sources/ldap: add support for cert based auth (#5850)
* ldap: support cert based auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ldap: default sni switch to off * ldap: `get_info=NONE` on insufficient access error * fix: Make file locale script * ldap: add google ldap attribute mappings * ldap: move google secure ldap blueprint to examples Revert "ldap: add google ldap attribute mappings" This reverts commit 8a861bb92c1bd763b6e7ec0513f73b3039a1adb4. * ldap: remove `validate` for client cert auth not strictly necessary * ldap: write temp cert files more securely * ldap: use first array value for sni when provided csv input * don't specify tempdir we set $TMPDIR in the dockerfile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * limit API to only allow certificate key pairs with private key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use maxsplit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
8ddefb213f
commit
029395d08b
2
Makefile
2
Makefile
|
@ -151,7 +151,7 @@ web-check-compile:
|
||||||
cd web && npm run tsc
|
cd web && npm run tsc
|
||||||
|
|
||||||
web-i18n-extract:
|
web-i18n-extract:
|
||||||
cd web && npm run extract
|
cd web && npm run extract-locales
|
||||||
|
|
||||||
#########################
|
#########################
|
||||||
## Website
|
## Website
|
||||||
|
|
|
@ -8,6 +8,7 @@ from drf_spectacular.utils import extend_schema, extend_schema_field, inline_ser
|
||||||
from rest_framework.decorators import action
|
from rest_framework.decorators import action
|
||||||
from rest_framework.exceptions import ValidationError
|
from rest_framework.exceptions import ValidationError
|
||||||
from rest_framework.fields import DictField, ListField
|
from rest_framework.fields import DictField, ListField
|
||||||
|
from rest_framework.relations import PrimaryKeyRelatedField
|
||||||
from rest_framework.request import Request
|
from rest_framework.request import Request
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.viewsets import ModelViewSet
|
from rest_framework.viewsets import ModelViewSet
|
||||||
|
@ -16,6 +17,7 @@ from authentik.admin.api.tasks import TaskSerializer
|
||||||
from authentik.core.api.propertymappings import PropertyMappingSerializer
|
from authentik.core.api.propertymappings import PropertyMappingSerializer
|
||||||
from authentik.core.api.sources import SourceSerializer
|
from authentik.core.api.sources import SourceSerializer
|
||||||
from authentik.core.api.used_by import UsedByMixin
|
from authentik.core.api.used_by import UsedByMixin
|
||||||
|
from authentik.crypto.models import CertificateKeyPair
|
||||||
from authentik.events.monitored_tasks import TaskInfo
|
from authentik.events.monitored_tasks import TaskInfo
|
||||||
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
|
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
|
||||||
from authentik.sources.ldap.tasks import SYNC_CLASSES
|
from authentik.sources.ldap.tasks import SYNC_CLASSES
|
||||||
|
@ -24,6 +26,15 @@ from authentik.sources.ldap.tasks import SYNC_CLASSES
|
||||||
class LDAPSourceSerializer(SourceSerializer):
|
class LDAPSourceSerializer(SourceSerializer):
|
||||||
"""LDAP Source Serializer"""
|
"""LDAP Source Serializer"""
|
||||||
|
|
||||||
|
client_certificate = PrimaryKeyRelatedField(
|
||||||
|
allow_null=True,
|
||||||
|
help_text="Client certificate to authenticate against the LDAP Server's Certificate.",
|
||||||
|
queryset=CertificateKeyPair.objects.exclude(
|
||||||
|
key_data__exact="",
|
||||||
|
),
|
||||||
|
required=False,
|
||||||
|
)
|
||||||
|
|
||||||
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
||||||
"""Check that only a single source has password_sync on"""
|
"""Check that only a single source has password_sync on"""
|
||||||
sync_users_password = attrs.get("sync_users_password", True)
|
sync_users_password = attrs.get("sync_users_password", True)
|
||||||
|
@ -42,9 +53,11 @@ class LDAPSourceSerializer(SourceSerializer):
|
||||||
fields = SourceSerializer.Meta.fields + [
|
fields = SourceSerializer.Meta.fields + [
|
||||||
"server_uri",
|
"server_uri",
|
||||||
"peer_certificate",
|
"peer_certificate",
|
||||||
|
"client_certificate",
|
||||||
"bind_cn",
|
"bind_cn",
|
||||||
"bind_password",
|
"bind_password",
|
||||||
"start_tls",
|
"start_tls",
|
||||||
|
"sni",
|
||||||
"base_dn",
|
"base_dn",
|
||||||
"additional_user_dn",
|
"additional_user_dn",
|
||||||
"additional_group_dn",
|
"additional_group_dn",
|
||||||
|
@ -75,7 +88,9 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet):
|
||||||
"server_uri",
|
"server_uri",
|
||||||
"bind_cn",
|
"bind_cn",
|
||||||
"peer_certificate",
|
"peer_certificate",
|
||||||
|
"client_certificate",
|
||||||
"start_tls",
|
"start_tls",
|
||||||
|
"sni",
|
||||||
"base_dn",
|
"base_dn",
|
||||||
"additional_user_dn",
|
"additional_user_dn",
|
||||||
"additional_group_dn",
|
"additional_group_dn",
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
# Generated by Django 4.1.7 on 2023-06-06 18:33
|
||||||
|
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
("authentik_crypto", "0004_alter_certificatekeypair_name"),
|
||||||
|
("authentik_sources_ldap", "0002_auto_20211203_0900"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="ldapsource",
|
||||||
|
name="client_certificate",
|
||||||
|
field=models.ForeignKey(
|
||||||
|
default=None,
|
||||||
|
help_text="Client certificate to authenticate against the LDAP Server's Certificate.",
|
||||||
|
null=True,
|
||||||
|
on_delete=django.db.models.deletion.SET_DEFAULT,
|
||||||
|
related_name="ldap_client_certificates",
|
||||||
|
to="authentik_crypto.certificatekeypair",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="ldapsource",
|
||||||
|
name="sni",
|
||||||
|
field=models.BooleanField(
|
||||||
|
default=False, verbose_name="Use Server URI for SNI verification"
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="ldapsource",
|
||||||
|
name="peer_certificate",
|
||||||
|
field=models.ForeignKey(
|
||||||
|
default=None,
|
||||||
|
help_text="Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.",
|
||||||
|
null=True,
|
||||||
|
on_delete=django.db.models.deletion.SET_DEFAULT,
|
||||||
|
related_name="ldap_peer_certificates",
|
||||||
|
to="authentik_crypto.certificatekeypair",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -1,11 +1,13 @@
|
||||||
"""authentik LDAP Models"""
|
"""authentik LDAP Models"""
|
||||||
|
from os import chmod
|
||||||
from ssl import CERT_REQUIRED
|
from ssl import CERT_REQUIRED
|
||||||
|
from tempfile import NamedTemporaryFile, mkdtemp
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls
|
from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls
|
||||||
from ldap3.core.exceptions import LDAPSchemaError
|
from ldap3.core.exceptions import LDAPInsufficientAccessRightsResult, LDAPSchemaError
|
||||||
from rest_framework.serializers import Serializer
|
from rest_framework.serializers import Serializer
|
||||||
|
|
||||||
from authentik.core.models import Group, PropertyMapping, Source
|
from authentik.core.models import Group, PropertyMapping, Source
|
||||||
|
@ -39,14 +41,24 @@ class LDAPSource(Source):
|
||||||
on_delete=models.SET_DEFAULT,
|
on_delete=models.SET_DEFAULT,
|
||||||
default=None,
|
default=None,
|
||||||
null=True,
|
null=True,
|
||||||
|
related_name="ldap_peer_certificates",
|
||||||
help_text=_(
|
help_text=_(
|
||||||
"Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
"Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
client_certificate = models.ForeignKey(
|
||||||
|
CertificateKeyPair,
|
||||||
|
on_delete=models.SET_DEFAULT,
|
||||||
|
default=None,
|
||||||
|
null=True,
|
||||||
|
related_name="ldap_client_certificates",
|
||||||
|
help_text=_("Client certificate to authenticate against the LDAP Server's Certificate."),
|
||||||
|
)
|
||||||
|
|
||||||
bind_cn = models.TextField(verbose_name=_("Bind CN"), blank=True)
|
bind_cn = models.TextField(verbose_name=_("Bind CN"), blank=True)
|
||||||
bind_password = models.TextField(blank=True)
|
bind_password = models.TextField(blank=True)
|
||||||
start_tls = models.BooleanField(default=False, verbose_name=_("Enable Start TLS"))
|
start_tls = models.BooleanField(default=False, verbose_name=_("Enable Start TLS"))
|
||||||
|
sni = models.BooleanField(default=False, verbose_name=_("Use Server URI for SNI verification"))
|
||||||
|
|
||||||
base_dn = models.TextField(verbose_name=_("Base DN"))
|
base_dn = models.TextField(verbose_name=_("Base DN"))
|
||||||
additional_user_dn = models.TextField(
|
additional_user_dn = models.TextField(
|
||||||
|
@ -112,8 +124,22 @@ class LDAPSource(Source):
|
||||||
if self.peer_certificate:
|
if self.peer_certificate:
|
||||||
tls_kwargs["ca_certs_data"] = self.peer_certificate.certificate_data
|
tls_kwargs["ca_certs_data"] = self.peer_certificate.certificate_data
|
||||||
tls_kwargs["validate"] = CERT_REQUIRED
|
tls_kwargs["validate"] = CERT_REQUIRED
|
||||||
|
if self.client_certificate:
|
||||||
|
temp_dir = mkdtemp()
|
||||||
|
with NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as temp_cert:
|
||||||
|
temp_cert.write(self.client_certificate.certificate_data)
|
||||||
|
certificate_file = temp_cert.name
|
||||||
|
chmod(certificate_file, 0o600)
|
||||||
|
with NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as temp_key:
|
||||||
|
temp_key.write(self.client_certificate.key_data)
|
||||||
|
private_key_file = temp_key.name
|
||||||
|
chmod(private_key_file, 0o600)
|
||||||
|
tls_kwargs["local_private_key_file"] = private_key_file
|
||||||
|
tls_kwargs["local_certificate_file"] = certificate_file
|
||||||
if ciphers := CONFIG.y("ldap.tls.ciphers", None):
|
if ciphers := CONFIG.y("ldap.tls.ciphers", None):
|
||||||
tls_kwargs["ciphers"] = ciphers.strip()
|
tls_kwargs["ciphers"] = ciphers.strip()
|
||||||
|
if self.sni:
|
||||||
|
tls_kwargs["sni"] = self.server_uri.split(",", maxsplit=1)[0].strip()
|
||||||
server_kwargs = {
|
server_kwargs = {
|
||||||
"get_info": ALL,
|
"get_info": ALL,
|
||||||
"connect_timeout": LDAP_TIMEOUT,
|
"connect_timeout": LDAP_TIMEOUT,
|
||||||
|
@ -133,7 +159,9 @@ class LDAPSource(Source):
|
||||||
"""Get a fully connected and bound LDAP Connection"""
|
"""Get a fully connected and bound LDAP Connection"""
|
||||||
server_kwargs = server_kwargs or {}
|
server_kwargs = server_kwargs or {}
|
||||||
connection_kwargs = connection_kwargs or {}
|
connection_kwargs = connection_kwargs or {}
|
||||||
|
if self.bind_cn is not None:
|
||||||
connection_kwargs.setdefault("user", self.bind_cn)
|
connection_kwargs.setdefault("user", self.bind_cn)
|
||||||
|
if self.bind_password is not None:
|
||||||
connection_kwargs.setdefault("password", self.bind_password)
|
connection_kwargs.setdefault("password", self.bind_password)
|
||||||
connection = Connection(
|
connection = Connection(
|
||||||
self.server(**server_kwargs),
|
self.server(**server_kwargs),
|
||||||
|
@ -148,9 +176,10 @@ class LDAPSource(Source):
|
||||||
successful = connection.bind()
|
successful = connection.bind()
|
||||||
if successful:
|
if successful:
|
||||||
return connection
|
return connection
|
||||||
except LDAPSchemaError as exc:
|
except (LDAPSchemaError, LDAPInsufficientAccessRightsResult) as exc:
|
||||||
# Schema error, so try connecting without schema info
|
# Schema error, so try connecting without schema info
|
||||||
# See https://github.com/goauthentik/authentik/issues/4590
|
# See https://github.com/goauthentik/authentik/issues/4590
|
||||||
|
# See also https://github.com/goauthentik/authentik/issues/3399
|
||||||
if server_kwargs.get("get_info", ALL) == NONE:
|
if server_kwargs.get("get_info", ALL) == NONE:
|
||||||
raise exc
|
raise exc
|
||||||
server_kwargs["get_info"] = NONE
|
server_kwargs["get_info"] = NONE
|
||||||
|
|
|
@ -0,0 +1,222 @@
|
||||||
|
version: 1
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
blueprints.goauthentik.io/instantiate: "false"
|
||||||
|
name: Example - Google Secure LDAP mappings
|
||||||
|
entries:
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-uid
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: uid"
|
||||||
|
object_field: "username"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('uid')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-googleuid
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: googleUid"
|
||||||
|
object_field: "attributes.googleUid"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('googleUid')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-posixuid
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: posixUid"
|
||||||
|
object_field: "attributes.posixUid"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('posixUid')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-cn
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: cn"
|
||||||
|
object_field: "name"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('cn')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-sn
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: sn"
|
||||||
|
object_field: "attributes.sn"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('sn'))
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-givenname
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: givenName"
|
||||||
|
object_field: "attributes.givenName"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('givenName'))
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-displayname
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: displayName"
|
||||||
|
object_field: "attributes.displayName"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('displayName')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-mail
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: mail"
|
||||||
|
object_field: "email"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('mail')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-memberof
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: memberOf"
|
||||||
|
object_field: "attributes.memberOf"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('memberOf')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-title
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: title"
|
||||||
|
object_field: "attributes.title"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('title')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-employeenumber
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: employeeNumber"
|
||||||
|
object_field: "attributes.employeeNumber"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('employeeNumber')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-employeetype
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: employeeType"
|
||||||
|
object_field: "attributes.employeeType"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('employeeType')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-departmentnumber
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: departmentNumber"
|
||||||
|
object_field: "attributes.departmentNumber"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('departmentNumber')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-physicaldeliveryofficename
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: physicalDeliveryOfficeName"
|
||||||
|
object_field: "attributes.physicalDeliveryOfficeName"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('physicalDeliveryOfficeName')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-jpegphoto
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: jpegPhoto"
|
||||||
|
object_field: "attributes.jpegPhoto"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('jpegPhoto')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-entryuuid
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: entryUuid"
|
||||||
|
object_field: "attributes.entryUuid"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('entryUuid')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-objectsid
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: objectSid"
|
||||||
|
object_field: "attributes.objectSid"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('objectSid')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-uidnumber
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: uidNumber"
|
||||||
|
object_field: "attributes.uidNumber"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('uidNumber')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-gidnumber
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: gidNumber"
|
||||||
|
object_field: "attributes.gidNumber"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('gidNumber')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-homedirectory
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: homeDirectory"
|
||||||
|
object_field: "attributes.homeDirectory"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('homeDirectory')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-loginshell
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: loginShell"
|
||||||
|
object_field: "attributes.loginShell"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('loginShell')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-gidnumber
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: gidNumber"
|
||||||
|
object_field: "attributes.gidNumber"
|
||||||
|
expression: |
|
||||||
|
return ldap.get('gidNumber')
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-sshpublickey
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: sshPublicKey"
|
||||||
|
object_field: "attributes.sshPublicKey"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('sshPublicKey'))
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-description
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: description"
|
||||||
|
object_field: "attributes.description"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('description'))
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-member
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: member"
|
||||||
|
object_field: "attributes.member"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('member'))
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-memberuid
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: memberUid"
|
||||||
|
object_field: "attributes.memberUid"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('memberUid'))
|
||||||
|
- identifiers:
|
||||||
|
managed: goauthentik.io/sources/ldap/google-googleadmincreated
|
||||||
|
model: authentik_sources_ldap.ldappropertymapping
|
||||||
|
attrs:
|
||||||
|
name: "Google Secure LDAP Mapping: googleAdminCreated"
|
||||||
|
object_field: "attributes.googleAdminCreated"
|
||||||
|
expression: |
|
||||||
|
return list_flatten(ldap.get('googleAdminCreated'))
|
|
@ -4732,6 +4732,11 @@
|
||||||
"title": "Peer certificate",
|
"title": "Peer certificate",
|
||||||
"description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
"description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
||||||
},
|
},
|
||||||
|
"client_certificate": {
|
||||||
|
"type": "integer",
|
||||||
|
"title": "Client certificate",
|
||||||
|
"description": "Client certificate to authenticate against the LDAP Server's Certificate."
|
||||||
|
},
|
||||||
"bind_cn": {
|
"bind_cn": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"title": "Bind CN"
|
"title": "Bind CN"
|
||||||
|
@ -4744,6 +4749,10 @@
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"title": "Enable Start TLS"
|
"title": "Enable Start TLS"
|
||||||
},
|
},
|
||||||
|
"sni": {
|
||||||
|
"type": "boolean",
|
||||||
|
"title": "Use Server URI for SNI verification"
|
||||||
|
},
|
||||||
"base_dn": {
|
"base_dn": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"minLength": 1,
|
"minLength": 1,
|
||||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: PACKAGE VERSION\n"
|
"Project-Id-Version: PACKAGE VERSION\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2023-05-21 21:59+0000\n"
|
"POT-Creation-Date: 2023-06-12 12:11+0000\n"
|
||||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||||
|
@ -31,16 +31,16 @@ msgstr ""
|
||||||
msgid "Validation Error"
|
msgid "Validation Error"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/blueprints/api.py:43
|
#: authentik/blueprints/api.py:44
|
||||||
msgid "Blueprint file does not exist"
|
msgid "Blueprint file does not exist"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/blueprints/api.py:54
|
#: authentik/blueprints/api.py:55
|
||||||
#, python-format
|
#, python-format
|
||||||
msgid "Failed to validate blueprint: %(logs)s"
|
msgid "Failed to validate blueprint: %(logs)s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/blueprints/api.py:59
|
#: authentik/blueprints/api.py:60
|
||||||
msgid "Either path or content must be set."
|
msgid "Either path or content must be set."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -69,24 +69,24 @@ msgstr ""
|
||||||
msgid "authentik Export - %(date)s"
|
msgid "authentik Export - %(date)s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/blueprints/v1/tasks.py:149 authentik/crypto/tasks.py:93
|
#: authentik/blueprints/v1/tasks.py:150 authentik/crypto/tasks.py:93
|
||||||
#, python-format
|
#, python-format
|
||||||
msgid "Successfully imported %(count)d files."
|
msgid "Successfully imported %(count)d files."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/core/api/providers.py:113
|
#: authentik/core/api/providers.py:120
|
||||||
msgid "SAML Provider from Metadata"
|
msgid "SAML Provider from Metadata"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/core/api/providers.py:114
|
#: authentik/core/api/providers.py:121
|
||||||
msgid "Create a SAML Provider by importing its Metadata."
|
msgid "Create a SAML Provider by importing its Metadata."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/core/api/users.py:118
|
#: authentik/core/api/users.py:143
|
||||||
msgid "No leading or trailing slashes allowed."
|
msgid "No leading or trailing slashes allowed."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/core/api/users.py:121
|
#: authentik/core/api/users.py:146
|
||||||
msgid "No empty segments in user path allowed."
|
msgid "No empty segments in user path allowed."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -1365,7 +1365,7 @@ msgstr ""
|
||||||
msgid "Authentication token"
|
msgid "Authentication token"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/providers/scim/models.py:33 authentik/sources/ldap/models.py:82
|
#: authentik/providers/scim/models.py:33 authentik/sources/ldap/models.py:94
|
||||||
msgid "Property mappings used for group creation/updating."
|
msgid "Property mappings used for group creation/updating."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -1426,79 +1426,88 @@ msgstr ""
|
||||||
msgid "Used recovery-link to authenticate."
|
msgid "Used recovery-link to authenticate."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:35
|
#: authentik/sources/ldap/models.py:37
|
||||||
msgid "Server URI"
|
msgid "Server URI"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:43
|
#: authentik/sources/ldap/models.py:46
|
||||||
msgid ""
|
msgid ""
|
||||||
"Optionally verify the LDAP Server's Certificate against the CA Chain in this "
|
"Optionally verify the LDAP Server's Certificate against the CA Chain in this "
|
||||||
"keypair."
|
"keypair."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:47
|
#: authentik/sources/ldap/models.py:55
|
||||||
msgid "Bind CN"
|
msgid ""
|
||||||
msgstr ""
|
"Client certificate to authenticate against the LDAP Server's Certificate."
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:49
|
|
||||||
msgid "Enable Start TLS"
|
|
||||||
msgstr ""
|
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:51
|
|
||||||
msgid "Base DN"
|
|
||||||
msgstr ""
|
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:53
|
|
||||||
msgid "Prepended to Base DN for User-queries."
|
|
||||||
msgstr ""
|
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:54
|
|
||||||
msgid "Addition User DN"
|
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:58
|
#: authentik/sources/ldap/models.py:58
|
||||||
msgid "Prepended to Base DN for Group-queries."
|
msgid "Bind CN"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:59
|
#: authentik/sources/ldap/models.py:60
|
||||||
msgid "Addition Group DN"
|
msgid "Enable Start TLS"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: authentik/sources/ldap/models.py:61
|
||||||
|
msgid "Use Server URI for SNI verification"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: authentik/sources/ldap/models.py:63
|
||||||
|
msgid "Base DN"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:65
|
#: authentik/sources/ldap/models.py:65
|
||||||
|
msgid "Prepended to Base DN for User-queries."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: authentik/sources/ldap/models.py:66
|
||||||
|
msgid "Addition User DN"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: authentik/sources/ldap/models.py:70
|
||||||
|
msgid "Prepended to Base DN for Group-queries."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: authentik/sources/ldap/models.py:71
|
||||||
|
msgid "Addition Group DN"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: authentik/sources/ldap/models.py:77
|
||||||
msgid "Consider Objects matching this filter to be Users."
|
msgid "Consider Objects matching this filter to be Users."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:68
|
#: authentik/sources/ldap/models.py:80
|
||||||
msgid "Field which contains members of a group."
|
msgid "Field which contains members of a group."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:72
|
#: authentik/sources/ldap/models.py:84
|
||||||
msgid "Consider Objects matching this filter to be Groups."
|
msgid "Consider Objects matching this filter to be Groups."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:75
|
#: authentik/sources/ldap/models.py:87
|
||||||
msgid "Field which contains a unique Identifier."
|
msgid "Field which contains a unique Identifier."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:89
|
#: authentik/sources/ldap/models.py:101
|
||||||
msgid ""
|
msgid ""
|
||||||
"When a user changes their password, sync it back to LDAP. This can only be "
|
"When a user changes their password, sync it back to LDAP. This can only be "
|
||||||
"enabled on a single LDAP source."
|
"enabled on a single LDAP source."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:159
|
#: authentik/sources/ldap/models.py:188
|
||||||
msgid "LDAP Source"
|
msgid "LDAP Source"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:160
|
#: authentik/sources/ldap/models.py:189
|
||||||
msgid "LDAP Sources"
|
msgid "LDAP Sources"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:182
|
#: authentik/sources/ldap/models.py:211
|
||||||
msgid "LDAP Property Mapping"
|
msgid "LDAP Property Mapping"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: authentik/sources/ldap/models.py:183
|
#: authentik/sources/ldap/models.py:212
|
||||||
msgid "LDAP Property Mappings"
|
msgid "LDAP Property Mappings"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
|
36
schema.yml
36
schema.yml
|
@ -17096,6 +17096,11 @@ paths:
|
||||||
name: bind_cn
|
name: bind_cn
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
|
- in: query
|
||||||
|
name: client_certificate
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
format: uuid
|
||||||
- in: query
|
- in: query
|
||||||
name: enabled
|
name: enabled
|
||||||
schema:
|
schema:
|
||||||
|
@ -17171,6 +17176,10 @@ paths:
|
||||||
name: slug
|
name: slug
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
|
- in: query
|
||||||
|
name: sni
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
- in: query
|
- in: query
|
||||||
name: start_tls
|
name: start_tls
|
||||||
schema:
|
schema:
|
||||||
|
@ -30950,11 +30959,20 @@ components:
|
||||||
nullable: true
|
nullable: true
|
||||||
description: Optionally verify the LDAP Server's Certificate against the
|
description: Optionally verify the LDAP Server's Certificate against the
|
||||||
CA Chain in this keypair.
|
CA Chain in this keypair.
|
||||||
|
client_certificate:
|
||||||
|
type: string
|
||||||
|
format: uuid
|
||||||
|
nullable: true
|
||||||
|
description: Client certificate to authenticate against the LDAP Server's
|
||||||
|
Certificate.
|
||||||
bind_cn:
|
bind_cn:
|
||||||
type: string
|
type: string
|
||||||
start_tls:
|
start_tls:
|
||||||
type: boolean
|
type: boolean
|
||||||
title: Enable Start TLS
|
title: Enable Start TLS
|
||||||
|
sni:
|
||||||
|
type: boolean
|
||||||
|
title: Use Server URI for SNI verification
|
||||||
base_dn:
|
base_dn:
|
||||||
type: string
|
type: string
|
||||||
additional_user_dn:
|
additional_user_dn:
|
||||||
|
@ -31064,6 +31082,12 @@ components:
|
||||||
nullable: true
|
nullable: true
|
||||||
description: Optionally verify the LDAP Server's Certificate against the
|
description: Optionally verify the LDAP Server's Certificate against the
|
||||||
CA Chain in this keypair.
|
CA Chain in this keypair.
|
||||||
|
client_certificate:
|
||||||
|
type: string
|
||||||
|
format: uuid
|
||||||
|
nullable: true
|
||||||
|
description: Client certificate to authenticate against the LDAP Server's
|
||||||
|
Certificate.
|
||||||
bind_cn:
|
bind_cn:
|
||||||
type: string
|
type: string
|
||||||
bind_password:
|
bind_password:
|
||||||
|
@ -31072,6 +31096,9 @@ components:
|
||||||
start_tls:
|
start_tls:
|
||||||
type: boolean
|
type: boolean
|
||||||
title: Enable Start TLS
|
title: Enable Start TLS
|
||||||
|
sni:
|
||||||
|
type: boolean
|
||||||
|
title: Use Server URI for SNI verification
|
||||||
base_dn:
|
base_dn:
|
||||||
type: string
|
type: string
|
||||||
minLength: 1
|
minLength: 1
|
||||||
|
@ -36356,6 +36383,12 @@ components:
|
||||||
nullable: true
|
nullable: true
|
||||||
description: Optionally verify the LDAP Server's Certificate against the
|
description: Optionally verify the LDAP Server's Certificate against the
|
||||||
CA Chain in this keypair.
|
CA Chain in this keypair.
|
||||||
|
client_certificate:
|
||||||
|
type: string
|
||||||
|
format: uuid
|
||||||
|
nullable: true
|
||||||
|
description: Client certificate to authenticate against the LDAP Server's
|
||||||
|
Certificate.
|
||||||
bind_cn:
|
bind_cn:
|
||||||
type: string
|
type: string
|
||||||
bind_password:
|
bind_password:
|
||||||
|
@ -36364,6 +36397,9 @@ components:
|
||||||
start_tls:
|
start_tls:
|
||||||
type: boolean
|
type: boolean
|
||||||
title: Enable Start TLS
|
title: Enable Start TLS
|
||||||
|
sni:
|
||||||
|
type: boolean
|
||||||
|
title: Use Server URI for SNI verification
|
||||||
base_dn:
|
base_dn:
|
||||||
type: string
|
type: string
|
||||||
minLength: 1
|
minLength: 1
|
||||||
|
|
|
@ -184,6 +184,26 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
|
||||||
${msg("To use SSL instead, use 'ldaps://' and disable this option.")}
|
${msg("To use SSL instead, use 'ldaps://' and disable this option.")}
|
||||||
</p>
|
</p>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal name="sni">
|
||||||
|
<label class="pf-c-switch">
|
||||||
|
<input
|
||||||
|
class="pf-c-switch__input"
|
||||||
|
type="checkbox"
|
||||||
|
?checked=${first(this.instance?.sni, false)}
|
||||||
|
/>
|
||||||
|
<span class="pf-c-switch__toggle">
|
||||||
|
<span class="pf-c-switch__toggle-icon">
|
||||||
|
<i class="fas fa-check" aria-hidden="true"></i>
|
||||||
|
</span>
|
||||||
|
</span>
|
||||||
|
<span class="pf-c-switch__label"
|
||||||
|
>${msg("Use Server URI for SNI verification")}</span
|
||||||
|
>
|
||||||
|
</label>
|
||||||
|
<p class="pf-c-form__helper-text">
|
||||||
|
${msg("Required for servers using TLS 1.3+")}
|
||||||
|
</p>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
<ak-form-element-horizontal
|
<ak-form-element-horizontal
|
||||||
label=${msg("TLS Verification Certificate")}
|
label=${msg("TLS Verification Certificate")}
|
||||||
name="peerCertificate"
|
name="peerCertificate"
|
||||||
|
@ -222,6 +242,45 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
|
||||||
)}
|
)}
|
||||||
</p>
|
</p>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${msg("TLS Client authentication certificate")}
|
||||||
|
name="clientCertificate"
|
||||||
|
>
|
||||||
|
<ak-search-select
|
||||||
|
.fetchObjects=${async (
|
||||||
|
query?: string,
|
||||||
|
): Promise<CertificateKeyPair[]> => {
|
||||||
|
const args: CryptoCertificatekeypairsListRequest = {
|
||||||
|
ordering: "name",
|
||||||
|
hasKey: true,
|
||||||
|
includeDetails: false,
|
||||||
|
};
|
||||||
|
if (query !== undefined) {
|
||||||
|
args.search = query;
|
||||||
|
}
|
||||||
|
const certificates = await new CryptoApi(
|
||||||
|
DEFAULT_CONFIG,
|
||||||
|
).cryptoCertificatekeypairsList(args);
|
||||||
|
return certificates.results;
|
||||||
|
}}
|
||||||
|
.renderElement=${(item: CertificateKeyPair): string => {
|
||||||
|
return item.name;
|
||||||
|
}}
|
||||||
|
.value=${(item: CertificateKeyPair | undefined): string | undefined => {
|
||||||
|
return item?.pk;
|
||||||
|
}}
|
||||||
|
.selected=${(item: CertificateKeyPair): boolean => {
|
||||||
|
return item.pk === this.instance?.clientCertificate;
|
||||||
|
}}
|
||||||
|
?blankable=${true}
|
||||||
|
>
|
||||||
|
</ak-search-select>
|
||||||
|
<p class="pf-c-form__helper-text">
|
||||||
|
${msg(
|
||||||
|
"Client certificate keypair to authenticate against the LDAP Server's Certificate.",
|
||||||
|
)}
|
||||||
|
</p>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
<ak-form-element-horizontal label=${msg("Bind CN")} name="bindCn">
|
<ak-form-element-horizontal label=${msg("Bind CN")} name="bindCn">
|
||||||
<input
|
<input
|
||||||
type="text"
|
type="text"
|
||||||
|
|
|
@ -748,13 +748,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>Zertifikat</target>
|
<target>Zertifikat</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>Wenn sich mehrere Anbieter einen Außenposten teilen, wird ein selbstsigniertes Zertifikat verwendet.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>UID-Startnummer</target>
|
<target>UID-Startnummer</target>
|
||||||
|
@ -5722,6 +5715,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>Aktivieren</target>
|
<target>Aktivieren</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -777,14 +777,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>Certificate</target>
|
<target>Certificate</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
<target>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>If multiple providers share an outpost, a self-signed certificate is used.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>UID start number</target>
|
<target>UID start number</target>
|
||||||
|
@ -6039,6 +6031,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>Activate</target>
|
<target>Activate</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -733,13 +733,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>Certificado</target>
|
<target>Certificado</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>Si varios proveedores comparten un puesto avanzado, se utiliza un certificado autofirmado.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>Número inicial de UID</target>
|
<target>Número inicial de UID</target>
|
||||||
|
@ -5630,6 +5623,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>Activar</target>
|
<target>Activar</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -749,13 +749,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>Certificat</target>
|
<target>Certificat</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>Si plusieurs fournisseurs partagent un avant-poste, un certificat auto-signé est utilisé.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>Numéro de départ d'UID</target>
|
<target>Numéro de départ d'UID</target>
|
||||||
|
@ -5737,6 +5730,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>Activer</target>
|
<target>Activer</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -752,13 +752,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>Certyfikat</target>
|
<target>Certyfikat</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>Jeśli wielu dostawców współdzieli placówkę, używany jest certyfikat z podpisem własnym.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>Numer początkowy UID</target>
|
<target>Numer początkowy UID</target>
|
||||||
|
@ -5869,6 +5862,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>Aktywuj</target>
|
<target>Aktywuj</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -761,14 +761,6 @@
|
||||||
<trans-unit id="sb157267c85fdff30">
|
<trans-unit id="sb157267c85fdff30">
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
|
@ -5973,6 +5965,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s27976e94b05c6970">
|
<trans-unit id="s27976e94b05c6970">
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -733,13 +733,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>Sertifika</target>
|
<target>Sertifika</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>Birden çok sağlayıcı bir üssü paylaşıyorsa, otomatik olarak imzalanan bir sertifika kullanılır.</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>UID başlangıç numarası</target>
|
<target>UID başlangıç numarası</target>
|
||||||
|
@ -5620,6 +5613,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>Etkinleştir</target>
|
<target>Etkinleştir</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -965,16 +965,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>证书</target>
|
<target>证书</target>
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
<target>由于协议限制,只在前哨有单个提供程序,或所有提供程序都使用相同证书时才使用此证书。</target>
|
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>如果多个提供程序共享同一个前哨,则使用自签名证书。</target>
|
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
|
@ -7547,6 +7537,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<target>激活</target>
|
<target>激活</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -740,13 +740,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>证书</target>
|
<target>证书</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>如果多个提供商共享一个 Outpost,则使用自签名证书。</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>UID 起始编号</target>
|
<target>UID 起始编号</target>
|
||||||
|
@ -5675,6 +5668,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>启用</target>
|
<target>启用</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -740,13 +740,6 @@
|
||||||
<source>Certificate</source>
|
<source>Certificate</source>
|
||||||
<target>证书</target>
|
<target>证书</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s4eb524a2bb358f8b">
|
|
||||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s73e9d580d6d96b02">
|
|
||||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
|
||||||
<target>如果多个提供商共享一个 Outpost,则使用自签名证书。</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="sac43cb9690260b86">
|
<trans-unit id="sac43cb9690260b86">
|
||||||
<source>UID start number</source>
|
<source>UID start number</source>
|
||||||
<target>UID 起始编号</target>
|
<target>UID 起始编号</target>
|
||||||
|
@ -5674,6 +5667,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<source>Activate</source>
|
<source>Activate</source>
|
||||||
<target>启用</target>
|
<target>启用</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s1024166475850a65">
|
||||||
|
<source>Use Server URI for SNI verification</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="se65beb94fffc3c4b">
|
||||||
|
<source>Required for servers using TLS 1.3+</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s5506b35a1bceb141">
|
||||||
|
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s4647b2c92638d6fd">
|
||||||
|
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scd247ffad6e04ac0">
|
||||||
|
<source>TLS Server name</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s2acef4f6ba39bf11">
|
||||||
|
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s000ee3e634868b3c">
|
||||||
|
<source>TLS Client authentication certificate</source>
|
||||||
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
Reference in New Issue