sources/ldap: add support for cert based auth (#5850)
* ldap: support cert based auth Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ldap: default sni switch to off * ldap: `get_info=NONE` on insufficient access error * fix: Make file locale script * ldap: add google ldap attribute mappings * ldap: move google secure ldap blueprint to examples Revert "ldap: add google ldap attribute mappings" This reverts commit 8a861bb92c1bd763b6e7ec0513f73b3039a1adb4. * ldap: remove `validate` for client cert auth not strictly necessary * ldap: write temp cert files more securely * ldap: use first array value for sni when provided csv input * don't specify tempdir we set $TMPDIR in the dockerfile Signed-off-by: Jens Langhammer <jens@goauthentik.io> * limit API to only allow certificate key pairs with private key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use maxsplit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
8ddefb213f
commit
029395d08b
2
Makefile
2
Makefile
|
@ -151,7 +151,7 @@ web-check-compile:
|
|||
cd web && npm run tsc
|
||||
|
||||
web-i18n-extract:
|
||||
cd web && npm run extract
|
||||
cd web && npm run extract-locales
|
||||
|
||||
#########################
|
||||
## Website
|
||||
|
|
|
@ -8,6 +8,7 @@ from drf_spectacular.utils import extend_schema, extend_schema_field, inline_ser
|
|||
from rest_framework.decorators import action
|
||||
from rest_framework.exceptions import ValidationError
|
||||
from rest_framework.fields import DictField, ListField
|
||||
from rest_framework.relations import PrimaryKeyRelatedField
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
|
@ -16,6 +17,7 @@ from authentik.admin.api.tasks import TaskSerializer
|
|||
from authentik.core.api.propertymappings import PropertyMappingSerializer
|
||||
from authentik.core.api.sources import SourceSerializer
|
||||
from authentik.core.api.used_by import UsedByMixin
|
||||
from authentik.crypto.models import CertificateKeyPair
|
||||
from authentik.events.monitored_tasks import TaskInfo
|
||||
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
|
||||
from authentik.sources.ldap.tasks import SYNC_CLASSES
|
||||
|
@ -24,6 +26,15 @@ from authentik.sources.ldap.tasks import SYNC_CLASSES
|
|||
class LDAPSourceSerializer(SourceSerializer):
|
||||
"""LDAP Source Serializer"""
|
||||
|
||||
client_certificate = PrimaryKeyRelatedField(
|
||||
allow_null=True,
|
||||
help_text="Client certificate to authenticate against the LDAP Server's Certificate.",
|
||||
queryset=CertificateKeyPair.objects.exclude(
|
||||
key_data__exact="",
|
||||
),
|
||||
required=False,
|
||||
)
|
||||
|
||||
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
||||
"""Check that only a single source has password_sync on"""
|
||||
sync_users_password = attrs.get("sync_users_password", True)
|
||||
|
@ -42,9 +53,11 @@ class LDAPSourceSerializer(SourceSerializer):
|
|||
fields = SourceSerializer.Meta.fields + [
|
||||
"server_uri",
|
||||
"peer_certificate",
|
||||
"client_certificate",
|
||||
"bind_cn",
|
||||
"bind_password",
|
||||
"start_tls",
|
||||
"sni",
|
||||
"base_dn",
|
||||
"additional_user_dn",
|
||||
"additional_group_dn",
|
||||
|
@ -75,7 +88,9 @@ class LDAPSourceViewSet(UsedByMixin, ModelViewSet):
|
|||
"server_uri",
|
||||
"bind_cn",
|
||||
"peer_certificate",
|
||||
"client_certificate",
|
||||
"start_tls",
|
||||
"sni",
|
||||
"base_dn",
|
||||
"additional_user_dn",
|
||||
"additional_group_dn",
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
# Generated by Django 4.1.7 on 2023-06-06 18:33
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("authentik_crypto", "0004_alter_certificatekeypair_name"),
|
||||
("authentik_sources_ldap", "0002_auto_20211203_0900"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="ldapsource",
|
||||
name="client_certificate",
|
||||
field=models.ForeignKey(
|
||||
default=None,
|
||||
help_text="Client certificate to authenticate against the LDAP Server's Certificate.",
|
||||
null=True,
|
||||
on_delete=django.db.models.deletion.SET_DEFAULT,
|
||||
related_name="ldap_client_certificates",
|
||||
to="authentik_crypto.certificatekeypair",
|
||||
),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name="ldapsource",
|
||||
name="sni",
|
||||
field=models.BooleanField(
|
||||
default=False, verbose_name="Use Server URI for SNI verification"
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="ldapsource",
|
||||
name="peer_certificate",
|
||||
field=models.ForeignKey(
|
||||
default=None,
|
||||
help_text="Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair.",
|
||||
null=True,
|
||||
on_delete=django.db.models.deletion.SET_DEFAULT,
|
||||
related_name="ldap_peer_certificates",
|
||||
to="authentik_crypto.certificatekeypair",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,11 +1,13 @@
|
|||
"""authentik LDAP Models"""
|
||||
from os import chmod
|
||||
from ssl import CERT_REQUIRED
|
||||
from tempfile import NamedTemporaryFile, mkdtemp
|
||||
from typing import Optional
|
||||
|
||||
from django.db import models
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from ldap3 import ALL, NONE, RANDOM, Connection, Server, ServerPool, Tls
|
||||
from ldap3.core.exceptions import LDAPSchemaError
|
||||
from ldap3.core.exceptions import LDAPInsufficientAccessRightsResult, LDAPSchemaError
|
||||
from rest_framework.serializers import Serializer
|
||||
|
||||
from authentik.core.models import Group, PropertyMapping, Source
|
||||
|
@ -39,14 +41,24 @@ class LDAPSource(Source):
|
|||
on_delete=models.SET_DEFAULT,
|
||||
default=None,
|
||||
null=True,
|
||||
related_name="ldap_peer_certificates",
|
||||
help_text=_(
|
||||
"Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
||||
),
|
||||
)
|
||||
client_certificate = models.ForeignKey(
|
||||
CertificateKeyPair,
|
||||
on_delete=models.SET_DEFAULT,
|
||||
default=None,
|
||||
null=True,
|
||||
related_name="ldap_client_certificates",
|
||||
help_text=_("Client certificate to authenticate against the LDAP Server's Certificate."),
|
||||
)
|
||||
|
||||
bind_cn = models.TextField(verbose_name=_("Bind CN"), blank=True)
|
||||
bind_password = models.TextField(blank=True)
|
||||
start_tls = models.BooleanField(default=False, verbose_name=_("Enable Start TLS"))
|
||||
sni = models.BooleanField(default=False, verbose_name=_("Use Server URI for SNI verification"))
|
||||
|
||||
base_dn = models.TextField(verbose_name=_("Base DN"))
|
||||
additional_user_dn = models.TextField(
|
||||
|
@ -112,8 +124,22 @@ class LDAPSource(Source):
|
|||
if self.peer_certificate:
|
||||
tls_kwargs["ca_certs_data"] = self.peer_certificate.certificate_data
|
||||
tls_kwargs["validate"] = CERT_REQUIRED
|
||||
if self.client_certificate:
|
||||
temp_dir = mkdtemp()
|
||||
with NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as temp_cert:
|
||||
temp_cert.write(self.client_certificate.certificate_data)
|
||||
certificate_file = temp_cert.name
|
||||
chmod(certificate_file, 0o600)
|
||||
with NamedTemporaryFile(mode="w", delete=False, dir=temp_dir) as temp_key:
|
||||
temp_key.write(self.client_certificate.key_data)
|
||||
private_key_file = temp_key.name
|
||||
chmod(private_key_file, 0o600)
|
||||
tls_kwargs["local_private_key_file"] = private_key_file
|
||||
tls_kwargs["local_certificate_file"] = certificate_file
|
||||
if ciphers := CONFIG.y("ldap.tls.ciphers", None):
|
||||
tls_kwargs["ciphers"] = ciphers.strip()
|
||||
if self.sni:
|
||||
tls_kwargs["sni"] = self.server_uri.split(",", maxsplit=1)[0].strip()
|
||||
server_kwargs = {
|
||||
"get_info": ALL,
|
||||
"connect_timeout": LDAP_TIMEOUT,
|
||||
|
@ -133,7 +159,9 @@ class LDAPSource(Source):
|
|||
"""Get a fully connected and bound LDAP Connection"""
|
||||
server_kwargs = server_kwargs or {}
|
||||
connection_kwargs = connection_kwargs or {}
|
||||
if self.bind_cn is not None:
|
||||
connection_kwargs.setdefault("user", self.bind_cn)
|
||||
if self.bind_password is not None:
|
||||
connection_kwargs.setdefault("password", self.bind_password)
|
||||
connection = Connection(
|
||||
self.server(**server_kwargs),
|
||||
|
@ -148,9 +176,10 @@ class LDAPSource(Source):
|
|||
successful = connection.bind()
|
||||
if successful:
|
||||
return connection
|
||||
except LDAPSchemaError as exc:
|
||||
except (LDAPSchemaError, LDAPInsufficientAccessRightsResult) as exc:
|
||||
# Schema error, so try connecting without schema info
|
||||
# See https://github.com/goauthentik/authentik/issues/4590
|
||||
# See also https://github.com/goauthentik/authentik/issues/3399
|
||||
if server_kwargs.get("get_info", ALL) == NONE:
|
||||
raise exc
|
||||
server_kwargs["get_info"] = NONE
|
||||
|
|
222
blueprints/example/sources-google-ldap-mappings.yaml
Normal file
222
blueprints/example/sources-google-ldap-mappings.yaml
Normal file
|
@ -0,0 +1,222 @@
|
|||
version: 1
|
||||
metadata:
|
||||
labels:
|
||||
blueprints.goauthentik.io/instantiate: "false"
|
||||
name: Example - Google Secure LDAP mappings
|
||||
entries:
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-uid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: uid"
|
||||
object_field: "username"
|
||||
expression: |
|
||||
return ldap.get('uid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-googleuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: googleUid"
|
||||
object_field: "attributes.googleUid"
|
||||
expression: |
|
||||
return ldap.get('googleUid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-posixuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: posixUid"
|
||||
object_field: "attributes.posixUid"
|
||||
expression: |
|
||||
return ldap.get('posixUid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-cn
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: cn"
|
||||
object_field: "name"
|
||||
expression: |
|
||||
return ldap.get('cn')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-sn
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: sn"
|
||||
object_field: "attributes.sn"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('sn'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-givenname
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: givenName"
|
||||
object_field: "attributes.givenName"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('givenName'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-displayname
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: displayName"
|
||||
object_field: "attributes.displayName"
|
||||
expression: |
|
||||
return ldap.get('displayName')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-mail
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: mail"
|
||||
object_field: "email"
|
||||
expression: |
|
||||
return ldap.get('mail')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-memberof
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: memberOf"
|
||||
object_field: "attributes.memberOf"
|
||||
expression: |
|
||||
return ldap.get('memberOf')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-title
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: title"
|
||||
object_field: "attributes.title"
|
||||
expression: |
|
||||
return ldap.get('title')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-employeenumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: employeeNumber"
|
||||
object_field: "attributes.employeeNumber"
|
||||
expression: |
|
||||
return ldap.get('employeeNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-employeetype
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: employeeType"
|
||||
object_field: "attributes.employeeType"
|
||||
expression: |
|
||||
return ldap.get('employeeType')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-departmentnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: departmentNumber"
|
||||
object_field: "attributes.departmentNumber"
|
||||
expression: |
|
||||
return ldap.get('departmentNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-physicaldeliveryofficename
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: physicalDeliveryOfficeName"
|
||||
object_field: "attributes.physicalDeliveryOfficeName"
|
||||
expression: |
|
||||
return ldap.get('physicalDeliveryOfficeName')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-jpegphoto
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: jpegPhoto"
|
||||
object_field: "attributes.jpegPhoto"
|
||||
expression: |
|
||||
return ldap.get('jpegPhoto')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-entryuuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: entryUuid"
|
||||
object_field: "attributes.entryUuid"
|
||||
expression: |
|
||||
return ldap.get('entryUuid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-objectsid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: objectSid"
|
||||
object_field: "attributes.objectSid"
|
||||
expression: |
|
||||
return ldap.get('objectSid')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-uidnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: uidNumber"
|
||||
object_field: "attributes.uidNumber"
|
||||
expression: |
|
||||
return ldap.get('uidNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-gidnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: gidNumber"
|
||||
object_field: "attributes.gidNumber"
|
||||
expression: |
|
||||
return ldap.get('gidNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-homedirectory
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: homeDirectory"
|
||||
object_field: "attributes.homeDirectory"
|
||||
expression: |
|
||||
return ldap.get('homeDirectory')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-loginshell
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: loginShell"
|
||||
object_field: "attributes.loginShell"
|
||||
expression: |
|
||||
return ldap.get('loginShell')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-gidnumber
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: gidNumber"
|
||||
object_field: "attributes.gidNumber"
|
||||
expression: |
|
||||
return ldap.get('gidNumber')
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-sshpublickey
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: sshPublicKey"
|
||||
object_field: "attributes.sshPublicKey"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('sshPublicKey'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-description
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: description"
|
||||
object_field: "attributes.description"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('description'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-member
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: member"
|
||||
object_field: "attributes.member"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('member'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-memberuid
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: memberUid"
|
||||
object_field: "attributes.memberUid"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('memberUid'))
|
||||
- identifiers:
|
||||
managed: goauthentik.io/sources/ldap/google-googleadmincreated
|
||||
model: authentik_sources_ldap.ldappropertymapping
|
||||
attrs:
|
||||
name: "Google Secure LDAP Mapping: googleAdminCreated"
|
||||
object_field: "attributes.googleAdminCreated"
|
||||
expression: |
|
||||
return list_flatten(ldap.get('googleAdminCreated'))
|
|
@ -4732,6 +4732,11 @@
|
|||
"title": "Peer certificate",
|
||||
"description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
||||
},
|
||||
"client_certificate": {
|
||||
"type": "integer",
|
||||
"title": "Client certificate",
|
||||
"description": "Client certificate to authenticate against the LDAP Server's Certificate."
|
||||
},
|
||||
"bind_cn": {
|
||||
"type": "string",
|
||||
"title": "Bind CN"
|
||||
|
@ -4744,6 +4749,10 @@
|
|||
"type": "boolean",
|
||||
"title": "Enable Start TLS"
|
||||
},
|
||||
"sni": {
|
||||
"type": "boolean",
|
||||
"title": "Use Server URI for SNI verification"
|
||||
},
|
||||
"base_dn": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2023-05-21 21:59+0000\n"
|
||||
"POT-Creation-Date: 2023-06-12 12:11+0000\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -31,16 +31,16 @@ msgstr ""
|
|||
msgid "Validation Error"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/api.py:43
|
||||
#: authentik/blueprints/api.py:44
|
||||
msgid "Blueprint file does not exist"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/api.py:54
|
||||
#: authentik/blueprints/api.py:55
|
||||
#, python-format
|
||||
msgid "Failed to validate blueprint: %(logs)s"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/api.py:59
|
||||
#: authentik/blueprints/api.py:60
|
||||
msgid "Either path or content must be set."
|
||||
msgstr ""
|
||||
|
||||
|
@ -69,24 +69,24 @@ msgstr ""
|
|||
msgid "authentik Export - %(date)s"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/blueprints/v1/tasks.py:149 authentik/crypto/tasks.py:93
|
||||
#: authentik/blueprints/v1/tasks.py:150 authentik/crypto/tasks.py:93
|
||||
#, python-format
|
||||
msgid "Successfully imported %(count)d files."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/providers.py:113
|
||||
#: authentik/core/api/providers.py:120
|
||||
msgid "SAML Provider from Metadata"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/providers.py:114
|
||||
#: authentik/core/api/providers.py:121
|
||||
msgid "Create a SAML Provider by importing its Metadata."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/users.py:118
|
||||
#: authentik/core/api/users.py:143
|
||||
msgid "No leading or trailing slashes allowed."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/core/api/users.py:121
|
||||
#: authentik/core/api/users.py:146
|
||||
msgid "No empty segments in user path allowed."
|
||||
msgstr ""
|
||||
|
||||
|
@ -1365,7 +1365,7 @@ msgstr ""
|
|||
msgid "Authentication token"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/providers/scim/models.py:33 authentik/sources/ldap/models.py:82
|
||||
#: authentik/providers/scim/models.py:33 authentik/sources/ldap/models.py:94
|
||||
msgid "Property mappings used for group creation/updating."
|
||||
msgstr ""
|
||||
|
||||
|
@ -1426,79 +1426,88 @@ msgstr ""
|
|||
msgid "Used recovery-link to authenticate."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:35
|
||||
#: authentik/sources/ldap/models.py:37
|
||||
msgid "Server URI"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:43
|
||||
#: authentik/sources/ldap/models.py:46
|
||||
msgid ""
|
||||
"Optionally verify the LDAP Server's Certificate against the CA Chain in this "
|
||||
"keypair."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:47
|
||||
msgid "Bind CN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:49
|
||||
msgid "Enable Start TLS"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:51
|
||||
msgid "Base DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:53
|
||||
msgid "Prepended to Base DN for User-queries."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:54
|
||||
msgid "Addition User DN"
|
||||
#: authentik/sources/ldap/models.py:55
|
||||
msgid ""
|
||||
"Client certificate to authenticate against the LDAP Server's Certificate."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:58
|
||||
msgid "Prepended to Base DN for Group-queries."
|
||||
msgid "Bind CN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:59
|
||||
msgid "Addition Group DN"
|
||||
#: authentik/sources/ldap/models.py:60
|
||||
msgid "Enable Start TLS"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:61
|
||||
msgid "Use Server URI for SNI verification"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:63
|
||||
msgid "Base DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:65
|
||||
msgid "Prepended to Base DN for User-queries."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:66
|
||||
msgid "Addition User DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:70
|
||||
msgid "Prepended to Base DN for Group-queries."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:71
|
||||
msgid "Addition Group DN"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:77
|
||||
msgid "Consider Objects matching this filter to be Users."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:68
|
||||
#: authentik/sources/ldap/models.py:80
|
||||
msgid "Field which contains members of a group."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:72
|
||||
#: authentik/sources/ldap/models.py:84
|
||||
msgid "Consider Objects matching this filter to be Groups."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:75
|
||||
#: authentik/sources/ldap/models.py:87
|
||||
msgid "Field which contains a unique Identifier."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:89
|
||||
#: authentik/sources/ldap/models.py:101
|
||||
msgid ""
|
||||
"When a user changes their password, sync it back to LDAP. This can only be "
|
||||
"enabled on a single LDAP source."
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:159
|
||||
#: authentik/sources/ldap/models.py:188
|
||||
msgid "LDAP Source"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:160
|
||||
#: authentik/sources/ldap/models.py:189
|
||||
msgid "LDAP Sources"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:182
|
||||
#: authentik/sources/ldap/models.py:211
|
||||
msgid "LDAP Property Mapping"
|
||||
msgstr ""
|
||||
|
||||
#: authentik/sources/ldap/models.py:183
|
||||
#: authentik/sources/ldap/models.py:212
|
||||
msgid "LDAP Property Mappings"
|
||||
msgstr ""
|
||||
|
||||
|
|
36
schema.yml
36
schema.yml
|
@ -17096,6 +17096,11 @@ paths:
|
|||
name: bind_cn
|
||||
schema:
|
||||
type: string
|
||||
- in: query
|
||||
name: client_certificate
|
||||
schema:
|
||||
type: string
|
||||
format: uuid
|
||||
- in: query
|
||||
name: enabled
|
||||
schema:
|
||||
|
@ -17171,6 +17176,10 @@ paths:
|
|||
name: slug
|
||||
schema:
|
||||
type: string
|
||||
- in: query
|
||||
name: sni
|
||||
schema:
|
||||
type: boolean
|
||||
- in: query
|
||||
name: start_tls
|
||||
schema:
|
||||
|
@ -30950,11 +30959,20 @@ components:
|
|||
nullable: true
|
||||
description: Optionally verify the LDAP Server's Certificate against the
|
||||
CA Chain in this keypair.
|
||||
client_certificate:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: Client certificate to authenticate against the LDAP Server's
|
||||
Certificate.
|
||||
bind_cn:
|
||||
type: string
|
||||
start_tls:
|
||||
type: boolean
|
||||
title: Enable Start TLS
|
||||
sni:
|
||||
type: boolean
|
||||
title: Use Server URI for SNI verification
|
||||
base_dn:
|
||||
type: string
|
||||
additional_user_dn:
|
||||
|
@ -31064,6 +31082,12 @@ components:
|
|||
nullable: true
|
||||
description: Optionally verify the LDAP Server's Certificate against the
|
||||
CA Chain in this keypair.
|
||||
client_certificate:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: Client certificate to authenticate against the LDAP Server's
|
||||
Certificate.
|
||||
bind_cn:
|
||||
type: string
|
||||
bind_password:
|
||||
|
@ -31072,6 +31096,9 @@ components:
|
|||
start_tls:
|
||||
type: boolean
|
||||
title: Enable Start TLS
|
||||
sni:
|
||||
type: boolean
|
||||
title: Use Server URI for SNI verification
|
||||
base_dn:
|
||||
type: string
|
||||
minLength: 1
|
||||
|
@ -36356,6 +36383,12 @@ components:
|
|||
nullable: true
|
||||
description: Optionally verify the LDAP Server's Certificate against the
|
||||
CA Chain in this keypair.
|
||||
client_certificate:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: Client certificate to authenticate against the LDAP Server's
|
||||
Certificate.
|
||||
bind_cn:
|
||||
type: string
|
||||
bind_password:
|
||||
|
@ -36364,6 +36397,9 @@ components:
|
|||
start_tls:
|
||||
type: boolean
|
||||
title: Enable Start TLS
|
||||
sni:
|
||||
type: boolean
|
||||
title: Use Server URI for SNI verification
|
||||
base_dn:
|
||||
type: string
|
||||
minLength: 1
|
||||
|
|
|
@ -184,6 +184,26 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
|
|||
${msg("To use SSL instead, use 'ldaps://' and disable this option.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="sni">
|
||||
<label class="pf-c-switch">
|
||||
<input
|
||||
class="pf-c-switch__input"
|
||||
type="checkbox"
|
||||
?checked=${first(this.instance?.sni, false)}
|
||||
/>
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label"
|
||||
>${msg("Use Server URI for SNI verification")}</span
|
||||
>
|
||||
</label>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Required for servers using TLS 1.3+")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("TLS Verification Certificate")}
|
||||
name="peerCertificate"
|
||||
|
@ -222,6 +242,45 @@ export class LDAPSourceForm extends ModelForm<LDAPSource, string> {
|
|||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("TLS Client authentication certificate")}
|
||||
name="clientCertificate"
|
||||
>
|
||||
<ak-search-select
|
||||
.fetchObjects=${async (
|
||||
query?: string,
|
||||
): Promise<CertificateKeyPair[]> => {
|
||||
const args: CryptoCertificatekeypairsListRequest = {
|
||||
ordering: "name",
|
||||
hasKey: true,
|
||||
includeDetails: false,
|
||||
};
|
||||
if (query !== undefined) {
|
||||
args.search = query;
|
||||
}
|
||||
const certificates = await new CryptoApi(
|
||||
DEFAULT_CONFIG,
|
||||
).cryptoCertificatekeypairsList(args);
|
||||
return certificates.results;
|
||||
}}
|
||||
.renderElement=${(item: CertificateKeyPair): string => {
|
||||
return item.name;
|
||||
}}
|
||||
.value=${(item: CertificateKeyPair | undefined): string | undefined => {
|
||||
return item?.pk;
|
||||
}}
|
||||
.selected=${(item: CertificateKeyPair): boolean => {
|
||||
return item.pk === this.instance?.clientCertificate;
|
||||
}}
|
||||
?blankable=${true}
|
||||
>
|
||||
</ak-search-select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Client certificate keypair to authenticate against the LDAP Server's Certificate.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal label=${msg("Bind CN")} name="bindCn">
|
||||
<input
|
||||
type="text"
|
||||
|
|
|
@ -748,13 +748,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Zertifikat</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Wenn sich mehrere Anbieter einen Außenposten teilen, wird ein selbstsigniertes Zertifikat verwendet.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID-Startnummer</target>
|
||||
|
@ -5722,6 +5715,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Aktivieren</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -777,14 +777,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certificate</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
<target>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>If multiple providers share an outpost, a self-signed certificate is used.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID start number</target>
|
||||
|
@ -6039,6 +6031,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Activate</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -733,13 +733,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certificado</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Si varios proveedores comparten un puesto avanzado, se utiliza un certificado autofirmado.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>Número inicial de UID</target>
|
||||
|
@ -5630,6 +5623,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Activar</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -749,13 +749,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certificat</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Si plusieurs fournisseurs partagent un avant-poste, un certificat auto-signé est utilisé.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>Numéro de départ d'UID</target>
|
||||
|
@ -5737,6 +5730,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Activer</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -752,13 +752,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Certyfikat</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Jeśli wielu dostawców współdzieli placówkę, używany jest certyfikat z podpisem własnym.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>Numer początkowy UID</target>
|
||||
|
@ -5869,6 +5862,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Aktywuj</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -761,14 +761,6 @@
|
|||
<trans-unit id="sb157267c85fdff30">
|
||||
<source>Certificate</source>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
|
@ -5973,6 +5965,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s27976e94b05c6970">
|
||||
<source>Activate</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -733,13 +733,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>Sertifika</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>Birden çok sağlayıcı bir üssü paylaşıyorsa, otomatik olarak imzalanan bir sertifika kullanılır.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID başlangıç numarası</target>
|
||||
|
@ -5620,6 +5613,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>Etkinleştir</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -965,16 +965,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>证书</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
<target>由于协议限制,只在前哨有单个提供程序,或所有提供程序都使用相同证书时才使用此证书。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>如果多个提供程序共享同一个前哨,则使用自签名证书。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
|
@ -7547,6 +7537,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<target>激活</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -740,13 +740,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>证书</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>如果多个提供商共享一个 Outpost,则使用自签名证书。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID 起始编号</target>
|
||||
|
@ -5675,6 +5668,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>启用</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
|
@ -740,13 +740,6 @@
|
|||
<source>Certificate</source>
|
||||
<target>证书</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4eb524a2bb358f8b">
|
||||
<source>Due to protocol limitations, this certificate is only used when the outpost has a single provider, or all providers use the same certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s73e9d580d6d96b02">
|
||||
<source>If multiple providers share an outpost, a self-signed certificate is used.</source>
|
||||
<target>如果多个提供商共享一个 Outpost,则使用自签名证书。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sac43cb9690260b86">
|
||||
<source>UID start number</source>
|
||||
<target>UID 起始编号</target>
|
||||
|
@ -5674,6 +5667,27 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Activate</source>
|
||||
<target>启用</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1024166475850a65">
|
||||
<source>Use Server URI for SNI verification</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="se65beb94fffc3c4b">
|
||||
<source>Required for servers using TLS 1.3+</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5506b35a1bceb141">
|
||||
<source>Client certificate keypair to authenticate against the LDAP Server's Certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4647b2c92638d6fd">
|
||||
<source>The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scd247ffad6e04ac0">
|
||||
<source>TLS Server name</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2acef4f6ba39bf11">
|
||||
<source>DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s000ee3e634868b3c">
|
||||
<source>TLS Client authentication certificate</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
|
|
Reference in a new issue