" "\n" " Enable anonymous pkinit:\n" " ipa pkinit-anonymous enable\n" "\n" " Disable anonymous pkinit:\n" " ipa pkinit-anonymous disable\n" "\n" "For more information on anonymous pkinit see:\n" "\n" "http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit\n" msgstr "" msgid "Enable or Disable Anonymous PKINIT." msgstr "" msgid "member role" msgstr "" msgid "roles to add" msgstr "" msgid "Rename the privilege object" msgstr "" msgid "roles to remove" msgstr "" msgid "Results should contain primary key attribute only (\"cn\")" msgstr "" msgid "Results should contain primary key attribute only (\"group\")" msgstr "" msgid "" "\n" "RADIUS Proxy Servers\n" "\n" "Manage RADIUS Proxy Servers.\n" "\n" "IPA supports the use of an external RADIUS proxy server for krb5 OTP\n" "authentications. This permits a great deal of flexibility when\n" "integrating with third-party authentication services.\n" "\n" "EXAMPLES:\n" "\n" " Add a new server:\n" " ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n" "\n" " Find all servers whose entries include the string \"example.com\":\n" " ipa radiusproxy-find example.com\n" "\n" " Examine the configuration:\n" " ipa radiusproxy-show MyRADIUS\n" "\n" " Change the secret:\n" " ipa radiusproxy-mod MyRADIUS --secret\n" "\n" " Delete a configuration:\n" " ipa radiusproxy-del MyRADIUS\n" msgstr "" msgid "Rename the RADIUS proxy server object" msgstr "" msgid "" "\n" "Realm domains\n" "\n" "Manage the list of domains associated with IPA realm.\n" "\n" "EXAMPLES:\n" "\n" " Display the current list of realm domains:\n" " ipa realmdomains-show\n" "\n" " Replace the list of realm domains:\n" " ipa realmdomains-mod --domain=example.com\n" " ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n" "\n" " Add a domain to the list of realm domains:\n" " ipa realmdomains-mod --add-domain=newdomain.com\n" "\n" " Delete a domain from the list of realm domains:\n" " ipa realmdomains-mod --del-domain=olddomain.com\n" msgstr "" msgid "Modify realm domains." msgstr "" msgid "member service" msgstr "" msgid "services to add" msgstr "" msgid "Rename the role object" msgstr "" msgid "services to remove" msgstr "" msgid "" "\n" "Services\n" "\n" "A IPA service represents a service that runs on a host. The IPA service\n" "record can store a Kerberos principal, an SSL certificate, or both.\n" "\n" "An IPA service can be managed directly from a machine, provided that\n" "machine has been given the correct permission. This is true even for\n" "machines other than the one the service is associated with. For example,\n" "requesting an SSL certificate using the host service principal credentials\n" "of the host. To manage a service using host credentials you need to\n" "kinit as the host:\n" "\n" " # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" "\n" "Adding an IPA service allows the associated service to request an SSL\n" "certificate or keytab, but this is performed as a separate step; they\n" "are not produced as a result of adding the service.\n" "\n" "Only the public aspect of a certificate is stored in a service record;\n" "the private key is not stored.\n" "\n" "EXAMPLES:\n" "\n" " Add a new IPA service:\n" " ipa service-add HTTP/web.example.com\n" "\n" " Allow a host to manage an IPA service certificate:\n" " ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" " ipa role-add-member --hosts=web.example.com certadmin\n" "\n" " Override a default list of supported PAC types for the service:\n" " ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" "\n" " A typical use case where overriding the PAC type is needed is NFS.\n" " Currently the related code in the Linux kernel can only handle Kerberos\n" " tickets up to a maximal size. Since the PAC data can become quite large " "it\n" " is recommended to set --pac-type=NONE for NFS services.\n" "\n" " Delete an IPA service:\n" " ipa service-del HTTP/web.example.com\n" "\n" " Find all IPA services associated with a host:\n" " ipa service-find web.example.com\n" "\n" " Find all HTTP services:\n" " ipa service-find HTTP\n" "\n" " Disable the service Kerberos key and SSL certificate:\n" " ipa service-disable HTTP/web.example.com\n" "\n" " Request a certificate for an IPA service:\n" " ipa cert-request --principal=HTTP/web.example.com example.csr\n" "\n" " Allow user to create a keytab:\n" " ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n" "\n" " Generate and retrieve a keytab for an IPA service:\n" " ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" "httpd.keytab\n" msgstr "" msgid "Add a new IPA new service." msgstr "" msgid "force principal name even if not in DNS" msgstr "" msgid "Results should contain primary key attribute only (\"principal\")" msgstr "" msgid "Search for services with these managed by hosts." msgstr "" msgid "Search for services without these managed by hosts." msgstr "" msgid "" "\n" "Session Support for IPA\n" "John Dennis \n" "\n" "Goals\n" "=====\n" "\n" "Provide per-user session data caching which persists between\n" "requests. Desired features are:\n" "\n" "* Integrates cleanly with minimum impact on existing infrastructure.\n" "\n" "* Provides maximum security balanced against real-world performance\n" " demands.\n" "\n" "* Sessions must be able to be revoked (flushed).\n" "\n" "* Should be flexible and easy to use for developers.\n" "\n" "* Should leverage existing technology and code to the maximum extent\n" " possible to avoid re-invention, excessive implementation time and to\n" " benefit from robustness in field proven components commonly shared\n" " in the open source community.\n" "\n" "* Must support multiple independent processes which share session\n" " data.\n" "\n" "* System must function correctly if session data is available or not.\n" "\n" "* Must be high performance.\n" "\n" "* Should not be tied to specific web servers or browsers. Should\n" " integrate with our chosen WSGI model.\n" "\n" "Issues\n" "======\n" "\n" "Cookies\n" "-------\n" "\n" "Most session implementations are based on the use of cookies. Cookies\n" "have some inherent problems.\n" "\n" "* User has the option to disable cookies.\n" "\n" "* User stored cookie data is not secure. Can be mitigated by setting\n" " flags indicating the cookie is only to be used with SSL secured HTTP\n" " connections to specific web resources and setting the cookie to\n" " expire at session termination. Most modern browsers enforce these.\n" "\n" "Where to store session data?\n" "----------------------------\n" "\n" "Session data may be stored on either on the client or on the\n" "server. Storing session data on the client addresses the problem of\n" "session data availability when requests are serviced by independent web\n" "servers because the session data travels with the request. However\n" "there are data size limitations. Storing session data on the client\n" "also exposes sensitive data but this can be mitigated by encrypting\n" "the session data such that only the server can decrypt it.\n" "\n" "The more conventional approach is to bind session data to a unique\n" "name, the session ID. The session ID is transmitted to the client and\n" "the session data is paired with the session ID on the server in a\n" "associative data store. The session data is retrieved by the server\n" "using the session ID when the receiving the request. This eliminates\n" "exposing sensitive session data on the client along with limitations\n" "on data size. It however introduces the issue of session data\n" "availability when requests are serviced by more than one server\n" "process.\n" "\n" "Multi-process session data availability\n" "---------------------------------------\n" "\n" "Apache (and other web servers) fork child processes to handle requests\n" "in parallel. Also web servers may be deployed in a farm where requests\n" "are load balanced in round robin fashion across different nodes. In\n" "both cases session data cannot be stored in the memory of a server\n" "process because it is not available to other processes, either sibling\n" "children of a master server process or server processes on distinct\n" "nodes.\n" "\n" "Typically this is addressed by storing session data in a SQL\n" "database. When a request is received by a server process containing a\n" "session ID in it's cookie data the session ID is used to perform a SQL\n" "query and the resulting data is then attached to the request as it\n" "proceeds through the request processing pipeline. This of course\n" "introduces coherency issues.\n" "\n" "For IPA the introduction of a SQL database dependency is undesired and\n" "should be avoided.\n" "\n" "Session data may also be shared by independent processes by storing\n" "the session data in files.\n" "\n" "An alternative solution which has gained considerable popularity\n" "recently is the use of a fast memory based caching server. Data is\n" "stored in a single process memory and may be queried and set via a\n" "light weight protocol using standard socket mechanisms, memcached is\n" "one example. A typical use is to optimize SQL queries by storing a SQL\n" "result in shared memory cache avoiding the more expensive SQL\n" "operation. But the memory cache has distinct advantages in non-SQL\n" "situations as well.\n" "\n" "Possible implementations for use by IPA\n" "=======================================\n" "\n" "Apache Sessions\n" "---------------\n" "\n" "Apache has 2.3 has implemented session support via these modules:\n" "\n" " mod_session\n" " Overarching session support based on cookies.\n" "\n" " See: http://httpd.apache.org/docs/2.3/mod/mod_session.html\n" "\n" " mod_session_cookie\n" " Stores session data in the client.\n" "\n" " See: http://httpd.apache.org/docs/2.3/mod/mod_session_cookie.html\n" "\n" " mod_session_crypto\n" " Encrypts session data for security. Encryption key is shared\n" " configuration parameter visible to all Apache processes and is\n" " stored in a configuration file.\n" "\n" " See: http://httpd.apache.org/docs/2.3/mod/mod_session_crypto.html\n" "\n" " mod_session_dbd\n" " Stores session data in a SQL database permitting multiple\n" " processes to access and share the same session data.\n" "\n" " See: http://httpd.apache.org/docs/2.3/mod/mod_session_dbd.html\n" "\n" "Issues with Apache sessions\n" "~~~~~~~~~~~~~~~~~~~~~~~~~~~\n" "\n" "Although Apache has implemented generic session support and Apache is\n" "our web server of preference it nonetheless introduces issues for IPA.\n" "\n" " * Session support is only available in httpd >= 2.3 which at the\n" " time of this writing is currently only available as a Beta release\n" " from upstream. We currently only ship httpd 2.2, the same is true\n" " for other distributions.\n" "\n" " * We could package and ship the sessions modules as a temporary\n" " package in httpd 2.2 environments. But this has the following\n" " consequences:\n" "\n" " - The code has to be backported. the module API has changed\n" " slightly between httpd 2.2 and 2.3. The backporting is not\n" " terribly difficult and a proof of concept has been\n" " implemented.\n" "\n" " - We would then be on the hook to package and maintain a special\n" " case Apache package. This is maintenance burden as well as a\n" " distribution packaging burden. Both of which would be best\n" " avoided if possible.\n" "\n" " * The design of the Apache session modules is such that they can\n" " only be manipulated by other Apache modules. The ability of\n" " consumers of the session data to control the session data is\n" " simplistic, constrained and static during the period the request\n" " is processed. Request handlers which are not native Apache modules\n" " (e.g. IPA via WSGI) can only examine the session data\n" " via request headers and reset it in response headers.\n" "\n" " * Shared session data is available exclusively via SQL.\n" "\n" "However using the 2.3 Apache session modules would give us robust\n" "session support implemented in C based on standardized Apache\n" "interfaces which are widely used.\n" "\n" "Python Web Frameworks\n" "---------------------\n" "\n" "Virtually every Python web framework supports cookie based sessions,\n" "e.g. Django, Twisted, Zope, Turbogears etc. Early on in IPA we decided\n" "to avoid the use of these frameworks. Trying to pull in just one part\n" "of these frameworks just to get session support would be problematic\n" "because the code does not function outside it's framework.\n" "\n" "IPA implemented sessions\n" "------------------------\n" "\n" "Originally it was believed the path of least effort was to utilize\n" "existing session support, most likely what would be provided by\n" "Apache. However there are enough basic modular components available in\n" "native Python and other standard packages it should be possible to\n" "provide session support meeting the aforementioned goals with a modest\n" "implementation effort. Because we're leveraging existing components\n" "the implementation difficulties are subsumed by other components which\n" "have already been field proven and have community support. This is a\n" "smart strategy.\n" "\n" "Proposed Solution\n" "=================\n" "\n" "Our interface to the web server is via WSGI which invokes a callback\n" "per request passing us an environmental context for the request. For\n" "this discussion we'll name the WSGI callback \"application()\", a\n" "conventional name in WSGI parlance.\n" "\n" "Shared session data will be handled by memcached. We will create one\n" "instance of memcached on each server node dedicated to IPA\n" "exclusively. Communication with memcached will be via a UNIX socket\n" "located in the file system under /var/run/ipa_memcached. It will be\n" "protected by file permissions and optionally SELinux policy.\n" "\n" "In application() we examine the request cookies and if there is an IPA\n" "session cookie with a session ID we retrieve the session data from our\n" "memcached instance.\n" "\n" "The session data will be a Python dict. IPA components will read or\n" "write their session information by using a pre-agreed upon name\n" "(e.g. key) in the dict. This is a very flexible system and consistent\n" "with how we pass data in most parts of IPA.\n" "\n" "If the session data is not available an empty session data dict will\n" "be created.\n" "\n" "How does this session data travel with the request in the IPA\n" "pipeline? In IPA we use the HTTP request/response to implement RPC. In\n" "application() we convert the request into a procedure call passing it\n" "arguments derived from the HTTP request. The passed parameters are\n" "specific to the RPC method being invoked. The context the RPC call is\n" "executing in is not passed as an RPC parameter.\n" "\n" "How would the contextual information such as session data be bound to\n" "the request and hence the RPC call?\n" "\n" "In IPA when a RPC invocation is being prepared from a request we\n" "recognize this will only ever be processed serially by one Python\n" "thread. A thread local dict called \"context\" is allocated for each\n" "thread. The context dict is cleared in between requests (e.g. RPC method\n" "invocations). The per-thread context dict is populated during the\n" "lifetime of the request and is used as a global data structure unique to\n" "the request that various IPA component can read from and write to with\n" "the assurance the data is unique to the current request and/or method\n" "call.\n" "\n" "The session data dict will be written into the context dict under the\n" "session key before the RPC method begins execution. Thus session data\n" "can be read and written by any IPA component by accessing\n" "``context.session``.\n" "\n" "When the RPC method finishes execution the session data bound to the\n" "request/method is retrieved from the context and written back to the\n" "memcached instance. The session ID is set in the response sent back to\n" "the client in the ``Set-Cookie`` header along with the flags\n" "controlling it's usage.\n" "\n" "Issues and details\n" "------------------\n" "\n" "IPA code cannot depend on session data being present, however it\n" "should always update session data with the hope it will be available\n" "in the future. Session data may not be available because:\n" "\n" " * This is the first request from the user and no session data has\n" " been created yet.\n" "\n" " * The user may have cookies disabled.\n" "\n" " * The session data may have been flushed. memcached operates with\n" " a fixed memory allocation and will flush entries on a LRU basis,\n" " like with any cache there is no guarantee of persistence.\n" "\n" " Also we may have have deliberately expired or deleted session\n" " data, see below.\n" "\n" "Cookie manipulation is done via the standard Python Cookie module.\n" "\n" "Session cookies will be set to only persist as long as the browser has\n" "the session open. They will be tagged so the browser only returns\n" "the session ID on SSL secured HTTP requests. They will not be visible\n" "to Javascript in the browser.\n" "\n" "Session ID's will be created by using 48 bits of random data and\n" "converted to 12 hexadecimal digits. Newly generated session ID's will\n" "be checked for prior existence to handle the unlikely case the random\n" "number repeats.\n" "\n" "memcached will have significantly higher performance than a SQL or file\n" "based storage solution. Communication is effectively though a pipe\n" "(UNIX socket) using a very simple protocol and the data is held\n" "entirely in process memory. memcached also scales easily, it is easy\n" "to add more memcached processes and distribute the load across them.\n" "At this point in time we don't anticipate the need for this.\n" "\n" "A very nice feature of the Python memcached module is that when a data\n" "item is written to the cache it is done with standard Python pickling\n" "(pickling is a standard Python mechanism to marshal and unmarshal\n" "Python objects). We adopt the convention the object written to cache\n" "will be a dict to meet our internal data handling conventions. The\n" "pickling code will recursively handle nested objects in the dict. Thus\n" "we gain a lot of flexibility using standard Python data structures to\n" "store and retrieve our session data without having to author and debug\n" "code to marshal and unmarshal the data if some other storage mechanism\n" "had been used. This is a significant implementation win. Of course\n" "some common sense limitations need to observed when deciding on what\n" "is written to the session cache keeping in mind the data is shared\n" "between processes and it should not be excessively large (a\n" "configurable option)\n" "\n" "We can set an expiration on memcached entries. We may elect to do that\n" "to force session data to be refreshed periodically. For example we may\n" "wish the client to present fresh credentials on a periodic basis even\n" "if the cached credentials are otherwise within their validity period.\n" "\n" "We can explicitly delete session data if for some reason we believe it\n" "is stale, invalid or compromised.\n" "\n" "memcached also gives us certain facilities to prevent race conditions\n" "between different processes utilizing the cache. For example you can\n" "check of the entry has been modified since you last read it or use CAS\n" "(Check And Set) semantics. What has to be protected in terms of cache\n" "coherency will likely have to be determined as the session support is\n" "utilized and different data items are added to the cache. This is very\n" "much data and context specific. Fortunately memcached operations are\n" "atomic.\n" "\n" "Controlling the memcached process\n" "---------------------------------\n" "\n" "We need a mechanism to start the memcached process and secure it so\n" "that only IPA components can access it.\n" "\n" "Although memcached ships with both an initscript and systemd unit\n" "files those are for generic instances. We want a memcached instance\n" "dedicated exclusively to IPA usage. To accomplish this we would install\n" "a systemd unit file or an SysV initscript to control the IPA specific\n" "memcached service. ipactl would be extended to know about this\n" "additional service. systemd's cgroup facility would give us additional\n" "mechanisms to integrate the IPA memcached service within a larger IPA\n" "process group.\n" "\n" "Protecting the memcached data would be done via file permissions (and\n" "optionally SELinux policy) on the UNIX domain socket. Although recent\n" "implementations of memcached support authentication via SASL this\n" "introduces a performance and complexity burden not warranted when\n" "cached is dedicated to our exclusive use and access controlled by OS\n" "mechanisms.\n" "\n" "Conventionally daemons are protected by assigning a system uid and/or\n" "gid to the daemon. A daemon launched by root will drop it's privileges\n" "by assuming the effective uid:gid assigned to it. File system access\n" "is controlled by the OS via the effective identity and SELinux policy\n" "can be crafted based on the identity. Thus the memcached UNIX socket\n" "would be protected by having it owned by a specific system user and/or\n" "membership in a restricted system group (discounting for the moment\n" "SELinux).\n" "\n" "Unfortunately we currently do not have an IPA system uid whose\n" "identity our processes operate under nor do we have an IPA system\n" "group. IPA does manage a collection of related processes (daemons) and\n" "historically each has been assigned their own uid. When these\n" "unrelated processes communicate they mutually authenticate via other\n" "mechanisms. We do not have much of a history of using shared file\n" "system objects across identities. When file objects are created they\n" "are typically assigned the identity of daemon needing to access the\n" "object and are not accessed by other daemons, or they carry root\n" "identity.\n" "\n" "When our WSGI application runs in Apache it is run as a WSGI\n" "daemon. This means when Apache starts up it forks off WSGI processes\n" "for us and we are independent of other Apache processes. When WSGI is\n" "run in this mode there is the ability to set the uid:gid of the WSGI\n" "process hosting us, however we currently do not take advantage of this\n" "option. WSGI can be run in other modes as well, only in daemon mode\n" "can the uid:gid be independently set from the rest of Apache. All\n" "processes started by Apache can be set to a common uid:gid specified\n" "in the global Apache configuration, by default it's\n" "apache:apache. Thus when our IPA code executes it is running as\n" "apache:apache.\n" "\n" "To protect our memcached UNIX socket we can do one of two things:\n" "\n" "1. Assign it's uid:gid as apache:apache. This would limit access to\n" " our cache only to processes running under httpd. It's somewhat\n" " restricted but far from ideal. Any code running in the web server\n" " could potentially access our cache. It's difficult to control what the\n" " web server runs and admins may not understand the consequences of\n" " configuring httpd to serve other things besides IPA.\n" "\n" "2. Create an IPA specific uid:gid, for example ipa:ipa. We then configure\n" " our WSGI application to run as the ipa:ipa user and group. We also\n" " configure our memcached instance to run as the ipa:ipa user and\n" " group. In this configuration we are now fully protected, only our WSGI\n" " code can read & write to our memcached UNIX socket.\n" "\n" "However there may be unforeseen issues by converting our code to run as\n" "something other than apache:apache. This would require some\n" "investigation and testing.\n" "\n" "IPA is dependent on other system daemons, specifically Directory\n" "Server (ds) and Certificate Server (cs). Currently we configure ds to\n" "run under the dirsrv:dirsrv user and group, an identity of our\n" "creation. We allow cs to default to it's pkiuser:pkiuser user and\n" "group. Should these other cooperating daemons also run under the\n" "common ipa:ipa user and group identities? At first blush there would\n" "seem to be an advantage to coalescing all process identities under a\n" "common IPA user and group identity. However these other processes do\n" "not depend on user and group permissions when working with external\n" "agents, processes, etc. Rather they are designed to be stand-alone\n" "network services which authenticate their clients via other\n" "mechanisms. They do depend on user and group permission to manage\n" "their own file system objects. If somehow the ipa user and/or group\n" "were compromised or malicious code somehow executed under the ipa\n" "identity there would be an advantage in having the cooperating\n" "processes cordoned off under their own identities providing one extra\n" "layer of protection. (Note, these cooperating daemons may not even be\n" "co-located on the same node in which case the issue is moot)\n" "\n" "The UNIX socket behavior (ldapi) with Directory Server is as follows:\n" "\n" " * The socket ownership is: root:root\n" "\n" " * The socket permissions are: 0666\n" "\n" " * When connecting via ldapi you must authenticate as you would\n" " normally with a TCP socket, except ...\n" "\n" " * If autobind is enabled and the uid:gid is available via\n" " SO_PEERCRED and the uid:gid can be found in the set of users known\n" " to the Directory Server then that connection will be bound as that\n" " user.\n" "\n" " * Otherwise an anonymous bind will occur.\n" "\n" "memcached UNIX socket behavior is as follows:\n" "\n" " * memcached can be invoked with a user argument, no group may be\n" " specified. The effective uid is the uid of the user argument and\n" " the effective gid is the primary group of the user, let's call\n" " this euid:egid\n" "\n" " * The socket ownership is: euid:egid\n" "\n" " * The socket permissions are 0700 by default, but this can be\n" " modified by the -a mask command line arg which sets the umask\n" " (defaults to 0700).\n" "\n" "Overview of authentication in IPA\n" "=================================\n" "\n" "This describes how we currently authenticate and how we plan to\n" "improve authentication performance. First some definitions.\n" "\n" "There are 4 major players:\n" "\n" " 1. client\n" " 2. mod_auth_kerb (in Apache process)\n" " 3. wsgi handler (in IPA wsgi python process)\n" " 4. ds (directory server)\n" "\n" "There are several resources:\n" "\n" " 1. /ipa/ui (unprotected, web UI static resources)\n" " 2. /ipa/xml (protected, xmlrpc RPC used by command line clients)\n" " 3. /ipa/json (protected, json RPC used by javascript in web UI)\n" " 4. ds (protected, wsgi acts as proxy, our LDAP server)\n" "\n" "Current Model\n" "-------------\n" "\n" "This describes how things work in our current system for the web UI.\n" "\n" " 1. Client requests /ipa/ui, this is unprotected, is static and\n" " contains no sensitive information. Apache replies with html and\n" " javascript. The javascript requests /ipa/json.\n" "\n" " 2. Client sends post to /ipa/json.\n" "\n" " 3. mod_auth_kerb is configured to protect /ipa/json, replies 401\n" " authenticate negotiate.\n" "\n" " 4. Client resends with credentials\n" "\n" " 5. mod_auth_kerb validates credentials\n" "\n" " a. if invalid replies 403 access denied (stops here)\n" "\n" " b. if valid creates temporary ccache, adds KRB5CCNAME to request\n" " headers\n" "\n" " 6. Request passed to wsgi handler\n" "\n" " a. validates request, KRB5CCNAME must be present, referrer, etc.\n" "\n" " b. ccache saved and used to bind to ds\n" "\n" " c. routes to specified RPC handler.\n" "\n" " 7. wsgi handler replies to client\n" "\n" "Proposed new session based optimization\n" "---------------------------------------\n" "\n" "The round trip negotiate and credential validation in steps 3,4,5 is\n" "expensive. This can be avoided if we can cache the client\n" "credentials. With client sessions we can store the client credentials\n" "in the session bound to the client.\n" "\n" "A few notes about the session implementation.\n" "\n" " * based on session cookies, cookies must be enabled\n" "\n" " * session cookie is secure, only passed on secure connections, only\n" " passed to our URL resource, never visible to client javascript\n" " etc.\n" "\n" " * session cookie has a session id which is used by wsgi handler to\n" " retrieve client session data from shared multi-process cache.\n" "\n" "Changes to Apache's resource protection\n" "---------------------------------------\n" "\n" " * /ipa/json is no longer protected by mod_auth_kerb. This is\n" " necessary to avoid the negotiate expense in steps 3,4,5\n" " above. Instead the /ipa/json resource will be protected in our wsgi\n" " handler via the session cookie.\n" "\n" " * A new protected URI is introduced, /ipa/login. This resource\n" " does no serve any data, it is used exclusively for authentication.\n" "\n" "The new sequence is:\n" "\n" " 1. Client requests /ipa/ui, this is unprotected. Apache replies with\n" " html and javascript. The javascript requests /ipa/json.\n" "\n" " 2. Client sends post to /ipa/json, which is unprotected.\n" "\n" " 3. wsgi handler obtains session data from session cookie.\n" "\n" " a. if ccache is present in session data and is valid\n" "\n" " - request is further validated\n" "\n" " - ccache is established for bind to ds\n" "\n" " - request is routed to RPC handler\n" "\n" " - wsgi handler eventually replies to client\n" "\n" " b. if ccache is not present or not valid processing continues ...\n" "\n" " 4. wsgi handler replies with 401 Unauthorized\n" "\n" " 5. client sends request to /ipa/login to obtain session credentials\n" "\n" " 6. mod_auth_kerb replies 401 negotiate on /ipa/login\n" "\n" " 7. client sends credentials to /ipa/login\n" "\n" " 8. mod_auth_kerb validates credentials\n" "\n" " a. if valid\n" "\n" " - mod_auth_kerb permits access to /ipa/login. wsgi handler is\n" " invoked and does the following:\n" "\n" " * establishes session for client\n" "\n" " * retrieves the ccache from KRB5CCNAME and stores it\n" "\n" " a. if invalid\n" "\n" " - mod_auth_kerb sends 403 access denied (processing stops)\n" "\n" " 9. client now posts the same data again to /ipa/json including\n" " session cookie. Processing repeats starting at step 2 and since\n" " the session data now contains a valid ccache step 3a executes, a\n" " successful reply is sent to client.\n" "\n" "Command line client using xmlrpc\n" "--------------------------------\n" "\n" "The above describes the web UI utilizing the json RPC mechanism. The\n" "IPA command line tools utilize a xmlrpc RPC mechanism on the same\n" "HTTP server. Access to the xmlrpc is via the /ipa/xml URI. The json\n" "and xmlrpc API's are the same, they differ only on how their procedure\n" "calls are marshalled and unmarshalled.\n" "\n" "Under the new scheme /ipa/xml will continue to be Kerberos protected\n" "at all times. Apache's mod_auth_kerb will continue to require the\n" "client provides valid Kerberos credentials.\n" "\n" "When the WSGI handler routes to /ipa/xml the Kerberos credentials will\n" "be extracted from the KRB5CCNAME environment variable as provided by\n" "mod_auth_kerb. Everything else remains the same.\n" msgstr "" msgid "" "\n" "Sudo Commands\n" "\n" "Commands used as building blocks for sudo\n" "\n" "EXAMPLES:\n" "\n" " Create a new command\n" " ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n" "\n" " Remove a command\n" " ipa sudocmd-del /usr/bin/less\n" msgstr "" msgid "Results should contain primary key attribute only (\"command\")" msgstr "" msgid "" "\n" "Groups of Sudo Commands\n" "\n" "Manage groups of Sudo Commands.\n" "\n" "EXAMPLES:\n" "\n" " Add a new Sudo Command Group:\n" " ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" "\n" " Remove a Sudo Command Group:\n" " ipa sudocmdgroup-del admincmds\n" "\n" " Manage Sudo Command Group membership, commands:\n" " ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/" "vim admincmds\n" "\n" " Manage Sudo Command Group membership, commands:\n" " ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n" "\n" " Show a Sudo Command Group:\n" " ipa group-show localadmins\n" msgstr "" msgid "Member Sudo commands" msgstr "" msgid "member sudo command" msgstr "" msgid "sudo commands to add" msgstr "" msgid "" "Results should contain primary key attribute only (\"sudocmdgroup-name\")" msgstr "" msgid "sudo commands to remove" msgstr "" msgid "" "\n" "Sudo Rules\n" "\n" "Sudo (su \"do\") allows a system administrator to delegate authority to\n" "give certain users (or groups of users) the ability to run some (or all)\n" "commands as root or another user while providing an audit trail of the\n" "commands and their arguments.\n" "\n" "FreeIPA provides a means to configure the various aspects of Sudo:\n" " Users: The user(s)/group(s) allowed to invoke Sudo.\n" " Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " "Sudo.\n" " Allow Command: The specific command(s) permitted to be run via Sudo.\n" " Deny Command: The specific command(s) prohibited to be run via Sudo.\n" " RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " "invoked with.\n" " RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" " Options: The various Sudoers Options that can modify Sudo's behavior.\n" "\n" "An order can be added to a sudorule to control the order in which they\n" "are evaluated (if the client supports it). This order is an integer and\n" "must be unique.\n" "\n" "FreeIPA provides a designated binddn to use with Sudo located at:\n" "uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" "\n" "To enable the binddn run the following command to set the password:\n" "LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" "ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," "dc=com\n" "\n" "EXAMPLES:\n" "\n" " Create a new rule:\n" " ipa sudorule-add readfiles\n" "\n" " Add sudo command object and add it as allowed command in the rule:\n" " ipa sudocmd-add /usr/bin/less\n" " ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n" "\n" " Add a host to the rule:\n" " ipa sudorule-add-host readfiles --hosts server.example.com\n" "\n" " Add a user to the rule:\n" " ipa sudorule-add-user readfiles --users jsmith\n" "\n" " Add a special Sudo rule for default Sudo server configuration:\n" " ipa sudorule-add defaults\n" "\n" " Set a default Sudo option:\n" " ipa sudorule-add-option defaults --sudooption '!authenticate'\n" msgstr "" msgid "member sudo command group" msgstr "" msgid "sudo command groups to add" msgstr "" msgid "Results should contain primary key attribute only (\"sudorule-name\")" msgstr "" msgid "sudo command groups to remove" msgstr "" msgid "Kerberos principal" msgstr "" msgid "Indirect Member of group" msgstr "" msgid "Results should contain primary key attribute only (\"login\")" msgstr "" msgid "Search for users with these member of groups." msgstr "" msgid "Search for users without these member of groups." msgstr "" msgid "Search for users with these member of netgroups." msgstr "" msgid "Search for users without these member of netgroups." msgstr "" msgid "Search for users with these member of roles." msgstr "" msgid "Search for users without these member of roles." msgstr "" msgid "Search for users with these member of HBAC rules." msgstr "" msgid "Search for users without these member of HBAC rules." msgstr "" msgid "Search for users with these member of sudo rules." msgstr "" msgid "Search for users without these member of sudo rules." msgstr "" msgid "Rename the user object" msgstr "" msgid "" "\n" "Lockout status of a user account\n" "\n" " An account may become locked if the password is entered incorrectly too\n" " many times within a specific time period as controlled by password\n" " policy. A locked account is a temporary condition and may be unlocked " "by\n" " an administrator.\n" "\n" " This connects to each IPA master and displays the lockout status on\n" " each one.\n" "\n" " To determine whether an account is locked on a given server you need\n" " to compare the number of failed logins and the time of the last " "failure.\n" " For an account to be locked it must exceed the maxfail failures within\n" " the failinterval duration as specified in the password policy " "associated\n" " with the user.\n" "\n" " The failed login counter is modified only when a user attempts a log in\n" " so it is possible that an account may appear locked but the last failed\n" " login attempt is older than the lockouttime of the password policy. " "This\n" " means that the user may attempt a login again.\n" " " msgstr "" msgid "" "\n" "Unlock a user account\n" "\n" " An account may become locked if the password is entered incorrectly too\n" " many times within a specific time period as controlled by password\n" " policy. A locked account is a temporary condition and may be unlocked " "by\n" " an administrator.\n" " " msgstr "" msgid "" "\n" "Domain Name System (DNS)\n" "\n" "Manage DNS zone and resource records.\n" "\n" "SUPPORTED ZONE TYPES\n" "\n" " * Master zone (dnszone-*), contains authoritative data.\n" " * Forward zone (dnsforwardzone-*), forwards queries to configured " "forwarders\n" " (a set of DNS servers).\n" "\n" "USING STRUCTURED PER-TYPE OPTIONS\n" "\n" "There are many structured DNS RR types where DNS data stored in LDAP server\n" "is not just a scalar value, for example an IP address or a domain name, but\n" "a data structure which may be often complex. A good example is a LOC record\n" "[RFC1876] which consists of many mandatory and optional parts (degrees,\n" "minutes, seconds of latitude and longitude, altitude or precision).\n" "\n" "It may be difficult to manipulate such DNS records without making a mistake\n" "and entering an invalid value. DNS module provides an abstraction over " "these\n" "raw records and allows to manipulate each RR type with specific options. " "For\n" "each supported RR type, DNS module provides a standard option to manipulate\n" "a raw records with format ---rec, e.g. --mx-rec, and special " "options\n" "for every part of the RR structure with format ---, e.g.\n" "--mx-preference and --mx-exchanger.\n" "\n" "When adding a record, either RR specific options or standard option for a " "raw\n" "value can be used, they just should not be combined in one add operation. " "When\n" "modifying an existing entry, new RR specific options can be used to change\n" "one part of a DNS record, where the standard option for raw value is used\n" "to specify the modified value. The following example demonstrates\n" "a modification of MX record preference from 0 to 1 in a record without\n" "modifying the exchanger:\n" "ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add new zone:\n" " ipa dnszone-add example.com --admin-email=admin@example.com\n" "\n" " Add system permission that can be used for per-zone privilege delegation:\n" " ipa dnszone-add-permission example.com\n" "\n" " Modify the zone to allow dynamic updates for hosts own records in realm " "EXAMPLE.COM:\n" " ipa dnszone-mod example.com --dynamic-update=TRUE\n" "\n" " This is the equivalent of:\n" " ipa dnszone-mod example.com --dynamic-update=TRUE --update-policy=" "\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant " "EXAMPLE.COM krb5-self * SSHFP;\"\n" "\n" " Modify the zone to allow zone transfers for local network only:\n" " ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n" "\n" " Add new reverse zone specified by network IP address:\n" " ipa dnszone-add --name-from-ip=192.0.2.0/24\n" "\n" " Add second nameserver for example.com:\n" " ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" "\n" " Add a mail server for example.com:\n" " ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" "\n" " Add another record using MX record specific options:\n" " ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" "\n" " Add another record using interactive mode (started when dnsrecord-add, " "dnsrecord-mod,\n" " or dnsrecord-del are executed with no options):\n" " ipa dnsrecord-add example.com @\n" " Please choose a type of DNS resource record to be added\n" " The most common types for this type of zone are: NS, MX, LOC\n" "\n" " DNS resource record type: MX\n" " MX Preference: 30\n" " MX Exchanger: mail3\n" " Record name: example.com\n" " MX record: 10 mail1, 20 mail2, 30 mail3\n" " NS record: nameserver.example.com., nameserver2.example.com.\n" "\n" " Delete previously added nameserver from example.com:\n" " ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" "\n" " Add LOC record for example.com:\n" " ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " "227.64m\"\n" "\n" " Add new A record for www.example.com. Create a reverse record in " "appropriate\n" " reverse zone as well. In this case a PTR record \"2\" pointing to www." "example.com\n" " will be created in zone 2.0.192.in-addr.arpa.\n" " ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n" "\n" " Add new PTR record for www.example.com\n" " ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" "\n" " Add new SRV records for LDAP servers. Three quarters of the requests\n" " should go to fast.example.com, one quarter to slow.example.com. If neither\n" " is available, switch to backup.example.com.\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." "com\"\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." "com\"\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." "example.com\"\n" "\n" " The interactive mode can be used for easy modification:\n" " ipa dnsrecord-mod example.com _ldap._tcp\n" " No option to modify specific record provided.\n" " Current DNS record contents:\n" "\n" " SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " "backup.example.com\n" "\n" " Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" " Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" " SRV Priority [0]: (keep the default value)\n" " SRV Weight [1]: 2 (modified value)\n" " SRV Port [389]: (keep the default value)\n" " SRV Target [slow.example.com]: (keep the default value)\n" " 1 SRV record skipped. Only one value per DNS record type can be modified " "at one time.\n" " Record name: _ldap._tcp\n" " SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " "389 slow.example.com\n" "\n" " After this modification, three fifths of the requests should go to\n" " fast.example.com and two fifths to slow.example.com.\n" "\n" " An example of the interactive mode for dnsrecord-del command:\n" " ipa dnsrecord-del example.com www\n" " No option to delete specific record provided.\n" " Delete all? Yes/No (default No): (do not delete all records)\n" " Current DNS record contents:\n" "\n" " A record: 192.0.2.2, 192.0.2.3\n" "\n" " Delete A record '192.0.2.2'? Yes/No (default No):\n" " Delete A record '192.0.2.3'? Yes/No (default No): y\n" " Record name: www\n" " A record: 192.0.2.2 (A record 192.0.2.3 has been " "deleted)\n" "\n" " Show zone example.com:\n" " ipa dnszone-show example.com\n" "\n" " Find zone with \"example\" in its domain name:\n" " ipa dnszone-find example\n" "\n" " Find records for resources with \"www\" in their name in zone example.com:\n" " ipa dnsrecord-find example.com www\n" "\n" " Find A records with value 192.0.2.2 in zone example.com\n" " ipa dnsrecord-find example.com --a-rec=192.0.2.2\n" "\n" " Show records for resource www in zone example.com\n" " ipa dnsrecord-show example.com www\n" "\n" " Delegate zone sub.example to another nameserver:\n" " ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n" " ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" "\n" " Delete zone example.com with all resource records:\n" " ipa dnszone-del example.com\n" "\n" " If a global forwarder is configured, all queries for which this server is " "not\n" " authoritative (e.g. sub.example.com) will be routed to the global " "forwarder.\n" " Global forwarding configuration can be overridden per-zone.\n" "\n" " Semantics of forwarding in IPA matches BIND semantics and depends on the " "type\n" " of zone:\n" " * Master zone: local BIND replies authoritatively to queries for data in\n" " the given zone (including authoritative NXDOMAIN answers) and forwarding\n" " affects only queries for names below zone cuts (NS records) of locally\n" " served zones.\n" "\n" " * Forward zone: forward zone contains no authoritative data. BIND " "forwards\n" " queries, which cannot be answered from its local cache, to configured\n" " forwarders.\n" "\n" " Semantics of the --forward-policy option:\n" " * none - disable forwarding for the given zone.\n" " * first - forward all queries to configured forwarders. If they fail,\n" " do resolution using DNS root servers.\n" " * only - forward all queries to configured forwarders and if they fail,\n" " return failure.\n" "\n" " Disable global forwarding for given sub-tree:\n" " ipa dnszone-mod example.com --forward-policy=none\n" "\n" " This configuration forwards all queries for names outside the example.com\n" " sub-tree to global forwarders. Normal recursive resolution process is used\n" " for names inside the example.com sub-tree (i.e. NS records are followed " "etc.).\n" "\n" " Forward all requests for the zone external.example.com to another " "forwarder\n" " using a \"first\" policy (it will send the queries to the selected " "forwarder\n" " and if not answered it will use global root servers):\n" " ipa dnsforwardzone-add external.example.com --forward-" "policy=first --forwarder=203.0.113.1\n" "\n" " Change forward-policy for external.example.com:\n" " ipa dnsforwardzone-mod external.example.com --forward-policy=only\n" "\n" " Show forward zone external.example.com:\n" " ipa dnsforwardzone-show external.example.com\n" "\n" " List all forward zones:\n" " ipa dnsforwardzone-find\n" "\n" " Delete forward zone external.example.com:\n" " ipa dnsforwardzone-del external.example.com\n" "\n" " Resolve a host name to see if it exists (will add default IPA domain\n" " if one is not included):\n" " ipa dns-resolve www.example.com\n" " ipa dns-resolve www\n" "\n" "\n" "GLOBAL DNS CONFIGURATION\n" "\n" "DNS configuration passed to command line install script is stored in a " "local\n" "configuration file on each IPA server where DNS service is configured. " "These\n" "local settings can be overridden with a common configuration stored in LDAP\n" "server:\n" "\n" " Show global DNS configuration:\n" " ipa dnsconfig-show\n" "\n" " Modify global DNS configuration and set a list of global forwarders:\n" " ipa dnsconfig-mod --forwarder=203.0.113.113\n" msgstr "" msgid "A record" msgstr "" msgid "Raw A records" msgstr "" msgid "A IP Address" msgstr "" msgid "A Create reverse" msgstr "" msgid "AAAA record" msgstr "" msgid "Raw AAAA records" msgstr "" msgid "AAAA IP Address" msgstr "" msgid "AAAA Create reverse" msgstr "" msgid "A6 record" msgstr "" msgid "Raw A6 records" msgstr "" msgid "A6 Record data" msgstr "" msgid "AFSDB record" msgstr "" msgid "Raw AFSDB records" msgstr "" msgid "AFSDB Subtype" msgstr "" msgid "AFSDB Hostname" msgstr "" msgid "APL record" msgstr "" msgid "Raw APL records" msgstr "" msgid "CERT record" msgstr "" msgid "Raw CERT records" msgstr "" msgid "CERT Certificate Type" msgstr "" msgid "CERT Key Tag" msgstr "" msgid "CERT Algorithm" msgstr "" msgid "CERT Certificate/CRL" msgstr "" msgid "CNAME record" msgstr "" msgid "Raw CNAME records" msgstr "" msgid "CNAME Hostname" msgstr "" msgid "DHCID record" msgstr "" msgid "Raw DHCID records" msgstr "" msgid "DLV record" msgstr "" msgid "Raw DLV records" msgstr "" msgid "DLV Key Tag" msgstr "" msgid "DLV Algorithm" msgstr "" msgid "DLV Digest Type" msgstr "" msgid "DLV Digest" msgstr "" msgid "DNAME record" msgstr "" msgid "Raw DNAME records" msgstr "" msgid "DNAME Target" msgstr "" msgid "DNSKEY record" msgstr "" msgid "Raw DNSKEY records" msgstr "" msgid "DS record" msgstr "" msgid "Raw DS records" msgstr "" msgid "DS Key Tag" msgstr "" msgid "DS Algorithm" msgstr "" msgid "DS Digest Type" msgstr "" msgid "DS Digest" msgstr "" msgid "HIP record" msgstr "" msgid "Raw HIP records" msgstr "" msgid "IPSECKEY record" msgstr "" msgid "Raw IPSECKEY records" msgstr "" msgid "KEY record" msgstr "" msgid "Raw KEY records" msgstr "" msgid "KX record" msgstr "" msgid "Raw KX records" msgstr "" msgid "KX Preference" msgstr "" msgid "KX Exchanger" msgstr "" msgid "LOC record" msgstr "" msgid "Raw LOC records" msgstr "" msgid "LOC Degrees Latitude" msgstr "" msgid "LOC Minutes Latitude" msgstr "" msgid "LOC Seconds Latitude" msgstr "" msgid "LOC Direction Latitude" msgstr "" msgid "LOC Degrees Longitude" msgstr "" msgid "LOC Minutes Longitude" msgstr "" msgid "LOC Seconds Longitude" msgstr "" msgid "LOC Direction Longitude" msgstr "" msgid "LOC Altitude" msgstr "" msgid "LOC Size" msgstr "" msgid "LOC Horizontal Precision" msgstr "" msgid "LOC Vertical Precision" msgstr "" msgid "MX record" msgstr "" msgid "Raw MX records" msgstr "" msgid "MX Preference" msgstr "" msgid "MX Exchanger" msgstr "" msgid "NAPTR record" msgstr "" msgid "Raw NAPTR records" msgstr "" msgid "NAPTR Order" msgstr "" msgid "NAPTR Preference" msgstr "" msgid "NAPTR Flags" msgstr "" msgid "NAPTR Service" msgstr "" msgid "NAPTR Regular Expression" msgstr "" msgid "NAPTR Replacement" msgstr "" msgid "NS record" msgstr "" msgid "Raw NS records" msgstr "" msgid "NS Hostname" msgstr "" msgid "NSEC record" msgstr "" msgid "Raw NSEC records" msgstr "" msgid "NSEC3 record" msgstr "" msgid "Raw NSEC3 records" msgstr "" msgid "PTR record" msgstr "" msgid "Raw PTR records" msgstr "" msgid "PTR Hostname" msgstr "" msgid "RRSIG record" msgstr "" msgid "Raw RRSIG records" msgstr "" msgid "RP record" msgstr "" msgid "Raw RP records" msgstr "" msgid "SIG record" msgstr "" msgid "Raw SIG records" msgstr "" msgid "SPF record" msgstr "" msgid "Raw SPF records" msgstr "" msgid "SRV record" msgstr "" msgid "Raw SRV records" msgstr "" msgid "SRV Priority" msgstr "" msgid "SRV Weight" msgstr "" msgid "SRV Port" msgstr "" msgid "SRV Target" msgstr "" msgid "SSHFP record" msgstr "" msgid "Raw SSHFP records" msgstr "" msgid "SSHFP Algorithm" msgstr "" msgid "SSHFP Fingerprint Type" msgstr "" msgid "SSHFP Fingerprint" msgstr "" msgid "TA record" msgstr "" msgid "Raw TA records" msgstr "" msgid "TLSA record" msgstr "" msgid "Raw TLSA records" msgstr "" msgid "TLSA Certificate Usage" msgstr "" msgid "TLSA Selector" msgstr "" msgid "TLSA Matching Type" msgstr "" msgid "TLSA Certificate Association Data" msgstr "" msgid "TKEY record" msgstr "" msgid "Raw TKEY records" msgstr "" msgid "TSIG record" msgstr "" msgid "Raw TSIG records" msgstr "" msgid "TXT record" msgstr "" msgid "Raw TXT records" msgstr "" msgid "TXT Text Data" msgstr "" msgid "Resolve a host name in DNS." msgstr "" msgid "Rename the DNS resource record object" msgstr "" msgid "Results should contain primary key attribute only (\"anchor\")" msgstr "" msgid "Rename the Group ID override object" msgstr "" msgid "Rename the User ID override object" msgstr "" msgid "" "Applies ID View to specified hosts or current members of specified " "hostgroups. If any other ID View is applied to the host, it is overriden." msgstr "" msgid "Rename the ID View object" msgstr "" msgid "" "\n" "IPA certificate operations\n" "\n" "Implements a set of commands for managing server SSL certificates.\n" "\n" "Certificate requests exist in the form of a Certificate Signing Request " "(CSR)\n" "in PEM format.\n" "\n" "The dogtag CA uses just the CN value of the CSR and forces the rest of the\n" "subject to values configured in the server.\n" "\n" "A certificate is stored with a service principal and a service principal\n" "needs a host.\n" "\n" "In order to request a certificate:\n" "\n" "* The host must exist\n" "* The service must exist (or you use the --add option to automatically add " "it)\n" "\n" "SEARCHING:\n" "\n" "Certificates may be searched on by certificate subject, serial number,\n" "revocation reason, validity dates and the issued date.\n" "\n" "When searching on dates the _from date does a >= search and the _to date\n" "does a <= search. When combined these are done as an AND.\n" "\n" "Dates are treated as GMT to match the dates in the certificates.\n" "\n" "The date format is YYYY-mm-dd.\n" "\n" "EXAMPLES:\n" "\n" " Request a new certificate and add the principal:\n" " ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" "\n" " Retrieve an existing certificate:\n" " ipa cert-show 1032\n" "\n" " Revoke a certificate (see RFC 5280 for reason details):\n" " ipa cert-revoke --revocation-reason=6 1032\n" "\n" " Remove a certificate from revocation hold status:\n" " ipa cert-remove-hold 1032\n" "\n" " Check the status of a signing request:\n" " ipa cert-status 10\n" "\n" " Search for certificates by hostname:\n" " ipa cert-find --subject=ipaserver.example.com\n" "\n" " Search for revoked certificates by reason:\n" " ipa cert-find --revocation-reason=5\n" "\n" " Search for certificates based on issuance date\n" " ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n" "\n" "IPA currently immediately issues (or declines) all certificate requests so\n" "the status of a request is not normally useful. This is for future use\n" "or the case where a CA does not immediately issue a certificate.\n" "\n" "The following revocation reasons are supported:\n" "\n" " * 0 - unspecified\n" " * 1 - keyCompromise\n" " * 2 - cACompromise\n" " * 3 - affiliationChanged\n" " * 4 - superseded\n" " * 5 - cessationOfOperation\n" " * 6 - certificateHold\n" " * 8 - removeFromCRL\n" " * 9 - privilegeWithdrawn\n" " * 10 - aACompromise\n" "\n" "Note that reason code 7 is not used. See RFC 5280 for more details:\n" "\n" "http://www.ietf.org/rfc/rfc5280.txt\n" msgstr "" msgid "Reason" msgstr "" msgid "Reason for revoking the certificate (0-10)" msgstr "" msgid "Maximum number of certs returned" msgstr "" msgid "Service principal for this certificate (e.g. HTTP/test.example.com)" msgstr "" msgid "automatically add the principal if it doesn't exist" msgstr "" msgid "" "\n" "Auto Membership Rule.\n" "\n" "Bring clarity to the membership of hosts and users by configuring inclusive\n" "or exclusive regex patterns, you can automatically assign a new entries " "into\n" "a group or hostgroup based upon attribute information.\n" "\n" "A rule is directly associated with a group by name, so you cannot create\n" "a rule without an accompanying group or hostgroup.\n" "\n" "A condition is a regular expression used by 389-ds to match a new incoming\n" "entry with an automember rule. If it matches an inclusive rule then the\n" "entry is added to the appropriate group or hostgroup.\n" "\n" "A default group or hostgroup could be specified for entries that do not\n" "match any rule. In case of user entries this group will be a fallback group\n" "because all users are by default members of group specified in IPA config.\n" "\n" "The automember-rebuild command can be used to retroactively run automember " "rules\n" "against existing entries, thus rebuilding their membership.\n" "\n" "EXAMPLES:\n" "\n" " Add the initial group or hostgroup:\n" " ipa hostgroup-add --desc=\"Web Servers\" webservers\n" " ipa group-add --desc=\"Developers\" devel\n" "\n" " Add the initial rule:\n" " ipa automember-add --type=hostgroup webservers\n" " ipa automember-add --type=group devel\n" "\n" " Add a condition to the rule:\n" " ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" "regex=^web[1-9]+\\.example\\.com webservers\n" " ipa automember-add-condition --key=manager --type=group --inclusive-" "regex=^uid=mscott devel\n" "\n" " Add an exclusive condition to the rule to prevent auto assignment:\n" " ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" "regex=^web5\\.example\\.com webservers\n" "\n" " Add a host:\n" " ipa host-add web1.example.com\n" "\n" " Add a user:\n" " ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" "\n" " Verify automembership:\n" " ipa hostgroup-show webservers\n" " Host-group: webservers\n" " Description: Web Servers\n" " Member hosts: web1.example.com\n" "\n" " ipa group-show devel\n" " Group name: devel\n" " Description: Developers\n" " GID: 1004200000\n" " Member users: tuser\n" "\n" " Remove a condition from the rule:\n" " ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" "regex=^web[1-9]+\\.example\\.com webservers\n" "\n" " Modify the automember rule:\n" " ipa automember-mod\n" "\n" " Set the default (fallback) target group:\n" " ipa automember-default-group-set --default-group=webservers --" "type=hostgroup\n" " ipa automember-default-group-set --default-group=ipausers --type=group\n" "\n" " Remove the default (fallback) target group:\n" " ipa automember-default-group-remove --type=hostgroup\n" " ipa automember-default-group-remove --type=group\n" "\n" " Show the default (fallback) target group:\n" " ipa automember-default-group-show --type=hostgroup\n" " ipa automember-default-group-show --type=group\n" "\n" " Find all of the automember rules:\n" " ipa automember-find\n" "\n" " Display a automember rule:\n" " ipa automember-show --type=hostgroup webservers\n" " ipa automember-show --type=group devel\n" "\n" " Delete an automember rule:\n" " ipa automember-del --type=hostgroup webservers\n" " ipa automember-del --type=group devel\n" "\n" " Rebuild membership for all users:\n" " ipa automember-rebuild --type=group\n" "\n" " Rebuild membership for all hosts:\n" " ipa automember-rebuild --type=hostgroup\n" "\n" " Rebuild membership for specified users:\n" " ipa automember-rebuild --users=tuser1 --users=tuser2\n" "\n" " Rebuild membership for specified hosts:\n" " ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example." "com\n" msgstr "" msgid "Add an automember rule." msgstr "" msgid "Add conditions to an automember rule." msgstr "" msgid "Remove default (fallback) group for all unmatched entries." msgstr "" msgid "Set default (fallback) group for all unmatched entries." msgstr "" msgid "Display information about the default (fallback) automember groups." msgstr "" msgid "Delete an automember rule." msgstr "" msgid "Search for automember rules." msgstr "" msgid "Modify an automember rule." msgstr "" msgid "Remove conditions from an automember rule." msgstr "" msgid "Display information about an automember rule." msgstr "" msgid "" "\n" "Groups of users\n" "\n" "Manage groups of users. By default, new groups are POSIX groups. You\n" "can add the --nonposix option to the group-add command to mark a new group\n" "as non-POSIX. You can use the --posix argument with the group-mod command\n" "to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" "converted to non-POSIX groups.\n" "\n" "Every group must have a description.\n" "\n" "POSIX groups must have a Group ID (GID) number. Changing a GID is\n" "supported but can have an impact on your file permissions. It is not " "necessary\n" "to supply a GID when creating a group. IPA will generate one automatically\n" "if it is not provided.\n" "\n" "EXAMPLES:\n" "\n" " Add a new group:\n" " ipa group-add --desc='local administrators' localadmins\n" "\n" " Add a new non-POSIX group:\n" " ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" "\n" " Convert a non-POSIX group to posix:\n" " ipa group-mod --posix remoteadmins\n" "\n" " Add a new POSIX group with a specific Group ID number:\n" " ipa group-add --gid=500 --desc='unix admins' unixadmins\n" "\n" " Add a new POSIX group and let IPA assign a Group ID number:\n" " ipa group-add --desc='printer admins' printeradmins\n" "\n" " Remove a group:\n" " ipa group-del unixadmins\n" "\n" " To add the \"remoteadmins\" group to the \"localadmins\" group:\n" " ipa group-add-member --groups=remoteadmins localadmins\n" "\n" " Add multiple users to the \"localadmins\" group:\n" " ipa group-add-member --users=test1 --users=test2 localadmins\n" "\n" " Remove a user from the \"localadmins\" group:\n" " ipa group-remove-member --users=test2 localadmins\n" "\n" " Display information about a named group.\n" " ipa group-show localadmins\n" "\n" "External group membership is designed to allow users from trusted domains\n" "to be mapped to local POSIX groups in order to actually use IPA resources.\n" "External members should be added to groups that specifically created as\n" "external and non-POSIX. Such group later should be included into one of " "POSIX\n" "groups.\n" "\n" "An external group member is currently a Security Identifier (SID) as defined " "by\n" "the trusted domain. When adding external group members, it is possible to\n" "specify them in either SID, or DOM\\name, or name@domain format. IPA will " "attempt\n" "to resolve passed name to SID with the use of Global Catalog of the trusted " "domain.\n" "\n" "Example:\n" "\n" "1. Create group for the trusted domain admins' mapping and their local POSIX " "group:\n" "\n" " ipa group-add --desc=' admins external map' ad_admins_external " "--external\n" " ipa group-add --desc=' admins' ad_admins\n" "\n" "2. Add security identifier of Domain Admins of the to the " "ad_admins_external\n" " group:\n" "\n" " ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" "3. Allow members of ad_admins_external group to be associated with ad_admins " "POSIX group:\n" "\n" " ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" "4. List members of external members of ad_admins_external group to see their " "SIDs:\n" "\n" " ipa group-show ad_admins_external\n" msgstr "" msgid "Results should contain primary key attribute only (\"group-name\")" msgstr "" msgid "Search for groups with these member users." msgstr "" msgid "Search for groups without these member users." msgstr "" msgid "Search for groups with these member groups." msgstr "" msgid "Search for groups without these member groups." msgstr "" msgid "Search for groups with these member of groups." msgstr "" msgid "Search for groups without these member of groups." msgstr "" msgid "Search for groups with these member of netgroups." msgstr "" msgid "Search for groups without these member of netgroups." msgstr "" msgid "Search for groups with these member of roles." msgstr "" msgid "Search for groups without these member of roles." msgstr "" msgid "Search for groups with these member of HBAC rules." msgstr "" msgid "Search for groups without these member of HBAC rules." msgstr "" msgid "Search for groups with these member of sudo rules." msgstr "" msgid "Search for groups without these member of sudo rules." msgstr "" msgid "Rename the group object" msgstr "" msgid "" "\n" "Simulate use of Host-based access controls\n" "\n" "HBAC rules control who can access what services on what hosts.\n" "You can use HBAC to control which users or groups can access a service,\n" "or group of services, on a target host.\n" "\n" "Since applying HBAC rules implies use of a production environment,\n" "this plugin aims to provide simulation of HBAC rules evaluation without\n" "having access to the production environment.\n" "\n" " Test user coming to a service on a named host against\n" " existing enabled rules.\n" "\n" " ipa hbactest --user= --host= --service=\n" " [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" " [--sizelimit= ]\n" "\n" " --user, --host, and --service are mandatory, others are optional.\n" "\n" " If --rules is specified simulate enabling of the specified rules and test\n" " the login of the user using only these rules.\n" "\n" " If --enabled is specified, all enabled HBAC rules will be added to " "simulation\n" "\n" " If --disabled is specified, all disabled HBAC rules will be added to " "simulation\n" "\n" " If --nodetail is specified, do not return information about rules matched/" "not matched.\n" "\n" " If both --rules and --enabled are specified, apply simulation to --rules " "_and_\n" " all IPA enabled rules.\n" "\n" " If no --rules specified, simulation is run against all IPA enabled rules.\n" " By default there is a IPA-wide limit to number of entries fetched, you can " "change it\n" " with --sizelimit option.\n" "\n" "EXAMPLES:\n" "\n" " 1. Use all enabled HBAC rules in IPA database to simulate:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Matched rules: allow_all\n" "\n" " 2. Disable detailed summary of how rules were applied:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" " --------------------\n" " Access granted: True\n" " --------------------\n" "\n" " 3. Test explicitly specified HBAC rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" " --rules=myrule --rules=my-second-rule\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: myrule\n" "\n" " 4. Use all enabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" " --rules=myrule --rules=my-second-rule --enabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Matched rules: allow_all\n" "\n" " 5. Test all disabled HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: new-rule\n" "\n" " 6. Test all disabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" " --rules=myrule --rules=my-second-rule --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" "\n" " 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n" " --enabled --disabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Not matched rules: new-rule\n" " Matched rules: allow_all\n" "\n" "\n" "HBACTEST AND TRUSTED DOMAINS\n" "\n" "When an external trusted domain is configured in IPA, HBAC rules are also " "applied\n" "on users accessing IPA resources from the trusted domain. Trusted domain " "users and\n" "groups (and their SIDs) can be then assigned to external groups which can " "be\n" "members of POSIX groups in IPA which can be used in HBAC rules and thus " "allowing\n" "access to resources protected by the HBAC system.\n" "\n" "hbactest plugin is capable of testing access for both local IPA users and " "users\n" "from the trusted domains, either by a fully qualified user name or by user " "SID.\n" "Such user names need to have a trusted domain specified as a short name\n" "(DOMAIN\\Administrator) or with a user principal name (UPN), " "Administrator@ad.test.\n" "\n" "Please note that hbactest executed with a trusted domain user as --user " "parameter\n" "can be only run by members of \"trust admins\" group.\n" "\n" "EXAMPLES:\n" "\n" " 1. Test if a user from a trusted domain specified by its shortname " "matches any\n" " rule:\n" "\n" " $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 2. Test if a user from a trusted domain specified by its domain name " "matches\n" " any rule:\n" "\n" " $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 3. Test if a user from a trusted domain specified by its SID matches any " "rule:\n" "\n" " $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n" " --host `hostname` --service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 4. Test if other user from a trusted domain specified by its SID matches " "any rule:\n" "\n" " $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n" " --host `hostname` --service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Not matched rules: can_login\n" "\n" " 5. Test if other user from a trusted domain specified by its shortname " "matches\n" " any rule:\n" "\n" " $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " "sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Not matched rules: can_login\n" msgstr "" msgid "" "\n" "Cross-realm trusts\n" "\n" "Manage trust relationship between IPA and Active Directory domains.\n" "\n" "In order to allow users from a remote domain to access resources in IPA\n" "domain, trust relationship needs to be established. Currently IPA supports\n" "only trusts between IPA and Active Directory domains under control of " "Windows\n" "Server 2008 or later, with functional level 2008 or later.\n" "\n" "Please note that DNS on both IPA and Active Directory domain sides should " "be\n" "configured properly to discover each other. Trust relationship relies on\n" "ability to discover special resources in the other domain via DNS records.\n" "\n" "Examples:\n" "\n" "1. Establish cross-realm trust with Active Directory using AD administrator\n" " credentials:\n" "\n" " ipa trust-add --type=ad --admin --" "password\n" "\n" "2. List all existing trust relationships:\n" "\n" " ipa trust-find\n" "\n" "3. Show details of the specific trust relationship:\n" "\n" " ipa trust-show \n" "\n" "4. Delete existing trust relationship:\n" "\n" " ipa trust-del \n" "\n" "Once trust relationship is established, remote users will need to be mapped\n" "to local POSIX groups in order to actually use IPA resources. The mapping " "should\n" "be done via use of external membership of non-POSIX group and then this " "group\n" "should be included into one of local POSIX groups.\n" "\n" "Example:\n" "\n" "1. Create group for the trusted domain admins' mapping and their local POSIX " "group:\n" "\n" " ipa group-add --desc=' admins external map' ad_admins_external " "--external\n" " ipa group-add --desc=' admins' ad_admins\n" "\n" "2. Add security identifier of Domain Admins of the to the " "ad_admins_external\n" " group:\n" "\n" " ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" "3. Allow members of ad_admins_external group to be associated with ad_admins " "POSIX group:\n" "\n" " ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" "4. List members of external members of ad_admins_external group to see their " "SIDs:\n" "\n" " ipa group-show ad_admins_external\n" "\n" "\n" "GLOBAL TRUST CONFIGURATION\n" "\n" "When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n" "a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n" "identifiers are then used when communicating with a trusted domain of the\n" "particular type.\n" "\n" "1. Show global trust configuration for Active Directory type of trusts:\n" "\n" " ipa trustconfig-show --type ad\n" "\n" "2. Modify global configuration for all trusts of Active Directory type and " "set\n" " a different fallback primary group (fallback primary group GID is used " "as\n" " a primary user GID if user authenticating to IPA domain does not have any " "other\n" " primary GID already set):\n" "\n" " ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD " "group\"\n" "\n" "3. Change primary fallback group back to default hidden group (any group " "with\n" " posixGroup object class is allowed):\n" "\n" " ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group" "\"\n" msgstr "" msgid "Trusted domain partner" msgstr "" msgid "" "\n" "Add new trust to use.\n" "\n" "This command establishes trust relationship to another domain\n" "which becomes 'trusted'. As result, users of the trusted domain\n" "may access resources of this domain.\n" "\n" "Only trusts to Active Directory domains are supported right now.\n" "\n" "The command can be safely run multiple times against the same domain,\n" "this will cause change to trust relationship credentials on both\n" "sides.\n" " " msgstr "" msgid "" "Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust" msgstr "" msgid "Results should contain primary key attribute only (\"realm\")" msgstr "" msgid "" "\n" "Modify a trust (for future use).\n" "\n" " Currently only the default option to modify the LDAP attributes is\n" " available. More specific options will be added in coming releases.\n" " " msgstr "" msgid "Results should contain primary key attribute only (\"domain\")" msgstr "" msgid "" "\n" "ID ranges\n" "\n" "Manage ID ranges used to map Posix IDs to SIDs and back.\n" "\n" "There are two type of ID ranges which are both handled by this utility:\n" "\n" " - the ID ranges of the local domain\n" " - the ID ranges of trusted remote domains\n" "\n" "Both types have the following attributes in common:\n" "\n" " - base-id: the first ID of the Posix ID range\n" " - range-size: the size of the range\n" "\n" "With those two attributes a range object can reserve the Posix IDs starting\n" "with base-id up to but not including base-id+range-size exclusively.\n" "\n" "Additionally an ID range of the local domain may set\n" " - rid-base: the first RID(*) of the corresponding RID range\n" " - secondary-rid-base: first RID of the secondary RID range\n" "\n" "and an ID range of a trusted domain must set\n" " - rid-base: the first RID of the corresponding RID range\n" " - sid: domain SID of the trusted domain\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for a trusted domain\n" "\n" "Since there might be more than one trusted domain the domain SID must be " "given\n" "while creating the ID range.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" "base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" "\n" "This ID range is then used by the IPA server and the SSSD IPA provider to\n" "assign Posix UIDs to users from the trusted domain.\n" "\n" "If e.g. a range for a trusted domain is configured with the following " "values:\n" " base-id = 1200000\n" " range-size = 200000\n" " rid-base = 0\n" "the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " "So\n" "RID 1000 <-> Posix ID 1201000\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for the local domain\n" "\n" "To create an ID range for the local domain it is not necessary to specify a\n" "domain SID. But since it is possible that a user and a group can have the " "same\n" "value as Posix ID a second RID interval is needed to handle conflicts.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" "base=1000 --secondary-rid-base=1000000 local_range\n" "\n" "The data from the ID ranges of the local domain are used by the IPA server\n" "internally to assign SIDs to IPA users and groups. The SID will then be " "stored\n" "in the user or group objects.\n" "\n" "If e.g. the ID range for the local domain is configured with the values " "from\n" "the example above then a new user with the UID 1200007 will get the RID " "1007.\n" "If this RID is already used by a group the RID will be 1000007. This can " "only\n" "happen if a user or a group object was created with a fixed ID because the\n" "automatic assignment will not assign the same ID twice. Since there are " "only\n" "users and groups sharing the same ID namespace it is sufficient to have " "only\n" "one fallback range to handle conflicts.\n" "\n" "To find the Posix ID for a given RID from the local domain it has to be\n" "checked first if the RID falls in the primary or secondary RID range and\n" "the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" "and the base-id has to be added to get the Posix ID.\n" "\n" "Typically the creation of ID ranges happens behind the scenes and this CLI\n" "must not be used at all. The ID range for the local domain will be created\n" "during installation or upgrade from an older version. The ID range for a\n" "trusted domain will be created together with the trust by 'ipa trust-" "add ...'.\n" "\n" "USE CASES:\n" "\n" " Add an ID range from a transitively trusted domain\n" "\n" " If the trusted domain (A) trusts another domain (B) as well and this " "trust\n" " is transitive 'ipa trust-add domain-A' will only create a range for\n" " domain A. The ID range for domain B must be added manually.\n" "\n" " Add an additional ID range for the local domain\n" "\n" " If the ID range of the local domain is exhausted, i.e. no new IDs can " "be\n" " assigned to Posix users or groups by the DNA plugin, a new range has to " "be\n" " created to allow new users and groups to be added. (Currently there is " "no\n" " connection between this range CLI and the DNA plugin, but a future " "version\n" " might be able to modify the configuration of the DNS plugin as well)\n" "\n" "In general it is not necessary to modify or delete ID ranges. If there is " "no\n" "other way to achieve a certain configuration than to modify or delete an ID\n" "range it should be done with great care. Because UIDs are stored in the " "file\n" "system and are used for access control it might be possible that users are\n" "allowed to access files of other users if an ID range got deleted and " "reused\n" "for a different domain.\n" "\n" "(*) The RID is typically the last integer of a user or group SID which " "follows\n" "the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " "from\n" "this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " "the\n" "user. RIDs are unique in a domain, 32bit values and are used for users and\n" "groups.\n" "\n" "WARNING:\n" "\n" "DNA plugin in 389-ds will allocate IDs based on the ranges configured for " "the\n" "local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" "on the local ranges set via this family of commands.\n" "\n" "Manual configuration change has to be done in the DNA plugin configuration " "for\n" "the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" "IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " "be\n" "modified to match the new range.\n" msgstr "" msgid "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local" msgstr "" msgid "" "\n" "Add new ID range.\n" "\n" " To add a new ID range you always have to specify\n" "\n" " --base-id\n" " --range-size\n" "\n" " Additionally\n" "\n" " --rid-base\n" " --secondary-rid-base\n" "\n" " may be given for a new ID range for the local domain while\n" "\n" " --rid-base\n" " --dom-sid\n" "\n" " must be given to add a new range for a trusted AD domain.\n" "\n" " WARNING:\n" "\n" " DNA plugin in 389-ds will allocate IDs based on the ranges configured " "for the\n" " local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" " on the local ranges set via this family of commands.\n" "\n" " Manual configuration change has to be done in the DNA plugin " "configuration for\n" " the new local range. Specifically, The dnaNextRange attribute of " "'cn=Posix\n" " IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " "to be\n" " modified to match the new range.\n" " " msgstr "" msgid "Modify ID range." msgstr "" msgid "" "\n" "Manage CA ACL rules.\n" "\n" "This plugin is used to define rules governing which principals are\n" "permitted to have certificates issued using a given certificate\n" "profile.\n" "\n" "PROFILE ID SYNTAX:\n" "\n" "A Profile ID is a string without spaces or punctuation starting with a " "letter\n" "and followed by a sequence of letters, digits or underscore (\"_\").\n" "\n" "EXAMPLES:\n" "\n" " Create a CA ACL \"test\" that grants all users access to the\n" " \"UserCert\" profile:\n" " ipa caacl-add test --usercat=all\n" " ipa caacl-add-profile test --certprofiles UserCert\n" "\n" " Display the properties of a named CA ACL:\n" " ipa caacl-show test\n" "\n" " Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n" " ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n" " ipa caacl-add-user alice_dnp3 --user=alice\n" "\n" " Disable a CA ACL:\n" " ipa caacl-disable test\n" "\n" " Remove a CA ACL:\n" " ipa caacl-del test\n" msgstr "" msgid "member Certificate Profile" msgstr "" msgid "Certificate Profiles to add" msgstr "" msgid "Certificate Profiles to remove" msgstr "" msgid "" "\n" "Manage Certificate Profiles\n" "\n" "Certificate Profiles are used by Certificate Authority (CA) in the signing " "of\n" "certificates to determine if a Certificate Signing Request (CSR) is " "acceptable,\n" "and if so what features and extensions will be present on the certificate.\n" "\n" "The Certificate Profile format is the property-list format understood by " "the\n" "Dogtag or Red Hat Certificate System CA.\n" "\n" "PROFILE ID SYNTAX:\n" "\n" "A Profile ID is a string without spaces or punctuation starting with a " "letter\n" "and followed by a sequence of letters, digits or underscore (\"_\").\n" "\n" "EXAMPLES:\n" "\n" " Import a profile that will not store issued certificates:\n" " ipa certprofile-import ShortLivedUserCert --file UserCert.profile " "--desc \"User Certificates\" --store=false\n" "\n" " Delete a certificate profile:\n" " ipa certprofile-del ShortLivedUserCert\n" "\n" " Show information about a profile:\n" " ipa certprofile-show ShortLivedUserCert\n" "\n" " Save profile configuration to a file:\n" " ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n" "\n" " Search for profiles that do not store certificates:\n" " ipa certprofile-find --store=false\n" "\n" "PROFILE CONFIGURATION FORMAT:\n" "\n" "The profile configuration format is the raw property-list format\n" "used by Dogtag Certificate System. The XML format is not supported.\n" "\n" "The following restrictions apply to profiles managed by FreeIPA:\n" "\n" "- When importing a profile the \"profileId\" field, if present, must\n" " match the ID given on the command line.\n" "\n" "- The \"classId\" field must be set to \"caEnrollImpl\"\n" "\n" "- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n" "\n" "- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n" " class must be used.\n" msgstr "" msgid "" "\n" "IPA servers\n" "\n" "Get information about installed IPA servers.\n" "\n" "EXAMPLES:\n" "\n" " Find all servers:\n" " ipa server-find\n" "\n" " Show specific server:\n" " ipa server-show ipa.example.com\n" msgstr "" msgid "Managed suffix" msgstr "" msgid "" "\n" "Service Constrained Delegation\n" "\n" "Manage rules to allow constrained delegation of credentials so\n" "that a service can impersonate a user when communicating with another\n" "service without requiring the user to actually forward their TGT.\n" "This makes for a much better method of delegating credentials as it\n" "prevents exposure of the short term secret of the user.\n" "\n" "The naming convention is to append the word \"target\" or \"targets\" to\n" "a matching rule name. This is not mandatory but helps conceptually\n" "to associate rules and targets.\n" "\n" "A rule consists of two things:\n" " - A list of targets the rule applies to\n" " - A list of memberPrincipals that are allowed to delegate for\n" " those targets\n" "\n" "A target consists of a list of principals that can be delegated.\n" "\n" "In English, a rule says that this principal can delegate as this\n" "list of principals, as defined by these targets.\n" "\n" "EXAMPLES:\n" "\n" " Add a new constrained delegation rule:\n" " ipa servicedelegationrule-add ftp-delegation\n" "\n" " Add a new constrained delegation target:\n" " ipa servicedelegationtarget-add ftp-delegation-target\n" "\n" " Add a principal to the rule:\n" " ipa servicedelegationrule-add-member --principals=ftp/ipa.example." "com ftp-delegation\n" "\n" " Add our target to the rule:\n" " ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-" "delegation-target ftp-delegation\n" "\n" " Add a principal to the target:\n" " ipa servicedelegationtarget-add-member --principals=ldap/ipa.example." "com ftp-delegation-target\n" "\n" " Display information about a named delegation rule and target:\n" " ipa servicedelegationrule_show ftp-delegation\n" " ipa servicedelegationtarget_show ftp-delegation-target\n" "\n" " Remove a constrained delegation:\n" " ipa servicedelegationrule-del ftp-delegation-target\n" " ipa servicedelegationtarget-del ftp-delegation\n" "\n" "In this example the ftp service can get a TGT for the ldap service on\n" "the bound user's behalf.\n" "\n" "It is strongly discouraged to modify the delegations that ship with\n" "IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n" "ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n" "to delegate, causing the framework to stop functioning.\n" msgstr "" msgid "member principal" msgstr "" msgid "principal to add" msgstr "" msgid "member service delegation target" msgstr "" msgid "service delegation targets to add" msgstr "" msgid "Results should contain primary key attribute only (\"delegation-name\")" msgstr "" msgid "principal to remove" msgstr "" msgid "service delegation targets to remove" msgstr "" msgid "" "\n" "Stageusers\n" "\n" "Manage stage user entries.\n" "\n" "Stage user entries are directly under the container: \"cn=stage users,\n" "cn=accounts, cn=provisioning, SUFFIX\".\n" "User can not authenticate with those entries (even if the entries\n" "contain credentials) and are candidate to become Active entries.\n" "\n" "Active user entries are Posix users directly under the container: " "\"cn=accounts, SUFFIX\".\n" "User can authenticate with Active entries, at the condition they have\n" "credentials\n" "\n" "Delete user entries are Posix users directly under the container: " "\"cn=deleted users,\n" "cn=accounts, cn=provisioning, SUFFIX\".\n" "User can not authenticate with those entries (even if the entries contain " "credentials)\n" "\n" "The stage user container contains entries\n" " - created by 'stageuser-add' commands that are Posix users\n" " - created by external provisioning system\n" "\n" "A valid stage user entry MUST:\n" " - entry RDN is 'uid'\n" " - ipaUniqueID is 'autogenerate'\n" "\n" "IPA supports a wide range of username formats, but you need to be aware of " "any\n" "restrictions that may apply to your particular environment. For example,\n" "usernames that start with a digit or usernames that exceed a certain length\n" "may cause problems for some UNIX systems.\n" "Use 'ipa config-mod' to change the username format allowed by IPA tools.\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add a new stageuser:\n" " ipa stageuser-add --first=Tim --last=User --password tuser1\n" "\n" " Add a stageuser from the Delete container\n" " ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" msgstr "" msgid "Search for stage users with these member of groups." msgstr "" msgid "Search for stage users without these member of groups." msgstr "" msgid "Search for stage users with these member of netgroups." msgstr "" msgid "Search for stage users without these member of netgroups." msgstr "" msgid "Search for stage users with these member of roles." msgstr "" msgid "Search for stage users without these member of roles." msgstr "" msgid "Search for stage users with these member of HBAC rules." msgstr "" msgid "Search for stage users without these member of HBAC rules." msgstr "" msgid "Search for stage users with these member of sudo rules." msgstr "" msgid "Search for stage users without these member of sudo rules." msgstr "" msgid "Rename the stage user object" msgstr "" msgid "" "\n" "Topology\n" "\n" "Management of a replication topology.\n" "\n" "Requires minimum domain level 1.\n" msgstr "" msgid "Attributes to replicate" msgstr "" msgid "LDAP suffix to be managed" msgstr "" msgid "Search for topology suffices." msgstr "" msgid "" "\n" "Verify replication topology for suffix.\n" "\n" "Checks done:\n" " 1. check if a topology is not disconnected. In other words if there are\n" " replication paths between all servers.\n" " 2. check if servers don't have more than the recommended number of\n" " replication agreements\n" " " msgstr "" msgid "" "\n" "Vaults\n" "\n" "Manage vaults.\n" "\n" "Vault is a secure place to store a secret.\n" "\n" "Based on the ownership there are three vault categories:\n" "* user/private vault\n" "* service vault\n" "* shared vault\n" "\n" "User vaults are vaults owned used by a particular user. Private\n" "vaults are vaults owned the current user. Service vaults are\n" "vaults owned by a service. Shared vaults are owned by the admin\n" "but they can be used by other users or services.\n" "\n" "Based on the security mechanism there are three types of\n" "vaults:\n" "* standard vault\n" "* symmetric vault\n" "* asymmetric vault\n" "\n" "Standard vault uses a secure mechanism to transport and\n" "store the secret. The secret can only be retrieved by users\n" "that have access to the vault.\n" "\n" "Symmetric vault is similar to the standard vault, but it\n" "pre-encrypts the secret using a password before transport.\n" "The secret can only be retrieved using the same password.\n" "\n" "Asymmetric vault is similar to the standard vault, but it\n" "pre-encrypts the secret using a public key before transport.\n" "The secret can only be retrieved using the private key.\n" "\n" "EXAMPLES:\n" "\n" " List vaults:\n" " ipa vault-find\n" " [--user |--service |--shared]\n" "\n" " Add a standard vault:\n" " ipa vault-add \n" " [--user |--service |--shared]\n" " --type standard\n" "\n" " Add a symmetric vault:\n" " ipa vault-add \n" " [--user |--service |--shared]\n" " --type symmetric --password-file password.txt\n" "\n" " Add an asymmetric vault:\n" " ipa vault-add \n" " [--user |--service |--shared]\n" " --type asymmetric --public-key-file public.pem\n" "\n" " Show a vault:\n" " ipa vault-show \n" " [--user |--service |--shared]\n" "\n" " Modify vault description:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --desc \n" "\n" " Modify vault type:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --type \n" " [old password/private key]\n" " [new password/public key]\n" "\n" " Modify symmetric vault password:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --change-password\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --old-password \n" " --new-password \n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --old-password-file \n" " --new-password-file \n" "\n" " Modify asymmetric vault keys:\n" " ipa vault-mod \n" " [--user |--service |--shared]\n" " --private-key-file \n" " --public-key-file \n" "\n" " Delete a vault:\n" " ipa vault-del \n" " [--user |--service |--shared]\n" "\n" " Display vault configuration:\n" " ipa vaultconfig-show\n" "\n" " Archive data into standard vault:\n" " ipa vault-archive \n" " [--user |--service |--shared]\n" " --in \n" "\n" " Archive data into symmetric vault:\n" " ipa vault-archive \n" " [--user |--service |--shared]\n" " --in \n" " --password-file password.txt\n" "\n" " Archive data into asymmetric vault:\n" " ipa vault-archive \n" " [--user |--service |--shared]\n" " --in \n" "\n" " Retrieve data from standard vault:\n" " ipa vault-retrieve \n" " [--user |--service |--shared]\n" " --out \n" "\n" " Retrieve data from symmetric vault:\n" " ipa vault-retrieve \n" " [--user |--service |--shared]\n" " --out \n" " --password-file password.txt\n" "\n" " Retrieve data from asymmetric vault:\n" " ipa vault-retrieve \n" " [--user |--service |--shared]\n" " --out --private-key-file private.pem\n" "\n" " Add vault owners:\n" " ipa vault-add-owner \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" "\n" " Delete vault owners:\n" " ipa vault-remove-owner \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" "\n" " Add vault members:\n" " ipa vault-add-member \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" "\n" " Delete vault members:\n" " ipa vault-remove-member \n" " [--user |--service |--shared]\n" " [--users ] [--groups ] [--services ]\n" msgstr "" msgid "owner user" msgstr "" msgid "owner group" msgstr "" msgid "owner service" msgstr "" msgid "" "\n" "ID ranges\n" "\n" "Manage ID ranges used to map Posix IDs to SIDs and back.\n" "\n" "There are two type of ID ranges which are both handled by this utility:\n" "\n" " - the ID ranges of the local domain\n" " - the ID ranges of trusted remote domains\n" "\n" "Both types have the following attributes in common:\n" "\n" " - base-id: the first ID of the Posix ID range\n" " - range-size: the size of the range\n" "\n" "With those two attributes a range object can reserve the Posix IDs starting\n" "with base-id up to but not including base-id+range-size exclusively.\n" "\n" "Additionally an ID range of the local domain may set\n" " - rid-base: the first RID(*) of the corresponding RID range\n" " - secondary-rid-base: first RID of the secondary RID range\n" "\n" "and an ID range of a trusted domain must set\n" " - rid-base: the first RID of the corresponding RID range\n" " - sid: domain SID of the trusted domain\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for a trusted domain\n" "\n" "Since there might be more than one trusted domain the domain SID must be " "given\n" "while creating the ID range.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" "base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" "\n" "This ID range is then used by the IPA server and the SSSD IPA provider to\n" "assign Posix UIDs to users from the trusted domain.\n" "\n" "If e.g. a range for a trusted domain is configured with the following " "values:\n" " base-id = 1200000\n" " range-size = 200000\n" " rid-base = 0\n" "the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " "So\n" "RID 1000 <-> Posix ID 1201000\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for the local domain\n" "\n" "To create an ID range for the local domain it is not necessary to specify a\n" "domain SID. But since it is possible that a user and a group can have the " "same\n" "value as Posix ID a second RID interval is needed to handle conflicts.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" "base=1000 --secondary-rid-base=1000000 local_range\n" "\n" "The data from the ID ranges of the local domain are used by the IPA server\n" "internally to assign SIDs to IPA users and groups. The SID will then be " "stored\n" "in the user or group objects.\n" "\n" "If e.g. the ID range for the local domain is configured with the values " "from\n" "the example above then a new user with the UID 1200007 will get the RID " "1007.\n" "If this RID is already used by a group the RID will be 1000007. This can " "only\n" "happen if a user or a group object was created with a fixed ID because the\n" "automatic assignment will not assign the same ID twice. Since there are " "only\n" "users and groups sharing the same ID namespace it is sufficient to have " "only\n" "one fallback range to handle conflicts.\n" "\n" "To find the Posix ID for a given RID from the local domain it has to be\n" "checked first if the RID falls in the primary or secondary RID range and\n" "the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" "and the base-id has to be added to get the Posix ID.\n" "\n" "Typically the creation of ID ranges happens behind the scenes and this CLI\n" "must not be used at all. The ID range for the local domain will be created\n" "during installation or upgrade from an older version. The ID range for a\n" "trusted domain will be created together with the trust by 'ipa trust-" "add ...'.\n" "\n" "USE CASES:\n" "\n" " Add an ID range from a transitively trusted domain\n" "\n" " If the trusted domain (A) trusts another domain (B) as well and this " "trust\n" " is transitive 'ipa trust-add domain-A' will only create a range for\n" " domain A. The ID range for domain B must be added manually.\n" "\n" " Add an additional ID range for the local domain\n" "\n" " If the ID range of the local domain is exhausted, i.e. no new IDs can " "be\n" " assigned to Posix users or groups by the DNA plugin, a new range has to " "be\n" " created to allow new users and groups to be added. (Currently there is " "no\n" " connection between this range CLI and the DNA plugin, but a future " "version\n" " might be able to modify the configuration of the DNS plugin as well)\n" "\n" "In general it is not necessary to modify or delete ID ranges. If there is " "no\n" "other way to achieve a certain configuration than to modify or delete an ID\n" "range it should be done with great care. Because UIDs are stored in the " "file\n" "system and are used for access control it might be possible that users are\n" "allowed to access files of other users if an ID range got deleted and " "reused\n" "for a different domain.\n" "\n" "(*) The RID is typically the last integer of a user or group SID which " "follows\n" "the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " "from\n" "this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " "the\n" "user. RIDs are unique in a domain, 32bit values and are used for users and\n" "groups.\n" "\n" "=======\n" "WARNING:\n" "\n" "DNA plugin in 389-ds will allocate IDs based on the ranges configured for " "the\n" "local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" "on the local ranges set via this family of commands.\n" "\n" "Manual configuration change has to be done in the DNA plugin configuration " "for\n" "the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" "IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " "be\n" "modified to match the new range.\n" "=======\n" msgstr "" msgid "" "\n" "Add new ID range.\n" "\n" " To add a new ID range you always have to specify\n" "\n" " --base-id\n" " --range-size\n" "\n" " Additionally\n" "\n" " --rid-base\n" " --secondary-rid-base\n" "\n" " may be given for a new ID range for the local domain while\n" "\n" " --rid-base\n" " --dom-sid\n" "\n" " must be given to add a new range for a trusted AD domain.\n" "\n" "=======\n" "WARNING:\n" "\n" "DNA plugin in 389-ds will allocate IDs based on the ranges configured for " "the\n" "local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" "on the local ranges set via this family of commands.\n" "\n" "Manual configuration change has to be done in the DNA plugin configuration " "for\n" "the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" "IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " "be\n" "modified to match the new range.\n" "=======\n" " " msgstr "" msgid "" "\n" "Modify ID range.\n" "\n" "=======\n" "WARNING:\n" "\n" "DNA plugin in 389-ds will allocate IDs based on the ranges configured for " "the\n" "local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" "on the local ranges set via this family of commands.\n" "\n" "Manual configuration change has to be done in the DNA plugin configuration " "for\n" "the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" "IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " "be\n" "modified to match the new range.\n" "=======\n" " " msgstr "" msgid "" "\n" "Groups of users\n" "\n" "Manage groups of users. By default, new groups are POSIX groups. You\n" "can add the --nonposix option to the group-add command to mark a new group\n" "as non-POSIX. You can use the --posix argument with the group-mod command\n" "to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" "converted to non-POSIX groups.\n" "\n" "Every group must have a description.\n" "\n" "POSIX groups must have a Group ID (GID) number. Changing a GID is\n" "supported but can have an impact on your file permissions. It is not " "necessary\n" "to supply a GID when creating a group. IPA will generate one automatically\n" "if it is not provided.\n" "\n" "EXAMPLES:\n" "\n" " Add a new group:\n" " ipa group-add --desc='local administrators' localadmins\n" "\n" " Add a new non-POSIX group:\n" " ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" "\n" " Convert a non-POSIX group to posix:\n" " ipa group-mod --posix remoteadmins\n" "\n" " Add a new POSIX group with a specific Group ID number:\n" " ipa group-add --gid=500 --desc='unix admins' unixadmins\n" "\n" " Add a new POSIX group and let IPA assign a Group ID number:\n" " ipa group-add --desc='printer admins' printeradmins\n" "\n" " Remove a group:\n" " ipa group-del unixadmins\n" "\n" " To add the \"remoteadmins\" group to the \"localadmins\" group:\n" " ipa group-add-member --groups=remoteadmins localadmins\n" "\n" " Add multiple users to the \"localadmins\" group:\n" " ipa group-add-member --users=test1 --users=test2 localadmins\n" "\n" " Remove a user from the \"localadmins\" group:\n" " ipa group-remove-member --users=test2 localadmins\n" "\n" " Display information about a named group.\n" " ipa group-show localadmins\n" "\n" "External group membership is designed to allow users from trusted domains\n" "to be mapped to local POSIX groups in order to actually use IPA resources.\n" "External members should be added to groups that specifically created as\n" "external and non-POSIX. Such group later should be included into one of " "POSIX\n" "groups.\n" "\n" "An external group member is currently a Security Identifier (SID) as defined " "by\n" "the trusted domain. When adding external group members, it is possible to\n" "specify them in either SID, or DOM\n" "ame, or name@domain format. IPA will attempt\n" "to resolve passed name to SID with the use of Global Catalog of the trusted " "domain.\n" "\n" "Example:\n" "\n" "1. Create group for the trusted domain admins' mapping and their local POSIX " "group:\n" "\n" " ipa group-add --desc=' admins external map' ad_admins_external " "--external\n" " ipa group-add --desc=' admins' ad_admins\n" "\n" "2. Add security identifier of Domain Admins of the to the " "ad_admins_external\n" " group:\n" "\n" " ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" "3. Allow members of ad_admins_external group to be associated with ad_admins " "POSIX group:\n" "\n" " ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" "4. List members of external members of ad_admins_external group to see their " "SIDs:\n" "\n" " ipa group-show ad_admins_external\n" msgstr "" msgid "" "\n" "Simulate use of Host-based access controls\n" "\n" "HBAC rules control who can access what services on what hosts.\n" "You can use HBAC to control which users or groups can access a service,\n" "or group of services, on a target host.\n" "\n" "Since applying HBAC rules implies use of a production environment,\n" "this plugin aims to provide simulation of HBAC rules evaluation without\n" "having access to the production environment.\n" "\n" " Test user coming to a service on a named host against\n" " existing enabled rules.\n" "\n" " ipa hbactest --user= --host= --service=\n" " [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" " [--sizelimit= ]\n" "\n" " --user, --host, and --service are mandatory, others are optional.\n" "\n" " If --rules is specified simulate enabling of the specified rules and test\n" " the login of the user using only these rules.\n" "\n" " If --enabled is specified, all enabled HBAC rules will be added to " "simulation\n" "\n" " If --disabled is specified, all disabled HBAC rules will be added to " "simulation\n" "\n" " If --nodetail is specified, do not return information about rules matched/" "not matched.\n" "\n" " If both --rules and --enabled are specified, apply simulation to --rules " "_and_\n" " all IPA enabled rules.\n" "\n" " If no --rules specified, simulation is run against all IPA enabled rules.\n" " By default there is a IPA-wide limit to number of entries fetched, you can " "change it\n" " with --sizelimit option.\n" "\n" "EXAMPLES:\n" "\n" " 1. Use all enabled HBAC rules in IPA database to simulate:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Matched rules: allow_all\n" "\n" " 2. Disable detailed summary of how rules were applied:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" " --------------------\n" " Access granted: True\n" " --------------------\n" "\n" " 3. Test explicitly specified HBAC rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --" "rules=myrule --rules=my-second-rule\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: myrule\n" "\n" " 4. Use all enabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --" "rules=myrule --rules=my-second-rule --enabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Matched rules: allow_all\n" "\n" " 5. Test all disabled HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: new-rule\n" "\n" " 6. Test all disabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --" "rules=myrule --rules=my-second-rule --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" "\n" " 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled " "--disabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Not matched rules: my-second-rule\n" " Not matched rules: my-third-rule\n" " Not matched rules: myrule\n" " Not matched rules: new-rule\n" " Matched rules: allow_all\n" "\n" "\n" "HBACTEST AND TRUSTED DOMAINS\n" "\n" "When an external trusted domain is configured in IPA, HBAC rules are also " "applied\n" "on users accessing IPA resources from the trusted domain. Trusted domain " "users and\n" "groups (and their SIDs) can be then assigned to external groups which can " "be\n" "members of POSIX groups in IPA which can be used in HBAC rules and thus " "allowing\n" "access to resources protected by the HBAC system.\n" "\n" "hbactest plugin is capable of testing access for both local IPA users and " "users\n" "from the trusted domains, either by a fully qualified user name or by user " "SID.\n" "Such user names need to have a trusted domain specified as a short name\n" "(DOMAIN\\Administrator) or with a user principal name (UPN), " "Administrator@ad.test.\n" "\n" "Please note that hbactest executed with a trusted domain user as --user " "parameter\n" "can be only run by members of \"trust admins\" group.\n" "\n" "EXAMPLES:\n" "\n" " 1. Test if a user from a trusted domain specified by its shortname " "matches any\n" " rule:\n" "\n" " $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 2. Test if a user from a trusted domain specified by its domain name " "matches\n" " any rule:\n" "\n" " $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 3. Test if a user from a trusted domain specified by its SID matches any " "rule:\n" "\n" " $ ipa hbactest --user " "S-1-5-21-3035198329-144811719-1378114514-500 --host `hostname` --" "service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Matched rules: can_login\n" "\n" " 4. Test if other user from a trusted domain specified by its SID matches " "any rule:\n" "\n" " $ ipa hbactest --user " "S-1-5-21-3035198329-144811719-1378114514-1203 --host `hostname` " "--service sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Not matched rules: can_login\n" "\n" " 5. Test if other user from a trusted domain specified by its shortname " "matches\n" " any rule:\n" "\n" " $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service " "sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " Matched rules: allow_all\n" " Not matched rules: can_login\n" msgstr "" msgid "Search for servers with these managed suffixes." msgstr "" msgid "Search for servers without these managed suffixes." msgstr "" msgid "" "\n" "Topology\n" "\n" "Management of a replication topology at domain level 1.\n" "\n" "IPA server's data is stored in LDAP server in two suffixes:\n" "* domain suffix, e.g., 'dc=example,dc=com', contains all domain related " "data\n" "* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n" " contains data for Certificate Server component\n" "\n" "Data stored on IPA servers is replicated to other IPA servers. The way it " "is\n" "replicated is defined by replication agreements. Replication agreements " "needs\n" "to be set for both suffixes separately. On domain level 0 they are managed\n" "using ipa-replica-manage and ipa-csreplica-manage tools. With domain level " "1\n" "they are managed centrally using `ipa topology*` commands.\n" "\n" "Agreements are represented by topology segments. By default topology " "segment\n" "represents 2 replication agreements - one for each direction, e.g., A to B " "and\n" "B to A. Creation of unidirectional segments is not allowed.\n" "\n" "To verify that no server is disconnected in the topology of the given " "suffix,\n" "use:\n" " ipa topologysuffix-verify $suffix\n" "\n" "\n" "Examples:\n" " Find all IPA servers:\n" " ipa server-find\n" "\n" " Find all suffixes:\n" " ipa topologysuffix-find\n" "\n" " Add topology segment to 'domain' suffix:\n" " ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n" "\n" " Add topology segment to 'ca' suffix:\n" " ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n" "\n" " List all topology segments in 'domain' suffix:\n" " ipa topologysegment-find domain\n" "\n" " List all topology segments in 'ca' suffix:\n" " ipa topologysegment-find ca\n" "\n" " Delete topology segment in 'domain' suffix:\n" " ipa topologysegment-del domain segment_name\n" "\n" " Delete topology segment in 'ca' suffix:\n" " ipa topologysegment-del ca segment_name\n" "\n" " Verify topology of 'domain' suffix:\n" " ipa topologysuffix-verify domain\n" "\n" " Verify topology of 'ca' suffix:\n" " ipa topologysuffix-verify ca\n" msgstr "" msgid "" "\n" "Directory Server Access Control Instructions (ACIs)\n" "\n" "ACIs are used to allow or deny access to information. This module is\n" "currently designed to allow, not deny, access.\n" "\n" "The aci commands are designed to grant permissions that allow updating\n" "existing entries or adding or deleting new ones. The goal of the ACIs\n" "that ship with IPA is to provide a set of low-level permissions that\n" "grant access to special groups called taskgroups. These low-level\n" "permissions can be combined into roles that grant broader access. These\n" "roles are another type of group, roles.\n" "\n" "For example, if you have taskgroups that allow adding and modifying users " "you\n" "could create a role, useradmin. You would assign users to the useradmin\n" "role to allow them to do the operations defined by the taskgroups.\n" "\n" "You can create ACIs that delegate permission so users in group A can write\n" "attributes on group B.\n" "\n" "The type option is a map that applies to all entries in the users, groups " "or\n" "host location. It is primarily designed to be used when granting add\n" "permissions (to write new entries).\n" "\n" "An ACI consists of three parts:\n" "1. target\n" "2. permissions\n" "3. bind rules\n" "\n" "The target is a set of rules that define which LDAP objects are being\n" "targeted. This can include a list of attributes, an area of that LDAP\n" "tree or an LDAP filter.\n" "\n" "The targets include:\n" "- attrs: list of attributes affected\n" "- type: an object type (user, group, host, service, etc)\n" "- memberof: members of a group\n" "- targetgroup: grant access to modify a specific group. This is primarily\n" " designed to enable users to add or remove members of a specific group.\n" "- filter: A legal LDAP filter used to narrow the scope of the target.\n" "- subtree: Used to apply a rule across an entire set of objects. For " "example,\n" " to allow adding users you need to grant \"add\" permission to the subtree\n" " ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n" " is a fail-safe for objects that may not be covered by the type option.\n" "\n" "The permissions define what the ACI is allowed to do, and are one or\n" "more of:\n" "1. write - write one or more attributes\n" "2. read - read one or more attributes\n" "3. add - add a new entry to the tree\n" "4. delete - delete an existing entry\n" "5. all - all permissions are granted\n" "\n" "Note the distinction between attributes and entries. The permissions are\n" "independent, so being able to add a user does not mean that the user will\n" "be editable.\n" "\n" "The bind rule defines who this ACI grants permissions to. The LDAP server\n" "allows this to be any valid LDAP entry but we encourage the use of\n" "taskgroups so that the rights can be easily shared through roles.\n" "\n" "For a more thorough description of access controls see\n" "http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control." "html\n" "\n" "EXAMPLES:\n" "\n" "NOTE: ACIs are now added via the permission plugin. These examples are to\n" "demonstrate how the various options work but this is done via the " "permission\n" "command-line now (see last example).\n" "\n" " Add an ACI so that the group \"secretaries\" can update the address on any " "user:\n" " ipa group-add --desc=\"Office secretaries\" secretaries\n" " ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries " "--permissions=write --prefix=none \"Secretaries write addresses\"\n" "\n" " Show the new ACI:\n" " ipa aci-show --prefix=none \"Secretaries write addresses\"\n" "\n" " Add an ACI that allows members of the \"addusers\" permission to add new " "users:\n" " ipa aci-add --type=user --permission=addusers --permissions=add --" "prefix=none \"Add new users\"\n" "\n" " Add an ACI that allows members of the editors manage members of the admins " "group:\n" " ipa aci-add --permissions=write --attrs=member --targetgroup=admins --" "group=editors --prefix=none \"Editors manage admins\"\n" "\n" " Add an ACI that allows members of the admins group to manage the street and " "zip code of those in the editors group:\n" " ipa aci-add --permissions=write --memberof=editors --group=admins --" "attrs=street,postalcode --prefix=none \"admins edit the address of editors" "\"\n" "\n" " Add an ACI that allows the admins group manage the street and zipcode of " "those who work for the boss:\n" " ipa aci-add --permissions=write --group=admins --attrs=street,postalcode " "--filter=\"(manager=uid=boss,cn=users,cn=accounts,dc=example,dc=com)\" --" "prefix=none \"Edit the address of those who work for the boss\"\n" "\n" " Add an entirely new kind of record to IPA that isn't covered by any of the " "--type options, creating a permission:\n" " ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange," "cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n" "\n" "\n" "The show command shows the raw 389-ds ACI.\n" "\n" "IMPORTANT: When modifying the target attributes of an existing ACI you\n" "must include all existing attributes as well. When doing an aci-mod the\n" "targetattr REPLACES the current attributes, it does not add to them.\n" msgstr "" msgid "" "comma-separated list of permissions to grant(read, write, add, delete, all)" msgstr "" msgid "Comma-separated list of attributes" msgstr "" msgid "" "\n" "Auto Membership Rule.\n" "\n" "Bring clarity to the membership of hosts and users by configuring inclusive\n" "or exclusive regex patterns, you can automatically assign a new entries " "into\n" "a group or hostgroup based upon attribute information.\n" "\n" "A rule is directly associated with a group by name, so you cannot create\n" "a rule without an accompanying group or hostgroup.\n" "\n" "A condition is a regular expression used by 389-ds to match a new incoming\n" "entry with an automember rule. If it matches an inclusive rule then the\n" "entry is added to the appropriate group or hostgroup.\n" "\n" "A default group or hostgroup could be specified for entries that do not\n" "match any rule. In case of user entries this group will be a fallback group\n" "because all users are by default members of group specified in IPA config.\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add the initial group or hostgroup:\n" " ipa hostgroup-add --desc=\"Web Servers\" webservers\n" " ipa group-add --desc=\"Developers\" devel\n" "\n" " Add the initial rule:\n" " ipa automember-add --type=hostgroup webservers\n" " ipa automember-add --type=group devel\n" "\n" " Add a condition to the rule:\n" " ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-" "regex=^web[1-9]+\\.example\\.com webservers\n" " ipa automember-add-condition --key=manager --type=group --inclusive-" "regex=^uid=mscott devel\n" "\n" " Add an exclusive condition to the rule to prevent auto assignment:\n" " ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-" "regex=^web5\\.example\\.com webservers\n" "\n" " Add a host:\n" " ipa host-add web1.example.com\n" "\n" " Add a user:\n" " ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n" "\n" " Verify automembership:\n" " ipa hostgroup-show webservers\n" " Host-group: webservers\n" " Description: Web Servers\n" " Member hosts: web1.example.com\n" "\n" " ipa group-show devel\n" " Group name: devel\n" " Description: Developers\n" " GID: 1004200000\n" " Member users: tuser\n" "\n" " Remove a condition from the rule:\n" " ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-" "regex=^web[1-9]+\\.example\\.com webservers\n" "\n" " Modify the automember rule:\n" " ipa automember-mod\n" "\n" " Set the default (fallback) target group:\n" " ipa automember-default-group-set --default-group=webservers --" "type=hostgroup\n" " ipa automember-default-group-set --default-group=ipausers --type=group\n" "\n" " Remove the default (fallback) target group:\n" " ipa automember-default-group-remove --type=hostgroup\n" " ipa automember-default-group-remove --type=group\n" "\n" " Show the default (fallback) target group:\n" " ipa automember-default-group-show --type=hostgroup\n" " ipa automember-default-group-show --type=group\n" "\n" " Find all of the automember rules:\n" " ipa automember-find\n" "\n" " Display a automember rule:\n" " ipa automember-show --type=hostgroup webservers\n" " ipa automember-show --type=group devel\n" "\n" " Delete an automember rule:\n" " ipa automember-del --type=hostgroup webservers\n" " ipa automember-del --type=group devel\n" msgstr "" msgid "" "\n" "IPA certificate operations\n" "\n" "Implements a set of commands for managing server SSL certificates.\n" "\n" "Certificate requests exist in the form of a Certificate Signing Request " "(CSR)\n" "in PEM format.\n" "\n" "If using the selfsign back end then the subject in the CSR needs to match\n" "the subject configured in the server. The dogtag CA uses just the CN\n" "value of the CSR and forces the rest of the subject.\n" "\n" "A certificate is stored with a service principal and a service principal\n" "needs a host.\n" "\n" "In order to request a certificate:\n" "\n" "* The host must exist\n" "* The service must exist (or you use the --add option to automatically add " "it)\n" "\n" "EXAMPLES:\n" "\n" " Request a new certificate and add the principal:\n" " ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n" "\n" " Retrieve an existing certificate:\n" " ipa cert-show 1032\n" "\n" " Revoke a certificate (see RFC 5280 for reason details):\n" " ipa cert-revoke --revocation-reason=6 1032\n" "\n" " Remove a certificate from revocation hold status:\n" " ipa cert-remove-hold 1032\n" "\n" " Check the status of a signing request:\n" " ipa cert-status 10\n" "\n" "IPA currently immediately issues (or declines) all certificate requests so\n" "the status of a request is not normally useful. This is for future use\n" "or the case where a CA does not immediately issue a certificate.\n" "\n" "The following revocation reasons are supported:\n" "\n" " * 0 - unspecified\n" " * 1 - keyCompromise\n" " * 2 - cACompromise\n" " * 3 - affiliationChanged\n" " * 4 - superseded\n" " * 5 - cessationOfOperation\n" " * 6 - certificateHold\n" " * 8 - removeFromCRL\n" " * 9 - privilegeWithdrawn\n" " * 10 - aACompromise\n" "\n" "Note that reason code 7 is not used. See RFC 5280 for more details:\n" "\n" "http://www.ietf.org/rfc/rfc5280.txt\n" msgstr "" msgid "" "\n" "Group to Group Delegation\n" "\n" "A permission enables fine-grained delegation of permissions. Access Control\n" "Rules, or instructions (ACIs), grant permission to permissions to perform\n" "given tasks such as adding a user, modifying a group, etc.\n" "\n" "Group to Group Delegations grants the members of one group to update a set\n" "of attributes of members of another group.\n" "\n" "EXAMPLES:\n" "\n" " Add a delegation rule to allow managers to edit employee's addresses:\n" " ipa delegation-add --attrs=street --group=managers --" "membergroup=employees \"managers edit employees' street\"\n" "\n" " When managing the list of attributes you need to include all attributes\n" " in the list, including existing ones. Add postalCode to the list:\n" " ipa delegation-mod --attrs=street,postalCode --group=managers --" "membergroup=employees \"managers edit employees' street\"\n" "\n" " Display our updated rule:\n" " ipa delegation-show \"managers edit employees' street\"\n" "\n" " Delete a rule:\n" " ipa delegation-del \"managers edit employees' street\"\n" msgstr "" msgid "" "Comma-separated list of permissions to grant (read, write). Default is write." msgstr "" msgid "" "\n" "Domain Name System (DNS)\n" "\n" "Manage DNS zone and resource records.\n" "\n" "\n" "USING STRUCTURED PER-TYPE OPTIONS\n" "\n" "There are many structured DNS RR types where DNS data stored in LDAP server\n" "is not just a scalar value, for example an IP address or a domain name, but\n" "a data structure which may be often complex. A good example is a LOC record\n" "[RFC1876] which consists of many mandatory and optional parts (degrees,\n" "minutes, seconds of latitude and longitude, altitude or precision).\n" "\n" "It may be difficult to manipulate such DNS records without making a mistake\n" "and entering an invalid value. DNS module provides an abstraction over " "these\n" "raw records and allows to manipulate each RR type with specific options. " "For\n" "each supported RR type, DNS module provides a standard option to manipulate\n" "a raw records with format ---rec, e.g. --mx-rec, and special " "options\n" "for every part of the RR structure with format ---, e.g.\n" "--mx-preference and --mx-exchanger.\n" "\n" "When adding a record, either RR specific options or standard option for a " "raw\n" "value can be used, they just should not be combined in one add operation. " "When\n" "modifying an existing entry, new RR specific options can be used to change\n" "one part of a DNS record, where the standard option for raw value is used\n" "to specify the modified value. The following example demonstrates\n" "a modification of MX record preference from 0 to 1 in a record without\n" "modifying the exchanger:\n" "ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add new zone:\n" " ipa dnszone-add example.com --name-" "server=ns --admin-email=admin@example." "com --ip-address=10.0.0.1\n" "\n" " Add system permission that can be used for per-zone privilege delegation:\n" " ipa dnszone-add-permission example.com\n" "\n" " Modify the zone to allow dynamic updates for hosts own records in realm " "EXAMPLE.COM:\n" " ipa dnszone-mod example.com --dynamic-update=TRUE\n" "\n" " This is the equivalent of:\n" " ipa dnszone-mod example.com --dynamic-update=TRUE --update-policy=" "\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant " "EXAMPLE.COM krb5-self * SSHFP;\"\n" "\n" " Modify the zone to allow zone transfers for local network only:\n" " ipa dnszone-mod example.com --allow-transfer=10.0.0.0/8\n" "\n" " Add new reverse zone specified by network IP address:\n" " ipa dnszone-add --name-from-ip=80.142.15.0/24 --name-" "server=ns.example.com.\n" "\n" " Add second nameserver for example.com:\n" " ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n" "\n" " Add a mail server for example.com:\n" " ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n" "\n" " Add another record using MX record specific options:\n" " ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n" "\n" " Add another record using interactive mode (started when dnsrecord-add, " "dnsrecord-mod,\n" " or dnsrecord-del are executed with no options):\n" " ipa dnsrecord-add example.com @\n" " Please choose a type of DNS resource record to be added\n" " The most common types for this type of zone are: NS, MX, LOC\n" "\n" " DNS resource record type: MX\n" " MX Preference: 30\n" " MX Exchanger: mail3\n" " Record name: example.com\n" " MX record: 10 mail1, 20 mail2, 30 mail3\n" " NS record: nameserver.example.com., nameserver2.example.com.\n" "\n" " Delete previously added nameserver from example.com:\n" " ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n" "\n" " Add LOC record for example.com:\n" " ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E " "227.64m\"\n" "\n" " Add new A record for www.example.com. Create a reverse record in " "appropriate\n" " reverse zone as well. In this case a PTR record \"2\" pointing to www." "example.com\n" " will be created in zone 15.142.80.in-addr.arpa.\n" " ipa dnsrecord-add example.com www --a-rec=80.142.15.2 --a-create-reverse\n" "\n" " Add new PTR record for www.example.com\n" " ipa dnsrecord-add 15.142.80.in-addr.arpa. 2 --ptr-rec=www.example.com.\n" "\n" " Add new SRV records for LDAP servers. Three quarters of the requests\n" " should go to fast.example.com, one quarter to slow.example.com. If neither\n" " is available, switch to backup.example.com.\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example." "com\"\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example." "com\"\n" " ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup." "example.com\"\n" "\n" " The interactive mode can be used for easy modification:\n" " ipa dnsrecord-mod example.com _ldap._tcp\n" " No option to modify specific record provided.\n" " Current DNS record contents:\n" "\n" " SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 " "backup.example.com\n" "\n" " Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n" " Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n" " SRV Priority [0]: (keep the default value)\n" " SRV Weight [1]: 2 (modified value)\n" " SRV Port [389]: (keep the default value)\n" " SRV Target [slow.example.com]: (keep the default value)\n" " 1 SRV record skipped. Only one value per DNS record type can be modified " "at one time.\n" " Record name: _ldap._tcp\n" " SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 " "389 slow.example.com\n" "\n" " After this modification, three fifths of the requests should go to\n" " fast.example.com and two fifths to slow.example.com.\n" "\n" " An example of the interactive mode for dnsrecord-del command:\n" " ipa dnsrecord-del example.com www\n" " No option to delete specific record provided.\n" " Delete all? Yes/No (default No): (do not delete all records)\n" " Current DNS record contents:\n" "\n" " A record: 1.2.3.4, 11.22.33.44\n" "\n" " Delete A record '1.2.3.4'? Yes/No (default No):\n" " Delete A record '11.22.33.44'? Yes/No (default No): y\n" " Record name: www\n" " A record: 1.2.3.4 (A record 11.22.33.44 has been " "deleted)\n" "\n" " Show zone example.com:\n" " ipa dnszone-show example.com\n" "\n" " Find zone with \"example\" in its domain name:\n" " ipa dnszone-find example\n" "\n" " Find records for resources with \"www\" in their name in zone example.com:\n" " ipa dnsrecord-find example.com www\n" "\n" " Find A records with value 10.10.0.1 in zone example.com\n" " ipa dnsrecord-find example.com --a-rec=10.10.0.1\n" "\n" " Show records for resource www in zone example.com\n" " ipa dnsrecord-show example.com www\n" "\n" " Delegate zone sub.example to another nameserver:\n" " ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5\n" " ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n" "\n" " If global forwarder is configured, all requests to sub.example.com will be\n" " routed through the global forwarder. To change the behavior for example." "com\n" " zone only and forward the request directly to ns.sub.example.com., global\n" " forwarding may be disabled per-zone:\n" " ipa dnszone-mod example.com --forward-policy=none\n" "\n" " Forward all requests for the zone external.com to another nameserver using\n" " a \"first\" policy (it will send the queries to the selected forwarder and " "if\n" " not answered it will use global resolvers):\n" " ipa dnszone-add external.com\n" " ipa dnszone-mod external.com --" "forwarder=10.20.0.1 --forward-policy=first\n" "\n" " Delete zone example.com with all resource records:\n" " ipa dnszone-del example.com\n" "\n" " Resolve a host name to see if it exists (will add default IPA domain\n" " if one is not included):\n" " ipa dns-resolve www.example.com\n" " ipa dns-resolve www\n" "\n" "\n" "GLOBAL DNS CONFIGURATION\n" "\n" "DNS configuration passed to command line install script is stored in a " "local\n" "configuration file on each IPA server where DNS service is configured. " "These\n" "local settings can be overridden with a common configuration stored in LDAP\n" "server:\n" "\n" " Show global DNS configuration:\n" " ipa dnsconfig-show\n" "\n" " Modify global DNS configuration and set a list of global forwarders:\n" " ipa dnsconfig-mod --forwarder=10.0.0.1\n" msgstr "" msgid "" "A list of global forwarders. A custom port can be specified for each " "forwarder using a standard format \"IP_ADDRESS port PORT\"" msgstr "" msgid "DNS class" msgstr "" msgid "Comma-separated list of raw A records" msgstr "" msgid "Comma-separated list of raw AAAA records" msgstr "" msgid "Comma-separated list of raw A6 records" msgstr "" msgid "Comma-separated list of raw AFSDB records" msgstr "" msgid "Comma-separated list of raw APL records" msgstr "" msgid "Comma-separated list of raw CERT records" msgstr "" msgid "Comma-separated list of raw CNAME records" msgstr "" msgid "Comma-separated list of raw DHCID records" msgstr "" msgid "Comma-separated list of raw DLV records" msgstr "" msgid "Comma-separated list of raw DNAME records" msgstr "" msgid "Comma-separated list of raw DNSKEY records" msgstr "" msgid "Comma-separated list of raw DS records" msgstr "" msgid "Comma-separated list of raw HIP records" msgstr "" msgid "Comma-separated list of raw IPSECKEY records" msgstr "" msgid "Comma-separated list of raw KEY records" msgstr "" msgid "KEY Flags" msgstr "" msgid "KEY Protocol" msgstr "" msgid "Protocol" msgstr "" msgid "KEY Algorithm" msgstr "" msgid "KEY Public Key" msgstr "" msgid "Public Key" msgstr "" msgid "Comma-separated list of raw KX records" msgstr "" msgid "Comma-separated list of raw LOC records" msgstr "" msgid "Comma-separated list of raw MX records" msgstr "" msgid "Comma-separated list of raw NAPTR records" msgstr "" msgid "Comma-separated list of raw NS records" msgstr "" msgid "Comma-separated list of raw NSEC records" msgstr "" msgid "NSEC Next Domain Name" msgstr "" msgid "Next Domain Name" msgstr "" msgid "NSEC Type Map" msgstr "" msgid "Type Map" msgstr "" msgid "Comma-separated list of raw NSEC3 records" msgstr "" msgid "Comma-separated list of raw NSEC3PARAM records" msgstr "" msgid "Comma-separated list of raw PTR records" msgstr "" msgid "Comma-separated list of raw RRSIG records" msgstr "" msgid "RRSIG Type Covered" msgstr "" msgid "Type Covered" msgstr "" msgid "RRSIG Algorithm" msgstr "" msgid "RRSIG Labels" msgstr "" msgid "Labels" msgstr "" msgid "RRSIG Original TTL" msgstr "" msgid "Original TTL" msgstr "" msgid "RRSIG Signature Expiration" msgstr "" msgid "Signature Expiration" msgstr "" msgid "RRSIG Signature Inception" msgstr "" msgid "Signature Inception" msgstr "" msgid "RRSIG Key Tag" msgstr "" msgid "RRSIG Signer's Name" msgstr "" msgid "Signer's Name" msgstr "" msgid "RRSIG Signature" msgstr "" msgid "Signature" msgstr "" msgid "Comma-separated list of raw RP records" msgstr "" msgid "Comma-separated list of raw SIG records" msgstr "" msgid "SIG Type Covered" msgstr "" msgid "SIG Algorithm" msgstr "" msgid "SIG Labels" msgstr "" msgid "SIG Original TTL" msgstr "" msgid "SIG Signature Expiration" msgstr "" msgid "SIG Signature Inception" msgstr "" msgid "SIG Key Tag" msgstr "" msgid "SIG Signer's Name" msgstr "" msgid "SIG Signature" msgstr "" msgid "Comma-separated list of raw SPF records" msgstr "" msgid "Comma-separated list of raw SRV records" msgstr "" msgid "Comma-separated list of raw SSHFP records" msgstr "" msgid "Comma-separated list of raw TA records" msgstr "" msgid "Comma-separated list of raw TKEY records" msgstr "" msgid "Comma-separated list of raw TSIG records" msgstr "" msgid "Comma-separated list of raw TXT records" msgstr "" msgid "SOA time to live" msgstr "" msgid "SOA record time to live" msgstr "" msgid "SOA class" msgstr "" msgid "SOA record class" msgstr "" msgid "" "A list of per-zone forwarders. A custom port can be specified for each " "forwarder using a standard format \"IP_ADDRESS port PORT\"" msgstr "" msgid "Add forward record for nameserver located in the created zone" msgstr "" msgid "" "\n" "Entitlements\n" "\n" "Manage entitlements for client machines\n" "\n" "Entitlements can be managed either by registering with an entitlement\n" "server with a username and password or by manually importing entitlement\n" "certificates. An entitlement certificate contains embedded information\n" "such as the product being entitled, the quantity and the validity dates.\n" "\n" "An entitlement server manages the number of client entitlements available.\n" "To mark these entitlements as used by the IPA server you provide a quantity\n" "and they are marked as consumed on the entitlement server.\n" "\n" " Register with an entitlement server:\n" " ipa entitle-register consumer\n" "\n" " Import an entitlement certificate:\n" " ipa entitle-import /home/user/ipaclient.pem\n" "\n" " Display current entitlements:\n" " ipa entitle-status\n" "\n" " Retrieve details on entitlement certificates:\n" " ipa entitle-get\n" "\n" " Consume some entitlements from the entitlement server:\n" " ipa entitle-consume 50\n" "\n" "The registration ID is a Unique Identifier (UUID). This ID will be\n" "IMPORTED if you have used entitle-import.\n" "\n" "Changes to /etc/rhsm/rhsm.conf require a restart of the httpd service.\n" msgstr "" msgid "Consume an entitlement." msgstr "" msgid "Quantity" msgstr "" msgid "Search for entitlement accounts." msgstr "" msgid "Retrieve the entitlement certs." msgstr "" msgid "Import an entitlement certificate." msgstr "" msgid "UUID" msgstr "" msgid "Enrollment UUID" msgstr "" msgid "Register to the entitlement system." msgstr "" msgid "Enrollment UUID (not implemented)" msgstr "" msgid "Registration password" msgstr "" msgid "Display current entitlements." msgstr "" msgid "Re-sync the local entitlement cache with the entitlement server." msgstr "" msgid "" "\n" "Groups of users\n" "\n" "Manage groups of users. By default, new groups are POSIX groups. You\n" "can add the --nonposix option to the group-add command to mark a new group\n" "as non-POSIX. You can use the --posix argument with the group-mod command\n" "to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n" "converted to non-POSIX groups.\n" "\n" "Every group must have a description.\n" "\n" "POSIX groups must have a Group ID (GID) number. Changing a GID is\n" "supported but can have an impact on your file permissions. It is not " "necessary\n" "to supply a GID when creating a group. IPA will generate one automatically\n" "if it is not provided.\n" "\n" "EXAMPLES:\n" "\n" " Add a new group:\n" " ipa group-add --desc='local administrators' localadmins\n" "\n" " Add a new non-POSIX group:\n" " ipa group-add --nonposix --desc='remote administrators' remoteadmins\n" "\n" " Convert a non-POSIX group to posix:\n" " ipa group-mod --posix remoteadmins\n" "\n" " Add a new POSIX group with a specific Group ID number:\n" " ipa group-add --gid=500 --desc='unix admins' unixadmins\n" "\n" " Add a new POSIX group and let IPA assign a Group ID number:\n" " ipa group-add --desc='printer admins' printeradmins\n" "\n" " Remove a group:\n" " ipa group-del unixadmins\n" "\n" " To add the \"remoteadmins\" group to the \"localadmins\" group:\n" " ipa group-add-member --groups=remoteadmins localadmins\n" "\n" " Add a list of users to the \"localadmins\" group:\n" " ipa group-add-member --users=test1,test2 localadmins\n" "\n" " Remove a user from the \"localadmins\" group:\n" " ipa group-remove-member --users=test2 localadmins\n" "\n" " Display information about a named group.\n" " ipa group-show localadmins\n" "\n" "External group membership is designed to allow users from trusted domains\n" "to be mapped to local POSIX groups in order to actually use IPA resources.\n" "External members should be added to groups that specifically created as\n" "external and non-POSIX. Such group later should be included into one of " "POSIX\n" "groups.\n" "\n" "An external group member is currently a Security Identifier (SID) as defined " "by\n" "the trusted domain. When adding external group members, it is possible to\n" "specify them in either SID, or DOM\n" "ame, or name@domain format. IPA will attempt\n" "to resolve passed name to SID with the use of Global Catalog of the trusted " "domain.\n" "\n" "Example:\n" "\n" "1. Create group for the trusted domain admins' mapping and their local POSIX " "group:\n" "\n" " ipa group-add --desc=' admins external map' ad_admins_external " "--external\n" " ipa group-add --desc=' admins' ad_admins\n" "\n" "2. Add security identifier of Domain Admins of the to the " "ad_admins_external\n" " group:\n" "\n" " ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n" "\n" "3. Allow members of ad_admins_external group to be associated with ad_admins " "POSIX group:\n" "\n" " ipa group-add-member ad_admins --groups ad_admins_external\n" "\n" "4. List members of external members of ad_admins_external group to see their " "SIDs:\n" "\n" " ipa group-show ad_admins_external\n" msgstr "" msgid "" "comma-separated list of members of a trusted domain in DOM\\name or " "name@domain form" msgstr "" msgid "comma-separated list of users to add" msgstr "" msgid "comma-separated list of groups to add" msgstr "" msgid "comma-separated list of users to remove" msgstr "" msgid "comma-separated list of groups to remove" msgstr "" msgid "" "\n" "Host-based access control\n" "\n" "Control who can access what services on what hosts and from where. You\n" "can use HBAC to control which users or groups on a source host can\n" "access a service, or group of services, on a target host.\n" "\n" "You can also specify a category of users, target hosts, and source\n" "hosts. This is currently limited to \"all\", but might be expanded in the\n" "future.\n" "\n" "Target hosts and source hosts in HBAC rules must be hosts managed by IPA.\n" "\n" "The available services and groups of services are controlled by the\n" "hbacsvc and hbacsvcgroup plug-ins respectively.\n" "\n" "EXAMPLES:\n" "\n" " Create a rule, \"test1\", that grants all users access to the host \"server" "\" from\n" " anywhere:\n" " ipa hbacrule-add --usercat=all --srchostcat=all test1\n" " ipa hbacrule-add-host --hosts=server.example.com test1\n" "\n" " Display the properties of a named HBAC rule:\n" " ipa hbacrule-show test1\n" "\n" " Create a rule for a specific service. This lets the user john access\n" " the sshd service on any machine from any machine:\n" " ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd\n" " ipa hbacrule-add-user --users=john john_sshd\n" " ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n" "\n" " Create a rule for a new service group. This lets the user john access\n" " the FTP service on any machine from any machine:\n" " ipa hbacsvcgroup-add ftpers\n" " ipa hbacsvc-add sftp\n" " ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers\n" " ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp\n" " ipa hbacrule-add-user --users=john john_ftp\n" " ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n" "\n" " Disable a named HBAC rule:\n" " ipa hbacrule-disable test1\n" "\n" " Remove a named HBAC rule:\n" " ipa hbacrule-del allow_server\n" msgstr "" msgid "comma-separated list of hosts to add" msgstr "" msgid "comma-separated list of host groups to add" msgstr "" msgid "comma-separated list of HBAC services to add" msgstr "" msgid "comma-separated list of HBAC service groups to add" msgstr "" msgid "Add source hosts and hostgroups from a HBAC rule." msgstr "" msgid "comma-separated list of hosts to remove" msgstr "" msgid "comma-separated list of host groups to remove" msgstr "" msgid "comma-separated list of HBAC services to remove" msgstr "" msgid "comma-separated list of HBAC service groups to remove" msgstr "" msgid "" "\n" "HBAC Service Groups\n" "\n" "HBAC service groups can contain any number of individual services,\n" "or \"members\". Every group must have a description.\n" "\n" "EXAMPLES:\n" "\n" " Add a new HBAC service group:\n" " ipa hbacsvcgroup-add --desc=\"login services\" login\n" "\n" " Add members to an HBAC service group:\n" " ipa hbacsvcgroup-add-member --hbacsvcs=sshd,login login\n" "\n" " Display information about a named group:\n" " ipa hbacsvcgroup-show login\n" "\n" " Add a new group to the \"login\" group:\n" " ipa hbacsvcgroup-add --desc=\"switch users\" login\n" " ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l login\n" "\n" " Delete an HBAC service group:\n" " ipa hbacsvcgroup-del login\n" msgstr "" msgid "" "\n" "Simulate use of Host-based access controls\n" "\n" "HBAC rules control who can access what services on what hosts and from " "where.\n" "You can use HBAC to control which users or groups can access a service,\n" "or group of services, on a target host.\n" "\n" "Since applying HBAC rules implies use of a production environment,\n" "this plugin aims to provide simulation of HBAC rules evaluation without\n" "having access to the production environment.\n" "\n" " Test user coming to a service on a named host against\n" " existing enabled rules.\n" "\n" " ipa hbactest --user= --host= --service=\n" " [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n" " [--srchost= ] [--sizelimit= ]\n" "\n" " --user, --host, and --service are mandatory, others are optional.\n" "\n" " If --rules is specified simulate enabling of the specified rules and test\n" " the login of the user using only these rules.\n" "\n" " If --enabled is specified, all enabled HBAC rules will be added to " "simulation\n" "\n" " If --disabled is specified, all disabled HBAC rules will be added to " "simulation\n" "\n" " If --nodetail is specified, do not return information about rules matched/" "not matched.\n" "\n" " If both --rules and --enabled are specified, apply simulation to --rules " "_and_\n" " all IPA enabled rules.\n" "\n" " If no --rules specified, simulation is run against all IPA enabled rules.\n" " By default there is a IPA-wide limit to number of entries fetched, you can " "change it\n" " with --sizelimit option.\n" "\n" " If --srchost is specified, it will be ignored. It is left because of " "compatibility reasons only.\n" "\n" "EXAMPLES:\n" "\n" " 1. Use all enabled HBAC rules in IPA database to simulate:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " notmatched: my-second-rule\n" " notmatched: my-third-rule\n" " notmatched: myrule\n" " matched: allow_all\n" "\n" " 2. Disable detailed summary of how rules were applied:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n" " --------------------\n" " Access granted: True\n" " --------------------\n" "\n" " 3. Test explicitly specified HBAC rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-" "second-rule,myrule\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " notmatched: my-second-rule\n" " notmatched: myrule\n" "\n" " 4. Use all enabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-" "second-rule,myrule --enabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " notmatched: my-second-rule\n" " notmatched: my-third-rule\n" " notmatched: myrule\n" " matched: allow_all\n" "\n" " 5. Test all disabled HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " notmatched: new-rule\n" "\n" " 6. Test all disabled HBAC rules in IPA database + explicitly specified " "rules:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-" "second-rule,myrule --disabled\n" " ---------------------\n" " Access granted: False\n" " ---------------------\n" " notmatched: my-second-rule\n" " notmatched: my-third-rule\n" " notmatched: myrule\n" "\n" " 7. Test all (enabled and disabled) HBAC rules in IPA database:\n" " $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled " "--disabled\n" " --------------------\n" " Access granted: True\n" " --------------------\n" " notmatched: my-second-rule\n" " notmatched: my-third-rule\n" " notmatched: myrule\n" " notmatched: new-rule\n" " matched: allow_all\n" msgstr "" msgid "" "\n" "Hosts/Machines\n" "\n" "A host represents a machine. It can be used in a number of contexts:\n" "- service entries are associated with a host\n" "- a host stores the host/ service principal\n" "- a host can be used in Host-based Access Control (HBAC) rules\n" "- every enrolled client generates a host entry\n" "\n" "ENROLLMENT:\n" "\n" "There are three enrollment scenarios when enrolling a new client:\n" "\n" "1. You are enrolling as a full administrator. The host entry may exist\n" " or not. A full administrator is a member of the hostadmin role\n" " or the admins group.\n" "2. You are enrolling as a limited administrator. The host must already\n" " exist. A limited administrator is a member a role with the\n" " Host Enrollment privilege.\n" "3. The host has been created with a one-time password.\n" "\n" "A host can only be enrolled once. If a client has enrolled and needs to\n" "be re-enrolled, the host entry must be removed and re-created. Note that\n" "re-creating the host entry will result in all services for the host being\n" "removed, and all SSL certificates associated with those services being\n" "revoked.\n" "\n" "A host can optionally store information such as where it is located,\n" "the OS that it runs, etc.\n" "\n" "EXAMPLES:\n" "\n" " Add a new host:\n" " ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example." "com\n" "\n" " Delete a host:\n" " ipa host-del test.example.com\n" "\n" " Add a new host with a one-time password:\n" " ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n" "\n" " Add a new host with a random one-time password:\n" " ipa host-add --os='Fedora 12' --random test.example.com\n" "\n" " Modify information about a host:\n" " ipa host-mod --os='Fedora 12' test.example.com\n" "\n" " Remove SSH public keys of a host and update DNS to reflect this change:\n" " ipa host-mod --sshpubkey= --updatedns test.example.com\n" "\n" " Disable the host Kerberos key, SSL certificate and all of its services:\n" " ipa host-disable test.example.com\n" "\n" " Add a host that can manage this host's keytab and certificate:\n" " ipa host-add-managedby --hosts=test2 test\n" msgstr "" msgid "" "\n" "Groups of hosts.\n" "\n" "Manage groups of hosts. This is useful for applying access control to a\n" "number of hosts by using Host-based Access Control.\n" "\n" "EXAMPLES:\n" "\n" " Add a new host group:\n" " ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n" "\n" " Add another new host group:\n" " ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n" "\n" " Add members to the hostgroup:\n" " ipa hostgroup-add-member --hosts=box1,box2,box3 baltimore\n" "\n" " Add a hostgroup as a member of another hostgroup:\n" " ipa hostgroup-add-member --hostgroups=baltimore maryland\n" "\n" " Remove a host from the hostgroup:\n" " ipa hostgroup-remove-member --hosts=box2 baltimore\n" "\n" " Display a host group:\n" " ipa hostgroup-show baltimore\n" "\n" " Delete a hostgroup:\n" " ipa hostgroup-del baltimore\n" msgstr "" msgid "" "Comma-separated list of objectclasses used to search for user entries in DS" msgstr "" msgid "" "Comma-separated list of objectclasses used to search for group entries in DS" msgstr "" msgid "" "Comma-separated list of objectclasses to be ignored for user entries in DS" msgstr "" msgid "Comma-separated list of attributes to be ignored for user entries in DS" msgstr "" msgid "" "Comma-separated list of objectclasses to be ignored for group entries in DS" msgstr "" msgid "" "Comma-separated list of attributes to be ignored for group entries in DS" msgstr "" msgid "comma-separated list of groups to exclude from migration" msgstr "" msgid "comma-separated list of users to exclude from migration" msgstr "" msgid "" "\n" "Netgroups\n" "\n" "A netgroup is a group used for permission checking. It can contain both\n" "user and host values.\n" "\n" "EXAMPLES:\n" "\n" " Add a new netgroup:\n" " ipa netgroup-add --desc=\"NFS admins\" admins\n" "\n" " Add members to the netgroup:\n" " ipa netgroup-add-member --users=tuser1,tuser2 admins\n" "\n" " Remove a member from the netgroup:\n" " ipa netgroup-remove-member --users=tuser2 admins\n" "\n" " Display information about a netgroup:\n" " ipa netgroup-show admins\n" "\n" " Delete a netgroup:\n" " ipa netgroup-del admins\n" msgstr "" msgid "comma-separated list of netgroups to add" msgstr "" msgid "comma-separated list of netgroups to remove" msgstr "" msgid "" "\n" "Permissions\n" "\n" "A permission enables fine-grained delegation of rights. A permission is\n" "a human-readable form of a 389-ds Access Control Rule, or instruction " "(ACI).\n" "A permission grants the right to perform a specific task such as adding a\n" "user, modifying a group, etc.\n" "\n" "A permission may not contain other permissions.\n" "\n" "* A permission grants access to read, write, add or delete.\n" "* A privilege combines similar permissions (for example all the permissions\n" " needed to add a user).\n" "* A role grants a set of privileges to users, groups, hosts or hostgroups.\n" "\n" "A permission is made up of a number of different parts:\n" "\n" "1. The name of the permission.\n" "2. The target of the permission.\n" "3. The rights granted by the permission.\n" "\n" "Rights define what operations are allowed, and may be one or more\n" "of the following:\n" "1. write - write one or more attributes\n" "2. read - read one or more attributes\n" "3. add - add a new entry to the tree\n" "4. delete - delete an existing entry\n" "5. all - all permissions are granted\n" "\n" "Read permission is granted for most attributes by default so the read\n" "permission is not expected to be used very often.\n" "\n" "Note the distinction between attributes and entries. The permissions are\n" "independent, so being able to add a user does not mean that the user will\n" "be editable.\n" "\n" "There are a number of allowed targets:\n" "1. type: a type of object (user, group, etc).\n" "2. memberof: a member of a group or hostgroup\n" "3. filter: an LDAP filter\n" "4. subtree: an LDAP filter specifying part of the LDAP DIT. This is a\n" " super-set of the \"type\" target.\n" "5. targetgroup: grant access to modify a specific group (such as granting\n" " the rights to manage group membership)\n" "\n" "EXAMPLES:\n" "\n" " Add a permission that grants the creation of users:\n" " ipa permission-add --type=user --permissions=add \"Add Users\"\n" "\n" " Add a permission that grants the ability to manage group membership:\n" " ipa permission-add --attrs=member --permissions=write --type=group " "\"Manage Group Members\"\n" msgstr "" msgid "" "Comma-separated list of permissions to grant (read, write, add, delete, all)" msgstr "" msgid "" "Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)" msgstr "" msgid "Target members of a group" msgstr "" msgid "User group to apply permissions to" msgstr "" msgid "comma-separated list of privileges to add" msgstr "" msgid "Add a system permission without an ACI" msgstr "" msgid "Permission type" msgstr "" msgid "comma-separated list of privileges to remove" msgstr "" msgid "" "\n" "Ping the remote IPA server to ensure it is running.\n" "\n" "The ping command sends an echo request to an IPA server. The server\n" "returns its version information. This is used by an IPA client\n" "to confirm that the server is available and accepting requests.\n" "\n" "The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n" "If it does not respond then the client will contact any servers defined\n" "by ldap SRV records in DNS.\n" "\n" "EXAMPLES:\n" "\n" " Ping an IPA server:\n" " ipa ping\n" " ------------------------------------------\n" " IPA server version 2.1.9. API version 2.20\n" " ------------------------------------------\n" "\n" " Ping an IPA server verbosely:\n" " ipa -v ping\n" " ipa: INFO: trying https://ipa.example.com/ipa/xml\n" " ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/" "xml'\n" " -----------------------------------------------------\n" " IPA server version 2.1.9. API version 2.20\n" " -----------------------------------------------------\n" msgstr "" msgid "comma-separated list of roles to add" msgstr "" msgid "comma-separated list of permissions" msgstr "" msgid "comma-separated list of roles to remove" msgstr "" msgid "comma-separated list of privileges" msgstr "" msgid "" "\n" "Self-service Permissions\n" "\n" "A permission enables fine-grained delegation of permissions. Access Control\n" "Rules, or instructions (ACIs), grant permission to permissions to perform\n" "given tasks such as adding a user, modifying a group, etc.\n" "\n" "A Self-service permission defines what an object can change in its own " "entry.\n" "\n" "\n" "EXAMPLES:\n" "\n" " Add a self-service rule to allow users to manage their address:\n" " ipa selfservice-add --permissions=write --attrs=street,postalCode,l,c,st " "\"Users manage their own address\"\n" "\n" " When managing the list of attributes you need to include all attributes\n" " in the list, including existing ones. Add telephoneNumber to the list:\n" " ipa selfservice-mod --attrs=street,postalCode,l,c,st,telephoneNumber " "\"Users manage their own address\"\n" "\n" " Display our updated rule:\n" " ipa selfservice-show \"Users manage their own address\"\n" "\n" " Delete a rule:\n" " ipa selfservice-del \"Users manage their own address\"\n" msgstr "" msgid "" "\n" "Services\n" "\n" "A IPA service represents a service that runs on a host. The IPA service\n" "record can store a Kerberos principal, an SSL certificate, or both.\n" "\n" "An IPA service can be managed directly from a machine, provided that\n" "machine has been given the correct permission. This is true even for\n" "machines other than the one the service is associated with. For example,\n" "requesting an SSL certificate using the host service principal credentials\n" "of the host. To manage a service using host credentials you need to\n" "kinit as the host:\n" "\n" " # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n" "\n" "Adding an IPA service allows the associated service to request an SSL\n" "certificate or keytab, but this is performed as a separate step; they\n" "are not produced as a result of adding the service.\n" "\n" "Only the public aspect of a certificate is stored in a service record;\n" "the private key is not stored.\n" "\n" "EXAMPLES:\n" "\n" " Add a new IPA service:\n" " ipa service-add HTTP/web.example.com\n" "\n" " Allow a host to manage an IPA service certificate:\n" " ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n" " ipa role-add-member --hosts=web.example.com certadmin\n" "\n" " Override a default list of supported PAC types for the service:\n" " ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n" "\n" " Delete an IPA service:\n" " ipa service-del HTTP/web.example.com\n" "\n" " Find all IPA services associated with a host:\n" " ipa service-find web.example.com\n" "\n" " Find all HTTP services:\n" " ipa service-find HTTP\n" "\n" " Disable the service Kerberos key and SSL certificate:\n" " ipa service-disable HTTP/web.example.com\n" "\n" " Request a certificate for an IPA service:\n" " ipa cert-request --principal=HTTP/web.example.com example.csr\n" "\n" " Generate and retrieve a keytab for an IPA service:\n" " ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/" "httpd.keytab\n" msgstr "" msgid "" "Override default list of supported PAC types. Use 'NONE' to disable PAC " "support for this service" msgstr "" msgid "" "\n" "Groups of Sudo Commands\n" "\n" "Manage groups of Sudo Commands.\n" "\n" "EXAMPLES:\n" "\n" " Add a new Sudo Command Group:\n" " ipa sudocmdgroup-add --desc='administrators commands' admincmds\n" "\n" " Remove a Sudo Command Group:\n" " ipa sudocmdgroup-del admincmds\n" "\n" " Manage Sudo Command Group membership, commands:\n" " ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less,/usr/bin/vim " "admincmds\n" "\n" " Manage Sudo Command Group membership, commands:\n" " ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n" "\n" " Show a Sudo Command Group:\n" " ipa group-show localadmins\n" msgstr "" msgid "comma-separated list of sudo commands to add" msgstr "" msgid "comma-separated list of sudo commands to remove" msgstr "" msgid "" "\n" "Sudo Rules\n" "\n" "Sudo (su \"do\") allows a system administrator to delegate authority to\n" "give certain users (or groups of users) the ability to run some (or all)\n" "commands as root or another user while providing an audit trail of the\n" "commands and their arguments.\n" "\n" "FreeIPA provides a means to configure the various aspects of Sudo:\n" " Users: The user(s)/group(s) allowed to invoke Sudo.\n" " Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke " "Sudo.\n" " Allow Command: The specific command(s) permitted to be run via Sudo.\n" " Deny Command: The specific command(s) prohibited to be run via Sudo.\n" " RunAsUser: The user(s) or group(s) of users whose rights Sudo will be " "invoked with.\n" " RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n" " Options: The various Sudoers Options that can modify Sudo's behavior.\n" "\n" "An order can be added to a sudorule to control the order in which they\n" "are evaluated (if the client supports it). This order is an integer and\n" "must be unique.\n" "\n" "FreeIPA provides a designated binddn to use with Sudo located at:\n" "uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n" "\n" "To enable the binddn run the following command to set the password:\n" "LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -" "ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example," "dc=com\n" "\n" "For more information, see the FreeIPA Documentation to Sudo.\n" msgstr "" msgid "comma-separated list of sudo command groups to add" msgstr "" msgid "comma-separated list of sudo command groups to remove" msgstr "" msgid "Active directory domain administrator's password" msgstr "" msgid "GECOS field" msgstr "" msgid "" "\n" "ID ranges\n" "\n" "Manage ID ranges used to map Posix IDs to SIDs and back.\n" "\n" "There are two type of ID ranges which are both handled by this utility:\n" "\n" " - the ID ranges of the local domain\n" " - the ID ranges of trusted remote domains\n" "\n" "Both types have the following attributes in common:\n" "\n" " - base-id: the first ID of the Posix ID range\n" " - range-size: the size of the range\n" "\n" "With those two attributes a range object can reserve the Posix IDs starting\n" "with base-id up to but not including base-id+range-size exclusively.\n" "\n" "Additionally an ID range of the local domain may set\n" " - rid-base: the first RID(*) of the corresponding RID range\n" " - secondary-rid-base: first RID of the secondary RID range\n" "\n" "and an ID range of a trusted domain must set\n" " - rid-base: the first RID of the corresponding RID range\n" " - dom_sid: domain SID of the trusted domain\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for a trusted domain\n" "\n" "Since there might be more than one trusted domain the domain SID must be " "given\n" "while creating the ID range.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" "base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n" "\n" "This ID range is then used by the IPA server and the SSSD IPA provider to\n" "assign Posix UIDs to users from the trusted domain.\n" "\n" "If e.g. a range for a trusted domain is configured with the following " "values:\n" " base-id = 1200000\n" " range-size = 200000\n" " rid-base = 0\n" "the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. " "So\n" "RID 1000 <-> Posix ID 1201000\n" "\n" "\n" "\n" "EXAMPLE: Add a new ID range for the local domain\n" "\n" "To create an ID range for the local domain it is not necessary to specify a\n" "domain SID. But since it is possible that a user and a group can have the " "same\n" "value as Posix ID a second RID interval is needed to handle conflicts.\n" "\n" " ipa idrange-add --base-id=1200000 --range-size=200000 --rid-" "base=1000 --secondary-rid-base=1000000 local_range\n" "\n" "The data from the ID ranges of the local domain are used by the IPA server\n" "internally to assign SIDs to IPA users and groups. The SID will then be " "stored\n" "in the user or group objects.\n" "\n" "If e.g. the ID range for the local domain is configured with the values " "from\n" "the example above then a new user with the UID 1200007 will get the RID " "1007.\n" "If this RID is already used by a group the RID will be 1000007. This can " "only\n" "happen if a user or a group object was created with a fixed ID because the\n" "automatic assignment will not assign the same ID twice. Since there are " "only\n" "users and groups sharing the same ID namespace it is sufficient to have " "only\n" "one fallback range to handle conflicts.\n" "\n" "To find the Posix ID for a given RID from the local domain it has to be\n" "checked first if the RID falls in the primary or secondary RID range and\n" "the rid-base or the secondary-rid-base has to be subtracted, respectively,\n" "and the base-id has to be added to get the Posix ID.\n" "\n" "Typically the creation of ID ranges happens behind the scenes and this CLI\n" "must not be used at all. The ID range for the local domain will be created\n" "during installation or upgrade from an older version. The ID range for a\n" "trusted domain will be created together with the trust by 'ipa trust-" "add ...'.\n" "\n" "USE CASES:\n" "\n" " Add an ID range from a transitively trusted domain\n" "\n" " If the trusted domain (A) trusts another domain (B) as well and this " "trust\n" " is transitive 'ipa trust-add domain-A' will only create a range for\n" " domain A. The ID range for domain B must be added manually.\n" "\n" " Add an additional ID range for the local domain\n" "\n" " If the ID range of the local domain is exhausted, i.e. no new IDs can " "be\n" " assigned to Posix users or groups by the DNA plugin, a new range has to " "be\n" " created to allow new users and groups to be added. (Currently there is " "no\n" " connection between this range CLI and the DNA plugin, but a future " "version\n" " might be able to modify the configuration of the DNS plugin as well)\n" "\n" "In general it is not necessary to modify or delete ID ranges. If there is " "no\n" "other way to achieve a certain configuration than to modify or delete an ID\n" "range it should be done with great care. Because UIDs are stored in the " "file\n" "system and are used for access control it might be possible that users are\n" "allowed to access files of other users if an ID range got deleted and " "reused\n" "for a different domain.\n" "\n" "(*) The RID is typically the last integer of a user or group SID which " "follows\n" "the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user " "from\n" "this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of " "the\n" "user. RIDs are unique in a domain, 32bit values and are used for users and\n" "groups.\n" "\n" "WARNING:\n" "\n" "DNA plugin in 389-ds will allocate IDs based on the ranges configured for " "the\n" "local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" "on the local ranges set via this family of commands.\n" "\n" "Manual configuration change has to be done in the DNA plugin configuration " "for\n" "the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n" "IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to " "be\n" "modified to match the new range.\n" msgstr "" msgid "" "\n" "Add new ID range.\n" "\n" " To add a new ID range you always have to specify\n" "\n" " --base-id\n" " --range-size\n" "\n" " Additionally\n" "\n" " --rid-base\n" " --secondary-rid-base\n" "\n" " may be given for a new ID range for the local domain while\n" "\n" " --rid-bas\n" " --dom-sid\n" "\n" " must be given to add a new range for a trusted AD domain.\n" "\n" " WARNING:\n" "\n" " DNA plugin in 389-ds will allocate IDs based on the ranges configured " "for the\n" " local domain. Currently the DNA plugin *cannot* be reconfigured itself " "based\n" " on the local ranges set via this family of commands.\n" "\n" " Manual configuration change has to be done in the DNA plugin " "configuration for\n" " the new local range. Specifically, The dnaNextRange attribute of " "'cn=Posix\n" " IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has " "to be\n" " modified to match the new range.\n" " " msgstr "" #: ipaclient/csrgen.py:40 msgid "" "\n" "Routines for constructing certificate signing requests using IPA data and\n" "stored templates.\n" msgstr "" #: ipaclient/csrgen.py:73 #, python-format msgid "Required CSR generation rule %(name)s is missing data" msgstr "" #: ipaclient/csrgen.py:165 ipaclient/csrgen.py:203 ipaclient/csrgen.py:387 msgid "Template error when formatting certificate data" msgstr "" #: ipaclient/csrgen.py:336 #, python-format msgid "No generation rule %(rulename)s found." msgstr "" #: ipaclient/csrgen.py:343 #, python-format msgid "Generation rule \"%(rulename)s\" is missing the \"rule\" key" msgstr "" #: ipaclient/csrgen.py:359 #, python-format msgid "No CSR generation rules are defined for profile %(profile_id)s" msgstr "" #: ipaclient/frontend.py:94 msgid "Failed targets" msgstr ""