bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-05-19 03:55:27 +02:00
Code Issues Projects Releases Wiki Activity

LSexample: Add Ppolicy support

Browse source
This commit is contained in:
Benjamin Renard 2021-02-24 19:15:42 +01:00
parent c9f63fa5e9
commit ba2de0f9ec
7 changed files with 1096 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
lsexample/lsexample.ldif
View file

@ -659,3 +659,29 @@ description: test
lsGodfatherDn: uid=eeggs,ou=people,o=ls
structuralObjectClass: posixGroup
dn: ou=ppolicies,o=ls
objectclass: organizationalUnit
ou: ppolicies
dn: cn=default,ou=ppolicies,o=ls
cn: default
objectclass: top
objectclass: device
objectclass: pwdPolicy
objectclass: pwdPolicyChecker
pwdAttribute: userPassword
pwdMinAge: 0
pwdMaxAge: 0
pwdInHistory: 0
pwdCheckQuality: 1
pwdMinLength: 8
pwdExpireWarning: 0
pwdGraceAuthnLimit: 0
pwdLockout: FALSE
pwdLockoutDuration: 0
pwdMaxFailure: 0
pwdMaxRecordedFailure: 0
pwdFailureCountInterval: 0
pwdMustChange: FALSE
pwdAllowUserChange: FALSE
pwdSafeModify: FALSE

7
src/conf/LSobjects/config.LSobjects.LSpeople.php
View file

@ -20,6 +20,8 @@
******************************************************************************/
LSsession :: includeFile(LS_OBJECTS_DIR.'config.LSobjects.common-pwdPolicyAccount.php');
$GLOBALS['LSobjects']['LSpeople'] = array (
'objectclass' => array(
'top',
@ -215,6 +217,7 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'sambaPwdCanChange',
),
),
'ppolicy' => $GLOBALS['pwdPolicyAccountAttrs_LSform_layout'],
), // fin Layout
'dataEntryForm' => array (
'simple' => array (
@ -276,7 +279,7 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
),
// Attributes
'attrs' => array (
'attrs' => array_merge($GLOBALS['pwdPolicyAccountAttrs'], array (
/* ----------- start -----------*/
'uid' => array (
@ -1173,5 +1176,5 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
),
/* ----------- end -----------*/
), // Fin args
)), // Fin args & array_merge()
);

23
src/conf/LSobjects/config.LSobjects.LSsysaccount.php
View file

@ -20,6 +20,8 @@
******************************************************************************/
LSsession :: includeFile(LS_OBJECTS_DIR.'config.LSobjects.common-pwdPolicyAccount.php');
$GLOBALS['LSobjects']['LSsysaccount'] = array (
'objectclass' => array(
'top',
@ -45,6 +47,23 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array (
),
),
// LSform
'LSform' => array (
'ajaxSubmit' => 1,
// Layout
'layout' => array (
'general' => array(
'label' => 'General information',
'args' => array (
'uid',
'userPassword',
'description',
),
),
'ppolicy' => $GLOBALS['pwdPolicyAccountAttrs_LSform_layout'],
) // fin Layout
), // fin LSform
'LSsearch' => array (
'attrs' => array (
'uid',
@ -69,7 +88,7 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array (
),
// Attributes
'attrs' => array (
'attrs' => array_merge($GLOBALS['pwdPolicyAccountAttrs'], array (
/* ----------- start -----------*/
'uid' => array (
@ -166,5 +185,5 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array (
),
/* ----------- end -----------*/
), // Fin args
)), // Fin attrs & array_merge()
);

192
src/conf/LSobjects/config.LSobjects.common-pwdPolicyAccount.php Normal file
View file

@ -0,0 +1,192 @@
<?php
$GLOBALS['pwdPolicyAccountAttrs_LSform_layout'] = array (
'label' => 'Password policy',
'args' => array (
'pwdPolicySubentry',
'pwdChangedTime',
'pwdGraceUseTime',
'pwdFailureTime',
'pwdUniqueAttempts',
'pwdAccountLockedTime',
'pwdReset',
'pwdHistory',
),
);
$GLOBALS['pwdPolicyAccountAttrs'] = array (
/* ----------- start -----------*/
'pwdChangedTime' => array (
'label' => 'Password last change',
'ldap_type' => 'date',
'html_type' => 'date',
'html_options' => array(
'firstDayOfWeek' => 1,
),
'no_value_label' => 'Never',
'rights' => array(
'self' => 'r',
'admin' => 'r',
'LSsysaccount' => 'r',
),
'view' => 1,
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdGraceUseTime' => array (
'label' => 'Grace use of the expired password',
'help_info' => 'List the time of each succesful authentications after the password has expired.',
'ldap_type' => 'date',
'html_type' => 'date',
'html_options' => array(
'firstDayOfWeek' => 1,
),
'no_value_label' => 'Never',
'multiple' => 1,
'rights' => array(
'self' => 'r',
'admin' => 'r',
'LSsysaccount' => 'r',
),
'view' => 1,
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdFailureTime' => array (
'label' => 'Last failed connection attempts',
'ldap_type' => 'date',
'ldap_options' => array(
'format' => 'YmdHis.uO',
),
'html_type' => 'date',
'html_options' => array(
'firstDayOfWeek' => 1,
),
'no_value_label' => 'Never',
'multiple' => 1,
'rights' => array(
'self' => 'r',
'admin' => 'r',
'LSsysaccount' => 'r',
),
'view' => 1,
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdAccountLockedTime' => array (
'label' => 'Locked time',
'help_info' => 'Indicates the time the account was locked time. Delete this date and set <em>pwdReset</em> attribute to unlock the account.',
'ldap_type' => 'date',
'html_type' => 'date',
'html_options' => array(
'firstDayOfWeek' => 1,
),
'no_value_label' => 'Not locked',
'rights' => array(
'self' => 'r',
'admin' => 'w',
'LSsysaccount' => 'r',
),
'view' => 1,
'form' => array (
'modify' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdHistory' => array (
'label' => 'Passwords in history',
'ldap_type' => 'pwdHistory',
'html_type' => 'jsonCompositeAttribute',
'html_options' => array (
'components' => array (
'time' => array (
'label' => 'Date added to history',
'type' => 'text',
'required' => true,
'multiple' => false,
),
'syntaxOID' => array (
'label' => 'Syntax OID',
'type' => 'text',
'required' => true,
'multiple' => false,
),
'length' => array (
'label' => 'Length',
'type' => 'text',
'required' => true,
'multiple' => false,
),
'hashed_password' => array (
'label' => 'Hashed password',
'type' => 'text',
'required' => true,
'multiple' => false,
),
),
'fullWidth' => true,
),
'no_value_label' => 'History is empty.',
'multiple' => 1,
'rights' => array(
'admin' => 'r',
),
'view' => 1,
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdReset' => array (
'label' => 'User must change its password before next connection',
'help_info' => 'Set this attribute and delete <em>pwdAccountLockedTime</em> attribute value to unlock the account.',
'ldap_type' => 'boolean',
'html_type' => 'boolean',
'no_value_label' => 'Not set',
'rights' => array(
'admin' => 'w',
'LSsysaccount' => 'r',
),
'view' => 1,
'form' => array (
'modify' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdPolicySubentry' => array (
'label' => 'Password policy',
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'html_options' => array(
'selectable_object' => array(
'object_type' => 'pwdPolicy',
'display_name_format' => '%{cn}',
'value_attribute' => 'dn',
),
),
'no_value_label' => 'Default policy',
'validation' => array (
array (
'object_type' => 'pwdPolicy',
'basedn' => '%{val}',
'result' => 1,
),
),
'view' => 1,
'rights' => array(
'admin' => 'w',
'LSsysaccount' => 'r',
),
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
);

526
src/conf/LSobjects/config.LSobjects.pwdPolicy.php Normal file
View file

@ -0,0 +1,526 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
$GLOBALS['LSobjects']['pwdPolicy'] = array (
'objectclass' => array(
'top',
'device',
'pwdPolicy',
'pwdPolicyChecker',
),
'rdn' => 'cn',
'container_dn' => 'ou=ppolicies',
'display_name_format' => '%{cn}',
'displayAttrName' => true,
'label' => 'Password policies',
'customActions' => array (
'showTechInfo' => array (
'function' => 'showTechInfo',
'label' => 'Show technical information',
'hideLabel' => True,
'noConfirmation' => true,
'disableOnSuccessMsg' => true,
'icon' => 'tech_info',
'rights' => array (
'admin',
),
),
),
// LSform
'LSform' => array (
'ajaxSubmit' => 1,
// Layout
'layout' => array (
'general' => array(
'label' => 'General information',
'args' => array (
'cn',
'pwdAttribute',
'pwdAllowUserChange',
'pwdSafeModify',
'pwdInHistory',
),
),
'quality' => array (
'label' => 'Password quality',
'args' => array (
'pwdCheckQuality',
'pwdMinLength',
'pwdCheckModule',
),
),
'expiration' => array (
'label' => 'Password expiration',
'args' => array (
'pwdMaxAge',
'pwdMinAge',
'pwdExpireWarning',
'pwdGraceAuthNLimit',
),
),
'bruteforce' => array (
'label' => 'Brute-force attacks protection',
'args' => array (
'pwdLockout',
'pwdMaxFailure',
'pwdMaxRecordedFailure',
'pwdLockoutDuration',
'pwdFailureCountInterval',
'pwdMustChange',
),
),
) // fin Layout
), // fin LSform
'LSsearch' => array (
'attrs' => array (
'cn',
),
'params' => array (
'sortBy' => 'displayName',
),
),
// Attributes
'attrs' => array (
/* ----------- start -----------*/
'cn' => array (
'label' => 'Name',
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'validation' => array (
array (
'filter' => 'cn=%{val}',
'object_type' => 'pwdPolicy',
'result' => 0,
'msg' => 'This name is already used.',
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdAttribute' => array (
'label' => 'Password attribute',
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'default_value' => 'userPassword',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdAllowUserChange' => array (
'label' => 'User can change its password',
'ldap_type' => 'boolean',
'html_type' => 'boolean',
'no_value_label' => 'Yes (default)',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdSafeModify' => array (
'label' => 'User must provide its old password to change it',
'help_info' => 'Default: No.',
'ldap_type' => 'boolean',
'html_type' => 'boolean',
'no_value_label' => 'No (default)',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdInHistory' => array (
'label' => 'Number of old passwords kept in history',
'help_info' => "User can't reused an old password in its history. Default: zero.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No history (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/*
*******************************************************************************************
* Check password quality
*******************************************************************************************
*/
/* ----------- start -----------*/
'pwdCheckQuality' => array (
'label' => 'Check password quality',
'ldap_type' => 'ascii',
'html_type' => 'select_box',
'html_options' => array (
'possible_values' => array (
'0' => 'Disabled (default)',
'1' => "If password is already hashed (can't check it), accept it",
'2' => "If password is already hashed (can't check it), refuse it",
),
),
'no_value_label' => 'Disabled (default)',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdMinLength' => array (
'label' => 'Minimum length a password',
'help_info' => "If zero (default), no minimum length. Note: if password is provided already hashed, this check could not be performed and the policy define by the attribute <em>pwdCheckQuality</em> is applied.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No minimum length (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdCheckModule' => array (
'label' => 'Check OpenLDAP module to used',
'help_info' => '<strong>Used with caution !</strong> The name of the OpenLDAP module to used to check the password quality.',
'ldap_type' => 'ascii',
'html_type' => 'text',
'no_value_label' => 'Only length check (default)',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/*
*******************************************************************************************
* Password expiration
*******************************************************************************************
*/
/* ----------- start -----------*/
'pwdMaxAge' => array (
'label' => 'Maximum validity duration of a password',
'help_info' => "In second. After this delay, the password will expired and must be changed. If zero (default), no password expiration.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No password expiration (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdMinAge' => array (
'label' => 'Minimum time between two password changes',
'help_info' => "In second. If zero (default), no minimum time.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No minimum time (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdExpireWarning' => array (
'label' => 'Warning delay before password expiration',
'help_info' => 'In seconds. Put zero to disabled.',
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No warning (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdGraceAuthNLimit' => array (
'label' => 'Grace delay after password expiration',
'help_info' => "Number of time that a user can log in with its expired password. If zero (default), no grace delay and the user can't log in with its expired password.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No grace delay (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/*
*******************************************************************************************
* Blocking brute-force attacks,
*******************************************************************************************
*/
/* ----------- start -----------*/
'pwdLockout' => array (
'label' => 'Lock account after too many login failures',
'help_info' => 'The limit is configured using <em>pwdMaxFailure</em> attribute.',
'ldap_type' => 'boolean',
'html_type' => 'boolean',
'no_value_label' => 'No (default)',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdMaxFailure' => array (
'label' => 'Maximum allowed login failures',
'help_info' => "After the number of login failures, the action defined by attribute <em>pwdLockout</em> will be executed. If zero (default), no limit.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'No limit (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdMaxRecordedFailure' => array (
'label' => 'Maximum number of failed connections to store',
'help_info' => "Define the maximum number of failed connections to store for a user. If zero (default), the <em>Maximum allowed login failures (pwdMaxFailure)</em> value is used, or 5 if it's also zero.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'Default (see pwdMaxFailure if defined, otherwise: 5)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('min' => 0),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdLockoutDuration' => array (
'label' => 'Lock duration of an account',
'help_info' => "In second. After this delay, the account will be automatically unlocked. If zero (default), the account will be locked until an administrator manually unlock it.",
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'Until an administrator manually unlock it (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdFailureCountInterval' => array (
'label' => 'Delay before reseting authentication fail count',
'help_info' => 'In seconds. After this delay, authentication fail count will be reseted if no fail occured in the meantime. If zero (default), authentication fail count will be reseted only after a successful connection.',
'ldap_type' => 'numeric',
'html_type' => 'text',
'no_value_label' => 'After successful connection (default)',
'check_data' => array (
'integer' => array(
'msg' => "Must be a positive integer.",
'params' => array('positive' => true),
),
),
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'pwdMustChange' => array (
'label' => 'User must change its password after administrator unlock it',
'help_info' => 'Default: No. Note: if the <em>pwdReset</em> attribute of the account is defined, its value override this parameter.',
'ldap_type' => 'boolean',
'html_type' => 'boolean',
'no_value_label' => 'No (default)',
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
) // Fin args
);

1
src/conf/config.inc.php
View file

@ -97,6 +97,7 @@ $GLOBALS['LSconfig'] = array(
'LSpeople',
'LSgroup',
'LSsysaccount',
'pwdPolicy',
),
'recoverPassword' => array(
'mailAttr' => 'mail',

333
src/lang/fr_FR.UTF8/lang.php
View file

@ -2,6 +2,10 @@
$GLOBALS['LSlang'] = array (
# LSobjects.pwdPolicy.attrs.pwdCheckModule.help_info
"<strong>Used with caution !</strong> The name of the OpenLDAP module to used to check the password quality." =>
"<strong>À utiliser avec vigilance !</strong> Nom du module pour OpenLDAP à utiliser pour vérifier la qualité du mot de passe.",
# LSobjects.LSpeople.attrs.lsGodfatherDn.label
# LSobjects.LSgroup.attrs.lsGodfatherDn.label
# LSobjects.LScompany.attrs.lsGodfatherDn.label
@ -12,6 +16,14 @@ $GLOBALS['LSlang'] = array (
"Administrator" =>
"Administrateur",
# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.no_value_label
"After successful connection (default)" =>
"Après une connexion réussie (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdMaxFailure.help_info
"After the number of login failures, the action defined by attribute <em>pwdLockout</em> will be executed. If zero (default), no limit." =>
"Après le nombre de connexions en échécs, l'action définie par l'attribut <em>pwdLockout</em> sera exécutée. Si zéro (par défaut), pas de limite.",
# LSobjects.LSpeople.attrs.loginShell.help_info
"Allow user to connect a POSIX system." =>
"Autorisie l'utilisateur à se connecter aux systèmes POSIX.",
@ -29,6 +41,18 @@ $GLOBALS['LSlang'] = array (
"Belongs to groups ..." =>
"Appartient aux groupes ...",
# LSobjects.pwdPolicy.LSform.layout.bruteforce.label
"Brute-force attacks protection" =>
"Proctection anti brute-force",
# LSobjects.pwdPolicy.attrs.pwdCheckModule.label
"Check OpenLDAP module to used" =>
"Module OpenLDAP de vérification à utiliser",
# LSobjects.pwdPolicy.attrs.pwdCheckQuality.label
"Check password quality" =>
"Vérifier la qualité du mot de passe",
# LSobjects.LSpeople.LSform.layout.Civilite.label
# LSobjects.LSpeople.attrs.personalTitle.label
"Civility" =>
@ -46,15 +70,45 @@ $GLOBALS['LSlang'] = array (
"Company" =>
"Société",
# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.time.label
# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.time.label
"Date added to history" =>
"Date d'ajout dans l'historique",
# LSobjects.LSpeople.attrs.sambaKickoffTime.no_value_label
# LSobjects.LSpeople.attrs.sambaPwdMustChange.no_value_label
"Default (never)" =>
"Par défaut (jamais)",
# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.no_value_label
"Default (see pwdMaxFailure if defined, otherwise: 5)" =>
"Par défaut (voir pwdMaxFailure si défini, sinon : 5)",
# LSobjects.LSpeople.attrs.sambaPwdCanChange.no_value_label
"Default (whenever)" =>
"Par défaut (n'importe quand)",
# LSobjects.LSpeople.attrs.pwdPolicySubentry.no_value_label
# LSobjects.LSsysaccount.attrs.pwdPolicySubentry.no_value_label
"Default policy" =>
"Politique par défaut",
# LSobjects.pwdPolicy.attrs.pwdSafeModify.help_info
"Default: No." =>
"Par défaut : Non.",
# LSobjects.pwdPolicy.attrs.pwdMustChange.help_info
"Default: No. Note: if the <em>pwdReset</em> attribute of the account is defined, its value override this parameter." =>
"Par défaut : None. Remarque : si l'attribut <em>pwdReset</em> du compte est défini, sa valeur prévaut sur ce paramètre.",
# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.help_info
"Define the maximum number of failed connections to store for a user. If zero (default), the <em>Maximum allowed login failures (pwdMaxFailure)</em> value is used, or 5 if it's also zero." =>
"Défini le nombre maximum d'échecs de connexion historisés pour un utilisateur. Si zéro (par défaut), la valeur du <em>nombre maximun d'échecs de connexion autorisés (pwdMaxFailure)</em> est utilisé (ou 5 si il est également à zéro)",
# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.label
"Delay before reseting authentication fail count" =>
"Délais avant réinitialisation du nombre d'échecs d'authentification",
# LSobjects.LSpeople.attrs.description.label
# LSobjects.LSgroup.attrs.description.label
# LSobjects.LSsysaccount.attrs.description.label
@ -62,6 +116,10 @@ $GLOBALS['LSlang'] = array (
"Description" =>
"Description",
# LSobjects.pwdPolicy.attrs.pwdCheckQuality.no_value_label
"Disabled (default)" =>
"Désactivé (par défaut)",
# LSobjects.LSpeople.attrs.userPassword.html_options.confirmChangeQuestion
"Do you confirm change of this user's password?" =>
"Confirmez-vous le changement du mot de passe de cet utilisateur ?",
@ -95,10 +153,6 @@ $GLOBALS['LSlang'] = array (
"First Name" =>
"Prénom",
# templates/default/import.tpl:13
"Format" =>
"Format",
# LSobjects.LSpeople.attrs.cn.label
"Full Name" =>
"Nom complet",
@ -107,6 +161,11 @@ $GLOBALS['LSlang'] = array (
"Gecos" =>
"Gecos",
# LSobjects.LSsysaccount.LSform.layout.general.label
# LSobjects.pwdPolicy.LSform.layout.general.label
"General information" =>
"Informations générales",
# LSobjects.LSpeople.attrs.mail.check_data.email.msg
"Given email address is invalid." =>
"L'adresse mail saisie est invalide.",
@ -119,10 +178,29 @@ $GLOBALS['LSlang'] = array (
"Godfather of ..." =>
"Parrain de ...",
# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.label
"Grace delay after password expiration" =>
"Délai de grâce après l'expiration du mot de passe",
# LSobjects.LSpeople.attrs.pwdGraceUseTime.label
# LSobjects.LSsysaccount.attrs.pwdGraceUseTime.label
"Grace use of the expired password" =>
"Utilisation du délai de grâce après expiration du mot de passe",
# LSobjects.LSgroup.label
"Groups" =>
"Groupes",
# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.hashed_password.label
# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.hashed_password.label
"Hashed password" =>
"Mot de passe hâché",
# LSobjects.LSpeople.attrs.pwdHistory.no_value_label
# LSobjects.LSsysaccount.attrs.pwdHistory.no_value_label
"History is empty." =>
"L'historique est vide.",
# LSobjects.LSpeople.attrs.homeDirectory.label
"Home Directory" =>
"Dossier personnel",
@ -136,10 +214,47 @@ $GLOBALS['LSlang'] = array (
"If not set, the user will be free to change his password whenever he wants." =>
"Si non défini, l'utilisateur pourra changer son mot de passe quand il le veut.",
# LSobjects.pwdPolicy.attrs.pwdCheckQuality.html_options.possible_values.1
"If password is already hashed (can't check it), accept it" =>
"Si le mot de passe est déjà hâché (vérification impossible), l'accepter",
# LSobjects.pwdPolicy.attrs.pwdCheckQuality.html_options.possible_values.2
"If password is already hashed (can't check it), refuse it" =>
"Si le mot de passe est déjà hâché (vérification impossible), le refuser",
# LSobjects.pwdPolicy.attrs.pwdMinLength.help_info
"If zero (default), no minimum length. Note: if password is provided already hashed, this check could not be performed and the policy define by the attribute <em>pwdCheckQuality</em> is applied." =>
"Si zéro (par défaut), pas de longueur minimum. Remarque : si le mot de passe est fourni hâché, cette vérification sera impossible et la politique définie par l'attribut <em>pwdCheckQuality</em> sera appliquée.",
# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.help_info
"In second. After this delay, the account will be automatically unlocked. If zero (default), the account will be locked until an administrator manually unlock it." =>
"En seconde. Passé ce délai, le compte de sera automatiquement débloqué. Si zéro (par défaut), le compte sera bloqué tant qu'un administrateur ne le débloque pas manuellement.",
# LSobjects.pwdPolicy.attrs.pwdMaxAge.help_info
"In second. After this delay, the password will expired and must be changed. If zero (default), no password expiration." =>
"En seconde. Passé ce délai, le mot de passe expirera et devra être changé. Si zéro (par défaut), pas d'expiration du mot de passe.",
# LSobjects.pwdPolicy.attrs.pwdMinAge.help_info
"In second. If zero (default), no minimum time." =>
"En seconde. Si zéro (par défaut), pas de durée minimum.",
# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.help_info
"In seconds. After this delay, authentication fail count will be reseted if no fail occured in the meantime. If zero (default), authentication fail count will be reseted only after a successful connection." =>
"En seconde. Passé ce délai, le nombre d'échecs d'authentification sera réinitialisé si aucune tentative en échec n'a eut lieu entre-temps. Si zéro (par défaut), le nombre d'échecs d'authentification sera réinitialisé qu'après une connexion réussie.",
# LSobjects.pwdPolicy.attrs.pwdExpireWarning.help_info
"In seconds. Put zero to disabled." =>
"En seconde. Saisir zéro pour désactiver.",
# LSobjects.LSpeople.attrs.shadowInactive.label
"Inactivity allowed (in days)" =>
"Durée d'inactivité autorisée (en jours)",
# LSobjects.LSpeople.attrs.pwdAccountLockedTime.help_info
# LSobjects.LSsysaccount.attrs.pwdAccountLockedTime.help_info
"Indicates the time the account was locked time. Delete this date and set <em>pwdReset</em> attribute to unlock the account." =>
"Indique la durée de blocage du compte. Supprimez cette date et définissez l'attribut <em>pwdReset</em> pour débloquer le compte.",
# LSobjects.LSpeople.attrs.gidNumber.html_options.possible_values.1.label
"LDAP Groups" =>
"Groupes LDAP",
@ -167,6 +282,34 @@ $GLOBALS['LSlang'] = array (
"Last Name" =>
"Nom",
# LSobjects.LSpeople.attrs.pwdFailureTime.label
# LSobjects.LSsysaccount.attrs.pwdFailureTime.label
"Last failed connection attempts" =>
"Derniers échecs de connexion",
# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.length.label
# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.length.label
"Length" =>
"Longeur",
# LSobjects.LSpeople.attrs.pwdGraceUseTime.help_info
# LSobjects.LSsysaccount.attrs.pwdGraceUseTime.help_info
"List the time of each succesful authentications after the password has expired." =>
"Liste les heures des authentifications réussies après l'expiration du mot de passe.",
# LSobjects.pwdPolicy.attrs.pwdLockout.label
"Lock account after too many login failures" =>
"Bloquer le compte après un trop grand nombre d'échecs de connexion",
# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.label
"Lock duration of an account" =>
"Durée de blocage d'un compte",
# LSobjects.LSpeople.attrs.pwdAccountLockedTime.label
# LSobjects.LSsysaccount.attrs.pwdAccountLockedTime.label
"Locked time" =>
"Date du blocage",
# LSobjects.LSpeople.LSsearch.extraDisplayedColumns.mail.label
"Mail" =>
"Mail",
@ -175,10 +318,30 @@ $GLOBALS['LSlang'] = array (
"Main group" =>
"Groupe principal",
# LSobjects.pwdPolicy.attrs.pwdMaxFailure.label
"Maximum allowed login failures" =>
"Nombre maximun d'échecs de connexion autorisés",
# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.label
"Maximum number of failed connections to store" =>
"Nombre maximum d'échecs de connexion historisés",
# LSobjects.pwdPolicy.attrs.pwdMaxAge.label
"Maximum validity duration of a password" =>
"Durée maximum de validité du mot de passe",
# LSobjects.LSgroup.attrs.uniqueMember.label
"Members" =>
"Membres",
# LSobjects.pwdPolicy.attrs.pwdMinLength.label
"Minimum length a password" =>
"Longueur minimum d'un mot de passe",
# LSobjects.pwdPolicy.attrs.pwdMinAge.label
"Minimum time between two password changes" =>
"Durée minimum entre deux modifications du mot de passe",
# LSobjects.LSpeople.attrs.personalTitle.html_options.possible_values.M.
"Mr" =>
"M.",
@ -191,7 +354,21 @@ $GLOBALS['LSlang'] = array (
"Ms" =>
"Mlle",
# LSobjects.pwdPolicy.attrs.pwdInHistory.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdMinLength.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdMaxAge.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdMinAge.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdExpireWarning.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdMaxFailure.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.check_data.integer.msg
# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.check_data.integer.msg
"Must be a positive integer." =>
"Doit être un entier positif.",
# LSobjects.LSgroup.attrs.cn.label
# LSobjects.pwdPolicy.attrs.cn.label
# LSobjects.LScompany.attrs.ou.label
"Name" =>
"Nom",
@ -200,10 +377,9 @@ $GLOBALS['LSlang'] = array (
"Name must contain alphanumeric values only." =>
"Le nom doit contenir uniquement des valeurs alpha-numériques.",
# templates/default/viewSearch.tpl:113
"Nb / page :" =>
"Nb / page :",
# LSobjects.LSpeople.attrs.pwdChangedTime.no_value_label
# LSobjects.LSpeople.attrs.pwdGraceUseTime.no_value_label
# LSobjects.LSpeople.attrs.pwdFailureTime.no_value_label
# LSobjects.LSpeople.attrs.shadowLastChange.no_value_label
# LSobjects.LSpeople.attrs.sambaLogonTime.no_value_label
# LSobjects.LSpeople.attrs.sambaLogoffTime.no_value_label
@ -211,9 +387,64 @@ $GLOBALS['LSlang'] = array (
# LSobjects.LSpeople.attrs.sambaPwdLastSet.no_value_label
# LSobjects.LSpeople.attrs.sambaPwdMustChange.html_options.special_values.2147483647
# LSobjects.LSpeople.attrs.sambaPwdCanChange.html_options.special_values.2147483647
# LSobjects.LSsysaccount.attrs.pwdChangedTime.no_value_label
# LSobjects.LSsysaccount.attrs.pwdGraceUseTime.no_value_label
# LSobjects.LSsysaccount.attrs.pwdFailureTime.no_value_label
"Never" =>
"Jamais",
# LSobjects.pwdPolicy.attrs.pwdSafeModify.no_value_label
# LSobjects.pwdPolicy.attrs.pwdLockout.no_value_label
# LSobjects.pwdPolicy.attrs.pwdMustChange.no_value_label
"No (default)" =>
"Non (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.no_value_label
"No grace delay (default)" =>
"Aucun délai de grâce (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdInHistory.no_value_label
"No history (default)" =>
"Pas d'historique (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdMaxFailure.no_value_label
"No limit (default)" =>
"Pas de limite (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdMinLength.no_value_label
"No minimum length (default)" =>
"Pas de longueur minimum (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdMinAge.no_value_label
"No minimum time (default)" =>
"Pas de durée minimum (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdMaxAge.no_value_label
"No password expiration (default)" =>
"Pas d'expiration du mot de passe (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdExpireWarning.no_value_label
"No warning (default)" =>
"Pas d'alerte (par défaut)",
# LSobjects.LSpeople.attrs.pwdAccountLockedTime.no_value_label
# LSobjects.LSsysaccount.attrs.pwdAccountLockedTime.no_value_label
"Not locked" =>
"Non-bloqué",
# LSobjects.LSpeople.attrs.pwdReset.no_value_label
# LSobjects.LSsysaccount.attrs.pwdReset.no_value_label
"Not set" =>
"Non défini",
# LSobjects.pwdPolicy.attrs.pwdInHistory.label
"Number of old passwords kept in history" =>
"Nombre d'anciens mots de passe à conserver dans l'historique",
# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.help_info
"Number of time that a user can log in with its expired password. If zero (default), no grace delay and the user can't log in with its expired password." =>
"Nombre de fois qu'un utilisateur peut se connecter avec son mot de passe expiré. Si zéro (par défaut), pas de délai de grâce et l'utilisateur ne pourra pas se connecter avec son mot de passe expiré.",
# LSobjects.LSpeople.attrs.uidNumber.label
"Numeric identifier" =>
"Identifiant numérique",
@ -227,14 +458,43 @@ $GLOBALS['LSlang'] = array (
"One or several users don't exist." =>
"Un ou plusieurs utilisateurs n'existent pas.",
# LSobjects.pwdPolicy.attrs.pwdCheckModule.no_value_label
"Only length check (default)" =>
"Uniquement une vérification de la longueur du mot de passe (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdAttribute.label
"Password attribute" =>
"Attribut mot de passe",
# LSobjects.LSpeople.attrs.shadowExpire.label
# LSobjects.pwdPolicy.LSform.layout.expiration.label
"Password expiration" =>
"Expiration du mot de passe",
# LSobjects.LSpeople.attrs.pwdChangedTime.label
# LSobjects.LSsysaccount.attrs.pwdChangedTime.label
"Password last change" =>
"Dernière modification du mot de passe",
# LSobjects.LSpeople.attrs.shadowLastChange.label
"Password last change time" =>
"Dernière modification du mot de passe",
# LSobjects.pwdPolicy.label
"Password policies" =>
"Politiques des mots de passe",
# LSobjects.LSpeople.LSform.layout.ppolicy.label
# LSobjects.LSpeople.attrs.pwdPolicySubentry.label
# LSobjects.LSsysaccount.LSform.layout.ppolicy.label
# LSobjects.LSsysaccount.attrs.pwdPolicySubentry.label
"Password policy" =>
"Politique de mot de passe",
# LSobjects.pwdPolicy.LSform.layout.quality.label
"Password quality" =>
"Qualité du mot de passe",
# LSobjects.LSpeople.attrs.lsRecoveryHash.label
"Password recovery hash" =>
"Hash de récupération de mot de passe",
@ -243,6 +503,11 @@ $GLOBALS['LSlang'] = array (
"Password validity (in days)" =>
"Durée de validité du mot de passe (en jours)",
# LSobjects.LSpeople.attrs.pwdHistory.label
# LSobjects.LSsysaccount.attrs.pwdHistory.label
"Passwords in history" =>
"Mots de passe dans l'historique",
# LSobjects.LSpeople.attrs.jpegPhoto.label
"Picture" =>
"Image",
@ -319,9 +584,15 @@ $GLOBALS['LSlang'] = array (
"Samba primary group identifier" =>
"Identifiant du groupe primaire Samba",
# LSobjects.LSpeople.attrs.pwdReset.help_info
# LSobjects.LSsysaccount.attrs.pwdReset.help_info
"Set this attribute and delete <em>pwdAccountLockedTime</em> attribute value to unlock the account." =>
"Définissez cet attribut et supprimez l'attribut <em>pwdAccountLockedTime</em> pour débloquer le compte.",
# LSobjects.LSpeople.customActions.showTechInfo.label
# LSobjects.LSgroup.customActions.showTechInfo.label
# LSobjects.LSsysaccount.customActions.showTechInfo.label
# LSobjects.pwdPolicy.customActions.showTechInfo.label
# LSobjects.LScompany.customActions.showTechInfo.label
"Show technical information" =>
"Afficher les informations techniques",
@ -334,6 +605,11 @@ $GLOBALS['LSlang'] = array (
"Specifies the time when the user will be locked down and cannot login any longer." =>
"Détermine la date à partir de laquelle l'utilisateur sera bloqué et ne pourra plus se connecter.",
# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.syntaxOID.label
# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.syntaxOID.label
"Syntax OID" =>
"OID de la syntaxe",
# LSobjects.LSsysaccount.label
"System accounts" =>
"Comptes systèmes",
@ -346,6 +622,10 @@ $GLOBALS['LSlang'] = array (
"The inactivity allowed must be an positive integer." =>
"La durée d'inactivité autorisée doit être un entier positif.",
# LSobjects.pwdPolicy.attrs.pwdLockout.help_info
"The limit is configured using <em>pwdMaxFailure</em> attribute." =>
"La limite est configuré par l'attribut <em>pwdMaxFailure</em>.",
# LSobjects.LSpeople.attrs.shadowMax.help_info
"The maximum number of days the password is valid." =>
"Le nombre de jours maximum durant lequel le mot de passe sera valide.",
@ -371,6 +651,10 @@ $GLOBALS['LSlang'] = array (
"This identifier is already used." =>
"Cet identifiant est déjà utilisé.",
# LSobjects.pwdPolicy.attrs.cn.validation.0.msg
"This name is already used." =>
"Ce nom est déjà utilisé.",
# LSobjects.LSsysaccount.attrs.userPassword.check_data.password.msg
"This password must contain at least 12 characters." =>
"Ce mot de passe doit contenir au moins 12 caractères.",
@ -386,10 +670,39 @@ $GLOBALS['LSlang'] = array (
"Pour poursuivre la procédure de récupération de mot de passe, merci de suivre ce lien :
%{url}",
# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.no_value_label
"Until an administrator manually unlock it (default)" =>
"Tant qu'un administrateur ne le débloque pas (par défaut)",
# LSobjects.pwdPolicy.attrs.pwdAllowUserChange.label
"User can change its password" =>
"L'utilisateur peut changer son mot de passe",
# LSobjects.pwdPolicy.attrs.pwdInHistory.help_info
"User can't reused an old password in its history. Default: zero." =>
"L'utilisateur ne peut réutiliser un ancien mot de passe encore dans l'historique. Par défaut : zéro.",
# LSobjects.pwdPolicy.attrs.pwdMustChange.label
"User must change its password after administrator unlock it" =>
"L'utilisateur doit changer son mot de passe après déblocage par l'administrateur",
# LSobjects.LSpeople.attrs.pwdReset.label
# LSobjects.LSsysaccount.attrs.pwdReset.label
"User must change its password before next connection" =>
"L'utilisateur doit changé son mot de passe avant la prochaine connexion",
# LSobjects.pwdPolicy.attrs.pwdSafeModify.label
"User must provide its old password to change it" =>
"L'utilisateur doit fournir son mot de passe actuell pour le changer",
# LSobjects.LSpeople.label
"Users" =>
"Utilisateurs",
# LSobjects.pwdPolicy.attrs.pwdExpireWarning.label
"Warning delay before password expiration" =>
"Délai d'avertissement avec expiration du mot de passe",
# LSobjects.LSpeople.attrs.sambaPwdCanChange.html_options.special_values.0
"Whenever" =>
"N'importe quand",
@ -402,6 +715,10 @@ $GLOBALS['LSlang'] = array (
"Without photo" =>
"Sans photo",
# LSobjects.pwdPolicy.attrs.pwdAllowUserChange.no_value_label
"Yes (default)" =>
"Oui (par défaut)",
# ldap_servers.0.recoverPassword.newPasswordMail.msg
# ldap_servers.1.recoverPassword.newPasswordMail.msg
"Your new password : %{mdp}" =>