freeipa/po/mr.po

# Abhijeet Kasurde <akasurde@redhat.com>, 2015. #zanata
msgid ""
msgstr ""
"Project-Id-Version: freeipa 4.9.0.dev201908140712+gitc9938e3d8\n"
"Report-Msgid-Bugs-To: https://pagure.io/freeipa/new_issue\n"
"POT-Creation-Date: 2021-11-25 18:55+0100\n"
"PO-Revision-Date: 2019-11-11 10:25+0000\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
"Language-Team: Marathi\n"
"Language: mr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
"X-Generator: Zanata 4.6.2\n"

msgid "  ipa <command> --help"
msgstr " ipa <command> --help"

msgid "A string searched in all relevant object attributes"
msgstr "एक शब्द सर्व संबंधित ऑब्जेक्ट गुणधर्मात शोधला"

msgid "Command name"
msgstr "आदेशाचे नाव "

msgid "Deprecated options"
msgstr "वापरात नसलेले पर्याय"

#, python-format
msgid "Enter %(label)s again to verify: "
msgstr "सत्यापित करण्यासाठी आपण पुन्हा %(label)s प्रविष्ट करा:"

#, python-format
msgid "Invalid JSON-RPC request: %(error)s"
msgstr "अवैध JSON-RPC विनंती : %(error)s"

#, python-format
msgid "Kerberos error: %(major)s/%(minor)s"
msgstr "Kerberos त्रुटी: %(major)s/%(minor)s"

#, python-format
msgid "Missing or invalid HTTP Referer, %(referer)s"
msgstr "न आढळलेले किंवा अवैध HTTP Referer, %(referer)s"

msgid "No file to read"
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "

msgid "No matching entries found"
msgstr "कोणतेही जुळणारे नोंदी आढळले"

msgid "Passwords do not match!"
msgstr "पासवर्ड जुळत नाही!"

msgid "Positional arguments"
msgstr "positional वितर्क"

#, python-format
msgid "Same as --%s"
msgstr "--%s सारखा"

#, python-format
msgid "Service '%(service)s' not found in Kerberos database"
msgstr "सेवा '%(service)s' Kerberos माहितीकोष आढली नाही"

msgid "The topic or command name."
msgstr "विषय किंवा आदेशाचे नाव"

msgid "To get command help, use:"
msgstr "आदेशा संबधित मिळवण्यासाठी, वापरा:"

msgid "Topic commands:"
msgstr "विषय आदेश:"

msgid "Topic or Command"
msgstr "विषय किंवा आदेश"

msgid "an internal error has occurred"
msgstr "एक अंतर्गत त्रुटी आली आहे"

#, python-format
msgid "an internal error has occurred on server at '%(server)s'"
msgstr "एक अंतर्गत त्रुटी '%(server)s' वरील सर्व्हर वर आली आहे "

#, python-format
msgid "cannot connect to '%(uri)s': %(error)s"
msgstr "'%(uri)s' ला जोडणी अपयशी : %(error)s"

msgid "did not receive Kerberos credentials"
msgstr "Kerberos credentials प्राप्त झाले नाहीत"

#, python-format
msgid "error on server '%(server)s': %(error)s"
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"

#, python-format
msgid "unknown command '%(name)s'"
msgstr "अनोळखी आदेश '%(name)s'"

#, c-format
msgid "Out of memory!\n"
msgstr ""

#, c-format
msgid "No permission to join this host to the IPA domain.\n"
msgstr ""

#, c-format
msgid "No write permissions on keytab file '%s'\n"
msgstr ""

#, c-format
msgid "access() on %1$s failed: errno = %2$d\n"
msgstr ""

#, c-format
msgid "Out of memory!"
msgstr ""

#, c-format
msgid "Unable to enable SSL in LDAP\n"
msgstr ""

msgid "SASL Bind failed\n"
msgstr ""

#, c-format
msgid "Search for %1$s on rootdse failed with error %2$d\n"
msgstr ""

#, c-format
msgid "No values for %s"
msgstr ""

#, c-format
msgid "Search for IPA namingContext failed with error %d\n"
msgstr ""

#, c-format
msgid "IPA namingContext not found\n"
msgstr ""

#, c-format
msgid "Unable to determine root DN of %s\n"
msgstr ""

#, c-format
msgid "Enrollment failed. %s\n"
msgstr ""

#, c-format
msgid "principal not found in XML-RPC response\n"
msgstr ""

#, c-format
msgid "Host is already joined.\n"
msgstr ""

#, c-format
msgid "curl_slist_append() failed for value: '%s'\n"
msgstr ""

#, c-format
msgid "curl_easy_setopt() failed\n"
msgstr ""

#, c-format
msgid "Expanding buffer in jsonrpc_handle_response failed"
msgstr ""

#, c-format
msgid "curl_global_init() failed\n"
msgstr ""

#, c-format
msgid "curl_easy_init() failed\n"
msgstr ""

#, c-format
msgid "json_dumps() failed\n"
msgstr ""

#, fuzzy, c-format
msgid ""
"JSON-RPC request:\n"
"%s\n"
msgstr "अवैध JSON-RPC विनंती : %(error)s"

#, c-format
msgid "JSON-RPC call failed: %s\n"
msgstr ""

#, c-format
msgid "JSON-RPC call failed with status code: %li\n"
msgstr ""

#, c-format
msgid "JSON-RPC call was unauthorized. Check your credentials.\n"
msgstr ""

#, c-format
msgid ""
"JSON-RPC response:\n"
"%s\n"
msgstr ""

#, c-format
msgid "Extracting the error from the JSON-RPC response failed: %s\n"
msgstr ""

#, c-format
msgid "Parsing JSON-RPC response failed: %s\n"
msgstr ""

#, c-format
msgid "Parsing JSON-RPC response failed: no 'result' value found.\n"
msgstr ""

#, c-format
msgid "Extracting the data from the JSON-RPC response failed: %s\n"
msgstr ""

#, c-format
msgid "json_pack_ex() failed: %s\n"
msgstr ""

#, c-format
msgid "Unenrollment successful.\n"
msgstr ""

#, c-format
msgid "Unenrollment failed.\n"
msgstr ""

#, c-format
msgid "result not found in XML-RPC response\n"
msgstr ""

#, c-format
msgid "Unable to determine IPA server from %s\n"
msgstr ""

#, c-format
msgid "Unable to join host: Kerberos context initialization failed\n"
msgstr ""

#, c-format
msgid "Unable to join host: Kerberos Credential Cache not found\n"
msgstr ""

#, c-format
msgid ""
"Unable to join host: Kerberos User Principal not found and host password not "
"provided.\n"
msgstr ""

#, c-format
msgid "fork() failed\n"
msgstr ""

#, c-format
msgid "ipa-getkeytab not found\n"
msgstr ""

#, c-format
msgid "ipa-getkeytab has bad permissions?\n"
msgstr ""

#, c-format
msgid "executing ipa-getkeytab failed, errno %d\n"
msgstr ""

#, c-format
msgid "child exited with %d\n"
msgstr ""

#, c-format
msgid "Error resolving keytab: %s.\n"
msgstr ""

#, c-format
msgid "Error getting default Kerberos realm: %s.\n"
msgstr ""

#, c-format
msgid "Error parsing \"%1$s\": %2$s.\n"
msgstr ""

#, c-format
msgid "Error obtaining initial credentials: %s.\n"
msgstr ""

#, fuzzy, c-format
msgid "Unable to generate Kerberos Credential Cache\n"
msgstr "Kerberos credentials प्राप्त झाले नाहीत"

#, c-format
msgid "Error storing creds in credential cache: %s.\n"
msgstr ""

msgid "Print the raw XML-RPC output in GSSAPI mode"
msgstr ""

msgid "Quiet mode. Only errors are displayed."
msgstr ""

msgid "Unenroll this host from IPA server"
msgstr ""

msgid "Hostname of this server"
msgstr ""

msgid "hostname"
msgstr ""

msgid "IPA Server to use"
msgstr ""

msgid "Specifies where to store keytab information."
msgstr ""

msgid "filename"
msgstr ""

msgid "Force the host join. Rejoin even if already joined."
msgstr ""

msgid "LDAP password (if not using Kerberos)"
msgstr ""

msgid "password"
msgstr ""

msgid "LDAP basedn"
msgstr ""

msgid "basedn"
msgstr ""

#, c-format
msgid "Cannot get host's FQDN!\n"
msgstr ""

#, c-format
msgid "The hostname must be fully-qualified: %s\n"
msgstr ""

#, c-format
msgid "The hostname must not be: %s\n"
msgstr ""

#, c-format
msgid "Kerberos context initialization failed: %1$s (%2$d)\n"
msgstr ""

#, c-format
msgid "Unable to parse principal: %1$s (%2$d)\n"
msgstr ""

#, c-format
msgid "No keys accepted by KDC\n"
msgstr ""

#, c-format
msgid "Out of memory \n"
msgstr ""

#, c-format
msgid "Unable to initialize ldap library!\n"
msgstr ""

msgid "Simple bind failed\n"
msgstr ""

#, c-format
msgid "Operation failed: %s\n"
msgstr ""

#, c-format
msgid "Failed to get result: %s\n"
msgstr ""

#, c-format
msgid "Timeout exceeded."
msgstr ""

#, c-format
msgid "Failed to parse extended result: %s\n"
msgstr ""

#, c-format
msgid "Failed to parse result: %s\n"
msgstr ""

#, c-format
msgid "Missing reply control list!\n"
msgstr ""

#, c-format
msgid "Missing reply control!\n"
msgstr ""

#, c-format
msgid "Out of Memory!\n"
msgstr ""

#, c-format
msgid "Failed to create control!\n"
msgstr ""

#, c-format
msgid "Failed to bind to server!\n"
msgstr ""

#, c-format
msgid "Failed to get keytab!\n"
msgstr ""

#, c-format
msgid "ber_init() failed, Invalid control ?!\n"
msgstr ""

#, c-format
msgid "ber_scanf() failed, unable to find kvno ?!\n"
msgstr ""

#, c-format
msgid "Failed to retrieve encryption type type #%d\n"
msgstr ""

#, c-format
msgid "Failed to retrieve encryption type %1$s (#%2$d)\n"
msgstr ""

#, c-format
msgid "Failed to retrieve any keys"
msgstr ""

msgid "Failed to decode control reply!\n"
msgstr ""

#, fuzzy, c-format
msgid "Passwords do not match!\n"
msgstr "पासवर्ड जुळत नाही!"

#, c-format
msgid "Failed to open config file %s\n"
msgstr ""

#, c-format
msgid "Failed to parse config file %s\n"
msgstr ""

msgid "Failed to resolve symlink to keytab.\n"
msgstr ""

msgid "keytab is a dangling symlink and owned by another user.\n"
msgstr ""

msgid "Print as little as possible"
msgstr ""

msgid "Output only on errors"
msgstr ""

msgid "Contact this specific KDC Server"
msgstr ""

msgid "Server Name"
msgstr ""

msgid "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"
msgstr ""

msgid "Kerberos Service Principal Name"
msgstr ""

msgid ""
"The keytab file to append the new key to (will be created if it does not "
"exist)."
msgstr ""

msgid "Keytab File Name"
msgstr ""

msgid "Encryption types to request"
msgstr ""

msgid "Comma separated encryption types list"
msgstr ""

msgid "Show the list of permitted encryption types and exit"
msgstr ""

msgid "Permitted Encryption Types"
msgstr ""

msgid "Asks for a non-random password to use for the principal"
msgstr ""

msgid "LDAP DN"
msgstr ""

msgid "DN to bind as if not using kerberos"
msgstr ""

msgid "LDAP password"
msgstr ""

msgid "password to use if not using kerberos"
msgstr ""

msgid "Prompt for LDAP password"
msgstr ""

msgid "Path to the IPA CA certificate"
msgstr ""

msgid "IPA CA certificate"
msgstr ""

msgid "LDAP uri to connect to. Mutually exclusive with --server"
msgstr ""

msgid "url"
msgstr ""

msgid "LDAP SASL bind mechanism if no bindd/bindpw"
msgstr ""

msgid "GSSAPI|EXTERNAL"
msgstr ""

msgid "Retrieve current keys without changing them"
msgstr ""

#, c-format
msgid "Kerberos context initialization failed\n"
msgstr ""

#, c-format
msgid "No system preferred enctypes ?!\n"
msgstr ""

#, c-format
msgid "Supported encryption types:\n"
msgstr ""

#, c-format
msgid "Warning: failed to convert type (#%d)\n"
msgstr ""

#, c-format
msgid "Bind password already provided (-w).\n"
msgstr ""

msgid "Enter LDAP password"
msgstr ""

#, c-format
msgid "Bind password required when using a bind DN (-w or -W).\n"
msgstr ""

#, c-format
msgid "Cannot specify both SASL mechanism and bind DN simultaneously.\n"
msgstr ""

#, c-format
msgid "Invalid SASL bind mechanism\n"
msgstr ""

#, c-format
msgid "Cannot specify server and LDAP uri simultaneously.\n"
msgstr ""

#, c-format
msgid "Server name not provided and unavailable\n"
msgstr ""

#, c-format
msgid "Incompatible options provided (-r and -P)\n"
msgstr ""

msgid "New Principal Password"
msgstr ""

msgid "Verify Principal Password"
msgstr ""

#, c-format
msgid ""
"Warning: salt types are not honored with randomized passwords (see opt. -P)\n"
msgstr ""

#, c-format
msgid "Invalid Service Principal Name\n"
msgstr ""

#, c-format
msgid "Kerberos Credential Cache not found. Do you have a Kerberos Ticket?\n"
msgstr ""

#, c-format
msgid ""
"Kerberos User Principal not found. Do you have a valid Credential Cache?\n"
msgstr ""

#, c-format
msgid "Failed to open Keytab\n"
msgstr ""

#, c-format
msgid "Retrying with pre-4.0 keytab retrieval method...\n"
msgstr ""

#, c-format
msgid "Failed to create key material\n"
msgstr ""

#, c-format
msgid "Failed to get keytab\n"
msgstr ""

#, c-format
msgid "Failed to add key to the keytab\n"
msgstr ""

#, c-format
msgid "Failed to close the keytab\n"
msgstr ""

#, c-format
msgid "Keytab successfully retrieved and stored in: %s\n"
msgstr ""

#, c-format
msgid "Unable to parse principal name\n"
msgstr ""

#, c-format
msgid "krb5_parse_name %1$d: %2$s\n"
msgstr ""

#, c-format
msgid "Removing principal %s\n"
msgstr ""

#, c-format
msgid "Failed to open keytab\n"
msgstr ""

#, c-format
msgid "principal not found\n"
msgstr ""

#, c-format
msgid "krb5_kt_get_entry %1$d: %2$s\n"
msgstr ""

#, c-format
msgid "Unable to remove entry\n"
msgstr ""

#, c-format
msgid "kvno %d\n"
msgstr ""

#, c-format
msgid "krb5_kt_remove_entry %1$d: %2$s\n"
msgstr ""

#, c-format
msgid "Failed to set cursor '%1$s'\n"
msgstr ""

#, c-format
msgid "Unable to parse principal\n"
msgstr ""

#, c-format
msgid "krb5_unparse_name %1$d: %2$s\n"
msgstr ""

#, c-format
msgid "realm not found\n"
msgstr ""

msgid "Print debugging information"
msgstr ""

msgid "Debugging output"
msgstr ""

msgid ""
"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)"
msgstr ""

msgid "The keytab file to remove the principcal(s) from"
msgstr ""

msgid "Remove all principals in this realm"
msgstr ""

msgid "Realm name"
msgstr ""

#, c-format
msgid "Failed to open keytab '%1$s': %2$s\n"
msgstr ""

#, c-format
msgid "Closing keytab failed\n"
msgstr ""

#, c-format
msgid "krb5_kt_close %1$d: %2$s\n"
msgstr ""

#, c-format
msgid "cannot open configuration file %s\n"
msgstr ""

#, c-format
msgid "cannot stat() configuration file %s\n"
msgstr ""

#, c-format
msgid "out of memory\n"
msgstr ""

#, c-format
msgid "read error\n"
msgstr ""

msgid "Failed members"
msgstr ""

msgid "Failed source hosts/hostgroups"
msgstr ""

msgid "Failed hosts/hostgroups"
msgstr ""

msgid "Failed users/groups"
msgstr ""

msgid "Failed service/service groups"
msgstr ""

msgid "Failed to remove"
msgstr ""

msgid "Failed RunAs"
msgstr ""

msgid "Failed RunAsGroup"
msgstr ""

msgid "Failed profiles"
msgstr ""

msgid "Failed CAs"
msgstr ""

msgid "Failed member manager"
msgstr ""

msgid "Failed managedby"
msgstr ""

msgid "Failed allowed to retrieve keytab"
msgstr ""

msgid "Failed allowed to create keytab"
msgstr ""

msgid "Failed targets"
msgstr ""

msgid "Failed owners"
msgstr ""

#, fuzzy
msgid "Failed to add"
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "

msgid "maps not connected to /etc/auto.master:"
msgstr ""

msgid "Import automount files for a specific location."
msgstr ""

msgid "Master file"
msgstr ""

msgid "Automount master file."
msgstr ""

msgid ""
"Continuous operation mode. Errors are reported but the process continues."
msgstr ""

#, python-format
msgid "File %(file)s not found"
msgstr ""

#, python-format
msgid "key %(key)s already exists"
msgstr ""

#, python-format
msgid "map %(map)s already exists"
msgstr ""

msgid "Imported maps:"
msgstr ""

#, python-format
msgid "Added %(map)s"
msgstr ""

msgid "Imported keys:"
msgstr ""

#, python-format
msgid "Added %(src)s to %(dst)s"
msgstr ""

msgid "Ignored keys:"
msgstr ""

#, python-format
msgid "Ignored %(src)s to %(dst)s"
msgstr ""

msgid "Duplicate maps skipped:"
msgstr ""

#, python-format
msgid "Skipped %(map)s"
msgstr ""

msgid "Duplicate keys skipped:"
msgstr ""

#, python-format
msgid "Skipped %(key)s"
msgstr ""

msgid "Input file"
msgstr ""

msgid "File to load the certificate from"
msgstr ""

msgid "cannot specify both raw certificate and file"
msgstr ""

#, python-format
msgid "Profile configuration stored in file '%(file)s'"
msgstr ""

#, python-format
msgid "Certificate(s) stored in file '%(file)s'"
msgstr ""

msgid "Servers details:"
msgstr ""

msgid ""
"Migration mode is disabled.\n"
"Use 'ipa config-mod --enable-migration=TRUE' to enable it."
msgstr ""

msgid ""
"Passwords have been migrated in pre-hashed format.\n"
"IPA is unable to generate Kerberos keys unless provided\n"
"with clear text passwords. All migrated users need to\n"
"login at https://your.domain/ipa/migration/ before they\n"
"can use their Kerberos accounts."
msgstr ""

msgid "python-yubico is not installed."
msgstr ""

msgid ""
"\n"
"YubiKey Tokens\n"
msgstr ""

msgid ""
"\n"
"Manage YubiKey tokens.\n"
msgstr ""

msgid ""
"\n"
"This code is an extension to the otptoken plugin and provides support for\n"
"reading/writing YubiKey tokens directly.\n"
msgstr ""

msgid ""
"\n"
"EXAMPLES:\n"
msgstr ""

msgid ""
"\n"
" Add a new token:\n"
"   ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n"
msgstr ""

msgid "Add a new YubiKey OTP token."
msgstr ""

msgid "YubiKey slot"
msgstr ""

msgid "No free YubiKey slot!"
msgstr ""

#, python-format
msgid "Removing %(servers)s from replication topology, please wait..."
msgstr ""

#, python-format
msgid "Enabled Sudo Rule \"%s\""
msgstr ""

#, python-format
msgid "Disabled Sudo Rule \"%s\""
msgstr ""

#, python-format
msgid "Added option \"%(option)s\" to Sudo Rule \"%(rule)s\""
msgstr ""

#, python-format
msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\""
msgstr ""

#, python-format
msgid "Replication topology of suffix \"%(suffix)s\" is in order."
msgstr ""

#, python-format
msgid "Replication topology of suffix \"%(suffix)s\" contains errors."
msgstr ""

msgid "Topology is disconnected"
msgstr ""

#, python-format
msgid "Server %(srv)s can't contact servers: %(replicas)s"
msgstr ""

msgid "Recommended maximum number of agreements per replica exceeded"
msgstr ""

msgid "Maximum number of agreements per replica"
msgstr ""

#, python-format
msgid "Server \"%(srv)s\" has %(n)d agreements with servers:"
msgstr ""

msgid "Delete a user, keeping the entry available for future use"
msgstr ""

msgid "Delete a user"
msgstr ""

msgid "preserve and no-preserve cannot be both set"
msgstr ""

msgid "Split DNS record to parts"
msgstr ""

msgid "Please choose a type of DNS resource record to be added"
msgstr ""

#, python-format
msgid "The most common types for this type of zone are: %s\n"
msgstr ""

msgid "DNS resource record type"
msgstr ""

#, python-format
msgid "Invalid or unsupported type. Allowed values are: %s"
msgstr ""

msgid "No option to modify specific record provided."
msgstr ""

msgid "Current DNS record contents:\n"
msgstr ""

#, python-format
msgid "Modify %(name)s '%(value)s'?"
msgstr ""

#, python-format
msgid ""
"%(count)d %(type)s record skipped. Only one value per DNS record type can be "
"modified at one time."
msgid_plural ""
"%(count)d %(type)s records skipped. Only one value per DNS record type can "
"be modified at one time."
msgstr[0] ""
msgstr[1] ""

msgid ""
"Neither --del-all nor options to delete a specific record provided.\n"
"Command help may be consulted for all supported record types."
msgstr ""

msgid "No option to delete specific record provided."
msgstr ""

msgid "Delete all?"
msgstr ""

#, python-format
msgid "Delete %(name)s '%(value)s'?"
msgstr ""

msgid "Server will check DNS forwarder(s)."
msgstr ""

msgid "This may take some time, please wait ..."
msgstr ""

msgid "DNS forwarder"
msgstr ""

msgid "file to store DNS records in nsupdate format"
msgstr ""

#, python-format
msgid "Cannot read file '%(filename)s': %(exc)s"
msgstr ""

#, fuzzy, python-format
msgid "Cannot decode file '%(filename)s': %(exc)s"
msgstr "'%(uri)s' ला जोडणी अपयशी : %(error)s"

msgid "Invalid credentials"
msgstr ""

msgid "Create a new vault."
msgstr ""

msgid "Vault password"
msgstr ""

msgid "File containing the vault password"
msgstr ""

msgid "File containing the vault public key"
msgstr ""

msgid "Password can be specified only for symmetric vault"
msgstr ""

msgid "Public key can be specified only for asymmetric vault"
msgstr ""

msgid "Password specified multiple times"
msgstr ""

msgid "Public key specified multiple times"
msgstr ""

msgid "Missing vault public key"
msgstr ""

#, python-format
msgid "Invalid or unsupported vault public key: %s"
msgstr ""

msgid "Modify a vault."
msgstr ""

msgid "Change password"
msgstr ""

msgid "Old vault password"
msgstr ""

msgid "File containing the old vault password"
msgstr ""

msgid "New vault password"
msgstr ""

msgid "File containing the new vault password"
msgstr ""

msgid "Old vault private key"
msgstr ""

msgid "File containing the old vault private key"
msgstr ""

msgid "File containing the new vault public key"
msgstr ""

msgid "New public key specified multiple times"
msgstr ""

msgid "Missing new vault public key"
msgstr ""

msgid "Archive data into a vault."
msgstr ""

msgid "Binary data to archive"
msgstr ""

msgid "File containing data to archive"
msgstr ""

msgid "Override existing password"
msgstr ""

msgid "Input data specified multiple times"
msgstr ""

#, python-format
msgid ""
"Size of data exceeds the limit. Current vault data size limit is %(limit)d B"
msgstr ""

msgid "Invalid vault type"
msgstr ""

msgid "Retrieve a data from a vault."
msgstr ""

msgid "File to store retrieved data"
msgstr ""

msgid "Vault private key"
msgstr ""

msgid "File containing the vault private key"
msgstr ""

msgid "Data"
msgstr ""

msgid "Private key specified multiple times"
msgstr ""

msgid "Missing vault private key"
msgstr ""

msgid "Write certificate (chain if --chain used) to file"
msgstr ""

msgid "Unrevoked"
msgstr ""

msgid "Error"
msgstr ""

msgid "Input filename"
msgstr ""

msgid "File to load the certificate from."
msgstr ""

msgid ""
"Unable to display QR code using the configured output encoding. Please use "
"the token URI to configure your OTP device"
msgstr ""

msgid ""
"QR code width is greater than that of the output tty. Please resize your "
"terminal."
msgstr ""

msgid "Synchronize an OTP token."
msgstr ""

msgid "User ID"
msgstr ""

msgid "Password"
msgstr ""

msgid "First Code"
msgstr ""

msgid "Second Code"
msgstr ""

msgid "Token ID"
msgstr ""

msgid ""
"\n"
"Directory Server Access Control Instructions (ACIs)\n"
"\n"
"ACIs are used to allow or deny access to information. This module is\n"
"currently designed to allow, not deny, access.\n"
"\n"
"The aci commands are designed to grant permissions that allow updating\n"
"existing entries or adding or deleting new ones. The goal of the ACIs\n"
"that ship with IPA is to provide a set of low-level permissions that\n"
"grant access to special groups called taskgroups. These low-level\n"
"permissions can be combined into roles that grant broader access. These\n"
"roles are another type of group, roles.\n"
"\n"
"For example, if you have taskgroups that allow adding and modifying users "
"you\n"
"could create a role, useradmin. You would assign users to the useradmin\n"
"role to allow them to do the operations defined by the taskgroups.\n"
"\n"
"You can create ACIs that delegate permission so users in group A can write\n"
"attributes on group B.\n"
"\n"
"The type option is a map that applies to all entries in the users, groups "
"or\n"
"host location. It is primarily designed to be used when granting add\n"
"permissions (to write new entries).\n"
"\n"
"An ACI consists of three parts:\n"
"1. target\n"
"2. permissions\n"
"3. bind rules\n"
"\n"
"The target is a set of rules that define which LDAP objects are being\n"
"targeted. This can include a list of attributes, an area of that LDAP\n"
"tree or an LDAP filter.\n"
"\n"
"The targets include:\n"
"- attrs: list of attributes affected\n"
"- type: an object type (user, group, host, service, etc)\n"
"- memberof: members of a group\n"
"- targetgroup: grant access to modify a specific group. This is primarily\n"
"  designed to enable users to add or remove members of a specific group.\n"
"- filter: A legal LDAP filter used to narrow the scope of the target.\n"
"- subtree: Used to apply a rule across an entire set of objects. For "
"example,\n"
"  to allow adding users you need to grant \"add\" permission to the subtree\n"
"  ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n"
"  is a fail-safe for objects that may not be covered by the type option.\n"
"\n"
"The permissions define what the ACI is allowed to do, and are one or\n"
"more of:\n"
"1. write - write one or more attributes\n"
"2. read - read one or more attributes\n"
"3. add - add a new entry to the tree\n"
"4. delete - delete an existing entry\n"
"5. all - all permissions are granted\n"
"\n"
"Note the distinction between attributes and entries. The permissions are\n"
"independent, so being able to add a user does not mean that the user will\n"
"be editable.\n"
"\n"
"The bind rule defines who this ACI grants permissions to. The LDAP server\n"
"allows this to be any valid LDAP entry but we encourage the use of\n"
"taskgroups so that the rights can be easily shared through roles.\n"
"\n"
"For a more thorough description of access controls see\n"
"http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control."
"html\n"
"\n"
"EXAMPLES:\n"
"\n"
"NOTE: ACIs are now added via the permission plugin. These examples are to\n"
"demonstrate how the various options work but this is done via the "
"permission\n"
"command-line now (see last example).\n"
"\n"
" Add an ACI so that the group \"secretaries\" can update the address on any "
"user:\n"
"   ipa group-add --desc=\"Office secretaries\" secretaries\n"
"   ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries "
"--permissions=write --prefix=none \"Secretaries write addresses\"\n"
"\n"
" Show the new ACI:\n"
"   ipa aci-show --prefix=none \"Secretaries write addresses\"\n"
"\n"
" Add an ACI that allows members of the \"addusers\" permission to add new "
"users:\n"
"   ipa aci-add --type=user --permission=addusers --permissions=add --"
"prefix=none \"Add new users\"\n"
"\n"
" Add an ACI that allows members of the editors manage members of the admins "
"group:\n"
"   ipa aci-add --permissions=write --attrs=member --targetgroup=admins --"
"group=editors --prefix=none \"Editors manage admins\"\n"
"\n"
" Add an ACI that allows members of the admins group to manage the street and "
"zip code of those in the editors group:\n"
"   ipa aci-add --permissions=write --memberof=editors --group=admins --"
"attrs=street --attrs=postalcode --prefix=none \"admins edit the address of "
"editors\"\n"
"\n"
" Add an ACI that allows the admins group manage the street and zipcode of "
"those who work for the boss:\n"
"   ipa aci-add --permissions=write --group=admins --attrs=street --"
"attrs=postalcode --filter=\"(manager=uid=boss,cn=users,cn=accounts,"
"dc=example,dc=com)\" --prefix=none \"Edit the address of those who work for "
"the boss\"\n"
"\n"
" Add an entirely new kind of record to IPA that isn't covered by any of the "
"--type options, creating a permission:\n"
"   ipa permission-add  --permissions=add --subtree=\"cn=*,cn=orange,"
"cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n"
"\n"
"\n"
"The show command shows the raw 389-ds ACI.\n"
"\n"
"IMPORTANT: When modifying the target attributes of an existing ACI you\n"
"must include all existing attributes as well. When doing an aci-mod the\n"
"targetattr REPLACES the current attributes, it does not add to them.\n"
msgstr ""

#, fuzzy
msgid "ACI name"
msgstr "आदेशाचे नाव "

msgid "Permission"
msgstr ""

msgid "Permission ACI grants access to"
msgstr ""

msgid "User group"
msgstr ""

msgid "User group ACI grants access to"
msgstr ""

msgid "Permissions"
msgstr ""

msgid "Permissions to grant(read, write, add, delete, all)"
msgstr ""

msgid "Attributes to which the permission applies"
msgstr ""

msgid "Attributes"
msgstr ""

msgid "Type"
msgstr ""

msgid "type of IPA object (user, group, host, hostgroup, service, netgroup)"
msgstr ""

msgid "Member of"
msgstr ""

msgid "Member of a group"
msgstr ""

msgid "Filter"
msgstr ""

msgid "Legal LDAP filter (e.g. ou=Engineering)"
msgstr ""

msgid "Subtree"
msgstr ""

msgid "Subtree to apply ACI to"
msgstr ""

msgid "Target group"
msgstr ""

msgid "Group to apply ACI to"
msgstr ""

msgid "Target your own entry (self)"
msgstr ""

msgid "Apply ACI to your own entry (self)"
msgstr ""

msgid "Create new ACI."
msgstr ""

msgid "ACI prefix"
msgstr ""

msgid ""
"Prefix used to distinguish ACI types (permission, delegation, selfservice, "
"none)"
msgstr ""

msgid "Test the ACI syntax but don't write anything"
msgstr ""

msgid ""
"Retrieve and print all attributes from the server. Affects command output."
msgstr ""

msgid "Print entries as stored on the server. Only affects output format."
msgstr ""

msgid "User-friendly description of action performed"
msgstr ""

msgid "The primary_key value of the entry, e.g. 'jdoe' for a user"
msgstr ""

msgid "Delete ACI."
msgstr ""

msgid "True means the operation was successful"
msgstr ""

msgid ""
"\n"
"Search for ACIs.\n"
"\n"
"    Returns a list of ACIs\n"
"\n"
"    EXAMPLES:\n"
"\n"
"     To find all ACIs that apply directly to members of the group ipausers:\n"
"       ipa aci-find --memberof=ipausers\n"
"\n"
"     To find all ACIs that grant add access:\n"
"       ipa aci-find --permissions=add\n"
"\n"
"    Note that the find command only looks for the given text in the set of\n"
"    ACIs, it does not evaluate the ACIs to see if something would apply.\n"
"    For example, searching on memberof=ipausers will find all ACIs that\n"
"    have ipausers as a memberof. There may be other ACIs that apply to\n"
"    members of that group indirectly.\n"
"    "
msgstr ""

msgid "Primary key only"
msgstr ""

msgid "Results should contain primary key attribute only (\"name\")"
msgstr ""

msgid "Number of entries returned"
msgstr ""

msgid "True if not all results were returned"
msgstr ""

msgid "Modify ACI."
msgstr ""

msgid "Rename an ACI."
msgstr ""

msgid "New ACI name"
msgstr ""

msgid "Display a single ACI given an ACI name."
msgstr ""

msgid "Location of the ACI"
msgstr ""

msgid ""
"\n"
"Automount\n"
"\n"
"Stores automount(8) configuration for autofs(8) in IPA.\n"
"\n"
"The base of an automount configuration is the configuration file auto."
"master.\n"
"This is also the base location in IPA. Multiple auto.master configurations\n"
"can be stored in separate locations. A location is implementation-specific\n"
"with the default being a location named 'default'. For example, you can "
"have\n"
"locations by geographic region, by floor, by type, etc.\n"
"\n"
"Automount has three basic object types: locations, maps and keys.\n"
"\n"
"A location defines a set of maps anchored in auto.master. This allows you\n"
"to store multiple automount configurations. A location in itself isn't\n"
"very interesting, it is just a point to start a new automount map.\n"
"\n"
"A map is roughly equivalent to a discrete automount file and provides\n"
"storage for keys.\n"
"\n"
"A key is a mount point associated with a map.\n"
"\n"
"When a new location is created, two maps are automatically created for\n"
"it: auto.master and auto.direct. auto.master is the root map for all\n"
"automount maps for the location. auto.direct is the default map for\n"
"direct mounts and is mounted on /-.\n"
"\n"
"An automount map may contain a submount key. This key defines a mount\n"
"location within the map that references another map. This can be done\n"
"either using automountmap-add-indirect --parentmap or manually\n"
"with automountkey-add and setting info to \"-type=autofs :<mapname>\".\n"
"\n"
"EXAMPLES:\n"
"\n"
"Locations:\n"
"\n"
"  Create a named location, \"Baltimore\":\n"
"    ipa automountlocation-add baltimore\n"
"\n"
"  Display the new location:\n"
"    ipa automountlocation-show baltimore\n"
"\n"
"  Find available locations:\n"
"    ipa automountlocation-find\n"
"\n"
"  Remove a named automount location:\n"
"    ipa automountlocation-del baltimore\n"
"\n"
"  Show what the automount maps would look like if they were in the "
"filesystem:\n"
"    ipa automountlocation-tofiles baltimore\n"
"\n"
"  Import an existing configuration into a location:\n"
"    ipa automountlocation-import baltimore /etc/auto.master\n"
"\n"
"    The import will fail if any duplicate entries are found. For\n"
"    continuous operation where errors are ignored, use the --continue\n"
"    option.\n"
"\n"
"Maps:\n"
"\n"
"  Create a new map, \"auto.share\":\n"
"    ipa automountmap-add baltimore auto.share\n"
"\n"
"  Display the new map:\n"
"    ipa automountmap-show baltimore auto.share\n"
"\n"
"  Find maps in the location baltimore:\n"
"    ipa automountmap-find baltimore\n"
"\n"
"  Create an indirect map with auto.share as a submount:\n"
"    ipa automountmap-add-indirect baltimore --parentmap=auto.share --"
"mount=sub auto.man\n"
"\n"
"    This is equivalent to:\n"
"\n"
"    ipa automountmap-add-indirect baltimore --mount=/man auto.man\n"
"    ipa automountkey-add baltimore auto.man --key=sub --info=\"-"
"fstype=autofs ldap:auto.share\"\n"
"\n"
"  Remove the auto.share map:\n"
"    ipa automountmap-del baltimore auto.share\n"
"\n"
"Keys:\n"
"\n"
"  Create a new key for the auto.share map in location baltimore. This ties\n"
"  the map we previously created to auto.master:\n"
"    ipa automountkey-add baltimore auto.master --key=/share --info=auto."
"share\n"
"\n"
"  Create a new key for our auto.share map, an NFS mount for man pages:\n"
"    ipa automountkey-add baltimore auto.share --key=man --info=\"-ro,soft,"
"rsize=8192,wsize=8192 ipa.example.com:/shared/man\"\n"
"\n"
"  Find all keys for the auto.share map:\n"
"    ipa automountkey-find baltimore auto.share\n"
"\n"
"  Find all direct automount keys:\n"
"    ipa automountkey-find baltimore --key=/-\n"
"\n"
"  Remove the man key from the auto.share map:\n"
"    ipa automountkey-del baltimore auto.share --key=man\n"
msgstr ""

msgid "Key"
msgstr ""

msgid "Automount key name."
msgstr ""

msgid "Mount information"
msgstr ""

msgid "description"
msgstr ""

msgid "Location"
msgstr ""

msgid "Automount location name."
msgstr ""

msgid "Map"
msgstr ""

msgid "Automount map name."
msgstr ""

msgid "Description"
msgstr ""

msgid "Create a new automount key."
msgstr ""

msgid ""
"Set an attribute to a name/value pair. Format is attr=value.\n"
"For multi-valued attributes, the command replaces the values already present."
msgstr ""

msgid ""
"Add an attribute/value pair. Format is attr=value. The attribute\n"
"must be part of the schema."
msgstr ""

msgid "Delete an automount key."
msgstr ""

msgid "Continuous mode: Don't stop on errors."
msgstr ""

msgid "List of deletions that failed"
msgstr ""

msgid "Search for an automount key."
msgstr ""

msgid "Time Limit"
msgstr ""

msgid "Time limit of search in seconds"
msgstr ""

msgid "Size Limit"
msgstr ""

msgid "Maximum number of entries returned"
msgstr ""

msgid "Modify an automount key."
msgstr ""

msgid ""
"Delete an attribute/value pair. The option will be evaluated\n"
"last, after all sets and adds."
msgstr ""

msgid "Rights"
msgstr ""

msgid ""
"Display the access rights of this entry (requires --all). See ipa man page "
"for details."
msgstr ""

msgid "New mount information"
msgstr ""

msgid "Rename"
msgstr ""

msgid "Rename the automount key object"
msgstr ""

msgid "Display an automount key."
msgstr ""

msgid "Create a new automount location."
msgstr ""

msgid "Delete an automount location."
msgstr ""

msgid "Search for an automount location."
msgstr ""

msgid "Results should contain primary key attribute only (\"location\")"
msgstr ""

msgid "Display an automount location."
msgstr ""

msgid "Generate automount files for a specific location."
msgstr ""

msgid "Create a new automount map."
msgstr ""

msgid "Create a new indirect mount point."
msgstr ""

msgid "Mount point"
msgstr ""

msgid "Parent map"
msgstr ""

msgid "Name of parent automount map (default: auto.master)."
msgstr ""

msgid "Delete an automount map."
msgstr ""

msgid "Search for an automount map."
msgstr ""

msgid "Results should contain primary key attribute only (\"map\")"
msgstr ""

msgid "Modify an automount map."
msgstr ""

msgid "Display an automount map."
msgstr ""

msgid ""
"\n"
"Plugin to make multiple ipa calls via one remote procedure call\n"
"\n"
"To run this code in the lite-server\n"
"\n"
"curl   -H \"Content-Type:application/json\"          -H \"Accept:application/"
"json\" -H \"Accept-Language:en\"        --negotiate -u :          --cacert /"
"etc/ipa/ca.crt           -d  @batch_request.json -X POST       http://"
"localhost:8888/ipa/json\n"
"\n"
"where the contents of the file batch_request.json follow the below example\n"
"\n"
"{\"method\":\"batch\",\"params\":[[\n"
"        {\"method\":\"group_find\",\"params\":[[],{}]},\n"
"        {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all"
"\":\"true\"}]},\n"
"        {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n"
"        ],{}],\"id\":1}\n"
"\n"
"The format of the response is nested the same way.  At the top you will see\n"
"  \"error\": null,\n"
"    \"id\": 1,\n"
"    \"result\": {\n"
"        \"count\": 3,\n"
"            \"results\": [\n"
"\n"
"\n"
"And then a nested response for each IPA command method sent in the request\n"
msgstr ""

msgid "Nested Methods to execute"
msgstr ""

msgid ""
"\n"
"Server configuration\n"
"\n"
"Manage the default values that IPA uses and some of its tuning parameters.\n"
"\n"
"NOTES:\n"
"\n"
"The password notification value (--pwdexpnotify) is stored here so it will\n"
"be replicated. It is not currently used to notify users in advance of an\n"
"expiring password.\n"
"\n"
"Some attributes are read-only, provided only for information purposes. "
"These\n"
"include:\n"
"\n"
"Certificate Subject base: the configured certificate subject base,\n"
"  e.g. O=EXAMPLE.COM.  This is configurable only at install time.\n"
"Password plug-in features: currently defines additional hashes that the\n"
"  password will generate (there may be other conditions).\n"
"\n"
"When setting the order list for mapping SELinux users you may need to\n"
"quote the value so it isn't interpreted by the shell.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Show basic server configuration:\n"
"   ipa config-show\n"
"\n"
" Show all configuration options:\n"
"   ipa config-show --all\n"
"\n"
" Change maximum username length to 99 characters:\n"
"   ipa config-mod --maxusername=99\n"
"\n"
" Increase default time and size limits for maximum IPA server search:\n"
"   ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n"
"\n"
" Set default user e-mail domain:\n"
"   ipa config-mod --emaildomain=example.com\n"
"\n"
" Enable migration mode to make \"ipa migrate-ds\" command operational:\n"
"   ipa config-mod --enable-migration=TRUE\n"
"\n"
" Define SELinux user map order:\n"
"   ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-"
"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n"
msgstr ""

msgid "Maximum username length"
msgstr ""

msgid "Home directory base"
msgstr ""

msgid "Default location of home directories"
msgstr ""

msgid "Default shell"
msgstr ""

msgid "Default shell for new users"
msgstr ""

msgid "Default users group"
msgstr ""

msgid "Default group for new users"
msgstr ""

msgid "Default e-mail domain"
msgstr ""

msgid "Search time limit"
msgstr ""

msgid ""
"Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)"
msgstr ""

msgid "Search size limit"
msgstr ""

msgid "Maximum number of records to search (-1 is unlimited)"
msgstr ""

msgid "User search fields"
msgstr ""

msgid "A comma-separated list of fields to search in when searching for users"
msgstr ""

msgid "Group search fields"
msgstr ""

msgid "A comma-separated list of fields to search in when searching for groups"
msgstr ""

msgid "Enable migration mode"
msgstr ""

msgid "Certificate Subject base"
msgstr ""

msgid "Base for certificate subjects (OU=Test,O=Example)"
msgstr ""

msgid "Default group objectclasses"
msgstr ""

msgid "Default group objectclasses (comma-separated list)"
msgstr ""

msgid "Default user objectclasses"
msgstr ""

msgid "Default user objectclasses (comma-separated list)"
msgstr ""

msgid "Password Expiration Notification (days)"
msgstr ""

msgid "Number of days's notice of impending password expiration"
msgstr ""

msgid "Password plugin features"
msgstr ""

msgid "Extra hashes to generate in password plug-in"
msgstr ""

msgid "SELinux user map order"
msgstr ""

msgid "Order in increasing priority of SELinux users, delimited by $"
msgstr ""

msgid "Default SELinux user"
msgstr ""

msgid "Default SELinux user when no match is found in SELinux map rule"
msgstr ""

msgid "Default PAC types"
msgstr ""

msgid "Default types of PAC supported for services"
msgstr ""

msgid "Default user authentication types"
msgstr ""

msgid "Default types of supported user authentication"
msgstr ""

msgid "Modify configuration options."
msgstr ""

msgid "Show the current configuration."
msgstr ""

msgid ""
"\n"
"Group to Group Delegation\n"
"\n"
"A permission enables fine-grained delegation of permissions. Access Control\n"
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
"given tasks such as adding a user, modifying a group, etc.\n"
"\n"
"Group to Group Delegations grants the members of one group to update a set\n"
"of attributes of members of another group.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a delegation rule to allow managers to edit employee's addresses:\n"
"   ipa delegation-add --attrs=street --group=managers --"
"membergroup=employees \"managers edit employees' street\"\n"
"\n"
" When managing the list of attributes you need to include all attributes\n"
" in the list, including existing ones. Add postalCode to the list:\n"
"   ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --"
"membergroup=employees \"managers edit employees' street\"\n"
"\n"
" Display our updated rule:\n"
"   ipa delegation-show \"managers edit employees' street\"\n"
"\n"
" Delete a rule:\n"
"   ipa delegation-del \"managers edit employees' street\"\n"
msgstr ""

msgid "Delegation name"
msgstr ""

msgid "Permissions to grant (read, write). Default is write."
msgstr ""

msgid "Attributes to which the delegation applies"
msgstr ""

msgid "Member user group"
msgstr ""

msgid "User group to apply delegation to"
msgstr ""

msgid "Add a new delegation."
msgstr ""

msgid "Delete a delegation."
msgstr ""

msgid "Search for delegations."
msgstr ""

msgid "Modify a delegation."
msgstr ""

msgid "Display information about a delegation."
msgstr ""

msgid ""
"\n"
"Domain Name System (DNS)\n"
"\n"
"Manage DNS zone and resource records.\n"
"\n"
"SUPPORTED ZONE TYPES\n"
"\n"
" * Master zone (dnszone-*), contains authoritative data.\n"
" * Forward zone (dnsforwardzone-*), forwards queries to configured "
"forwarders\n"
" (a set of DNS servers).\n"
"\n"
"USING STRUCTURED PER-TYPE OPTIONS\n"
"\n"
"There are many structured DNS RR types where DNS data stored in LDAP server\n"
"is not just a scalar value, for example an IP address or a domain name, but\n"
"a data structure which may be often complex. A good example is a LOC record\n"
"[RFC1876] which consists of many mandatory and optional parts (degrees,\n"
"minutes, seconds of latitude and longitude, altitude or precision).\n"
"\n"
"It may be difficult to manipulate such DNS records without making a mistake\n"
"and entering an invalid value. DNS module provides an abstraction over "
"these\n"
"raw records and allows to manipulate each RR type with specific options. "
"For\n"
"each supported RR type, DNS module provides a standard option to manipulate\n"
"a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special "
"options\n"
"for every part of the RR structure with format --<rrtype>-<partname>, e.g.\n"
"--mx-preference and --mx-exchanger.\n"
"\n"
"When adding a record, either RR specific options or standard option for a "
"raw\n"
"value can be used, they just should not be combined in one add operation. "
"When\n"
"modifying an existing entry, new RR specific options can be used to change\n"
"one part of a DNS record, where the standard option for raw value is used\n"
"to specify the modified value. The following example demonstrates\n"
"a modification of MX record preference from 0 to 1 in a record without\n"
"modifying the exchanger:\n"
"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add new zone:\n"
"   ipa dnszone-add example.com --admin-email=admin@example.com\n"
"\n"
" Add system permission that can be used for per-zone privilege delegation:\n"
"   ipa dnszone-add-permission example.com\n"
"\n"
" Modify the zone to allow dynamic updates for hosts own records in realm "
"EXAMPLE.COM:\n"
"   ipa dnszone-mod example.com --dynamic-update=TRUE\n"
"\n"
"   This is the equivalent of:\n"
"     ipa dnszone-mod example.com --dynamic-update=TRUE       --update-policy="
"\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant "
"EXAMPLE.COM krb5-self * SSHFP;\"\n"
"\n"
" Modify the zone to allow zone transfers for local network only:\n"
"   ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n"
"\n"
" Add new reverse zone specified by network IP address:\n"
"   ipa dnszone-add --name-from-ip=192.0.2.0/24\n"
"\n"
" Add second nameserver for example.com:\n"
"   ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n"
"\n"
" Add a mail server for example.com:\n"
"   ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n"
"\n"
" Add another record using MX record specific options:\n"
"  ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n"
"\n"
" Add another record using interactive mode (started when dnsrecord-add, "
"dnsrecord-mod,\n"
" or dnsrecord-del are executed with no options):\n"
"  ipa dnsrecord-add example.com @\n"
"  Please choose a type of DNS resource record to be added\n"
"  The most common types for this type of zone are: NS, MX, LOC\n"
"\n"
"  DNS resource record type: MX\n"
"  MX Preference: 30\n"
"  MX Exchanger: mail3\n"
"    Record name: example.com\n"
"    MX record: 10 mail1, 20 mail2, 30 mail3\n"
"    NS record: nameserver.example.com., nameserver2.example.com.\n"
"\n"
" Delete previously added nameserver from example.com:\n"
"   ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n"
"\n"
" Add LOC record for example.com:\n"
"   ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E "
"227.64m\"\n"
"\n"
" Add new A record for www.example.com. Create a reverse record in "
"appropriate\n"
" reverse zone as well. In this case a PTR record \"2\" pointing to www."
"example.com\n"
" will be created in zone 2.0.192.in-addr.arpa.\n"
"   ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n"
"\n"
" Add new PTR record for www.example.com\n"
"   ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n"
"\n"
" Add new SRV records for LDAP servers. Three quarters of the requests\n"
" should go to fast.example.com, one quarter to slow.example.com. If neither\n"
" is available, switch to backup.example.com.\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example."
"com\"\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example."
"com\"\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup."
"example.com\"\n"
"\n"
" The interactive mode can be used for easy modification:\n"
"  ipa dnsrecord-mod example.com _ldap._tcp\n"
"  No option to modify specific record provided.\n"
"  Current DNS record contents:\n"
"\n"
"  SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 "
"backup.example.com\n"
"\n"
"  Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n"
"  Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n"
"  SRV Priority [0]:                     (keep the default value)\n"
"  SRV Weight [1]: 2                     (modified value)\n"
"  SRV Port [389]:                       (keep the default value)\n"
"  SRV Target [slow.example.com]:        (keep the default value)\n"
"  1 SRV record skipped. Only one value per DNS record type can be modified "
"at one time.\n"
"    Record name: _ldap._tcp\n"
"    SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 "
"389 slow.example.com\n"
"\n"
" After this modification, three fifths of the requests should go to\n"
" fast.example.com and two fifths to slow.example.com.\n"
"\n"
" An example of the interactive mode for dnsrecord-del command:\n"
"   ipa dnsrecord-del example.com www\n"
"   No option to delete specific record provided.\n"
"   Delete all? Yes/No (default No):     (do not delete all records)\n"
"   Current DNS record contents:\n"
"\n"
"   A record: 192.0.2.2, 192.0.2.3\n"
"\n"
"   Delete A record '192.0.2.2'? Yes/No (default No):\n"
"   Delete A record '192.0.2.3'? Yes/No (default No): y\n"
"     Record name: www\n"
"     A record: 192.0.2.2               (A record 192.0.2.3 has been "
"deleted)\n"
"\n"
" Show zone example.com:\n"
"   ipa dnszone-show example.com\n"
"\n"
" Find zone with \"example\" in its domain name:\n"
"   ipa dnszone-find example\n"
"\n"
" Find records for resources with \"www\" in their name in zone example.com:\n"
"   ipa dnsrecord-find example.com www\n"
"\n"
" Find A records with value 192.0.2.2 in zone example.com\n"
"   ipa dnsrecord-find example.com --a-rec=192.0.2.2\n"
"\n"
" Show records for resource www in zone example.com\n"
"   ipa dnsrecord-show example.com www\n"
"\n"
" Delegate zone sub.example to another nameserver:\n"
"   ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n"
"   ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n"
"\n"
" Delete zone example.com with all resource records:\n"
"   ipa dnszone-del example.com\n"
"\n"
" If a global forwarder is configured, all queries for which this server is "
"not\n"
" authoritative (e.g. sub.example.com) will be routed to the global "
"forwarder.\n"
" Global forwarding configuration can be overridden per-zone.\n"
"\n"
" Semantics of forwarding in IPA matches BIND semantics and depends on the "
"type\n"
" of zone:\n"
"   * Master zone: local BIND replies authoritatively to queries for data in\n"
"   the given zone (including authoritative NXDOMAIN answers) and forwarding\n"
"   affects only queries for names below zone cuts (NS records) of locally\n"
"   served zones.\n"
"\n"
"   * Forward zone: forward zone contains no authoritative data. BIND "
"forwards\n"
"   queries, which cannot be answered from its local cache, to configured\n"
"   forwarders.\n"
"\n"
" Semantics of the --forward-policy option:\n"
"   * none - disable forwarding for the given zone.\n"
"   * first - forward all queries to configured forwarders. If they fail,\n"
"   do resolution using DNS root servers.\n"
"   * only - forward all queries to configured forwarders and if they fail,\n"
"   return failure.\n"
"\n"
" Disable global forwarding for given sub-tree:\n"
"   ipa dnszone-mod example.com --forward-policy=none\n"
"\n"
" This configuration forwards all queries for names outside the example.com\n"
" sub-tree to global forwarders. Normal recursive resolution process is used\n"
" for names inside the example.com sub-tree (i.e. NS records are followed "
"etc.).\n"
"\n"
" Forward all requests for the zone external.example.com to another "
"forwarder\n"
" using a \"first\" policy (it will send the queries to the selected "
"forwarder\n"
" and if not answered it will use global root servers):\n"
"   ipa dnsforwardzone-add external.example.com --forward-"
"policy=first                                --forwarder=203.0.113.1\n"
"\n"
" Change forward-policy for external.example.com:\n"
"   ipa dnsforwardzone-mod external.example.com --forward-policy=only\n"
"\n"
" Show forward zone external.example.com:\n"
"   ipa dnsforwardzone-show external.example.com\n"
"\n"
" List all forward zones:\n"
"   ipa dnsforwardzone-find\n"
"\n"
" Delete forward zone external.example.com:\n"
"   ipa dnsforwardzone-del external.example.com\n"
"\n"
" Resolve a host name to see if it exists (will add default IPA domain\n"
" if one is not included):\n"
"   ipa dns-resolve www.example.com\n"
"   ipa dns-resolve www\n"
"\n"
"\n"
"GLOBAL DNS CONFIGURATION\n"
"\n"
"DNS configuration passed to command line install script is stored in a "
"local\n"
"configuration file on each IPA server where DNS service is configured. "
"These\n"
"local settings can be overridden with a common configuration stored in LDAP\n"
"server:\n"
"\n"
" Show global DNS configuration:\n"
"   ipa dnsconfig-show\n"
"\n"
" Modify global DNS configuration and set a list of global forwarders:\n"
"   ipa dnsconfig-mod --forwarder=203.0.113.113\n"
msgstr ""

msgid "Global forwarders"
msgstr ""

msgid ""
"Global forwarders. A custom port can be specified for each forwarder using a "
"standard format \"IP_ADDRESS port PORT\""
msgstr ""

msgid "Forward policy"
msgstr ""

msgid ""
"Global forwarding policy. Set to \"none\" to disable any configured global "
"forwarders."
msgstr ""

msgid "Allow PTR sync"
msgstr ""

msgid "Allow synchronization of forward (A, AAAA) and reverse (PTR) records"
msgstr ""

msgid "Zone refresh interval"
msgstr ""

#, fuzzy
msgid "Zone name"
msgstr "आदेशाचे नाव "

msgid "Zone name (FQDN)"
msgstr ""

msgid "Reverse zone IP network"
msgstr ""

msgid "IP network to create reverse zone name from"
msgstr ""

msgid "Active zone"
msgstr ""

msgid "Is zone active?"
msgstr ""

msgid "Zone forwarders"
msgstr ""

msgid ""
"Per-zone forwarders. A custom port can be specified for each forwarder using "
"a standard format \"IP_ADDRESS port PORT\""
msgstr ""

msgid ""
"Per-zone conditional forwarding policy. Set to \"none\" to disable "
"forwarding to global forwarder for this zone. In that case, conditional zone "
"forwarders are disregarded."
msgstr ""

#, fuzzy
msgid "Record name"
msgstr "आदेशाचे नाव "

msgid "Time to live"
msgstr ""

msgid "Records"
msgstr ""

msgid "Record type"
msgstr ""

msgid "Record data"
msgstr ""

msgid "A record"
msgstr ""

msgid "Raw A records"
msgstr ""

msgid "A IP Address"
msgstr ""

msgid "IP Address"
msgstr ""

msgid "A Create reverse"
msgstr ""

msgid "Create reverse record for this IP Address"
msgstr ""

msgid "AAAA record"
msgstr ""

msgid "Raw AAAA records"
msgstr ""

msgid "AAAA IP Address"
msgstr ""

msgid "AAAA Create reverse"
msgstr ""

msgid "A6 record"
msgstr ""

msgid "Raw A6 records"
msgstr ""

msgid "A6 Record data"
msgstr ""

msgid "AFSDB record"
msgstr ""

msgid "Raw AFSDB records"
msgstr ""

msgid "AFSDB Subtype"
msgstr ""

msgid "Subtype"
msgstr ""

msgid "AFSDB Hostname"
msgstr ""

msgid "Hostname"
msgstr ""

msgid "APL record"
msgstr ""

msgid "Raw APL records"
msgstr ""

msgid "CERT record"
msgstr ""

msgid "Raw CERT records"
msgstr ""

msgid "CERT Certificate Type"
msgstr ""

msgid "Certificate Type"
msgstr ""

msgid "CERT Key Tag"
msgstr ""

msgid "Key Tag"
msgstr ""

msgid "CERT Algorithm"
msgstr ""

msgid "Algorithm"
msgstr ""

msgid "CERT Certificate/CRL"
msgstr ""

msgid "Certificate/CRL"
msgstr ""

msgid "CNAME record"
msgstr ""

msgid "Raw CNAME records"
msgstr ""

msgid "CNAME Hostname"
msgstr ""

msgid "A hostname which this alias hostname points to"
msgstr ""

msgid "DHCID record"
msgstr ""

msgid "Raw DHCID records"
msgstr ""

msgid "DLV record"
msgstr ""

msgid "Raw DLV records"
msgstr ""

msgid "DLV Key Tag"
msgstr ""

msgid "DLV Algorithm"
msgstr ""

msgid "DLV Digest Type"
msgstr ""

msgid "Digest Type"
msgstr ""

msgid "DLV Digest"
msgstr ""

msgid "Digest"
msgstr ""

msgid "DNAME record"
msgstr ""

msgid "Raw DNAME records"
msgstr ""

msgid "DNAME Target"
msgstr ""

msgid "Target"
msgstr ""

msgid "DNSKEY record"
msgstr ""

msgid "Raw DNSKEY records"
msgstr ""

msgid "DS record"
msgstr ""

msgid "Raw DS records"
msgstr ""

msgid "DS Key Tag"
msgstr ""

msgid "DS Algorithm"
msgstr ""

msgid "DS Digest Type"
msgstr ""

msgid "DS Digest"
msgstr ""

msgid "HIP record"
msgstr ""

msgid "Raw HIP records"
msgstr ""

msgid "IPSECKEY record"
msgstr ""

msgid "Raw IPSECKEY records"
msgstr ""

msgid "KEY record"
msgstr ""

msgid "Raw KEY records"
msgstr ""

msgid "KX record"
msgstr ""

msgid "Raw KX records"
msgstr ""

msgid "KX Preference"
msgstr ""

msgid "Preference given to this exchanger. Lower values are more preferred"
msgstr ""

msgid "KX Exchanger"
msgstr ""

msgid "A host willing to act as a key exchanger"
msgstr ""

msgid "LOC record"
msgstr ""

msgid "Raw LOC records"
msgstr ""

msgid "LOC Degrees Latitude"
msgstr ""

msgid "Degrees Latitude"
msgstr ""

msgid "LOC Minutes Latitude"
msgstr ""

msgid "Minutes Latitude"
msgstr ""

msgid "LOC Seconds Latitude"
msgstr ""

msgid "Seconds Latitude"
msgstr ""

msgid "LOC Direction Latitude"
msgstr ""

msgid "Direction Latitude"
msgstr ""

msgid "LOC Degrees Longitude"
msgstr ""

msgid "Degrees Longitude"
msgstr ""

msgid "LOC Minutes Longitude"
msgstr ""

msgid "Minutes Longitude"
msgstr ""

msgid "LOC Seconds Longitude"
msgstr ""

msgid "Seconds Longitude"
msgstr ""

msgid "LOC Direction Longitude"
msgstr ""

msgid "Direction Longitude"
msgstr ""

msgid "LOC Altitude"
msgstr ""

msgid "Altitude"
msgstr ""

msgid "LOC Size"
msgstr ""

msgid "Size"
msgstr ""

msgid "LOC Horizontal Precision"
msgstr ""

msgid "Horizontal Precision"
msgstr ""

msgid "LOC Vertical Precision"
msgstr ""

msgid "Vertical Precision"
msgstr ""

msgid "MX record"
msgstr ""

msgid "Raw MX records"
msgstr ""

msgid "MX Preference"
msgstr ""

msgid "MX Exchanger"
msgstr ""

msgid "A host willing to act as a mail exchanger"
msgstr ""

msgid "NAPTR record"
msgstr ""

msgid "Raw NAPTR records"
msgstr ""

msgid "NAPTR Order"
msgstr ""

msgid "Order"
msgstr ""

msgid "NAPTR Preference"
msgstr ""

msgid "Preference"
msgstr ""

msgid "NAPTR Flags"
msgstr ""

msgid "Flags"
msgstr ""

msgid "NAPTR Service"
msgstr ""

msgid "Service"
msgstr ""

msgid "NAPTR Regular Expression"
msgstr ""

msgid "Regular Expression"
msgstr ""

msgid "NAPTR Replacement"
msgstr ""

msgid "Replacement"
msgstr ""

msgid "NS record"
msgstr ""

msgid "Raw NS records"
msgstr ""

msgid "NS Hostname"
msgstr ""

msgid "NSEC record"
msgstr ""

msgid "Raw NSEC records"
msgstr ""

msgid "NSEC3 record"
msgstr ""

msgid "Raw NSEC3 records"
msgstr ""

msgid "PTR record"
msgstr ""

msgid "Raw PTR records"
msgstr ""

msgid "PTR Hostname"
msgstr ""

msgid "The hostname this reverse record points to"
msgstr ""

msgid "RRSIG record"
msgstr ""

msgid "Raw RRSIG records"
msgstr ""

msgid "RP record"
msgstr ""

msgid "Raw RP records"
msgstr ""

msgid "SIG record"
msgstr ""

msgid "Raw SIG records"
msgstr ""

msgid "SPF record"
msgstr ""

msgid "Raw SPF records"
msgstr ""

msgid "SRV record"
msgstr ""

msgid "Raw SRV records"
msgstr ""

msgid "SRV Priority"
msgstr ""

msgid "Priority"
msgstr ""

msgid "SRV Weight"
msgstr ""

msgid "Weight"
msgstr ""

msgid "SRV Port"
msgstr ""

msgid "Port"
msgstr ""

msgid "SRV Target"
msgstr ""

msgid ""
"The domain name of the target host or '.' if the service is decidedly not "
"available at this domain"
msgstr ""

msgid "SSHFP record"
msgstr ""

msgid "Raw SSHFP records"
msgstr ""

msgid "SSHFP Algorithm"
msgstr ""

msgid "SSHFP Fingerprint Type"
msgstr ""

msgid "Fingerprint Type"
msgstr ""

msgid "SSHFP Fingerprint"
msgstr ""

msgid "Fingerprint"
msgstr ""

msgid "TA record"
msgstr ""

msgid "Raw TA records"
msgstr ""

msgid "TLSA record"
msgstr ""

msgid "Raw TLSA records"
msgstr ""

msgid "TLSA Certificate Usage"
msgstr ""

msgid "Certificate Usage"
msgstr ""

msgid "TLSA Selector"
msgstr ""

msgid "Selector"
msgstr ""

msgid "TLSA Matching Type"
msgstr ""

msgid "Matching Type"
msgstr ""

msgid "TLSA Certificate Association Data"
msgstr ""

msgid "Certificate Association Data"
msgstr ""

msgid "TKEY record"
msgstr ""

msgid "Raw TKEY records"
msgstr ""

msgid "TSIG record"
msgstr ""

msgid "Raw TSIG records"
msgstr ""

msgid "TXT record"
msgstr ""

msgid "Raw TXT records"
msgstr ""

msgid "TXT Text Data"
msgstr ""

msgid "Text Data"
msgstr ""

msgid "Authoritative nameserver"
msgstr ""

msgid "Authoritative nameserver domain name"
msgstr ""

msgid "Administrator e-mail address"
msgstr ""

msgid "SOA serial"
msgstr ""

msgid "SOA record serial number"
msgstr ""

msgid "SOA refresh"
msgstr ""

msgid "SOA record refresh time"
msgstr ""

msgid "SOA retry"
msgstr ""

msgid "SOA record retry time"
msgstr ""

msgid "SOA expire"
msgstr ""

msgid "SOA record expire time"
msgstr ""

msgid "SOA minimum"
msgstr ""

msgid "How long should negative responses be cached"
msgstr ""

msgid "Time to live for records at zone apex"
msgstr ""

msgid "BIND update policy"
msgstr ""

msgid "Dynamic update"
msgstr ""

msgid "Allow dynamic updates."
msgstr ""

msgid "Allow query"
msgstr ""

msgid ""
"Semicolon separated list of IP addresses or networks which are allowed to "
"issue queries"
msgstr ""

msgid "Allow transfer"
msgstr ""

msgid ""
"Semicolon separated list of IP addresses or networks which are allowed to "
"transfer the zone"
msgstr ""

msgid ""
"Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the "
"zone"
msgstr ""

msgid "Allow in-line DNSSEC signing"
msgstr ""

msgid "Allow inline DNSSEC signing of records in the zone"
msgstr ""

msgid "NSEC3PARAM record"
msgstr ""

msgid ""
"NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt"
msgstr ""

msgid "Checks if any of the servers has the DNS service enabled."
msgstr ""

msgid "Resolve a host name in DNS."
msgstr ""

msgid "Modify global DNS configuration."
msgstr ""

msgid "Show the current global DNS configuration."
msgstr ""

msgid "Create new DNS forward zone."
msgstr ""

msgid "Add a permission for per-forward zone access delegation."
msgstr ""

msgid "Permission value"
msgstr ""

msgid "Delete DNS forward zone."
msgstr ""

msgid "Disable DNS Forward Zone."
msgstr ""

msgid "Enable DNS Forward Zone."
msgstr ""

msgid "Search for DNS forward zones."
msgstr ""

msgid "Modify DNS forward zone."
msgstr ""

msgid "Remove a permission for per-forward zone access delegation."
msgstr ""

msgid "Display information about a DNS forward zone."
msgstr ""

msgid "Add new DNS resource record."
msgstr ""

msgid "Force"
msgstr ""

msgid "force NS record creation even if its hostname is not in DNS"
msgstr ""

msgid "Structured"
msgstr ""

msgid "Parse all raw DNS records and return them in a structured way"
msgstr ""

msgid "Delete DNS resource record."
msgstr ""

msgid "Delete all associated records"
msgstr ""

msgid "Delete DNS record entry."
msgstr ""

msgid "Search for DNS resources."
msgstr ""

msgid "Modify a DNS resource record."
msgstr ""

msgid "Rename the DNS resource record object"
msgstr ""

msgid "Display DNS resource."
msgstr ""

msgid "Create new DNS zone (SOA record)."
msgstr ""

msgid "Force DNS zone creation even if nameserver is not resolvable."
msgstr ""

msgid "Add a permission for per-zone access delegation."
msgstr ""

msgid "Delete DNS zone (SOA record)."
msgstr ""

msgid "Disable DNS Zone."
msgstr ""

msgid "Enable DNS Zone."
msgstr ""

msgid "Search for DNS zones (SOA records)."
msgstr ""

msgid "Forward zones only"
msgstr ""

msgid "Search for forward zones only"
msgstr ""

msgid "Modify DNS zone (SOA record)."
msgstr ""

msgid "Force nameserver change even if nameserver not in DNS"
msgstr ""

msgid "Remove a permission for per-zone access delegation."
msgstr ""

msgid "Display information about a DNS zone (SOA record)."
msgstr ""

msgid ""
"\n"
"Host-based access control\n"
"\n"
"Control who can access what services on what hosts. You\n"
"can use HBAC to control which users or groups can\n"
"access a service, or group of services, on a target host.\n"
"\n"
"You can also specify a category of users and target hosts.\n"
"This is currently limited to \"all\", but might be expanded in the\n"
"future.\n"
"\n"
"Target hosts in HBAC rules must be hosts managed by IPA.\n"
"\n"
"The available services and groups of services are controlled by the\n"
"hbacsvc and hbacsvcgroup plug-ins respectively.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Create a rule, \"test1\", that grants all users access to the host \"server"
"\" from\n"
" anywhere:\n"
"   ipa hbacrule-add --usercat=all test1\n"
"   ipa hbacrule-add-host --hosts=server.example.com test1\n"
"\n"
" Display the properties of a named HBAC rule:\n"
"   ipa hbacrule-show test1\n"
"\n"
" Create a rule for a specific service. This lets the user john access\n"
" the sshd service on any machine from any machine:\n"
"   ipa hbacrule-add --hostcat=all john_sshd\n"
"   ipa hbacrule-add-user --users=john john_sshd\n"
"   ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n"
"\n"
" Create a rule for a new service group. This lets the user john access\n"
" the FTP service on any machine from any machine:\n"
"   ipa hbacsvcgroup-add ftpers\n"
"   ipa hbacsvc-add sftp\n"
"   ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers\n"
"   ipa hbacrule-add --hostcat=all john_ftp\n"
"   ipa hbacrule-add-user --users=john john_ftp\n"
"   ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n"
"\n"
" Disable a named HBAC rule:\n"
"   ipa hbacrule-disable test1\n"
"\n"
" Remove a named HBAC rule:\n"
"   ipa hbacrule-del allow_server\n"
msgstr ""

msgid "Rule name"
msgstr ""

msgid "Rule type"
msgstr ""

msgid "Rule type (allow)"
msgstr ""

msgid "User category"
msgstr ""

msgid "User category the rule applies to"
msgstr ""

msgid "Host category"
msgstr ""

msgid "Host category the rule applies to"
msgstr ""

msgid "Service category"
msgstr ""

msgid "Service category the rule applies to"
msgstr ""

msgid "Enabled"
msgstr ""

msgid "Users"
msgstr ""

msgid "User Groups"
msgstr ""

msgid "Hosts"
msgstr ""

msgid "Host Groups"
msgstr ""

msgid "Services"
msgstr ""

msgid "Service Groups"
msgstr ""

msgid "External host"
msgstr ""

msgid "Create a new HBAC rule."
msgstr ""

msgid "Suppress processing of membership attributes."
msgstr ""

msgid "Add target hosts and hostgroups to an HBAC rule."
msgstr ""

msgid "member host"
msgstr ""

msgid "hosts to add"
msgstr ""

msgid "member host group"
msgstr ""

msgid "host groups to add"
msgstr ""

msgid "Members that could not be added"
msgstr ""

msgid "Number of members added"
msgstr ""

msgid "Add services to an HBAC rule."
msgstr ""

msgid "member HBAC service"
msgstr ""

msgid "HBAC services to add"
msgstr ""

msgid "member HBAC service group"
msgstr ""

msgid "HBAC service groups to add"
msgstr ""

msgid "Add users and groups to an HBAC rule."
msgstr ""

msgid "member user"
msgstr ""

msgid "users to add"
msgstr ""

msgid "member group"
msgstr ""

msgid "groups to add"
msgstr ""

msgid "Delete an HBAC rule."
msgstr ""

msgid "Disable an HBAC rule."
msgstr ""

msgid "Enable an HBAC rule."
msgstr ""

msgid "Search for HBAC rules."
msgstr ""

msgid "Modify an HBAC rule."
msgstr ""

msgid "Remove target hosts and hostgroups from an HBAC rule."
msgstr ""

msgid "hosts to remove"
msgstr ""

msgid "host groups to remove"
msgstr ""

msgid "Members that could not be removed"
msgstr ""

msgid "Number of members removed"
msgstr ""

msgid "Remove service and service groups from an HBAC rule."
msgstr ""

msgid "HBAC services to remove"
msgstr ""

msgid "HBAC service groups to remove"
msgstr ""

msgid "Remove users and groups from an HBAC rule."
msgstr ""

msgid "users to remove"
msgstr ""

msgid "groups to remove"
msgstr ""

msgid "Display the properties of an HBAC rule."
msgstr ""

msgid ""
"\n"
"HBAC Services\n"
"\n"
"The PAM services that HBAC can control access to. The name used here\n"
"must match the service name that PAM is evaluating.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new HBAC service:\n"
"   ipa hbacsvc-add tftp\n"
"\n"
" Modify an existing HBAC service:\n"
"   ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n"
"\n"
" Search for HBAC services. This example will return two results, the FTP\n"
" service and the newly-added tftp service:\n"
"   ipa hbacsvc-find ftp\n"
"\n"
" Delete an HBAC service:\n"
"   ipa hbacsvc-del tftp\n"
msgstr ""

msgid "Service name"
msgstr ""

msgid "HBAC service"
msgstr ""

msgid "HBAC service description"
msgstr ""

msgid "Member of HBAC service groups"
msgstr ""

msgid "Add a new HBAC service."
msgstr ""

msgid "Delete an existing HBAC service."
msgstr ""

msgid "Search for HBAC services."
msgstr ""

msgid "Results should contain primary key attribute only (\"service\")"
msgstr ""

msgid "Modify an HBAC service."
msgstr ""

msgid "Display information about an HBAC service."
msgstr ""

msgid ""
"\n"
"HBAC Service Groups\n"
"\n"
"HBAC service groups can contain any number of individual services,\n"
"or \"members\". Every group must have a description.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new HBAC service group:\n"
"   ipa hbacsvcgroup-add --desc=\"login services\" login\n"
"\n"
" Add members to an HBAC service group:\n"
"   ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login\n"
"\n"
" Display information about a named group:\n"
"   ipa hbacsvcgroup-show login\n"
"\n"
" Delete an HBAC service group:\n"
"   ipa hbacsvcgroup-del login\n"
msgstr ""

msgid "Service group name"
msgstr ""

msgid "HBAC service group description"
msgstr ""

msgid "Member HBAC service"
msgstr ""

msgid "Add a new HBAC service group."
msgstr ""

msgid "Add members to an HBAC service group."
msgstr ""

msgid "Delete an HBAC service group."
msgstr ""

msgid "Search for an HBAC service group."
msgstr ""

msgid "Modify an HBAC service group."
msgstr ""

msgid "Remove members from an HBAC service group."
msgstr ""

msgid "Display information about an HBAC service group."
msgstr ""

msgid ""
"\n"
"Hosts/Machines\n"
"\n"
"A host represents a machine. It can be used in a number of contexts:\n"
"- service entries are associated with a host\n"
"- a host stores the host/ service principal\n"
"- a host can be used in Host-based Access Control (HBAC) rules\n"
"- every enrolled client generates a host entry\n"
"\n"
"ENROLLMENT:\n"
"\n"
"There are three enrollment scenarios when enrolling a new client:\n"
"\n"
"1. You are enrolling as a full administrator. The host entry may exist\n"
"   or not. A full administrator is a member of the hostadmin role\n"
"   or the admins group.\n"
"2. You are enrolling as a limited administrator. The host must already\n"
"   exist. A limited administrator is a member a role with the\n"
"   Host Enrollment privilege.\n"
"3. The host has been created with a one-time password.\n"
"\n"
"RE-ENROLLMENT:\n"
"\n"
"Host that has been enrolled at some point, and lost its configuration (e.g. "
"VM\n"
"destroyed) can be re-enrolled.\n"
"\n"
"For more information, consult the manual pages for ipa-client-install.\n"
"\n"
"A host can optionally store information such as where it is located,\n"
"the OS that it runs, etc.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new host:\n"
"   ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example."
"com\n"
"\n"
" Delete a host:\n"
"   ipa host-del test.example.com\n"
"\n"
" Add a new host with a one-time password:\n"
"   ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n"
"\n"
" Add a new host with a random one-time password:\n"
"   ipa host-add --os='Fedora 12' --random test.example.com\n"
"\n"
" Modify information about a host:\n"
"   ipa host-mod --os='Fedora 12' test.example.com\n"
"\n"
" Remove SSH public keys of a host and update DNS to reflect this change:\n"
"   ipa host-mod --sshpubkey= --updatedns test.example.com\n"
"\n"
" Disable the host Kerberos key, SSL certificate and all of its services:\n"
"   ipa host-disable test.example.com\n"
"\n"
" Add a host that can manage this host's keytab and certificate:\n"
"   ipa host-add-managedby --hosts=test2 test\n"
"\n"
" Allow user to create a keytab:\n"
"   ipa host-allow-create-keytab test2 --users=tuser1\n"
msgstr ""

msgid "Host name"
msgstr ""

msgid "A description of this host"
msgstr ""

msgid "Locality"
msgstr ""

msgid "Host locality (e.g. \"Baltimore, MD\")"
msgstr ""

msgid "Host location (e.g. \"Lab 2\")"
msgstr ""

msgid "Platform"
msgstr ""

msgid "Host hardware platform (e.g. \"Lenovo T61\")"
msgstr ""

msgid "Operating system"
msgstr ""

msgid "Host operating system and version (e.g. \"Fedora 9\")"
msgstr ""

msgid "User password"
msgstr ""

msgid "Password used in bulk enrollment"
msgstr ""

msgid "Generate a random password to be used in bulk enrollment"
msgstr ""

msgid "Random password"
msgstr ""

msgid "Certificate"
msgstr ""

msgid "Base-64 encoded server certificate"
msgstr ""

msgid "Principal name"
msgstr ""

msgid "MAC address"
msgstr ""

msgid "Hardware MAC address(es) on this host"
msgstr ""

msgid "SSH public key"
msgstr ""

msgid "Class"
msgstr ""

msgid ""
"Host category (semantics placed on this attribute are for local "
"interpretation)"
msgstr ""

msgid "Assigned ID View"
msgstr ""

msgid "Requires pre-authentication"
msgstr ""

msgid "Pre-authentication is required for the service"
msgstr ""

msgid "Trusted for delegation"
msgstr ""

msgid "Client credentials may be delegated to the service"
msgstr ""

msgid "Member of host-groups"
msgstr ""

msgid "Roles"
msgstr ""

msgid "Member of netgroups"
msgstr ""

msgid "Member of Sudo rule"
msgstr ""

msgid "Member of HBAC rule"
msgstr ""

msgid "Indirect Member of netgroup"
msgstr ""

msgid "Indirect Member of host-group"
msgstr ""

msgid "Indirect Member of role"
msgstr ""

msgid "Indirect Member of Sudo rule"
msgstr ""

msgid "Indirect Member of HBAC rule"
msgstr ""

msgid "Keytab"
msgstr ""

msgid "Managed by"
msgstr ""

msgid "Managing"
msgstr ""

msgid "Users allowed to retrieve keytab"
msgstr ""

msgid "Groups allowed to retrieve keytab"
msgstr ""

msgid "Hosts allowed to retrieve keytab"
msgstr ""

msgid "Host Groups allowed to retrieve keytab"
msgstr ""

msgid "Users allowed to create keytab"
msgstr ""

msgid "Groups allowed to create keytab"
msgstr ""

msgid "Hosts allowed to create keytab"
msgstr ""

msgid "Host Groups allowed to create keytab"
msgstr ""

msgid "Add a new host."
msgstr ""

msgid "force host name even if not in DNS"
msgstr ""

msgid "skip reverse DNS detection"
msgstr ""

msgid "Add the host to DNS with this IP address"
msgstr ""

msgid "Add hosts that can manage this host."
msgstr ""

msgid ""
"Allow users, groups, hosts or host groups to create a keytab of this host."
msgstr ""

msgid ""
"Allow users, groups, hosts or host groups to retrieve a keytab of this host."
msgstr ""

msgid "Delete a host."
msgstr ""

msgid "Remove entries from DNS"
msgstr ""

msgid "Disable the Kerberos key, SSL certificate and all services of a host."
msgstr ""

msgid ""
"Disallow users, groups, hosts or host groups to create a keytab of this host."
msgstr ""

msgid ""
"Disallow users, groups, hosts or host groups to retrieve a keytab of this "
"host."
msgstr ""

msgid "Search for hosts."
msgstr ""

msgid "Results should contain primary key attribute only (\"hostname\")"
msgstr ""

msgid "host group"
msgstr ""

msgid "Search for hosts with these member of host groups."
msgstr ""

msgid "Search for hosts without these member of host groups."
msgstr ""

msgid "netgroup"
msgstr ""

msgid "Search for hosts with these member of netgroups."
msgstr ""

msgid "Search for hosts without these member of netgroups."
msgstr ""

msgid "role"
msgstr ""

msgid "Search for hosts with these member of roles."
msgstr ""

msgid "Search for hosts without these member of roles."
msgstr ""

msgid "HBAC rule"
msgstr ""

msgid "Search for hosts with these member of HBAC rules."
msgstr ""

msgid "Search for hosts without these member of HBAC rules."
msgstr ""

msgid "sudo rule"
msgstr ""

msgid "Search for hosts with these member of sudo rules."
msgstr ""

msgid "Search for hosts without these member of sudo rules."
msgstr ""

msgid "user"
msgstr ""

msgid "Search for hosts with these enrolled by users."
msgstr ""

msgid "Search for hosts without these enrolled by users."
msgstr ""

msgid "host"
msgstr ""

msgid "Search for hosts with these managed by hosts."
msgstr ""

msgid "Search for hosts without these managed by hosts."
msgstr ""

msgid "Search for hosts with these managing hosts."
msgstr ""

msgid "Search for hosts without these managing hosts."
msgstr ""

msgid "Modify information about a host."
msgstr ""

msgid "Kerberos principal name for this host"
msgstr ""

msgid "Update DNS entries"
msgstr ""

msgid "Remove hosts that can manage this host."
msgstr ""

msgid "Display information about a host."
msgstr ""

msgid "file to store certificate in"
msgstr ""

msgid ""
"\n"
"Groups of hosts.\n"
"\n"
"Manage groups of hosts. This is useful for applying access control to a\n"
"number of hosts by using Host-based Access Control.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new host group:\n"
"   ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n"
"\n"
" Add another new host group:\n"
"   ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n"
"\n"
" Add members to the hostgroup (using Bash brace expansion):\n"
"   ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n"
"\n"
" Add a hostgroup as a member of another hostgroup:\n"
"   ipa hostgroup-add-member --hostgroups=baltimore maryland\n"
"\n"
" Remove a host from the hostgroup:\n"
"   ipa hostgroup-remove-member --hosts=box2 baltimore\n"
"\n"
" Display a host group:\n"
"   ipa hostgroup-show baltimore\n"
"\n"
" Delete a hostgroup:\n"
"   ipa hostgroup-del baltimore\n"
msgstr ""

msgid "Host-group"
msgstr ""

msgid "Name of host-group"
msgstr ""

msgid "A description of this host-group"
msgstr ""

msgid "Member hosts"
msgstr ""

msgid "Member host-groups"
msgstr ""

msgid "Indirect Member hosts"
msgstr ""

msgid "Indirect Member host-groups"
msgstr ""

msgid "Add a new hostgroup."
msgstr ""

msgid "Add members to a hostgroup."
msgstr ""

msgid "Delete a hostgroup."
msgstr ""

msgid "Search for hostgroups."
msgstr ""

msgid "Results should contain primary key attribute only (\"hostgroup-name\")"
msgstr ""

msgid "Search for host groups with these member hosts."
msgstr ""

msgid "Search for host groups without these member hosts."
msgstr ""

msgid "Search for host groups with these member host groups."
msgstr ""

msgid "Search for host groups without these member host groups."
msgstr ""

msgid "Search for host groups with these member of host groups."
msgstr ""

msgid "Search for host groups without these member of host groups."
msgstr ""

msgid "Search for host groups with these member of netgroups."
msgstr ""

msgid "Search for host groups without these member of netgroups."
msgstr ""

msgid "Search for host groups with these member of HBAC rules."
msgstr ""

msgid "Search for host groups without these member of HBAC rules."
msgstr ""

msgid "Search for host groups with these member of sudo rules."
msgstr ""

msgid "Search for host groups without these member of sudo rules."
msgstr ""

msgid "Modify a hostgroup."
msgstr ""

msgid "Remove members from a hostgroup."
msgstr ""

msgid "Display information about a hostgroup."
msgstr ""

msgid ""
"\n"
"ID Views\n"
"\n"
"Manage ID Views\n"
"\n"
"IPA allows to override certain properties of users and groups per each "
"host.\n"
"This functionality is primarily used to allow migration from older systems "
"or\n"
"other Identity Management solutions.\n"
msgstr ""

msgid "Anchor to override"
msgstr ""

msgid "Group name"
msgstr ""

msgid "GID"
msgstr ""

msgid "Group ID Number"
msgstr ""

msgid "User login"
msgstr ""

msgid "UID"
msgstr ""

msgid "User ID Number"
msgstr ""

msgid "GECOS"
msgstr ""

msgid "Home directory"
msgstr ""

msgid "Login shell"
msgstr ""

msgid "ID View Name"
msgstr ""

msgid "Add a new Group ID override."
msgstr ""

msgid "Delete an Group ID override."
msgstr ""

msgid "Search for an Group ID override."
msgstr ""

msgid "Results should contain primary key attribute only (\"anchor\")"
msgstr ""

msgid "Modify an Group ID override."
msgstr ""

msgid "Rename the Group ID override object"
msgstr ""

msgid "Display information about an Group ID override."
msgstr ""

msgid "Add a new User ID override."
msgstr ""

msgid "Delete an User ID override."
msgstr ""

msgid "Search for an User ID override."
msgstr ""

msgid "Modify an User ID override."
msgstr ""

msgid "Rename the User ID override object"
msgstr ""

msgid "Display information about an User ID override."
msgstr ""

msgid "Add a new ID View."
msgstr ""

msgid ""
"Applies ID View to specified hosts or current members of specified "
"hostgroups. If any other ID View is applied to the host, it is overriden."
msgstr ""

msgid "hosts"
msgstr ""

msgid "Hosts to apply the ID View to"
msgstr ""

msgid "hostgroups"
msgstr ""

msgid ""
"Hostgroups to whose hosts apply the ID View to. Please note that view is not "
"applied automatically to any hosts added to the hostgroup after running the "
"idview-apply command."
msgstr ""

msgid "Hosts that this ID View was applied to."
msgstr ""

msgid "Hosts or hostgroups that this ID View could not be applied to."
msgstr ""

msgid "Number of hosts the ID View was applied to:"
msgstr ""

msgid "Delete an ID View."
msgstr ""

msgid "Search for an ID View."
msgstr ""

msgid "Modify an ID View."
msgstr ""

msgid "Rename the ID View object"
msgstr ""

msgid "Display information about an ID View."
msgstr ""

msgid "Enumerate all the hosts the view applies to."
msgstr ""

msgid ""
"Clears ID View from specified hosts or current members of specified "
"hostgroups."
msgstr ""

msgid "Hosts to clear (any) ID View from."
msgstr ""

msgid ""
"Hostgroups whose hosts should have ID Views cleared. Note that view is not "
"cleared automatically from any host added to the hostgroup after running "
"idview-unapply command."
msgstr ""

msgid "Hosts that ID View was cleared from."
msgstr ""

msgid "Hosts or hostgroups that ID View could not be cleared from."
msgstr ""

msgid "Number of hosts that had a ID View was unset:"
msgstr ""

msgid ""
"\n"
"Plugins not accessible directly through the CLI, commands used internally\n"
msgstr ""

msgid "Dict of I18N messages"
msgstr ""

msgid "Export plugin meta-data for the webUI."
msgstr ""

msgid "Name of object to export"
msgstr ""

msgid "Name of method to export"
msgstr ""

msgid "Name of command to export"
msgstr ""

msgid "Dict of JSON encoded IPA Objects"
msgstr ""

msgid "Dict of JSON encoded IPA Methods"
msgstr ""

msgid "Dict of JSON encoded IPA Commands"
msgstr ""

msgid ""
"\n"
"Joining an IPA domain\n"
msgstr ""

msgid "Join an IPA domain"
msgstr ""

msgid "The hostname to register as"
msgstr ""

msgid "The IPA realm"
msgstr ""

msgid "Hardware platform of the host (e.g. Lenovo T61)"
msgstr ""

msgid "Operating System and version of the host (e.g. Fedora 9)"
msgstr ""

msgid ""
"\n"
"Kerberos ticket policy\n"
"\n"
"There is a single Kerberos ticket policy. This policy defines the\n"
"maximum ticket lifetime and the maximum renewal age, the period during\n"
"which the ticket is renewable.\n"
"\n"
"You can also create a per-user ticket policy by specifying the user login.\n"
"\n"
"For changes to the global policy to take effect, restarting the KDC service\n"
"is required, which can be achieved using:\n"
"\n"
"service krb5kdc restart\n"
"\n"
"Changes to per-user policies take effect immediately for newly requested\n"
"tickets (e.g. when the user next runs kinit).\n"
"\n"
"EXAMPLES:\n"
"\n"
" Display the current Kerberos ticket policy:\n"
"  ipa krbtpolicy-show\n"
"\n"
" Reset the policy to the default:\n"
"  ipa krbtpolicy-reset\n"
"\n"
" Modify the policy to 8 hours max life, 1-day max renewal:\n"
"  ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400\n"
"\n"
" Display effective Kerberos ticket policy for user 'admin':\n"
"  ipa krbtpolicy-show admin\n"
"\n"
" Reset per-user policy for user 'admin':\n"
"  ipa krbtpolicy-reset admin\n"
"\n"
" Modify per-user policy for user 'admin':\n"
"  ipa krbtpolicy-mod admin --maxlife=3600\n"
msgstr ""

msgid "User name"
msgstr ""

msgid "Manage ticket policy for specific user"
msgstr ""

msgid "Max life"
msgstr ""

msgid "Maximum ticket life (seconds)"
msgstr ""

msgid "Max renew"
msgstr ""

msgid "Maximum renewable age (seconds)"
msgstr ""

msgid "Modify Kerberos ticket policy."
msgstr ""

msgid "Reset Kerberos ticket policy to the default values."
msgstr ""

msgid "Display the current Kerberos ticket policy."
msgstr ""

msgid ""
"\n"
"Migration to IPA\n"
"\n"
"Migrate users and groups from an LDAP server to IPA.\n"
"\n"
"This performs an LDAP query against the remote server searching for\n"
"users and groups in a container. In order to migrate passwords you need\n"
"to bind as a user that can read the userPassword attribute on the remote\n"
"server. This is generally restricted to high-level admins such as\n"
"cn=Directory Manager in 389-ds (this is the default bind user).\n"
"\n"
"The default user container is ou=People.\n"
"\n"
"The default group container is ou=Groups.\n"
"\n"
"Users and groups that already exist on the IPA server are skipped.\n"
"\n"
"Two LDAP schemas define how group members are stored: RFC2307 and\n"
"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n"
"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n"
"\n"
"The schema compat feature allows IPA to reformat data for systems that\n"
"do not support RFC2307bis. It is recommended that this feature is disabled\n"
"during migration to reduce system overhead. It can be re-enabled after\n"
"migration. To migrate with it enabled use the \"--with-compat\" option.\n"
"\n"
"Migrated users do not have Kerberos credentials, they have only their\n"
"LDAP password. To complete the migration process, users need to go\n"
"to http://ipa.example.com/ipa/migration and authenticate using their\n"
"LDAP password in order to generate their Kerberos credentials.\n"
"\n"
"Migration is disabled by default. Use the command ipa config-mod to\n"
"enable it:\n"
"\n"
" ipa config-mod --enable-migration=TRUE\n"
"\n"
"If a base DN is not provided with --basedn then IPA will use either\n"
"the value of defaultNamingContext if it is set or the first value\n"
"in namingContexts set in the root of the remote LDAP server.\n"
"\n"
"Users are added as members to the default user group. This can be a\n"
"time-intensive task so during migration this is done in a batch\n"
"mode for every 100 users. As a result there will be a window in which\n"
"users will be added to IPA but will not be members of the default\n"
"user group.\n"
"\n"
"EXAMPLES:\n"
"\n"
" The simplest migration, accepting all defaults:\n"
"   ipa migrate-ds ldap://ds.example.com:389\n"
"\n"
" Specify the user and group container. This can be used to migrate user\n"
" and group data from an IPA v1 server:\n"
"   ipa migrate-ds --user-container='cn=users,cn=accounts'        --group-"
"container='cn=groups,cn=accounts'        ldap://ds.example.com:389\n"
"\n"
" Since IPA v2 server already contain predefined groups that may collide "
"with\n"
" groups in migrated (IPA v1) server (for example admins, ipausers), users\n"
" having colliding group as their primary group may happen to belong to\n"
" an unknown group on new IPA v2 server.\n"
" Use --group-overwrite-gid option to overwrite GID of already existing "
"groups\n"
" to prevent this issue:\n"
"    ipa migrate-ds --group-overwrite-gid         --user-container='cn=users,"
"cn=accounts'         --group-container='cn=groups,cn=accounts'         "
"ldap://ds.example.com:389\n"
"\n"
" Migrated users or groups may have object class and accompanied attributes\n"
" unknown to the IPA v2 server. These object classes and attributes may be\n"
" left out of the migration process:\n"
"    ipa migrate-ds --user-container='cn=users,cn=accounts'        --group-"
"container='cn=groups,cn=accounts'        --user-ignore-"
"objectclass=radiusprofile        --user-ignore-"
"attribute=radiusgroupname        ldap://ds.example.com:389\n"
"\n"
"LOGGING\n"
"\n"
"Migration will log warnings and errors to the Apache error log. This\n"
"file should be evaluated post-migration to correct or investigate any\n"
"issues that were discovered.\n"
"\n"
"For every 100 users migrated an info-level message will be displayed to\n"
"give the current progress and duration to make it possible to track\n"
"the progress of migration.\n"
"\n"
"If the log level is debug, either by setting debug = True in\n"
"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be "
"printed\n"
"for each user added plus a summary when the default user group is\n"
"updated.\n"
msgstr ""

msgid "Migrate users and groups from DS to IPA."
msgstr ""

msgid "LDAP URI"
msgstr ""

msgid "LDAP URI of DS server to migrate from"
msgstr ""

msgid "bind password"
msgstr ""

msgid "Bind DN"
msgstr ""

msgid "User container"
msgstr ""

msgid "DN of container for users in DS relative to base DN"
msgstr ""

msgid "Group container"
msgstr ""

msgid "DN of container for groups in DS relative to base DN"
msgstr ""

msgid "User object class"
msgstr ""

msgid "Objectclasses used to search for user entries in DS"
msgstr ""

msgid "Group object class"
msgstr ""

msgid "Objectclasses used to search for group entries in DS"
msgstr ""

msgid "Ignore user object class"
msgstr ""

msgid "Objectclasses to be ignored for user entries in DS"
msgstr ""

msgid "Ignore user attribute"
msgstr ""

msgid "Attributes to be ignored for user entries in DS"
msgstr ""

msgid "Ignore group object class"
msgstr ""

msgid "Objectclasses to be ignored for group entries in DS"
msgstr ""

msgid "Ignore group attribute"
msgstr ""

msgid "Attributes to be ignored for group entries in DS"
msgstr ""

msgid "Overwrite GID"
msgstr ""

msgid ""
"When migrating a group already existing in IPA domain overwrite the group "
"GID and report as success"
msgstr ""

msgid "LDAP schema"
msgstr ""

msgid ""
"The schema used on the LDAP server. Supported values are RFC2307 and "
"RFC2307bis. The default is RFC2307bis"
msgstr ""

msgid "Continue"
msgstr ""

msgid ""
"Continuous operation mode. Errors are reported but the process continues"
msgstr ""

msgid "Base DN"
msgstr ""

msgid "Base DN on remote LDAP server"
msgstr ""

msgid "Ignore compat plugin"
msgstr ""

msgid "Allows migration despite the usage of compat plugin"
msgstr ""

msgid "CA certificate"
msgstr ""

msgid "Load CA certificate of LDAP server from FILE"
msgstr ""

msgid "groups to exclude from migration"
msgstr ""

msgid "users to exclude from migration"
msgstr ""

msgid "Lists of objects migrated; categorized by type."
msgstr ""

msgid "Lists of objects that could not be migrated; categorized by type."
msgstr ""

msgid "False if migration mode was disabled."
msgstr ""

msgid "False if migration fails because the compatibility plug-in is enabled."
msgstr ""

msgid ""
"\n"
"Misc plug-ins\n"
msgstr ""

msgid "Show environment variables."
msgstr ""

msgid "Forward to server instead of running locally"
msgstr ""

msgid ""
"retrieve and print all attributes from the server. Affects command output."
msgstr ""

msgid "Dictionary mapping variable name to value"
msgstr ""

msgid "Total number of variables env (>= count)"
msgstr ""

msgid "Number of variables returned (<= total)"
msgstr ""

msgid "Show all loaded plugins."
msgstr ""

msgid "Dictionary mapping plugin names to bases"
msgstr ""

msgid "Number of plugins loaded"
msgstr ""

msgid ""
"\n"
"Netgroups\n"
"\n"
"A netgroup is a group used for permission checking. It can contain both\n"
"user and host values.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new netgroup:\n"
"   ipa netgroup-add --desc=\"NFS admins\" admins\n"
"\n"
" Add members to the netgroup:\n"
"   ipa netgroup-add-member --users=tuser1 --users=tuser2 admins\n"
"\n"
" Remove a member from the netgroup:\n"
"   ipa netgroup-remove-member --users=tuser2 admins\n"
"\n"
" Display information about a netgroup:\n"
"   ipa netgroup-show admins\n"
"\n"
" Delete a netgroup:\n"
"   ipa netgroup-del admins\n"
msgstr ""

msgid "Netgroup name"
msgstr ""

msgid "Netgroup description"
msgstr ""

#, fuzzy
msgid "NIS domain name"
msgstr "आदेशाचे नाव "

msgid "IPA unique ID"
msgstr ""

msgid "Member netgroups"
msgstr ""

msgid "Indirect Member netgroups"
msgstr ""

msgid "Member User"
msgstr ""

msgid "Member Group"
msgstr ""

msgid "Member Host"
msgstr ""

msgid "Member Hostgroup"
msgstr ""

msgid "Add a new netgroup."
msgstr ""

msgid "Add members to a netgroup."
msgstr ""

msgid "member netgroup"
msgstr ""

msgid "netgroups to add"
msgstr ""

msgid "Delete a netgroup."
msgstr ""

msgid "Search for a netgroup."
msgstr ""

msgid "search for managed groups"
msgstr ""

msgid "Search for netgroups with these member netgroups."
msgstr ""

msgid "Search for netgroups without these member netgroups."
msgstr ""

msgid "Search for netgroups with these member users."
msgstr ""

msgid "Search for netgroups without these member users."
msgstr ""

msgid "group"
msgstr ""

msgid "Search for netgroups with these member groups."
msgstr ""

msgid "Search for netgroups without these member groups."
msgstr ""

msgid "Search for netgroups with these member hosts."
msgstr ""

msgid "Search for netgroups without these member hosts."
msgstr ""

msgid "Search for netgroups with these member host groups."
msgstr ""

msgid "Search for netgroups without these member host groups."
msgstr ""

msgid "Search for netgroups with these member of netgroups."
msgstr ""

msgid "Search for netgroups without these member of netgroups."
msgstr ""

msgid "Modify a netgroup."
msgstr ""

msgid "Remove members from a netgroup."
msgstr ""

msgid "netgroups to remove"
msgstr ""

msgid "Display information about a netgroup."
msgstr ""

msgid ""
"\n"
"OTP configuration\n"
"\n"
"Manage the default values that IPA uses for OTP tokens.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Show basic OTP configuration:\n"
"   ipa otpconfig-show\n"
"\n"
" Show all OTP configuration options:\n"
"   ipa otpconfig-show --all\n"
"\n"
" Change maximum TOTP authentication window to 10 minutes:\n"
"   ipa otpconfig-mod --totp-auth-window=600\n"
"\n"
" Change maximum TOTP synchronization window to 12 hours:\n"
"   ipa otpconfig-mod --totp-sync-window=43200\n"
"\n"
" Change maximum HOTP authentication window to 5:\n"
"   ipa hotpconfig-mod --hotp-auth-window=5\n"
"\n"
" Change maximum HOTP synchronization window to 50:\n"
"   ipa hotpconfig-mod --hotp-sync-window=50\n"
msgstr ""

msgid "TOTP authentication Window"
msgstr ""

msgid "TOTP authentication time variance (seconds)"
msgstr ""

msgid "TOTP Synchronization Window"
msgstr ""

msgid "TOTP synchronization time variance (seconds)"
msgstr ""

msgid "HOTP Authentication Window"
msgstr ""

msgid "HOTP authentication skip-ahead"
msgstr ""

msgid "HOTP Synchronization Window"
msgstr ""

msgid "HOTP synchronization skip-ahead"
msgstr ""

msgid "Modify OTP configuration options."
msgstr ""

msgid "Show the current OTP configuration."
msgstr ""

msgid ""
"\n"
"YubiKey Tokens\n"
"\n"
"Manage YubiKey tokens.\n"
"\n"
"This code is an extension to the otptoken plugin and provides support for\n"
"reading/writing YubiKey tokens directly.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new token:\n"
"   ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n"
msgstr ""

msgid ""
"\n"
"Set a user's password\n"
"\n"
"If someone other than a user changes that user's password (e.g., Helpdesk\n"
"resets it) then the password will need to be changed the first time it\n"
"is used. This is so the end-user is the only one who knows the password.\n"
"\n"
"The IPA password policy controls how often a password may be changed,\n"
"what strength requirements exist, and the length of the password history.\n"
"\n"
"EXAMPLES:\n"
"\n"
" To reset your own password:\n"
"   ipa passwd\n"
"\n"
" To change another user's password:\n"
"   ipa passwd tuser1\n"
msgstr ""

msgid "Set a user's password."
msgstr ""

msgid "New Password"
msgstr ""

msgid "Current Password"
msgstr ""

msgid "OTP"
msgstr ""

msgid "One Time Password"
msgstr ""

msgid ""
"\n"
"Permissions\n"
"\n"
"A permission enables fine-grained delegation of rights. A permission is\n"
"a human-readable wrapper around a 389-ds Access Control Rule,\n"
"or instruction (ACI).\n"
"A permission grants the right to perform a specific task such as adding a\n"
"user, modifying a group, etc.\n"
"\n"
"A permission may not contain other permissions.\n"
"\n"
"* A permission grants access to read, write, add, delete, read, search,\n"
"  or compare.\n"
"* A privilege combines similar permissions (for example all the permissions\n"
"  needed to add a user).\n"
"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n"
"\n"
"A permission is made up of a number of different parts:\n"
"\n"
"1. The name of the permission.\n"
"2. The target of the permission.\n"
"3. The rights granted by the permission.\n"
"\n"
"Rights define what operations are allowed, and may be one or more\n"
"of the following:\n"
"1. write - write one or more attributes\n"
"2. read - read one or more attributes\n"
"3. search - search on one or more attributes\n"
"4. compare - compare one or more attributes\n"
"5. add - add a new entry to the tree\n"
"6. delete - delete an existing entry\n"
"7. all - all permissions are granted\n"
"\n"
"Note the distinction between attributes and entries. The permissions are\n"
"independent, so being able to add a user does not mean that the user will\n"
"be editable.\n"
"\n"
"There are a number of allowed targets:\n"
"1. subtree: a DN; the permission applies to the subtree under this DN\n"
"2. target filter: an LDAP filter\n"
"3. target: DN with possible wildcards, specifies entries permission applies "
"to\n"
"\n"
"Additionally, there are the following convenience options.\n"
"Setting one of these options will set the corresponding attribute(s).\n"
"1. type: a type of object (user, group, etc); sets subtree and target "
"filter.\n"
"2. memberof: apply to members of a group; sets target filter\n"
"3. targetgroup: grant access to modify a specific group (such as granting\n"
"   the rights to manage group membership); sets target.\n"
"\n"
"Managed permissions\n"
"\n"
"Permissions that come with IPA by default can be so-called \"managed\"\n"
"permissions. These have a default set of attributes they apply to,\n"
"but the administrator can add/remove individual attributes to/from the set.\n"
"\n"
"Deleting or renaming a managed permission, as well as changing its target,\n"
"is not allowed.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a permission that grants the creation of users:\n"
"   ipa permission-add --type=user --permissions=add \"Add Users\"\n"
"\n"
" Add a permission that grants the ability to manage group membership:\n"
"   ipa permission-add --attrs=member --permissions=write --type=group "
"\"Manage Group Members\"\n"
msgstr ""

msgid "Permission name"
msgstr ""

msgid "Granted rights"
msgstr ""

msgid "Rights to grant (read, search, compare, write, add, delete, all)"
msgstr ""

msgid "Effective attributes"
msgstr ""

msgid "All attributes to which the permission applies"
msgstr ""

msgid "Included attributes"
msgstr ""

msgid "User-specified attributes to which the permission applies"
msgstr ""

msgid "Excluded attributes"
msgstr ""

msgid ""
"User-specified attributes to which the permission explicitly does not apply"
msgstr ""

msgid "Default attributes"
msgstr ""

msgid "Attributes to which the permission applies by default"
msgstr ""

msgid "Bind rule type"
msgstr ""

msgid "Subtree to apply permissions to"
msgstr ""

msgid "Extra target filter"
msgstr ""

msgid "Raw target filter"
msgstr ""

msgid "All target filters, including those implied by type and memberof"
msgstr ""

msgid "Target DN"
msgstr ""

msgid ""
"Optional DN to apply the permission to (must be in the subtree, but may not "
"yet exist)"
msgstr ""

msgid "Member of group"
msgstr ""

msgid "Target members of a group (sets memberOf targetfilter)"
msgstr ""

msgid "User group to apply permissions to (sets target)"
msgstr ""

msgid "Type of IPA object (sets subtree and objectClass targetfilter)"
msgstr ""

msgid "Deprecated; use extratargetfilter"
msgstr ""

#, fuzzy
msgid "Deprecated; use ipapermlocation"
msgstr "वापरात नसलेले पर्याय"

msgid "Deprecated; use ipapermright"
msgstr ""

msgid "Granted to Privilege"
msgstr ""

msgid "Indirect Member of roles"
msgstr ""

msgid "Add a new permission."
msgstr ""

msgid "Add members to a permission."
msgstr ""

msgid "member privilege"
msgstr ""

msgid "privileges to add"
msgstr ""

msgid "Add a system permission without an ACI (internal command)"
msgstr ""

msgid "Permission flags"
msgstr ""

msgid "Delete a permission."
msgstr ""

msgid "force delete of SYSTEM permissions"
msgstr ""

msgid "Search for permissions."
msgstr ""

msgid "Modify a permission."
msgstr ""

msgid "Rename the permission object"
msgstr ""

msgid "Remove members from a permission."
msgstr ""

msgid "privileges to remove"
msgstr ""

msgid "Display information about a permission."
msgstr ""

msgid ""
"\n"
"Ping the remote IPA server to ensure it is running.\n"
"\n"
"The ping command sends an echo request to an IPA server. The server\n"
"returns its version information. This is used by an IPA client\n"
"to confirm that the server is available and accepting requests.\n"
"\n"
"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n"
"If it does not respond then the client will contact any servers defined\n"
"by ldap SRV records in DNS.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Ping an IPA server:\n"
"   ipa ping\n"
"   ------------------------------------------\n"
"   IPA server version 2.1.9. API version 2.20\n"
"   ------------------------------------------\n"
"\n"
" Ping an IPA server verbosely:\n"
"   ipa -v ping\n"
"   ipa: INFO: trying https://ipa.example.com/ipa/xml\n"
"   ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'\n"
"   -----------------------------------------------------\n"
"   IPA server version 2.1.9. API version 2.20\n"
"   -----------------------------------------------------\n"
msgstr ""

msgid "Ping a remote server."
msgstr ""

msgid ""
"\n"
"Kerberos pkinit options\n"
"\n"
"Enable or disable anonymous pkinit using the principal\n"
"WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with\n"
"pkinit support.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Enable anonymous pkinit:\n"
"  ipa pkinit-anonymous enable\n"
"\n"
" Disable anonymous pkinit:\n"
"  ipa pkinit-anonymous disable\n"
"\n"
"For more information on anonymous pkinit see:\n"
"\n"
"http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit\n"
msgstr ""

msgid "Enable or Disable Anonymous PKINIT."
msgstr ""

msgid ""
"\n"
"Privileges\n"
"\n"
"A privilege combines permissions into a logical task. A permission provides\n"
"the rights to do a single task. There are some IPA operations that require\n"
"multiple permissions to succeed. A privilege is where permissions are\n"
"combined in order to perform a specific task.\n"
"\n"
"For example, adding a user requires the following permissions:\n"
" * Creating a new user entry\n"
" * Resetting a user password\n"
" * Adding the new user to the default IPA users group\n"
"\n"
"Combining these three low-level tasks into a higher level task in the\n"
"form of a privilege named \"Add User\" makes it easier to manage Roles.\n"
"\n"
"A privilege may not contain other privileges.\n"
"\n"
"See role and permission for additional information.\n"
msgstr ""

msgid "Privilege name"
msgstr ""

msgid "Privilege description"
msgstr ""

msgid "Granting privilege to roles"
msgstr ""

msgid "Add a new privilege."
msgstr ""

msgid "Add members to a privilege."
msgstr ""

msgid "member role"
msgstr ""

#, fuzzy
msgid "roles to add"
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "

msgid "Add permissions to a privilege."
msgstr ""

msgid "permission"
msgstr ""

msgid "permissions"
msgstr ""

msgid "Number of permissions added"
msgstr ""

msgid "Delete a privilege."
msgstr ""

msgid "Search for privileges."
msgstr ""

msgid "Modify a privilege."
msgstr ""

msgid "Rename the privilege object"
msgstr ""

msgid "Remove members from a privilege"
msgstr ""

#, fuzzy
msgid "roles to remove"
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "

msgid "Remove permissions from a privilege."
msgstr ""

msgid "Number of permissions removed"
msgstr ""

msgid "Display information about a privilege."
msgstr ""

msgid ""
"\n"
"Password policy\n"
"\n"
"A password policy sets limitations on IPA passwords, including maximum\n"
"lifetime, minimum lifetime, the number of passwords to save in\n"
"history, the number of character classes required (for stronger passwords)\n"
"and the minimum password length.\n"
"\n"
"By default there is a single, global policy for all users. You can also\n"
"create a password policy to apply to a group. Each user is only subject\n"
"to one password policy, either the group policy or the global policy. A\n"
"group policy stands alone; it is not a super-set of the global policy plus\n"
"custom settings.\n"
"\n"
"Each group password policy requires a unique priority setting. If a user\n"
"is in multiple groups that have password policies, this priority determines\n"
"which password policy is applied. A lower value indicates a higher priority\n"
"policy.\n"
"\n"
"Group password policies are automatically removed when the groups they\n"
"are associated with are removed.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Modify the global policy:\n"
"   ipa pwpolicy-mod --minlength=10\n"
"\n"
" Add a new group password policy:\n"
"   ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --"
"minlength=8 --priority=10 localadmins\n"
"\n"
" Display the global password policy:\n"
"   ipa pwpolicy-show\n"
"\n"
" Display a group password policy:\n"
"   ipa pwpolicy-show localadmins\n"
"\n"
" Display the policy that would be applied to a given user:\n"
"   ipa pwpolicy-show --user=tuser1\n"
"\n"
" Modify a group password policy:\n"
"   ipa pwpolicy-mod --minclasses=2 localadmins\n"
msgstr ""

msgid "Group"
msgstr ""

msgid "Manage password policy for specific group"
msgstr ""

msgid "Max lifetime (days)"
msgstr ""

msgid "Maximum password lifetime (in days)"
msgstr ""

msgid "Min lifetime (hours)"
msgstr ""

msgid "Minimum password lifetime (in hours)"
msgstr ""

msgid "History size"
msgstr ""

msgid "Password history size"
msgstr ""

msgid "Character classes"
msgstr ""

msgid "Minimum number of character classes"
msgstr ""

msgid "Min length"
msgstr ""

msgid "Minimum length of password"
msgstr ""

msgid "Priority of the policy (higher number means lower priority"
msgstr ""

msgid "Max failures"
msgstr ""

msgid "Consecutive failures before lockout"
msgstr ""

msgid "Failure reset interval"
msgstr ""

msgid "Period after which failure count will be reset (seconds)"
msgstr ""

msgid "Lockout duration"
msgstr ""

msgid "Period for which lockout is enforced (seconds)"
msgstr ""

msgid "Results should contain primary key attribute only (\"cn\")"
msgstr ""

msgid "Add a new group password policy."
msgstr ""

msgid "Delete a group password policy."
msgstr ""

msgid "Search for group password policies."
msgstr ""

msgid "Results should contain primary key attribute only (\"group\")"
msgstr ""

msgid "Modify a group password policy."
msgstr ""

msgid "Display information about password policy."
msgstr ""

msgid "User"
msgstr ""

msgid "Display effective policy for a specific user"
msgstr ""

msgid ""
"\n"
"RADIUS Proxy Servers\n"
"\n"
"Manage RADIUS Proxy Servers.\n"
"\n"
"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n"
"authentications. This permits a great deal of flexibility when\n"
"integrating with third-party authentication services.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new server:\n"
"   ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n"
"\n"
" Find all servers whose entries include the string \"example.com\":\n"
"   ipa radiusproxy-find example.com\n"
"\n"
" Examine the configuration:\n"
"   ipa radiusproxy-show MyRADIUS\n"
"\n"
" Change the secret:\n"
"   ipa radiusproxy-mod MyRADIUS --secret\n"
"\n"
" Delete a configuration:\n"
"   ipa radiusproxy-del MyRADIUS\n"
msgstr ""

msgid "RADIUS proxy server name"
msgstr ""

msgid "A description of this RADIUS proxy server"
msgstr ""

msgid "Server"
msgstr ""

msgid "The hostname or IP (with or without port)"
msgstr ""

msgid "Secret"
msgstr ""

msgid "The secret used to encrypt data"
msgstr ""

msgid "Timeout"
msgstr ""

msgid "The total timeout across all retries (in seconds)"
msgstr ""

msgid "Retries"
msgstr ""

msgid "The number of times to retry authentication"
msgstr ""

msgid "User attribute"
msgstr ""

msgid "The username attribute on the user object"
msgstr ""

msgid "Add a new RADIUS proxy server."
msgstr ""

msgid "Delete a RADIUS proxy server."
msgstr ""

msgid "Search for RADIUS proxy servers."
msgstr ""

msgid "Modify a RADIUS proxy server."
msgstr ""

msgid "Rename the RADIUS proxy server object"
msgstr ""

msgid "Display information about a RADIUS proxy server."
msgstr ""

msgid ""
"\n"
"Realm domains\n"
"\n"
"Manage the list of domains associated with IPA realm.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Display the current list of realm domains:\n"
"   ipa realmdomains-show\n"
"\n"
" Replace the list of realm domains:\n"
"   ipa realmdomains-mod --domain=example.com\n"
"   ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
"\n"
" Add a domain to the list of realm domains:\n"
"   ipa realmdomains-mod --add-domain=newdomain.com\n"
"\n"
" Delete a domain from the list of realm domains:\n"
"   ipa realmdomains-mod --del-domain=olddomain.com\n"
msgstr ""

msgid "Domain"
msgstr ""

msgid "Add domain"
msgstr ""

msgid "Delete domain"
msgstr ""

msgid "Modify realm domains."
msgstr ""

msgid "Force adding domain even if not in DNS"
msgstr ""

msgid "Display the list of realm domains."
msgstr ""

msgid ""
"\n"
"Roles\n"
"\n"
"A role is used for fine-grained delegation. A permission grants the ability\n"
"to perform given low-level tasks (add a user, modify a group, etc.). A\n"
"privilege combines one or more permissions into a higher-level abstraction\n"
"such as useradmin. A useradmin would be able to add, delete and modify "
"users.\n"
"\n"
"Privileges are assigned to Roles.\n"
"\n"
"Users, groups, hosts and hostgroups may be members of a Role.\n"
"\n"
"Roles can not contain other roles.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new role:\n"
"   ipa role-add --desc=\"Junior-level admin\" junioradmin\n"
"\n"
" Add some privileges to this role:\n"
"   ipa role-add-privilege --privileges=addusers junioradmin\n"
"   ipa role-add-privilege --privileges=change_password junioradmin\n"
"   ipa role-add-privilege --privileges=add_user_to_default_group "
"junioradmin\n"
"\n"
" Add a group of users to this role:\n"
"   ipa group-add --desc=\"User admins\" useradmins\n"
"   ipa role-add-member --groups=useradmins junioradmin\n"
"\n"
" Display information about a role:\n"
"   ipa role-show junioradmin\n"
"\n"
" The result of this is that any users in the group 'junioradmin' can\n"
" add users, reset passwords or add a user to the default IPA user group.\n"
msgstr ""

msgid "Role name"
msgstr ""

msgid "A description of this role-group"
msgstr ""

msgid "Member users"
msgstr ""

msgid "Member groups"
msgstr ""

msgid "Privileges"
msgstr ""

msgid "Member services"
msgstr ""

msgid "Add a new role."
msgstr ""

msgid "Add members to a role."
msgstr ""

msgid "member service"
msgstr ""

msgid "services to add"
msgstr ""

msgid "Add privileges to a role."
msgstr ""

msgid "privilege"
msgstr ""

msgid "privileges"
msgstr ""

msgid "Number of privileges added"
msgstr ""

msgid "Delete a role."
msgstr ""

msgid "Search for roles."
msgstr ""

msgid "Modify a role."
msgstr ""

msgid "Rename the role object"
msgstr ""

msgid "Remove members from a role."
msgstr ""

msgid "services to remove"
msgstr ""

msgid "Remove privileges from a role."
msgstr ""

msgid "Number of privileges removed"
msgstr ""

msgid "Display information about a role."
msgstr ""

msgid ""
"\n"
"Self-service Permissions\n"
"\n"
"A permission enables fine-grained delegation of permissions. Access Control\n"
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
"given tasks such as adding a user, modifying a group, etc.\n"
"\n"
"A Self-service permission defines what an object can change in its own "
"entry.\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a self-service rule to allow users to manage their address (using Bash\n"
" brace expansion):\n"
"   ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c,"
"st} \"Users manage their own address\"\n"
"\n"
" When managing the list of attributes you need to include all attributes\n"
" in the list, including existing ones.\n"
" Add telephoneNumber to the list (using Bash brace expansion):\n"
"   ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} "
"\"Users manage their own address\"\n"
"\n"
" Display our updated rule:\n"
"   ipa selfservice-show \"Users manage their own address\"\n"
"\n"
" Delete a rule:\n"
"   ipa selfservice-del \"Users manage their own address\"\n"
msgstr ""

msgid "Self-service name"
msgstr ""

msgid "Attributes to which the permission applies."
msgstr ""

msgid "Add a new self-service permission."
msgstr ""

msgid "Delete a self-service permission."
msgstr ""

msgid "Search for a self-service permission."
msgstr ""

msgid "Modify a self-service permission."
msgstr ""

msgid "Display information about a self-service permission."
msgstr ""

msgid ""
"\n"
"SELinux User Mapping\n"
"\n"
"Map IPA users to SELinux users by host.\n"
"\n"
"Hosts, hostgroups, users and groups can be either defined within\n"
"the rule or it may point to an existing HBAC rule. When using\n"
"--hbacrule option to selinuxusermap-find an exact match is made on the\n"
"HBAC rule name, so only one or zero entries will be returned.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Create a rule, \"test1\", that sets all users to xguest_u:s0 on the host "
"\"server\":\n"
"   ipa selinuxusermap-add --usercat=all --selinuxuser=xguest_u:s0 test1\n"
"   ipa selinuxusermap-add-host --hosts=server.example.com test1\n"
"\n"
" Create a rule, \"test2\", that sets all users to guest_u:s0 and uses an "
"existing HBAC rule for users and hosts:\n"
"   ipa selinuxusermap-add --usercat=all --hbacrule=webserver --"
"selinuxuser=guest_u:s0 test2\n"
"\n"
" Display the properties of a rule:\n"
"   ipa selinuxusermap-show test2\n"
"\n"
" Create a rule for a specific user. This sets the SELinux context for\n"
" user john to unconfined_u:s0-s0:c0.c1023 on any machine:\n"
"   ipa selinuxusermap-add --hostcat=all --selinuxuser=unconfined_u:s0-s0:c0."
"c1023 john_unconfined\n"
"   ipa selinuxusermap-add-user --users=john john_unconfined\n"
"\n"
" Disable a rule:\n"
"   ipa selinuxusermap-disable test1\n"
"\n"
" Enable a rule:\n"
"   ipa selinuxusermap-enable test1\n"
"\n"
" Find a rule referencing a specific HBAC rule:\n"
"   ipa selinuxusermap-find --hbacrule=allow_some\n"
"\n"
" Remove a rule:\n"
"   ipa selinuxusermap-del john_unconfined\n"
"\n"
"SEEALSO:\n"
"\n"
" The list controlling the order in which the SELinux user map is applied\n"
" and the default SELinux user are available in the config-show command.\n"
msgstr ""

msgid "SELinux User"
msgstr ""

msgid "HBAC Rule"
msgstr ""

msgid "HBAC Rule that defines the users, groups and hostgroups"
msgstr ""

msgid "Create a new SELinux User Map."
msgstr ""

msgid "Add target hosts and hostgroups to an SELinux User Map rule."
msgstr ""

msgid "Add users and groups to an SELinux User Map rule."
msgstr ""

msgid "Delete a SELinux User Map."
msgstr ""

msgid "Disable an SELinux User Map rule."
msgstr ""

msgid "Enable an SELinux User Map rule."
msgstr ""

msgid "Search for SELinux User Maps."
msgstr ""

msgid "Modify a SELinux User Map."
msgstr ""

msgid "Remove target hosts and hostgroups from an SELinux User Map rule."
msgstr ""

msgid "Remove users and groups from an SELinux User Map rule."
msgstr ""

msgid "Display the properties of a SELinux User Map rule."
msgstr ""

msgid ""
"\n"
"Services\n"
"\n"
"A IPA service represents a service that runs on a host. The IPA service\n"
"record can store a Kerberos principal, an SSL certificate, or both.\n"
"\n"
"An IPA service can be managed directly from a machine, provided that\n"
"machine has been given the correct permission. This is true even for\n"
"machines other than the one the service is associated with. For example,\n"
"requesting an SSL certificate using the host service principal credentials\n"
"of the host. To manage a service using host credentials you need to\n"
"kinit as the host:\n"
"\n"
" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
"\n"
"Adding an IPA service allows the associated service to request an SSL\n"
"certificate or keytab, but this is performed as a separate step; they\n"
"are not produced as a result of adding the service.\n"
"\n"
"Only the public aspect of a certificate is stored in a service record;\n"
"the private key is not stored.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new IPA service:\n"
"   ipa service-add HTTP/web.example.com\n"
"\n"
" Allow a host to manage an IPA service certificate:\n"
"   ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
"   ipa role-add-member --hosts=web.example.com certadmin\n"
"\n"
" Override a default list of supported PAC types for the service:\n"
"   ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
"\n"
"   A typical use case where overriding the PAC type is needed is NFS.\n"
"   Currently the related code in the Linux kernel can only handle Kerberos\n"
"   tickets up to a maximal size. Since the PAC data can become quite large "
"it\n"
"   is recommended to set --pac-type=NONE for NFS services.\n"
"\n"
" Delete an IPA service:\n"
"   ipa service-del HTTP/web.example.com\n"
"\n"
" Find all IPA services associated with a host:\n"
"   ipa service-find web.example.com\n"
"\n"
" Find all HTTP services:\n"
"   ipa service-find HTTP\n"
"\n"
" Disable the service Kerberos key and SSL certificate:\n"
"   ipa service-disable HTTP/web.example.com\n"
"\n"
" Request a certificate for an IPA service:\n"
"   ipa cert-request --principal=HTTP/web.example.com example.csr\n"
"\n"
" Allow user to create a keytab:\n"
"   ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n"
"\n"
" Generate and retrieve a keytab for an IPA service:\n"
"   ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
"httpd.keytab\n"
msgstr ""

msgid "Principal"
msgstr ""

msgid "Service principal"
msgstr ""

msgid "PAC type"
msgstr ""

msgid ""
"Override default list of supported PAC types. Use 'NONE' to disable PAC "
"support for this service, e.g. this might be necessary for NFS services."
msgstr ""

msgid "Add a new IPA new service."
msgstr ""

msgid "force principal name even if not in DNS"
msgstr ""

msgid "Add hosts that can manage this service."
msgstr ""

msgid ""
"Allow users, groups, hosts or host groups to create a keytab of this service."
msgstr ""

msgid ""
"Allow users, groups, hosts or host groups to retrieve a keytab of this "
"service."
msgstr ""

msgid "Delete an IPA service."
msgstr ""

msgid "Disable the Kerberos key and SSL certificate of a service."
msgstr ""

msgid ""
"Disallow users, groups, hosts or host groups to create a keytab of this "
"service."
msgstr ""

msgid ""
"Disallow users, groups, hosts or host groups to retrieve a keytab of this "
"service."
msgstr ""

msgid "Search for IPA services."
msgstr ""

msgid "Results should contain primary key attribute only (\"principal\")"
msgstr ""

msgid "Search for services with these managed by hosts."
msgstr ""

msgid "Search for services without these managed by hosts."
msgstr ""

msgid "Modify an existing IPA service."
msgstr ""

msgid "Remove hosts that can manage this service."
msgstr ""

msgid "Display information about an IPA service."
msgstr ""

msgid ""
"\n"
"Session Support for IPA\n"
"John Dennis <jdennis@redhat.com>\n"
"\n"
"Goals\n"
"=====\n"
"\n"
"Provide per-user session data caching which persists between\n"
"requests. Desired features are:\n"
"\n"
"* Integrates cleanly with minimum impact on existing infrastructure.\n"
"\n"
"* Provides maximum security balanced against real-world performance\n"
"  demands.\n"
"\n"
"* Sessions must be able to be revoked (flushed).\n"
"\n"
"* Should be flexible and easy to use for developers.\n"
"\n"
"* Should leverage existing technology and code to the maximum extent\n"
"  possible to avoid re-invention, excessive implementation time and to\n"
"  benefit from robustness in field proven components commonly shared\n"
"  in the open source community.\n"
"\n"
"* Must support multiple independent processes which share session\n"
"  data.\n"
"\n"
"* System must function correctly if session data is available or not.\n"
"\n"
"* Must be high performance.\n"
"\n"
"* Should not be tied to specific web servers or browsers. Should\n"
"  integrate with our chosen WSGI model.\n"
"\n"
"Issues\n"
"======\n"
"\n"
"Cookies\n"
"-------\n"
"\n"
"Most session implementations are based on the use of cookies. Cookies\n"
"have some inherent problems.\n"
"\n"
"* User has the option to disable cookies.\n"
"\n"
"* User stored cookie data is not secure. Can be mitigated by setting\n"
"  flags indicating the cookie is only to be used with SSL secured HTTP\n"
"  connections to specific web resources and setting the cookie to\n"
"  expire at session termination. Most modern browsers enforce these.\n"
"\n"
"Where to store session data?\n"
"----------------------------\n"
"\n"
"Session data may be stored on either on the client or on the\n"
"server. Storing session data on the client addresses the problem of\n"
"session data availability when requests are serviced by independent web\n"
"servers because the session data travels with the request. However\n"
"there are data size limitations. Storing session data on the client\n"
"also exposes sensitive data but this can be mitigated by encrypting\n"
"the session data such that only the server can decrypt it.\n"
"\n"
"The more conventional approach is to bind session data to a unique\n"
"name, the session ID. The session ID is transmitted to the client and\n"
"the session data is paired with the session ID on the server in a\n"
"associative data store. The session data is retrieved by the server\n"
"using the session ID when the receiving the request. This eliminates\n"
"exposing sensitive session data on the client along with limitations\n"
"on data size. It however introduces the issue of session data\n"
"availability when requests are serviced by more than one server\n"
"process.\n"
"\n"
"Multi-process session data availability\n"
"---------------------------------------\n"
"\n"
"Apache (and other web servers) fork child processes to handle requests\n"
"in parallel. Also web servers may be deployed in a farm where requests\n"
"are load balanced in round robin fashion across different nodes. In\n"
"both cases session data cannot be stored in the memory of a server\n"
"process because it is not available to other processes, either sibling\n"
"children of a master server process or server processes on distinct\n"
"nodes.\n"
"\n"
"Typically this is addressed by storing session data in a SQL\n"
"database. When a request is received by a server process containing a\n"
"session ID in it's cookie data the session ID is used to perform a SQL\n"
"query and the resulting data is then attached to the request as it\n"
"proceeds through the request processing pipeline. This of course\n"
"introduces coherency issues.\n"
"\n"
"For IPA the introduction of a SQL database dependency is undesired and\n"
"should be avoided.\n"
"\n"
"Session data may also be shared by independent processes by storing\n"
"the session data in files.\n"
"\n"
"An alternative solution which has gained considerable popularity\n"
"recently is the use of a fast memory based caching server. Data is\n"
"stored in a single process memory and may be queried and set via a\n"
"light weight protocol using standard socket mechanisms, memcached is\n"
"one example. A typical use is to optimize SQL queries by storing a SQL\n"
"result in shared memory cache avoiding the more expensive SQL\n"
"operation. But the memory cache has distinct advantages in non-SQL\n"
"situations as well.\n"
"\n"
"Possible implementations for use by IPA\n"
"=======================================\n"
"\n"
"Apache Sessions\n"
"---------------\n"
"\n"
"Apache has 2.3 has implemented session support via these modules:\n"
"\n"
"  mod_session\n"
"    Overarching session support based on cookies.\n"
"\n"
"    See: http://httpd.apache.org/docs/2.3/mod/mod_session.html\n"
"\n"
"  mod_session_cookie\n"
"    Stores session data in the client.\n"
"\n"
"    See: http://httpd.apache.org/docs/2.3/mod/mod_session_cookie.html\n"
"\n"
"  mod_session_crypto\n"
"    Encrypts session data for security. Encryption key is shared\n"
"    configuration parameter visible to all Apache processes and is\n"
"    stored in a configuration file.\n"
"\n"
"    See: http://httpd.apache.org/docs/2.3/mod/mod_session_crypto.html\n"
"\n"
"  mod_session_dbd\n"
"    Stores session data in a SQL database permitting multiple\n"
"    processes to access and share the same session data.\n"
"\n"
"    See: http://httpd.apache.org/docs/2.3/mod/mod_session_dbd.html\n"
"\n"
"Issues with Apache sessions\n"
"~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
"\n"
"Although Apache has implemented generic session support and Apache is\n"
"our web server of preference it nonetheless introduces issues for IPA.\n"
"\n"
"  * Session support is only available in httpd >= 2.3 which at the\n"
"    time of this writing is currently only available as a Beta release\n"
"    from upstream. We currently only ship httpd 2.2, the same is true\n"
"    for other distributions.\n"
"\n"
"  * We could package and ship the sessions modules as a temporary\n"
"    package in httpd 2.2 environments. But this has the following\n"
"    consequences:\n"
"\n"
"      - The code has to be backported. the module API has changed\n"
"        slightly between httpd 2.2 and 2.3. The backporting is not\n"
"        terribly difficult and a proof of concept has been\n"
"        implemented.\n"
"\n"
"      - We would then be on the hook to package and maintain a special\n"
"        case Apache package. This is maintenance burden as well as a\n"
"        distribution packaging burden. Both of which would be best\n"
"        avoided if possible.\n"
"\n"
"  * The design of the Apache session modules is such that they can\n"
"    only be manipulated by other Apache modules. The ability of\n"
"    consumers of the session data to control the session data is\n"
"    simplistic, constrained and static during the period the request\n"
"    is processed. Request handlers which are not native Apache modules\n"
"    (e.g. IPA via WSGI) can only examine the session data\n"
"    via request headers and reset it in response headers.\n"
"\n"
"  * Shared session data is available exclusively via SQL.\n"
"\n"
"However using the 2.3 Apache session modules would give us robust\n"
"session support implemented in C based on standardized Apache\n"
"interfaces which are widely used.\n"
"\n"
"Python Web Frameworks\n"
"---------------------\n"
"\n"
"Virtually every Python web framework supports cookie based sessions,\n"
"e.g. Django, Twisted, Zope, Turbogears etc. Early on in IPA we decided\n"
"to avoid the use of these frameworks. Trying to pull in just one part\n"
"of these frameworks just to get session support would be problematic\n"
"because the code does not function outside it's framework.\n"
"\n"
"IPA implemented sessions\n"
"------------------------\n"
"\n"
"Originally it was believed the path of least effort was to utilize\n"
"existing session support, most likely what would be provided by\n"
"Apache. However there are enough basic modular components available in\n"
"native Python and other standard packages it should be possible to\n"
"provide session support meeting the aforementioned goals with a modest\n"
"implementation effort. Because we're leveraging existing components\n"
"the implementation difficulties are subsumed by other components which\n"
"have already been field proven and have community support. This is a\n"
"smart strategy.\n"
"\n"
"Proposed Solution\n"
"=================\n"
"\n"
"Our interface to the web server is via WSGI which invokes a callback\n"
"per request passing us an environmental context for the request. For\n"
"this discussion we'll name the WSGI callback \"application()\", a\n"
"conventional name in WSGI parlance.\n"
"\n"
"Shared session data will be handled by memcached. We will create one\n"
"instance of memcached on each server node dedicated to IPA\n"
"exclusively. Communication with memcached will be via a UNIX socket\n"
"located in the file system under /var/run/ipa_memcached. It will be\n"
"protected by file permissions and optionally SELinux policy.\n"
"\n"
"In application() we examine the request cookies and if there is an IPA\n"
"session cookie with a session ID we retrieve the session data from our\n"
"memcached instance.\n"
"\n"
"The session data will be a Python dict. IPA components will read or\n"
"write their session information by using a pre-agreed upon name\n"
"(e.g. key) in the dict. This is a very flexible system and consistent\n"
"with how we pass data in most parts of IPA.\n"
"\n"
"If the session data is not available an empty session data dict will\n"
"be created.\n"
"\n"
"How does this session data travel with the request in the IPA\n"
"pipeline? In IPA we use the HTTP request/response to implement RPC. In\n"
"application() we convert the request into a procedure call passing it\n"
"arguments derived from the HTTP request. The passed parameters are\n"
"specific to the RPC method being invoked. The context the RPC call is\n"
"executing in is not passed as an RPC parameter.\n"
"\n"
"How would the contextual information such as session data be bound to\n"
"the request and hence the RPC call?\n"
"\n"
"In IPA when a RPC invocation is being prepared from a request we\n"
"recognize this will only ever be processed serially by one Python\n"
"thread. A thread local dict called \"context\" is allocated for each\n"
"thread. The context dict is cleared in between requests (e.g. RPC method\n"
"invocations). The per-thread context dict is populated during the\n"
"lifetime of the request and is used as a global data structure unique to\n"
"the request that various IPA component can read from and write to with\n"
"the assurance the data is unique to the current request and/or method\n"
"call.\n"
"\n"
"The session data dict will be written into the context dict under the\n"
"session key before the RPC method begins execution. Thus session data\n"
"can be read and written by any IPA component by accessing\n"
"``context.session``.\n"
"\n"
"When the RPC method finishes execution the session data bound to the\n"
"request/method is retrieved from the context and written back to the\n"
"memcached instance. The session ID is set in the response sent back to\n"
"the client in the ``Set-Cookie`` header along with the flags\n"
"controlling it's usage.\n"
"\n"
"Issues and details\n"
"------------------\n"
"\n"
"IPA code cannot depend on session data being present, however it\n"
"should always update session data with the hope it will be available\n"
"in the future. Session data may not be available because:\n"
"\n"
"  * This is the first request from the user and no session data has\n"
"    been created yet.\n"
"\n"
"  * The user may have cookies disabled.\n"
"\n"
"  * The session data may have been flushed. memcached operates with\n"
"    a fixed memory allocation and will flush entries on a LRU basis,\n"
"    like with any cache there is no guarantee of persistence.\n"
"\n"
"    Also we may have have deliberately expired or deleted session\n"
"    data, see below.\n"
"\n"
"Cookie manipulation is done via the standard Python Cookie module.\n"
"\n"
"Session cookies will be set to only persist as long as the browser has\n"
"the session open. They will be tagged so the browser only returns\n"
"the session ID on SSL secured HTTP requests. They will not be visible\n"
"to Javascript in the browser.\n"
"\n"
"Session ID's will be created by using 48 bits of random data and\n"
"converted to 12 hexadecimal digits. Newly generated session ID's will\n"
"be checked for prior existence to handle the unlikely case the random\n"
"number repeats.\n"
"\n"
"memcached will have significantly higher performance than a SQL or file\n"
"based storage solution. Communication is effectively though a pipe\n"
"(UNIX socket) using a very simple protocol and the data is held\n"
"entirely in process memory. memcached also scales easily, it is easy\n"
"to add more memcached processes and distribute the load across them.\n"
"At this point in time we don't anticipate the need for this.\n"
"\n"
"A very nice feature of the Python memcached module is that when a data\n"
"item is written to the cache it is done with standard Python pickling\n"
"(pickling is a standard Python mechanism to marshal and unmarshal\n"
"Python objects). We adopt the convention the object written to cache\n"
"will be a dict to meet our internal data handling conventions. The\n"
"pickling code will recursively handle nested objects in the dict. Thus\n"
"we gain a lot of flexibility using standard Python data structures to\n"
"store and retrieve our session data without having to author and debug\n"
"code to marshal and unmarshal the data if some other storage mechanism\n"
"had been used. This is a significant implementation win. Of course\n"
"some common sense limitations need to observed when deciding on what\n"
"is written to the session cache keeping in mind the data is shared\n"
"between processes and it should not be excessively large (a\n"
"configurable option)\n"
"\n"
"We can set an expiration on memcached entries. We may elect to do that\n"
"to force session data to be refreshed periodically. For example we may\n"
"wish the client to present fresh credentials on a periodic basis even\n"
"if the cached credentials are otherwise within their validity period.\n"
"\n"
"We can explicitly delete session data if for some reason we believe it\n"
"is stale, invalid or compromised.\n"
"\n"
"memcached also gives us certain facilities to prevent race conditions\n"
"between different processes utilizing the cache. For example you can\n"
"check of the entry has been modified since you last read it or use CAS\n"
"(Check And Set) semantics. What has to be protected in terms of cache\n"
"coherency will likely have to be determined as the session support is\n"
"utilized and different data items are added to the cache. This is very\n"
"much data and context specific. Fortunately memcached operations are\n"
"atomic.\n"
"\n"
"Controlling the memcached process\n"
"---------------------------------\n"
"\n"
"We need a mechanism to start the memcached process and secure it so\n"
"that only IPA components can access it.\n"
"\n"
"Although memcached ships with both an initscript and systemd unit\n"
"files those are for generic instances. We want a memcached instance\n"
"dedicated exclusively to IPA usage. To accomplish this we would install\n"
"a systemd unit file or an SysV initscript to control the IPA specific\n"
"memcached service. ipactl would be extended to know about this\n"
"additional service. systemd's cgroup facility would give us additional\n"
"mechanisms to integrate the IPA memcached service within a larger IPA\n"
"process group.\n"
"\n"
"Protecting the memcached data would be done via file permissions (and\n"
"optionally SELinux policy) on the UNIX domain socket. Although recent\n"
"implementations of memcached support authentication via SASL this\n"
"introduces a performance and complexity burden not warranted when\n"
"cached is dedicated to our exclusive use and access controlled by OS\n"
"mechanisms.\n"
"\n"
"Conventionally daemons are protected by assigning a system uid and/or\n"
"gid to the daemon. A daemon launched by root will drop it's privileges\n"
"by assuming the effective uid:gid assigned to it. File system access\n"
"is controlled by the OS via the effective identity and SELinux policy\n"
"can be crafted based on the identity. Thus the memcached UNIX socket\n"
"would be protected by having it owned by a specific system user and/or\n"
"membership in a restricted system group (discounting for the moment\n"
"SELinux).\n"
"\n"
"Unfortunately we currently do not have an IPA system uid whose\n"
"identity our processes operate under nor do we have an IPA system\n"
"group. IPA does manage a collection of related processes (daemons) and\n"
"historically each has been assigned their own uid. When these\n"
"unrelated processes communicate they mutually authenticate via other\n"
"mechanisms. We do not have much of a history of using shared file\n"
"system objects across identities. When file objects are created they\n"
"are typically assigned the identity of daemon needing to access the\n"
"object and are not accessed by other daemons, or they carry root\n"
"identity.\n"
"\n"
"When our WSGI application runs in Apache it is run as a WSGI\n"
"daemon. This means when Apache starts up it forks off WSGI processes\n"
"for us and we are independent of other Apache processes. When WSGI is\n"
"run in this mode there is the ability to set the uid:gid of the WSGI\n"
"process hosting us, however we currently do not take advantage of this\n"
"option. WSGI can be run in other modes as well, only in daemon mode\n"
"can the uid:gid be independently set from the rest of Apache. All\n"
"processes started by Apache can be set to a common uid:gid specified\n"
"in the global Apache configuration, by default it's\n"
"apache:apache. Thus when our IPA code executes it is running as\n"
"apache:apache.\n"
"\n"
"To protect our memcached UNIX socket we can do one of two things:\n"
"\n"
"1. Assign it's uid:gid as apache:apache. This would limit access to\n"
"   our cache only to processes running under httpd. It's somewhat\n"
"   restricted but far from ideal. Any code running in the web server\n"
"   could potentially access our cache. It's difficult to control what the\n"
"   web server runs and admins may not understand the consequences of\n"
"   configuring httpd to serve other things besides IPA.\n"
"\n"
"2. Create an IPA specific uid:gid, for example ipa:ipa. We then configure\n"
"   our WSGI application to run as the ipa:ipa user and group. We also\n"
"   configure our memcached instance to run as the ipa:ipa user and\n"
"   group. In this configuration we are now fully protected, only our WSGI\n"
"   code can read & write to our memcached UNIX socket.\n"
"\n"
"However there may be unforeseen issues by converting our code to run as\n"
"something other than apache:apache. This would require some\n"
"investigation and testing.\n"
"\n"
"IPA is dependent on other system daemons, specifically Directory\n"
"Server (ds) and Certificate Server (cs). Currently we configure ds to\n"
"run under the dirsrv:dirsrv user and group, an identity of our\n"
"creation. We allow cs to default to it's pkiuser:pkiuser user and\n"
"group. Should these other cooperating daemons also run under the\n"
"common ipa:ipa user and group identities? At first blush there would\n"
"seem to be an advantage to coalescing all process identities under a\n"
"common IPA user and group identity. However these other processes do\n"
"not depend on user and group permissions when working with external\n"
"agents, processes, etc. Rather they are designed to be stand-alone\n"
"network services which authenticate their clients via other\n"
"mechanisms. They do depend on user and group permission to manage\n"
"their own file system objects. If somehow the ipa user and/or group\n"
"were compromised or malicious code somehow executed under the ipa\n"
"identity there would be an advantage in having the cooperating\n"
"processes cordoned off under their own identities providing one extra\n"
"layer of protection. (Note, these cooperating daemons may not even be\n"
"co-located on the same node in which case the issue is moot)\n"
"\n"
"The UNIX socket behavior (ldapi) with Directory Server is as follows:\n"
"\n"
"  * The socket ownership is: root:root\n"
"\n"
"  * The socket permissions are: 0666\n"
"\n"
"  * When connecting via ldapi you must authenticate as you would\n"
"    normally with a TCP socket, except ...\n"
"\n"
"  * If autobind is enabled and the uid:gid is available via\n"
"    SO_PEERCRED and the uid:gid can be found in the set of users known\n"
"    to the Directory Server then that connection will be bound as that\n"
"    user.\n"
"\n"
"  * Otherwise an anonymous bind will occur.\n"
"\n"
"memcached UNIX socket behavior is as follows:\n"
"\n"
"  * memcached can be invoked with a user argument, no group may be\n"
"    specified. The effective uid is the uid of the user argument and\n"
"    the effective gid is the primary group of the user, let's call\n"
"    this euid:egid\n"
"\n"
"  * The socket ownership is: euid:egid\n"
"\n"
"  * The socket permissions are 0700 by default, but this can be\n"
"    modified by the -a mask command line arg which sets the umask\n"
"    (defaults to 0700).\n"
"\n"
"Overview of authentication in IPA\n"
"=================================\n"
"\n"
"This describes how we currently authenticate and how we plan to\n"
"improve authentication performance. First some definitions.\n"
"\n"
"There are 4 major players:\n"
"\n"
"  1. client\n"
"  2. mod_auth_kerb (in Apache process)\n"
"  3. wsgi handler (in IPA wsgi python process)\n"
"  4. ds (directory server)\n"
"\n"
"There are several resources:\n"
"\n"
"  1. /ipa/ui (unprotected, web UI static resources)\n"
"  2. /ipa/xml (protected, xmlrpc RPC used by command line clients)\n"
"  3. /ipa/json (protected, json RPC used by javascript in web UI)\n"
"  4. ds (protected, wsgi acts as proxy, our LDAP server)\n"
"\n"
"Current Model\n"
"-------------\n"
"\n"
"This describes how things work in our current system for the web UI.\n"
"\n"
"  1. Client requests /ipa/ui, this is unprotected, is static and\n"
"     contains no sensitive information. Apache replies with html and\n"
"     javascript. The javascript requests /ipa/json.\n"
"\n"
"  2. Client sends post to /ipa/json.\n"
"\n"
"  3. mod_auth_kerb is configured to protect /ipa/json, replies 401\n"
"     authenticate negotiate.\n"
"\n"
"  4. Client resends with credentials\n"
"\n"
"  5. mod_auth_kerb validates credentials\n"
"\n"
"     a. if invalid replies 403 access denied (stops here)\n"
"\n"
"     b. if valid creates temporary ccache, adds KRB5CCNAME to request\n"
"        headers\n"
"\n"
"  6. Request passed to wsgi handler\n"
"\n"
"     a. validates request, KRB5CCNAME must be present, referrer, etc.\n"
"\n"
"     b. ccache saved and used to bind to ds\n"
"\n"
"     c. routes to specified RPC handler.\n"
"\n"
"  7. wsgi handler replies to client\n"
"\n"
"Proposed new session based optimization\n"
"---------------------------------------\n"
"\n"
"The round trip negotiate and credential validation in steps 3,4,5 is\n"
"expensive. This can be avoided if we can cache the client\n"
"credentials. With client sessions we can store the client credentials\n"
"in the session bound to the client.\n"
"\n"
"A few notes about the session implementation.\n"
"\n"
"  * based on session cookies, cookies must be enabled\n"
"\n"
"  * session cookie is secure, only passed on secure connections, only\n"
"    passed to our URL resource, never visible to client javascript\n"
"    etc.\n"
"\n"
"  * session cookie has a session id which is used by wsgi handler to\n"
"    retrieve client session data from shared multi-process cache.\n"
"\n"
"Changes to Apache's resource protection\n"
"---------------------------------------\n"
"\n"
"  * /ipa/json is no longer protected by mod_auth_kerb. This is\n"
"    necessary to avoid the negotiate expense in steps 3,4,5\n"
"    above. Instead the /ipa/json resource will be protected in our wsgi\n"
"    handler via the session cookie.\n"
"\n"
"  * A new protected URI is introduced, /ipa/login. This resource\n"
"    does no serve any data, it is used exclusively for authentication.\n"
"\n"
"The new sequence is:\n"
"\n"
"  1. Client requests /ipa/ui, this is unprotected. Apache replies with\n"
"     html and javascript. The javascript requests /ipa/json.\n"
"\n"
"  2. Client sends post to /ipa/json, which is unprotected.\n"
"\n"
"  3. wsgi handler obtains session data from session cookie.\n"
"\n"
"     a. if ccache is present in session data and is valid\n"
"\n"
"        - request is further validated\n"
"\n"
"        - ccache is established for bind to ds\n"
"\n"
"        - request is routed to RPC handler\n"
"\n"
"        - wsgi handler eventually replies to client\n"
"\n"
"     b. if ccache is not present or not valid processing continues ...\n"
"\n"
"  4. wsgi handler replies with 401 Unauthorized\n"
"\n"
"  5. client sends request to /ipa/login to obtain session credentials\n"
"\n"
"  6. mod_auth_kerb replies 401 negotiate on /ipa/login\n"
"\n"
"  7. client sends credentials to /ipa/login\n"
"\n"
"  8. mod_auth_kerb validates credentials\n"
"\n"
"     a. if valid\n"
"\n"
"        - mod_auth_kerb permits access to /ipa/login. wsgi handler is\n"
"          invoked and does the following:\n"
"\n"
"          * establishes session for client\n"
"\n"
"          * retrieves the ccache from KRB5CCNAME and stores it\n"
"\n"
"     a. if invalid\n"
"\n"
"        - mod_auth_kerb sends 403 access denied (processing stops)\n"
"\n"
"  9. client now posts the same data again to /ipa/json including\n"
"     session cookie. Processing repeats starting at step 2 and since\n"
"     the session data now contains a valid ccache step 3a executes, a\n"
"     successful reply is sent to client.\n"
"\n"
"Command line client using xmlrpc\n"
"--------------------------------\n"
"\n"
"The above describes the web UI utilizing the json RPC mechanism. The\n"
"IPA command line tools utilize a xmlrpc RPC mechanism on the same\n"
"HTTP server. Access to the xmlrpc is via the /ipa/xml URI. The json\n"
"and xmlrpc API's are the same, they differ only on how their procedure\n"
"calls are marshalled and unmarshalled.\n"
"\n"
"Under the new scheme /ipa/xml will continue to be Kerberos protected\n"
"at all times. Apache's mod_auth_kerb will continue to require the\n"
"client provides valid Kerberos credentials.\n"
"\n"
"When the WSGI handler routes to /ipa/xml the Kerberos credentials will\n"
"be extracted from the KRB5CCNAME environment variable as provided by\n"
"mod_auth_kerb. Everything else remains the same.\n"
msgstr ""

msgid "RPC command used to log the current user out of their session."
msgstr ""

msgid ""
"\n"
"Sudo Commands\n"
"\n"
"Commands used as building blocks for sudo\n"
"\n"
"EXAMPLES:\n"
"\n"
" Create a new command\n"
"   ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n"
"\n"
" Remove a command\n"
"   ipa sudocmd-del /usr/bin/less\n"
msgstr ""

#, fuzzy
msgid "Sudo Command"
msgstr "विषय किंवा आदेश"

msgid "A description of this command"
msgstr ""

msgid "Sudo Command Groups"
msgstr ""

msgid "Create new Sudo Command."
msgstr ""

msgid "Delete Sudo Command."
msgstr ""

msgid "Search for Sudo Commands."
msgstr ""

msgid "Results should contain primary key attribute only (\"command\")"
msgstr ""

#, fuzzy
msgid "Modify Sudo Command."
msgstr "विषय किंवा आदेश"

msgid "Display Sudo Command."
msgstr ""

msgid ""
"\n"
"Groups of Sudo Commands\n"
"\n"
"Manage groups of Sudo Commands.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new Sudo Command Group:\n"
"   ipa sudocmdgroup-add --desc='administrators commands' admincmds\n"
"\n"
" Remove a Sudo Command Group:\n"
"   ipa sudocmdgroup-del admincmds\n"
"\n"
" Manage Sudo Command Group membership, commands:\n"
"   ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/"
"vim admincmds\n"
"\n"
" Manage Sudo Command Group membership, commands:\n"
"   ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n"
"\n"
" Show a Sudo Command Group:\n"
"   ipa group-show localadmins\n"
msgstr ""

msgid "Sudo Command Group"
msgstr ""

msgid "Group description"
msgstr ""

#, fuzzy
msgid "Commands"
msgstr "आदेशाचे नाव "

msgid "Member Sudo commands"
msgstr ""

msgid "Create new Sudo Command Group."
msgstr ""

msgid "Add members to Sudo Command Group."
msgstr ""

msgid "member sudo command"
msgstr ""

msgid "sudo commands to add"
msgstr ""

msgid "Delete Sudo Command Group."
msgstr ""

msgid "Search for Sudo Command Groups."
msgstr ""

msgid ""
"Results should contain primary key attribute only (\"sudocmdgroup-name\")"
msgstr ""

msgid "Modify Sudo Command Group."
msgstr ""

msgid "Remove members from Sudo Command Group."
msgstr ""

msgid "sudo commands to remove"
msgstr ""

msgid "Display Sudo Command Group."
msgstr ""

msgid ""
"\n"
"Users\n"
"\n"
"Manage user entries. All users are POSIX users.\n"
"\n"
"IPA supports a wide range of username formats, but you need to be aware of "
"any\n"
"restrictions that may apply to your particular environment. For example,\n"
"usernames that start with a digit or usernames that exceed a certain length\n"
"may cause problems for some UNIX systems.\n"
"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n"
"\n"
"Disabling a user account prevents that user from obtaining new Kerberos\n"
"credentials. It does not invalidate any credentials that have already\n"
"been issued.\n"
"\n"
"Password management is not a part of this module. For more information\n"
"about this topic please see: ipa help passwd\n"
"\n"
"Account lockout on password failure happens per IPA master. The user-status\n"
"command can be used to identify which master the user is locked out on.\n"
"It is on that master the administrator must unlock the user.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new user:\n"
"   ipa user-add --first=Tim --last=User --password tuser1\n"
"\n"
" Find all users whose entries include the string \"Tim\":\n"
"   ipa user-find Tim\n"
"\n"
" Find all users with \"Tim\" as the first name:\n"
"   ipa user-find --first=Tim\n"
"\n"
" Disable a user account:\n"
"   ipa user-disable tuser1\n"
"\n"
" Enable a user account:\n"
"   ipa user-enable tuser1\n"
"\n"
" Delete a user:\n"
"   ipa user-del tuser1\n"
msgstr ""

msgid "First name"
msgstr ""

msgid "Last name"
msgstr ""

msgid "Full name"
msgstr ""

msgid "Display name"
msgstr ""

msgid "Initials"
msgstr ""

msgid "Kerberos principal"
msgstr ""

msgid "Kerberos principal expiration"
msgstr ""

msgid "Email address"
msgstr ""

msgid "Prompt to set the user password"
msgstr ""

msgid "Generate a random user password"
msgstr ""

msgid "User ID Number (system will assign one if not provided)"
msgstr ""

msgid "Street address"
msgstr ""

msgid "City"
msgstr ""

msgid "State/Province"
msgstr ""

msgid "ZIP"
msgstr ""

msgid "Telephone Number"
msgstr ""

msgid "Mobile Telephone Number"
msgstr ""

msgid "Pager Number"
msgstr ""

msgid "Fax Number"
msgstr ""

msgid "Org. Unit"
msgstr ""

msgid "Job Title"
msgstr ""

msgid "Manager"
msgstr ""

msgid "Car License"
msgstr ""

msgid "Account disabled"
msgstr ""

msgid "User authentication types"
msgstr ""

msgid "Types of supported user authentication"
msgstr ""

msgid ""
"User category (semantics placed on this attribute are for local "
"interpretation)"
msgstr ""

msgid "RADIUS proxy configuration"
msgstr ""

msgid "RADIUS proxy username"
msgstr ""

msgid "Department Number"
msgstr ""

msgid "Employee Number"
msgstr ""

msgid "Employee Type"
msgstr ""

msgid "Preferred Language"
msgstr ""

msgid "Member of groups"
msgstr ""

msgid "Indirect Member of group"
msgstr ""

msgid "Kerberos keys available"
msgstr ""

msgid "Add a new user."
msgstr ""

msgid "Don't create user private group"
msgstr ""

msgid "Delete a user."
msgstr ""

msgid "Disable a user account."
msgstr ""

msgid "Enable a user account."
msgstr ""

msgid "Search for users."
msgstr ""

msgid "Self"
msgstr ""

msgid "Display user record for current Kerberos principal"
msgstr ""

msgid "Results should contain primary key attribute only (\"login\")"
msgstr ""

msgid "Search for users with these member of groups."
msgstr ""

msgid "Search for users without these member of groups."
msgstr ""

msgid "Search for users with these member of netgroups."
msgstr ""

msgid "Search for users without these member of netgroups."
msgstr ""

msgid "Search for users with these member of roles."
msgstr ""

msgid "Search for users without these member of roles."
msgstr ""

msgid "Search for users with these member of HBAC rules."
msgstr ""

msgid "Search for users without these member of HBAC rules."
msgstr ""

msgid "Search for users with these member of sudo rules."
msgstr ""

msgid "Search for users without these member of sudo rules."
msgstr ""

msgid "Modify a user."
msgstr ""

msgid "Rename the user object"
msgstr ""

msgid "Display information about a user."
msgstr ""

msgid ""
"\n"
"Lockout status of a user account\n"
"\n"
"    An account may become locked if the password is entered incorrectly too\n"
"    many times within a specific time period as controlled by password\n"
"    policy. A locked account is a temporary condition and may be unlocked "
"by\n"
"    an administrator.\n"
"\n"
"    This connects to each IPA master and displays the lockout status on\n"
"    each one.\n"
"\n"
"    To determine whether an account is locked on a given server you need\n"
"    to compare the number of failed logins and the time of the last "
"failure.\n"
"    For an account to be locked it must exceed the maxfail failures within\n"
"    the failinterval duration as specified in the password policy "
"associated\n"
"    with the user.\n"
"\n"
"    The failed login counter is modified only when a user attempts a log in\n"
"    so it is possible that an account may appear locked but the last failed\n"
"    login attempt is older than the lockouttime of the password policy. "
"This\n"
"    means that the user may attempt a login again.\n"
"    "
msgstr ""

msgid ""
"\n"
"Unlock a user account\n"
"\n"
"    An account may become locked if the password is entered incorrectly too\n"
"    many times within a specific time period as controlled by password\n"
"    policy. A locked account is a temporary condition and may be unlocked "
"by\n"
"    an administrator.\n"
"    "
msgstr ""

msgid ""
"\n"
"Auto Membership Rule.\n"
"\n"
"Bring clarity to the membership of hosts and users by configuring inclusive\n"
"or exclusive regex patterns, you can automatically assign a new entries "
"into\n"
"a group or hostgroup based upon attribute information.\n"
"\n"
"A rule is directly associated with a group by name, so you cannot create\n"
"a rule without an accompanying group or hostgroup.\n"
"\n"
"A condition is a regular expression used by 389-ds to match a new incoming\n"
"entry with an automember rule. If it matches an inclusive rule then the\n"
"entry is added to the appropriate group or hostgroup.\n"
"\n"
"A default group or hostgroup could be specified for entries that do not\n"
"match any rule. In case of user entries this group will be a fallback group\n"
"because all users are by default members of group specified in IPA config.\n"
"\n"
"The automember-rebuild command can be used to retroactively run automember "
"rules\n"
"against existing entries, thus rebuilding their membership.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add the initial group or hostgroup:\n"
"   ipa hostgroup-add --desc=\"Web Servers\" webservers\n"
"   ipa group-add --desc=\"Developers\" devel\n"
"\n"
" Add the initial rule:\n"
"   ipa automember-add --type=hostgroup webservers\n"
"   ipa automember-add --type=group devel\n"
"\n"
" Add a condition to the rule:\n"
"   ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-"
"regex=^web[1-9]+\\.example\\.com webservers\n"
"   ipa automember-add-condition --key=manager --type=group --inclusive-"
"regex=^uid=mscott devel\n"
"\n"
" Add an exclusive condition to the rule to prevent auto assignment:\n"
"   ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-"
"regex=^web5\\.example\\.com webservers\n"
"\n"
" Add a host:\n"
"    ipa host-add web1.example.com\n"
"\n"
" Add a user:\n"
"    ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n"
"\n"
" Verify automembership:\n"
"    ipa hostgroup-show webservers\n"
"      Host-group: webservers\n"
"      Description: Web Servers\n"
"      Member hosts: web1.example.com\n"
"\n"
"    ipa group-show devel\n"
"      Group name: devel\n"
"      Description: Developers\n"
"      GID: 1004200000\n"
"      Member users: tuser\n"
"\n"
" Remove a condition from the rule:\n"
"   ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-"
"regex=^web[1-9]+\\.example\\.com webservers\n"
"\n"
" Modify the automember rule:\n"
"    ipa automember-mod\n"
"\n"
" Set the default (fallback) target group:\n"
"    ipa automember-default-group-set --default-group=webservers --"
"type=hostgroup\n"
"    ipa automember-default-group-set --default-group=ipausers --type=group\n"
"\n"
" Remove the default (fallback) target group:\n"
"    ipa automember-default-group-remove --type=hostgroup\n"
"    ipa automember-default-group-remove --type=group\n"
"\n"
" Show the default (fallback) target group:\n"
"    ipa automember-default-group-show --type=hostgroup\n"
"    ipa automember-default-group-show --type=group\n"
"\n"
" Find all of the automember rules:\n"
"    ipa automember-find\n"
"\n"
" Display a automember rule:\n"
"    ipa automember-show --type=hostgroup webservers\n"
"    ipa automember-show --type=group devel\n"
"\n"
" Delete an automember rule:\n"
"    ipa automember-del --type=hostgroup webservers\n"
"    ipa automember-del --type=group devel\n"
"\n"
" Rebuild membership for all users:\n"
"    ipa automember-rebuild --type=group\n"
"\n"
" Rebuild membership for all hosts:\n"
"    ipa automember-rebuild --type=hostgroup\n"
"\n"
" Rebuild membership for specified users:\n"
"    ipa automember-rebuild --users=tuser1 --users=tuser2\n"
"\n"
" Rebuild membership for specified hosts:\n"
"    ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example."
"com\n"
msgstr ""

msgid "A description of this auto member rule"
msgstr ""

msgid "Default (fallback) Group"
msgstr ""

msgid "Default group for entries to land"
msgstr ""

msgid "Add an automember rule."
msgstr ""

msgid "Automember Rule"
msgstr ""

msgid "Grouping Type"
msgstr ""

msgid "Grouping to which the rule applies"
msgstr ""

msgid "Add conditions to an automember rule."
msgstr ""

msgid "Inclusive Regex"
msgstr ""

msgid "Exclusive Regex"
msgstr ""

msgid "Attribute Key"
msgstr ""

msgid ""
"Attribute to filter via regex. For example fqdn for a host, or manager for a "
"user"
msgstr ""

msgid "Conditions that could not be added"
msgstr ""

msgid "Number of conditions added"
msgstr ""

msgid "Remove default (fallback) group for all unmatched entries."
msgstr ""

msgid "Set default (fallback) group for all unmatched entries."
msgstr ""

msgid "Default (fallback) group for entries to land"
msgstr ""

msgid "Display information about the default (fallback) automember groups."
msgstr ""

msgid "Delete an automember rule."
msgstr ""

msgid "Search for automember rules."
msgstr ""

msgid "Modify an automember rule."
msgstr ""

msgid "Rebuild auto membership."
msgstr ""

msgid "Rebuild membership for all members of a grouping"
msgstr ""

msgid "Rebuild membership for specified users"
msgstr ""

msgid "Rebuild membership for specified hosts"
msgstr ""

msgid "No wait"
msgstr ""

msgid "Don't wait for rebuilding membership"
msgstr ""

msgid "Remove conditions from an automember rule."
msgstr ""

msgid "Conditions that could not be removed"
msgstr ""

msgid "Number of conditions removed"
msgstr ""

msgid "Display information about an automember rule."
msgstr ""

msgid ""
"\n"
"IPA certificate operations\n"
"\n"
"Implements a set of commands for managing server SSL certificates.\n"
"\n"
"Certificate requests exist in the form of a Certificate Signing Request "
"(CSR)\n"
"in PEM format.\n"
"\n"
"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n"
"subject to values configured in the server.\n"
"\n"
"A certificate is stored with a service principal and a service principal\n"
"needs a host.\n"
"\n"
"In order to request a certificate:\n"
"\n"
"* The host must exist\n"
"* The service must exist (or you use the --add option to automatically add "
"it)\n"
"\n"
"SEARCHING:\n"
"\n"
"Certificates may be searched on by certificate subject, serial number,\n"
"revocation reason, validity dates and the issued date.\n"
"\n"
"When searching on dates the _from date does a >= search and the _to date\n"
"does a <= search. When combined these are done as an AND.\n"
"\n"
"Dates are treated as GMT to match the dates in the certificates.\n"
"\n"
"The date format is YYYY-mm-dd.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Request a new certificate and add the principal:\n"
"   ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
"\n"
" Retrieve an existing certificate:\n"
"   ipa cert-show 1032\n"
"\n"
" Revoke a certificate (see RFC 5280 for reason details):\n"
"   ipa cert-revoke --revocation-reason=6 1032\n"
"\n"
" Remove a certificate from revocation hold status:\n"
"   ipa cert-remove-hold 1032\n"
"\n"
" Check the status of a signing request:\n"
"   ipa cert-status 10\n"
"\n"
" Search for certificates by hostname:\n"
"   ipa cert-find --subject=ipaserver.example.com\n"
"\n"
" Search for revoked certificates by reason:\n"
"   ipa cert-find --revocation-reason=5\n"
"\n"
" Search for certificates based on issuance date\n"
"   ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
"\n"
"IPA currently immediately issues (or declines) all certificate requests so\n"
"the status of a request is not normally useful. This is for future use\n"
"or the case where a CA does not immediately issue a certificate.\n"
"\n"
"The following revocation reasons are supported:\n"
"\n"
"    * 0 - unspecified\n"
"    * 1 - keyCompromise\n"
"    * 2 - cACompromise\n"
"    * 3 - affiliationChanged\n"
"    * 4 - superseded\n"
"    * 5 - cessationOfOperation\n"
"    * 6 - certificateHold\n"
"    * 8 - removeFromCRL\n"
"    * 9 - privilegeWithdrawn\n"
"    * 10 - aACompromise\n"
"\n"
"Note that reason code 7 is not used.  See RFC 5280 for more details:\n"
"\n"
"http://www.ietf.org/rfc/rfc5280.txt\n"
msgstr ""

msgid "Checks if any of the servers has the CA service enabled."
msgstr ""

msgid "Search for existing certificates."
msgstr ""

msgid "Match cn attribute in subject"
msgstr ""

msgid "Reason"
msgstr ""

msgid "Reason for revoking the certificate (0-10)"
msgstr ""

msgid "minimum serial number"
msgstr ""

msgid "maximum serial number"
msgstr ""

msgid "match the common name exactly"
msgstr ""

msgid "Valid not after from this date (YYYY-mm-dd)"
msgstr ""

msgid "Valid not after to this date (YYYY-mm-dd)"
msgstr ""

msgid "Valid not before from this date (YYYY-mm-dd)"
msgstr ""

msgid "Valid not before to this date (YYYY-mm-dd)"
msgstr ""

msgid "Issued on from this date (YYYY-mm-dd)"
msgstr ""

msgid "Issued on to this date (YYYY-mm-dd)"
msgstr ""

msgid "Revoked on from this date (YYYY-mm-dd)"
msgstr ""

msgid "Revoked on to this date (YYYY-mm-dd)"
msgstr ""

msgid "Maximum number of certs returned"
msgstr ""

msgid "Take a revoked certificate off hold."
msgstr ""

msgid "Serial number"
msgstr ""

msgid "Serial number in decimal or if prefixed with 0x in hexadecimal"
msgstr ""

msgid "Submit a certificate signing request."
msgstr ""

msgid "CSR"
msgstr ""

msgid "Service principal for this certificate (e.g. HTTP/test.example.com)"
msgstr ""

msgid "automatically add the principal if it doesn't exist"
msgstr ""

msgid "Revoke a certificate."
msgstr ""

msgid "Retrieve an existing certificate."
msgstr ""

msgid "Output filename"
msgstr ""

msgid "File to store the certificate in."
msgstr ""

msgid "Check the status of a certificate signing request."
msgstr ""

msgid "Request id"
msgstr ""

msgid ""
"\n"
"Groups of users\n"
"\n"
"Manage groups of users. By default, new groups are POSIX groups. You\n"
"can add the --nonposix option to the group-add command to mark a new group\n"
"as non-POSIX. You can use the --posix argument with the group-mod command\n"
"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
"converted to non-POSIX groups.\n"
"\n"
"Every group must have a description.\n"
"\n"
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
"supported but can have an impact on your file permissions. It is not "
"necessary\n"
"to supply a GID when creating a group. IPA will generate one automatically\n"
"if it is not provided.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new group:\n"
"   ipa group-add --desc='local administrators' localadmins\n"
"\n"
" Add a new non-POSIX group:\n"
"   ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
"\n"
" Convert a non-POSIX group to posix:\n"
"   ipa group-mod --posix remoteadmins\n"
"\n"
" Add a new POSIX group with a specific Group ID number:\n"
"   ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
"\n"
" Add a new POSIX group and let IPA assign a Group ID number:\n"
"   ipa group-add --desc='printer admins' printeradmins\n"
"\n"
" Remove a group:\n"
"   ipa group-del unixadmins\n"
"\n"
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
"   ipa group-add-member --groups=remoteadmins localadmins\n"
"\n"
" Add multiple users to the \"localadmins\" group:\n"
"   ipa group-add-member --users=test1 --users=test2 localadmins\n"
"\n"
" Remove a user from the \"localadmins\" group:\n"
"   ipa group-remove-member --users=test2 localadmins\n"
"\n"
" Display information about a named group.\n"
"   ipa group-show localadmins\n"
"\n"
"External group membership is designed to allow users from trusted domains\n"
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
"External members should be added to groups that specifically created as\n"
"external and non-POSIX. Such group later should be included into one of "
"POSIX\n"
"groups.\n"
"\n"
"An external group member is currently a Security Identifier (SID) as defined "
"by\n"
"the trusted domain. When adding external group members, it is possible to\n"
"specify them in either SID, or DOM\\name, or name@domain format. IPA will "
"attempt\n"
"to resolve passed name to SID with the use of Global Catalog of the trusted "
"domain.\n"
"\n"
"Example:\n"
"\n"
"1. Create group for the trusted domain admins' mapping and their local POSIX "
"group:\n"
"\n"
"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
"--external\n"
"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
"\n"
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
"ad_admins_external\n"
"   group:\n"
"\n"
"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
"\n"
"3. Allow members of ad_admins_external group to be associated with ad_admins "
"POSIX group:\n"
"\n"
"   ipa group-add-member ad_admins --groups ad_admins_external\n"
"\n"
"4. List members of external members of ad_admins_external group to see their "
"SIDs:\n"
"\n"
"   ipa group-show ad_admins_external\n"
msgstr ""

msgid "GID (use this option to set it manually)"
msgstr ""

msgid "Indirect Member users"
msgstr ""

msgid "Indirect Member groups"
msgstr ""

msgid "Create a new group."
msgstr ""

msgid "Create as a non-POSIX group"
msgstr ""

msgid "Allow adding external non-IPA members from trusted domains"
msgstr ""

msgid "Add members to a group."
msgstr ""

msgid "External member"
msgstr ""

msgid "Members of a trusted domain in DOM\\name or name@domain form"
msgstr ""

msgid "Delete group."
msgstr ""

msgid "Detach a managed group from a user."
msgstr ""

msgid "Search for groups."
msgstr ""

msgid "search for private groups"
msgstr ""

msgid "search for POSIX groups"
msgstr ""

msgid ""
"search for groups with support of external non-IPA members from trusted "
"domains"
msgstr ""

msgid "search for non-POSIX groups"
msgstr ""

msgid "Results should contain primary key attribute only (\"group-name\")"
msgstr ""

msgid "Search for groups with these member users."
msgstr ""

msgid "Search for groups without these member users."
msgstr ""

msgid "Search for groups with these member groups."
msgstr ""

msgid "Search for groups without these member groups."
msgstr ""

msgid "Search for groups with these member of groups."
msgstr ""

msgid "Search for groups without these member of groups."
msgstr ""

msgid "Search for groups with these member of netgroups."
msgstr ""

msgid "Search for groups without these member of netgroups."
msgstr ""

msgid "Search for groups with these member of roles."
msgstr ""

msgid "Search for groups without these member of roles."
msgstr ""

msgid "Search for groups with these member of HBAC rules."
msgstr ""

msgid "Search for groups without these member of HBAC rules."
msgstr ""

msgid "Search for groups with these member of sudo rules."
msgstr ""

msgid "Search for groups without these member of sudo rules."
msgstr ""

msgid "Modify a group."
msgstr ""

msgid "change to a POSIX group"
msgstr ""

msgid "change to support external non-IPA members from trusted domains"
msgstr ""

msgid "Rename the group object"
msgstr ""

msgid "Remove members from a group."
msgstr ""

msgid "Display information about a named group."
msgstr ""

msgid ""
"\n"
"Simulate use of Host-based access controls\n"
"\n"
"HBAC rules control who can access what services on what hosts.\n"
"You can use HBAC to control which users or groups can access a service,\n"
"or group of services, on a target host.\n"
"\n"
"Since applying HBAC rules implies use of a production environment,\n"
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
"having access to the production environment.\n"
"\n"
" Test user coming to a service on a named host against\n"
" existing enabled rules.\n"
"\n"
" ipa hbactest --user= --host= --service=\n"
"              [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
"              [--sizelimit= ]\n"
"\n"
" --user, --host, and --service are mandatory, others are optional.\n"
"\n"
" If --rules is specified simulate enabling of the specified rules and test\n"
" the login of the user using only these rules.\n"
"\n"
" If --enabled is specified, all enabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --disabled is specified, all disabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --nodetail is specified, do not return information about rules matched/"
"not matched.\n"
"\n"
" If both --rules and --enabled are specified, apply simulation to --rules "
"_and_\n"
" all IPA enabled rules.\n"
"\n"
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
" By default there is a IPA-wide limit to number of entries fetched, you can "
"change it\n"
" with --sizelimit option.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Use all enabled HBAC rules in IPA database to simulate:\n"
"    $ ipa  hbactest --user=a1a --host=bar --service=sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Matched rules: allow_all\n"
"\n"
"    2. Disable detailed summary of how rules were applied:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"\n"
"    3. Test explicitly specified HBAC rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
"          --rules=myrule --rules=my-second-rule\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: myrule\n"
"\n"
"    4. Use all enabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
"          --rules=myrule --rules=my-second-rule --enabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Matched rules: allow_all\n"
"\n"
"    5. Test all disabled HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: new-rule\n"
"\n"
"    6. Test all disabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
"          --rules=myrule --rules=my-second-rule --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"\n"
"    7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
"          --enabled --disabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Not matched rules: new-rule\n"
"      Matched rules: allow_all\n"
"\n"
"\n"
"HBACTEST AND TRUSTED DOMAINS\n"
"\n"
"When an external trusted domain is configured in IPA, HBAC rules are also "
"applied\n"
"on users accessing IPA resources from the trusted domain. Trusted domain "
"users and\n"
"groups (and their SIDs) can be then assigned to external groups which can "
"be\n"
"members of POSIX groups in IPA which can be used in HBAC rules and thus "
"allowing\n"
"access to resources protected by the HBAC system.\n"
"\n"
"hbactest plugin is capable of testing access for both local IPA users and "
"users\n"
"from the trusted domains, either by a fully qualified user name or by user "
"SID.\n"
"Such user names need to have a trusted domain specified as a short name\n"
"(DOMAIN\\Administrator) or with a user principal name (UPN), "
"Administrator@ad.test.\n"
"\n"
"Please note that hbactest executed with a trusted domain user as --user "
"parameter\n"
"can be only run by members of \"trust admins\" group.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Test if a user from a trusted domain specified by its shortname "
"matches any\n"
"       rule:\n"
"\n"
"    $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    2. Test if a user from a trusted domain specified by its domain name "
"matches\n"
"       any rule:\n"
"\n"
"    $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    3. Test if a user from a trusted domain specified by its SID matches any "
"rule:\n"
"\n"
"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n"
"            --host `hostname` --service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    4. Test if other user from a trusted domain specified by its SID matches "
"any rule:\n"
"\n"
"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n"
"            --host `hostname` --service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Not matched rules: can_login\n"
"\n"
"   5. Test if other user from a trusted domain specified by its shortname "
"matches\n"
"       any rule:\n"
"\n"
"    $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
"sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Not matched rules: can_login\n"
msgstr ""

msgid "Simulate use of Host-based access controls"
msgstr ""

msgid "Target host"
msgstr ""

msgid "Rules to test. If not specified, --enabled is assumed"
msgstr ""

msgid "Hide details which rules are matched, not matched, or invalid"
msgstr ""

msgid "Include all enabled IPA rules into test [default]"
msgstr ""

msgid "Include all disabled IPA rules into test"
msgstr ""

msgid "Maximum number of rules to process when no --rules is specified"
msgstr ""

msgid "Warning"
msgstr ""

msgid "Matched rules"
msgstr ""

msgid "Not matched rules"
msgstr ""

msgid "Non-existent or invalid rules"
msgstr ""

msgid "Result of simulation"
msgstr ""

msgid ""
"\n"
"Cross-realm trusts\n"
"\n"
"Manage trust relationship between IPA and Active Directory domains.\n"
"\n"
"In order to allow users from a remote domain to access resources in IPA\n"
"domain, trust relationship needs to be established. Currently IPA supports\n"
"only trusts between IPA and Active Directory domains under control of "
"Windows\n"
"Server 2008 or later, with functional level 2008 or later.\n"
"\n"
"Please note that DNS on both IPA and Active Directory domain sides should "
"be\n"
"configured properly to discover each other. Trust relationship relies on\n"
"ability to discover special resources in the other domain via DNS records.\n"
"\n"
"Examples:\n"
"\n"
"1. Establish cross-realm trust with Active Directory using AD administrator\n"
"   credentials:\n"
"\n"
"   ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --"
"password\n"
"\n"
"2. List all existing trust relationships:\n"
"\n"
"   ipa trust-find\n"
"\n"
"3. Show details of the specific trust relationship:\n"
"\n"
"   ipa trust-show <ad.domain>\n"
"\n"
"4. Delete existing trust relationship:\n"
"\n"
"   ipa trust-del <ad.domain>\n"
"\n"
"Once trust relationship is established, remote users will need to be mapped\n"
"to local POSIX groups in order to actually use IPA resources. The mapping "
"should\n"
"be done via use of external membership of non-POSIX group and then this "
"group\n"
"should be included into one of local POSIX groups.\n"
"\n"
"Example:\n"
"\n"
"1. Create group for the trusted domain admins' mapping and their local POSIX "
"group:\n"
"\n"
"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
"--external\n"
"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
"\n"
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
"ad_admins_external\n"
"   group:\n"
"\n"
"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
"\n"
"3. Allow members of ad_admins_external group to be associated with ad_admins "
"POSIX group:\n"
"\n"
"   ipa group-add-member ad_admins --groups ad_admins_external\n"
"\n"
"4. List members of external members of ad_admins_external group to see their "
"SIDs:\n"
"\n"
"   ipa group-show ad_admins_external\n"
"\n"
"\n"
"GLOBAL TRUST CONFIGURATION\n"
"\n"
"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n"
"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n"
"identifiers are then used when communicating with a trusted domain of the\n"
"particular type.\n"
"\n"
"1. Show global trust configuration for Active Directory type of trusts:\n"
"\n"
"   ipa trustconfig-show --type ad\n"
"\n"
"2. Modify global configuration for all trusts of Active Directory type and "
"set\n"
"   a different fallback primary group (fallback primary group GID is used "
"as\n"
"   a primary user GID if user authenticating to IPA domain does not have any "
"other\n"
"   primary GID already set):\n"
"\n"
"   ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD "
"group\"\n"
"\n"
"3. Change primary fallback group back to default hidden group (any group "
"with\n"
"   posixGroup object class is allowed):\n"
"\n"
"   ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
"\"\n"
msgstr ""

msgid "Domain NetBIOS name"
msgstr ""

msgid "Domain Security Identifier"
msgstr ""

msgid "SID blacklist incoming"
msgstr ""

msgid "SID blacklist outgoing"
msgstr ""

msgid "Security Identifier"
msgstr ""

msgid "NetBIOS name"
msgstr ""

msgid "Domain GUID"
msgstr ""

msgid "Fallback primary group"
msgstr ""

#, fuzzy
msgid "Domain name"
msgstr "आदेशाचे नाव "

msgid "Trusted domain partner"
msgstr ""

msgid "Determine whether ipa-adtrust-install has been run on this system"
msgstr ""

msgid ""
"Determine whether Schema Compatibility plugin is configured to serve trusted "
"domain users and groups"
msgstr ""

msgid "Determine whether ipa-adtrust-install has been run with sidgen task"
msgstr ""

msgid ""
"\n"
"Add new trust to use.\n"
"\n"
"This command establishes trust relationship to another domain\n"
"which becomes 'trusted'. As result, users of the trusted domain\n"
"may access resources of this domain.\n"
"\n"
"Only trusts to Active Directory domains are supported right now.\n"
"\n"
"The command can be safely run multiple times against the same domain,\n"
"this will cause change to trust relationship credentials on both\n"
"sides.\n"
"    "
msgstr ""

msgid "Trust type (ad for Active Directory, default)"
msgstr ""

msgid "Active Directory domain administrator"
msgstr ""

msgid "Active Directory domain administrator's password"
msgstr ""

msgid "Domain controller for the Active Directory domain (optional)"
msgstr ""

msgid "Shared secret for the trust"
msgstr ""

msgid "First Posix ID of the range reserved for the trusted domain"
msgstr ""

msgid "Size of the ID range reserved for the trusted domain"
msgstr ""

msgid "Range type"
msgstr ""

msgid ""
"Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust"
msgstr ""

msgid "Delete a trust."
msgstr ""

msgid "Refresh list of the domains associated with the trust"
msgstr ""

msgid "Search for trusts."
msgstr ""

msgid "Results should contain primary key attribute only (\"realm\")"
msgstr ""

msgid ""
"\n"
"Modify a trust (for future use).\n"
"\n"
"    Currently only the default option to modify the LDAP attributes is\n"
"    available. More specific options will be added in coming releases.\n"
"    "
msgstr ""

msgid "Resolve security identifiers of users and groups in trusted domains"
msgstr ""

msgid "Security Identifiers (SIDs)"
msgstr ""

msgid "Display information about a trust."
msgstr ""

msgid "Modify global trust configuration."
msgstr ""

msgid "Show global trust configuration."
msgstr ""

msgid "Allow access from the trusted domain"
msgstr ""

msgid "Remove information about the domain associated with the trust."
msgstr ""

msgid "Disable use of IPA resources by the domain of the trust"
msgstr ""

msgid "Allow use of IPA resources by the domain of the trust"
msgstr ""

msgid "Search domains of the trust"
msgstr ""

msgid "Results should contain primary key attribute only (\"domain\")"
msgstr ""

msgid "Modify trustdomain of the trust"
msgstr ""

msgid ""
"\n"
"ID ranges\n"
"\n"
"Manage ID ranges  used to map Posix IDs to SIDs and back.\n"
"\n"
"There are two type of ID ranges which are both handled by this utility:\n"
"\n"
" - the ID ranges of the local domain\n"
" - the ID ranges of trusted remote domains\n"
"\n"
"Both types have the following attributes in common:\n"
"\n"
" - base-id: the first ID of the Posix ID range\n"
" - range-size: the size of the range\n"
"\n"
"With those two attributes a range object can reserve the Posix IDs starting\n"
"with base-id up to but not including base-id+range-size exclusively.\n"
"\n"
"Additionally an ID range of the local domain may set\n"
" - rid-base: the first RID(*) of the corresponding RID range\n"
" - secondary-rid-base: first RID of the secondary RID range\n"
"\n"
"and an ID range of a trusted domain must set\n"
" - rid-base: the first RID of the corresponding RID range\n"
" - sid: domain SID of the trusted domain\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for a trusted domain\n"
"\n"
"Since there might be more than one trusted domain the domain SID must be "
"given\n"
"while creating the ID range.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
"base=0                   --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
"\n"
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
"assign Posix UIDs to users from the trusted domain.\n"
"\n"
"If e.g. a range for a trusted domain is configured with the following "
"values:\n"
" base-id = 1200000\n"
" range-size = 200000\n"
" rid-base = 0\n"
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
"So\n"
"RID 1000 <-> Posix ID 1201000\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for the local domain\n"
"\n"
"To create an ID range for the local domain it is not necessary to specify a\n"
"domain SID. But since it is possible that a user and a group can have the "
"same\n"
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
"base=1000                   --secondary-rid-base=1000000 local_range\n"
"\n"
"The data from the ID ranges of the local domain are used by the IPA server\n"
"internally to assign SIDs to IPA users and groups. The SID will then be "
"stored\n"
"in the user or group objects.\n"
"\n"
"If e.g. the ID range for the local domain is configured with the values "
"from\n"
"the example above then a new user with the UID 1200007 will get the RID "
"1007.\n"
"If this RID is already used by a group the RID will be 1000007. This can "
"only\n"
"happen if a user or a group object was created with a fixed ID because the\n"
"automatic assignment will not assign the same ID twice. Since there are "
"only\n"
"users and groups sharing the same ID namespace it is sufficient to have "
"only\n"
"one fallback range to handle conflicts.\n"
"\n"
"To find the Posix ID for a given RID from the local domain it has to be\n"
"checked first if the RID falls in the primary or secondary RID range and\n"
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
"and the base-id has to be added to get the Posix ID.\n"
"\n"
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
"must not be used at all. The ID range for the local domain will be created\n"
"during installation or upgrade from an older version. The ID range for a\n"
"trusted domain will be created together with the trust by 'ipa trust-"
"add ...'.\n"
"\n"
"USE CASES:\n"
"\n"
"  Add an ID range from a transitively trusted domain\n"
"\n"
"    If the trusted domain (A) trusts another domain (B) as well and this "
"trust\n"
"    is transitive 'ipa trust-add domain-A' will only create a range for\n"
"    domain A.  The ID range for domain B must be added manually.\n"
"\n"
"  Add an additional ID range for the local domain\n"
"\n"
"    If the ID range of the local domain is exhausted, i.e. no new IDs can "
"be\n"
"    assigned to Posix users or groups by the DNA plugin, a new range has to "
"be\n"
"    created to allow new users and groups to be added. (Currently there is "
"no\n"
"    connection between this range CLI and the DNA plugin, but a future "
"version\n"
"    might be able to modify the configuration of the DNS plugin as well)\n"
"\n"
"In general it is not necessary to modify or delete ID ranges. If there is "
"no\n"
"other way to achieve a certain configuration than to modify or delete an ID\n"
"range it should be done with great care. Because UIDs are stored in the "
"file\n"
"system and are used for access control it might be possible that users are\n"
"allowed to access files of other users if an ID range got deleted and "
"reused\n"
"for a different domain.\n"
"\n"
"(*) The RID is typically the last integer of a user or group SID which "
"follows\n"
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
"from\n"
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
"the\n"
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
"groups.\n"
"\n"
"WARNING:\n"
"\n"
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
"the\n"
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"on the local ranges set via this family of commands.\n"
"\n"
"Manual configuration change has to be done in the DNA plugin configuration "
"for\n"
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
"be\n"
"modified to match the new range.\n"
msgstr ""

#, fuzzy
msgid "Range name"
msgstr "आदेशाचे नाव "

msgid "First Posix ID of the range"
msgstr ""

msgid "Number of IDs in the range"
msgstr ""

msgid "First RID of the corresponding RID range"
msgstr ""

msgid "First RID of the secondary RID range"
msgstr ""

msgid "Domain SID of the trusted domain"
msgstr ""

msgid "Name of the trusted domain"
msgstr ""

msgid "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local"
msgstr ""

msgid ""
"\n"
"Add new ID range.\n"
"\n"
"    To add a new ID range you always have to specify\n"
"\n"
"        --base-id\n"
"        --range-size\n"
"\n"
"    Additionally\n"
"\n"
"        --rid-base\n"
"        --secondary-rid-base\n"
"\n"
"    may be given for a new ID range for the local domain while\n"
"\n"
"        --rid-base\n"
"        --dom-sid\n"
"\n"
"    must be given to add a new range for a trusted AD domain.\n"
"\n"
"    WARNING:\n"
"\n"
"    DNA plugin in 389-ds will allocate IDs based on the ranges configured "
"for the\n"
"    local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"    on the local ranges set via this family of commands.\n"
"\n"
"    Manual configuration change has to be done in the DNA plugin "
"configuration for\n"
"    the new local range. Specifically, The dnaNextRange attribute of "
"'cn=Posix\n"
"    IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has "
"to be\n"
"    modified to match the new range.\n"
"    "
msgstr ""

msgid "Delete an ID range."
msgstr ""

msgid "Search for ranges."
msgstr ""

msgid "Modify ID range."
msgstr ""

msgid "Display information about a range."
msgstr ""

msgid ""
"\n"
"OTP Tokens\n"
"\n"
"Manage OTP tokens.\n"
"\n"
"IPA supports the use of OTP tokens for multi-factor authentication. This\n"
"code enables the management of OTP tokens.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new token:\n"
"   ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n"
"\n"
" Examine the token:\n"
"   ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n"
"\n"
" Change the vendor:\n"
"   ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat"
"\"\n"
"\n"
" Delete a token:\n"
"   ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n"
msgstr ""

msgid "Unique ID"
msgstr ""

msgid "Type of the token"
msgstr ""

msgid "Token description (informational only)"
msgstr ""

msgid "Owner"
msgstr ""

msgid "Assigned user of the token (default: self)"
msgstr ""

msgid "Assigned manager of the token (default: self)"
msgstr ""

msgid "Disabled"
msgstr ""

msgid "Mark the token as disabled (default: false)"
msgstr ""

msgid "Validity start"
msgstr ""

msgid "First date/time the token can be used"
msgstr ""

msgid "Validity end"
msgstr ""

msgid "Last date/time the token can be used"
msgstr ""

msgid "Vendor"
msgstr ""

msgid "Token vendor name (informational only)"
msgstr ""

msgid "Model"
msgstr ""

msgid "Token model (informational only)"
msgstr ""

msgid "Serial"
msgstr ""

msgid "Token serial (informational only)"
msgstr ""

msgid "Token secret (Base32; default: random)"
msgstr ""

msgid "Token hash algorithm"
msgstr ""

msgid "Digits"
msgstr ""

msgid "Number of digits each token code will have"
msgstr ""

msgid "Clock offset"
msgstr ""

msgid "TOTP token / IPA server time difference"
msgstr ""

msgid "Clock interval"
msgstr ""

msgid "Length of TOTP token code validity"
msgstr ""

msgid "Counter"
msgstr ""

msgid "Initial counter for the HOTP token"
msgstr ""

msgid "Add a new OTP token."
msgstr ""

#, fuzzy
msgid "(deprecated)"
msgstr "वापरात नसलेले पर्याय"

msgid "Do not display QR code"
msgstr ""

msgid "Add users that can manage this token."
msgstr ""

msgid "Delete an OTP token."
msgstr ""

msgid "Search for OTP token."
msgstr ""

msgid "Results should contain primary key attribute only (\"id\")"
msgstr ""

msgid "Modify a OTP token."
msgstr ""

msgid "Rename the OTP token object"
msgstr ""

msgid "Display information about an OTP token."
msgstr ""

msgid ""
"\n"
"Sudo Rules\n"
"\n"
"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
"give certain users (or groups of users) the ability to run some (or all)\n"
"commands as root or another user while providing an audit trail of the\n"
"commands and their arguments.\n"
"\n"
"IPA provides a means to configure the various aspects of Sudo:\n"
"   Users: The user(s)/group(s) allowed to invoke Sudo.\n"
"   Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
"Sudo.\n"
"   Allow Command: The specific command(s) permitted to be run via Sudo.\n"
"   Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
"   RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
"invoked with.\n"
"   RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
"   Options: The various Sudoers Options that can modify Sudo's behavior.\n"
"\n"
"An order can be added to a sudorule to control the order in which they\n"
"are evaluated (if the client supports it). This order is an integer and\n"
"must be unique.\n"
"\n"
"IPA provides a designated binddn to use with Sudo located at:\n"
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
"\n"
"To enable the binddn run the following command to set the password:\n"
"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
"dc=com\n"
"\n"
"EXAMPLES:\n"
"\n"
" Create a new rule:\n"
"   ipa sudorule-add readfiles\n"
"\n"
" Add sudo command object and add it as allowed command in the rule:\n"
"   ipa sudocmd-add /usr/bin/less\n"
"   ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n"
"\n"
" Add a host to the rule:\n"
"   ipa sudorule-add-host readfiles --hosts server.example.com\n"
"\n"
" Add a user to the rule:\n"
"   ipa sudorule-add-user readfiles --users jsmith\n"
"\n"
" Add a special Sudo rule for default Sudo server configuration:\n"
"   ipa sudorule-add defaults\n"
"\n"
" Set a default Sudo option:\n"
"   ipa sudorule-add-option defaults --sudooption '!authenticate'\n"
msgstr ""

#, fuzzy
msgid "Command category"
msgstr "आदेशाचे नाव "

msgid "Command category the rule applies to"
msgstr ""

msgid "RunAs User category"
msgstr ""

msgid "RunAs User category the rule applies to"
msgstr ""

msgid "RunAs Group category"
msgstr ""

msgid "RunAs Group category the rule applies to"
msgstr ""

msgid "Sudo order"
msgstr ""

msgid "integer to order the Sudo rules"
msgstr ""

msgid "External User"
msgstr ""

msgid "External User the rule applies to (sudorule-find only)"
msgstr ""

msgid "Host Masks"
msgstr ""

#, fuzzy
msgid "Sudo Allow Commands"
msgstr "विषय किंवा आदेश"

msgid "Sudo Deny Commands"
msgstr ""

msgid "Sudo Allow Command Groups"
msgstr ""

msgid "Sudo Deny Command Groups"
msgstr ""

msgid "RunAs Users"
msgstr ""

msgid "Run as a user"
msgstr ""

msgid "Groups of RunAs Users"
msgstr ""

msgid "Run as any user within a specified group"
msgstr ""

msgid "RunAs External User"
msgstr ""

msgid "External User the commands can run as (sudorule-find only)"
msgstr ""

msgid "External Groups of RunAs Users"
msgstr ""

msgid "External Groups of users that the command can run as"
msgstr ""

msgid "RunAs Groups"
msgstr ""

msgid "Run with the gid of a specified POSIX group"
msgstr ""

msgid "RunAs External Group"
msgstr ""

msgid "External Group the commands can run as (sudorule-find only)"
msgstr ""

msgid "Sudo Option"
msgstr ""

msgid "Create new Sudo Rule."
msgstr ""

msgid "Add commands and sudo command groups affected by Sudo Rule."
msgstr ""

msgid "member sudo command group"
msgstr ""

msgid "sudo command groups to add"
msgstr ""

msgid "Add hosts and hostgroups affected by Sudo Rule."
msgstr ""

msgid "host masks of allowed hosts"
msgstr ""

msgid "Add an option to the Sudo Rule."
msgstr ""

msgid "Add group for Sudo to execute as."
msgstr ""

msgid "Add users and groups for Sudo to execute as."
msgstr ""

msgid "Add users and groups affected by Sudo Rule."
msgstr ""

msgid "Delete Sudo Rule."
msgstr ""

msgid "Disable a Sudo Rule."
msgstr ""

msgid "Enable a Sudo Rule."
msgstr ""

msgid "Search for Sudo Rule."
msgstr ""

msgid "Results should contain primary key attribute only (\"sudorule-name\")"
msgstr ""

msgid "Modify Sudo Rule."
msgstr ""

msgid "Remove commands and sudo command groups affected by Sudo Rule."
msgstr ""

msgid "sudo command groups to remove"
msgstr ""

msgid "Remove hosts and hostgroups affected by Sudo Rule."
msgstr ""

msgid "Remove an option from Sudo Rule."
msgstr ""

msgid "Remove group for Sudo to execute as."
msgstr ""

msgid "Remove users and groups for Sudo to execute as."
msgstr ""

msgid "Remove users and groups affected by Sudo Rule."
msgstr ""

msgid "Display Sudo Rule."
msgstr ""

msgid "Time limit of search in seconds (0 is unlimited)"
msgstr ""

msgid "Maximum number of entries returned (0 is unlimited)"
msgstr ""

msgid ""
"\n"
"Manage CA ACL rules.\n"
"\n"
"This plugin is used to define rules governing which principals are\n"
"permitted to have certificates issued using a given certificate\n"
"profile.\n"
"\n"
"PROFILE ID SYNTAX:\n"
"\n"
"A Profile ID is a string without spaces or punctuation starting with a "
"letter\n"
"and followed by a sequence of letters, digits or underscore (\"_\").\n"
"\n"
"EXAMPLES:\n"
"\n"
"  Create a CA ACL \"test\" that grants all users access to the\n"
"  \"UserCert\" profile:\n"
"    ipa caacl-add test --usercat=all\n"
"    ipa caacl-add-profile test --certprofiles UserCert\n"
"\n"
"  Display the properties of a named CA ACL:\n"
"    ipa caacl-show test\n"
"\n"
"  Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n"
"    ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n"
"    ipa caacl-add-user alice_dnp3 --user=alice\n"
"\n"
"  Disable a CA ACL:\n"
"    ipa caacl-disable test\n"
"\n"
"  Remove a CA ACL:\n"
"    ipa caacl-del test\n"
msgstr ""

#, fuzzy
msgid "ACL name"
msgstr "आदेशाचे नाव "

msgid "Profile category"
msgstr ""

msgid "Profile category the ACL applies to"
msgstr ""

msgid "User category the ACL applies to"
msgstr ""

msgid "Host category the ACL applies to"
msgstr ""

msgid "Service category the ACL applies to"
msgstr ""

msgid "Profiles"
msgstr ""

msgid "Create a new CA ACL."
msgstr ""

msgid "Add target hosts and hostgroups to a CA ACL."
msgstr ""

msgid "Add profiles to a CA ACL."
msgstr ""

msgid "member Certificate Profile"
msgstr ""

msgid "Certificate Profiles to add"
msgstr ""

msgid "Add services to a CA ACL."
msgstr ""

msgid "Add users and groups to a CA ACL."
msgstr ""

msgid "Delete a CA ACL."
msgstr ""

msgid "Disable a CA ACL."
msgstr ""

msgid "Enable a CA ACL."
msgstr ""

msgid "Search for CA ACLs."
msgstr ""

msgid "Modify a CA ACL."
msgstr ""

msgid "Remove target hosts and hostgroups from a CA ACL."
msgstr ""

msgid "Remove profiles from a CA ACL."
msgstr ""

msgid "Certificate Profiles to remove"
msgstr ""

msgid "Remove services from a CA ACL."
msgstr ""

msgid "Remove users and groups from a CA ACL."
msgstr ""

msgid "Display the properties of a CA ACL."
msgstr ""

msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)"
msgstr ""

msgid "Maximum number of records to search (-1 or 0 is unlimited)"
msgstr ""

msgid ""
"\n"
"Raise the IPA Domain Level.\n"
msgstr ""

msgid "Query current Domain Level."
msgstr ""

msgid "Current domain level:"
msgstr ""

msgid "Change current Domain Level."
msgstr ""

msgid "Domain Level"
msgstr ""

msgid "Add certificates to host entry"
msgstr ""

msgid "Remove certificates from host entry"
msgstr ""

msgid "Fallback to AD DC LDAP"
msgstr ""

msgid ""
"Allow falling back to AD DC LDAP when resolving AD trusted objects. For two-"
"way trusts only."
msgstr ""

msgid ""
"Applies ID View to specified hosts or current members of specified "
"hostgroups. If any other ID View is applied to the host, it is overridden."
msgstr ""

msgid "Add to default group"
msgstr ""

msgid "Add migrated users without a group to a default group (default: true)"
msgstr ""

msgid "Search scope"
msgstr ""

msgid ""
"LDAP search scope for users and groups: base, onelevel, or subtree. Defaults "
"to onelevel"
msgstr ""

msgid "Target DN subtree"
msgstr ""

msgid ""
"Optional DN subtree where an entry can be moved to (must be in the subtree, "
"but may not yet exist)"
msgstr ""

msgid "Origin DN subtree"
msgstr ""

msgid ""
"Optional DN subtree from where an entry can be moved (must be in the "
"subtree, but may not yet exist)"
msgstr ""

msgid ""
"\n"
"IPA servers\n"
"\n"
"Get information about installed IPA servers.\n"
"\n"
"EXAMPLES:\n"
"\n"
"  Find all servers:\n"
"    ipa server-find\n"
"\n"
"  Show specific server:\n"
"    ipa server-show ipa.example.com\n"
msgstr ""

msgid "Server name"
msgstr ""

msgid "IPA server hostname"
msgstr ""

msgid "Managed suffix"
msgstr ""

msgid "Min domain level"
msgstr ""

msgid "Minimum domain level"
msgstr ""

msgid "Max domain level"
msgstr ""

msgid "Maximum domain level"
msgstr ""

msgid "Delete IPA server."
msgstr ""

msgid "Search for IPA servers."
msgstr ""

msgid "Show IPA server."
msgstr ""

msgid "Add new certificates to a service"
msgstr ""

msgid "Remove certificates from a service"
msgstr ""

msgid ""
"\n"
"Service Constrained Delegation\n"
"\n"
"Manage rules to allow constrained delegation of credentials so\n"
"that a service can impersonate a user when communicating with another\n"
"service without requiring the user to actually forward their TGT.\n"
"This makes for a much better method of delegating credentials as it\n"
"prevents exposure of the short term secret of the user.\n"
"\n"
"The naming convention is to append the word \"target\" or \"targets\" to\n"
"a matching rule name. This is not mandatory but helps conceptually\n"
"to associate rules and targets.\n"
"\n"
"A rule consists of two things:\n"
"  - A list of targets the rule applies to\n"
"  - A list of memberPrincipals that are allowed to delegate for\n"
"    those targets\n"
"\n"
"A target consists of a list of principals that can be delegated.\n"
"\n"
"In English, a rule says that this principal can delegate as this\n"
"list of principals, as defined by these targets.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new constrained delegation rule:\n"
"   ipa servicedelegationrule-add ftp-delegation\n"
"\n"
" Add a new constrained delegation target:\n"
"   ipa servicedelegationtarget-add ftp-delegation-target\n"
"\n"
" Add a principal to the rule:\n"
"   ipa servicedelegationrule-add-member --principals=ftp/ipa.example."
"com       ftp-delegation\n"
"\n"
" Add our target to the rule:\n"
"   ipa servicedelegationrule-add-target       --servicedelegationtargets=ftp-"
"delegation-target ftp-delegation\n"
"\n"
" Add a principal to the target:\n"
"   ipa servicedelegationtarget-add-member --principals=ldap/ipa.example."
"com       ftp-delegation-target\n"
"\n"
" Display information about a named delegation rule and target:\n"
"   ipa servicedelegationrule_show ftp-delegation\n"
"   ipa servicedelegationtarget_show ftp-delegation-target\n"
"\n"
" Remove a constrained delegation:\n"
"   ipa servicedelegationrule-del ftp-delegation-target\n"
"   ipa servicedelegationtarget-del ftp-delegation\n"
"\n"
"In this example the ftp service can get a TGT for the ldap service on\n"
"the bound user's behalf.\n"
"\n"
"It is strongly discouraged to modify the delegations that ship with\n"
"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n"
"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n"
"to delegate, causing the framework to stop functioning.\n"
msgstr ""

msgid "Allowed Target"
msgstr ""

msgid "Create a new service delegation rule."
msgstr ""

msgid "Add member to a named service delegation rule."
msgstr ""

msgid "member principal"
msgstr ""

msgid "principal to add"
msgstr ""

msgid "Add target to a named service delegation rule."
msgstr ""

msgid "member service delegation target"
msgstr ""

msgid "service delegation targets to add"
msgstr ""

msgid "Delete service delegation."
msgstr ""

msgid "Search for service delegations rule."
msgstr ""

msgid "Results should contain primary key attribute only (\"delegation-name\")"
msgstr ""

msgid "Remove member from a named service delegation rule."
msgstr ""

msgid "principal to remove"
msgstr ""

msgid "Remove target from a named service delegation rule."
msgstr ""

msgid "service delegation targets to remove"
msgstr ""

msgid "Display information about a named service delegation rule."
msgstr ""

msgid "Create a new service delegation target."
msgstr ""

msgid "Add member to a named service delegation target."
msgstr ""

msgid "Delete service delegation target."
msgstr ""

msgid "Search for service delegation target."
msgstr ""

msgid "Remove member from a named service delegation target."
msgstr ""

msgid "Display information about a named service delegation target."
msgstr ""

msgid ""
"\n"
"Stageusers\n"
"\n"
"Manage stage user entries.\n"
"\n"
"Stage user entries are directly under the container: \"cn=stage users,\n"
"cn=accounts, cn=provisioning, SUFFIX\".\n"
"User can not authenticate with those entries (even if the entries\n"
"contain credentials) and are candidate to become Active entries.\n"
"\n"
"Active user entries are Posix users directly under the container: "
"\"cn=accounts, SUFFIX\".\n"
"User can authenticate with Active entries, at the condition they have\n"
"credentials\n"
"\n"
"Delete user entries are Posix users directly under the container: "
"\"cn=deleted users,\n"
"cn=accounts, cn=provisioning, SUFFIX\".\n"
"User can not authenticate with those entries (even if the entries contain "
"credentials)\n"
"\n"
"The stage user container contains entries\n"
"    - created by 'stageuser-add' commands that are Posix users\n"
"    - created by external provisioning system\n"
"\n"
"A valid stage user entry MUST:\n"
"    - entry RDN is 'uid'\n"
"    - ipaUniqueID is 'autogenerate'\n"
"\n"
"IPA supports a wide range of username formats, but you need to be aware of "
"any\n"
"restrictions that may apply to your particular environment. For example,\n"
"usernames that start with a digit or usernames that exceed a certain length\n"
"may cause problems for some UNIX systems.\n"
"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new stageuser:\n"
"   ipa stageuser-add --first=Tim --last=User --password tuser1\n"
"\n"
" Add a stageuser from the Delete container\n"
"   ipa stageuser-add  --first=Tim --last=User --from-delete tuser1\n"
msgstr ""

msgid "Activate a stage user."
msgstr ""

msgid "Add a new stage user."
msgstr ""

msgid "Create Stage user in from a delete user"
msgstr ""

msgid "Delete a stage user."
msgstr ""

msgid "Search for stage users."
msgstr ""

msgid "Search for stage users with these member of groups."
msgstr ""

msgid "Search for stage users without these member of groups."
msgstr ""

msgid "Search for stage users with these member of netgroups."
msgstr ""

msgid "Search for stage users without these member of netgroups."
msgstr ""

msgid "Search for stage users with these member of roles."
msgstr ""

msgid "Search for stage users without these member of roles."
msgstr ""

msgid "Search for stage users with these member of HBAC rules."
msgstr ""

msgid "Search for stage users without these member of HBAC rules."
msgstr ""

msgid "Search for stage users with these member of sudo rules."
msgstr ""

msgid "Search for stage users without these member of sudo rules."
msgstr ""

msgid "Modify a stage user."
msgstr ""

msgid "Rename the stage user object"
msgstr ""

msgid "Display information about a stage user."
msgstr ""

msgid ""
"\n"
"Topology\n"
"\n"
"Management of a replication topology.\n"
"\n"
"Requires minimum domain level 1.\n"
msgstr ""

msgid "Segment name"
msgstr ""

msgid "Arbitrary string identifying the segment"
msgstr ""

msgid "Left node"
msgstr ""

msgid "Left replication node - an IPA server"
msgstr ""

msgid "Right node"
msgstr ""

msgid "Right replication node - an IPA server"
msgstr ""

msgid "Connectivity"
msgstr ""

msgid "Direction of replication between left and right replication node"
msgstr ""

msgid "Attributes to strip"
msgstr ""

msgid ""
"A space separated list of attributes which are removed from replication "
"updates."
msgstr ""

msgid "Attributes to replicate"
msgstr ""

msgid ""
"Attributes that are not replicated to a consumer server during a fractional "
"update. E.g., `(objectclass=*) $ EXCLUDE accountlockout memberof"
msgstr ""

msgid "Attributes for total update"
msgstr ""

msgid ""
"Attributes that are not replicated to a consumer server during a total "
"update. E.g. (objectclass=*) $ EXCLUDE accountlockout"
msgstr ""

msgid "Session timeout"
msgstr ""

msgid ""
"Number of seconds outbound LDAP operations waits for a response from the "
"remote replica before timing out and failing"
msgstr ""

msgid "Replication agreement enabled"
msgstr ""

msgid ""
"Whether a replication agreement is active, meaning whether replication is "
"occurring per that agreement"
msgstr ""

msgid "Suffix name"
msgstr ""

msgid "LDAP suffix to be managed"
msgstr ""

msgid "Add a new segment."
msgstr ""

msgid "Delete a segment."
msgstr ""

msgid "Search for topology segments."
msgstr ""

msgid "Modify a segment."
msgstr ""

msgid ""
"Request a full re-initialization of the node retrieving data from the other "
"node."
msgstr ""

msgid "Initialize left node"
msgstr ""

msgid "Initialize right node"
msgstr ""

msgid "Stop already started refresh of chosen node(s)"
msgstr ""

msgid "Display a segment."
msgstr ""

msgid "Add a new topology suffix to be managed."
msgstr ""

msgid "Delete a topology suffix."
msgstr ""

msgid "Search for topology suffices."
msgstr ""

msgid "Modify a topology suffix."
msgstr ""

msgid "Show managed suffix."
msgstr ""

msgid ""
"\n"
"Verify replication topology for suffix.\n"
"\n"
"Checks done:\n"
"  1. check if a topology is not disconnected. In other words if there are\n"
"     replication paths between all servers.\n"
"  2. check if servers don't have more than the recommended number of\n"
"     replication agreements\n"
"    "
msgstr ""

msgid "Preserved user"
msgstr ""

msgid "Add one or more certificates to the user entry"
msgstr ""

msgid "Remove one or more certificates to the user entry"
msgstr ""

msgid "Move deleted user into staged area"
msgstr ""

msgid "Undelete a delete user account."
msgstr ""

msgid ""
"\n"
"Vaults\n"
"\n"
"Manage vaults.\n"
"\n"
"Vault is a secure place to store a secret.\n"
"\n"
"Based on the ownership there are three vault categories:\n"
"* user/private vault\n"
"* service vault\n"
"* shared vault\n"
"\n"
"User vaults are vaults owned used by a particular user. Private\n"
"vaults are vaults owned the current user. Service vaults are\n"
"vaults owned by a service. Shared vaults are owned by the admin\n"
"but they can be used by other users or services.\n"
"\n"
"Based on the security mechanism there are three types of\n"
"vaults:\n"
"* standard vault\n"
"* symmetric vault\n"
"* asymmetric vault\n"
"\n"
"Standard vault uses a secure mechanism to transport and\n"
"store the secret. The secret can only be retrieved by users\n"
"that have access to the vault.\n"
"\n"
"Symmetric vault is similar to the standard vault, but it\n"
"pre-encrypts the secret using a password before transport.\n"
"The secret can only be retrieved using the same password.\n"
"\n"
"Asymmetric vault is similar to the standard vault, but it\n"
"pre-encrypts the secret using a public key before transport.\n"
"The secret can only be retrieved using the private key.\n"
"\n"
"EXAMPLES:\n"
"\n"
" List vaults:\n"
"   ipa vault-find\n"
"       [--user <user>|--service <service>|--shared]\n"
"\n"
" Add a standard vault:\n"
"   ipa vault-add <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type standard\n"
"\n"
" Add a symmetric vault:\n"
"   ipa vault-add <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type symmetric --password-file password.txt\n"
"\n"
" Add an asymmetric vault:\n"
"   ipa vault-add <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type asymmetric --public-key-file public.pem\n"
"\n"
" Show a vault:\n"
"   ipa vault-show <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"\n"
" Modify vault description:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --desc <description>\n"
"\n"
" Modify vault type:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type <type>\n"
"       [old password/private key]\n"
"       [new password/public key]\n"
"\n"
" Modify symmetric vault password:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --change-password\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --old-password <old password>\n"
"       --new-password <new password>\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --old-password-file <old password file>\n"
"       --new-password-file <new password file>\n"
"\n"
" Modify asymmetric vault keys:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --private-key-file <old private key file>\n"
"       --public-key-file <new public key file>\n"
"\n"
" Delete a vault:\n"
"   ipa vault-del <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"\n"
" Display vault configuration:\n"
"   ipa vaultconfig-show\n"
"\n"
" Archive data into standard vault:\n"
"   ipa vault-archive <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --in <input file>\n"
"\n"
" Archive data into symmetric vault:\n"
"   ipa vault-archive <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --in <input file>\n"
"       --password-file password.txt\n"
"\n"
" Archive data into asymmetric vault:\n"
"   ipa vault-archive <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --in <input file>\n"
"\n"
" Retrieve data from standard vault:\n"
"   ipa vault-retrieve <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --out <output file>\n"
"\n"
" Retrieve data from symmetric vault:\n"
"   ipa vault-retrieve <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --out <output file>\n"
"       --password-file password.txt\n"
"\n"
" Retrieve data from asymmetric vault:\n"
"   ipa vault-retrieve <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --out <output file> --private-key-file private.pem\n"
"\n"
" Add vault owners:\n"
"   ipa vault-add-owner <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>]  [--groups <groups>] [--services <services>]\n"
"\n"
" Delete vault owners:\n"
"   ipa vault-remove-owner <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>] [--groups <groups>] [--services <services>]\n"
"\n"
" Add vault members:\n"
"   ipa vault-add-member <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>] [--groups <groups>] [--services <services>]\n"
"\n"
" Delete vault members:\n"
"   ipa vault-remove-member <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>] [--groups <groups>] [--services <services>]\n"
msgstr ""

msgid "Vault name"
msgstr ""

msgid "Vault description"
msgstr ""

msgid "Vault type"
msgstr ""

msgid "Salt"
msgstr ""

msgid "Vault salt"
msgstr ""

msgid "Public key"
msgstr ""

msgid "Vault public key"
msgstr ""

msgid "Owner users"
msgstr ""

msgid "Owner groups"
msgstr ""

msgid "Owner services"
msgstr ""

msgid "Vault service"
msgstr ""

msgid "Shared vault"
msgstr ""

msgid "Vault user"
msgstr ""

msgid "Transport Certificate"
msgstr ""

msgid "Service name of the service vault"
msgstr ""

msgid "Username of the user vault"
msgstr ""

msgid "Add members to a vault."
msgstr ""

msgid "Add owners to a vault."
msgstr ""

msgid "owner user"
msgstr ""

msgid "owner group"
msgstr ""

msgid "owner service"
msgstr ""

msgid "Owners that could not be added"
msgstr ""

msgid "Number of owners added"
msgstr ""

msgid "Session key wrapped with transport certificate"
msgstr ""

msgid "Vault data encrypted with session key"
msgstr ""

msgid "Nonce"
msgstr ""

msgid "Delete a vault."
msgstr ""

msgid "Search for vaults."
msgstr ""

msgid "List all service vaults"
msgstr ""

msgid "List all user vaults"
msgstr ""

msgid "Remove members from a vault."
msgstr ""

msgid "Remove owners from a vault."
msgstr ""

msgid "Owners that could not be removed"
msgstr ""

msgid "Number of owners removed"
msgstr ""

msgid "Display information about a vault."
msgstr ""

msgid "Show vault configuration."
msgstr ""

msgid "Output file to store the transport certificate"
msgstr ""

msgid "Add owners to a vault container."
msgstr ""

msgid "Delete a vault container."
msgstr ""

msgid "Remove owners from a vault container."
msgstr ""

msgid "Display information about a vault container."
msgstr ""

msgid "Principal for this certificate (e.g. HTTP/test.example.com)"
msgstr ""

msgid "Profile ID"
msgstr ""

msgid "Certificate Profile to use"
msgstr ""

msgid ""
"\n"
"Manage Certificate Profiles\n"
"\n"
"Certificate Profiles are used by Certificate Authority (CA) in the signing "
"of\n"
"certificates to determine if a Certificate Signing Request (CSR) is "
"acceptable,\n"
"and if so what features and extensions will be present on the certificate.\n"
"\n"
"The Certificate Profile format is the property-list format understood by "
"the\n"
"Dogtag or Red Hat Certificate System CA.\n"
"\n"
"PROFILE ID SYNTAX:\n"
"\n"
"A Profile ID is a string without spaces or punctuation starting with a "
"letter\n"
"and followed by a sequence of letters, digits or underscore (\"_\").\n"
"\n"
"EXAMPLES:\n"
"\n"
"  Import a profile that will not store issued certificates:\n"
"    ipa certprofile-import ShortLivedUserCert       --file UserCert.profile "
"--desc \"User Certificates\"       --store=false\n"
"\n"
"  Delete a certificate profile:\n"
"    ipa certprofile-del ShortLivedUserCert\n"
"\n"
"  Show information about a profile:\n"
"    ipa certprofile-show ShortLivedUserCert\n"
"\n"
"  Save profile configuration to a file:\n"
"    ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n"
"\n"
"  Search for profiles that do not store certificates:\n"
"    ipa certprofile-find --store=false\n"
"\n"
"PROFILE CONFIGURATION FORMAT:\n"
"\n"
"The profile configuration format is the raw property-list format\n"
"used by Dogtag Certificate System.  The XML format is not supported.\n"
"\n"
"The following restrictions apply to profiles managed by IPA:\n"
"\n"
"- When importing a profile the \"profileId\" field, if present, must\n"
"  match the ID given on the command line.\n"
"\n"
"- The \"classId\" field must be set to \"caEnrollImpl\"\n"
"\n"
"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n"
"\n"
"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n"
"  class must be used.\n"
msgstr ""

msgid "Profile ID for referring to this profile"
msgstr ""

msgid "Profile description"
msgstr ""

msgid "Brief description of this profile"
msgstr ""

msgid "Store issued certificates"
msgstr ""

msgid "Whether to store certs issued using this profile"
msgstr ""

msgid "Delete a Certificate Profile."
msgstr ""

msgid "Search for Certificate Profiles."
msgstr ""

msgid "Import a Certificate Profile."
msgstr ""

msgid "Filename of a raw profile. The XML format is not supported."
msgstr ""

msgid "Modify Certificate Profile configuration."
msgstr ""

msgid "File containing profile configuration"
msgstr ""

msgid "Display the properties of a Certificate Profile."
msgstr ""

msgid "Write profile configuration to file"
msgstr ""

msgid "Remove users that can manage this token."
msgstr ""

msgid "Two-way trust"
msgstr ""

msgid ""
"Establish bi-directional trust. By default trust is inbound one-way only."
msgstr ""

msgid ""
"\n"
"ID ranges\n"
"\n"
"Manage ID ranges  used to map Posix IDs to SIDs and back.\n"
"\n"
"There are two type of ID ranges which are both handled by this utility:\n"
"\n"
" - the ID ranges of the local domain\n"
" - the ID ranges of trusted remote domains\n"
"\n"
"Both types have the following attributes in common:\n"
"\n"
" - base-id: the first ID of the Posix ID range\n"
" - range-size: the size of the range\n"
"\n"
"With those two attributes a range object can reserve the Posix IDs starting\n"
"with base-id up to but not including base-id+range-size exclusively.\n"
"\n"
"Additionally an ID range of the local domain may set\n"
" - rid-base: the first RID(*) of the corresponding RID range\n"
" - secondary-rid-base: first RID of the secondary RID range\n"
"\n"
"and an ID range of a trusted domain must set\n"
" - rid-base: the first RID of the corresponding RID range\n"
" - sid: domain SID of the trusted domain\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for a trusted domain\n"
"\n"
"Since there might be more than one trusted domain the domain SID must be "
"given\n"
"while creating the ID range.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
"base=0                   --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
"\n"
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
"assign Posix UIDs to users from the trusted domain.\n"
"\n"
"If e.g. a range for a trusted domain is configured with the following "
"values:\n"
" base-id = 1200000\n"
" range-size = 200000\n"
" rid-base = 0\n"
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
"So\n"
"RID 1000 <-> Posix ID 1201000\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for the local domain\n"
"\n"
"To create an ID range for the local domain it is not necessary to specify a\n"
"domain SID. But since it is possible that a user and a group can have the "
"same\n"
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
"base=1000                   --secondary-rid-base=1000000 local_range\n"
"\n"
"The data from the ID ranges of the local domain are used by the IPA server\n"
"internally to assign SIDs to IPA users and groups. The SID will then be "
"stored\n"
"in the user or group objects.\n"
"\n"
"If e.g. the ID range for the local domain is configured with the values "
"from\n"
"the example above then a new user with the UID 1200007 will get the RID "
"1007.\n"
"If this RID is already used by a group the RID will be 1000007. This can "
"only\n"
"happen if a user or a group object was created with a fixed ID because the\n"
"automatic assignment will not assign the same ID twice. Since there are "
"only\n"
"users and groups sharing the same ID namespace it is sufficient to have "
"only\n"
"one fallback range to handle conflicts.\n"
"\n"
"To find the Posix ID for a given RID from the local domain it has to be\n"
"checked first if the RID falls in the primary or secondary RID range and\n"
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
"and the base-id has to be added to get the Posix ID.\n"
"\n"
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
"must not be used at all. The ID range for the local domain will be created\n"
"during installation or upgrade from an older version. The ID range for a\n"
"trusted domain will be created together with the trust by 'ipa trust-"
"add ...'.\n"
"\n"
"USE CASES:\n"
"\n"
"  Add an ID range from a transitively trusted domain\n"
"\n"
"    If the trusted domain (A) trusts another domain (B) as well and this "
"trust\n"
"    is transitive 'ipa trust-add domain-A' will only create a range for\n"
"    domain A.  The ID range for domain B must be added manually.\n"
"\n"
"  Add an additional ID range for the local domain\n"
"\n"
"    If the ID range of the local domain is exhausted, i.e. no new IDs can "
"be\n"
"    assigned to Posix users or groups by the DNA plugin, a new range has to "
"be\n"
"    created to allow new users and groups to be added. (Currently there is "
"no\n"
"    connection between this range CLI and the DNA plugin, but a future "
"version\n"
"    might be able to modify the configuration of the DNS plugin as well)\n"
"\n"
"In general it is not necessary to modify or delete ID ranges. If there is "
"no\n"
"other way to achieve a certain configuration than to modify or delete an ID\n"
"range it should be done with great care. Because UIDs are stored in the "
"file\n"
"system and are used for access control it might be possible that users are\n"
"allowed to access files of other users if an ID range got deleted and "
"reused\n"
"for a different domain.\n"
"\n"
"(*) The RID is typically the last integer of a user or group SID which "
"follows\n"
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
"from\n"
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
"the\n"
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
"groups.\n"
"\n"
"=======\n"
"WARNING:\n"
"\n"
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
"the\n"
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"on the local ranges set via this family of commands.\n"
"\n"
"Manual configuration change has to be done in the DNA plugin configuration "
"for\n"
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
"be\n"
"modified to match the new range.\n"
"=======\n"
msgstr ""

msgid ""
"\n"
"Add new ID range.\n"
"\n"
"    To add a new ID range you always have to specify\n"
"\n"
"        --base-id\n"
"        --range-size\n"
"\n"
"    Additionally\n"
"\n"
"        --rid-base\n"
"        --secondary-rid-base\n"
"\n"
"    may be given for a new ID range for the local domain while\n"
"\n"
"        --rid-base\n"
"        --dom-sid\n"
"\n"
"    must be given to add a new range for a trusted AD domain.\n"
"\n"
"=======\n"
"WARNING:\n"
"\n"
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
"the\n"
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"on the local ranges set via this family of commands.\n"
"\n"
"Manual configuration change has to be done in the DNA plugin configuration "
"for\n"
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
"be\n"
"modified to match the new range.\n"
"=======\n"
"    "
msgstr ""

msgid ""
"\n"
"Modify ID range.\n"
"\n"
"=======\n"
"WARNING:\n"
"\n"
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
"the\n"
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"on the local ranges set via this family of commands.\n"
"\n"
"Manual configuration change has to be done in the DNA plugin configuration "
"for\n"
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
"be\n"
"modified to match the new range.\n"
"=======\n"
"    "
msgstr ""

msgid "Resolve a host name in DNS. (Deprecated)"
msgstr ""

msgid "Hostname (FQDN)"
msgstr ""

msgid "Force DNS zone creation even if it will overlap with an existing zone."
msgstr ""

msgid ""
"Force DNS zone creation even if nameserver is not resolvable. (Deprecated)"
msgstr ""

msgid ""
"\n"
"Groups of users\n"
"\n"
"Manage groups of users. By default, new groups are POSIX groups. You\n"
"can add the --nonposix option to the group-add command to mark a new group\n"
"as non-POSIX. You can use the --posix argument with the group-mod command\n"
"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
"converted to non-POSIX groups.\n"
"\n"
"Every group must have a description.\n"
"\n"
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
"supported but can have an impact on your file permissions. It is not "
"necessary\n"
"to supply a GID when creating a group. IPA will generate one automatically\n"
"if it is not provided.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new group:\n"
"   ipa group-add --desc='local administrators' localadmins\n"
"\n"
" Add a new non-POSIX group:\n"
"   ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
"\n"
" Convert a non-POSIX group to posix:\n"
"   ipa group-mod --posix remoteadmins\n"
"\n"
" Add a new POSIX group with a specific Group ID number:\n"
"   ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
"\n"
" Add a new POSIX group and let IPA assign a Group ID number:\n"
"   ipa group-add --desc='printer admins' printeradmins\n"
"\n"
" Remove a group:\n"
"   ipa group-del unixadmins\n"
"\n"
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
"   ipa group-add-member --groups=remoteadmins localadmins\n"
"\n"
" Add multiple users to the \"localadmins\" group:\n"
"   ipa group-add-member --users=test1 --users=test2 localadmins\n"
"\n"
" Remove a user from the \"localadmins\" group:\n"
"   ipa group-remove-member --users=test2 localadmins\n"
"\n"
" Display information about a named group.\n"
"   ipa group-show localadmins\n"
"\n"
"External group membership is designed to allow users from trusted domains\n"
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
"External members should be added to groups that specifically created as\n"
"external and non-POSIX. Such group later should be included into one of "
"POSIX\n"
"groups.\n"
"\n"
"An external group member is currently a Security Identifier (SID) as defined "
"by\n"
"the trusted domain. When adding external group members, it is possible to\n"
"specify them in either SID, or DOM\n"
"ame, or name@domain format. IPA will attempt\n"
"to resolve passed name to SID with the use of Global Catalog of the trusted "
"domain.\n"
"\n"
"Example:\n"
"\n"
"1. Create group for the trusted domain admins' mapping and their local POSIX "
"group:\n"
"\n"
"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
"--external\n"
"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
"\n"
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
"ad_admins_external\n"
"   group:\n"
"\n"
"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
"\n"
"3. Allow members of ad_admins_external group to be associated with ad_admins "
"POSIX group:\n"
"\n"
"   ipa group-add-member ad_admins --groups ad_admins_external\n"
"\n"
"4. List members of external members of ad_admins_external group to see their "
"SIDs:\n"
"\n"
"   ipa group-show ad_admins_external\n"
msgstr ""

msgid ""
"\n"
"Simulate use of Host-based access controls\n"
"\n"
"HBAC rules control who can access what services on what hosts.\n"
"You can use HBAC to control which users or groups can access a service,\n"
"or group of services, on a target host.\n"
"\n"
"Since applying HBAC rules implies use of a production environment,\n"
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
"having access to the production environment.\n"
"\n"
" Test user coming to a service on a named host against\n"
" existing enabled rules.\n"
"\n"
" ipa hbactest --user= --host= --service=\n"
"              [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
"              [--sizelimit= ]\n"
"\n"
" --user, --host, and --service are mandatory, others are optional.\n"
"\n"
" If --rules is specified simulate enabling of the specified rules and test\n"
" the login of the user using only these rules.\n"
"\n"
" If --enabled is specified, all enabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --disabled is specified, all disabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --nodetail is specified, do not return information about rules matched/"
"not matched.\n"
"\n"
" If both --rules and --enabled are specified, apply simulation to --rules "
"_and_\n"
" all IPA enabled rules.\n"
"\n"
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
" By default there is a IPA-wide limit to number of entries fetched, you can "
"change it\n"
" with --sizelimit option.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Use all enabled HBAC rules in IPA database to simulate:\n"
"    $ ipa  hbactest --user=a1a --host=bar --service=sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Matched rules: allow_all\n"
"\n"
"    2. Disable detailed summary of how rules were applied:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"\n"
"    3. Test explicitly specified HBAC rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --"
"rules=myrule --rules=my-second-rule\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: myrule\n"
"\n"
"    4. Use all enabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --"
"rules=myrule --rules=my-second-rule --enabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Matched rules: allow_all\n"
"\n"
"    5. Test all disabled HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: new-rule\n"
"\n"
"    6. Test all disabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --"
"rules=myrule --rules=my-second-rule --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"\n"
"    7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --enabled "
"--disabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Not matched rules: new-rule\n"
"      Matched rules: allow_all\n"
"\n"
"\n"
"HBACTEST AND TRUSTED DOMAINS\n"
"\n"
"When an external trusted domain is configured in IPA, HBAC rules are also "
"applied\n"
"on users accessing IPA resources from the trusted domain. Trusted domain "
"users and\n"
"groups (and their SIDs) can be then assigned to external groups which can "
"be\n"
"members of POSIX groups in IPA which can be used in HBAC rules and thus "
"allowing\n"
"access to resources protected by the HBAC system.\n"
"\n"
"hbactest plugin is capable of testing access for both local IPA users and "
"users\n"
"from the trusted domains, either by a fully qualified user name or by user "
"SID.\n"
"Such user names need to have a trusted domain specified as a short name\n"
"(DOMAIN\\Administrator) or with a user principal name (UPN), "
"Administrator@ad.test.\n"
"\n"
"Please note that hbactest executed with a trusted domain user as --user "
"parameter\n"
"can be only run by members of \"trust admins\" group.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Test if a user from a trusted domain specified by its shortname "
"matches any\n"
"       rule:\n"
"\n"
"    $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    2. Test if a user from a trusted domain specified by its domain name "
"matches\n"
"       any rule:\n"
"\n"
"    $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    3. Test if a user from a trusted domain specified by its SID matches any "
"rule:\n"
"\n"
"    $ ipa hbactest --user "
"S-1-5-21-3035198329-144811719-1378114514-500             --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    4. Test if other user from a trusted domain specified by its SID matches "
"any rule:\n"
"\n"
"    $ ipa hbactest --user "
"S-1-5-21-3035198329-144811719-1378114514-1203             --host `hostname` "
"--service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Not matched rules: can_login\n"
"\n"
"   5. Test if other user from a trusted domain specified by its shortname "
"matches\n"
"       any rule:\n"
"\n"
"    $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
"sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Not matched rules: can_login\n"
msgstr ""

msgid "Managed suffixes"
msgstr ""

msgid "Check connection to remote IPA server."
msgstr ""

msgid "Remote server name"
msgstr ""

msgid "Remote IPA server hostname"
msgstr ""

msgid "suffix"
msgstr ""

msgid "Search for servers with these managed suffixes."
msgstr ""

msgid "Search for servers without these managed suffixes."
msgstr ""

msgid "Add a manager to the stage user entry"
msgstr ""

msgid "Remove a manager to the stage user entry"
msgstr ""

msgid ""
"\n"
"Topology\n"
"\n"
"Management of a replication topology at domain level 1.\n"
"\n"
"IPA server's data is stored in LDAP server in two suffixes:\n"
"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related "
"data\n"
"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n"
"  contains data for Certificate Server component\n"
"\n"
"Data stored on IPA servers is replicated to other IPA servers. The way it "
"is\n"
"replicated is defined by replication agreements. Replication agreements "
"needs\n"
"to be set for both suffixes separately. On domain level 0 they are managed\n"
"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level "
"1\n"
"they are managed centrally using `ipa topology*` commands.\n"
"\n"
"Agreements are represented by topology segments. By default topology "
"segment\n"
"represents 2 replication agreements - one for each direction, e.g., A to B "
"and\n"
"B to A. Creation of unidirectional segments is not allowed.\n"
"\n"
"To verify that no server is disconnected in the topology of the given "
"suffix,\n"
"use:\n"
"  ipa topologysuffix-verify $suffix\n"
"\n"
"\n"
"Examples:\n"
"  Find all IPA servers:\n"
"    ipa server-find\n"
"\n"
"  Find all suffixes:\n"
"    ipa topologysuffix-find\n"
"\n"
"  Add topology segment to 'domain' suffix:\n"
"    ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n"
"\n"
"  Add topology segment to 'ca' suffix:\n"
"    ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n"
"\n"
"  List all topology segments in 'domain' suffix:\n"
"    ipa topologysegment-find domain\n"
"\n"
"  List all topology segments in 'ca' suffix:\n"
"    ipa topologysegment-find ca\n"
"\n"
"  Delete topology segment in 'domain' suffix:\n"
"    ipa topologysegment-del domain segment_name\n"
"\n"
"  Delete topology segment in 'ca' suffix:\n"
"    ipa topologysegment-del ca segment_name\n"
"\n"
"  Verify topology of 'domain' suffix:\n"
"    ipa topologysuffix-verify domain\n"
"\n"
"  Verify topology of 'ca' suffix:\n"
"    ipa topologysuffix-verify ca\n"
msgstr ""

msgid "Managed LDAP suffix DN"
msgstr ""

msgid "Search for topology suffixes."
msgstr ""

msgid "Add a manager to the user entry"
msgstr ""

msgid "Remove a manager to the user entry"
msgstr ""

msgid ""
"\n"
"Directory Server Access Control Instructions (ACIs)\n"
"\n"
"ACIs are used to allow or deny access to information. This module is\n"
"currently designed to allow, not deny, access.\n"
"\n"
"The aci commands are designed to grant permissions that allow updating\n"
"existing entries or adding or deleting new ones. The goal of the ACIs\n"
"that ship with IPA is to provide a set of low-level permissions that\n"
"grant access to special groups called taskgroups. These low-level\n"
"permissions can be combined into roles that grant broader access. These\n"
"roles are another type of group, roles.\n"
"\n"
"For example, if you have taskgroups that allow adding and modifying users "
"you\n"
"could create a role, useradmin. You would assign users to the useradmin\n"
"role to allow them to do the operations defined by the taskgroups.\n"
"\n"
"You can create ACIs that delegate permission so users in group A can write\n"
"attributes on group B.\n"
"\n"
"The type option is a map that applies to all entries in the users, groups "
"or\n"
"host location. It is primarily designed to be used when granting add\n"
"permissions (to write new entries).\n"
"\n"
"An ACI consists of three parts:\n"
"1. target\n"
"2. permissions\n"
"3. bind rules\n"
"\n"
"The target is a set of rules that define which LDAP objects are being\n"
"targeted. This can include a list of attributes, an area of that LDAP\n"
"tree or an LDAP filter.\n"
"\n"
"The targets include:\n"
"- attrs: list of attributes affected\n"
"- type: an object type (user, group, host, service, etc)\n"
"- memberof: members of a group\n"
"- targetgroup: grant access to modify a specific group. This is primarily\n"
"  designed to enable users to add or remove members of a specific group.\n"
"- filter: A legal LDAP filter used to narrow the scope of the target.\n"
"- subtree: Used to apply a rule across an entire set of objects. For "
"example,\n"
"  to allow adding users you need to grant \"add\" permission to the subtree\n"
"  ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n"
"  is a fail-safe for objects that may not be covered by the type option.\n"
"\n"
"The permissions define what the ACI is allowed to do, and are one or\n"
"more of:\n"
"1. write - write one or more attributes\n"
"2. read - read one or more attributes\n"
"3. add - add a new entry to the tree\n"
"4. delete - delete an existing entry\n"
"5. all - all permissions are granted\n"
"\n"
"Note the distinction between attributes and entries. The permissions are\n"
"independent, so being able to add a user does not mean that the user will\n"
"be editable.\n"
"\n"
"The bind rule defines who this ACI grants permissions to. The LDAP server\n"
"allows this to be any valid LDAP entry but we encourage the use of\n"
"taskgroups so that the rights can be easily shared through roles.\n"
"\n"
"For a more thorough description of access controls see\n"
"http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control."
"html\n"
"\n"
"EXAMPLES:\n"
"\n"
"NOTE: ACIs are now added via the permission plugin. These examples are to\n"
"demonstrate how the various options work but this is done via the "
"permission\n"
"command-line now (see last example).\n"
"\n"
" Add an ACI so that the group \"secretaries\" can update the address on any "
"user:\n"
"   ipa group-add --desc=\"Office secretaries\" secretaries\n"
"   ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries "
"--permissions=write --prefix=none \"Secretaries write addresses\"\n"
"\n"
" Show the new ACI:\n"
"   ipa aci-show --prefix=none \"Secretaries write addresses\"\n"
"\n"
" Add an ACI that allows members of the \"addusers\" permission to add new "
"users:\n"
"   ipa aci-add --type=user --permission=addusers --permissions=add --"
"prefix=none \"Add new users\"\n"
"\n"
" Add an ACI that allows members of the editors manage members of the admins "
"group:\n"
"   ipa aci-add --permissions=write --attrs=member --targetgroup=admins --"
"group=editors --prefix=none \"Editors manage admins\"\n"
"\n"
" Add an ACI that allows members of the admins group to manage the street and "
"zip code of those in the editors group:\n"
"   ipa aci-add --permissions=write --memberof=editors --group=admins --"
"attrs=street,postalcode --prefix=none \"admins edit the address of editors"
"\"\n"
"\n"
" Add an ACI that allows the admins group manage the street and zipcode of "
"those who work for the boss:\n"
"   ipa aci-add --permissions=write --group=admins --attrs=street,postalcode "
"--filter=\"(manager=uid=boss,cn=users,cn=accounts,dc=example,dc=com)\" --"
"prefix=none \"Edit the address of those who work for the boss\"\n"
"\n"
" Add an entirely new kind of record to IPA that isn't covered by any of the "
"--type options, creating a permission:\n"
"   ipa permission-add  --permissions=add --subtree=\"cn=*,cn=orange,"
"cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n"
"\n"
"\n"
"The show command shows the raw 389-ds ACI.\n"
"\n"
"IMPORTANT: When modifying the target attributes of an existing ACI you\n"
"must include all existing attributes as well. When doing an aci-mod the\n"
"targetattr REPLACES the current attributes, it does not add to them.\n"
msgstr ""

msgid ""
"comma-separated list of permissions to grant(read, write, add, delete, all)"
msgstr ""

msgid "Comma-separated list of attributes"
msgstr ""

msgid ""
"\n"
"Auto Membership Rule.\n"
"\n"
"Bring clarity to the membership of hosts and users by configuring inclusive\n"
"or exclusive regex patterns, you can automatically assign a new entries "
"into\n"
"a group or hostgroup based upon attribute information.\n"
"\n"
"A rule is directly associated with a group by name, so you cannot create\n"
"a rule without an accompanying group or hostgroup.\n"
"\n"
"A condition is a regular expression used by 389-ds to match a new incoming\n"
"entry with an automember rule. If it matches an inclusive rule then the\n"
"entry is added to the appropriate group or hostgroup.\n"
"\n"
"A default group or hostgroup could be specified for entries that do not\n"
"match any rule. In case of user entries this group will be a fallback group\n"
"because all users are by default members of group specified in IPA config.\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add the initial group or hostgroup:\n"
"   ipa hostgroup-add --desc=\"Web Servers\" webservers\n"
"   ipa group-add --desc=\"Developers\" devel\n"
"\n"
" Add the initial rule:\n"
"   ipa automember-add --type=hostgroup webservers\n"
"   ipa automember-add --type=group devel\n"
"\n"
" Add a condition to the rule:\n"
"   ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-"
"regex=^web[1-9]+\\.example\\.com webservers\n"
"   ipa automember-add-condition --key=manager --type=group --inclusive-"
"regex=^uid=mscott devel\n"
"\n"
" Add an exclusive condition to the rule to prevent auto assignment:\n"
"   ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-"
"regex=^web5\\.example\\.com webservers\n"
"\n"
" Add a host:\n"
"    ipa host-add web1.example.com\n"
"\n"
" Add a user:\n"
"    ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n"
"\n"
" Verify automembership:\n"
"    ipa hostgroup-show webservers\n"
"      Host-group: webservers\n"
"      Description: Web Servers\n"
"      Member hosts: web1.example.com\n"
"\n"
"    ipa group-show devel\n"
"      Group name: devel\n"
"      Description: Developers\n"
"      GID: 1004200000\n"
"      Member users: tuser\n"
"\n"
" Remove a condition from the rule:\n"
"   ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-"
"regex=^web[1-9]+\\.example\\.com webservers\n"
"\n"
" Modify the automember rule:\n"
"    ipa automember-mod\n"
"\n"
" Set the default (fallback) target group:\n"
"    ipa automember-default-group-set --default-group=webservers --"
"type=hostgroup\n"
"    ipa automember-default-group-set --default-group=ipausers --type=group\n"
"\n"
" Remove the default (fallback) target group:\n"
"    ipa automember-default-group-remove --type=hostgroup\n"
"    ipa automember-default-group-remove --type=group\n"
"\n"
" Show the default (fallback) target group:\n"
"    ipa automember-default-group-show --type=hostgroup\n"
"    ipa automember-default-group-show --type=group\n"
"\n"
" Find all of the automember rules:\n"
"    ipa automember-find\n"
"\n"
" Display a automember rule:\n"
"    ipa automember-show --type=hostgroup webservers\n"
"    ipa automember-show --type=group devel\n"
"\n"
" Delete an automember rule:\n"
"    ipa automember-del --type=hostgroup webservers\n"
"    ipa automember-del --type=group devel\n"
msgstr ""

msgid ""
"\n"
"IPA certificate operations\n"
"\n"
"Implements a set of commands for managing server SSL certificates.\n"
"\n"
"Certificate requests exist in the form of a Certificate Signing Request "
"(CSR)\n"
"in PEM format.\n"
"\n"
"If using the selfsign back end then the subject in the CSR needs to match\n"
"the subject configured in the server. The dogtag CA uses just the CN\n"
"value of the CSR and forces the rest of the subject.\n"
"\n"
"A certificate is stored with a service principal and a service principal\n"
"needs a host.\n"
"\n"
"In order to request a certificate:\n"
"\n"
"* The host must exist\n"
"* The service must exist (or you use the --add option to automatically add "
"it)\n"
"\n"
"EXAMPLES:\n"
"\n"
" Request a new certificate and add the principal:\n"
"   ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
"\n"
" Retrieve an existing certificate:\n"
"   ipa cert-show 1032\n"
"\n"
" Revoke a certificate (see RFC 5280 for reason details):\n"
"   ipa cert-revoke --revocation-reason=6 1032\n"
"\n"
" Remove a certificate from revocation hold status:\n"
"   ipa cert-remove-hold 1032\n"
"\n"
" Check the status of a signing request:\n"
"   ipa cert-status 10\n"
"\n"
"IPA currently immediately issues (or declines) all certificate requests so\n"
"the status of a request is not normally useful. This is for future use\n"
"or the case where a CA does not immediately issue a certificate.\n"
"\n"
"The following revocation reasons are supported:\n"
"\n"
"    * 0 - unspecified\n"
"    * 1 - keyCompromise\n"
"    * 2 - cACompromise\n"
"    * 3 - affiliationChanged\n"
"    * 4 - superseded\n"
"    * 5 - cessationOfOperation\n"
"    * 6 - certificateHold\n"
"    * 8 - removeFromCRL\n"
"    * 9 - privilegeWithdrawn\n"
"    * 10 - aACompromise\n"
"\n"
"Note that reason code 7 is not used.  See RFC 5280 for more details:\n"
"\n"
"http://www.ietf.org/rfc/rfc5280.txt\n"
msgstr ""

msgid ""
"\n"
"Group to Group Delegation\n"
"\n"
"A permission enables fine-grained delegation of permissions. Access Control\n"
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
"given tasks such as adding a user, modifying a group, etc.\n"
"\n"
"Group to Group Delegations grants the members of one group to update a set\n"
"of attributes of members of another group.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a delegation rule to allow managers to edit employee's addresses:\n"
"   ipa delegation-add --attrs=street --group=managers --"
"membergroup=employees \"managers edit employees' street\"\n"
"\n"
" When managing the list of attributes you need to include all attributes\n"
" in the list, including existing ones. Add postalCode to the list:\n"
"   ipa delegation-mod --attrs=street,postalCode --group=managers --"
"membergroup=employees \"managers edit employees' street\"\n"
"\n"
" Display our updated rule:\n"
"   ipa delegation-show \"managers edit employees' street\"\n"
"\n"
" Delete a rule:\n"
"   ipa delegation-del \"managers edit employees' street\"\n"
msgstr ""

msgid ""
"Comma-separated list of permissions to grant (read, write). Default is write."
msgstr ""

msgid ""
"\n"
"Domain Name System (DNS)\n"
"\n"
"Manage DNS zone and resource records.\n"
"\n"
"\n"
"USING STRUCTURED PER-TYPE OPTIONS\n"
"\n"
"There are many structured DNS RR types where DNS data stored in LDAP server\n"
"is not just a scalar value, for example an IP address or a domain name, but\n"
"a data structure which may be often complex. A good example is a LOC record\n"
"[RFC1876] which consists of many mandatory and optional parts (degrees,\n"
"minutes, seconds of latitude and longitude, altitude or precision).\n"
"\n"
"It may be difficult to manipulate such DNS records without making a mistake\n"
"and entering an invalid value. DNS module provides an abstraction over "
"these\n"
"raw records and allows to manipulate each RR type with specific options. "
"For\n"
"each supported RR type, DNS module provides a standard option to manipulate\n"
"a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special "
"options\n"
"for every part of the RR structure with format --<rrtype>-<partname>, e.g.\n"
"--mx-preference and --mx-exchanger.\n"
"\n"
"When adding a record, either RR specific options or standard option for a "
"raw\n"
"value can be used, they just should not be combined in one add operation. "
"When\n"
"modifying an existing entry, new RR specific options can be used to change\n"
"one part of a DNS record, where the standard option for raw value is used\n"
"to specify the modified value. The following example demonstrates\n"
"a modification of MX record preference from 0 to 1 in a record without\n"
"modifying the exchanger:\n"
"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add new zone:\n"
"   ipa dnszone-add example.com --name-"
"server=ns                                --admin-email=admin@example."
"com                                --ip-address=10.0.0.1\n"
"\n"
" Add system permission that can be used for per-zone privilege delegation:\n"
"   ipa dnszone-add-permission example.com\n"
"\n"
" Modify the zone to allow dynamic updates for hosts own records in realm "
"EXAMPLE.COM:\n"
"   ipa dnszone-mod example.com --dynamic-update=TRUE\n"
"\n"
"   This is the equivalent of:\n"
"     ipa dnszone-mod example.com --dynamic-update=TRUE       --update-policy="
"\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant "
"EXAMPLE.COM krb5-self * SSHFP;\"\n"
"\n"
" Modify the zone to allow zone transfers for local network only:\n"
"   ipa dnszone-mod example.com --allow-transfer=10.0.0.0/8\n"
"\n"
" Add new reverse zone specified by network IP address:\n"
"   ipa dnszone-add --name-from-ip=80.142.15.0/24                    --name-"
"server=ns.example.com.\n"
"\n"
" Add second nameserver for example.com:\n"
"   ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n"
"\n"
" Add a mail server for example.com:\n"
"   ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n"
"\n"
" Add another record using MX record specific options:\n"
"  ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n"
"\n"
" Add another record using interactive mode (started when dnsrecord-add, "
"dnsrecord-mod,\n"
" or dnsrecord-del are executed with no options):\n"
"  ipa dnsrecord-add example.com @\n"
"  Please choose a type of DNS resource record to be added\n"
"  The most common types for this type of zone are: NS, MX, LOC\n"
"\n"
"  DNS resource record type: MX\n"
"  MX Preference: 30\n"
"  MX Exchanger: mail3\n"
"    Record name: example.com\n"
"    MX record: 10 mail1, 20 mail2, 30 mail3\n"
"    NS record: nameserver.example.com., nameserver2.example.com.\n"
"\n"
" Delete previously added nameserver from example.com:\n"
"   ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n"
"\n"
" Add LOC record for example.com:\n"
"   ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E "
"227.64m\"\n"
"\n"
" Add new A record for www.example.com. Create a reverse record in "
"appropriate\n"
" reverse zone as well. In this case a PTR record \"2\" pointing to www."
"example.com\n"
" will be created in zone 15.142.80.in-addr.arpa.\n"
"   ipa dnsrecord-add example.com www --a-rec=80.142.15.2 --a-create-reverse\n"
"\n"
" Add new PTR record for www.example.com\n"
"   ipa dnsrecord-add 15.142.80.in-addr.arpa. 2 --ptr-rec=www.example.com.\n"
"\n"
" Add new SRV records for LDAP servers. Three quarters of the requests\n"
" should go to fast.example.com, one quarter to slow.example.com. If neither\n"
" is available, switch to backup.example.com.\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example."
"com\"\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example."
"com\"\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup."
"example.com\"\n"
"\n"
" The interactive mode can be used for easy modification:\n"
"  ipa dnsrecord-mod example.com _ldap._tcp\n"
"  No option to modify specific record provided.\n"
"  Current DNS record contents:\n"
"\n"
"  SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 "
"backup.example.com\n"
"\n"
"  Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n"
"  Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n"
"  SRV Priority [0]:                     (keep the default value)\n"
"  SRV Weight [1]: 2                     (modified value)\n"
"  SRV Port [389]:                       (keep the default value)\n"
"  SRV Target [slow.example.com]:        (keep the default value)\n"
"  1 SRV record skipped. Only one value per DNS record type can be modified "
"at one time.\n"
"    Record name: _ldap._tcp\n"
"    SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 "
"389 slow.example.com\n"
"\n"
" After this modification, three fifths of the requests should go to\n"
" fast.example.com and two fifths to slow.example.com.\n"
"\n"
" An example of the interactive mode for dnsrecord-del command:\n"
"   ipa dnsrecord-del example.com www\n"
"   No option to delete specific record provided.\n"
"   Delete all? Yes/No (default No):     (do not delete all records)\n"
"   Current DNS record contents:\n"
"\n"
"   A record: 1.2.3.4, 11.22.33.44\n"
"\n"
"   Delete A record '1.2.3.4'? Yes/No (default No):\n"
"   Delete A record '11.22.33.44'? Yes/No (default No): y\n"
"     Record name: www\n"
"     A record: 1.2.3.4                  (A record 11.22.33.44 has been "
"deleted)\n"
"\n"
" Show zone example.com:\n"
"   ipa dnszone-show example.com\n"
"\n"
" Find zone with \"example\" in its domain name:\n"
"   ipa dnszone-find example\n"
"\n"
" Find records for resources with \"www\" in their name in zone example.com:\n"
"   ipa dnsrecord-find example.com www\n"
"\n"
" Find A records with value 10.10.0.1 in zone example.com\n"
"   ipa dnsrecord-find example.com --a-rec=10.10.0.1\n"
"\n"
" Show records for resource www in zone example.com\n"
"   ipa dnsrecord-show example.com www\n"
"\n"
" Delegate zone sub.example to another nameserver:\n"
"   ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5\n"
"   ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n"
"\n"
" If global forwarder is configured, all requests to sub.example.com will be\n"
" routed through the global forwarder. To change the behavior for example."
"com\n"
" zone only and forward the request directly to ns.sub.example.com., global\n"
" forwarding may be disabled per-zone:\n"
"   ipa dnszone-mod example.com --forward-policy=none\n"
"\n"
" Forward all requests for the zone external.com to another nameserver using\n"
" a \"first\" policy (it will send the queries to the selected forwarder and "
"if\n"
" not answered it will use global resolvers):\n"
"   ipa dnszone-add external.com\n"
"   ipa dnszone-mod external.com --"
"forwarder=10.20.0.1                                 --forward-policy=first\n"
"\n"
" Delete zone example.com with all resource records:\n"
"   ipa dnszone-del example.com\n"
"\n"
" Resolve a host name to see if it exists (will add default IPA domain\n"
" if one is not included):\n"
"   ipa dns-resolve www.example.com\n"
"   ipa dns-resolve www\n"
"\n"
"\n"
"GLOBAL DNS CONFIGURATION\n"
"\n"
"DNS configuration passed to command line install script is stored in a "
"local\n"
"configuration file on each IPA server where DNS service is configured. "
"These\n"
"local settings can be overridden with a common configuration stored in LDAP\n"
"server:\n"
"\n"
" Show global DNS configuration:\n"
"   ipa dnsconfig-show\n"
"\n"
" Modify global DNS configuration and set a list of global forwarders:\n"
"   ipa dnsconfig-mod --forwarder=10.0.0.1\n"
msgstr ""

msgid ""
"A list of global forwarders. A custom port can be specified for each "
"forwarder using a standard format \"IP_ADDRESS port PORT\""
msgstr ""

msgid "An interval between regular polls of the name server for new DNS zones"
msgstr ""

msgid "DNS class"
msgstr ""

msgid "Comma-separated list of raw A records"
msgstr ""

msgid "Comma-separated list of raw AAAA records"
msgstr ""

msgid "Comma-separated list of raw A6 records"
msgstr ""

msgid "Comma-separated list of raw AFSDB records"
msgstr ""

msgid "Comma-separated list of raw APL records"
msgstr ""

msgid "Comma-separated list of raw CERT records"
msgstr ""

msgid "Comma-separated list of raw CNAME records"
msgstr ""

msgid "Comma-separated list of raw DHCID records"
msgstr ""

msgid "Comma-separated list of raw DLV records"
msgstr ""

msgid "Comma-separated list of raw DNAME records"
msgstr ""

msgid "Comma-separated list of raw DNSKEY records"
msgstr ""

msgid "Comma-separated list of raw DS records"
msgstr ""

msgid "Comma-separated list of raw HIP records"
msgstr ""

msgid "Comma-separated list of raw IPSECKEY records"
msgstr ""

msgid "Comma-separated list of raw KEY records"
msgstr ""

msgid "KEY Flags"
msgstr ""

msgid "KEY Protocol"
msgstr ""

msgid "Protocol"
msgstr ""

msgid "KEY Algorithm"
msgstr ""

msgid "KEY Public Key"
msgstr ""

msgid "Public Key"
msgstr ""

msgid "Comma-separated list of raw KX records"
msgstr ""

msgid "Comma-separated list of raw LOC records"
msgstr ""

msgid "Comma-separated list of raw MX records"
msgstr ""

msgid "Comma-separated list of raw NAPTR records"
msgstr ""

msgid "Comma-separated list of raw NS records"
msgstr ""

msgid "Comma-separated list of raw NSEC records"
msgstr ""

msgid "NSEC Next Domain Name"
msgstr ""

msgid "Next Domain Name"
msgstr ""

msgid "NSEC Type Map"
msgstr ""

msgid "Type Map"
msgstr ""

msgid "Comma-separated list of raw NSEC3 records"
msgstr ""

msgid "Comma-separated list of raw NSEC3PARAM records"
msgstr ""

msgid "Comma-separated list of raw PTR records"
msgstr ""

msgid "Comma-separated list of raw RRSIG records"
msgstr ""

msgid "RRSIG Type Covered"
msgstr ""

msgid "Type Covered"
msgstr ""

msgid "RRSIG Algorithm"
msgstr ""

msgid "RRSIG Labels"
msgstr ""

msgid "Labels"
msgstr ""

msgid "RRSIG Original TTL"
msgstr ""

msgid "Original TTL"
msgstr ""

msgid "RRSIG Signature Expiration"
msgstr ""

msgid "Signature Expiration"
msgstr ""

msgid "RRSIG Signature Inception"
msgstr ""

msgid "Signature Inception"
msgstr ""

msgid "RRSIG Key Tag"
msgstr ""

msgid "RRSIG Signer's Name"
msgstr ""

msgid "Signer's Name"
msgstr ""

msgid "RRSIG Signature"
msgstr ""

msgid "Signature"
msgstr ""

msgid "Comma-separated list of raw RP records"
msgstr ""

msgid "Comma-separated list of raw SIG records"
msgstr ""

msgid "SIG Type Covered"
msgstr ""

msgid "SIG Algorithm"
msgstr ""

msgid "SIG Labels"
msgstr ""

msgid "SIG Original TTL"
msgstr ""

msgid "SIG Signature Expiration"
msgstr ""

msgid "SIG Signature Inception"
msgstr ""

msgid "SIG Key Tag"
msgstr ""

msgid "SIG Signer's Name"
msgstr ""

msgid "SIG Signature"
msgstr ""

msgid "Comma-separated list of raw SPF records"
msgstr ""

msgid "Comma-separated list of raw SRV records"
msgstr ""

msgid "Comma-separated list of raw SSHFP records"
msgstr ""

msgid "Comma-separated list of raw TA records"
msgstr ""

msgid "Comma-separated list of raw TKEY records"
msgstr ""

msgid "Comma-separated list of raw TSIG records"
msgstr ""

msgid "Comma-separated list of raw TXT records"
msgstr ""

msgid "SOA time to live"
msgstr ""

msgid "SOA record time to live"
msgstr ""

msgid "SOA class"
msgstr ""

msgid "SOA record class"
msgstr ""

msgid ""
"A list of per-zone forwarders. A custom port can be specified for each "
"forwarder using a standard format \"IP_ADDRESS port PORT\""
msgstr ""

msgid "Add forward record for nameserver located in the created zone"
msgstr ""

msgid ""
"\n"
"Entitlements\n"
"\n"
"Manage entitlements for client machines\n"
"\n"
"Entitlements can be managed either by registering with an entitlement\n"
"server with a username and password or by manually importing entitlement\n"
"certificates. An entitlement certificate contains embedded information\n"
"such as the product being entitled, the quantity and the validity dates.\n"
"\n"
"An entitlement server manages the number of client entitlements available.\n"
"To mark these entitlements as used by the IPA server you provide a quantity\n"
"and they are marked as consumed on the entitlement server.\n"
"\n"
" Register with an entitlement server:\n"
"   ipa entitle-register consumer\n"
"\n"
" Import an entitlement certificate:\n"
"   ipa entitle-import /home/user/ipaclient.pem\n"
"\n"
" Display current entitlements:\n"
"   ipa entitle-status\n"
"\n"
" Retrieve details on entitlement certificates:\n"
"   ipa entitle-get\n"
"\n"
" Consume some entitlements from the entitlement server:\n"
"   ipa entitle-consume 50\n"
"\n"
"The registration ID is a Unique Identifier (UUID). This ID will be\n"
"IMPORTED if you have used entitle-import.\n"
"\n"
"Changes to /etc/rhsm/rhsm.conf require a restart of the httpd service.\n"
msgstr ""

msgid "Consume an entitlement."
msgstr ""

msgid "Quantity"
msgstr ""

msgid "Search for entitlement accounts."
msgstr ""

msgid "Retrieve the entitlement certs."
msgstr ""

msgid "Import an entitlement certificate."
msgstr ""

msgid "UUID"
msgstr ""

msgid "Enrollment UUID"
msgstr ""

msgid "Register to the entitlement system."
msgstr ""

msgid "Username"
msgstr ""

msgid "Enrollment UUID (not implemented)"
msgstr ""

msgid "Registration password"
msgstr ""

msgid "Display current entitlements."
msgstr ""

msgid "Re-sync the local entitlement cache with the entitlement server."
msgstr ""

msgid ""
"\n"
"Groups of users\n"
"\n"
"Manage groups of users. By default, new groups are POSIX groups. You\n"
"can add the --nonposix option to the group-add command to mark a new group\n"
"as non-POSIX. You can use the --posix argument with the group-mod command\n"
"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
"converted to non-POSIX groups.\n"
"\n"
"Every group must have a description.\n"
"\n"
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
"supported but can have an impact on your file permissions. It is not "
"necessary\n"
"to supply a GID when creating a group. IPA will generate one automatically\n"
"if it is not provided.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new group:\n"
"   ipa group-add --desc='local administrators' localadmins\n"
"\n"
" Add a new non-POSIX group:\n"
"   ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
"\n"
" Convert a non-POSIX group to posix:\n"
"   ipa group-mod --posix remoteadmins\n"
"\n"
" Add a new POSIX group with a specific Group ID number:\n"
"   ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
"\n"
" Add a new POSIX group and let IPA assign a Group ID number:\n"
"   ipa group-add --desc='printer admins' printeradmins\n"
"\n"
" Remove a group:\n"
"   ipa group-del unixadmins\n"
"\n"
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
"   ipa group-add-member --groups=remoteadmins localadmins\n"
"\n"
" Add a list of users to the \"localadmins\" group:\n"
"   ipa group-add-member --users=test1,test2 localadmins\n"
"\n"
" Remove a user from the \"localadmins\" group:\n"
"   ipa group-remove-member --users=test2 localadmins\n"
"\n"
" Display information about a named group.\n"
"   ipa group-show localadmins\n"
"\n"
"External group membership is designed to allow users from trusted domains\n"
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
"External members should be added to groups that specifically created as\n"
"external and non-POSIX. Such group later should be included into one of "
"POSIX\n"
"groups.\n"
"\n"
"An external group member is currently a Security Identifier (SID) as defined "
"by\n"
"the trusted domain. When adding external group members, it is possible to\n"
"specify them in either SID, or DOM\n"
"ame, or name@domain format. IPA will attempt\n"
"to resolve passed name to SID with the use of Global Catalog of the trusted "
"domain.\n"
"\n"
"Example:\n"
"\n"
"1. Create group for the trusted domain admins' mapping and their local POSIX "
"group:\n"
"\n"
"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
"--external\n"
"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
"\n"
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
"ad_admins_external\n"
"   group:\n"
"\n"
"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
"\n"
"3. Allow members of ad_admins_external group to be associated with ad_admins "
"POSIX group:\n"
"\n"
"   ipa group-add-member ad_admins --groups ad_admins_external\n"
"\n"
"4. List members of external members of ad_admins_external group to see their "
"SIDs:\n"
"\n"
"   ipa group-show ad_admins_external\n"
msgstr ""

msgid ""
"comma-separated list of members of a trusted domain in DOM\\name or "
"name@domain form"
msgstr ""

msgid "comma-separated list of users to add"
msgstr ""

msgid "comma-separated list of groups to add"
msgstr ""

msgid "comma-separated list of users to remove"
msgstr ""

msgid "comma-separated list of groups to remove"
msgstr ""

msgid ""
"\n"
"Host-based access control\n"
"\n"
"Control who can access what services on what hosts and from where. You\n"
"can use HBAC to control which users or groups on a source host can\n"
"access a service, or group of services, on a target host.\n"
"\n"
"You can also specify a category of users, target hosts, and source\n"
"hosts. This is currently limited to \"all\", but might be expanded in the\n"
"future.\n"
"\n"
"Target hosts and source hosts in HBAC rules must be hosts managed by IPA.\n"
"\n"
"The available services and groups of services are controlled by the\n"
"hbacsvc and hbacsvcgroup plug-ins respectively.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Create a rule, \"test1\", that grants all users access to the host \"server"
"\" from\n"
" anywhere:\n"
"   ipa hbacrule-add --usercat=all --srchostcat=all test1\n"
"   ipa hbacrule-add-host --hosts=server.example.com test1\n"
"\n"
" Display the properties of a named HBAC rule:\n"
"   ipa hbacrule-show test1\n"
"\n"
" Create a rule for a specific service. This lets the user john access\n"
" the sshd service on any machine from any machine:\n"
"   ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd\n"
"   ipa hbacrule-add-user --users=john john_sshd\n"
"   ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n"
"\n"
" Create a rule for a new service group. This lets the user john access\n"
" the FTP service on any machine from any machine:\n"
"   ipa hbacsvcgroup-add ftpers\n"
"   ipa hbacsvc-add sftp\n"
"   ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers\n"
"   ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp\n"
"   ipa hbacrule-add-user --users=john john_ftp\n"
"   ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n"
"\n"
" Disable a named HBAC rule:\n"
"   ipa hbacrule-disable test1\n"
"\n"
" Remove a named HBAC rule:\n"
"   ipa hbacrule-del allow_server\n"
msgstr ""

msgid "Source host category"
msgstr ""

msgid "Source host category the rule applies to"
msgstr ""

msgid "Source Hosts"
msgstr ""

msgid "Source Host Groups"
msgstr ""

msgid "comma-separated list of hosts to add"
msgstr ""

msgid "comma-separated list of host groups to add"
msgstr ""

msgid "comma-separated list of HBAC services to add"
msgstr ""

msgid "comma-separated list of HBAC service groups to add"
msgstr ""

msgid "Add source hosts and hostgroups from a HBAC rule."
msgstr ""

msgid "comma-separated list of hosts to remove"
msgstr ""

msgid "comma-separated list of host groups to remove"
msgstr ""

msgid "comma-separated list of HBAC services to remove"
msgstr ""

msgid "comma-separated list of HBAC service groups to remove"
msgstr ""

msgid "Remove source hosts and hostgroups from an HBAC rule."
msgstr ""

msgid ""
"\n"
"HBAC Service Groups\n"
"\n"
"HBAC service groups can contain any number of individual services,\n"
"or \"members\". Every group must have a description.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new HBAC service group:\n"
"   ipa hbacsvcgroup-add --desc=\"login services\" login\n"
"\n"
" Add members to an HBAC service group:\n"
"   ipa hbacsvcgroup-add-member --hbacsvcs=sshd,login login\n"
"\n"
" Display information about a named group:\n"
"   ipa hbacsvcgroup-show login\n"
"\n"
" Add a new group to the \"login\" group:\n"
"   ipa hbacsvcgroup-add --desc=\"switch users\" login\n"
"   ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l login\n"
"\n"
" Delete an HBAC service group:\n"
"   ipa hbacsvcgroup-del login\n"
msgstr ""

msgid ""
"\n"
"Simulate use of Host-based access controls\n"
"\n"
"HBAC rules control who can access what services on what hosts and from "
"where.\n"
"You can use HBAC to control which users or groups can access a service,\n"
"or group of services, on a target host.\n"
"\n"
"Since applying HBAC rules implies use of a production environment,\n"
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
"having access to the production environment.\n"
"\n"
" Test user coming to a service on a named host against\n"
" existing enabled rules.\n"
"\n"
" ipa hbactest --user= --host= --service=\n"
"              [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
"              [--srchost= ] [--sizelimit= ]\n"
"\n"
" --user, --host, and --service are mandatory, others are optional.\n"
"\n"
" If --rules is specified simulate enabling of the specified rules and test\n"
" the login of the user using only these rules.\n"
"\n"
" If --enabled is specified, all enabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --disabled is specified, all disabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --nodetail is specified, do not return information about rules matched/"
"not matched.\n"
"\n"
" If both --rules and --enabled are specified, apply simulation to --rules "
"_and_\n"
" all IPA enabled rules.\n"
"\n"
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
" By default there is a IPA-wide limit to number of entries fetched, you can "
"change it\n"
" with --sizelimit option.\n"
"\n"
" If --srchost is specified, it will be ignored. It is left because of "
"compatibility reasons only.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Use all enabled HBAC rules in IPA database to simulate:\n"
"    $ ipa  hbactest --user=a1a --host=bar --service=sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      notmatched: my-second-rule\n"
"      notmatched: my-third-rule\n"
"      notmatched: myrule\n"
"      matched: allow_all\n"
"\n"
"    2. Disable detailed summary of how rules were applied:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"\n"
"    3. Test explicitly specified HBAC rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --rules=my-"
"second-rule,myrule\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      notmatched: my-second-rule\n"
"      notmatched: myrule\n"
"\n"
"    4. Use all enabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --rules=my-"
"second-rule,myrule --enabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      notmatched: my-second-rule\n"
"      notmatched: my-third-rule\n"
"      notmatched: myrule\n"
"      matched: allow_all\n"
"\n"
"    5. Test all disabled HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      notmatched: new-rule\n"
"\n"
"    6. Test all disabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --rules=my-"
"second-rule,myrule --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      notmatched: my-second-rule\n"
"      notmatched: my-third-rule\n"
"      notmatched: myrule\n"
"\n"
"    7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd           --enabled "
"--disabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      notmatched: my-second-rule\n"
"      notmatched: my-third-rule\n"
"      notmatched: myrule\n"
"      notmatched: new-rule\n"
"      matched: allow_all\n"
msgstr ""

msgid "Source host"
msgstr ""

msgid ""
"\n"
"Hosts/Machines\n"
"\n"
"A host represents a machine. It can be used in a number of contexts:\n"
"- service entries are associated with a host\n"
"- a host stores the host/ service principal\n"
"- a host can be used in Host-based Access Control (HBAC) rules\n"
"- every enrolled client generates a host entry\n"
"\n"
"ENROLLMENT:\n"
"\n"
"There are three enrollment scenarios when enrolling a new client:\n"
"\n"
"1. You are enrolling as a full administrator. The host entry may exist\n"
"   or not. A full administrator is a member of the hostadmin role\n"
"   or the admins group.\n"
"2. You are enrolling as a limited administrator. The host must already\n"
"   exist. A limited administrator is a member a role with the\n"
"   Host Enrollment privilege.\n"
"3. The host has been created with a one-time password.\n"
"\n"
"A host can only be enrolled once. If a client has enrolled and needs to\n"
"be re-enrolled, the host entry must be removed and re-created. Note that\n"
"re-creating the host entry will result in all services for the host being\n"
"removed, and all SSL certificates associated with those services being\n"
"revoked.\n"
"\n"
"A host can optionally store information such as where it is located,\n"
"the OS that it runs, etc.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new host:\n"
"   ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example."
"com\n"
"\n"
" Delete a host:\n"
"   ipa host-del test.example.com\n"
"\n"
" Add a new host with a one-time password:\n"
"   ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n"
"\n"
" Add a new host with a random one-time password:\n"
"   ipa host-add --os='Fedora 12' --random test.example.com\n"
"\n"
" Modify information about a host:\n"
"   ipa host-mod --os='Fedora 12' test.example.com\n"
"\n"
" Remove SSH public keys of a host and update DNS to reflect this change:\n"
"   ipa host-mod --sshpubkey= --updatedns test.example.com\n"
"\n"
" Disable the host Kerberos key, SSL certificate and all of its services:\n"
"   ipa host-disable test.example.com\n"
"\n"
" Add a host that can manage this host's keytab and certificate:\n"
"   ipa host-add-managedby --hosts=test2 test\n"
msgstr ""

msgid ""
"\n"
"Groups of hosts.\n"
"\n"
"Manage groups of hosts. This is useful for applying access control to a\n"
"number of hosts by using Host-based Access Control.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new host group:\n"
"   ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n"
"\n"
" Add another new host group:\n"
"   ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n"
"\n"
" Add members to the hostgroup:\n"
"   ipa hostgroup-add-member --hosts=box1,box2,box3 baltimore\n"
"\n"
" Add a hostgroup as a member of another hostgroup:\n"
"   ipa hostgroup-add-member --hostgroups=baltimore maryland\n"
"\n"
" Remove a host from the hostgroup:\n"
"   ipa hostgroup-remove-member --hosts=box2 baltimore\n"
"\n"
" Display a host group:\n"
"   ipa hostgroup-show baltimore\n"
"\n"
" Delete a hostgroup:\n"
"   ipa hostgroup-del baltimore\n"
msgstr ""

msgid ""
"Comma-separated list of objectclasses used to search for user entries in DS"
msgstr ""

msgid ""
"Comma-separated list of objectclasses used to search for group entries in DS"
msgstr ""

msgid ""
"Comma-separated list of objectclasses to be ignored for user entries in DS"
msgstr ""

msgid "Comma-separated list of attributes to be ignored for user entries in DS"
msgstr ""

msgid ""
"Comma-separated list of objectclasses to be ignored for group entries in DS"
msgstr ""

msgid ""
"Comma-separated list of attributes to be ignored for group entries in DS"
msgstr ""

msgid "comma-separated list of groups to exclude from migration"
msgstr ""

msgid "comma-separated list of users to exclude from migration"
msgstr ""

msgid ""
"\n"
"Netgroups\n"
"\n"
"A netgroup is a group used for permission checking. It can contain both\n"
"user and host values.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new netgroup:\n"
"   ipa netgroup-add --desc=\"NFS admins\" admins\n"
"\n"
" Add members to the netgroup:\n"
"   ipa netgroup-add-member --users=tuser1,tuser2 admins\n"
"\n"
" Remove a member from the netgroup:\n"
"   ipa netgroup-remove-member --users=tuser2 admins\n"
"\n"
" Display information about a netgroup:\n"
"   ipa netgroup-show admins\n"
"\n"
" Delete a netgroup:\n"
"   ipa netgroup-del admins\n"
msgstr ""

msgid "comma-separated list of netgroups to add"
msgstr ""

msgid "comma-separated list of netgroups to remove"
msgstr ""

msgid ""
"\n"
"Permissions\n"
"\n"
"A permission enables fine-grained delegation of rights. A permission is\n"
"a human-readable form of a 389-ds Access Control Rule, or instruction "
"(ACI).\n"
"A permission grants the right to perform a specific task such as adding a\n"
"user, modifying a group, etc.\n"
"\n"
"A permission may not contain other permissions.\n"
"\n"
"* A permission grants access to read, write, add or delete.\n"
"* A privilege combines similar permissions (for example all the permissions\n"
"  needed to add a user).\n"
"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n"
"\n"
"A permission is made up of a number of different parts:\n"
"\n"
"1. The name of the permission.\n"
"2. The target of the permission.\n"
"3. The rights granted by the permission.\n"
"\n"
"Rights define what operations are allowed, and may be one or more\n"
"of the following:\n"
"1. write - write one or more attributes\n"
"2. read - read one or more attributes\n"
"3. add - add a new entry to the tree\n"
"4. delete - delete an existing entry\n"
"5. all - all permissions are granted\n"
"\n"
"Read permission is granted for most attributes by default so the read\n"
"permission is not expected to be used very often.\n"
"\n"
"Note the distinction between attributes and entries. The permissions are\n"
"independent, so being able to add a user does not mean that the user will\n"
"be editable.\n"
"\n"
"There are a number of allowed targets:\n"
"1. type: a type of object (user, group, etc).\n"
"2. memberof: a member of a group or hostgroup\n"
"3. filter: an LDAP filter\n"
"4. subtree: an LDAP filter specifying part of the LDAP DIT. This is a\n"
"   super-set of the \"type\" target.\n"
"5. targetgroup: grant access to modify a specific group (such as granting\n"
"   the rights to manage group membership)\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a permission that grants the creation of users:\n"
"   ipa permission-add --type=user --permissions=add \"Add Users\"\n"
"\n"
" Add a permission that grants the ability to manage group membership:\n"
"   ipa permission-add --attrs=member --permissions=write --type=group "
"\"Manage Group Members\"\n"
msgstr ""

msgid ""
"Comma-separated list of permissions to grant (read, write, add, delete, all)"
msgstr ""

msgid ""
"Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)"
msgstr ""

msgid "Target members of a group"
msgstr ""

msgid "User group to apply permissions to"
msgstr ""

msgid "comma-separated list of privileges to add"
msgstr ""

msgid "Add a system permission without an ACI"
msgstr ""

msgid "Permission type"
msgstr ""

msgid "comma-separated list of privileges to remove"
msgstr ""

msgid ""
"\n"
"Ping the remote IPA server to ensure it is running.\n"
"\n"
"The ping command sends an echo request to an IPA server. The server\n"
"returns its version information. This is used by an IPA client\n"
"to confirm that the server is available and accepting requests.\n"
"\n"
"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n"
"If it does not respond then the client will contact any servers defined\n"
"by ldap SRV records in DNS.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Ping an IPA server:\n"
"   ipa ping\n"
"   ------------------------------------------\n"
"   IPA server version 2.1.9. API version 2.20\n"
"   ------------------------------------------\n"
"\n"
" Ping an IPA server verbosely:\n"
"   ipa -v ping\n"
"   ipa: INFO: trying https://ipa.example.com/ipa/xml\n"
"   ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/"
"xml'\n"
"   -----------------------------------------------------\n"
"   IPA server version 2.1.9. API version 2.20\n"
"   -----------------------------------------------------\n"
msgstr ""

msgid "comma-separated list of roles to add"
msgstr ""

msgid "comma-separated list of permissions"
msgstr ""

msgid "comma-separated list of roles to remove"
msgstr ""

msgid "comma-separated list of privileges"
msgstr ""

msgid ""
"\n"
"Self-service Permissions\n"
"\n"
"A permission enables fine-grained delegation of permissions. Access Control\n"
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
"given tasks such as adding a user, modifying a group, etc.\n"
"\n"
"A Self-service permission defines what an object can change in its own "
"entry.\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a self-service rule to allow users to manage their address:\n"
"   ipa selfservice-add --permissions=write --attrs=street,postalCode,l,c,st "
"\"Users manage their own address\"\n"
"\n"
" When managing the list of attributes you need to include all attributes\n"
" in the list, including existing ones. Add telephoneNumber to the list:\n"
"   ipa selfservice-mod --attrs=street,postalCode,l,c,st,telephoneNumber "
"\"Users manage their own address\"\n"
"\n"
" Display our updated rule:\n"
"   ipa selfservice-show \"Users manage their own address\"\n"
"\n"
" Delete a rule:\n"
"   ipa selfservice-del \"Users manage their own address\"\n"
msgstr ""

msgid ""
"\n"
"Services\n"
"\n"
"A IPA service represents a service that runs on a host. The IPA service\n"
"record can store a Kerberos principal, an SSL certificate, or both.\n"
"\n"
"An IPA service can be managed directly from a machine, provided that\n"
"machine has been given the correct permission. This is true even for\n"
"machines other than the one the service is associated with. For example,\n"
"requesting an SSL certificate using the host service principal credentials\n"
"of the host. To manage a service using host credentials you need to\n"
"kinit as the host:\n"
"\n"
" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
"\n"
"Adding an IPA service allows the associated service to request an SSL\n"
"certificate or keytab, but this is performed as a separate step; they\n"
"are not produced as a result of adding the service.\n"
"\n"
"Only the public aspect of a certificate is stored in a service record;\n"
"the private key is not stored.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new IPA service:\n"
"   ipa service-add HTTP/web.example.com\n"
"\n"
" Allow a host to manage an IPA service certificate:\n"
"   ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
"   ipa role-add-member --hosts=web.example.com certadmin\n"
"\n"
" Override a default list of supported PAC types for the service:\n"
"   ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
"\n"
" Delete an IPA service:\n"
"   ipa service-del HTTP/web.example.com\n"
"\n"
" Find all IPA services associated with a host:\n"
"   ipa service-find web.example.com\n"
"\n"
" Find all HTTP services:\n"
"   ipa service-find HTTP\n"
"\n"
" Disable the service Kerberos key and SSL certificate:\n"
"   ipa service-disable HTTP/web.example.com\n"
"\n"
" Request a certificate for an IPA service:\n"
"   ipa cert-request --principal=HTTP/web.example.com example.csr\n"
"\n"
" Generate and retrieve a keytab for an IPA service:\n"
"   ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
"httpd.keytab\n"
msgstr ""

msgid ""
"Override default list of supported PAC types. Use 'NONE' to disable PAC "
"support for this service"
msgstr ""

msgid ""
"\n"
"Groups of Sudo Commands\n"
"\n"
"Manage groups of Sudo Commands.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new Sudo Command Group:\n"
"   ipa sudocmdgroup-add --desc='administrators commands' admincmds\n"
"\n"
" Remove a Sudo Command Group:\n"
"   ipa sudocmdgroup-del admincmds\n"
"\n"
" Manage Sudo Command Group membership, commands:\n"
"   ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less,/usr/bin/vim "
"admincmds\n"
"\n"
" Manage Sudo Command Group membership, commands:\n"
"   ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n"
"\n"
" Show a Sudo Command Group:\n"
"   ipa group-show localadmins\n"
msgstr ""

msgid "comma-separated list of sudo commands to add"
msgstr ""

msgid "comma-separated list of sudo commands to remove"
msgstr ""

msgid "Active directory domain administrator's password"
msgstr ""

msgid "GECOS field"
msgstr ""

msgid ""
"\n"
"ID ranges\n"
"\n"
"Manage ID ranges  used to map Posix IDs to SIDs and back.\n"
"\n"
"There are two type of ID ranges which are both handled by this utility:\n"
"\n"
" - the ID ranges of the local domain\n"
" - the ID ranges of trusted remote domains\n"
"\n"
"Both types have the following attributes in common:\n"
"\n"
" - base-id: the first ID of the Posix ID range\n"
" - range-size: the size of the range\n"
"\n"
"With those two attributes a range object can reserve the Posix IDs starting\n"
"with base-id up to but not including base-id+range-size exclusively.\n"
"\n"
"Additionally an ID range of the local domain may set\n"
" - rid-base: the first RID(*) of the corresponding RID range\n"
" - secondary-rid-base: first RID of the secondary RID range\n"
"\n"
"and an ID range of a trusted domain must set\n"
" - rid-base: the first RID of the corresponding RID range\n"
" - dom_sid: domain SID of the trusted domain\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for a trusted domain\n"
"\n"
"Since there might be more than one trusted domain the domain SID must be "
"given\n"
"while creating the ID range.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
"base=0                   --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
"\n"
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
"assign Posix UIDs to users from the trusted domain.\n"
"\n"
"If e.g. a range for a trusted domain is configured with the following "
"values:\n"
" base-id = 1200000\n"
" range-size = 200000\n"
" rid-base = 0\n"
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
"So\n"
"RID 1000 <-> Posix ID 1201000\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for the local domain\n"
"\n"
"To create an ID range for the local domain it is not necessary to specify a\n"
"domain SID. But since it is possible that a user and a group can have the "
"same\n"
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
"base=1000                   --secondary-rid-base=1000000 local_range\n"
"\n"
"The data from the ID ranges of the local domain are used by the IPA server\n"
"internally to assign SIDs to IPA users and groups. The SID will then be "
"stored\n"
"in the user or group objects.\n"
"\n"
"If e.g. the ID range for the local domain is configured with the values "
"from\n"
"the example above then a new user with the UID 1200007 will get the RID "
"1007.\n"
"If this RID is already used by a group the RID will be 1000007. This can "
"only\n"
"happen if a user or a group object was created with a fixed ID because the\n"
"automatic assignment will not assign the same ID twice. Since there are "
"only\n"
"users and groups sharing the same ID namespace it is sufficient to have "
"only\n"
"one fallback range to handle conflicts.\n"
"\n"
"To find the Posix ID for a given RID from the local domain it has to be\n"
"checked first if the RID falls in the primary or secondary RID range and\n"
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
"and the base-id has to be added to get the Posix ID.\n"
"\n"
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
"must not be used at all. The ID range for the local domain will be created\n"
"during installation or upgrade from an older version. The ID range for a\n"
"trusted domain will be created together with the trust by 'ipa trust-"
"add ...'.\n"
"\n"
"USE CASES:\n"
"\n"
"  Add an ID range from a transitively trusted domain\n"
"\n"
"    If the trusted domain (A) trusts another domain (B) as well and this "
"trust\n"
"    is transitive 'ipa trust-add domain-A' will only create a range for\n"
"    domain A.  The ID range for domain B must be added manually.\n"
"\n"
"  Add an additional ID range for the local domain\n"
"\n"
"    If the ID range of the local domain is exhausted, i.e. no new IDs can "
"be\n"
"    assigned to Posix users or groups by the DNA plugin, a new range has to "
"be\n"
"    created to allow new users and groups to be added. (Currently there is "
"no\n"
"    connection between this range CLI and the DNA plugin, but a future "
"version\n"
"    might be able to modify the configuration of the DNS plugin as well)\n"
"\n"
"In general it is not necessary to modify or delete ID ranges. If there is "
"no\n"
"other way to achieve a certain configuration than to modify or delete an ID\n"
"range it should be done with great care. Because UIDs are stored in the "
"file\n"
"system and are used for access control it might be possible that users are\n"
"allowed to access files of other users if an ID range got deleted and "
"reused\n"
"for a different domain.\n"
"\n"
"(*) The RID is typically the last integer of a user or group SID which "
"follows\n"
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
"from\n"
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
"the\n"
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
"groups.\n"
"\n"
"WARNING:\n"
"\n"
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
"the\n"
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"on the local ranges set via this family of commands.\n"
"\n"
"Manual configuration change has to be done in the DNA plugin configuration "
"for\n"
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
"be\n"
"modified to match the new range.\n"
msgstr ""

msgid ""
"\n"
"Add new ID range.\n"
"\n"
"    To add a new ID range you always have to specify\n"
"\n"
"        --base-id\n"
"        --range-size\n"
"\n"
"    Additionally\n"
"\n"
"        --rid-base\n"
"        --secondary-rid-base\n"
"\n"
"    may be given for a new ID range for the local domain while\n"
"\n"
"        --rid-bas\n"
"        --dom-sid\n"
"\n"
"    must be given to add a new range for a trusted AD domain.\n"
"\n"
"    WARNING:\n"
"\n"
"    DNA plugin in 389-ds will allocate IDs based on the ranges configured "
"for the\n"
"    local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"    on the local ranges set via this family of commands.\n"
"\n"
"    Manual configuration change has to be done in the DNA plugin "
"configuration for\n"
"    the new local range. Specifically, The dnaNextRange attribute of "
"'cn=Posix\n"
"    IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has "
"to be\n"
"    modified to match the new range.\n"
"    "
msgstr ""

msgid ""
"\n"
"Sudo Rules\n"
"\n"
"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
"give certain users (or groups of users) the ability to run some (or all)\n"
"commands as root or another user while providing an audit trail of the\n"
"commands and their arguments.\n"
"\n"
"IPA provides a means to configure the various aspects of Sudo:\n"
"   Users: The user(s)/group(s) allowed to invoke Sudo.\n"
"   Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
"Sudo.\n"
"   Allow Command: The specific command(s) permitted to be run via Sudo.\n"
"   Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
"   RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
"invoked with.\n"
"   RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
"   Options: The various Sudoers Options that can modify Sudo's behavior.\n"
"\n"
"An order can be added to a sudorule to control the order in which they\n"
"are evaluated (if the client supports it). This order is an integer and\n"
"must be unique.\n"
"\n"
"IPA provides a designated binddn to use with Sudo located at:\n"
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
"\n"
"To enable the binddn run the following command to set the password:\n"
"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
"dc=com\n"
"\n"
"For more information, see the IPA Documentation to Sudo.\n"
msgstr ""

msgid "comma-separated list of sudo command groups to add"
msgstr ""

msgid "comma-separated list of sudo command groups to remove"
msgstr ""

msgid "A dictionary representing an LDAP entry"
msgstr ""

msgid "A list of LDAP entries"
msgstr ""

msgid "All commands should at least have a result"
msgstr ""

#, python-format
msgid "%(filename)s: file not found"
msgstr ""

#, python-brace-format
msgid "Unable to parse option {item}"
msgstr ""

msgid "Filename is empty"
msgstr ""

#, python-format
msgid "Permission denied: %(file)s"
msgstr ""

msgid "empty DNS label"
msgstr ""

msgid "DNS label cannot be longer that 63 characters"
msgstr ""

#, python-format
msgid ""
"only letters, numbers, %(chars)s are allowed. DNS label may not start or end "
"with %(chars2)s"
msgstr ""

msgid "single label {}s are not supported"
msgstr ""

msgid "too many '@' characters"
msgstr ""

msgid "cannot be longer that {} characters"
msgstr ""

msgid "hostname contains empty label (consecutive dots)"
msgstr ""

msgid "not fully qualified"
msgstr ""

msgid "invalid SSH public key"
msgstr ""

msgid "options are not allowed"
msgstr ""

msgid "invalid hostmask"
msgstr ""

#, fuzzy, python-format
msgid "query '%(owner)s %(rtype)s': %(error)s"
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"

#, python-format
msgid "query '%(owner)s %(rtype)s' with EDNS0: %(error)s"
msgstr ""

#, python-format
msgid ""
"answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG "
"data)"
msgstr ""

#, python-format
msgid "record '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)s"
msgstr ""

msgid "invalid escape code in domain name"
msgstr ""

msgid "domain name cannot be longer than 255 characters"
msgstr ""

msgid "DNS label cannot be longer than 63 characters"
msgstr ""

msgid "invalid domain name"
msgstr ""

#, python-format
msgid "domain name '%(domain)s' should be normalized to: %(normalized)s"
msgstr ""

#, python-format
msgid "invalid domain-name: %s"
msgstr ""

#, python-format
msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!"
msgstr ""

msgid "invalid IP address format"
msgstr ""

#, python-format
msgid "%(port)s is not a valid port"
msgstr ""

msgid ""
"at least one value equal to the canonical principal name must be present"
msgstr ""

msgid "realm or UPN suffix overlaps with trusted domain namespace"
msgstr ""

msgid "Additional instructions:"
msgstr ""

#, python-format
msgid ""
"API Version number was not sent, forward compatibility not guaranteed. "
"Assuming server's API version, %(server_version)s"
msgstr ""

msgid ""
"DNS forwarder semantics changed since IPA 4.0.\n"
"You may want to use forward zones (dnsforwardzone-*) instead.\n"
"For more details read the docs."
msgstr ""

#, python-format
msgid ""
"DNSSEC support is experimental.\n"
"%(additional_info)s"
msgstr ""

#, python-format
msgid "'%(option)s' option is deprecated. %(additional_info)s"
msgstr ""

#, python-format
msgid ""
"Semantic of %(label)s was changed. %(current_behavior)s\n"
"%(hint)s"
msgstr ""

#, fuzzy, python-format
msgid "DNS server %(server)s: %(error)s."
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"

#, python-format
msgid ""
"DNS server %(server)s does not support DNSSEC: %(error)s.\n"
"If DNSSEC validation is enabled on IPA server(s), please disable it."
msgstr ""

#, python-format
msgid ""
"forward zone \"%(fwzone)s\" is not effective because of missing proper NS "
"delegation in authoritative zone \"%(authzone)s\". Please add NS record "
"\"%(ns_rec)s\" to parent zone \"%(authzone)s\"."
msgstr ""

#, python-format
msgid ""
"DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s.\n"
"If DNSSEC validation is enabled on IPA server(s), please disable it."
msgstr ""

#, python-format
msgid ""
"DNSSEC validation failed: %(error)s.\n"
"Please verify your DNSSEC configuration or disable DNSSEC validation on all "
"IPA servers."
msgstr ""

#, python-format
msgid ""
"The _kerberos TXT record from domain %(domain)s could not be created "
"(%(error)s).\n"
"This can happen if the zone is not managed by IPA. Please create the record "
"manually, containing the following value: '%(realm)s'"
msgstr ""

#, python-format
msgid ""
"The _kerberos TXT record from domain %(domain)s could not be removed "
"(%(error)s).\n"
"This can happen if the zone is not managed by IPA. Please remove the record "
"manually."
msgstr ""

msgid ""
"No DNSSEC key master is installed. DNSSEC zone signing will not work until "
"the DNSSEC key master is installed."
msgstr ""

#, python-format
msgid ""
"Relative record name '%(record)s' contains the zone name '%(zone)s' as a "
"suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused "
"by a missing dot at the end of the name specification."
msgstr ""

#, python-format
msgid "'%(command)s' is deprecated. %(additional_info)s"
msgstr ""

#, python-format
msgid "%(line)s"
msgstr ""

#, python-format
msgid "Search result has been truncated: %(reason)s"
msgstr ""

#, python-format
msgid ""
"Your trust to %(domain)s is broken. Please re-create it by running 'ipa "
"trust-add' again."
msgstr ""

#, python-format
msgid "DNS record(s) of host %(host)s could not be removed. (%(reason)s)"
msgstr ""

msgid ""
"Forwarding policy conflicts with some automatic empty zones. Queries for "
"zones specified by RFC 6303 will ignore forwarding and recursion and always "
"result in NXDOMAIN answers. To override this behavior use forward policy "
"'only'."
msgstr ""

#, python-format
msgid "Update of system record '%(record)s' failed with error: %(error)s"
msgstr ""

#, python-format
msgid ""
"IPA does not manage the zone %(zone)s, please add records to your DNS server "
"manually"
msgstr ""

msgid ""
"Automatic update of DNS system records failed. Please re-run update of "
"system records manually to get list of missing records."
msgstr ""

#, python-format
msgid ""
"Service %(service)s requires restart on IPA server %(server)s to apply "
"configuration changes."
msgstr ""

#, python-format
msgid ""
"No DNS servers in IPA location %(location)s. Without DNS servers location is "
"not working as expected."
msgstr ""

#, python-format
msgid "%(subject)s: Malformed certificate. %(reason)s"
msgstr ""

#, python-format
msgid "The host was added but the DNS update failed with: %(reason)s"
msgstr ""

#, python-format
msgid "The certificate for %(ca)s is not available on this server."
msgstr ""

msgid "any of the configured servers"
msgstr ""

msgid "Exceeded number of tries to forward a request."
msgstr ""

#, python-format
msgid "%(cver)s client incompatible with %(sver)s server at '%(server)s'"
msgstr ""

#, fuzzy, python-format
msgid "unknown error %(code)d from %(server)s: %(error)s"
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"

#, python-format
msgid "error marshalling data for XML-RPC transport: %(error)s"
msgstr ""

#, python-format
msgid ""
"System encoding must be UTF-8, '%(encoding)s' is not supported. Set LC_ALL="
"\"C.UTF-8\", or LC_ALL=\"\" and LC_CTYPE=\"C.UTF-8\"."
msgstr ""

msgid "No credentials cache found"
msgstr ""

msgid "Ticket expired"
msgstr ""

msgid "Credentials cache permissions incorrect"
msgstr ""

msgid "Bad format in credentials cache"
msgstr ""

msgid "Cannot resolve KDC for requested realm"
msgstr ""

msgid "Session error"
msgstr ""

#, python-format
msgid "Principal %(principal)s cannot be authenticated: %(message)s"
msgstr ""

#, python-format
msgid "Insufficient access: %(info)s"
msgstr ""

#, python-format
msgid "command '%(name)s' takes no arguments"
msgstr ""

#, python-format
msgid "command '%(name)s' takes at most %(count)d argument"
msgid_plural "command '%(name)s' takes at most %(count)d arguments"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "overlapping arguments and options: %(names)s"
msgstr ""

#, python-format
msgid "'%(name)s' is required"
msgstr ""

#, fuzzy, python-format
msgid "invalid '%(name)s': %(error)s"
msgstr "अवैध JSON-RPC विनंती : %(error)s"

#, python-format
msgid "api has no such namespace: '%(name)s'"
msgstr ""

#, fuzzy
msgid "Passwords do not match"
msgstr "पासवर्ड जुळत नाही!"

#, fuzzy
msgid "Command not implemented"
msgstr "आदेशाचे नाव "

msgid "Client is not configured. Run ipa-client-install."
msgstr ""

#, python-format
msgid "Could not get %(name)s interactively"
msgstr ""

#, python-format
msgid "Command '%(name)s' has been deprecated"
msgstr ""

#, python-format
msgid "Domain '%(domain)s' is not a root domain for forest '%(forest)s'"
msgstr ""

#, python-format
msgid "%(reason)s"
msgstr ""

msgid "This entry already exists"
msgstr ""

msgid "You must enroll a host in order to create a host service"
msgstr ""

#, python-format
msgid ""
"Service principal is not of the form: service/fully-qualified host name: "
"%(reason)s"
msgstr ""

msgid ""
"The realm for the principal does not match the realm for this IPA server"
msgstr ""

msgid "This command requires root access"
msgstr ""

msgid "This is already a posix group"
msgstr ""

#, python-format
msgid "Principal is not of the form user@REALM: '%(principal)s'"
msgstr ""

msgid "This entry is already enabled"
msgstr ""

msgid "This entry is already disabled"
msgstr ""

msgid "This entry cannot be enabled or disabled"
msgstr ""

msgid "This entry is not a member"
msgstr ""

msgid "A group may not be a member of itself"
msgstr ""

msgid "This entry is already a member"
msgstr ""

#, python-format
msgid "Base64 decoding failed: %(reason)s"
msgstr ""

msgid "A group may not be added as a member of itself"
msgstr ""

msgid "The default users group cannot be removed"
msgstr ""

msgid "Deleting a managed group is not allowed. It must be detached first."
msgstr ""

msgid "A managed group cannot have a password policy."
msgstr ""

#, python-format
msgid "'%(entry)s' doesn't have a certificate."
msgstr ""

#, python-format
msgid "Unable to create private group. A group '%(group)s' already exists."
msgstr ""

#, python-format
msgid ""
"A problem was encountered when verifying that all members were %(verb)s: "
"%(exc)s"
msgstr ""

#, python-format
msgid "%(attr)s does not contain '%(value)s'"
msgstr ""

#, python-format
msgid ""
"The search criteria was not specific enough. Expected 1 and found %(found)d."
msgstr ""

msgid "This group already allows external members"
msgstr ""

msgid "This group cannot be posix because it is external"
msgstr ""

msgid "This is already a posix group and cannot be converted to external one"
msgstr ""

#, python-format
msgid "Server removal aborted: %(reason)s."
msgstr ""

#, python-format
msgid "%(operation)s is not supported for %(principal_type)s principals"
msgstr ""

#, python-format
msgid "Request failed with status %(status)s: %(reason)s"
msgstr ""

#, python-format
msgid ""
"Mapping ruleset \"%(ruleset)s\" has more than one rule for the %(helper)s "
"helper"
msgstr ""

#, python-format
msgid "'%(attr)s' already contains one or more values"
msgstr ""

#, python-format
msgid "no command nor help topic '%(topic)s'"
msgstr ""

msgid "change collided with another change"
msgstr ""

msgid "no modifications to be performed"
msgstr ""

#, python-format
msgid "%(desc)s: %(info)s"
msgstr ""

msgid "limits exceeded for this query"
msgstr ""

#, python-format
msgid "%(info)s"
msgstr ""

msgid "modifying primary key is not allowed"
msgstr ""

#, python-format
msgid "%(attr)s: Only one value allowed."
msgstr ""

#, python-format
msgid "%(attr)s: Invalid syntax."
msgstr ""

#, python-format
msgid "Bad search filter %(info)s"
msgstr ""

msgid "Not allowed on non-leaf entry"
msgstr ""

msgid "LDAP timeout"
msgstr ""

#, python-format
msgid "%(task)s LDAP task timeout, Task DN: '%(task_dn)s'"
msgstr ""

msgid "Configured time limit exceeded"
msgstr ""

msgid "Configured size limit exceeded"
msgstr ""

msgid "Configured administrative server limit exceeded"
msgstr ""

#, python-format
msgid "Certificate operation cannot be completed: %(error)s"
msgstr ""

#, python-format
msgid "Certificate format error: %(error)s"
msgstr ""

msgid "Already registered"
msgstr ""

msgid "Not registered yet"
msgstr ""

#, python-format
msgid "%(key)s cannot be deleted because %(label)s %(dependent)s requires it"
msgstr ""

#, python-format
msgid ""
"%(key)s cannot be deleted or disabled because it is the last member of "
"%(label)s %(container)s"
msgstr ""

#, python-format
msgid "%(label)s %(key)s cannot be deleted/modified: %(reason)s"
msgstr ""

#, python-format
msgid "%(name)s certificate is not valid"
msgstr ""

#, python-format
msgid "Schema is up to date (FP '%(fingerprint)s', TTL %(ttl)s s)"
msgstr ""

#, python-format
msgid "Host '%(hostname)s' does not have corresponding DNS A/AAAA record"
msgstr ""

#, python-format
msgid "DNS check failed: Expected {%(expected)s} got {%(got)s}"
msgstr ""

#, python-format
msgid "%(exception)s"
msgstr ""

#, python-format
msgid ""
"Forest '%(forest)s' has existing trust to forest(s) %(domains)s which "
"prevents a trust to '%(conflict)s'"
msgstr ""

msgid "incorrect type"
msgstr ""

msgid "Only one value is allowed"
msgstr ""

msgid "this option is deprecated"
msgstr ""

msgid "must be True or False"
msgstr ""

msgid "must be an integer"
msgstr ""

#, python-format
msgid "must be at least %(minvalue)d"
msgstr ""

#, python-format
msgid "can be at most %(maxvalue)d"
msgstr ""

msgid "must be a decimal number"
msgstr ""

#, python-format
msgid "must be at least %(minvalue)s"
msgstr ""

#, python-format
msgid "can be at most %(maxvalue)s"
msgstr ""

#, python-format
msgid ""
"number class '%(cls)s' is not included in a list of allowed number classes: "
"%(allowed)s"
msgstr ""

#, python-format
msgid "must match pattern \"%(pattern)s\""
msgstr ""

msgid "must be binary data"
msgstr ""

#, python-format
msgid "must be at least %(minlength)d bytes"
msgstr ""

#, python-format
msgid "can be at most %(maxlength)d bytes"
msgstr ""

#, python-format
msgid "must be exactly %(length)d bytes"
msgstr ""

msgid "must be a certificate"
msgstr ""

msgid "must be a certificate signing request"
msgstr ""

#, python-format
msgid "Failure decoding Certificate Signing Request: %s"
msgstr ""

msgid "must be Unicode text"
msgstr ""

msgid "Leading and trailing spaces are not allowed"
msgstr ""

#, python-format
msgid "must be at least %(minlength)d characters"
msgstr ""

#, python-format
msgid "can be at most %(maxlength)d characters"
msgstr ""

#, python-format
msgid "must be exactly %(length)d characters"
msgstr ""

#, python-format
msgid "The character %(char)r is not allowed."
msgstr ""

#, python-format
msgid "must be '%(value)s'"
msgstr ""

#, python-format
msgid "must be one of %(values)s"
msgstr ""

msgid "must be datetime value"
msgstr ""

msgid "does not match any of accepted formats: "
msgstr ""

msgid "incomplete time value"
msgstr ""

msgid "must be DNS name"
msgstr ""

msgid "must be absolute"
msgstr ""

msgid "must be relative"
msgstr ""

msgid "must be dictionary"
msgstr ""

msgid "must be Kerberos principal"
msgstr ""

#, python-format
msgid "Malformed principal: '%(value)s'"
msgstr ""

msgid "Service principal is required"
msgstr ""

#, python-format
msgid "%(count)d variables"
msgstr ""

#, python-format
msgid "%(count)d plugin loaded"
msgid_plural "%(count)d plugins loaded"
msgstr[0] ""
msgstr[1] ""

msgid "Results are truncated, try a more specific search"
msgstr ""

#, python-format
msgid "Unknown option: %(option)s"
msgstr ""

msgid "Client version. Used to determine if server will accept request."
msgstr ""

#, python-format
msgid "objectclass %s not found"
msgstr ""

#, python-format
msgid "Retrieving CA cert chain failed: %s"
msgstr ""

#, python-format
msgid "request failed with HTTP status %d"
msgstr ""

#, python-format
msgid "Retrieving CA status failed: %s"
msgstr ""

#, python-format
msgid "Retrieving CA status failed with status %d"
msgstr ""

#, python-format
msgid "Unable to communicate with CMS (status %d)"
msgstr ""

#, python-format
msgid "Replication agreement for %(hostname)s not found"
msgstr ""

msgid "Failed to authenticate to CA REST API"
msgstr ""

msgid "One time password commands"
msgstr ""

msgid "OTP configuration options"
msgstr ""

msgid "OTP Configuration"
msgstr ""

msgid ""
"\n"
"IPA server roles\n"
msgstr ""

msgid ""
"\n"
"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n"
msgstr ""

msgid ""
"\n"
"The status of a role is either enabled, configured, or absent.\n"
msgstr ""

msgid ""
"\n"
"  Show status of 'DNS server' role on a server:\n"
"    ipa server-role-show ipa.example.com \"DNS server\"\n"
msgstr ""

msgid ""
"\n"
"  Show status of all roles containing 'AD' on a server:\n"
"    ipa server-role-find --server ipa.example.com --role=\"AD trust "
"controller\"\n"
msgstr ""

msgid ""
"\n"
"  Show status of all configured roles on a server:\n"
"    ipa server-role-find ipa.example.com\n"
msgstr ""

msgid ""
"\n"
"  Show implicit IPA master role:\n"
"    ipa server-role-find --include-master\n"
msgstr ""

msgid "server role"
msgstr ""

msgid "server roles"
msgstr ""

msgid "IPA Server Roles"
msgstr ""

msgid "IPA Server Role"
msgstr ""

msgid "IPA server role name"
msgstr ""

msgid "Role status"
msgstr ""

msgid "Status of the role"
msgstr ""

msgid "Show role status on a server"
msgstr ""

msgid "Find a server role on a server(s)"
msgstr ""

#, python-format
msgid "%(count)s server role matched"
msgid_plural "%(count)s server roles matched"
msgstr[0] ""
msgstr[1] ""

msgid "Include IPA master entries"
msgstr ""

msgid "roles"
msgstr ""

msgid "IPA role name"
msgstr ""

msgid "Class of Service object used for linking policies with groups"
msgstr ""

#, python-format
msgid "priority must be a unique value (%(prio)d already used by %(gname)s)"
msgstr ""

msgid "Add Class of Service entry"
msgstr ""

msgid "Delete Class of Service entry"
msgstr ""

msgid "Modify Class of Service entry"
msgstr ""

msgid "Display Class of Service entry"
msgstr ""

msgid "Search for Class of Service entry"
msgstr ""

msgid "password policy"
msgstr ""

msgid "password policies"
msgstr ""

msgid "Password Policies"
msgstr ""

msgid "Password Policy"
msgstr ""

msgid "Max repeat"
msgstr ""

msgid "Maximum number of same consecutive characters"
msgstr ""

msgid "Max sequence"
msgstr ""

msgid "The max. length of monotonic character sequences (abcd)"
msgstr ""

msgid "Dictionary check"
msgstr ""

msgid "Check if the password is a dictionary word"
msgstr ""

msgid "User check"
msgstr ""

msgid "Check if the password contains the username"
msgstr ""

msgid ""
"Minimum length must be >= 6 if maxrepeat, maxsequence, dictcheck or "
"usercheck are defined"
msgstr ""

msgid "Maximum password life must be greater than minimum."
msgstr ""

msgid "cannot delete global password policy"
msgstr ""

msgid "priority cannot be set on global policy"
msgstr ""

msgid ""
"\n"
"Realm domains\n"
"\n"
"Manage the list of domains associated with IPA realm.\n"
"\n"
"This list is useful for Domain Controllers from other realms which have\n"
"established trust with this IPA realm. They need the information to know\n"
"which request should be forwarded to KDC of this IPA realm.\n"
"\n"
"Automatic management: a domain is automatically added to the realm domains\n"
"list when a new DNS Zone managed by IPA is created. Same applies for "
"deletion.\n"
"\n"
"Externally managed DNS: domains which are not managed in IPA server DNS\n"
"need to be manually added to the list using ipa realmdomains-mod command.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Display the current list of realm domains:\n"
"   ipa realmdomains-show\n"
"\n"
" Replace the list of realm domains:\n"
"   ipa realmdomains-mod --domain=example.com\n"
"   ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
"\n"
" Add a domain to the list of realm domains:\n"
"   ipa realmdomains-mod --add-domain=newdomain.com\n"
"\n"
" Delete a domain from the list of realm domains:\n"
"   ipa realmdomains-mod --del-domain=olddomain.com\n"
msgstr ""

msgid "Realm domains"
msgstr ""

msgid "Realm Domains"
msgstr ""

msgid ""
"\n"
"    Modify realm domains\n"
"\n"
"    DNS check: When manually adding a domain to the list, a DNS check is\n"
"    performed by default. It ensures that the domain is associated with\n"
"    the IPA realm, by checking whether the domain has a _kerberos TXT "
"record\n"
"    containing the IPA realm name. This check can be skipped by specifying\n"
"    --force option.\n"
"\n"
"    Removal: when a realm domain which has a matching DNS zone managed by\n"
"    IPA is being removed, a corresponding _kerberos TXT record in the zone "
"is\n"
"    removed automatically as well. Other records in the zone or the zone\n"
"    itself are not affected.\n"
"    "
msgstr ""

#, python-format
msgid ""
"DNS zone for each realmdomain must contain SOA or NS records. No records "
"found for: %s"
msgstr ""

#, python-format
msgid "The following domains do not belong to this realm: %(domains)s"
msgstr ""

#, python-format
msgid ""
"The realm of the following domains could not be detected: %(domains)s. If "
"these are domains that belong to the this realm, please create a _kerberos "
"TXT record containing \"%(realm)s\" in each of them."
msgstr ""

msgid ""
"The --domain option cannot be used together with --add-domain or --del-"
"domain. Use --domain to specify the whole realm domain list explicitly, to "
"add/remove individual domains, use --add-domain/del-domain."
msgstr ""

msgid "IPA server domain cannot be omitted"
msgstr ""

msgid "IPA server domain cannot be deleted"
msgstr ""

msgid ""
"\n"
"API Schema\n"
msgstr ""

msgid ""
"\n"
"Provides API introspection capabilities.\n"
msgstr ""

msgid ""
"\n"
" Show user-find details:\n"
"   ipa command-show user-find\n"
msgstr ""

msgid ""
"\n"
" Find user-find parameters:\n"
"   ipa param-find user-find\n"
msgstr ""

msgid "Name"
msgstr ""

msgid "Documentation"
msgstr ""

msgid "Exclude from"
msgstr ""

msgid "Include in"
msgstr ""

#, python-format
msgid "Results should contain primary key attribute only (\"%s\")"
msgstr ""

msgid "Help topic"
msgstr ""

msgid "Version"
msgstr ""

msgid "Parameters"
msgstr ""

msgid "Method of"
msgstr ""

#, fuzzy
msgid "Method name"
msgstr "आदेशाचे नाव "

#, python-format
msgid "%(pkey)s: %(oname)s not found"
msgstr ""

msgid "Display information about a command."
msgstr ""

#, fuzzy
msgid "Search for commands."
msgstr "विषय किंवा आदेश"

msgid "Return command defaults"
msgstr ""

msgid "Display information about a class."
msgstr ""

msgid "Search for classes."
msgstr ""

msgid "Display information about a help topic."
msgstr ""

msgid "Search for help topics."
msgstr ""

msgid "Required"
msgstr ""

msgid "Multi-value"
msgstr ""

msgid "Always ask"
msgstr ""

msgid "CLI metavar"
msgstr ""

#, fuzzy
msgid "CLI name"
msgstr "आदेशाचे नाव "

msgid "Confirm (password)"
msgstr ""

msgid "Default"
msgstr ""

msgid "Default from"
msgstr ""

msgid "Label"
msgstr ""

msgid "Convert on server"
msgstr ""

msgid "Option group"
msgstr ""

msgid "Sensitive"
msgstr ""

#, fuzzy
msgid "Positional argument"
msgstr "positional वितर्क"

#, python-format
msgid "%(metaobject)s: %(oname)s not found"
msgstr ""

msgid "Display information about a command parameter."
msgstr ""

msgid "Search command parameters."
msgstr ""

#, python-format
msgid "%(command_name)s: %(oname)s not found"
msgstr ""

msgid "Display information about a command output."
msgstr ""

msgid "Search for command outputs."
msgstr ""

msgid "Store and provide schema for commands and topics"
msgstr ""

msgid "Fingerprint of schema cached by client"
msgstr ""

msgid ""
"\n"
"Service Constrained Delegation\n"
"\n"
"Manage rules to allow constrained delegation of credentials so\n"
"that a service can impersonate a user when communicating with another\n"
"service without requiring the user to actually forward their TGT.\n"
"This makes for a much better method of delegating credentials as it\n"
"prevents exposure of the short term secret of the user.\n"
"\n"
"The naming convention is to append the word \"target\" or \"targets\" to\n"
"a matching rule name. This is not mandatory but helps conceptually\n"
"to associate rules and targets.\n"
"\n"
"A rule consists of two things:\n"
"  - A list of targets the rule applies to\n"
"  - A list of memberPrincipals that are allowed to delegate for\n"
"    those targets\n"
"\n"
"A target consists of a list of principals that can be delegated.\n"
"\n"
"In English, a rule says that this principal can delegate as this\n"
"list of principals, as defined by these targets.\n"
"\n"
"In both a rule and a target Kerberos principals may be specified\n"
"by their name or an alias and the realm can be omitted. Additionally,\n"
"hosts can be specified by their names. If Kerberos principal specified\n"
"has a single component and does not end with '$' sign, it will be treated\n"
"as a host name. Kerberos principal names ending with '$' are typically\n"
"used as aliases for Active Directory-related services.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new constrained delegation rule:\n"
"   ipa servicedelegationrule-add ftp-delegation\n"
"\n"
" Add a new constrained delegation target:\n"
"   ipa servicedelegationtarget-add ftp-delegation-target\n"
"\n"
" Add a principal to the rule:\n"
"   ipa servicedelegationrule-add-member --principals=ftp/ipa.example."
"com       ftp-delegation\n"
"\n"
" Add a host principal of the host 'ipa.example.com' to the rule:\n"
"   ipa servicedelegationrule-add-member --principals=ipa.example.com       "
"ftp-delegation\n"
"\n"
" Add our target to the rule:\n"
"   ipa servicedelegationrule-add-target       --servicedelegationtargets=ftp-"
"delegation-target ftp-delegation\n"
"\n"
" Add a principal to the target:\n"
"   ipa servicedelegationtarget-add-member --principals=ldap/ipa.example."
"com       ftp-delegation-target\n"
"\n"
" Display information about a named delegation rule and target:\n"
"   ipa servicedelegationrule_show ftp-delegation\n"
"   ipa servicedelegationtarget_show ftp-delegation-target\n"
"\n"
" Remove a constrained delegation:\n"
"   ipa servicedelegationrule-del ftp-delegation-target\n"
"   ipa servicedelegationtarget-del ftp-delegation\n"
"\n"
"In this example the ftp service can get a TGT for the ldap service on\n"
"the bound user's behalf.\n"
"\n"
"It is strongly discouraged to modify the delegations that ship with\n"
"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n"
"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n"
"to delegate, causing the framework to stop functioning.\n"
msgstr ""

msgid "Allowed to Impersonate"
msgstr ""

msgid "Member principals"
msgstr ""

#, python-format
msgid "Malformed principal: %(error)s"
msgstr ""

msgid "Add target to a named service delegation."
msgstr ""

#, python-format
msgid "member %s"
msgstr ""

msgid "Remove member from a named service delegation."
msgstr ""

msgid "service delegation rule"
msgstr ""

msgid "service delegation rules"
msgstr ""

msgid "Service delegation rules"
msgstr ""

msgid "Service delegation rule"
msgstr ""

#, python-format
msgid "Added service delegation rule \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted service delegation \"%(value)s\""
msgstr ""

msgid "privileged service delegation rule"
msgstr ""

#, python-format
msgid "%(count)d service delegation rule matched"
msgid_plural "%(count)d service delegation rules matched"
msgstr[0] ""
msgstr[1] ""

msgid "service delegation target"
msgstr ""

msgid "service delegation targets"
msgstr ""

msgid "Service delegation targets"
msgstr ""

msgid "Service delegation target"
msgstr ""

#, python-format
msgid "Added service delegation target \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted service delegation target \"%(value)s\""
msgstr ""

msgid "privileged service delegation target"
msgstr ""

#, python-format
msgid "%(count)d service delegation target matched"
msgid_plural "%(count)d service delegation targets matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"\n"
"Services\n"
"\n"
"A IPA service represents a service that runs on a host. The IPA service\n"
"record can store a Kerberos principal, an SSL certificate, or both.\n"
"\n"
"An IPA service can be managed directly from a machine, provided that\n"
"machine has been given the correct permission. This is true even for\n"
"machines other than the one the service is associated with. For example,\n"
"requesting an SSL certificate using the host service principal credentials\n"
"of the host. To manage a service using host credentials you need to\n"
"kinit as the host:\n"
"\n"
" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
"\n"
"Adding an IPA service allows the associated service to request an SSL\n"
"certificate or keytab, but this is performed as a separate step; they\n"
"are not produced as a result of adding the service.\n"
"\n"
"Only the public aspect of a certificate is stored in a service record;\n"
"the private key is not stored.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new IPA service:\n"
"   ipa service-add HTTP/web.example.com\n"
"\n"
" Allow a host to manage an IPA service certificate:\n"
"   ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
"   ipa role-add-member --hosts=web.example.com certadmin\n"
"\n"
" Override a default list of supported PAC types for the service:\n"
"   ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
"\n"
"   A typical use case where overriding the PAC type is needed is NFS.\n"
"   Currently the related code in the Linux kernel can only handle Kerberos\n"
"   tickets up to a maximal size. Since the PAC data can become quite large "
"it\n"
"   is recommended to set --pac-type=NONE for NFS services.\n"
"\n"
" Delete an IPA service:\n"
"   ipa service-del HTTP/web.example.com\n"
"\n"
" Find all IPA services associated with a host:\n"
"   ipa service-find web.example.com\n"
"\n"
" Find all HTTP services:\n"
"   ipa service-find HTTP\n"
"\n"
" Disable the service Kerberos key and SSL certificate:\n"
"   ipa service-disable HTTP/web.example.com\n"
"\n"
" Request a certificate for an IPA service:\n"
"   ipa cert-request --principal=HTTP/web.example.com example.csr\n"
msgstr ""

msgid ""
"\n"
" Allow user to create a keytab:\n"
"   ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n"
msgstr ""

msgid ""
"\n"
" Generate and retrieve a keytab for an IPA service:\n"
"   ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
"httpd.keytab\n"
"\n"
msgstr ""

msgid "Trusted to authenticate as user"
msgstr ""

msgid "The service is allowed to authenticate on behalf of a client"
msgstr ""

msgid "Malformed principal"
msgstr ""

msgid "{} is required by the IPA master"
msgstr ""

msgid "service"
msgstr ""

msgid "services"
msgstr ""

msgid "Principal alias"
msgstr ""

msgid "Service principal alias"
msgstr ""

msgid "Base-64 encoded service certificate"
msgstr ""

msgid "Subject"
msgstr ""

msgid "Serial Number"
msgstr ""

msgid "Serial Number (hex)"
msgstr ""

msgid "Issuer"
msgstr ""

msgid "Not Before"
msgstr ""

msgid "Not After"
msgstr ""

msgid "Fingerprint (SHA1)"
msgstr ""

msgid "Fingerprint (SHA256)"
msgstr ""

msgid "Revocation reason"
msgstr ""

msgid "Authentication Indicators"
msgstr ""

msgid ""
"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-"
"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA "
"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use "
"'hardened' to allow brute-force hardened password authentication by SPAKE or "
"FAST. With no indicator specified, all authentication mechanisms are allowed."
msgstr ""

msgid "NONE value cannot be combined with other PAC types"
msgstr ""

msgid "Add a new IPA service."
msgstr ""

#, python-format
msgid "Added service \"%(value)s\""
msgstr ""

msgid "force principal name even if host not in DNS"
msgstr ""

msgid "Skip host check"
msgstr ""

msgid ""
"force service to be created even when host object does not exist to manage it"
msgstr ""

#, python-format
msgid "The host '%s' does not exist to add a service to."
msgstr ""

msgid "Add a new SMB service."
msgstr ""

msgid "SMB service NetBIOS name"
msgstr ""

#, python-format
msgid "Deleted service \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified service \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d service matched"
msgid_plural "%(count)d services matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Disabled service \"%(value)s\""
msgstr ""

#, python-format
msgid "Added certificates to service principal \"%(value)s\""
msgstr ""

#, python-format
msgid "Removed certificates from service principal \"%(value)s\""
msgstr ""

msgid "Add new principal alias to a service"
msgstr ""

#, python-format
msgid "Added new aliases to the service principal \"%(value)s\""
msgstr ""

msgid "Remove principal alias from a service"
msgstr ""

#, python-format
msgid "Removed aliases to the service principal \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Sudo Rules\n"
msgstr ""

msgid ""
"\n"
"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
"give certain users (or groups of users) the ability to run some (or all)\n"
"commands as root or another user while providing an audit trail of the\n"
"commands and their arguments.\n"
msgstr ""

msgid ""
"\n"
"IPA provides a means to configure the various aspects of Sudo:\n"
"   Users: The user(s)/group(s) allowed to invoke Sudo.\n"
"   Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
"Sudo.\n"
"   Allow Command: The specific command(s) permitted to be run via Sudo.\n"
"   Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
"   RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
"invoked with.\n"
"   RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
"   Options: The various Sudoers Options that can modify Sudo's behavior.\n"
msgstr ""

msgid ""
"\n"
"An order can be added to a sudorule to control the order in which they\n"
"are evaluated (if the client supports it). This order is an integer and\n"
"must be unique.\n"
msgstr ""

msgid ""
"\n"
"IPA provides a designated binddn to use with Sudo located at:\n"
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
msgstr ""

msgid ""
"\n"
"To enable the binddn run the following command to set the password:\n"
"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
"dc=com\n"
msgstr ""

msgid ""
"\n"
" Create a new rule:\n"
"   ipa sudorule-add readfiles\n"
msgstr ""

msgid ""
"\n"
" Add sudo command object and add it as allowed command in the rule:\n"
"   ipa sudocmd-add /usr/bin/less\n"
"   ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n"
msgstr ""

msgid ""
"\n"
" Add a host to the rule:\n"
"   ipa sudorule-add-host readfiles --hosts server.example.com\n"
msgstr ""

msgid ""
"\n"
" Add a user to the rule:\n"
"   ipa sudorule-add-user readfiles --users jsmith\n"
msgstr ""

msgid ""
"\n"
" Add a special Sudo rule for default Sudo server configuration:\n"
"   ipa sudorule-add defaults\n"
msgstr ""

msgid ""
"\n"
" Set a default Sudo option:\n"
"   ipa sudorule-add-option defaults --sudooption '!authenticate'\n"
msgstr ""

msgid ""
"\n"
" Set SELinux type and role transitions on a rule:\n"
"   ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n"
"   ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n"
msgstr ""

msgid "this option has been deprecated."
msgstr ""

msgid "sudo rules"
msgstr ""

msgid "Sudo Rules"
msgstr ""

msgid "Sudo Rule"
msgstr ""

#, python-format
msgid "order must be a unique value (%(order)d already used by %(rule)s)"
msgstr ""

#, python-format
msgid "Added Sudo Rule \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted Sudo Rule \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified Sudo Rule \"%(value)s\""
msgstr ""

#, python-format
msgid ""
"%(type)s category cannot be set to 'all' while there are allowed %(objects)s"
msgstr ""

msgid "users"
msgstr ""

#, fuzzy
msgid "command"
msgstr "विषय आदेश:"

#, fuzzy
msgid "commands"
msgstr "विषय आदेश:"

msgid "runAs user"
msgstr ""

msgid "runAs users"
msgstr ""

msgid "group runAs"
msgstr ""

msgid "runAs groups"
msgstr ""

#, python-format
msgid "%(count)d Sudo Rule matched"
msgid_plural "%(count)d Sudo Rules matched"
msgstr[0] ""
msgstr[1] ""

msgid "commands cannot be added when command category='all'"
msgstr ""

msgid "users cannot be added when user category='all'"
msgstr ""

msgid "hosts cannot be added when host category='all'"
msgstr ""

msgid "users cannot be added when runAs user or runAs group category='all'"
msgstr ""

#, python-format
msgid "RunAsUser does not accept '%(name)s' as a user name"
msgstr ""

#, python-format
msgid "RunAsUser does not accept '%(name)s' as a group name"
msgstr ""

#, python-format
msgid "RunAsGroup does not accept '%(name)s' as a group name"
msgstr ""

msgid "pyhbac is not installed."
msgstr ""

#, fuzzy
msgid ""
"\n"
"IPA certificate operations\n"
msgstr "वापरात नसलेले पर्याय"

msgid ""
"\n"
"Implements a set of commands for managing server SSL certificates.\n"
msgstr ""

msgid ""
"\n"
"Certificate requests exist in the form of a Certificate Signing Request "
"(CSR)\n"
"in PEM format.\n"
msgstr ""

msgid ""
"\n"
"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n"
"subject to values configured in the server.\n"
msgstr ""

msgid ""
"\n"
"A certificate is stored with a service principal and a service principal\n"
"needs a host.\n"
msgstr ""

msgid ""
"\n"
"In order to request a certificate:\n"
msgstr ""

msgid ""
"\n"
"* The host must exist\n"
"* The service must exist (or you use the --add option to automatically add "
"it)\n"
msgstr ""

msgid ""
"\n"
"SEARCHING:\n"
msgstr ""

msgid ""
"\n"
"Certificates may be searched on by certificate subject, serial number,\n"
"revocation reason, validity dates and the issued date.\n"
msgstr ""

msgid ""
"\n"
"When searching on dates the _from date does a >= search and the _to date\n"
"does a <= search. When combined these are done as an AND.\n"
msgstr ""

msgid ""
"\n"
"Dates are treated as GMT to match the dates in the certificates.\n"
msgstr ""

msgid ""
"\n"
"The date format is YYYY-mm-dd.\n"
msgstr ""

msgid ""
"\n"
" Request a new certificate and add the principal:\n"
"   ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
msgstr ""

msgid ""
"\n"
" Retrieve an existing certificate:\n"
"   ipa cert-show 1032\n"
msgstr ""

msgid ""
"\n"
" Revoke a certificate (see RFC 5280 for reason details):\n"
"   ipa cert-revoke --revocation-reason=6 1032\n"
msgstr ""

msgid ""
"\n"
" Remove a certificate from revocation hold status:\n"
"   ipa cert-remove-hold 1032\n"
msgstr ""

msgid ""
"\n"
" Check the status of a signing request:\n"
"   ipa cert-status 10\n"
msgstr ""

msgid ""
"\n"
" Search for certificates by hostname:\n"
"   ipa cert-find --subject=ipaserver.example.com\n"
msgstr ""

msgid ""
"\n"
" Search for revoked certificates by reason:\n"
"   ipa cert-find --revocation-reason=5\n"
msgstr ""

msgid ""
"\n"
" Search for certificates based on issuance date\n"
"   ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
msgstr ""

msgid ""
"\n"
" Search for certificates owned by a specific user:\n"
"   ipa cert-find --user=user\n"
msgstr ""

msgid ""
"\n"
" Examine a certificate:\n"
"   ipa cert-find --file=cert.pem --all\n"
msgstr ""

msgid ""
"\n"
" Verify that a certificate is owned by a specific user:\n"
"   ipa cert-find --file=cert.pem --user=user\n"
msgstr ""

msgid ""
"\n"
"IPA currently immediately issues (or declines) all certificate requests so\n"
"the status of a request is not normally useful. This is for future use\n"
"or the case where a CA does not immediately issue a certificate.\n"
msgstr ""

msgid ""
"\n"
"The following revocation reasons are supported:\n"
"\n"
msgstr ""

msgid "    * 0 - unspecified\n"
msgstr ""

msgid "    * 1 - keyCompromise\n"
msgstr ""

msgid "    * 2 - cACompromise\n"
msgstr ""

msgid "    * 3 - affiliationChanged\n"
msgstr ""

msgid "    * 4 - superseded\n"
msgstr ""

msgid "    * 5 - cessationOfOperation\n"
msgstr ""

msgid "    * 6 - certificateHold\n"
msgstr ""

msgid "    * 8 - removeFromCRL\n"
msgstr ""

msgid "    * 9 - privilegeWithdrawn\n"
msgstr ""

msgid "    * 10 - aACompromise\n"
msgstr ""

msgid ""
"\n"
"Note that reason code 7 is not used.  See RFC 5280 for more details:\n"
msgstr ""

msgid ""
"\n"
"http://www.ietf.org/rfc/rfc5280.txt\n"
"\n"
msgstr ""

msgid "CA is not configured"
msgstr ""

#, python-format
msgid ""
"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile "
"'%(profile_id)s' for certificate issuance."
msgstr ""

msgid "enabledService/configuredService not in ipaConfigString kdc entry"
msgstr ""

#, python-format
msgid "Host '%(hostname)s' is not an active KDC"
msgstr ""

msgid "Issuing CA"
msgstr ""

msgid "Name of issuing CA"
msgstr ""

msgid "Base-64 encoded certificate."
msgstr ""

msgid "Certificate chain"
msgstr ""

msgid "X.509 certificate chain"
msgstr ""

msgid "Subject email address"
msgstr ""

msgid "Subject DNS name"
msgstr ""

msgid "Subject X.400 address"
msgstr ""

msgid "Subject directory name"
msgstr ""

msgid "Subject EDI Party name"
msgstr ""

msgid "Subject URI"
msgstr ""

msgid "Subject IP Address"
msgstr ""

msgid "Subject OID"
msgstr ""

msgid "Subject UPN"
msgstr ""

msgid "Subject Kerberos principal name"
msgstr ""

msgid "Subject Other Name"
msgstr ""

msgid "Issuer DN"
msgstr ""

msgid "Serial number (hex)"
msgstr ""

msgid "Request status"
msgstr ""

msgid "Include certificate chain in output"
msgstr ""

msgid ""
"automatically add the principal if it doesn't exist (service principals only)"
msgstr ""

#, python-format
msgid "krbtgt certs can use only the %s profile"
msgstr ""

msgid "No Common Name was found in subject of request."
msgstr ""

#, python-format
msgid ""
"hostname in subject of request '%(cn)s' does not match name or aliases of "
"principal '%(principal)s'"
msgstr ""

#, python-format
msgid ""
"hostname in subject of request '%(cn)s' does not match principal hostname "
"'%(hostname)s'"
msgstr ""

msgid "DN commonName does not match user's login"
msgstr ""

msgid "DN emailAddress does not match any of user's email addresses"
msgstr ""

#, python-format
msgid ""
"Insufficient 'write' privilege to the 'userCertificate' attribute of entry "
"'%s'."
msgstr ""

#, python-format
msgid "subject alt name type %s is forbidden for user principals"
msgstr ""

#, python-format
msgid ""
"The service principal for subject alt name %s in certificate request does "
"not exist"
msgstr ""

#, python-format
msgid ""
"Insufficient privilege to create a certificate with subject alt name '%s'."
msgstr ""

#, python-format
msgid "Principal '%s' in subject alt name does not match requested principal"
msgstr ""

msgid "RFC822Name does not match any of user's email addresses"
msgstr ""

#, python-format
msgid "subject alt name type %s is forbidden for non-user principals"
msgstr ""

#, python-format
msgid "Subject alt name type %s is forbidden"
msgstr ""

#, python-format
msgid "CA '%s' is disabled"
msgstr ""

#, fuzzy
msgid "'add' option"
msgstr "वापरात नसलेले पर्याय"

msgid "The principal for this request doesn't exist."
msgstr ""

#, python-format
msgid "IP address in subjectAltName (%s) unreachable from DNS names"
msgstr ""

#, python-format
msgid "IP address in subjectAltName (%s) does not have PTR record"
msgstr ""

#, python-format
msgid "PTR record for SAN IP (%s) does not match A/AAAA records"
msgstr ""

msgid "Status"
msgstr ""

msgid "Revoked"
msgstr ""

msgid ""
"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for "
"revocation reason details. "
msgstr ""

#, python-format
msgid "Owner %s"
msgstr ""

#, python-format
msgid ""
"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found"
msgstr ""

msgid "7 is not a valid revocation reason"
msgstr ""

msgid "Results should contain primary key attribute only (\"certificate\")"
msgstr ""

#, python-format
msgid "%(count)d certificate matched"
msgid_plural "%(count)d certificates matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Search for certificates with these owner %s."
msgstr ""

#, python-format
msgid "Search for certificates without these owner %s."
msgstr ""

msgid ""
"\n"
"Certificate Identity Mapping\n"
msgstr ""

msgid ""
"\n"
"Manage Certificate Identity Mapping configuration and rules.\n"
msgstr ""

msgid ""
"\n"
"IPA supports the use of certificates for authentication. Certificates can\n"
"either be stored in the user entry (full certificate in the usercertificate\n"
"attribute), or simply linked to the user entry through a mapping.\n"
"This code enables the management of the rules allowing to link a\n"
"certificate to a user entry.\n"
msgstr ""

msgid ""
"\n"
" Display the Certificate Identity Mapping global configuration:\n"
"   ipa certmapconfig-show\n"
msgstr ""

msgid ""
"\n"
" Modify Certificate Identity Mapping global configuration:\n"
"   ipa certmapconfig-mod --promptusername=TRUE\n"
msgstr ""

msgid ""
"\n"
" Create a new Certificate Identity Mapping Rule:\n"
"   ipa certmaprule-add rule1 --desc=\"Link certificate with subject and "
"issuer\"\n"
msgstr ""

msgid ""
"\n"
" Modify a Certificate Identity Mapping Rule:\n"
"   ipa certmaprule-mod rule1 --maprule=\"<ALT-SEC-ID-I-S:"
"altSecurityIdentities>\"\n"
msgstr ""

msgid ""
"\n"
" Disable a Certificate Identity Mapping Rule:\n"
"   ipa certmaprule-disable rule1\n"
msgstr ""

msgid ""
"\n"
" Enable a Certificate Identity Mapping Rule:\n"
"   ipa certmaprule-enable rule1\n"
msgstr ""

msgid ""
"\n"
" Display information about a Certificate Identity Mapping Rule:\n"
"   ipa certmaprule-show rule1\n"
msgstr ""

msgid ""
"\n"
" Find all Certificate Identity Mapping Rules with the specified domain:\n"
"   ipa certmaprule-find --domain example.com\n"
msgstr ""

msgid ""
"\n"
" Delete a Certificate Identity Mapping Rule:\n"
"   ipa certmaprule-del rule1\n"
msgstr ""

msgid "domain"
msgstr ""

#, python-format
msgid ""
"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check."
msgstr ""

msgid ""
"The mapping rule with altSecurityIdentities should be applied to a trusted "
"Active Directory domain but no domain was associated with the rule."
msgstr ""

#, python-format
msgid "The domain %s is neither IPA domain nor a trusteddomain."
msgstr ""

msgid "Certificate Identity Mapping configuration options"
msgstr ""

msgid "Certificate Identity Mapping Global Configuration"
msgstr ""

msgid "Prompt for the username"
msgstr ""

msgid ""
"Prompt for the username when multiple identities are mapped to a certificate"
msgstr ""

msgid "Modify Certificate Identity Mapping configuration."
msgstr ""

msgid "Show the current Certificate Identity Mapping configuration."
msgstr ""

msgid "Certificate Identity Mapping Rules"
msgstr ""

msgid "Certificate Identity Mapping Rule"
msgstr ""

msgid "Certificate Identity Mapping Rule name"
msgstr ""

msgid "Certificate Identity Mapping Rule description"
msgstr ""

msgid "Mapping rule"
msgstr ""

msgid "Rule used to map the certificate with a user entry"
msgstr ""

msgid "Matching rule"
msgstr ""

msgid "Rule used to check if a certificate can be used for authentication"
msgstr ""

msgid "Domain where the user entry will be searched"
msgstr ""

msgid "Priority of the rule (higher number means lower priority"
msgstr ""

msgid "Create a new Certificate Identity Mapping Rule."
msgstr ""

#, python-format
msgid "Added Certificate Identity Mapping Rule \"%(value)s\""
msgstr ""

msgid "Modify a Certificate Identity Mapping Rule."
msgstr ""

#, python-format
msgid "Modified Certificate Identity Mapping Rule \"%(value)s\""
msgstr ""

msgid "Search for Certificate Identity Mapping Rules."
msgstr ""

#, python-format
msgid "%(count)d Certificate Identity Mapping Rule matched"
msgid_plural "%(count)d Certificate Identity Mapping Rules matched"
msgstr[0] ""
msgstr[1] ""

msgid "Display information about a Certificate Identity Mapping Rule."
msgstr ""

msgid "Delete a Certificate Identity Mapping Rule."
msgstr ""

#, python-format
msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\""
msgstr ""

msgid "Enable a Certificate Identity Mapping Rule."
msgstr ""

#, python-format
msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\""
msgstr ""

msgid "Disable a Certificate Identity Mapping Rule."
msgstr ""

#, python-format
msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\""
msgstr ""

msgid "Failed to connect to sssd over SystemBus. See details in the error_log"
msgstr ""

msgid "Failed to find users over SystemBus.  See details in the error_log"
msgstr ""

msgid "User logins"
msgstr ""

msgid ""
"\n"
"    Search for users matching the provided certificate.\n"
"\n"
"    This command relies on SSSD to retrieve the list of matching users and\n"
"    may return cached data. For more information on purging SSSD cache,\n"
"    please refer to sss_cache documentation.\n"
"    "
msgstr ""

#, python-format
msgid "%(count)s user matched"
msgid_plural "%(count)s users matched"
msgstr[0] ""
msgstr[1] ""

msgid "Base-64 encoded user certificate"
msgstr ""

msgid ""
"\n"
"Server configuration\n"
"\n"
"Manage the default values that IPA uses and some of its tuning parameters.\n"
"\n"
"NOTES:\n"
"\n"
"The password notification value (--pwdexpnotify) is stored here so it will\n"
"be replicated. It is not currently used to notify users in advance of an\n"
"expiring password.\n"
"\n"
"Some attributes are read-only, provided only for information purposes. "
"These\n"
"include:\n"
"\n"
"Certificate Subject base: the configured certificate subject base,\n"
"  e.g. O=EXAMPLE.COM.  This is configurable only at install time.\n"
"Password plug-in features: currently defines additional hashes that the\n"
"  password will generate (there may be other conditions).\n"
"\n"
"When setting the order list for mapping SELinux users you may need to\n"
"quote the value so it isn't interpreted by the shell.\n"
"\n"
"The maximum length of a hostname in Linux is controlled by\n"
"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n"
"systems, Solaris for example, allows hostnames up to 255 characters.\n"
"This option will allow flexibility in length but by default limiting\n"
"to the Linux maximum length.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Show basic server configuration:\n"
"   ipa config-show\n"
"\n"
" Show all configuration options:\n"
"   ipa config-show --all\n"
"\n"
" Change maximum username length to 99 characters:\n"
"   ipa config-mod --maxusername=99\n"
"\n"
" Change maximum host name length to 255 characters:\n"
"   ipa config-mod --maxhostname=255\n"
"\n"
" Increase default time and size limits for maximum IPA server search:\n"
"   ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n"
"\n"
" Set default user e-mail domain:\n"
"   ipa config-mod --emaildomain=example.com\n"
"\n"
" Enable migration mode to make \"ipa migrate-ds\" command operational:\n"
"   ipa config-mod --enable-migration=TRUE\n"
"\n"
" Define SELinux user map order:\n"
"   ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-"
"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n"
msgstr ""

msgid "must be at least 10"
msgstr ""

msgid "configuration options"
msgstr ""

msgid "Configuration"
msgstr ""

msgid "Maximum hostname length"
msgstr ""

msgid "IPA masters"
msgstr ""

msgid "List of all IPA masters"
msgstr ""

msgid "Hidden IPA masters"
msgstr ""

msgid "List of all hidden IPA masters"
msgstr ""

msgid "IPA master capable of PKINIT"
msgstr ""

msgid "IPA master which can process PKINIT requests"
msgstr ""

msgid "IPA CA servers"
msgstr ""

msgid "IPA servers configured as certificate authority"
msgstr ""

msgid "Hidden IPA CA servers"
msgstr ""

msgid "Hidden IPA servers configured as certificate authority"
msgstr ""

msgid "IPA CA renewal master"
msgstr ""

msgid "Renewal master for IPA certificate authority"
msgstr ""

msgid "IPA KRA servers"
msgstr ""

msgid "IPA servers configured as key recovery agent"
msgstr ""

msgid "Hidden IPA KRA servers"
msgstr ""

msgid "Hidden IPA servers configured as key recovery agent"
msgstr ""

msgid "Domain resolution order"
msgstr ""

msgid "colon-separated list of domains used for short name qualification"
msgstr ""

msgid "IPA DNS servers"
msgstr ""

msgid "IPA servers configured as domain name server"
msgstr ""

msgid "Hidden IPA DNS servers"
msgstr ""

msgid "Hidden IPA servers configured as domain name server"
msgstr ""

msgid "IPA DNSSec key master"
msgstr ""

msgid "DNSec key master"
msgstr ""

msgid "Empty domain is not allowed"
msgstr ""

#, python-format
msgid "Invalid domain name '%(domain)s': %(e)s"
msgstr ""

#, python-format
msgid "Server has no information about domain '%(domain)s'"
msgstr ""

#, python-format
msgid "Disabled domain '%(domain)s' is not allowed"
msgstr ""

msgid "The group doesn't exist"
msgstr ""

#, python-format
msgid "attribute \"%s\" not allowed"
msgstr ""

msgid "May not be empty"
msgstr ""

#, python-format
msgid "%(obj)s default attribute %(attr)s would not be allowed!"
msgstr ""

msgid "A list of SELinux users delimited by $ expected"
msgstr ""

#, fuzzy, python-format
msgid "SELinux user '%(user)s' is not valid: %(error)s"
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"

msgid "SELinux user map default user not in order list"
msgstr ""

msgid ""
"\n"
"Groups of Sudo Commands\n"
"\n"
"Manage groups of Sudo Commands.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new Sudo Command Group:\n"
"   ipa sudocmdgroup-add --desc='administrators commands' admincmds\n"
"\n"
" Remove a Sudo Command Group:\n"
"   ipa sudocmdgroup-del admincmds\n"
"\n"
" Manage Sudo Command Group membership, commands:\n"
"   ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/"
"vim admincmds\n"
"\n"
" Manage Sudo Command Group membership, commands:\n"
"   ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n"
"\n"
" Show a Sudo Command Group:\n"
"   ipa sudocmdgroup-show admincmds\n"
msgstr ""

msgid "sudo command group"
msgstr ""

msgid "sudo command groups"
msgstr ""

#, python-format
msgid "Added Sudo Command Group \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted Sudo Command Group \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified Sudo Command Group \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d Sudo Command Group matched"
msgid_plural "%(count)d Sudo Command Groups matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"\n"
"Groups of hosts.\n"
"\n"
"Manage groups of hosts. This is useful for applying access control to a\n"
"number of hosts by using Host-based Access Control.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new host group:\n"
"   ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n"
"\n"
" Add another new host group:\n"
"   ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n"
"\n"
" Add members to the hostgroup (using Bash brace expansion):\n"
"   ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n"
"\n"
" Add a hostgroup as a member of another hostgroup:\n"
"   ipa hostgroup-add-member --hostgroups=baltimore maryland\n"
"\n"
" Remove a host from the hostgroup:\n"
"   ipa hostgroup-remove-member --hosts=box2 baltimore\n"
"\n"
" Display a host group:\n"
"   ipa hostgroup-show baltimore\n"
"\n"
" Add a member manager:\n"
"   ipa hostgroup-add-member-manager --users=user1 baltimore\n"
"\n"
" Remove a member manager\n"
"   ipa hostgroup-remove-member-manager --users=user1 baltimore\n"
"\n"
" Delete a hostgroup:\n"
"   ipa hostgroup-del baltimore\n"
msgstr ""

msgid "host groups"
msgstr ""

msgid "Host Group"
msgstr ""

#, python-format
msgid "Added hostgroup \"%(value)s\""
msgstr ""

#, python-format
msgid ""
"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a "
"common namespace"
msgstr ""

#, python-format
msgid "Deleted hostgroup \"%(value)s\""
msgstr ""

msgid "hostgroup"
msgstr ""

msgid "privileged hostgroup"
msgstr ""

#, python-format
msgid "Modified hostgroup \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d hostgroup matched"
msgid_plural "%(count)d hostgroups matched"
msgstr[0] ""
msgstr[1] ""

msgid "Add users that can manage members of this hostgroup."
msgstr ""

msgid "Remove users that can manage members of this hostgroup."
msgstr ""

#, python-format
msgid ""
"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry "
"'%s'."
msgstr ""

msgid "REST API is not logged in."
msgstr ""

#, python-format
msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s"
msgstr ""

msgid "Unable to communicate with CMS"
msgstr ""

msgid "Response from CA was not valid JSON"
msgstr ""

msgid ""
"\n"
"Set a user's password\n"
"\n"
"If someone other than a user changes that user's password (e.g., Helpdesk\n"
"resets it) then the password will need to be changed the first time it\n"
"is used. This is so the end-user is the only one who knows the password.\n"
"\n"
"The IPA password policy controls how often a password may be changed,\n"
"what strength requirements exist, and the length of the password history.\n"
"\n"
"If the user authentication method is set to password+OTP, the user should\n"
"pass the --otp option when resetting the password.\n"
"\n"
"EXAMPLES:\n"
"\n"
" To reset your own password:\n"
"   ipa passwd\n"
"\n"
" To reset your own password when password+OTP is set as authentication "
"method:\n"
"   ipa passwd --otp\n"
"\n"
" To change another user's password:\n"
"   ipa passwd tuser1\n"
msgstr ""

msgid "The OTP if the user has a token configured"
msgstr ""

#, python-format
msgid "Changed password for \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Permissions\n"
msgstr ""

msgid ""
"\n"
"A permission enables fine-grained delegation of rights. A permission is\n"
"a human-readable wrapper around a 389-ds Access Control Rule,\n"
"or instruction (ACI).\n"
"A permission grants the right to perform a specific task such as adding a\n"
"user, modifying a group, etc.\n"
msgstr ""

msgid ""
"\n"
"A permission may not contain other permissions.\n"
msgstr ""

msgid ""
"\n"
"* A permission grants access to read, write, add, delete, read, search,\n"
"  or compare.\n"
"* A privilege combines similar permissions (for example all the permissions\n"
"  needed to add a user).\n"
"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n"
msgstr ""

msgid ""
"\n"
"A permission is made up of a number of different parts:\n"
"\n"
"1. The name of the permission.\n"
"2. The target of the permission.\n"
"3. The rights granted by the permission.\n"
msgstr ""

msgid ""
"\n"
"Rights define what operations are allowed, and may be one or more\n"
"of the following:\n"
"1. write - write one or more attributes\n"
"2. read - read one or more attributes\n"
"3. search - search on one or more attributes\n"
"4. compare - compare one or more attributes\n"
"5. add - add a new entry to the tree\n"
"6. delete - delete an existing entry\n"
"7. all - all permissions are granted\n"
msgstr ""

msgid ""
"\n"
"Note the distinction between attributes and entries. The permissions are\n"
"independent, so being able to add a user does not mean that the user will\n"
"be editable.\n"
msgstr ""

msgid ""
"\n"
"There are a number of allowed targets:\n"
"1. subtree: a DN; the permission applies to the subtree under this DN\n"
"2. target filter: an LDAP filter\n"
"3. target: DN with possible wildcards, specifies entries permission applies "
"to\n"
msgstr ""

msgid ""
"\n"
"Additionally, there are the following convenience options.\n"
"Setting one of these options will set the corresponding attribute(s).\n"
"1. type: a type of object (user, group, etc); sets subtree and target "
"filter.\n"
"2. memberof: apply to members of a group; sets target filter\n"
"3. targetgroup: grant access to modify a specific group (such as granting\n"
"   the rights to manage group membership); sets target.\n"
msgstr ""

msgid ""
"\n"
"Managed permissions\n"
msgstr ""

msgid ""
"\n"
"Permissions that come with IPA by default can be so-called \"managed\"\n"
"permissions. These have a default set of attributes they apply to,\n"
"but the administrator can add/remove individual attributes to/from the set.\n"
msgstr ""

msgid ""
"\n"
"Deleting or renaming a managed permission, as well as changing its target,\n"
"is not allowed.\n"
msgstr ""

msgid ""
"\n"
" Add a permission that grants the creation of users:\n"
"   ipa permission-add --type=user --permissions=add \"Add Users\"\n"
msgstr ""

msgid ""
"\n"
" Add a permission that grants the ability to manage group membership:\n"
"   ipa permission-add --attrs=member --permissions=write --type=group "
"\"Manage Group Members\"\n"
msgstr ""

msgid "must be enclosed in parentheses"
msgstr ""

#, python-format
msgid "\"%s\" is not an object type"
msgstr ""

#, python-format
msgid "\"%s\" is not a valid permission type"
msgstr ""

#, fuzzy, python-format
msgid "Deprecated; use %s"
msgstr "वापरात नसलेले पर्याय"

msgid "ACI"
msgstr ""

#, python-format
msgid "Permission with unknown flag %s may not be modified or removed"
msgstr ""

msgid "A SYSTEM permission may not be modified or removed"
msgstr ""

#, python-format
msgid "Entry %s not found"
msgstr ""

#, python-format
msgid "The ACI for permission %(name)s was not found in %(dn)s "
msgstr ""

msgid ""
"cannot specify full target filter and extra target filter simultaneously"
msgstr ""

#, python-format
msgid "option was renamed; use %s"
msgstr ""

#, python-format
msgid "Cannot use %(old_name)s with %(new_name)s"
msgstr ""

#, python-format
msgid "%s: group not found"
msgstr ""

msgid "target and targetgroup are mutually exclusive"
msgstr ""

msgid "subtree and type are mutually exclusive"
msgstr ""

msgid "Bad search filter"
msgstr ""

#, python-format
msgid "Entry %s does not exist"
msgstr ""

msgid ""
"there must be at least one target entry specifier (e.g. target, "
"targetfilter, attrs)"
msgstr ""

#, python-format
msgid "Added permission \"%(value)s\""
msgstr ""

msgid "attrs and included attributes are mutually exclusive"
msgstr ""

#, python-format
msgid "Cannot store permission ACI to %s"
msgstr ""

#, python-format
msgid "Deleted permission \"%(value)s\""
msgstr ""

msgid "cannot delete managed permissions"
msgstr ""

#, python-format
msgid "ACI of permission %s was not found"
msgstr ""

#, python-format
msgid "Modified permission \"%(value)s\""
msgstr ""

msgid "cannot rename managed permissions"
msgstr ""

msgid "not modifiable on managed permissions"
msgstr ""

msgid "only available on managed permissions"
msgstr ""

msgid "attrs and included/excluded attributes are mutually exclusive"
msgstr ""

msgid "cannot set bindtype for a permission that is assigned to a privilege"
msgstr ""

#, python-format
msgid "%(count)d permission matched"
msgid_plural "%(count)d permissions matched"
msgstr[0] ""
msgstr[1] ""

#, python-brace-format
msgid "{role}: role not found"
msgstr ""

#, python-brace-format
msgid "{attr}: no such attribute"
msgstr ""

msgid ""
"\n"
"Session Support for IPA\n"
msgstr ""

msgid "Internationalization messages"
msgstr ""

msgid "Your session has expired. Please log in again."
msgstr ""

msgid "Apply"
msgstr ""

msgid "Rebuild auto membership"
msgstr ""

msgid "Are you sure you want to rebuild auto membership?"
msgstr ""

msgid "Automember rebuild membership task completed"
msgstr ""

msgid "Are you sure you want to proceed with the action?"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to delete ${object}?"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to disable ${object}?"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to enable ${object}?"
msgstr ""

msgid "Actions"
msgstr ""

msgid "Add"
msgstr ""

#, python-brace-format
msgid "${count} item(s) added"
msgstr ""

msgid "Direct Membership"
msgstr ""

#, python-brace-format
msgid "Filter available ${other_entity}"
msgstr ""

msgid "Indirect Membership"
msgstr ""

msgid "No entries."
msgstr ""

#, python-brace-format
msgid "Showing ${start} to ${end} of ${total} entries."
msgstr ""

msgid "Remove"
msgstr ""

#, python-brace-format
msgid "${count} item(s) removed"
msgstr ""

msgid "Show Results"
msgstr ""

msgid "Authentication indicators"
msgstr ""

msgid "Authentication indicator"
msgstr ""

msgid ""
"<p>Implicit method (password) will be used if no method is chosen.</"
"p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow "
"authentication with either one of the authentication types but Kerberos uses "
"pre-authentication method which requires to use armor ccache.</"
"p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, "
"but LDAP never does. LDAP only recognize the password and two-factor "
"authentication options.</p>"
msgstr ""

msgid "Add Custom Authentication Indicator"
msgstr ""

msgid "Two factor authentication (password + OTP)"
msgstr ""

msgid "RADIUS"
msgstr ""

msgid "PKINIT"
msgstr ""

msgid "Hardened Password (by SPAKE or FAST)"
msgstr ""

msgid "Disable per-user override"
msgstr ""

msgid ""
"<p>Per-user setting, overwrites the global setting if any option is checked."
"</p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow "
"authentication with either one of the authentication types but Kerberos uses "
"pre-authentication method which requires to use armor ccache.</"
"p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, "
"but LDAP never does. LDAP only recognize the password and two-factor "
"authentication options.</p>"
msgstr ""

msgid "About"
msgstr ""

msgid "Activate"
msgstr ""

msgid "Add and Add Another"
msgstr ""

msgid "Add and Close"
msgstr ""

msgid "Add and Edit"
msgstr ""

msgid "Add Many"
msgstr ""

msgid "Back"
msgstr ""

msgid "Cancel"
msgstr ""

msgid "Clear"
msgstr ""

msgid "Clear all fields on the page."
msgstr ""

msgid "Close"
msgstr ""

msgid "Disable"
msgstr ""

msgid "Download"
msgstr ""

msgid "Download certificate as PEM formatted file."
msgstr ""

msgid "Edit"
msgstr ""

msgid "Enable"
msgstr ""

msgid "Find"
msgstr ""

msgid "Get"
msgstr ""

msgid "Hide"
msgstr ""

msgid "Issue"
msgstr ""

msgid "Match"
msgstr ""

msgid "Match users according to certificate."
msgstr ""

msgid "Migrate"
msgstr ""

msgid "OK"
msgstr ""

msgid "Refresh"
msgstr ""

msgid "Reload current settings from the server."
msgstr ""

msgid "Delete"
msgstr ""

msgid "Remove hold"
msgstr ""

msgid "Reset"
msgstr ""

msgid "Reset Password"
msgstr ""

msgid "Reset Password and Log in"
msgstr ""

msgid "Restore"
msgstr ""

msgid "Retry"
msgstr ""

msgid "Revert"
msgstr ""

msgid "Revoke"
msgstr ""

msgid "Save"
msgstr ""

msgid "Set"
msgstr ""

msgid "Show"
msgstr ""

msgid "Stage"
msgstr ""

msgid "Update"
msgstr ""

msgid "View"
msgstr ""

msgid "Customization"
msgstr ""

msgid "Pagination Size"
msgstr ""

msgid "Collapse All"
msgstr ""

msgid "Expand All"
msgstr ""

msgid "General"
msgstr ""

msgid "Identity Settings"
msgstr ""

msgid "Record Settings"
msgstr ""

#, python-brace-format
msgid "${entity} ${primary_key} Settings"
msgstr ""

msgid "Back to Top"
msgstr ""

#, python-brace-format
msgid "${entity} ${primary_key} updated"
msgstr ""

#, python-brace-format
msgid "${entity} successfully added"
msgstr ""

msgid "Add custom value"
msgstr ""

msgid "Available"
msgstr ""

msgid "Some operations failed."
msgstr ""

msgid "Operations Error"
msgstr ""

msgid "Confirmation"
msgstr ""

msgid "Custom value"
msgstr ""

msgid "This page has unsaved changes. Please save or revert."
msgstr ""

msgid "Unsaved Changes"
msgstr ""

#, python-brace-format
msgid "Edit ${entity}"
msgstr ""

msgid "Hide details"
msgstr ""

#, python-brace-format
msgid "${product}, version: ${version}"
msgstr ""

msgid "Prospective"
msgstr ""

msgid "Redirection"
msgstr ""

msgid "Select entries to be removed."
msgstr ""

msgid "Result"
msgstr ""

msgid "Show details"
msgstr ""

msgid "Success"
msgstr ""

msgid "Validation error"
msgstr ""

msgid "Input form contains invalid or missing values."
msgstr ""

msgid "Please try the following options:"
msgstr ""

msgid "If the problem persists please contact the system administrator."
msgstr ""

msgid "Refresh the page."
msgstr ""

msgid "Reload the browser."
msgstr ""

msgid "Return to the main page and retry the operation"
msgstr ""

#, fuzzy, python-brace-format
msgid "An error has occurred (${error})"
msgstr "एक अंतर्गत त्रुटी आली आहे"

msgid "HTTP Error"
msgstr ""

msgid "Internal Error"
msgstr ""

msgid "IPA Error"
msgstr ""

msgid "No response"
msgstr ""

msgid "Unknown Error"
msgstr ""

msgid "URL"
msgstr ""

#, python-brace-format
msgid "${primary_key} is managed by:"
msgstr ""

#, python-brace-format
msgid "${primary_key} members:"
msgstr ""

#, python-brace-format
msgid "${primary_key} is a member of:"
msgstr ""

#, python-brace-format
msgid "${primary_key} member managers:"
msgstr ""

msgid "Settings"
msgstr ""

msgid "Search"
msgstr ""

msgid "False"
msgstr ""

#, python-brace-format
msgid "Allow user groups to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow user groups to retrieve keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow host groups to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow host groups to retrieve keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow hosts to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow hosts to retrieve keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow users to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Allow users to retrieve keytab of '${primary_key}'"
msgstr ""

msgid "Allowed to create keytab"
msgstr ""

msgid "Allowed to retrieve keytab"
msgstr ""

#, python-brace-format
msgid "Disallow user groups to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow user groups to retrieve keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow host groups to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow host groups to retrieve keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow hosts to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow hosts to retrieve keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow users to create keytab of '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Disallow users to retrieve keytab of '${primary_key}'"
msgstr ""

msgid "Add Kerberos Principal Alias"
msgstr ""

msgid "New kerberos principal alias"
msgstr ""

msgid "Remove Kerberos Alias"
msgstr ""

#, python-brace-format
msgid "Do you want to remove kerberos alias ${alias}?"
msgstr ""

msgid "Inherited from server configuration"
msgstr ""

msgid "MS-PAC"
msgstr ""

msgid "Override inherited settings"
msgstr ""

msgid "PAD"
msgstr ""

msgid "Authenticating"
msgstr ""

msgid "Authentication with personal certificate failed"
msgstr ""

msgid ""
"<i class=\"fa fa-info-circle\"></i> To log in with <strong>certificate</"
"strong>, please make sure you have valid personal certificate. "
msgstr ""

msgid "Continue to next page"
msgstr ""

msgid ""
"<i class=\"fa fa-info-circle\"></i> To log in with <strong>username and "
"password</strong>, enter them in the corresponding fields, then click 'Log "
"in'."
msgstr ""

msgid "Login failed due to an unknown reason"
msgstr ""

msgid "Logged In As"
msgstr ""

msgid "Authentication with Kerberos failed"
msgstr ""

#, python-brace-format
msgid ""
"<i class=\"fa fa-info-circle\"></i> To log in with <strong>Kerberos</"
"strong>, please make sure you have valid tickets (obtainable via kinit) and "
"<a href='${protocol}//${host}/ipa/config/ssbrowser.html'>configured</a> the "
"browser correctly, then click 'Log in'."
msgstr ""

msgid "Loading"
msgstr ""

msgid "Kerberos Principal you entered is expired"
msgstr ""

msgid "Loading data"
msgstr ""

msgid "Log in"
msgstr ""

msgid "Log In Using Certificate"
msgstr ""

msgid "Log in using personal certificate"
msgstr ""

msgid "Log out"
msgstr ""

msgid "Log out error"
msgstr ""

msgid "Password or Password+One-Time Password"
msgstr ""

#, python-brace-format
msgid "You will be redirected in ${count}s"
msgstr ""

msgid "Sync OTP Token"
msgstr ""

msgid "Synchronizing"
msgstr ""

msgid "The user account you entered is locked"
msgstr ""

msgid "number of passwords"
msgstr ""

msgid "seconds"
msgstr ""

msgid "Migrating"
msgstr ""

msgid "There was a problem with your request. Please, try again later."
msgstr ""

msgid "Password migration was not successful"
msgstr ""

msgid ""
"<h1>Password Migration</h1><p>If you have been sent here by your "
"administrator, your personal information is being migrated to a new identity "
"management solution (IPA).</p><p>Please, enter your credentials in the form "
"to complete the process. Upon successful login your kerberos account will be "
"activated.</p>"
msgstr ""

msgid "The password or username you entered is incorrect"
msgstr ""

msgid "Password migration was successful"
msgstr ""

msgid "Attribute"
msgstr ""

msgid "Add delegation"
msgstr ""

msgid "Remove delegations"
msgstr ""

msgid "Add permission"
msgstr ""

#, python-brace-format
msgid "Add privileges into permission '${primary_key}'"
msgstr ""

msgid "Remove permissions"
msgstr ""

#, python-brace-format
msgid "Remove privileges from permission '${primary_key}'"
msgstr ""

msgid "Add privilege"
msgstr ""

#, python-brace-format
msgid "Add privilege '${primary_key}' into permissions"
msgstr ""

#, python-brace-format
msgid "Add roles into privilege '${primary_key}'"
msgstr ""

msgid "Remove privileges"
msgstr ""

#, python-brace-format
msgid "Remove privilege '${primary_key}' from permissions"
msgstr ""

#, python-brace-format
msgid "Remove roles from privilege '${primary_key}'"
msgstr ""

msgid "Role Settings"
msgstr ""

msgid "Add role"
msgstr ""

#, python-brace-format
msgid "Add user groups into role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add hosts into role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add role '${primary_key}' into privileges"
msgstr ""

#, python-brace-format
msgid "Add services into role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into role '${primary_key}'"
msgstr ""

msgid "Remove roles"
msgstr ""

#, python-brace-format
msgid "Remove role '${primary_key}' from privileges"
msgstr ""

#, python-brace-format
msgid "Remove user groups from role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove hosts from role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove services from role '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from role '${primary_key}'"
msgstr ""

msgid "Add self service permission"
msgstr ""

msgid "Remove self service permissions"
msgstr ""

msgid "Add rule"
msgstr ""

#, python-brace-format
msgid "Add inclusive condition into '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add exclusive condition into '${primary_key}'"
msgstr ""

msgid "Are you sure you want to change default group?"
msgstr ""

msgid "Default host group"
msgstr ""

msgid "Default user group"
msgstr ""

msgid "Exclusive"
msgstr ""

msgid "Expression"
msgstr ""

msgid "Host group rule"
msgstr ""

msgid "Host group rules"
msgstr ""

msgid "Inclusive"
msgstr ""

msgid "Remove auto membership rules"
msgstr ""

#, python-brace-format
msgid "Remove exclusive conditions from rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove inclusive conditions from rule '${primary_key}'"
msgstr ""

msgid "User group rule"
msgstr ""

msgid "User group rules"
msgstr ""

msgid "Add automount key"
msgstr ""

msgid "Remove automount keys"
msgstr ""

msgid "Add automount location"
msgstr ""

msgid "Automount Location Settings"
msgstr ""

msgid "Remove automount locations"
msgstr ""

msgid "Add automount map"
msgstr ""

msgid "Map Type"
msgstr ""

msgid "Direct"
msgstr ""

msgid "Indirect"
msgstr ""

msgid "Remove automount maps"
msgstr ""

msgid "Add certificate authority"
msgstr ""

msgid "Remove certificate authorities"
msgstr ""

msgid "Add CA ACL"
msgstr ""

#, python-brace-format
msgid "Add Certificate Authorities into CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add user groups into CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add hosts into CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add certificate profiles into CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add services into CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into CA ACL '${primary_key}'"
msgstr ""

msgid "All"
msgstr ""

msgid "Any CA"
msgstr ""

msgid "Any Host"
msgstr ""

msgid "Any Service"
msgstr ""

msgid "Any Profile"
msgstr ""

msgid "Anyone"
msgstr ""

msgid "Rule status"
msgstr ""

msgid "If no CAs are specified, requests to the default CA are allowed."
msgstr ""

msgid "Remove CA ACLs"
msgstr ""

#, python-brace-format
msgid "Remove Certificate Authorities from CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove user groups from CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove hosts from CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove certificate profiles from CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove services from CA ACL '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from CA ACL '${primary_key}'"
msgstr ""

msgid "Specified CAs"
msgstr ""

msgid "Specified Hosts and Groups"
msgstr ""

msgid "Specified Profiles"
msgstr ""

msgid "Specified Services and Groups"
msgstr ""

msgid "Specified Users and Groups"
msgstr ""

msgid "Permitted to have certificates issued"
msgstr ""

msgid "Remove certificate profiles"
msgstr ""

msgid "AA Compromise"
msgstr ""

msgid "Add principal"
msgstr ""

msgid "Affiliation Changed"
msgstr ""

msgid "CA"
msgstr ""

msgid "CA Compromise"
msgstr ""

msgid "Certificates"
msgstr ""

msgid "Certificate Hold"
msgstr ""

msgid "Cessation of Operation"
msgstr ""

#, fuzzy
msgid "Common Name"
msgstr "आदेशाचे नाव "

msgid "the certificate with serial number "
msgstr ""

msgid "Expires On"
msgstr ""

msgid "Issued on from"
msgstr ""

msgid "Issued on to"
msgstr ""

msgid "Maximum serial number"
msgstr ""

msgid "Minimum serial number"
msgstr ""

msgid "Revoked on from"
msgstr ""

msgid "Revoked on to"
msgstr ""

msgid "Valid not after from"
msgstr ""

msgid "Valid not after to"
msgstr ""

msgid "Valid not before from"
msgstr ""

msgid "Valid not before to"
msgstr ""

msgid "Fingerprints"
msgstr ""

msgid "Get Certificate"
msgstr ""

msgid "Certificate Hold Removed"
msgstr ""

#, python-brace-format
msgid "Issue new certificate for host '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Issue new certificate for service '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Issue new certificate for user '${primary_key}'"
msgstr ""

msgid "Issue new certificate"
msgstr ""

msgid "Issued By"
msgstr ""

msgid "Issued On"
msgstr ""

msgid "Issued To"
msgstr ""

msgid "Key Compromise"
msgstr ""

msgid "No Valid Certificate"
msgstr ""

msgid "New Certificate"
msgstr ""

msgid "Certificate in base64 or PEM format"
msgstr ""

msgid "Note"
msgstr ""

msgid "Organization"
msgstr ""

msgid "Organizational Unit"
msgstr ""

#, python-brace-format
msgid "${count} certificate(s) present"
msgstr ""

msgid "Privilege Withdrawn"
msgstr ""

msgid "Reason for Revocation"
msgstr ""

msgid "Remove certificate hold"
msgstr ""

msgid "Do you want to remove the certificate hold?"
msgstr ""

msgid "Remove from CRL"
msgstr ""

#, python-brace-format
msgid ""
"<ol> <li>Create a certificate database or use an existing one. To create a "
"new database:<br/> <code># certutil -N -d &lt;database path&gt;</code> </li> "
"<li>Create a CSR with subject <em>CN=&lt;${cn_name}&gt;,O=&lt;realm&gt;</"
"em>, for example:<br/> <code># certutil -R -d &lt;database path&gt; -a -g "
"&lt;key size&gt; -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and "
"paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to "
"<em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </"
"li> </ol>"
msgstr ""

#, python-brace-format
msgid " -8 '${cn}'"
msgstr ""

msgid "Certificate requested"
msgstr ""

msgid "Revoke certificate"
msgstr ""

msgid ""
"Do you want to revoke this certificate? Select a reason from the pull-down "
"list."
msgstr ""

msgid "Certificate Revoked"
msgstr ""

msgid "REVOKED"
msgstr ""

msgid "SHA1 Fingerprint"
msgstr ""

msgid "SHA256 Fingerprint"
msgstr ""

msgid "Superseded"
msgstr ""

msgid "Unspecified"
msgstr ""

msgid "Valid Certificate Present"
msgstr ""

msgid "Valid from"
msgstr ""

msgid "Valid to"
msgstr ""

msgid "Validity"
msgstr ""

#, python-brace-format
msgid "Certificate for ${entity} ${primary_key}"
msgstr ""

msgid "View Certificate"
msgstr ""

msgid "Certificate Data"
msgstr ""

msgid "Certificate For Match"
msgstr ""

msgid "Certificate Mapping Match"
msgstr ""

msgid "Matched Users"
msgstr ""

msgid "User Login"
msgstr ""

msgid "Add certificate identity mapping rule"
msgstr ""

msgid "Add certificate mapping data"
msgstr ""

msgid "Certificate mapping data"
msgstr ""

msgid "Configuration string"
msgstr ""

#, python-brace-format
msgid "Do you want to remove certificate mapping data ${data}?"
msgstr ""

msgid "Remove certificate mapping data"
msgstr ""

msgid "Issuer and subject"
msgstr ""

msgid "Remove certificate identity mapping rules"
msgstr ""

msgid "Group Options"
msgstr ""

#, fuzzy
msgid "Search Options"
msgstr "वापरात नसलेले पर्याय"

msgid "SELinux Options"
msgstr ""

#, fuzzy
msgid "Server Options"
msgstr "वापरात नसलेले पर्याय"

#, fuzzy
msgid "Service Options"
msgstr "वापरात नसलेले पर्याय"

#, fuzzy
msgid "User Options"
msgstr "वापरात नसलेले पर्याय"

msgid "Forward first"
msgstr ""

msgid "Forwarding disabled"
msgstr ""

msgid "Forward only"
msgstr ""

msgid "Options"
msgstr ""

msgid "Update System DNS Records"
msgstr ""

msgid "Do you want to update system DNS records?"
msgstr ""

msgid "System DNS records updated"
msgstr ""

msgid "Add DNS forward zone"
msgstr ""

msgid "Remove DNS forward zones"
msgstr ""

msgid "Add DNS resource record"
msgstr ""

msgid "DNS record was deleted because it contained no data."
msgstr ""

msgid "Other Record Types"
msgstr ""

msgid "Address not valid, can't redirect"
msgstr ""

msgid "Create dns record"
msgstr ""

msgid "Creating record."
msgstr ""

msgid "Record creation failed."
msgstr ""

msgid "Checking if record exists."
msgstr ""

msgid "Record not found."
msgstr ""

msgid "Redirection to PTR record"
msgstr ""

#, python-brace-format
msgid "Zone found: ${zone}"
msgstr ""

msgid "Target reverse zone not found."
msgstr ""

msgid "Fetching DNS zones."
msgstr ""

msgid "An error occurred while fetching dns zones."
msgstr ""

msgid "You will be redirected to DNS Zone."
msgstr ""

msgid "Remove DNS resource records"
msgstr ""

msgid "Standard Record Types"
msgstr ""

msgid "Records for DNS Zone"
msgstr ""

msgid "Record Type"
msgstr ""

msgid "Add DNS zone"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to add permission for DNS Zone ${object}?"
msgstr ""

msgid "DNS Zone Settings"
msgstr ""

msgid "Remove DNS zones"
msgstr ""

msgid "Remove Permission"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to remove permission for DNS Zone ${object}?"
msgstr ""

msgid "Skip DNS check"
msgstr ""

msgid "Skip overlap check"
msgstr ""

msgid "Do you want to check if new authoritative nameserver address is in DNS"
msgstr ""

msgid "Authoritative nameserver change"
msgstr ""

msgid "Level"
msgstr ""

msgid "Set Domain Level"
msgstr ""

msgid "Add user group"
msgstr ""

#, python-brace-format
msgid "Add user groups into user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add user group '${primary_key}' into user groups"
msgstr ""

#, python-brace-format
msgid "Add user group '${primary_key}' into HBAC rules"
msgstr ""

#, python-brace-format
msgid "Add user group '${primary_key}' into netgroups"
msgstr ""

#, python-brace-format
msgid "Add user group '${primary_key}' into roles"
msgstr ""

#, python-brace-format
msgid "Add user group '${primary_key}' into sudo rules"
msgstr ""

#, python-brace-format
msgid "Add services into user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add groups as member managers for user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove groups from member managers for user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users as member managers for user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from member managers for user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add user ID override into user group '${primary_key}'"
msgstr ""

msgid "Group Settings"
msgstr ""

msgid "External"
msgstr ""

msgid "Groups"
msgstr ""

msgid "Group categories"
msgstr ""

msgid "Change to external group"
msgstr ""

msgid "Change to POSIX group"
msgstr ""

msgid "Non-POSIX"
msgstr ""

msgid "POSIX"
msgstr ""

msgid "Remove user groups"
msgstr ""

#, python-brace-format
msgid "Remove user group '${primary_key}' from user groups"
msgstr ""

#, python-brace-format
msgid "Remove user group '${primary_key}' from netgroups"
msgstr ""

#, python-brace-format
msgid "Remove user group '${primary_key}' from roles"
msgstr ""

#, python-brace-format
msgid "Remove user group '${primary_key}' from HBAC rules"
msgstr ""

#, python-brace-format
msgid "Remove user group '${primary_key}' from sudo rules"
msgstr ""

#, python-brace-format
msgid "Remove user groups from user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove services from user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from user group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove user ID overrides from user group '${primary_key}'"
msgstr ""

msgid "Group Type"
msgstr ""

msgid "Add HBAC rule"
msgstr ""

#, python-brace-format
msgid "Add user groups into HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add hosts into HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add HBAC service groups into HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add HBAC services into HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into HBAC rule '${primary_key}'"
msgstr ""

msgid "Accessing"
msgstr ""

msgid "Remove HBAC rules"
msgstr ""

#, python-brace-format
msgid "Remove user groups from HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove hosts from HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove HBAC service groups from HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove HBAC services from HBAC rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from HBAC rule '${primary_key}'"
msgstr ""

msgid "Via Service"
msgstr ""

msgid "Who"
msgstr ""

msgid "Add HBAC service"
msgstr ""

#, python-brace-format
msgid "Add HBAC service '${primary_key}' into HBAC service groups"
msgstr ""

msgid "Remove HBAC services"
msgstr ""

#, python-brace-format
msgid "Remove HBAC service '${primary_key}' from HBAC service groups"
msgstr ""

msgid "Add HBAC service group"
msgstr ""

#, python-brace-format
msgid "Add HBAC services into HBAC service group '${primary_key}'"
msgstr ""

msgid "Remove HBAC service groups"
msgstr ""

#, python-brace-format
msgid "Remove HBAC services from HBAC service group '${primary_key}'"
msgstr ""

msgid "Access Denied"
msgstr ""

msgid "Access Granted"
msgstr ""

msgid "Include Disabled"
msgstr ""

msgid "Include Enabled"
msgstr ""

msgid "HBAC Test"
msgstr ""

msgid "Matched"
msgstr ""

msgid "Missing values: "
msgstr ""

msgid "New Test"
msgstr ""

msgid "Rules"
msgstr ""

msgid "Run Test"
msgstr ""

#, python-brace-format
msgid "Specify external ${entity}"
msgstr ""

msgid "Unmatched"
msgstr ""

msgid "Add host"
msgstr ""

#, python-brace-format
msgid "Add hosts managing host '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host '${primary_key}' into host groups"
msgstr ""

#, python-brace-format
msgid "Add host '${primary_key}' into HBAC rules"
msgstr ""

#, python-brace-format
msgid "Add host '${primary_key}' into netgroups"
msgstr ""

#, python-brace-format
msgid "Add host '${primary_key}' into roles"
msgstr ""

#, python-brace-format
msgid "Add host '${primary_key}' into sudo rules"
msgstr ""

msgid "Host Certificate"
msgstr ""

msgid "Host Name"
msgstr ""

msgid "Delete Key, Unprovision"
msgstr ""

msgid "Host Settings"
msgstr ""

msgid "Enrolled"
msgstr ""

msgid "Enrollment"
msgstr ""

msgid "Fully Qualified Host Name"
msgstr ""

msgid "Generate OTP"
msgstr ""

msgid "Generated OTP"
msgstr ""

msgid "Kerberos Key"
msgstr ""

msgid "Kerberos Key Not Present"
msgstr ""

msgid "Kerberos Key Present, Host Provisioned"
msgstr ""

msgid "One-Time Password"
msgstr ""

msgid "One-Time Password Not Present"
msgstr ""

msgid "One-Time Password Present"
msgstr ""

msgid "Reset OTP"
msgstr ""

msgid "Reset One-Time Password"
msgstr ""

msgid "Set OTP"
msgstr ""

msgid "OTP set"
msgstr ""

msgid "Set One-Time Password"
msgstr ""

msgid "Remove hosts"
msgstr ""

#, python-brace-format
msgid "Remove hosts managing host '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host '${primary_key}' from host groups"
msgstr ""

#, python-brace-format
msgid "Remove host '${primary_key}' from netgroups"
msgstr ""

#, python-brace-format
msgid "Remove host '${primary_key}' from roles"
msgstr ""

#, python-brace-format
msgid "Remove host '${primary_key}' from HBAC rules"
msgstr ""

#, python-brace-format
msgid "Remove host '${primary_key}' from sudo rules"
msgstr ""

msgid "Unprovision"
msgstr ""

msgid "Are you sure you want to unprovision this host?"
msgstr ""

msgid "Unprovisioning host"
msgstr ""

msgid "Host unprovisioned"
msgstr ""

msgid "Add host group"
msgstr ""

#, python-brace-format
msgid "Add hosts into host group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into host group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host group '${primary_key}' into host groups"
msgstr ""

#, python-brace-format
msgid "Add host group '${primary_key}' into HBAC rules"
msgstr ""

#, python-brace-format
msgid "Add host group '${primary_key}' into netgroups"
msgstr ""

#, python-brace-format
msgid "Add host group '${primary_key}' into sudo rules"
msgstr ""

#, python-brace-format
msgid "Add groups as member managers for host group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove groups from member managers for host group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users as member managers for host group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from member managers for host group '${primary_key}'"
msgstr ""

msgid "Host Group Settings"
msgstr ""

msgid "Remove host groups"
msgstr ""

#, python-brace-format
msgid "Remove host group '${primary_key}' from host groups"
msgstr ""

#, python-brace-format
msgid "Remove host group '${primary_key}' from netgroups"
msgstr ""

#, python-brace-format
msgid "Remove host group '${primary_key}' from HBAC rules"
msgstr ""

#, python-brace-format
msgid "Remove host group '${primary_key}' from sudo rules"
msgstr ""

#, python-brace-format
msgid "Remove hosts from host group '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from host group '${primary_key}'"
msgstr ""

msgid "User to override"
msgstr ""

msgid ""
"Enter trusted or IPA user login. Note: search doesn't list users from "
"trusted domains."
msgstr ""

msgid "Enter trusted user login."
msgstr ""

msgid "Profile"
msgstr ""

msgid "Group to override"
msgstr ""

msgid ""
"Enter trusted or IPA group name. Note: search doesn't list groups from "
"trusted domains."
msgstr ""

msgid "Enter trusted group name."
msgstr ""

msgid "Add ID view"
msgstr ""

msgid "Add group ID override"
msgstr ""

msgid "Add user ID override"
msgstr ""

#, python-brace-format
msgid "${primary_key} applies to:"
msgstr ""

msgid "Applied to hosts"
msgstr ""

msgid "Apply to host groups"
msgstr ""

#, python-brace-format
msgid "Apply ID view '${primary_key}' on hosts of host groups"
msgstr ""

msgid "Apply to hosts"
msgstr ""

#, python-brace-format
msgid "Apply ID view '${primary_key}' on hosts"
msgstr ""

#, python-brace-format
msgid "${primary_key} overrides:"
msgstr ""

msgid "Remove ID views"
msgstr ""

msgid "Remove user ID overrides"
msgstr ""

msgid "Remove group ID overrides"
msgstr ""

msgid "Un-apply from host groups"
msgstr ""

msgid "Un-apply ID Views from hosts of hostgroups"
msgstr ""

msgid "Un-apply"
msgstr ""

msgid "Un-apply from hosts"
msgstr ""

msgid "Un-apply ID Views from hosts"
msgstr ""

msgid "Are you sure you want to un-apply ID view from selected entries?"
msgstr ""

#, python-brace-format
msgid "Un-apply ID view '${primary_key}' from hosts"
msgstr ""

msgid "Kerberos Ticket Policy"
msgstr ""

msgid "Add netgroup"
msgstr ""

#, python-brace-format
msgid "Add netgroup '${primary_key}' into netgroups"
msgstr ""

#, python-brace-format
msgid "Add netgroups into netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add user groups into netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add hosts into netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into netgroup '${primary_key}'"
msgstr ""

msgid "Host"
msgstr ""

msgid "Netgroup Settings"
msgstr ""

msgid "Netgroups"
msgstr ""

msgid "Remove netgroups"
msgstr ""

#, python-brace-format
msgid "Remove netgroup '${primary_key}' from netgroups"
msgstr ""

#, python-brace-format
msgid "Remove user groups from netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove hosts from netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove netgroups from netgroup '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from netgroup '${primary_key}'"
msgstr ""

msgid "Add OTP token"
msgstr ""

#, python-brace-format
msgid "Add users managing OTP token '${primary_key}'"
msgstr ""

#, python-brace-format
msgid ""
"You can use <a href=\"${link}\" target=\"_blank\">FreeOTP<a/> as a software "
"OTP token application."
msgstr ""

msgid "Configure your token"
msgstr ""

msgid ""
"Configure your token by scanning the QR code below. Click on the QR code if "
"you see this on the device you want to configure."
msgstr ""

msgid "OTP Token Settings"
msgstr ""

msgid "Disable token"
msgstr ""

msgid "Enable token"
msgstr ""

msgid "Remove OTP tokens"
msgstr ""

#, python-brace-format
msgid "Remove users managing OTP token '${primary_key}'"
msgstr ""

msgid "Show QR code"
msgstr ""

msgid "Show configuration uri"
msgstr ""

msgid "Counter-based (HOTP)"
msgstr ""

msgid "Time-based (TOTP)"
msgstr ""

msgid "Add Custom Attribute"
msgstr ""

msgid "Permission settings"
msgstr ""

msgid "Attribute breakdown"
msgstr ""

msgid "Privilege Settings"
msgstr ""

msgid "Public key:"
msgstr ""

msgid "Set public key"
msgstr ""

msgid "Show/Set key"
msgstr ""

msgid "Modified: key not set"
msgstr ""

msgid "Modified"
msgstr ""

msgid "New: key not set"
msgstr ""

msgid "New: key set"
msgstr ""

msgid "Add password policy"
msgstr ""

msgid "Remove password policies"
msgstr ""

msgid "Add ID range"
msgstr ""

msgid "Range Settings"
msgstr ""

msgid "Base ID"
msgstr ""

msgid "Primary RID base"
msgstr ""

msgid "Range size"
msgstr ""

msgid "Domain SID"
msgstr ""

msgid "Secondary RID base"
msgstr ""

msgid "Remove ID ranges"
msgstr ""

msgid "Active Directory domain"
msgstr ""

msgid "Active Directory domain with POSIX attributes"
msgstr ""

msgid "Detect"
msgstr ""

msgid "Local domain"
msgstr ""

msgid "IPA trust"
msgstr ""

msgid "Active Directory winsync"
msgstr ""

msgid "Add RADIUS server"
msgstr ""

msgid "RADIUS Proxy Server Settings"
msgstr ""

msgid "Remove RADIUS servers"
msgstr ""

msgid "Check DNS"
msgstr ""

msgid "Do you also want to perform DNS check?"
msgstr ""

msgid "Force Update"
msgstr ""

msgid "Add SELinux user map"
msgstr ""

#, python-brace-format
msgid "Add user groups into SELinux user map '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into SELinux user map '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add hosts into SELinux user map '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into SELinux user map '${primary_key}'"
msgstr ""

msgid "Remove selinux user maps"
msgstr ""

#, python-brace-format
msgid "Remove user groups from SELinux user map '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from SELinux user map '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove hosts from SELinux user map '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from SELinux user map '${primary_key}'"
msgstr ""

msgid "Server Roles"
msgstr ""

msgid "Server Role"
msgstr ""

msgid "Warning: Consider service replication"
msgstr ""

msgid ""
"It is strongly recommended to keep the following services installed on more "
"than one server:"
msgstr ""

msgid "Delete Server"
msgstr ""

msgid ""
"Deleting a server removes it permanently from the topology. Note that this "
"is a non-reversible action."
msgstr ""

msgid "Add service"
msgstr ""

#, python-brace-format
msgid "Add hosts managing service '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add service '${primary_key}' into roles"
msgstr ""

msgid "Service Certificate"
msgstr ""

msgid "Service Settings"
msgstr ""

msgid "Provisioning"
msgstr ""

msgid "Remove services"
msgstr ""

#, python-brace-format
msgid "Remove service '${primary_key}' from roles"
msgstr ""

#, python-brace-format
msgid "Remove hosts managing service '${primary_key}'"
msgstr ""

msgid "Are you sure you want to unprovision this service?"
msgstr ""

msgid "Unprovisioning service"
msgstr ""

msgid "Service unprovisioned"
msgstr ""

msgid "Kerberos Key Present, Service Provisioned"
msgstr ""

msgid "SSH public keys"
msgstr ""

msgid "SSH public key:"
msgstr ""

msgid "Set SSH key"
msgstr ""

msgid "Are you sure you want to activate selected users?"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to activate ${object}?"
msgstr ""

#, python-brace-format
msgid "${count} user(s) activated"
msgstr ""

msgid "Add stage user"
msgstr ""

msgid "Stage users"
msgstr ""

msgid "Preserved users"
msgstr ""

msgid "Remove preserved users"
msgstr ""

msgid "Remove stage users"
msgstr ""

msgid "Are you sure you want to stage selected users?"
msgstr ""

#, python-brace-format
msgid "${count} users(s) staged"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to stage ${object}?"
msgstr ""

msgid "Are you sure you want to restore selected users?"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to restore ${object}?"
msgstr ""

#, python-brace-format
msgid "${count} user(s) restored"
msgstr ""

msgid "User categories"
msgstr ""

msgid "Add sudo command"
msgstr ""

#, python-brace-format
msgid "Add sudo command '${primary_key}' into sudo command groups"
msgstr ""

msgid "Remove sudo commands"
msgstr ""

#, python-brace-format
msgid "Remove sudo command '${primary_key}' from sudo command groups"
msgstr ""

msgid "Add sudo command group"
msgstr ""

#, python-brace-format
msgid "Add sudo commands into sudo command group '${primary_key}'"
msgstr ""

msgid "Remove sudo command groups"
msgstr ""

#, python-brace-format
msgid "Remove sudo commands from sudo command group '${primary_key}'"
msgstr ""

msgid "Add sudo rule"
msgstr ""

msgid "Add sudo option"
msgstr ""

#, python-brace-format
msgid "Add allow sudo commands into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add allow sudo command groups into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add deny sudo commands into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add deny sudo command groups into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add user groups into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add host groups into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add hosts into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add RunAs users into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add RunAs user groups into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add RunAs groups into sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into sudo rule '${primary_key}'"
msgstr ""

msgid "Allow"
msgstr ""

#, fuzzy
msgid "Any Command"
msgstr "आदेशाचे नाव "

msgid "Any Group"
msgstr ""

msgid "Run Commands"
msgstr ""

msgid "Deny"
msgstr ""

msgid "Access this host"
msgstr ""

msgid "Option added"
msgstr ""

#, python-brace-format
msgid "${count} option(s) removed"
msgstr ""

msgid "Remove sudo rules"
msgstr ""

#, python-brace-format
msgid "Remove allow sudo commands from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove allow sudo command groups from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove deny sudo commands from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove deny sudo command groups from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove user groups from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove host groups from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove hosts from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove RunAs users from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove RunAs user groups from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove RunAs groups from sudo rule '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from sudo rule '${primary_key}'"
msgstr ""

msgid "As Whom"
msgstr ""

msgid "Specified Commands and Groups"
msgstr ""

msgid "Specified Groups"
msgstr ""

msgid "Remove sudo options"
msgstr ""

msgid "Autogenerated"
msgstr ""

msgid "Segment details"
msgstr ""

msgid "Replication configuration"
msgstr ""

#, python-brace-format
msgid "Managed topology requires minimal domain level ${domainlevel}"
msgstr ""

msgid "Add IPA location"
msgstr ""

#, python-brace-format
msgid "Add IPA server into IPA location '${primary_key}'"
msgstr ""

msgid "Remove IPA locations"
msgstr ""

#, python-brace-format
msgid "Remove IPA servers from IPA location '${primary_key}'"
msgstr ""

msgid "Add topology segment"
msgstr ""

msgid "Remove topology segments"
msgstr ""

msgid "Account"
msgstr ""

msgid "Add trust"
msgstr ""

msgid "Administrative account"
msgstr ""

msgid "SID blocklists"
msgstr ""

msgid "Trust Settings"
msgstr ""

msgid "Establish using"
msgstr ""

msgid "Fetch domains"
msgstr ""

msgid "Pre-shared password"
msgstr ""

msgid "Remove trusts"
msgstr ""

msgid "Remove domains"
msgstr ""

msgid "Trust direction"
msgstr ""

msgid "Trust status"
msgstr ""

msgid "Trust type"
msgstr ""

msgid "Alternative UPN suffixes"
msgstr ""

msgid "User attributes for SMB services"
msgstr ""

msgid "Path to a script executed on a Windows system at logon"
msgstr ""

msgid "Path to a user profile, in UNC format \\\\server\\share\\"
msgstr ""

msgid "Path to a user home directory, in UNC format"
msgstr ""

msgid "Drive to mount a home directory"
msgstr ""

msgid "Account Settings"
msgstr ""

msgid "Account Status"
msgstr ""

msgid "Active users"
msgstr ""

msgid "Add user"
msgstr ""

#, python-brace-format
msgid "Add user '${primary_key}' into user groups"
msgstr ""

#, python-brace-format
msgid "Add user '${primary_key}' into HBAC rules"
msgstr ""

#, python-brace-format
msgid "Add user '${primary_key}' into netgroups"
msgstr ""

#, python-brace-format
msgid "Add user '${primary_key}' into roles"
msgstr ""

#, python-brace-format
msgid "Add user '${primary_key}' into sudo rules"
msgstr ""

msgid "Contact Settings"
msgstr ""

msgid "Delete mode"
msgstr ""

msgid "Employee Information"
msgstr ""

msgid "Error changing account status"
msgstr ""

msgid "Password expiration"
msgstr ""

msgid "Mailing Address"
msgstr ""

msgid "Misc. Information"
msgstr ""

msgid "delete"
msgstr ""

msgid "preserve"
msgstr ""

msgid "No private group"
msgstr ""

msgid "Remove users"
msgstr ""

#, python-brace-format
msgid "Remove user '${primary_key}' from user groups"
msgstr ""

#, python-brace-format
msgid "Remove user '${primary_key}' from netgroups"
msgstr ""

#, python-brace-format
msgid "Remove user '${primary_key}' from roles"
msgstr ""

#, python-brace-format
msgid "Remove user '${primary_key}' from HBAC rules"
msgstr ""

#, python-brace-format
msgid "Remove user '${primary_key}' from sudo rules"
msgstr ""

#, python-brace-format
msgid ""
"Are you sure you want to ${action} the user?<br/>The change will take effect "
"immediately."
msgstr ""

#, python-brace-format
msgid "Click to ${action}"
msgstr ""

msgid "Unlock"
msgstr ""

#, python-brace-format
msgid "Are you sure you want to unlock user ${object}?"
msgstr ""

msgid "Add vault"
msgstr ""

#, python-brace-format
msgid "Add user groups into members of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add services into members of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into members of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add user groups into owners of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add services into owners of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Add users into owners of vault '${primary_key}'"
msgstr ""

msgid ""
"Secrets can be added/retrieved to vault only by using vault-archive and "
"vault-retrieve from CLI."
msgstr ""

msgid ""
"Content of 'standard' vaults can be seen by users with higher privileges "
"(admins)."
msgstr ""

msgid "Asymmetric"
msgstr ""

msgid "Vaults Config"
msgstr ""

msgid "Members"
msgstr ""

msgid "My User Vaults"
msgstr ""

msgid "Owners"
msgstr ""

msgid "Remove vaults"
msgstr ""

#, python-brace-format
msgid "Remove user groups from members of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove services from members of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from members of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove user groups from owners of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove services from owners of vault '${primary_key}'"
msgstr ""

#, python-brace-format
msgid "Remove users from owners of vault '${primary_key}'"
msgstr ""

msgid "Service Vaults"
msgstr ""

msgid "Shared"
msgstr ""

msgid "Shared Vaults"
msgstr ""

msgid "Standard"
msgstr ""

msgid "Symmetric"
msgstr ""

msgid "Vault Type"
msgstr ""

msgid ""
"Only standard vaults can be created in WebUI, use CLI for other types of "
"vaults."
msgstr ""

msgid "User Vaults"
msgstr ""

msgid "Current password is required"
msgstr ""

#, python-brace-format
msgid "Your password expires in ${days} days."
msgstr ""

msgid "First OTP"
msgstr ""

msgid "New password is required"
msgstr ""

msgid ""
"<i class=\"fa fa-info-circle\"></i> <strong>OTP (One-Time Password):</"
"strong>Generate new OTP code for each OTP field."
msgstr ""

msgid ""
"<i class=\"fa fa-info-circle\"></i> <strong>OTP (One-Time Password):</"
"strong>Leave blank if you are not using OTP tokensfor authentication."
msgstr ""

msgid "Token synchronization failed"
msgstr ""

msgid "The username, password or token codes are not correct"
msgstr ""

msgid "Token was synchronized"
msgstr ""

msgid "Password change complete"
msgstr ""

msgid "Your password has expired. Please enter a new password."
msgstr ""

#, fuzzy
msgid "Passwords must match"
msgstr "पासवर्ड जुळत नाही!"

msgid "Password reset was not successful."
msgstr ""

msgid "Reset your password."
msgstr ""

msgid "Second OTP"
msgstr ""

msgid "Verify Password"
msgstr ""

msgid "Are you sure you want to delete selected entries?"
msgstr ""

#, python-brace-format
msgid "${count} item(s) deleted"
msgstr ""

msgid "Are you sure you want to disable selected entries?"
msgstr ""

#, python-brace-format
msgid "${count} item(s) disabled"
msgstr ""

msgid "Are you sure you want to enable selected entries?"
msgstr ""

#, python-brace-format
msgid "${count} item(s) enabled"
msgstr ""

msgid "Some entries were not deleted"
msgstr ""

msgid "Quick Links"
msgstr ""

msgid "Select All"
msgstr ""

#, python-brace-format
msgid ""
"Query returned more results than the configured size limit. Displaying the "
"first ${counter} results."
msgstr ""

msgid "Unselect All"
msgstr ""

msgid ""
"<h1>Browser Kerberos Setup</h1>\n"
"\n"
msgstr ""

msgid ""
"<h2>Firefox</h2>\n"
"\n"
"<p>\n"
"            You can configure Firefox to use Kerberos for Single Sign-on. "
"The following instructions will guide you in configuring your web browser to "
"send your Kerberos credentials to the appropriate Key Distribution Center "
"which enables Single Sign-on.\n"
"</p>\n"
"\n"
msgstr ""

msgid ""
"<ol>\n"
"<li>\n"
"<p>\n"
"<a href=\"ca.crt\" id=\"ca-link\" class=\"btn btn-default\">Import "
"Certificate Authority certificate</a>\n"
"</p>\n"
"<p>\n"
"                    Make sure you select <b>all three</b> checkboxes.\n"
"</p>\n"
"</li>\n"
"<li>\n"
"                In the address bar of Firefox, type <code>about:config</"
"code> to display the list of current configuration options.\n"
"</li>\n"
"<li>\n"
"                In the Filter field, type <code>negotiate</code> to restrict "
"the list of options.\n"
"</li>\n"
"<li>\n"
"                Double-click the <code>network.negotiate-auth.trusted-uris</"
"code> entry to display the Enter string value dialog box.\n"
"</li>\n"
"<li>\n"
"                Enter the name of the domain against which you want to "
"authenticate, for example, <code class=\"example-domain\">.example.com</"
"code>.\n"
"</li>\n"
"<li><a href=\"../ui/index.html\" id=\"return-link\" class=\"btn btn-default"
"\">Return to Web UI</a></li>\n"
"</ol>\n"
"\n"
msgstr ""

msgid ""
"<h2>Chrome</h2>\n"
"\n"
"<p>\n"
"            You can configure Chrome to use Kerberos for Single Sign-on. The "
"following instructions will guide you in configuring your web browser to "
"send your Kerberos credentials to the appropriate Key Distribution Center "
"which enables Single Sign-on.\n"
"</p>\n"
"\n"
msgstr ""

msgid ""
"<h3>Import CA Certificate</h3>\n"
"<ol>\n"
"<li>\n"
"                Download the <a href=\"ca.crt\">CA certificate</a>. "
"Alternatively, if the host is also an IdM client, you can find the "
"certificate in /etc/ipa/ca.crt.\n"
"</li>\n"
"<li>\n"
"                Click the menu button with the <em>Customize and control "
"Google Chrome</em> tooltip, which is by default in the top right-hand corner "
"of Chrome, and click <em>Settings</em>.\n"
"</li>\n"
"<li>\n"
"                Click <em>Show advanced settings</em> to display more "
"options, and then click the <em>Manage certificates</em> button located "
"under the HTTPS/SSL heading.\n"
"</li>\n"
"<li>\n"
"                In the <em>Authorities</em> tab, click the <em>Import</em> "
"button at the bottom.\n"
"</li>\n"
"<li>Select the CA certificate file that you downloaded in the first step.</"
"li>\n"
"</ol>\n"
"\n"
msgstr ""

msgid ""
"<h3>\n"
"            Enable SPNEGO (Simple and Protected GSSAPI Negotiation "
"Mechanism) to Use Kerberos Authentication\n"
"            in Chrome\n"
"</h3>\n"
"<ol>\n"
"<li>\n"
"                Make sure you have the necessary directory created by "
"running:\n"
"<div><code>\n"
"                    [root@client]# mkdir -p /etc/opt/chrome/policies/"
"managed/\n"
"</code></div>\n"
"</li>\n"
"<li>\n"
"                Create a new <code>/etc/opt/chrome/policies/managed/mydomain."
"json</code> file with write privileges limited to the system administrator "
"or root, and include the following line:\n"
"<div><code>\n"
"                    { \"AuthServerWhitelist\": \"*<span class=\"example-"
"domain\">.example.com</span>\" }\n"
"</code></div>\n"
"<div>\n"
"                    You can do this by running:\n"
"</div>\n"
"<div><code>\n"
"                    [root@server]# echo '{ \"AuthServerWhitelist\": \"*<span "
"class=\"example-domain\">.example.com</span>\" }' > /etc/opt/chrome/policies/"
"managed/mydomain.json\n"
"</code></div>\n"
"</li>\n"
"</ol>\n"
"<ol>\n"
"<p>\n"
"<strong>Note:</strong> If using Chromium, use <code>/etc/chromium/policies/"
"managed/</code> instead of <code>/etc/opt/chrome/policies/managed/</code> "
"for the two SPNEGO Chrome configuration steps above.\n"
"</p>\n"
"</ol>\n"
"\n"
msgstr ""

msgid ""
"<h2>Internet Explorer</h2>\n"
"<p><strong>WARNING:</strong> Internet Explorer is no longer a supported "
"browser.</p>\n"
"<p>\n"
"            Once you are able to log into the workstation with your kerberos "
"key you are now able to use that ticket in Internet Explorer.\n"
"</p>\n"
"<p>\n"
msgstr ""

msgid ""
"<strong>Log into the Windows machine using an account of your Kerberos realm "
"(administrative domain)</strong>\n"
"</p>\n"
"<p>\n"
"<strong>In Internet Explorer, click Tools, and then click Internet Options.</"
"strong>\n"
"</p>\n"
"<div>\n"
"<ol>\n"
"<li>Click the Security tab</li>\n"
"<li>Click Local intranet</li>\n"
"<li>Click Sites </li>\n"
"<li>Click Advanced </li>\n"
"<li>Add your domain to the list</li>\n"
"</ol>\n"
"<ol>\n"
"<li>Click the Security tab</li>\n"
"<li>Click Local intranet</li>\n"
"<li>Click Custom Level</li>\n"
"<li>Select Automatic logon only in Intranet zone</li>\n"
"</ol>\n"
"\n"
"<ol>\n"
"<li> Visit a kerberized web site using IE (You must use the fully-qualified "
"Domain Name in the URL)</li>\n"
"<li><strong> You are all set.</strong></li>\n"
"</ol>\n"
"</div>\n"
"\n"
msgstr ""

msgid "Working"
msgstr ""

msgid "Audit"
msgstr ""

msgid "Authentication"
msgstr ""

msgid "Automember"
msgstr ""

msgid "Automount"
msgstr ""

msgid "DNS"
msgstr ""

msgid "Host-Based Access Control"
msgstr ""

msgid "Identity"
msgstr ""

msgid "IPA Server"
msgstr ""

msgid "Network Services"
msgstr ""

msgid "Policy"
msgstr ""

msgid "Role-Based Access Control"
msgstr ""

msgid "Sudo"
msgstr ""

msgid "Topology"
msgstr ""

msgid "Trusts"
msgstr ""

msgid "True"
msgstr ""

msgid ""
"<h1>Unable to verify your Kerberos credentials</h1>\n"
"<p>\n"
"            Please make sure that you have valid Kerberos tickets "
"(obtainable via <strong>kinit</strong>), and that you have configured your "
"browser correctly.\n"
"</p>\n"
"\n"
"<h2>Browser configuration</h2>\n"
"\n"
"<div id=\"first-time\">\n"
"<p>\n"
"                If this is your first time, please <a href=\"ssbrowser.html"
"\">configure your browser</a>.\n"
"</p>\n"
"</div>\n"
msgstr ""

msgid "API Browser"
msgstr ""

msgid "First"
msgstr ""

msgid "Last"
msgstr ""

msgid "Next"
msgstr ""

msgid "Page"
msgstr ""

msgid "Prev"
msgstr ""

msgid "Undo"
msgstr ""

msgid "Undo this change."
msgstr ""

msgid "Undo All"
msgstr ""

msgid "Undo all changes in this field."
msgstr ""

msgid "Text does not match field pattern"
msgstr ""

msgid "Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")"
msgstr ""

msgid "Must be a decimal number"
msgstr ""

msgid "Format error"
msgstr ""

msgid "Must be an integer"
msgstr ""

msgid "Not a valid IP address"
msgstr ""

msgid "Not a valid IPv4 address"
msgstr ""

msgid "Not a valid IPv6 address"
msgstr ""

#, python-brace-format
msgid "Maximum value is ${value}"
msgstr ""

#, python-brace-format
msgid "Minimum value is ${value}"
msgstr ""

msgid "Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)"
msgstr ""

msgid "Parse error"
msgstr ""

msgid "Must be a positive number"
msgstr ""

#, python-brace-format
msgid "'${port}' is not a valid port"
msgstr ""

msgid "Required field"
msgstr ""

msgid "Unsupported value"
msgstr ""

msgid ""
"\n"
"RADIUS Proxy Servers\n"
msgstr ""

msgid ""
"\n"
"Manage RADIUS Proxy Servers.\n"
msgstr ""

msgid ""
"\n"
"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n"
"authentications. This permits a great deal of flexibility when\n"
"integrating with third-party authentication services.\n"
msgstr ""

msgid ""
"\n"
" Add a new server:\n"
"   ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n"
msgstr ""

msgid ""
"\n"
" Find all servers whose entries include the string \"example.com\":\n"
"   ipa radiusproxy-find example.com\n"
msgstr ""

msgid ""
"\n"
" Examine the configuration:\n"
"   ipa radiusproxy-show MyRADIUS\n"
msgstr ""

msgid ""
"\n"
" Change the secret:\n"
"   ipa radiusproxy-mod MyRADIUS --secret\n"
msgstr ""

msgid ""
"\n"
" Delete a configuration:\n"
"   ipa radiusproxy-del MyRADIUS\n"
msgstr ""

msgid "invalid attribute name"
msgstr ""

msgid "invalid port number"
msgstr ""

msgid "RADIUS proxy server"
msgstr ""

msgid "RADIUS proxy servers"
msgstr ""

msgid "RADIUS Servers"
msgstr ""

msgid "RADIUS Server"
msgstr ""

#, python-format
msgid "Added RADIUS proxy server \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted RADIUS proxy server \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified RADIUS proxy server \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d RADIUS proxy server matched"
msgid_plural "%(count)d RADIUS proxy servers matched"
msgstr[0] ""
msgstr[1] ""

#, python-brace-format
msgid ""
"Domain Level cannot be raised to {0}, existing replication conflicts have to "
"be resolved."
msgstr ""

msgid "Server does not support domain level functionality"
msgstr ""

msgid "Domain Level cannot be lowered."
msgstr ""

#, python-brace-format
msgid "Domain Level cannot be raised to {0}, server {1} does not support it."
msgstr ""

msgid ""
"\n"
"Simulate use of Host-based access controls\n"
"\n"
"HBAC rules control who can access what services on what hosts.\n"
"You can use HBAC to control which users or groups can access a service,\n"
"or group of services, on a target host.\n"
"\n"
"Since applying HBAC rules implies use of a production environment,\n"
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
"having access to the production environment.\n"
"\n"
" Test user coming to a service on a named host against\n"
" existing enabled rules.\n"
"\n"
" ipa hbactest --user= --host= --service=\n"
"              [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
"              [--sizelimit= ]\n"
"\n"
" --user, --host, and --service are mandatory, others are optional.\n"
"\n"
" If --rules is specified simulate enabling of the specified rules and test\n"
" the login of the user using only these rules.\n"
"\n"
" If --enabled is specified, all enabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --disabled is specified, all disabled HBAC rules will be added to "
"simulation\n"
"\n"
" If --nodetail is specified, do not return information about rules matched/"
"not matched.\n"
"\n"
" If both --rules and --enabled are specified, apply simulation to --rules "
"_and_\n"
" all IPA enabled rules.\n"
"\n"
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
" By default there is a IPA-wide limit to number of entries fetched, you can "
"change it\n"
" with --sizelimit option.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Use all enabled HBAC rules in IPA database to simulate:\n"
"    $ ipa  hbactest --user=a1a --host=bar --service=sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Matched rules: allow_all\n"
"\n"
"    2. Disable detailed summary of how rules were applied:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"\n"
"    3. Test explicitly specified HBAC rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
"          --rules=myrule --rules=my-second-rule\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: myrule\n"
"\n"
"    4. Use all enabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
"          --rules=myrule --rules=my-second-rule --enabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Matched rules: allow_all\n"
"\n"
"    5. Test all disabled HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: new-rule\n"
"\n"
"    6. Test all disabled HBAC rules in IPA database + explicitly specified "
"rules:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
"          --rules=myrule --rules=my-second-rule --disabled\n"
"    ---------------------\n"
"    Access granted: False\n"
"    ---------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"\n"
"    7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
"          --enabled --disabled\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Not matched rules: my-second-rule\n"
"      Not matched rules: my-third-rule\n"
"      Not matched rules: myrule\n"
"      Not matched rules: new-rule\n"
"      Matched rules: allow_all\n"
"\n"
"\n"
"HBACTEST AND TRUSTED DOMAINS\n"
"\n"
"When an external trusted domain is configured in IPA, HBAC rules are also "
"applied\n"
"on users accessing IPA resources from the trusted domain. Trusted domain "
"users and\n"
"groups (and their SIDs) can be then assigned to external groups which can "
"be\n"
"members of POSIX groups in IPA which can be used in HBAC rules and thus "
"allowing\n"
"access to resources protected by the HBAC system.\n"
"\n"
"hbactest plugin is capable of testing access for both local IPA users and "
"users\n"
"from the trusted domains, either by a fully qualified user name or by user "
"SID.\n"
"Such user names need to have a trusted domain specified as a short name\n"
"(DOMAIN\\Administrator) or with a user principal name (UPN), "
"Administrator@ad.test.\n"
"\n"
"Please note that hbactest executed with a trusted domain user as --user "
"parameter\n"
"can be only run by members of \"trust admins\" group.\n"
"\n"
"EXAMPLES:\n"
"\n"
"    1. Test if a user from a trusted domain specified by its shortname "
"matches any\n"
"       rule:\n"
"\n"
"    $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    2. Test if a user from a trusted domain specified by its domain name "
"matches\n"
"       any rule:\n"
"\n"
"    $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
"service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    3. Test if a user from a trusted domain specified by its SID matches any "
"rule:\n"
"\n"
"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\\\n"
"            --host `hostname` --service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Matched rules: can_login\n"
"\n"
"    4. Test if other user from a trusted domain specified by its SID matches "
"any rule:\n"
"\n"
"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\"
"\\\n"
"            --host `hostname` --service sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Not matched rules: can_login\n"
"\n"
"   5. Test if other user from a trusted domain specified by its shortname "
"matches\n"
"       any rule:\n"
"\n"
"    $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
"sshd\n"
"    --------------------\n"
"    Access granted: True\n"
"    --------------------\n"
"      Matched rules: allow_all\n"
"      Not matched rules: can_login\n"
msgstr ""

msgid "Unresolved rules in --rules"
msgstr ""

msgid ""
"Cannot perform external member validation without Samba 4 support installed. "
"Make sure you have installed server-trust-ad sub-package of IPA on the server"
msgstr ""

msgid ""
"Cannot search in trusted domains without own domain configured. Make sure "
"you have run ipa-adtrust-install on the IPA server first"
msgstr ""

#, python-format
msgid "Access granted: %s"
msgstr ""

msgid "kerberos ticket policy settings"
msgstr ""

msgid "OTP max life"
msgstr ""

msgid "OTP token maximum ticket life (seconds)"
msgstr ""

msgid "OTP max renew"
msgstr ""

msgid "OTP token ticket maximum renewable age (seconds)"
msgstr ""

msgid "RADIUS max life"
msgstr ""

msgid "RADIUS maximum ticket life (seconds)"
msgstr ""

msgid "RADIUS max renew"
msgstr ""

msgid "RADIUS ticket maximum renewable age (seconds)"
msgstr ""

msgid "PKINIT max life"
msgstr ""

msgid "PKINIT maximum ticket life (seconds)"
msgstr ""

msgid "PKINIT max renew"
msgstr ""

msgid "PKINIT ticket maximum renewable age (seconds)"
msgstr ""

msgid "Hardened max life"
msgstr ""

msgid "Hardened ticket maximum ticket life (seconds)"
msgstr ""

msgid "Hardened max renew"
msgstr ""

msgid "Hardened ticket maximum renewable age (seconds)"
msgstr ""

#, python-format
msgid "Ticket policy for %s could not be read"
msgstr ""

msgid "Default ticket policy could not be read"
msgstr ""

msgid "Could not read UPG Definition originfilter. Check your permissions."
msgstr ""

msgid ""
"\n"
"IPA locations\n"
msgstr ""

msgid ""
"\n"
"Manipulate DNS locations\n"
msgstr ""

msgid ""
"\n"
"  Find all locations:\n"
"    ipa location-find\n"
msgstr ""

msgid ""
"\n"
"  Show specific location:\n"
"    ipa location-show location\n"
msgstr ""

msgid ""
"\n"
"  Add location:\n"
"    ipa location-add location --description 'My location'\n"
msgstr ""

msgid ""
"\n"
"  Delete location:\n"
"    ipa location-del location\n"
msgstr ""

msgid "location"
msgstr ""

msgid "locations"
msgstr ""

msgid "IPA Locations"
msgstr ""

msgid "IPA Location"
msgstr ""

#, fuzzy
msgid "Location name"
msgstr "आदेशाचे नाव "

msgid "IPA location name"
msgstr ""

msgid "IPA Location description"
msgstr ""

msgid "Servers"
msgstr ""

msgid "Servers that belongs to the IPA location"
msgstr ""

msgid "Advertised by servers"
msgstr ""

msgid "List of servers which advertise the given location"
msgstr ""

msgid "Add a new IPA location."
msgstr ""

#, python-format
msgid "Added IPA location \"%(value)s\""
msgstr ""

msgid "Delete an IPA location."
msgstr ""

#, python-format
msgid "Deleted IPA location \"%(value)s\""
msgstr ""

msgid "Modify information about an IPA location."
msgstr ""

#, python-format
msgid "Modified IPA location \"%(value)s\""
msgstr ""

msgid "Search for IPA locations."
msgstr ""

#, python-format
msgid "%(count)d IPA location matched"
msgid_plural "%(count)d IPA locations matched"
msgstr[0] ""
msgstr[1] ""

msgid "Display information about an IPA location."
msgstr ""

msgid "Servers in location"
msgstr ""

msgid ""
"\n"
"Topology\n"
"\n"
"Management of a replication topology at domain level 1.\n"
msgstr ""

msgid ""
"\n"
"IPA server's data is stored in LDAP server in two suffixes:\n"
"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related "
"data\n"
"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n"
"  contains data for Certificate Server component\n"
msgstr ""

msgid ""
"\n"
"Data stored on IPA servers is replicated to other IPA servers. The way it "
"is\n"
"replicated is defined by replication agreements. Replication agreements "
"needs\n"
"to be set for both suffixes separately. On domain level 0 they are managed\n"
"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level "
"1\n"
"they are managed centrally using `ipa topology*` commands.\n"
msgstr ""

msgid ""
"\n"
"Agreements are represented by topology segments. By default topology "
"segment\n"
"represents 2 replication agreements - one for each direction, e.g., A to B "
"and\n"
"B to A. Creation of unidirectional segments is not allowed.\n"
msgstr ""

msgid ""
"\n"
"To verify that no server is disconnected in the topology of the given "
"suffix,\n"
"use:\n"
"  ipa topologysuffix-verify $suffix\n"
msgstr ""

msgid ""
"\n"
"\n"
"Examples:\n"
"  Find all IPA servers:\n"
"    ipa server-find\n"
msgstr ""

msgid ""
"\n"
"  Find all suffixes:\n"
"    ipa topologysuffix-find\n"
msgstr ""

msgid ""
"\n"
"  Add topology segment to 'domain' suffix:\n"
"    ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n"
msgstr ""

msgid ""
"\n"
"  Add topology segment to 'ca' suffix:\n"
"    ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n"
msgstr ""

msgid ""
"\n"
"  List all topology segments in 'domain' suffix:\n"
"    ipa topologysegment-find domain\n"
msgstr ""

msgid ""
"\n"
"  List all topology segments in 'ca' suffix:\n"
"    ipa topologysegment-find ca\n"
msgstr ""

msgid ""
"\n"
"  Delete topology segment in 'domain' suffix:\n"
"    ipa topologysegment-del domain segment_name\n"
msgstr ""

msgid ""
"\n"
"  Delete topology segment in 'ca' suffix:\n"
"    ipa topologysegment-del ca segment_name\n"
msgstr ""

msgid ""
"\n"
"  Verify topology of 'domain' suffix:\n"
"    ipa topologysuffix-verify domain\n"
msgstr ""

msgid ""
"\n"
"  Verify topology of 'ca' suffix:\n"
"    ipa topologysuffix-verify ca\n"
msgstr ""

#, python-brace-format
msgid "Topology management requires minimum domain level {0} "
msgstr ""

msgid "segment"
msgstr ""

msgid "segments"
msgstr ""

msgid "Topology Segments"
msgstr ""

msgid "Topology Segment"
msgstr ""

#, python-format
msgid "left node is not a topology node: %(leftnode)s"
msgstr ""

#, python-format
msgid "right node is not a topology node: %(rightnode)s"
msgstr ""

msgid "left node and right node must not be the same"
msgstr ""

#, python-brace-format
msgid "left node ({host}) does not support suffix '{suff}'"
msgstr ""

#, python-brace-format
msgid "right node ({host}) does not support suffix '{suff}'"
msgstr ""

#, python-format
msgid "%(count)d segment matched"
msgid_plural "%(count)d segments matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Added segment \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted segment \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified segment \"%(value)s\""
msgstr ""

#, python-format
msgid "%(value)s"
msgstr ""

msgid "left or right node has to be specified"
msgstr ""

msgid "only one node can be specified"
msgstr ""

#, python-format
msgid "Replication refresh for segment: \"%(pkey)s\" requested."
msgstr ""

#, python-format
msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested."
msgstr ""

msgid "suffixes"
msgstr ""

msgid "Topology suffixes"
msgstr ""

msgid "Topology suffix"
msgstr ""

#, python-format
msgid "%(count)d topology suffix matched"
msgid_plural "%(count)d topology suffixes matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Deleted topology suffix \"%(value)s\""
msgstr ""

#, python-format
msgid "Added topology suffix \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified topology suffix \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Verify replication topology for suffix.\n"
"\n"
"Checks done:\n"
"  1. check if a topology is not disconnected. In other words if there are\n"
"     replication paths between all servers.\n"
"  2. check if servers don't have more than the recommended number of\n"
"     replication agreements\n"
msgstr ""

msgid ""
"\n"
"Sudo Commands\n"
"\n"
"Commands used as building blocks for sudo\n"
"\n"
"EXAMPLES:\n"
"\n"
" Create a new command\n"
"   ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n"
"\n"
" Remove a command\n"
"   ipa sudocmd-del /usr/bin/less\n"
"\n"
msgstr ""

#, python-format
msgid "must not contain trailing dot: %s"
msgstr ""

#, fuzzy
msgid "sudo command"
msgstr "विषय आदेश:"

#, fuzzy
msgid "sudo commands"
msgstr "विषय आदेश:"

#, fuzzy
msgid "Sudo Commands"
msgstr "विषय आदेश:"

#, python-format
msgid "Added Sudo Command \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted Sudo Command \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified Sudo Command \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d Sudo Command matched"
msgid_plural "%(count)d Sudo Commands matched"
msgstr[0] ""
msgstr[1] ""

msgid "self service permission"
msgstr ""

msgid "self service permissions"
msgstr ""

msgid "Self Service Permissions"
msgstr ""

msgid "Self Service Permission"
msgstr ""

#, python-format
msgid "Added selfservice \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted selfservice \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified selfservice \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d selfservice matched"
msgid_plural "%(count)d selfservices matched"
msgstr[0] ""
msgstr[1] ""

msgid "A list of ACI values"
msgstr ""

msgid "type, filter, subtree and targetgroup are mutually exclusive"
msgstr ""

msgid "ACI prefix is required"
msgstr ""

msgid ""
"at least one of: type, filter, subtree, targetgroup, attrs or memberof are "
"required"
msgstr ""

msgid "filter and memberof are mutually exclusive"
msgstr ""

msgid "group, permission and self are mutually exclusive"
msgstr ""

msgid "One of group, permission or self is required"
msgstr ""

#, python-format
msgid "Group '%s' does not exist"
msgstr ""

msgid "empty filter"
msgstr ""

#, python-format
msgid "Syntax Error: %(error)s"
msgstr ""

#, python-format
msgid "invalid DN (%s)"
msgstr ""

#, python-format
msgid "ACI with name \"%s\" not found"
msgstr ""

msgid "ACI object."
msgstr ""

msgid "ACIs"
msgstr ""

#, python-format
msgid "Created ACI \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted ACI \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified ACI \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d ACI matched"
msgid_plural "%(count)d ACIs matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Renamed ACI to \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Groups of users\n"
"\n"
"Manage groups of users, groups, or services. By default, new groups are "
"POSIX\n"
"groups. You can add the --nonposix option to the group-add command to mark "
"a\n"
"new group as non-POSIX. You can use the --posix argument with the group-mod\n"
"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot "
"be\n"
"converted to non-POSIX groups.\n"
"\n"
"Every group must have a description.\n"
"\n"
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
"supported but can have an impact on your file permissions. It is not "
"necessary\n"
"to supply a GID when creating a group. IPA will generate one automatically\n"
"if it is not provided.\n"
"\n"
"Groups members can be users, other groups, and Kerberos services. In POSIX\n"
"environments only users will be visible as group members, but nested groups "
"and\n"
"groups of services can be used for IPA management purposes.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new group:\n"
"   ipa group-add --desc='local administrators' localadmins\n"
"\n"
" Add a new non-POSIX group:\n"
"   ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
"\n"
" Convert a non-POSIX group to posix:\n"
"   ipa group-mod --posix remoteadmins\n"
"\n"
" Add a new POSIX group with a specific Group ID number:\n"
"   ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
"\n"
" Add a new POSIX group and let IPA assign a Group ID number:\n"
"   ipa group-add --desc='printer admins' printeradmins\n"
"\n"
" Remove a group:\n"
"   ipa group-del unixadmins\n"
"\n"
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
"   ipa group-add-member --groups=remoteadmins localadmins\n"
"\n"
" Add multiple users to the \"localadmins\" group:\n"
"   ipa group-add-member --users=test1 --users=test2 localadmins\n"
"\n"
" To add Kerberos services to the \"printer admins\" group:\n"
"   ipa group-add-member --services=CUPS/some.host printeradmins\n"
"\n"
" Remove a user from the \"localadmins\" group:\n"
"   ipa group-remove-member --users=test2 localadmins\n"
"\n"
" Display information about a named group.\n"
"   ipa group-show localadmins\n"
"\n"
"Group membership managers are users or groups that can add members to a\n"
"group or remove members from a group.\n"
"\n"
" Allow user \"test2\" to add or remove members from group \"localadmins\":\n"
"   ipa group-add-member-manager --users=test2 localadmins\n"
"\n"
" Revoke membership management rights for user \"test2\" from \"localadmins"
"\":\n"
"   ipa group-remove-member-manager --users=test2 localadmins\n"
"\n"
"External group membership is designed to allow users from trusted domains\n"
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
"External members should be added to groups that specifically created as\n"
"external and non-POSIX. Such group later should be included into one of "
"POSIX\n"
"groups.\n"
"\n"
"An external group member is currently a Security Identifier (SID) as defined "
"by\n"
"the trusted domain. When adding external group members, it is possible to\n"
"specify them in either SID, or DOM\\name, or name@domain format. IPA will "
"attempt\n"
"to resolve passed name to SID with the use of Global Catalog of the trusted "
"domain.\n"
"\n"
"Example:\n"
"\n"
"1. Create group for the trusted domain admins' mapping and their local POSIX "
"group:\n"
"\n"
"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
"--external\n"
"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
"\n"
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
"ad_admins_external\n"
"   group:\n"
"\n"
"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
"\n"
"3. Allow members of ad_admins_external group to be associated with ad_admins "
"POSIX group:\n"
"\n"
"   ipa group-add-member ad_admins --groups ad_admins_external\n"
"\n"
"4. List members of external members of ad_admins_external group to see their "
"SIDs:\n"
"\n"
"   ipa group-show ad_admins_external\n"
msgstr ""

msgid "groups"
msgstr ""

msgid "User Group"
msgstr ""

#, python-format
msgid "Added group \"%(value)s\""
msgstr ""

msgid "gid cannot be set for external group"
msgstr ""

msgid "attribute \"gidNumber\" not allowed with --nonposix"
msgstr ""

#, python-format
msgid "Deleted group \"%(value)s\""
msgstr ""

msgid "privileged group"
msgstr ""

#, python-format
msgid "Modified group \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d group matched"
msgid_plural "%(count)d groups matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"Cannot perform join operation without own domain configured. Make sure you "
"have run ipa-adtrust-install on the IPA server first"
msgstr ""

#, python-format
msgid "Detached group \"%(value)s\" from user \"%(value)s\""
msgstr ""

msgid "not allowed to modify user entries"
msgstr ""

msgid "not allowed to modify group entries"
msgstr ""

msgid "Not a managed group"
msgstr ""

msgid "Add users that can manage members of this group."
msgstr ""

msgid "Remove users that can manage members of this group."
msgstr ""

msgid "automount location"
msgstr ""

msgid "automount locations"
msgstr ""

msgid "Automount Locations"
msgstr ""

msgid "Automount Location"
msgstr ""

#, python-format
msgid "Added automount location \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted automount location \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d automount location matched"
msgid_plural "%(count)d automount locations matched"
msgstr[0] ""
msgstr[1] ""

msgid "automount map"
msgstr ""

msgid "automount maps"
msgstr ""

msgid "Automount Maps"
msgstr ""

msgid "Automount Map"
msgstr ""

#, python-format
msgid "Added automount map \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted automount map \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified automount map \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d automount map matched"
msgid_plural "%(count)d automount maps matched"
msgstr[0] ""
msgstr[1] ""

msgid "Automount key object."
msgstr ""

msgid "automount key"
msgstr ""

msgid "automount keys"
msgstr ""

msgid "Automount Keys"
msgstr ""

msgid "Automount Key"
msgstr ""

#, python-format
msgid ""
"The key,info pair must be unique. A key named %(key)s with info %(info)s "
"already exists"
msgstr ""

#, python-format
msgid "key named %(key)s already exists"
msgstr ""

#, python-format
msgid "The automount key %(key)s with info %(info)s does not exist"
msgstr ""

#, python-format
msgid ""
"More than one entry with key %(key)s found, use --info to select specific "
"entry."
msgstr ""

#, python-format
msgid "Added automount key \"%(value)s\""
msgstr ""

#, python-format
msgid "Added automount indirect map \"%(value)s\""
msgstr ""

msgid "mount point is relative to parent map, cannot begin with /"
msgstr ""

#, python-format
msgid "Deleted automount key \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified automount key \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d automount key matched"
msgid_plural "%(count)d automount keys matched"
msgstr[0] ""
msgstr[1] ""

msgid "ID View"
msgstr ""

msgid "system ID View"
msgstr ""

msgid "ID Views"
msgstr ""

msgid "User object overrides"
msgstr ""

msgid "Group object overrides"
msgstr ""

msgid "Hosts the view applies to"
msgstr ""

#, python-format
msgid "Added ID View \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted ID View \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified an ID View \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d ID View matched"
msgid_plural "%(count)d ID Views matched"
msgstr[0] ""
msgstr[1] ""

msgid "Default Trust View cannot be applied on hosts"
msgstr ""

msgid "not found"
msgstr ""

msgid "ID View cannot be applied to IPA master"
msgstr ""

msgid "ID View already applied"
msgstr ""

msgid "value"
msgstr ""

#, python-format
msgid "ID View applied to %i host."
msgstr ""

#, python-format
msgid "ID View applied to %i hosts."
msgstr ""

#, python-format
msgid "ID View cleared from %i host."
msgstr ""

#, python-format
msgid "ID View cleared from %i hosts."
msgstr ""

msgid ""
"You are trying to reference a magic private group which is not allowed to be "
"overridden. Try overriding the GID attribute of the corresponding user "
"instead."
msgstr ""

msgid "IPA object"
msgstr ""

msgid ""
"system IPA objects (e.g. system groups, user private groups) cannot be "
"overridden"
msgstr ""

#, python-format
msgid "Anchor '%(anchor)s' could not be resolved."
msgstr ""

msgid "Default Trust View cannot contain IPA users"
msgstr ""

msgid "Add a new ID override."
msgstr ""

#, python-format
msgid "Added ID override \"%(value)s\""
msgstr ""

msgid "Delete an ID override."
msgstr ""

#, python-format
msgid "Deleted ID override \"%(value)s\""
msgstr ""

msgid "Modify an ID override."
msgstr ""

#, python-format
msgid "Modified an ID override \"%(value)s\""
msgstr ""

msgid "ID override"
msgstr ""

msgid "ID overrides cannot be renamed"
msgstr ""

msgid "Search for an ID override."
msgstr ""

#, python-format
msgid "%(count)d ID override matched"
msgid_plural "%(count)d ID overrides matched"
msgstr[0] ""
msgstr[1] ""

msgid "Display information about an ID override."
msgstr ""

msgid "User ID override"
msgstr ""

msgid "User ID overrides"
msgstr ""

msgid "Group ID override"
msgstr ""

msgid "Group ID overrides"
msgstr ""

msgid "Add one or more certificates to the idoverrideuser entry"
msgstr ""

#, python-format
msgid "Added certificates to idoverrideuser \"%(value)s\""
msgstr ""

msgid "Remove one or more certificates to the idoverrideuser entry"
msgstr ""

#, python-format
msgid "Removed certificates from idoverrideuser \"%(value)s\""
msgstr ""

#, python-format
msgid "Added User ID override \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted User ID override \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified an User ID override \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d User ID override matched"
msgid_plural "%(count)d User ID overrides matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Added Group ID override \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted Group ID override \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified an Group ID override \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d Group ID override matched"
msgid_plural "%(count)d Group ID overrides matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"\n"
"Migration to IPA\n"
"\n"
"Migrate users and groups from an LDAP server to IPA.\n"
"\n"
"This performs an LDAP query against the remote server searching for\n"
"users and groups in a container. In order to migrate passwords you need\n"
"to bind as a user that can read the userPassword attribute on the remote\n"
"server. This is generally restricted to high-level admins such as\n"
"cn=Directory Manager in 389-ds (this is the default bind user).\n"
"\n"
"The default user container is ou=People.\n"
"\n"
"The default group container is ou=Groups.\n"
"\n"
"Users and groups that already exist on the IPA server are skipped.\n"
"\n"
"Two LDAP schemas define how group members are stored: RFC2307 and\n"
"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n"
"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n"
"\n"
"The schema compat feature allows IPA to reformat data for systems that\n"
"do not support RFC2307bis. It is recommended that this feature is disabled\n"
"during migration to reduce system overhead. It can be re-enabled after\n"
"migration. To migrate with it enabled use the \"--with-compat\" option.\n"
"\n"
"Migrated users do not have Kerberos credentials, they have only their\n"
"LDAP password. To complete the migration process, users need to go\n"
"to http://ipa.example.com/ipa/migration and authenticate using their\n"
"LDAP password in order to generate their Kerberos credentials.\n"
"\n"
"Migration is disabled by default. Use the command ipa config-mod to\n"
"enable it:\n"
"\n"
" ipa config-mod --enable-migration=TRUE\n"
"\n"
"If a base DN is not provided with --basedn then IPA will use either\n"
"the value of defaultNamingContext if it is set or the first value\n"
"in namingContexts set in the root of the remote LDAP server.\n"
"\n"
"Users are added as members to the default user group. This can be a\n"
"time-intensive task so during migration this is done in a batch\n"
"mode for every 100 users. As a result there will be a window in which\n"
"users will be added to IPA but will not be members of the default\n"
"user group.\n"
"\n"
"EXAMPLES:\n"
"\n"
" The simplest migration, accepting all defaults:\n"
"   ipa migrate-ds ldap://ds.example.com:389\n"
"\n"
" Specify the user and group container. This can be used to migrate user\n"
" and group data from an IPA v1 server:\n"
"   ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
"       --group-container='cn=groups,cn=accounts' \\\n"
"       ldap://ds.example.com:389\n"
"\n"
" Since IPA v2 server already contain predefined groups that may collide "
"with\n"
" groups in migrated (IPA v1) server (for example admins, ipausers), users\n"
" having colliding group as their primary group may happen to belong to\n"
" an unknown group on new IPA v2 server.\n"
" Use --group-overwrite-gid option to overwrite GID of already existing "
"groups\n"
" to prevent this issue:\n"
"    ipa migrate-ds --group-overwrite-gid \\\n"
"        --user-container='cn=users,cn=accounts' \\\n"
"        --group-container='cn=groups,cn=accounts' \\\n"
"        ldap://ds.example.com:389\n"
"\n"
" Migrated users or groups may have object class and accompanied attributes\n"
" unknown to the IPA v2 server. These object classes and attributes may be\n"
" left out of the migration process:\n"
"    ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
"       --group-container='cn=groups,cn=accounts' \\\n"
"       --user-ignore-objectclass=radiusprofile \\\n"
"       --user-ignore-attribute=radiusgroupname \\\n"
"       ldap://ds.example.com:389\n"
"\n"
"LOGGING\n"
"\n"
"Migration will log warnings and errors to the Apache error log. This\n"
"file should be evaluated post-migration to correct or investigate any\n"
"issues that were discovered.\n"
"\n"
"For every 100 users migrated an info-level message will be displayed to\n"
"give the current progress and duration to make it possible to track\n"
"the progress of migration.\n"
"\n"
"If the log level is debug, either by setting debug = True in\n"
"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be "
"printed\n"
"for each user added plus a summary when the default user group is\n"
"updated.\n"
msgstr ""

#, python-format
msgid ""
"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually."
msgstr ""

#, python-format
msgid ""
"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-"
"mod' to set it manually."
msgstr ""

msgid ""
"Failed to add user to the default group. Use 'ipa group-add-member' to add "
"manually."
msgstr ""

msgid "Migration of LDAP search reference is not supported."
msgstr ""

msgid "Malformed DN"
msgstr ""

#, python-format
msgid "%(user)s is not a POSIX user"
msgstr ""

msgid ""
". Check GID of the existing group. Use --group-overwrite-gid option to "
"overwrite the GID"
msgstr ""

msgid "Invalid LDAP URI."
msgstr ""

#, python-format
msgid "%s to exclude from migration"
msgstr ""

msgid ""
"search results for objects to be migrated\n"
"have been truncated by the server;\n"
"migration process might be incomplete\n"
msgstr ""

#, python-format
msgid ""
"%(container)s LDAP search did not return any result (search base: "
"%(search_base)s, objectclass: %(objectclass)s)"
msgstr ""

msgid "Default group for new users not found"
msgstr ""

msgid ""
"\n"
"Manage CA ACL rules.\n"
"\n"
"This plugin is used to define rules governing which CAs and profiles\n"
"may be used to issue certificates to particular principals or groups\n"
"of principals.\n"
"\n"
"SUBJECT PRINCIPAL SCOPE:\n"
"\n"
"For a certificate request to be allowed, the principal(s) that are\n"
"the subject of a certificate request (not necessarily the principal\n"
"actually requesting the certificate) must be included in the scope\n"
"of a CA ACL that also includes the target CA and profile.\n"
"\n"
"Users can be included by name, group or the \"all users\" category.\n"
"Hosts can be included by name, hostgroup or the \"all hosts\"\n"
"category.  Services can be included by service name or the \"all\n"
"services\" category.  CA ACLs may be associated with a single type of\n"
"principal, or multiple types.\n"
"\n"
"CERTIFICATE AUTHORITY SCOPE:\n"
"\n"
"A CA ACL can be associated with one or more CAs by name, or by the\n"
"\"all CAs\" category.  For compatibility reasons, a CA ACL with no CA\n"
"association implies an association with the 'ipa' CA (and only this\n"
"CA).\n"
"\n"
"PROFILE SCOPE:\n"
"\n"
"A CA ACL can be associated with one or more profiles by Profile ID.\n"
"The Profile ID is a string without spaces or punctuation starting\n"
"with a letter and followed by a sequence of letters, digits or\n"
"underscore (\"_\").\n"
"\n"
"EXAMPLES:\n"
"\n"
"  Create a CA ACL \"test\" that grants all users access to the\n"
"  \"UserCert\" profile on all CAs:\n"
"    ipa caacl-add test --usercat=all --cacat=all\n"
"    ipa caacl-add-profile test --certprofiles UserCert\n"
"\n"
"  Display the properties of a named CA ACL:\n"
"    ipa caacl-show test\n"
"\n"
"  Create a CA ACL to let user \"alice\" use the \"DNP3\" profile on \"DNP3-CA"
"\":\n"
"    ipa caacl-add alice_dnp3\n"
"    ipa caacl-add-ca alice_dnp3 --cas DNP3-CA\n"
"    ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n"
"    ipa caacl-add-user alice_dnp3 --user=alice\n"
"\n"
"  Disable a CA ACL:\n"
"    ipa caacl-disable test\n"
"\n"
"  Remove a CA ACL:\n"
"    ipa caacl-del test\n"
msgstr ""

msgid "CA ACL"
msgstr ""

msgid "CA ACLs"
msgstr ""

msgid "CA category"
msgstr ""

msgid "CA category the ACL applies to"
msgstr ""

msgid "CAs"
msgstr ""

#, python-format
msgid "Added CA ACL \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted CA ACL \"%(value)s\""
msgstr ""

msgid "default CA ACL can be only disabled"
msgstr ""

#, python-format
msgid "Modified CA ACL \"%(value)s\""
msgstr ""

msgid "CA category cannot be set to 'all' while there are allowed CAs"
msgstr ""

msgid ""
"profile category cannot be set to 'all' while there are allowed profiles"
msgstr ""

msgid "user category cannot be set to 'all' while there are allowed users"
msgstr ""

msgid "host category cannot be set to 'all' while there are allowed hosts"
msgstr ""

msgid ""
"service category cannot be set to 'all' while there are allowed services"
msgstr ""

#, python-format
msgid "%(count)d CA ACL matched"
msgid_plural "%(count)d CA ACLs matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Enabled CA ACL \"%(value)s\""
msgstr ""

#, python-format
msgid "Disabled CA ACL \"%(value)s\""
msgstr ""

#, python-format
msgid "%i user or group added."
msgstr ""

#, python-format
msgid "%i users or groups added."
msgstr ""

#, python-format
msgid "%i user or group removed."
msgstr ""

#, python-format
msgid "%i users or groups removed."
msgstr ""

#, python-format
msgid "%i host or hostgroup added."
msgstr ""

#, python-format
msgid "%i hosts or hostgroups added."
msgstr ""

#, python-format
msgid "%i host or hostgroup removed."
msgstr ""

#, python-format
msgid "%i hosts or hostgroups removed."
msgstr ""

#, python-format
msgid "%i service added."
msgstr ""

#, python-format
msgid "%i services added."
msgstr ""

msgid "services cannot be added when service category='all'"
msgstr ""

#, python-format
msgid "%i service removed."
msgstr ""

#, python-format
msgid "%i services removed."
msgstr ""

#, python-format
msgid "%i profile added."
msgstr ""

#, python-format
msgid "%i profiles added."
msgstr ""

msgid "profiles cannot be added when profile category='all'"
msgstr ""

#, python-format
msgid "%i profile removed."
msgstr ""

#, python-format
msgid "%i profiles removed."
msgstr ""

msgid "Add CAs to a CA ACL."
msgstr ""

#, python-format
msgid "%i CA added."
msgstr ""

#, python-format
msgid "%i CAs added."
msgstr ""

msgid "CAs cannot be added when CA category='all'"
msgstr ""

msgid "Remove CAs from a CA ACL."
msgstr ""

#, python-format
msgid "%i CA removed."
msgstr ""

#, python-format
msgid "%i CAs removed."
msgstr ""

msgid "operation not defined"
msgstr ""

#, python-format
msgid "not allowed to perform operation: %s"
msgstr ""

msgid "No such virtual command"
msgstr ""

msgid ""
"\n"
"Cross-realm trusts\n"
"\n"
"Manage trust relationship between IPA and Active Directory domains.\n"
"\n"
"In order to allow users from a remote domain to access resources in IPA "
"domain,\n"
"trust relationship needs to be established. Currently IPA supports only "
"trusts\n"
"between IPA and Active Directory domains under control of Windows Server "
"2008\n"
"or later, with functional level 2008 or later.\n"
"\n"
"Please note that DNS on both IPA and Active Directory domain sides should "
"be\n"
"configured properly to discover each other. Trust relationship relies on\n"
"ability to discover special resources in the other domain via DNS records.\n"
"\n"
"Examples:\n"
"\n"
"1. Establish cross-realm trust with Active Directory using AD administrator\n"
"   credentials:\n"
"\n"
"   ipa trust-add --type=ad <ad.domain> --admin <AD domain "
"administrator>            --password\n"
"\n"
"2. List all existing trust relationships:\n"
"\n"
"   ipa trust-find\n"
"\n"
"3. Show details of the specific trust relationship:\n"
"\n"
"   ipa trust-show <ad.domain>\n"
"\n"
"4. Delete existing trust relationship:\n"
"\n"
"   ipa trust-del <ad.domain>\n"
"\n"
"Once trust relationship is established, remote users will need to be mapped\n"
"to local POSIX groups in order to actually use IPA resources. The mapping\n"
"should be done via use of external membership of non-POSIX group and then\n"
"this group should be included into one of local POSIX groups.\n"
"\n"
"Example:\n"
"\n"
"1. Create group for the trusted domain admins' mapping and their local "
"POSIX\n"
"group:\n"
"\n"
"   ipa group-add --desc='<ad.domain> admins external map'            "
"ad_admins_external --external\n"
"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
"\n"
"2. Add security identifier of Domain Admins of the <ad.domain> to the\n"
"   ad_admins_external group:\n"
"\n"
"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
"\n"
"3. Allow members of ad_admins_external group to be associated with\n"
"   ad_admins POSIX group:\n"
"\n"
"   ipa group-add-member ad_admins --groups ad_admins_external\n"
"\n"
"4. List members of external members of ad_admins_external group to see\n"
"   their SIDs:\n"
"\n"
"   ipa group-show ad_admins_external\n"
"\n"
"\n"
"GLOBAL TRUST CONFIGURATION\n"
"\n"
"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n"
"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n"
"identifiers are then used when communicating with a trusted domain of the\n"
"particular type.\n"
"\n"
"1. Show global trust configuration for Active Directory type of trusts:\n"
"\n"
"   ipa trustconfig-show --type ad\n"
"\n"
"2. Modify global configuration for all trusts of Active Directory type and "
"set\n"
"   a different fallback primary group (fallback primary group GID is used as "
"a\n"
"   primary user GID if user authenticating to IPA domain does not have any\n"
"   other primary GID already set):\n"
"\n"
"   ipa trustconfig-mod --type ad --fallback-primary-group \"another AD group"
"\"\n"
"\n"
"3. Change primary fallback group back to default hidden group (any group "
"with\n"
"   posixGroup object class is allowed):\n"
"\n"
"   ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
"\"\n"
msgstr ""

#, python-format
msgid ""
" Alternatively, following servers are capable of running this command: "
"%(masters)s"
msgstr ""

msgid "AD Trust setup"
msgstr ""

msgid ""
"Cannot perform the selected command without Samba 4 support installed. Make "
"sure you have installed server-trust-ad sub-package of IPA."
msgstr ""

msgid ""
"Cannot perform the selected command without Samba 4 instance configured on "
"this machine. Make sure you have run ipa-adtrust-install on this server."
msgstr ""

msgid ""
"Fetching domains from trusted forest failed. See details in the error_log"
msgstr ""

msgid "trust"
msgstr ""

msgid "trusts"
msgstr ""

msgid "Trust"
msgstr ""

msgid "SID blocklist incoming"
msgstr ""

msgid "SID blocklist outgoing"
msgstr ""

msgid "UPN suffixes"
msgstr ""

#, python-brace-format
msgid "invalid SID: {SID}"
msgstr ""

msgid ""
"\n"
"Add new trust to use.\n"
"\n"
"This command establishes trust relationship to another domain\n"
"which becomes 'trusted'. As result, users of the trusted domain\n"
"may access resources of this domain.\n"
"\n"
"Only trusts to Active Directory domains are supported right now.\n"
"\n"
"The command can be safely run multiple times against the same domain,\n"
"this will cause change to trust relationship credentials on both\n"
"sides.\n"
"\n"
"Note that if the command was previously run with a specific range type,\n"
"or with automatic detection of the range type, and you want to configure a\n"
"different range type, you may need to delete first the ID range using\n"
"ipa idrange-del before retrying the command with the desired range type.\n"
"    "
msgstr ""

msgid "Active Directory domain range"
msgstr ""

msgid "Active Directory trust range with POSIX attributes"
msgstr ""

msgid "Type of trusted domain ID range, one of allowed values"
msgstr ""

msgid "External trust"
msgstr ""

msgid ""
"Establish external trust to a domain in another forest. The trust is not "
"transitive beyond the domain."
msgstr ""

#, python-format
msgid "Added Active Directory trust for realm \"%(value)s\""
msgstr ""

#, python-format
msgid "Re-established trust to domain \"%(value)s\""
msgstr ""

msgid "missing base_id"
msgstr ""

msgid "pysss_murmur is not available on the server and no base-id is given."
msgstr ""

msgid "trust type"
msgstr ""

msgid "only \"ad\" is supported"
msgstr ""

msgid ""
"Cannot establish a trust to AD deployed in the same domain as IPA. Such "
"setup is not supported."
msgstr ""

msgid "Realm-domain mismatch"
msgstr ""

msgid ""
"To establish trust with Active Directory, the domain name and the realm name "
"of the IPA server must match"
msgstr ""

#, python-format
msgid ""
"Trusted domain %(domain)s is included among IPA realm domains. It needs to "
"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --"
"del-domain\" command."
msgstr ""

msgid "Trusted domain and administrator account use different realms"
msgstr ""

msgid "Realm administrator password should be specified"
msgstr ""

msgid "id range type"
msgstr ""

msgid ""
"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-"
"type when adding an AD trust."
msgstr ""

msgid "id range"
msgstr ""

msgid ""
"An id range already exists for this trust. You should either delete the old "
"range, or exclude --base-id/--range-size options from the command."
msgstr ""

msgid "range exists"
msgstr ""

msgid ""
"ID range with the same name but different domain SID already exists. The ID "
"range for the new trusted domain must be created manually."
msgstr ""

msgid "range type change"
msgstr ""

msgid ""
"ID range for the trusted domain already exists, but it has a different type. "
"Please remove the old range manually, or do not enforce type via --range-"
"type option."
msgstr ""

#, python-brace-format
msgid "Unable to resolve domain controller for {domain} domain. "
msgstr ""

msgid ""
"Forward policy is defined for it in IPA DNS, perhaps forwarder points to "
"incorrect host?"
msgstr ""

#, python-brace-format
msgid ""
"IPA manages DNS, please verify your DNS configuration and make sure that "
"service records of the '{domain}' domain can be resolved. Examples how to "
"configure DNS with CLI commands or the Web UI can be found in the "
"documentation. "
msgstr ""

#, python-brace-format
msgid ""
"Since IPA does not manage DNS records, ensure DNS is configured to resolve "
"'{domain}' domain from IPA hosts and back."
msgstr ""

msgid "Unable to verify write permissions to the AD"
msgstr ""

msgid "Not enough arguments specified to perform trust setup"
msgstr ""

#, python-format
msgid "Deleted trust \"%(value)s\""
msgstr ""

msgid ""
"\n"
"    Modify a trust (for future use).\n"
"\n"
"    Currently only the default option to modify the LDAP attributes is\n"
"    available. More specific options will be added in coming releases.\n"
"    "
msgstr ""

#, python-format
msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)"
msgstr ""

#, python-format
msgid "%(count)d trust matched"
msgid_plural "%(count)d trusts matched"
msgstr[0] ""
msgstr[1] ""

msgid "trust configuration"
msgstr ""

msgid "Global Trust Configuration"
msgstr ""

msgid "IPA AD trust agents"
msgstr ""

msgid "IPA servers configured as AD trust agents"
msgstr ""

msgid "IPA AD trust controllers"
msgstr ""

msgid "IPA servers configured as AD trust controllers"
msgstr ""

msgid "unsupported trust type"
msgstr ""

#, python-format
msgid "Modified \"%(value)s\" trust configuration"
msgstr ""

msgid "SID"
msgstr ""

msgid "sidgen_was_run"
msgstr ""

msgid ""
"This command relies on the existence of the \"editors\" group, but this "
"group was not found."
msgstr ""

msgid "trust domain"
msgstr ""

msgid "trust domains"
msgstr ""

msgid "Trusted domains"
msgstr ""

msgid "Trusted domain"
msgstr ""

msgid "Domain enabled"
msgstr ""

#, python-format
msgid "Removed information about the trusted domain \"%(value)s\""
msgstr ""

msgid ""
"cannot delete root domain of the trust, use trust-del to delete the trust "
"itself"
msgstr ""

msgid ""
"List of trust domains successfully refreshed. Use trustdomain-find command "
"to list them."
msgstr ""

msgid "Configure this server as a trust agent."
msgstr ""

msgid "Enable support for trusted domains for old clients"
msgstr ""

#, python-format
msgid "must be \"%s\""
msgstr ""

msgid "not allowed to remotely add agent"
msgstr ""

#, python-format
msgid "Enabled trust domain \"%(value)s\""
msgstr ""

msgid "Root domain of the trust is always enabled for the existing trust"
msgstr ""

#, python-format
msgid "Disabled trust domain \"%(value)s\""
msgstr ""

msgid ""
"cannot disable root domain of the trust, use trust-del to delete the trust "
"itself"
msgstr ""

msgid ""
"\n"
"DNS server configuration\n"
msgstr ""

msgid ""
"\n"
"Manipulate DNS server configuration\n"
msgstr ""

msgid ""
"\n"
"  Show configuration of a specific DNS server:\n"
"    ipa dnsserver-show\n"
msgstr ""

msgid ""
"\n"
"  Update configuration of a specific DNS server:\n"
"    ipa dnsserver-mod\n"
msgstr ""

msgid "DNS server"
msgstr ""

msgid "DNS servers"
msgstr ""

msgid "DNS Servers"
msgstr ""

msgid "DNS Server"
msgstr ""

msgid "DNS Server name"
msgstr ""

msgid "SOA mname override"
msgstr ""

msgid "SOA mname (authoritative server) override"
msgstr ""

msgid "Forwarders"
msgstr ""

msgid ""
"Per-server forwarders. A custom port can be specified for each forwarder "
"using a standard format \"IP_ADDRESS port PORT\""
msgstr ""

msgid ""
"Per-server conditional forwarding policy. Set to \"none\" to disable "
"forwarding to global forwarder for this zone. In that case, conditional zone "
"forwarders are disregarded."
msgstr ""

msgid "DNS is not configured"
msgstr ""

msgid "Modify DNS server configuration"
msgstr ""

#, python-format
msgid "Modified DNS server \"%(value)s\""
msgstr ""

msgid "Search for DNS servers."
msgstr ""

#, python-format
msgid "%(count)d DNS server matched"
msgid_plural "%(count)d DNS servers matched"
msgstr[0] ""
msgstr[1] ""

msgid "IPA DNS Server is not installed"
msgstr ""

msgid "Display configuration of a DNS server."
msgstr ""

msgid "Add a new DNS server."
msgstr ""

#, python-format
msgid "Added new DNS server \"%(value)s\""
msgstr ""

msgid "Delete a DNS server"
msgstr ""

#, python-format
msgid "Deleted DNS server \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Hosts/Machines\n"
"\n"
"A host represents a machine. It can be used in a number of contexts:\n"
"- service entries are associated with a host\n"
"- a host stores the host/ service principal\n"
"- a host can be used in Host-based Access Control (HBAC) rules\n"
"- every enrolled client generates a host entry\n"
msgstr ""

msgid ""
"\n"
"ENROLLMENT:\n"
"\n"
"There are three enrollment scenarios when enrolling a new client:\n"
"\n"
"1. You are enrolling as a full administrator. The host entry may exist\n"
"   or not. A full administrator is a member of the hostadmin role\n"
"   or the admins group.\n"
"2. You are enrolling as a limited administrator. The host must already\n"
"   exist. A limited administrator is a member a role with the\n"
"   Host Enrollment privilege.\n"
"3. The host has been created with a one-time password.\n"
msgstr ""

msgid ""
"\n"
"RE-ENROLLMENT:\n"
"\n"
"Host that has been enrolled at some point, and lost its configuration (e.g. "
"VM\n"
"destroyed) can be re-enrolled.\n"
"\n"
"For more information, consult the manual pages for ipa-client-install.\n"
"\n"
"A host can optionally store information such as where it is located,\n"
"the OS that it runs, etc.\n"
msgstr ""

msgid ""
"\n"
" Add a new host:\n"
"   ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example."
"com\n"
msgstr ""

msgid ""
"\n"
" Delete a host:\n"
"   ipa host-del test.example.com\n"
msgstr ""

msgid ""
"\n"
" Add a new host with a one-time password:\n"
"   ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n"
msgstr ""

msgid ""
"\n"
" Add a new host with a random one-time password:\n"
"   ipa host-add --os='Fedora 12' --random test.example.com\n"
msgstr ""

msgid ""
"\n"
" Modify information about a host:\n"
"   ipa host-mod --os='Fedora 12' test.example.com\n"
msgstr ""

msgid ""
"\n"
" Remove SSH public keys of a host and update DNS to reflect this change:\n"
"   ipa host-mod --sshpubkey= --updatedns test.example.com\n"
msgstr ""

msgid ""
"\n"
" Disable the host Kerberos key, SSL certificate and all of its services:\n"
"   ipa host-disable test.example.com\n"
msgstr ""

msgid ""
"\n"
" Add a host that can manage this host's keytab and certificate:\n"
"   ipa host-add-managedby --hosts=test2 test\n"
msgstr ""

msgid ""
"\n"
" Allow user to create a keytab:\n"
"   ipa host-allow-create-keytab test2 --users=tuser1\n"
msgstr ""

msgid "Base-64 encoded host certificate"
msgstr ""

msgid "SSH public key fingerprint"
msgstr ""

#, python-format
msgid "Added host \"%(value)s\""
msgstr ""

#, python-format
msgid "can be at most %(len)d characters"
msgstr ""

#, python-format
msgid "Deleted host \"%(value)s\""
msgstr ""

msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS"
msgstr ""

msgid "No A, AAAA, SSHFP or PTR records found."
msgstr ""

#, python-format
msgid "Modified host \"%(value)s\""
msgstr ""

msgid "Password cannot be set on enrolled host."
msgstr ""

msgid "cn is immutable"
msgstr ""

#, python-format
msgid "%(count)d host matched"
msgid_plural "%(count)d hosts matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Disabled host \"%(value)s\""
msgstr ""

#, python-format
msgid "Added certificates to host \"%(value)s\""
msgstr ""

#, python-format
msgid "Removed certificates from host \"%(value)s\""
msgstr ""

msgid "Add new principal alias to host entry"
msgstr ""

#, python-format
msgid "Added new aliases to host \"%(value)s\""
msgstr ""

msgid "Remove principal alias from a host entry"
msgstr ""

#, python-format
msgid "Removed aliases from host \"%(value)s\""
msgstr ""

msgid "Host-based access control commands"
msgstr ""

msgid ""
"\n"
"HBAC Services\n"
"\n"
"The PAM services that HBAC can control access to. The name used here\n"
"must match the service name that PAM is evaluating.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new HBAC service:\n"
"   ipa hbacsvc-add tftp\n"
"\n"
" Modify an existing HBAC service:\n"
"   ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n"
"\n"
" Search for HBAC services. This example will return two results, the FTP\n"
" service and the newly-added tftp service:\n"
"   ipa hbacsvc-find ftp\n"
"\n"
" Delete an HBAC service:\n"
"   ipa hbacsvc-del tftp\n"
"\n"
msgstr ""

msgid "HBAC services"
msgstr ""

msgid "HBAC Services"
msgstr ""

msgid "HBAC Service"
msgstr ""

#, python-format
msgid "Added HBAC service \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted HBAC service \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified HBAC service \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d HBAC service matched"
msgid_plural "%(count)d HBAC services matched"
msgstr[0] ""
msgstr[1] ""

msgid "HBAC service group"
msgstr ""

msgid "HBAC service groups"
msgstr ""

msgid "HBAC Service Groups"
msgstr ""

msgid "HBAC Service Group"
msgstr ""

#, python-format
msgid "Added HBAC service group \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted HBAC service group \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified HBAC service group \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d HBAC service group matched"
msgid_plural "%(count)d HBAC service groups matched"
msgstr[0] ""
msgstr[1] ""

msgid "delegation"
msgstr ""

msgid "delegations"
msgstr ""

#, fuzzy
msgid "Delegations"
msgstr "वापरात नसलेले पर्याय"

msgid "Delegation"
msgstr ""

#, python-format
msgid "Added delegation \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted delegation \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified delegation \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d delegation matched"
msgid_plural "%(count)d delegations matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid ""
"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a "
"privilege"
msgstr ""

msgid "Privilege"
msgstr ""

#, python-format
msgid "Added privilege \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted privilege \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified privilege \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d privilege matched"
msgid_plural "%(count)d privileges matched"
msgstr[0] ""
msgstr[1] ""

msgid "Role"
msgstr ""

#, python-format
msgid "Added role \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted role \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified role \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d role matched"
msgid_plural "%(count)d roles matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"=======\n"
"WARNING:\n"
"\n"
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
"the\n"
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
"based\n"
"on the local ranges set via this family of commands.\n"
"\n"
"Manual configuration change has to be done in the DNA plugin configuration "
"for\n"
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
"be\n"
"modified to match the new range.\n"
"=======\n"
msgstr ""

msgid ""
"\n"
"ID ranges\n"
"\n"
"Manage ID ranges  used to map Posix IDs to SIDs and back.\n"
"\n"
"There are two type of ID ranges which are both handled by this utility:\n"
"\n"
" - the ID ranges of the local domain\n"
" - the ID ranges of trusted remote domains\n"
"\n"
"Both types have the following attributes in common:\n"
"\n"
" - base-id: the first ID of the Posix ID range\n"
" - range-size: the size of the range\n"
"\n"
"With those two attributes a range object can reserve the Posix IDs starting\n"
"with base-id up to but not including base-id+range-size exclusively.\n"
"\n"
"Additionally an ID range of the local domain may set\n"
" - rid-base: the first RID(*) of the corresponding RID range\n"
" - secondary-rid-base: first RID of the secondary RID range\n"
"\n"
"and an ID range of a trusted domain must set\n"
" - rid-base: the first RID of the corresponding RID range\n"
" - sid: domain SID of the trusted domain\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for a trusted domain\n"
"\n"
"Since there might be more than one trusted domain the domain SID must be "
"given\n"
"while creating the ID range.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n"
"                  --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
"\n"
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
"assign Posix UIDs to users from the trusted domain.\n"
"\n"
"If e.g. a range for a trusted domain is configured with the following "
"values:\n"
" base-id = 1200000\n"
" range-size = 200000\n"
" rid-base = 0\n"
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
"So\n"
"RID 1000 <-> Posix ID 1201000\n"
"\n"
"\n"
"\n"
"EXAMPLE: Add a new ID range for the local domain\n"
"\n"
"To create an ID range for the local domain it is not necessary to specify a\n"
"domain SID. But since it is possible that a user and a group can have the "
"same\n"
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
"\n"
"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n"
"                  --secondary-rid-base=1000000 local_range\n"
"\n"
"The data from the ID ranges of the local domain are used by the IPA server\n"
"internally to assign SIDs to IPA users and groups. The SID will then be "
"stored\n"
"in the user or group objects.\n"
"\n"
"If e.g. the ID range for the local domain is configured with the values "
"from\n"
"the example above then a new user with the UID 1200007 will get the RID "
"1007.\n"
"If this RID is already used by a group the RID will be 1000007. This can "
"only\n"
"happen if a user or a group object was created with a fixed ID because the\n"
"automatic assignment will not assign the same ID twice. Since there are "
"only\n"
"users and groups sharing the same ID namespace it is sufficient to have "
"only\n"
"one fallback range to handle conflicts.\n"
"\n"
"To find the Posix ID for a given RID from the local domain it has to be\n"
"checked first if the RID falls in the primary or secondary RID range and\n"
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
"and the base-id has to be added to get the Posix ID.\n"
"\n"
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
"must not be used at all. The ID range for the local domain will be created\n"
"during installation or upgrade from an older version. The ID range for a\n"
"trusted domain will be created together with the trust by 'ipa trust-"
"add ...'.\n"
"\n"
"USE CASES:\n"
"\n"
"  Add an ID range from a transitively trusted domain\n"
"\n"
"    If the trusted domain (A) trusts another domain (B) as well and this "
"trust\n"
"    is transitive 'ipa trust-add domain-A' will only create a range for\n"
"    domain A.  The ID range for domain B must be added manually.\n"
"\n"
"  Add an additional ID range for the local domain\n"
"\n"
"    If the ID range of the local domain is exhausted, i.e. no new IDs can "
"be\n"
"    assigned to Posix users or groups by the DNA plugin, a new range has to "
"be\n"
"    created to allow new users and groups to be added. (Currently there is "
"no\n"
"    connection between this range CLI and the DNA plugin, but a future "
"version\n"
"    might be able to modify the configuration of the DNS plugin as well)\n"
"\n"
"In general it is not necessary to modify or delete ID ranges. If there is "
"no\n"
"other way to achieve a certain configuration than to modify or delete an ID\n"
"range it should be done with great care. Because UIDs are stored in the "
"file\n"
"system and are used for access control it might be possible that users are\n"
"allowed to access files of other users if an ID range got deleted and "
"reused\n"
"for a different domain.\n"
"\n"
"(*) The RID is typically the last integer of a user or group SID which "
"follows\n"
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
"from\n"
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
"the\n"
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
"groups.\n"
"\n"
msgstr ""

msgid "ID Ranges"
msgstr ""

msgid "ID Range"
msgstr ""

msgid "local domain range"
msgstr ""

msgid "ID range type, one of allowed values"
msgstr ""

msgid ""
"range modification leaving objects with ID out of the defined range is not "
"allowed"
msgstr ""

msgid ""
"Cannot perform SID validation without Samba 4 support installed. Make sure "
"you have installed server-trust-ad sub-package of IPA on the server"
msgstr ""

msgid ""
"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-"
"install on the IPA server first"
msgstr ""

msgid "SID is not recognized as a valid SID for a trusted domain"
msgstr ""

msgid ""
"\n"
"    Add new ID range.\n"
"\n"
"    To add a new ID range you always have to specify\n"
"\n"
"        --base-id\n"
"        --range-size\n"
"\n"
"    Additionally\n"
"\n"
"        --rid-base\n"
"        --secondary-rid-base\n"
"\n"
"    may be given for a new ID range for the local domain while\n"
"\n"
"        --rid-base\n"
"        --dom-sid\n"
"\n"
"    must be given to add a new range for a trusted AD domain.\n"
"\n"
msgstr ""

#, python-format
msgid "Added ID range \"%(value)s\""
msgstr ""

msgid "Options dom-sid and dom-name cannot be used together"
msgstr ""

msgid "Specified trusted domain name could not be found."
msgstr ""

msgid "Options dom-sid/dom-name and rid-base must be used together"
msgstr ""

msgid ""
"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix"
msgstr ""

msgid ""
"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of "
"the trusted domain is specified"
msgstr ""

msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together"
msgstr ""

msgid ""
"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when "
"SID of the trusted domain is not specified."
msgstr ""

msgid "Options secondary-rid-base and rid-base must be used together"
msgstr ""

msgid "Primary RID range and secondary RID range cannot overlap"
msgstr ""

msgid ""
"You must specify both rid-base and secondary-rid-base options, because ipa-"
"adtrust-install has already been run."
msgstr ""

#, python-format
msgid "Deleted ID range \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d range matched"
msgid_plural "%(count)d ranges matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"Modify ID range.\n"
"\n"
msgstr ""

#, python-format
msgid "Modified ID range \"%(value)s\""
msgstr ""

msgid ""
"This command can not be used to change ID allocation for local IPA domain. "
"Run `ipa help idrange` for more information"
msgstr ""

msgid ""
"SID for the specified trusted domain name could not be found. Please specify "
"the SID directly using dom-sid option."
msgstr ""

msgid "Options dom-sid and secondary-rid-base cannot be used together"
msgstr ""

msgid "Options dom-sid and rid-base must be used together"
msgstr ""

msgid "netgroups"
msgstr ""

msgid "Netgroup"
msgstr ""

#, python-format
msgid "Added netgroup \"%(value)s\""
msgstr ""

#, python-format
msgid ""
"hostgroup with name \"%s\" already exists. Hostgroups and netgroups share a "
"common namespace"
msgstr ""

#, python-format
msgid "Deleted netgroup \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified netgroup \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d netgroup matched"
msgid_plural "%(count)d netgroups matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Added user \"%(value)s\""
msgstr ""

msgid "Default group for new users is not POSIX"
msgstr ""

#, python-format
msgid "Deleted user \"%(value)s\""
msgstr ""

#, python-format
msgid "%s: user is already preserved"
msgstr ""

#, python-format
msgid "Modified user \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d user matched"
msgid_plural "%(count)d users matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Undeleted user account \"%(value)s\""
msgstr ""

#, python-format
msgid "user \"%s\" is already active"
msgstr ""

#, python-format
msgid "Staged user account \"%(value)s\""
msgstr ""

#, python-format
msgid "Disabled user account \"%(value)s\""
msgstr ""

#, python-format
msgid "Enabled user account \"%(value)s\""
msgstr ""

msgid ""
"\n"
"    Unlock a user account\n"
"\n"
"    An account may become locked if the password is entered incorrectly too\n"
"    many times within a specific time period as controlled by password\n"
"    policy. A locked account is a temporary condition and may be unlocked "
"by\n"
"    an administrator."
msgstr ""

#, python-format
msgid "Unlocked account \"%(value)s\""
msgstr ""

msgid "Failed logins"
msgstr ""

msgid "Last successful authentication"
msgstr ""

msgid "Last failed authentication"
msgstr ""

msgid "Time now"
msgstr ""

msgid ""
"\n"
"    Lockout status of a user account\n"
"\n"
"    An account may become locked if the password is entered incorrectly too\n"
"    many times within a specific time period as controlled by password\n"
"    policy. A locked account is a temporary condition and may be unlocked "
"by\n"
"    an administrator.\n"
"\n"
"    This connects to each IPA master and displays the lockout status on\n"
"    each one.\n"
"\n"
"    To determine whether an account is locked on a given server you need\n"
"    to compare the number of failed logins and the time of the last "
"failure.\n"
"    For an account to be locked it must exceed the maxfail failures within\n"
"    the failinterval duration as specified in the password policy "
"associated\n"
"    with the user.\n"
"\n"
"    The failed login counter is modified only when a user attempts a log in\n"
"    so it is possible that an account may appear locked but the last failed\n"
"    login attempt is older than the lockouttime of the password policy. "
"This\n"
"    means that the user may attempt a login again. "
msgstr ""

#, python-format
msgid "%(host)s failed: %(error)s"
msgstr ""

#, python-format
msgid "%(host)s failed"
msgstr ""

#, python-format
msgid "Account disabled: %(disabled)s"
msgstr ""

#, python-format
msgid "Added certificates to user \"%(value)s\""
msgstr ""

#, python-format
msgid "Removed certificates from user \"%(value)s\""
msgstr ""

msgid "Add one or more certificate mappings to the user entry."
msgstr ""

msgid "Remove one or more certificate mappings from the user entry."
msgstr ""

msgid "Add new principal alias to the user entry"
msgstr ""

#, python-format
msgid "Added new aliases to user \"%(value)s\""
msgstr ""

msgid "Remove principal alias from the user entry"
msgstr ""

#, python-format
msgid "Removed aliases from user \"%(value)s\""
msgstr ""

msgid "commands for controlling sudo configuration"
msgstr ""

msgid ""
"\n"
"Return information about currently authenticated identity\n"
"\n"
"Who am I command returns information on how to get\n"
"more details about the identity authenticated for this\n"
"request. The information includes:\n"
"\n"
" * type of object\n"
" * command to retrieve details of the object\n"
" * arguments and options to pass to the command\n"
"\n"
"The information is returned as a dictionary. Examples below use\n"
"'key: value' output for illustrative purposes.\n"
"\n"
"EXAMPLES:\n"
"\n"
" Look up as IPA user:\n"
"   kinit admin\n"
"   ipa console\n"
"   >> api.Command.whoami()\n"
"   ------------------------------------------\n"
"   object: user\n"
"   command: user_show/1\n"
"   arguments: admin\n"
"   ------------------------------------------\n"
"\n"
" Look up as a user from a trusted domain:\n"
"   kinit user@AD.DOMAIN\n"
"   ipa console\n"
"   >> api.Command.whoami()\n"
"   ------------------------------------------\n"
"   object: idoverrideuser\n"
"   command: idoverrideuser_show/1\n"
"   arguments: ('default trust view', 'user@ad.domain')\n"
"   ------------------------------------------\n"
"\n"
" Look up as a host:\n"
"   kinit -k\n"
"   ipa console\n"
"   >> api.Command.whoami()\n"
"   ------------------------------------------\n"
"   object: host\n"
"   command: host_show/1\n"
"   arguments: ipa.example.com\n"
"   ------------------------------------------\n"
"\n"
" Look up as a Kerberos service:\n"
"   kinit -k -t /path/to/keytab HTTP/ipa.example.com\n"
"   ipa console\n"
"   >> api.Command.whoami()\n"
"   ------------------------------------------\n"
"   object: service\n"
"   command: service_show/1\n"
"   arguments: HTTP/ipa.example.com\n"
"   ------------------------------------------\n"
msgstr ""

msgid "Describe currently authenticated identity."
msgstr ""

msgid "Object class name"
msgstr ""

msgid "Function to get details"
msgstr ""

msgid "Arguments to details function"
msgstr ""

msgid "Cannot query Directory Manager with API"
msgstr ""

msgid ""
"\n"
"Kerberos PKINIT feature status reporting tools.\n"
"\n"
"Report IPA masters on which Kerberos PKINIT is enabled or disabled\n"
"\n"
"EXAMPLES:\n"
" List PKINIT status on all masters:\n"
"   ipa pkinit-status\n"
"\n"
" Check PKINIT status on `ipa.example.com`:\n"
"   ipa pkinit-status --server ipa.example.com\n"
"\n"
" List all IPA masters with disabled PKINIT:\n"
"   ipa pkinit-status --status='disabled'\n"
"\n"
"For more info about PKINIT support see:\n"
"\n"
"https://www.freeipa.org/page/V4/Kerberos_PKINIT\n"
msgstr ""

msgid "pkinit"
msgstr ""

msgid "PKINIT status"
msgstr ""

msgid "Whether PKINIT is enabled or disabled"
msgstr ""

msgid "Report PKINIT status on the IPA masters"
msgstr ""

#, python-format
msgid "%(count)s server matched"
msgid_plural "%(count)s servers matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"\n"
"Auto Membership Rule.\n"
msgstr ""

msgid ""
"\n"
"Bring clarity to the membership of hosts and users by configuring inclusive\n"
"or exclusive regex patterns, you can automatically assign a new entries "
"into\n"
"a group or hostgroup based upon attribute information.\n"
msgstr ""

msgid ""
"\n"
"A rule is directly associated with a group by name, so you cannot create\n"
"a rule without an accompanying group or hostgroup.\n"
msgstr ""

msgid ""
"\n"
"A condition is a regular expression used by 389-ds to match a new incoming\n"
"entry with an automember rule. If it matches an inclusive rule then the\n"
"entry is added to the appropriate group or hostgroup.\n"
msgstr ""

msgid ""
"\n"
"A default group or hostgroup could be specified for entries that do not\n"
"match any rule. In case of user entries this group will be a fallback group\n"
"because all users are by default members of group specified in IPA config.\n"
msgstr ""

msgid ""
"\n"
"The automember-rebuild command can be used to retroactively run automember "
"rules\n"
"against existing entries, thus rebuilding their membership.\n"
msgstr ""

msgid ""
"\n"
" Add the initial group or hostgroup:\n"
"   ipa hostgroup-add --desc=\"Web Servers\" webservers\n"
"   ipa group-add --desc=\"Developers\" devel\n"
msgstr ""

msgid ""
"\n"
" Add the initial rule:\n"
"   ipa automember-add --type=hostgroup webservers\n"
"   ipa automember-add --type=group devel\n"
msgstr ""

msgid ""
"\n"
" Add a condition to the rule:\n"
"   ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-"
"regex=^web[1-9]+\\.example\\.com webservers\n"
"   ipa automember-add-condition --key=manager --type=group --inclusive-"
"regex=^uid=mscott devel\n"
msgstr ""

msgid ""
"\n"
" Add an exclusive condition to the rule to prevent auto assignment:\n"
"   ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-"
"regex=^web5\\.example\\.com webservers\n"
msgstr ""

msgid ""
"\n"
" Add a host:\n"
"    ipa host-add web1.example.com\n"
msgstr ""

msgid ""
"\n"
" Add a user:\n"
"    ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n"
msgstr ""

msgid ""
"\n"
" Verify automembership:\n"
"    ipa hostgroup-show webservers\n"
"      Host-group: webservers\n"
"      Description: Web Servers\n"
"      Member hosts: web1.example.com\n"
"\n"
"    ipa group-show devel\n"
"      Group name: devel\n"
"      Description: Developers\n"
"      GID: 1004200000\n"
"      Member users: tuser\n"
msgstr ""

msgid ""
"\n"
" Remove a condition from the rule:\n"
"   ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-"
"regex=^web[1-9]+\\.example\\.com webservers\n"
msgstr ""

msgid ""
"\n"
" Modify the automember rule:\n"
"    ipa automember-mod\n"
msgstr ""

msgid ""
"\n"
" Set the default (fallback) target group:\n"
"    ipa automember-default-group-set --default-group=webservers --"
"type=hostgroup\n"
"    ipa automember-default-group-set --default-group=ipausers --type=group\n"
msgstr ""

msgid ""
"\n"
" Remove the default (fallback) target group:\n"
"    ipa automember-default-group-remove --type=hostgroup\n"
"    ipa automember-default-group-remove --type=group\n"
msgstr ""

msgid ""
"\n"
" Show the default (fallback) target group:\n"
"    ipa automember-default-group-show --type=hostgroup\n"
"    ipa automember-default-group-show --type=group\n"
msgstr ""

msgid ""
"\n"
" Find all of the automember rules:\n"
"    ipa automember-find\n"
msgstr ""

msgid ""
"\n"
" Find all of the orphan automember rules:\n"
"    ipa automember-find-orphans --type=hostgroup\n"
" Find all of the orphan automember rules and remove them:\n"
"    ipa automember-find-orphans --type=hostgroup --remove\n"
msgstr ""

msgid ""
"\n"
" Display a automember rule:\n"
"    ipa automember-show --type=hostgroup webservers\n"
"    ipa automember-show --type=group devel\n"
msgstr ""

msgid ""
"\n"
" Delete an automember rule:\n"
"    ipa automember-del --type=hostgroup webservers\n"
"    ipa automember-del --type=group devel\n"
msgstr ""

msgid ""
"\n"
" Rebuild membership for all users:\n"
"    ipa automember-rebuild --type=group\n"
msgstr ""

msgid ""
"\n"
" Rebuild membership for all hosts:\n"
"    ipa automember-rebuild --type=hostgroup\n"
msgstr ""

msgid ""
"\n"
" Rebuild membership for specified users:\n"
"    ipa automember-rebuild --users=tuser1 --users=tuser2\n"
msgstr ""

msgid ""
"\n"
" Rebuild membership for specified hosts:\n"
"    ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example."
"com\n"
msgstr ""

msgid "Auto Membership Rule"
msgstr ""

#, python-format
msgid "%(otype)s \"%(oname)s\" not found"
msgstr ""

#, python-format
msgid "%s is not a valid attribute."
msgstr ""

msgid ""
"\n"
"    Add an automember rule.\n"
"    "
msgstr ""

#, python-format
msgid "Added automember rule \"%(value)s\""
msgstr ""

msgid "Auto Membership is not configured"
msgstr ""

msgid ""
"\n"
"    Add conditions to an automember rule.\n"
"    "
msgstr ""

#, python-format
msgid "Added condition(s) to \"%(value)s\""
msgstr ""

#, python-format
msgid "Auto member rule: %s not found!"
msgstr ""

msgid ""
"\n"
"        Override this so we can add completed and failed to the return "
"result.\n"
"        "
msgstr ""

msgid ""
"\n"
"    Remove conditions from an automember rule.\n"
"    "
msgstr ""

#, python-format
msgid "Removed condition(s) from \"%(value)s\""
msgstr ""

msgid ""
"\n"
"        Override this so we can set completed and failed.\n"
"        "
msgstr ""

msgid ""
"\n"
"    Modify an automember rule.\n"
"    "
msgstr ""

#, python-format
msgid "Modified automember rule \"%(value)s\""
msgstr ""

msgid ""
"\n"
"    Delete an automember rule.\n"
"    "
msgstr ""

#, python-format
msgid "Deleted automember rule \"%(value)s\""
msgstr ""

msgid ""
"\n"
"    Search for automember rules.\n"
"    "
msgstr ""

#, python-format
msgid "%(count)d rules matched"
msgid_plural "%(count)d rules matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"\n"
"    Display information about an automember rule.\n"
"    "
msgstr ""

msgid ""
"\n"
"    Set default (fallback) group for all unmatched entries.\n"
"    "
msgstr ""

#, python-format
msgid "Set default (fallback) group for automember \"%(value)s\""
msgstr ""

msgid ""
"\n"
"    Remove default (fallback) group for all unmatched entries.\n"
"    "
msgstr ""

#, python-format
msgid "Removed default (fallback) group for automember \"%(value)s\""
msgstr ""

msgid "No default (fallback) group set"
msgstr ""

msgid ""
"\n"
"    Display information about the default (fallback) automember groups.\n"
"    "
msgstr ""

msgid "Task DN"
msgstr ""

msgid "DN of the started task"
msgstr ""

msgid "at least one of options: type, users, hosts must be specified"
msgstr ""

msgid "users and hosts cannot both be set"
msgstr ""

msgid "hosts cannot be set when type is 'group'"
msgstr ""

msgid "users cannot be set when type is 'hostgroup'"
msgstr ""

msgid "Automember rebuild membership task started"
msgstr ""

#, python-format
msgid "Task DN = '%s'"
msgstr ""

msgid ""
"\n"
"    Search for orphan automember rules. The command might need to be run as\n"
"    a privileged user user to get all orphan rules.\n"
"    "
msgstr ""

msgid "Remove orphan automember rules"
msgstr ""

msgid "HBAC rule and local members cannot both be set"
msgstr ""

msgid "Invalid SELinux user name, must match {}"
msgstr ""

#, python-brace-format
msgid "Invalid MLS value, must match {mls}, where max level {mls_max}"
msgstr ""

#, python-brace-format
msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}"
msgstr ""

msgid "SELinux user map list not found in configuration"
msgstr ""

#, python-format
msgid "SELinux user %(user)s not found in ordering list (in config)"
msgstr ""

msgid "SELinux User Map rule"
msgstr ""

msgid "SELinux User Map rules"
msgstr ""

msgid "SELinux User Maps"
msgstr ""

msgid "SELinux User Map"
msgstr ""

#, python-format
msgid "HBAC rule %(rule)s not found"
msgstr ""

#, python-format
msgid "Added SELinux User Map \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted SELinux User Map \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified SELinux User Map \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d SELinux User Map matched"
msgid_plural "%(count)d SELinux User Maps matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Enabled SELinux User Map \"%(value)s\""
msgstr ""

#, python-format
msgid "Disabled SELinux User Map \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Vaults\n"
msgstr ""

msgid ""
"\n"
"Manage vaults.\n"
msgstr ""

msgid ""
"\n"
"Vault is a secure place to store a secret. One vault can only\n"
"store one secret. When archiving a secret in a vault, the\n"
"existing secret (if any) is overwritten.\n"
msgstr ""

msgid ""
"\n"
"Based on the ownership there are three vault categories:\n"
"* user/private vault\n"
"* service vault\n"
"* shared vault\n"
msgstr ""

msgid ""
"\n"
"User vaults are vaults owned used by a particular user. Private\n"
"vaults are vaults owned the current user. Service vaults are\n"
"vaults owned by a service. Shared vaults are owned by the admin\n"
"but they can be used by other users or services.\n"
msgstr ""

msgid ""
"\n"
"Based on the security mechanism there are three types of\n"
"vaults:\n"
"* standard vault\n"
"* symmetric vault\n"
"* asymmetric vault\n"
msgstr ""

msgid ""
"\n"
"Standard vault uses a secure mechanism to transport and\n"
"store the secret. The secret can only be retrieved by users\n"
"that have access to the vault.\n"
msgstr ""

msgid ""
"\n"
"Symmetric vault is similar to the standard vault, but it\n"
"pre-encrypts the secret using a password before transport.\n"
"The secret can only be retrieved using the same password.\n"
msgstr ""

msgid ""
"\n"
"Asymmetric vault is similar to the standard vault, but it\n"
"pre-encrypts the secret using a public key before transport.\n"
"The secret can only be retrieved using the private key.\n"
msgstr ""

msgid ""
"\n"
" List vaults:\n"
"   ipa vault-find\n"
"       [--user <user>|--service <service>|--shared]\n"
msgstr ""

msgid ""
"\n"
" Add a standard vault:\n"
"   ipa vault-add <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type standard\n"
msgstr ""

msgid ""
"\n"
" Add a symmetric vault:\n"
"   ipa vault-add <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type symmetric --password-file password.txt\n"
msgstr ""

msgid ""
"\n"
" Add an asymmetric vault:\n"
"   ipa vault-add <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type asymmetric --public-key-file public.pem\n"
msgstr ""

msgid ""
"\n"
" Show a vault:\n"
"   ipa vault-show <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
msgstr ""

msgid ""
"\n"
" Modify vault description:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --desc <description>\n"
msgstr ""

msgid ""
"\n"
" Modify vault type:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --type <type>\n"
"       [old password/private key]\n"
"       [new password/public key]\n"
msgstr ""

msgid ""
"\n"
" Modify symmetric vault password:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --change-password\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --old-password <old password>\n"
"       --new-password <new password>\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --old-password-file <old password file>\n"
"       --new-password-file <new password file>\n"
msgstr ""

msgid ""
"\n"
" Modify asymmetric vault keys:\n"
"   ipa vault-mod <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --private-key-file <old private key file>\n"
"       --public-key-file <new public key file>\n"
msgstr ""

msgid ""
"\n"
" Delete a vault:\n"
"   ipa vault-del <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
msgstr ""

msgid ""
"\n"
" Display vault configuration:\n"
"   ipa vaultconfig-show\n"
msgstr ""

msgid ""
"\n"
" Archive data into standard vault:\n"
"   ipa vault-archive <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --in <input file>\n"
msgstr ""

msgid ""
"\n"
" Archive data into symmetric vault:\n"
"   ipa vault-archive <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --in <input file>\n"
"       --password-file password.txt\n"
msgstr ""

msgid ""
"\n"
" Archive data into asymmetric vault:\n"
"   ipa vault-archive <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --in <input file>\n"
msgstr ""

msgid ""
"\n"
" Retrieve data from standard vault:\n"
"   ipa vault-retrieve <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --out <output file>\n"
msgstr ""

msgid ""
"\n"
" Retrieve data from symmetric vault:\n"
"   ipa vault-retrieve <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --out <output file>\n"
"       --password-file password.txt\n"
msgstr ""

msgid ""
"\n"
" Retrieve data from asymmetric vault:\n"
"   ipa vault-retrieve <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       --out <output file> --private-key-file private.pem\n"
msgstr ""

msgid ""
"\n"
" Add vault owners:\n"
"   ipa vault-add-owner <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>]  [--groups <groups>] [--services <services>]\n"
msgstr ""

msgid ""
"\n"
" Delete vault owners:\n"
"   ipa vault-remove-owner <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>] [--groups <groups>] [--services <services>]\n"
msgstr ""

msgid ""
"\n"
" Add vault members:\n"
"   ipa vault-add-member <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>] [--groups <groups>] [--services <services>]\n"
msgstr ""

msgid ""
"\n"
" Delete vault members:\n"
"   ipa vault-remove-member <name>\n"
"       [--user <user>|--service <service>|--shared]\n"
"       [--users <users>] [--groups <groups>] [--services <services>]\n"
msgstr ""

msgid ""
"\n"
"    Vault Container object.\n"
"    "
msgstr ""

msgid "vaultcontainer"
msgstr ""

msgid "vaultcontainers"
msgstr ""

msgid "Vault Containers"
msgstr ""

msgid "Vault Container"
msgstr ""

msgid "Service, shared and user options cannot be specified simultaneously"
msgstr ""

msgid "Host is not supported"
msgstr ""

msgid "KRA service is not enabled"
msgstr ""

msgid "Deleted vault container"
msgstr ""

#, python-format
msgid "owner %s"
msgstr ""

msgid ""
"\n"
"    Vault object.\n"
"    "
msgstr ""

msgid "vault"
msgstr ""

msgid "vaults"
msgstr ""

msgid "Vaults"
msgstr ""

msgid "Vault"
msgstr ""

msgid "Service, shared, and user options cannot be specified simultaneously"
msgstr ""

msgid "Add a vault."
msgstr ""

#, python-format
msgid "Added vault \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted vault \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d vault matched"
msgid_plural "%(count)d vaults matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"Service(s), shared, and user(s) options cannot be specified simultaneously"
msgstr ""

#, python-format
msgid "Modified vault \"%(value)s\""
msgstr ""

msgid "Vault configuration"
msgstr ""

msgid "IPA servers configured as key recovery agents"
msgstr ""

#, python-format
msgid "Archived data into vault \"%(value)s\""
msgstr ""

msgid "Retrieve data from a vault."
msgstr ""

#, python-format
msgid "Retrieved data from vault \"%(value)s\""
msgstr ""

msgid "No archived data."
msgstr ""

msgid "Checks if any of the servers has the KRA service enabled"
msgstr ""

msgid "Member service groups"
msgstr ""

msgid "Member HBAC service groups"
msgstr ""

msgid "Member ID user overrides"
msgstr ""

msgid "Indirect Member ID user overrides"
msgstr ""

msgid "Indirect Member permissions"
msgstr ""

msgid "Indirect Member HBAC service"
msgstr ""

msgid "Indirect Member HBAC service group"
msgstr ""

msgid "Invalid format. Should be name=value"
msgstr ""

msgid "An IPA master host cannot be deleted or disabled"
msgstr ""

msgid "entry"
msgstr ""

msgid "entries"
msgstr ""

msgid "Entry"
msgstr ""

#, python-format
msgid "container entry (%(container)s) not found"
msgstr ""

#, python-format
msgid "%(parent)s: %(oname)s not found"
msgstr ""

#, python-format
msgid "%(oname)s with name \"%(pkey)s\" already exists"
msgstr ""

#, python-format
msgid "attribute \"%(attribute)s\" not allowed"
msgstr ""

#, python-format
msgid "these attributes are not allowed: %(attrs)s"
msgstr ""

msgid "attribute is not configurable"
msgstr ""

msgid "No such attribute on this entry"
msgstr ""

#, python-format
msgid "Rename the %(ldap_obj_name)s object"
msgstr ""

msgid "the entry was deleted while being modified"
msgstr ""

#, python-format
msgid "%s"
msgstr ""

#, python-format
msgid "%s to add"
msgstr ""

#, python-format
msgid "%s to remove"
msgstr ""

#, python-format
msgid ""
"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s."
msgstr ""

#, python-format
msgid ""
"Search for %(searched_object)s without these %(relationship)s "
"%(ldap_object)s."
msgstr ""

#, python-format
msgid "added attribute value to entry %(value)s"
msgstr ""

#, python-format
msgid "removed attribute values from entry %(value)s"
msgstr ""

msgid "one or more values to remove"
msgstr ""

msgid ""
"\n"
"IPA servers\n"
msgstr ""

msgid ""
"\n"
"Get information about installed IPA servers.\n"
msgstr ""

msgid ""
"\n"
"  Find all servers:\n"
"    ipa server-find\n"
msgstr ""

msgid ""
"\n"
"  Show specific server:\n"
"    ipa server-show ipa.example.com\n"
msgstr ""

msgid "server"
msgstr ""

msgid "servers"
msgstr ""

msgid "IPA Servers"
msgstr ""

msgid "Server location"
msgstr ""

msgid "Service weight"
msgstr ""

msgid "Weight for server services"
msgstr ""

msgid "Service relative weight"
msgstr ""

msgid "Relative weight for server services (counts per location)"
msgstr ""

msgid "Enabled server roles"
msgstr ""

msgid "List of enabled roles"
msgstr ""

msgid "Modify information about an IPA server."
msgstr ""

#, python-format
msgid "Modified IPA server \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d IPA server matched"
msgid_plural "%(count)d IPA servers matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Deleted IPA server \"%(value)s\""
msgstr ""

msgid "Ignore topology errors"
msgstr ""

msgid "Ignore topology connectivity problems after removal"
msgstr ""

msgid "Ignore check for last remaining CA or DNS server"
msgstr ""

msgid "Skip a check whether the last CA master or DNS server is removed"
msgstr ""

msgid "Force server removal"
msgstr ""

msgid "Force server removal even if it does not exist"
msgstr ""

msgid ""
"Replica is active DNSSEC key master. Uninstall could break your DNS system. "
"Please disable or replace DNSSEC key master first."
msgstr ""

msgid "Deleting this server will leave your installation without a DNS."
msgstr ""

msgid ""
"Deleting this server is not allowed as it would leave your installation "
"without a KRA."
msgstr ""

msgid ""
"Deleting this server is not allowed as it would leave your installation "
"without a CA."
msgstr ""

msgid "Ignoring these warnings and proceeding with removal"
msgstr ""

#, python-format
msgid ""
"Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: "
"%(err)s"
msgstr ""

#, python-format
msgid "Failed to clean up DNA hostname entries for %(master)s: %(err)s"
msgstr ""

#, fuzzy, python-format
msgid "Failed to remove server %(master)s from server list: %(err)s"
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"

#, python-format
msgid "Failed to clean up Custodia keys for %(master)s: %(err)s"
msgstr ""

#, python-format
msgid "Failed to cleanup server principals/keys: %(err)s"
msgstr ""

#, python-format
msgid "Failed to cleanup %(hostname)s DNS entries: %(err)s"
msgstr ""

msgid "You may need to manually remove them from the tree"
msgstr ""

#, python-format
msgid "Forcing removal of %(hostname)s"
msgstr ""

msgid "Ignoring topology connectivity errors."
msgstr ""

msgid "Server has already been deleted"
msgstr ""

msgid "Agreements deleted"
msgstr ""

msgid "Following segments were not deleted:"
msgstr ""

msgid "not allowed to perform server connection check"
msgstr ""

msgid "Set enabled/hidden state of a server."
msgstr ""

msgid "State"
msgstr ""

msgid "Server state"
msgstr ""

#, python-format
msgid "Changed server state of \"%(value)s\"."
msgstr ""

msgid "Cannot hide CA renewal master."
msgstr ""

msgid "Cannot hide DNSSec key master."
msgstr ""

#, python-format
msgid "Cannot hide last enabled %(name)s server."
msgstr ""

msgid ""
"\n"
"Manage Certificate Authorities\n"
msgstr ""

msgid ""
"\n"
"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped "
"issuance\n"
"of X.509 certificates.\n"
msgstr ""

msgid ""
"\n"
"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n"
"operator has permission to bypass CA ACLs.\n"
msgstr ""

msgid ""
"\n"
"All CAs except the 'IPA' CA can be disabled or re-enabled.  Disabling a CA\n"
"prevents it from issuing certificates but does not affect the validity of "
"its\n"
"certificate.\n"
msgstr ""

msgid ""
"\n"
"CAs (all except the 'IPA' CA) can be deleted.  Deleting a CA causes its "
"signing\n"
"certificate to be revoked and its private key deleted.\n"
msgstr ""

msgid ""
"\n"
"  Create new CA, subordinate to the IPA CA (requires permission\n"
"  \"System: Add CA\"):\n"
"\n"
"    ipa ca-add puppet --desc \"Puppet\" \\\n"
"        --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n"
msgstr ""

msgid ""
"\n"
"  Disable a CA (requires permission \"System: Modify CA\"):\n"
"\n"
"    ipa ca-disable puppet\n"
msgstr ""

msgid ""
"\n"
"  Re-enable a CA (requires permission \"System: Modify CA\"):\n"
"\n"
"    ipa ca-enable puppet\n"
msgstr ""

msgid ""
"\n"
"  Delete a CA (requires permission \"System: Delete CA\"; also requires\n"
"  CA to be disabled first):\n"
"\n"
"    ipa ca-del puppet\n"
msgstr ""

msgid "Certificate Authority"
msgstr ""

msgid "Certificate Authorities"
msgstr ""

msgid "Name for referencing the CA"
msgstr ""

msgid "Description of the purpose of the CA"
msgstr ""

msgid "Authority ID"
msgstr ""

msgid "Dogtag Authority ID"
msgstr ""

msgid "Subject DN"
msgstr ""

msgid "Subject Distinguished Name"
msgstr ""

msgid "Issuer Distinguished Name"
msgstr ""

msgid "Search for CAs."
msgstr ""

#, python-format
msgid "%(count)d CA matched"
msgid_plural "%(count)d CAs matched"
msgstr[0] ""
msgstr[1] ""

msgid "Display the properties of a CA."
msgstr ""

msgid "Create a CA."
msgstr ""

#, python-format
msgid "Created CA \"%(value)s\""
msgstr ""

#, python-format
msgid "Insufficient 'add' privilege for entry '%s'."
msgstr ""

#, python-format
msgid "Unrecognized attributes: %(attrs)s"
msgstr ""

#, python-format
msgid "Subject DN is already used by CA '%s'"
msgstr ""

msgid "Delete a CA (must be disabled first)."
msgstr ""

#, python-format
msgid "Deleted CA \"%(value)s\""
msgstr ""

msgid "Insufficient privilege to delete a CA."
msgstr ""

msgid "IPA CA cannot be deleted"
msgstr ""

msgid "Must be disabled first"
msgstr ""

msgid "Modify CA configuration."
msgstr ""

#, python-format
msgid "Modified CA \"%(value)s\""
msgstr ""

msgid "Insufficient privilege to modify a CA."
msgstr ""

msgid "Disable a CA."
msgstr ""

#, python-format
msgid "Disabled CA \"%(value)s\""
msgstr ""

msgid "IPA CA cannot be disabled"
msgstr ""

msgid "Enable a CA."
msgstr ""

#, python-format
msgid "Enabled CA \"%(value)s\""
msgstr ""

msgid ""
"\n"
"Stageusers\n"
"\n"
"Manage stage user entries.\n"
"\n"
"Stage user entries are directly under the container: \"cn=stage users,\n"
"cn=accounts, cn=provisioning, SUFFIX\".\n"
"Users can not authenticate with those entries (even if the entries\n"
"contain credentials). Those entries are only candidate to become Active "
"entries.\n"
"\n"
"Active user entries are Posix users directly under the container: "
"\"cn=accounts, SUFFIX\".\n"
"Users can authenticate with Active entries, at the condition they have\n"
"credentials.\n"
"\n"
"Deleted user entries are Posix users directly under the container: "
"\"cn=deleted users,\n"
"cn=accounts, cn=provisioning, SUFFIX\".\n"
"Users can not authenticate with those entries, even if the entries contain "
"credentials.\n"
"\n"
"The stage user container contains entries:\n"
"    - created by 'stageuser-add' commands that are Posix users,\n"
"    - created by external provisioning system.\n"
"\n"
"A valid stage user entry MUST have:\n"
"    - entry RDN is 'uid',\n"
"    - ipaUniqueID is 'autogenerate'.\n"
"\n"
"IPA supports a wide range of username formats, but you need to be aware of "
"any\n"
"restrictions that may apply to your particular environment. For example,\n"
"usernames that start with a digit or usernames that exceed a certain length\n"
"may cause problems for some UNIX systems.\n"
"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n"
"\n"
"\n"
"EXAMPLES:\n"
"\n"
" Add a new stageuser:\n"
"   ipa stageuser-add --first=Tim --last=User --password tuser1\n"
"\n"
" Add a stageuser from the deleted users container:\n"
"   ipa stageuser-add  --first=Tim --last=User --from-delete tuser1\n"
"\n"
msgstr ""

msgid "Stage Users"
msgstr ""

msgid "Stage User"
msgstr ""

msgid "stage user"
msgstr ""

msgid "stage users"
msgstr ""

#, python-format
msgid "Added stage user \"%(value)s\""
msgstr ""

msgid "givenname is required"
msgstr ""

msgid "sn is required"
msgstr ""

#, python-format
msgid "Deleted stage user \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified stage user \"%(value)s\""
msgstr ""

#, python-format
msgid "Activate a stage user \"%(value)s\""
msgstr ""

msgid "Entry RDN is not 'uid'"
msgstr ""

#, python-format
msgid "Entry has no '%(attribute)s'"
msgstr ""

#, python-format
msgid "active user with name \"%(user)s\" already exists"
msgstr ""

#, python-format
msgid "Stage user %s activated"
msgstr ""

msgid "Add one or more certificates to the stageuser entry"
msgstr ""

#, python-format
msgid "Added certificates to stageuser \"%(value)s\""
msgstr ""

msgid "Remove one or more certificates to the stageuser entry"
msgstr ""

#, python-format
msgid "Removed certificates from stageuser \"%(value)s\""
msgstr ""

msgid "Add new principal alias to the stageuser entry"
msgstr ""

#, python-format
msgid "Added new aliases to stageuser \"%(value)s\""
msgstr ""

msgid "Remove principal alias from the stageuser entry"
msgstr ""

#, python-format
msgid "Removed aliases from stageuser \"%(value)s\""
msgstr ""

msgid "Add one or more certificate mappings to the stage user entry."
msgstr ""

msgid "Remove one or more certificate mappings from the stage user entry."
msgstr ""

msgid ""
"\n"
"Baseuser\n"
"\n"
"This contains common definitions for user/stageuser\n"
msgstr ""

msgid "must be TRUE or FALSE"
msgstr ""

msgid ""
"Object class ipaNTUserAttrs is missing, user entry cannot have SMB "
"attributes."
msgstr ""

msgid "User password expiration"
msgstr ""

msgid "SMB logon script path"
msgstr ""

msgid "SMB profile path"
msgstr ""

msgid "SMB Home Directory"
msgstr ""

msgid "SMB Home Directory Drive"
msgstr ""

#, python-format
msgid "invalid e-mail format: %(email)s"
msgstr ""

#, python-format
msgid "manager %(manager)s not found"
msgstr ""

msgid "Issuer of the certificate"
msgstr ""

msgid "Subject of the certificate"
msgstr ""

msgid "cannot have an empty subject"
msgstr ""

msgid "cannot specify both subject/issuer and certificate"
msgstr ""

msgid "cannot specify both subject/issuer and ipacertmapdata"
msgstr ""

#, python-format
msgid "Added certificate mappings to user \"%(value)s\""
msgstr ""

#, python-format
msgid "Removed certificate mappings from user \"%(value)s\""
msgstr ""

msgid ""
"\n"
"OTP Tokens\n"
msgstr ""

msgid ""
"\n"
"Manage OTP tokens.\n"
msgstr ""

msgid ""
"\n"
"IPA supports the use of OTP tokens for multi-factor authentication. This\n"
"code enables the management of OTP tokens.\n"
msgstr ""

msgid ""
"\n"
" Add a new token:\n"
"   ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n"
msgstr ""

msgid ""
"\n"
" Examine the token:\n"
"   ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n"
msgstr ""

msgid ""
"\n"
" Change the vendor:\n"
"   ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat"
"\"\n"
msgstr ""

msgid ""
"\n"
" Delete a token:\n"
"   ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n"
msgstr ""

msgid "OTP token"
msgstr ""

msgid "OTP tokens"
msgstr ""

msgid "OTP Tokens"
msgstr ""

msgid "OTP Token"
msgstr ""

msgid "URI"
msgstr ""

#, python-format
msgid "Added OTP token \"%(value)s\""
msgstr ""

msgid "cannot be empty"
msgstr ""

#, python-format
msgid "Deleted OTP token \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified OTP token \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d OTP token matched"
msgid_plural "%(count)d OTP tokens matched"
msgstr[0] ""
msgstr[1] ""

msgid ""
"\n"
"Plugin to make multiple ipa calls via one remote procedure call\n"
"\n"
"To run this code in the lite-server\n"
"\n"
"curl   -H \"Content-Type:application/json\"          -H \"Accept:application/"
"json\" -H \"Accept-Language:en\"        --negotiate -u :          --cacert /"
"etc/ipa/ca.crt           -d  @batch_request.json -X POST       http://"
"localhost:8888/ipa/json\n"
"\n"
"where the contents of the file batch_request.json follow the below example\n"
"\n"
"{\"method\":\"batch\",\"params\":[[\n"
"        {\"method\":\"group_find\",\"params\":[[],{}]},\n"
"        {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all"
"\":\"true\"}]},\n"
"        {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n"
"        ],{}],\"id\":1}\n"
"\n"
"The format of the response is nested the same way.  At the top you will see\n"
"  \"error\": null,\n"
"    \"id\": 1,\n"
"    \"result\": {\n"
"        \"count\": 3,\n"
"            \"results\": [\n"
"\n"
"\n"
"And then a nested response for each IPA command method sent in the request\n"
"\n"
msgstr ""

msgid "Make multiple ipa calls via one remote procedure call"
msgstr ""

msgid "must contain a tuple (list, dict)"
msgstr ""

msgid ""
"\n"
"Domain Name System (DNS)\n"
msgstr ""

msgid ""
"\n"
"Manage DNS zone and resource records.\n"
msgstr ""

msgid ""
"\n"
"SUPPORTED ZONE TYPES\n"
"\n"
" * Master zone (dnszone-*), contains authoritative data.\n"
" * Forward zone (dnsforwardzone-*), forwards queries to configured "
"forwarders\n"
" (a set of DNS servers).\n"
msgstr ""

msgid ""
"\n"
"USING STRUCTURED PER-TYPE OPTIONS\n"
msgstr ""

msgid ""
"\n"
"There are many structured DNS RR types where DNS data stored in LDAP server\n"
"is not just a scalar value, for example an IP address or a domain name, but\n"
"a data structure which may be often complex. A good example is a LOC record\n"
"[RFC1876] which consists of many mandatory and optional parts (degrees,\n"
"minutes, seconds of latitude and longitude, altitude or precision).\n"
msgstr ""

msgid ""
"\n"
"It may be difficult to manipulate such DNS records without making a mistake\n"
"and entering an invalid value. DNS module provides an abstraction over "
"these\n"
"raw records and allows to manipulate each RR type with specific options. "
"For\n"
"each supported RR type, DNS module provides a standard option to manipulate\n"
"a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special "
"options\n"
"for every part of the RR structure with format --<rrtype>-<partname>, e.g.\n"
"--mx-preference and --mx-exchanger.\n"
msgstr ""

msgid ""
"\n"
"When adding a record, either RR specific options or standard option for a "
"raw\n"
"value can be used, they just should not be combined in one add operation. "
"When\n"
"modifying an existing entry, new RR specific options can be used to change\n"
"one part of a DNS record, where the standard option for raw value is used\n"
"to specify the modified value. The following example demonstrates\n"
"a modification of MX record preference from 0 to 1 in a record without\n"
"modifying the exchanger:\n"
"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n"
msgstr ""

msgid ""
"\n"
"\n"
"EXAMPLES:\n"
msgstr ""

msgid ""
"\n"
" Add new zone:\n"
"   ipa dnszone-add example.com --admin-email=admin@example.com\n"
msgstr ""

msgid ""
"\n"
" Add system permission that can be used for per-zone privilege delegation:\n"
"   ipa dnszone-add-permission example.com\n"
msgstr ""

msgid ""
"\n"
" Modify the zone to allow dynamic updates for hosts own records in realm "
"EXAMPLE.COM:\n"
"   ipa dnszone-mod example.com --dynamic-update=TRUE\n"
msgstr ""

msgid ""
"\n"
"   This is the equivalent of:\n"
"     ipa dnszone-mod example.com --dynamic-update=TRUE \\\n"
"      --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM "
"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n"
msgstr ""

msgid ""
"\n"
" Modify the zone to allow zone transfers for local network only:\n"
"   ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n"
msgstr ""

msgid ""
"\n"
" Add new reverse zone specified by network IP address:\n"
"   ipa dnszone-add --name-from-ip=192.0.2.0/24\n"
msgstr ""

msgid ""
"\n"
" Add second nameserver for example.com:\n"
"   ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n"
msgstr ""

msgid ""
"\n"
" Add a mail server for example.com:\n"
"   ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n"
msgstr ""

msgid ""
"\n"
" Add another record using MX record specific options:\n"
"  ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n"
msgstr ""

msgid ""
"\n"
" Add another record using interactive mode (started when dnsrecord-add, "
"dnsrecord-mod,\n"
" or dnsrecord-del are executed with no options):\n"
"  ipa dnsrecord-add example.com @\n"
"  Please choose a type of DNS resource record to be added\n"
"  The most common types for this type of zone are: NS, MX, LOC\n"
"\n"
"  DNS resource record type: MX\n"
"  MX Preference: 30\n"
"  MX Exchanger: mail3\n"
"    Record name: example.com\n"
"    MX record: 10 mail1, 20 mail2, 30 mail3\n"
"    NS record: nameserver.example.com., nameserver2.example.com.\n"
msgstr ""

msgid ""
"\n"
" Delete previously added nameserver from example.com:\n"
"   ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n"
msgstr ""

msgid ""
"\n"
" Add LOC record for example.com:\n"
"   ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E "
"227.64m\"\n"
msgstr ""

msgid ""
"\n"
" Add new A record for www.example.com. Create a reverse record in "
"appropriate\n"
" reverse zone as well. In this case a PTR record \"2\" pointing to www."
"example.com\n"
" will be created in zone 2.0.192.in-addr.arpa.\n"
"   ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n"
msgstr ""

msgid ""
"\n"
" Add new PTR record for www.example.com\n"
"   ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n"
msgstr ""

msgid ""
"\n"
" Add new SRV records for LDAP servers. Three quarters of the requests\n"
" should go to fast.example.com, one quarter to slow.example.com. If neither\n"
" is available, switch to backup.example.com.\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example."
"com\"\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example."
"com\"\n"
"   ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup."
"example.com\"\n"
msgstr ""

msgid ""
"\n"
" The interactive mode can be used for easy modification:\n"
"  ipa dnsrecord-mod example.com _ldap._tcp\n"
"  No option to modify specific record provided.\n"
"  Current DNS record contents:\n"
"\n"
"  SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 "
"backup.example.com\n"
"\n"
"  Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n"
"  Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n"
"  SRV Priority [0]:                     (keep the default value)\n"
"  SRV Weight [1]: 2                     (modified value)\n"
"  SRV Port [389]:                       (keep the default value)\n"
"  SRV Target [slow.example.com]:        (keep the default value)\n"
"  1 SRV record skipped. Only one value per DNS record type can be modified "
"at one time.\n"
"    Record name: _ldap._tcp\n"
"    SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 "
"389 slow.example.com\n"
msgstr ""

msgid ""
"\n"
" After this modification, three fifths of the requests should go to\n"
" fast.example.com and two fifths to slow.example.com.\n"
msgstr ""

msgid ""
"\n"
" An example of the interactive mode for dnsrecord-del command:\n"
"   ipa dnsrecord-del example.com www\n"
"   No option to delete specific record provided.\n"
"   Delete all? Yes/No (default No):     (do not delete all records)\n"
"   Current DNS record contents:\n"
"\n"
"   A record: 192.0.2.2, 192.0.2.3\n"
"\n"
"   Delete A record '192.0.2.2'? Yes/No (default No):\n"
"   Delete A record '192.0.2.3'? Yes/No (default No): y\n"
"     Record name: www\n"
"     A record: 192.0.2.2               (A record 192.0.2.3 has been "
"deleted)\n"
msgstr ""

msgid ""
"\n"
" Show zone example.com:\n"
"   ipa dnszone-show example.com\n"
msgstr ""

msgid ""
"\n"
" Find zone with \"example\" in its domain name:\n"
"   ipa dnszone-find example\n"
msgstr ""

msgid ""
"\n"
" Find records for resources with \"www\" in their name in zone example.com:\n"
"   ipa dnsrecord-find example.com www\n"
msgstr ""

msgid ""
"\n"
" Find A records with value 192.0.2.2 in zone example.com\n"
"   ipa dnsrecord-find example.com --a-rec=192.0.2.2\n"
msgstr ""

msgid ""
"\n"
" Show records for resource www in zone example.com\n"
"   ipa dnsrecord-show example.com www\n"
msgstr ""

msgid ""
"\n"
" Delegate zone sub.example to another nameserver:\n"
"   ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n"
"   ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n"
msgstr ""

msgid ""
"\n"
" Delete zone example.com with all resource records:\n"
"   ipa dnszone-del example.com\n"
msgstr ""

msgid ""
"\n"
" If a global forwarder is configured, all queries for which this server is "
"not\n"
" authoritative (e.g. sub.example.com) will be routed to the global "
"forwarder.\n"
" Global forwarding configuration can be overridden per-zone.\n"
msgstr ""

msgid ""
"\n"
" Semantics of forwarding in IPA matches BIND semantics and depends on the "
"type\n"
" of zone:\n"
"   * Master zone: local BIND replies authoritatively to queries for data in\n"
"   the given zone (including authoritative NXDOMAIN answers) and forwarding\n"
"   affects only queries for names below zone cuts (NS records) of locally\n"
"   served zones.\n"
"\n"
"   * Forward zone: forward zone contains no authoritative data. BIND "
"forwards\n"
"   queries, which cannot be answered from its local cache, to configured\n"
"   forwarders.\n"
msgstr ""

msgid ""
"\n"
" Semantics of the --forward-policy option:\n"
"   * none - disable forwarding for the given zone.\n"
"   * first - forward all queries to configured forwarders. If they fail,\n"
"   do resolution using DNS root servers.\n"
"   * only - forward all queries to configured forwarders and if they fail,\n"
"   return failure.\n"
msgstr ""

msgid ""
"\n"
" Disable global forwarding for given sub-tree:\n"
"   ipa dnszone-mod example.com --forward-policy=none\n"
msgstr ""

msgid ""
"\n"
" This configuration forwards all queries for names outside the example.com\n"
" sub-tree to global forwarders. Normal recursive resolution process is used\n"
" for names inside the example.com sub-tree (i.e. NS records are followed "
"etc.).\n"
msgstr ""

msgid ""
"\n"
" Forward all requests for the zone external.example.com to another "
"forwarder\n"
" using a \"first\" policy (it will send the queries to the selected "
"forwarder\n"
" and if not answered it will use global root servers):\n"
"   ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n"
"                               --forwarder=203.0.113.1\n"
msgstr ""

msgid ""
"\n"
" Change forward-policy for external.example.com:\n"
"   ipa dnsforwardzone-mod external.example.com --forward-policy=only\n"
msgstr ""

msgid ""
"\n"
" Show forward zone external.example.com:\n"
"   ipa dnsforwardzone-show external.example.com\n"
msgstr ""

msgid ""
"\n"
" List all forward zones:\n"
"   ipa dnsforwardzone-find\n"
msgstr ""

msgid ""
"\n"
" Delete forward zone external.example.com:\n"
"   ipa dnsforwardzone-del external.example.com\n"
msgstr ""

msgid ""
"\n"
" Resolve a host name to see if it exists (will add default IPA domain\n"
" if one is not included):\n"
"   ipa dns-resolve www.example.com\n"
"   ipa dns-resolve www\n"
msgstr ""

msgid ""
"\n"
"\n"
"GLOBAL DNS CONFIGURATION\n"
msgstr ""

msgid ""
"\n"
"DNS configuration passed to command line install script is stored in a "
"local\n"
"configuration file on each IPA server where DNS service is configured. "
"These\n"
"local settings can be overridden with a common configuration stored in LDAP\n"
"server:\n"
msgstr ""

msgid ""
"\n"
" Show global DNS configuration:\n"
"   ipa dnsconfig-show\n"
msgstr ""

msgid ""
"\n"
" Modify global DNS configuration and set a list of global forwarders:\n"
"   ipa dnsconfig-mod --forwarder=203.0.113.113\n"
msgstr ""

msgid "invalid IP network format"
msgstr ""

msgid "each ACL element must be terminated with a semicolon"
msgstr ""

msgid "invalid address format"
msgstr ""

msgid ""
"expected format: <0-255> <0-255> <0-65535> even-"
"length_hexadecimal_digits_or_hyphen"
msgstr ""

msgid "algorithm value: allowed interval 0-255"
msgstr ""

msgid "flags value: allowed interval 0-255"
msgstr ""

msgid "iterations value: allowed interval 0-65535"
msgstr ""

#, python-format
msgid "salt value: %(err)s"
msgstr ""

msgid "invalid domain-name: not fully qualified"
msgstr ""

msgid "should not be a wildcard domain name (RFC 4592 section 4)"
msgstr ""

#, python-format
msgid ""
"All nameservers failed to answer the query for DNS reverse zone %(revdns)s"
msgstr ""

#, python-format
msgid ""
"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this "
"server"
msgstr ""

#, python-format
msgid "DNS zone %(zone)s not found"
msgstr ""

#, python-format
msgid "IP address %(ip)s is already assigned in domain %(domain)s."
msgstr ""

#, python-format
msgid ""
"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s."
msgstr ""

#, python-format
msgid "%s record"
msgstr ""

#, python-format
msgid "Raw %s records"
msgstr ""

#, python-format
msgid "%s Record"
msgstr ""

#, python-format
msgid "(see RFC %s for details)"
msgstr ""

#, python-format
msgid "'%s' is a required part of DNS record"
msgstr ""

msgid "Invalid number of parts!"
msgstr ""

#, python-format
msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin"
msgstr ""

#, python-format
msgid "format must be specified as \"%(format)s\" %(rfcs)s"
msgstr ""

msgid "Create reverse"
msgstr ""

#, python-format
msgid "Cannot create reverse record for \"%(value)s\": %(exc)s"
msgstr ""

msgid "Exchanger"
msgstr ""

msgid ""
"format must be specified as\n"
"    \"d1 [m1 [s1]] {\"N\"|\"S\"}  d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] "
"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n"
"    where:\n"
"       d1:     [0 .. 90]            (degrees latitude)\n"
"       d2:     [0 .. 180]           (degrees longitude)\n"
"       m1, m2: [0 .. 59]            (minutes latitude/longitude)\n"
"       s1, s2: [0 .. 59.999]        (seconds latitude/longitude)\n"
"       alt:    [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n"
"       siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n"
"    See RFC 1876 for details"
msgstr ""

#, python-format
msgid "'%(required)s' must not be empty when '%(name)s' is set"
msgstr ""

msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\""
msgstr ""

msgid "Priority (order)"
msgstr ""

msgid ""
"Lower number means higher priority. Clients will attempt to contact the "
"server with the lowest-numbered priority they can reach."
msgstr ""

msgid "Relative weight for entries with the same priority."
msgstr ""

msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format"
msgstr ""

msgid ""
"Lower number means higher priority. Clients will attempt to contact the URI "
"with the lowest-numbered priority they can reach."
msgstr ""

msgid "Target Uniform Resource Identifier"
msgstr ""

msgid "Target Uniform Resource Identifier according to RFC 3986"
msgstr ""

#, python-format
msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record"
msgstr ""

msgid "Managedby permission"
msgstr ""

msgid "cannot be used when a zone is specified"
msgstr ""

msgid "Only one zone type is allowed per zone name"
msgstr ""

#, python-format
msgid "Added system permission \"%(value)s\""
msgstr ""

#, python-format
msgid "permission \"%(value)s\" already exists"
msgstr ""

#, python-format
msgid "Removed system permission \"%(value)s\""
msgstr ""

msgid "DNS zone"
msgstr ""

msgid "DNS zones"
msgstr ""

msgid "DNS Zones"
msgstr ""

msgid "DNS Zone"
msgstr ""

msgid "Default time to live"
msgstr ""

msgid "Time to live for records without explicit TTL definition"
msgstr ""

msgid "setting Authoritative nameserver"
msgstr ""

msgid "It is used only for setting the SOA MNAME attribute."
msgstr ""

msgid "NS record(s) can be edited in zone apex - '@'. "
msgstr ""

msgid "<all IPA DNS servers>"
msgstr ""

msgid "Nameserver for reverse zone cannot be a relative DNS name"
msgstr ""

#, python-format
msgid "Deleted DNS zone \"%(value)s\""
msgstr ""

msgid "is required"
msgstr ""

#, python-format
msgid "Disabled DNS zone \"%(value)s\""
msgstr ""

#, python-format
msgid "Enabled DNS zone \"%(value)s\""
msgstr ""

msgid "DNS resource record"
msgstr ""

msgid "DNS resource records"
msgstr ""

msgid "DNS Resource Records"
msgstr ""

msgid "DNS Resource Record"
msgstr ""

msgid "DS record must not be in zone apex (RFC 4035 section 2.4)"
msgstr ""

msgid ""
"out-of-zone data: record name must be a subdomain of the zone or a relative "
"name"
msgstr ""

#, python-format
msgid ""
"owner of %(types)s records should not be a wildcard domain name (RFC 4592 "
"section 4)"
msgstr ""

#, python-format
msgid ""
"Reverse zone %(name)s requires exactly %(count)d IP address components, "
"%(user_count)d given"
msgstr ""

msgid "only master zones can contain records"
msgstr ""

msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)"
msgstr ""

msgid ""
"CNAME record is not allowed to coexist with any other record (RFC 1034, "
"section 3.6.2)"
msgstr ""

msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)"
msgstr ""

#, python-format
msgid ""
"NS record is not allowed to coexist with an %(type)s record except when "
"located in a zone root record (RFC 2181, section 6.1)"
msgstr ""

msgid ""
"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC "
"4035 section 2.4)"
msgstr ""

#, python-format
msgid "Raw value of a DNS record was already set by \"%(name)s\" option"
msgstr ""

msgid "DNS zone root record cannot be renamed"
msgstr ""

msgid "DNS records can be only updated one at a time"
msgstr ""

#, python-format
msgid "Deleted record \"%(value)s\""
msgstr ""

#, python-format
msgid "Zone record '%s' cannot be deleted"
msgstr ""

#, python-format
msgid "Found '%(value)s'"
msgstr ""

#, python-format
msgid "Host '%(host)s' not found"
msgstr ""

msgid "DNS configuration options"
msgstr ""

msgid "DNS Global Configuration"
msgstr ""

msgid "IPA DNS version"
msgstr ""

msgid "List of IPA masters configured as DNS servers"
msgstr ""

msgid "IPA server configured as DNSSec key master"
msgstr ""

msgid "Global DNS configuration is empty"
msgstr ""

msgid "DNS forward zone"
msgstr ""

msgid "DNS forward zones"
msgstr ""

msgid "DNS Forward Zones"
msgstr ""

msgid "DNS Forward Zone"
msgstr ""

msgid "Please specify forwarders."
msgstr ""

#, python-format
msgid "Deleted DNS forward zone \"%(value)s\""
msgstr ""

#, python-format
msgid "Disabled DNS forward zone \"%(value)s\""
msgstr ""

#, python-format
msgid "Enabled DNS forward zone \"%(value)s\""
msgstr ""

msgid "IPA DNS records"
msgstr ""

msgid "IPA location records"
msgstr ""

msgid "Update location and IPA server DNS records"
msgstr ""

msgid "Result of the command"
msgstr ""

msgid "Dry run"
msgstr ""

msgid "Do not update records only return expected records"
msgstr ""

msgid "The deny type has been deprecated."
msgstr ""

msgid "HBAC rules"
msgstr ""

msgid "HBAC Rules"
msgstr ""

#, python-format
msgid "Added HBAC rule \"%(value)s\""
msgstr ""

#, python-format
msgid "Deleted HBAC rule \"%(value)s\""
msgstr ""

#, python-format
msgid "Modified HBAC rule \"%(value)s\""
msgstr ""

#, python-format
msgid "%(count)d HBAC rule matched"
msgid_plural "%(count)d HBAC rules matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Enabled HBAC rule \"%(value)s\""
msgstr ""

#, python-format
msgid "Disabled HBAC rule \"%(value)s\""
msgstr ""

msgid "Access time"
msgstr ""

msgid "Add source hosts and hostgroups to an HBAC rule."
msgstr ""

msgid ""
"\n"
"Manage Certificate Profiles\n"
"\n"
"Certificate Profiles are used by Certificate Authority (CA) in the signing "
"of\n"
"certificates to determine if a Certificate Signing Request (CSR) is "
"acceptable,\n"
"and if so what features and extensions will be present on the certificate.\n"
"\n"
"The Certificate Profile format is the property-list format understood by "
"the\n"
"Dogtag or Red Hat Certificate System CA.\n"
"\n"
"PROFILE ID SYNTAX:\n"
"\n"
"A Profile ID is a string without spaces or punctuation starting with a "
"letter\n"
"and followed by a sequence of letters, digits or underscore (\"_\").\n"
"\n"
"EXAMPLES:\n"
"\n"
"  Import a profile that will not store issued certificates:\n"
"    ipa certprofile-import ShortLivedUserCert \\\n"
"      --file UserCert.profile --desc \"User Certificates\" \\\n"
"      --store=false\n"
"\n"
"  Delete a certificate profile:\n"
"    ipa certprofile-del ShortLivedUserCert\n"
"\n"
"  Show information about a profile:\n"
"    ipa certprofile-show ShortLivedUserCert\n"
"\n"
"  Save profile configuration to a file:\n"
"    ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n"
"\n"
"  Search for profiles that do not store certificates:\n"
"    ipa certprofile-find --store=false\n"
"\n"
"PROFILE CONFIGURATION FORMAT:\n"
"\n"
"The profile configuration format is the raw property-list format\n"
"used by Dogtag Certificate System.  The XML format is not supported.\n"
"\n"
"The following restrictions apply to profiles managed by IPA:\n"
"\n"
"- When importing a profile the \"profileId\" field, if present, must\n"
"  match the ID given on the command line.\n"
"\n"
"- The \"classId\" field must be set to \"caEnrollImpl\"\n"
"\n"
"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n"
"\n"
"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n"
"  class must be used.\n"
"\n"
msgstr ""

msgid "invalid Profile ID"
msgstr ""

msgid "Certificate Profile"
msgstr ""

msgid "Certificate Profiles"
msgstr ""

msgid "Profile configuration"
msgstr ""

#, python-format
msgid "%(count)d profile matched"
msgid_plural "%(count)d profiles matched"
msgstr[0] ""
msgstr[1] ""

#, python-format
msgid "Imported profile \"%(value)s\""
msgstr ""

#, python-format
msgid "Profile data specifies profileId multiple times: %(values)s"
msgstr ""

#, python-format
msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'"
msgstr ""

#, python-format
msgid "Deleted profile \"%(value)s\""
msgstr ""

#, python-format
msgid "Predefined profile '%(profile_id)s' cannot be deleted"
msgstr ""

#, python-format
msgid "Modified Certificate Profile \"%(value)s\""
msgstr ""

msgid "Certificate profiles cannot be renamed"
msgstr ""

msgid "Insufficient privilege to modify a certificate profile."
msgstr ""

#, python-format
msgid "all masters must have %(role)s role enabled"
msgstr ""

#, python-format
msgid "must have %(role)s role enabled"
msgstr ""

msgid "must be enabled only on a single master"
msgstr ""

msgid "Request must be a dict"
msgstr ""

msgid "Request is missing \"method\""
msgstr ""

msgid "Request is missing \"params\""
msgstr ""

msgid "params must be a list"
msgstr ""

msgid "params must contain [args, options]"
msgstr ""

msgid "params[0] (aka args) must be a list"
msgstr ""

msgid "params[1] (aka options) must be a dict"
msgstr ""

#, python-format
msgid ""
"\n"
"Replication topology in suffix '%(suffix)s' is disconnected:\n"
"%(errors)s"
msgstr ""

#, python-format
msgid ""
"\n"
"Removal of '%(hostname)s' leads to disconnected topology in suffix "
"'%(suffix)s':\n"
"%(errors)s"
msgstr ""

#, python-format
msgid "Topology does not allow server %(server)s to replicate with servers:"
msgstr ""

msgid "Trusting forest"
msgstr ""

msgid "Trusted forest"
msgstr ""

msgid "Established and verified"
msgstr ""

msgid "Waiting for confirmation by remote side"
msgstr ""

msgid "Unknown"
msgstr ""

msgid "Non-Active Directory domain"
msgstr ""

msgid "RFC4120-compliant Kerberos realm"
msgstr ""

msgid ""
"Non-transitive external trust to a domain in another Active Directory forest"
msgstr ""

msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm"
msgstr ""

msgid ""
"\n"
"Classes to manage trust joins using DCE-RPC calls\n"
"\n"
"The code in this module relies heavily on samba4-python package\n"
"and Samba4 python bindings.\n"
msgstr ""

msgid "CIFS server denied your credentials"
msgstr ""

msgid "communication with CIFS server was unsuccessful"
msgstr ""

msgid "AD domain controller"
msgstr ""

msgid "unsupported functional level"
msgstr ""

msgid ""
"AD domain controller complains about communication sequence. It may mean "
"unsynchronized time on both sides, for example"
msgstr ""

msgid "Cannot find specified domain or server name"
msgstr ""

msgid ""
"AD DC was unable to reach any IPA domain controller. Most likely it is a DNS "
"or firewall issue"
msgstr ""

msgid "At least the domain or IP address should be specified"
msgstr ""

#, python-format
msgid ""
"CIFS server communication error: code \"%(num)s\", message \"%(message)s"
"\" (both may be \"None\")"
msgstr ""

msgid "no trusted domain is configured"
msgstr ""

msgid "domain is not configured"
msgstr ""

msgid "SID is not valid"
msgstr ""

msgid "SID does not match exactlywith any trusted domain's SID"
msgstr ""

msgid "SID does not match any trusted domain"
msgstr ""

msgid "Trust setup"
msgstr ""

msgid "Our domain is not configured"
msgstr ""

msgid "No trusted domain is not configured"
msgstr ""

msgid "trusted domain object"
msgstr ""

msgid "domain is not trusted"
msgstr ""

msgid "no trusted domain matched the specified flat name"
msgstr ""

msgid "trusted domain object not found"
msgstr ""

msgid "Object does not belong to a trusted domain"
msgstr ""

msgid "SSSD was unable to resolve the object to a valid SID"
msgstr ""

msgid "Ambiguous search, user domain was not specified"
msgstr ""

msgid "Trusted domain did not return a unique object"
msgstr ""

msgid "Trusted domain did not return a valid SID for the object"
msgstr ""

msgid "trusted domain user not found"
msgstr ""

msgid "Cannot retrieve trusted domain GC list"
msgstr ""

msgid "CIFS credentials object"
msgstr ""

#, python-format
msgid "CIFS server %(host)s denied your credentials"
msgstr ""

#, python-format
msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?"
msgstr ""

#, python-format
msgid ""
"the IPA server and the remote domain cannot share the same NetBIOS name: %s"
msgstr ""

#, python-brace-format
msgid ""
"There is already a trust to {ipa_domain} with unsupported type {trust_type}. "
"Please remove it manually on AD DC side."
msgstr ""

#, python-format
msgid ""
"IPA master denied trust validation requests from AD DC %(count)d times. Most "
"likely AD DC contacted a replica that has no trust information replicated "
"yet. Additionally, please check that AD DNS is able to resolve %(records)s "
"SRV records to the correct IPA server."
msgstr ""

msgid "Credentials"
msgstr ""

msgid "Missing credentials for cross-forest communication"
msgstr ""

msgid ""
"Non-Kerberos user name was specified, please provide user@REALM variant "
"instead"
msgstr ""

#, python-format
msgid "must equal %r"
msgstr ""

msgid "Hello world"
msgstr ""

#, python-format
msgid "%s: RADIUS proxy server not found"
msgstr ""

#, python-format
msgid "RADIUS proxy server with name \"%s\" already exists"
msgstr ""

msgid "must be at least 1"
msgstr ""

#, c-format
msgid "Unable to initialize connection to ldap server %1$s: %2$s\n"
msgstr ""

msgid "Unable to set LDAP_OPT_PROTOCOL_VERSION\n"
msgstr ""

msgid "Unable to set LDAP_OPT_X_SASL_NOCANON\n"
msgstr ""

msgid "Unable to set LDAP_OPT_X_TLS_CACERTFILE\n"
msgstr ""

msgid "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT\n"
msgstr ""

msgid "Unable to set LDAP_OPT_X_TLS_PROTOCOL_MIN\n"
msgstr ""

msgid ""
"Unable to create new TLS context (OpenSSL failed to initialize or to load "
"certificates)\n"
msgstr ""

msgid "Unable to initialize STARTTLS session\n"
msgstr ""

msgid "Out of memory\n"
msgstr ""

msgid "Warning unrecognized encryption type.\n"
msgstr ""

msgid "Warning unrecognized salt type.\n"
msgstr ""

msgid "Out of memory!?\n"
msgstr ""

msgid "Enctype comparison failed!\n"
msgstr ""

#, fuzzy
msgid "Password is too long!\n"
msgstr "पासवर्ड जुळत नाही!"

msgid "Failed to create random key!\n"
msgstr ""

msgid "Failed to create key!\n"
msgstr ""

msgid "Bad or unsupported salt type.\n"
msgstr ""