From ba2de0f9ec1776203ae1db627b2d69e57d016314 Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Wed, 24 Feb 2021 19:15:42 +0100 Subject: [PATCH] LSexample: Add Ppolicy support --- lsexample/lsexample.ldif | 26 + .../LSobjects/config.LSobjects.LSpeople.php | 7 +- .../config.LSobjects.LSsysaccount.php | 23 +- ...nfig.LSobjects.common-pwdPolicyAccount.php | 192 +++++++ .../LSobjects/config.LSobjects.pwdPolicy.php | 526 ++++++++++++++++++ src/conf/config.inc.php | 1 + src/lang/fr_FR.UTF8/lang.php | 333 ++++++++++- 7 files changed, 1096 insertions(+), 12 deletions(-) create mode 100644 src/conf/LSobjects/config.LSobjects.common-pwdPolicyAccount.php create mode 100644 src/conf/LSobjects/config.LSobjects.pwdPolicy.php diff --git a/lsexample/lsexample.ldif b/lsexample/lsexample.ldif index f57df447..a94515bc 100644 --- a/lsexample/lsexample.ldif +++ b/lsexample/lsexample.ldif @@ -659,3 +659,29 @@ description: test lsGodfatherDn: uid=eeggs,ou=people,o=ls structuralObjectClass: posixGroup +dn: ou=ppolicies,o=ls +objectclass: organizationalUnit +ou: ppolicies + +dn: cn=default,ou=ppolicies,o=ls +cn: default +objectclass: top +objectclass: device +objectclass: pwdPolicy +objectclass: pwdPolicyChecker +pwdAttribute: userPassword +pwdMinAge: 0 +pwdMaxAge: 0 +pwdInHistory: 0 +pwdCheckQuality: 1 +pwdMinLength: 8 +pwdExpireWarning: 0 +pwdGraceAuthnLimit: 0 +pwdLockout: FALSE +pwdLockoutDuration: 0 +pwdMaxFailure: 0 +pwdMaxRecordedFailure: 0 +pwdFailureCountInterval: 0 +pwdMustChange: FALSE +pwdAllowUserChange: FALSE +pwdSafeModify: FALSE diff --git a/src/conf/LSobjects/config.LSobjects.LSpeople.php b/src/conf/LSobjects/config.LSobjects.LSpeople.php index 11335db5..99ebf8f1 100644 --- a/src/conf/LSobjects/config.LSobjects.LSpeople.php +++ b/src/conf/LSobjects/config.LSobjects.LSpeople.php @@ -20,6 +20,8 @@ ******************************************************************************/ +LSsession :: includeFile(LS_OBJECTS_DIR.'config.LSobjects.common-pwdPolicyAccount.php'); + $GLOBALS['LSobjects']['LSpeople'] = array ( 'objectclass' => array( 'top', @@ -215,6 +217,7 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( 'sambaPwdCanChange', ), ), + 'ppolicy' => $GLOBALS['pwdPolicyAccountAttrs_LSform_layout'], ), // fin Layout 'dataEntryForm' => array ( 'simple' => array ( @@ -276,7 +279,7 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( ), // Attributes - 'attrs' => array ( + 'attrs' => array_merge($GLOBALS['pwdPolicyAccountAttrs'], array ( /* ----------- start -----------*/ 'uid' => array ( @@ -1173,5 +1176,5 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( ), /* ----------- end -----------*/ - ), // Fin args + )), // Fin args & array_merge() ); diff --git a/src/conf/LSobjects/config.LSobjects.LSsysaccount.php b/src/conf/LSobjects/config.LSobjects.LSsysaccount.php index 12a9086a..b84e169f 100644 --- a/src/conf/LSobjects/config.LSobjects.LSsysaccount.php +++ b/src/conf/LSobjects/config.LSobjects.LSsysaccount.php @@ -20,6 +20,8 @@ ******************************************************************************/ +LSsession :: includeFile(LS_OBJECTS_DIR.'config.LSobjects.common-pwdPolicyAccount.php'); + $GLOBALS['LSobjects']['LSsysaccount'] = array ( 'objectclass' => array( 'top', @@ -45,6 +47,23 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array ( ), ), + // LSform + 'LSform' => array ( + 'ajaxSubmit' => 1, + // Layout + 'layout' => array ( + 'general' => array( + 'label' => 'General information', + 'args' => array ( + 'uid', + 'userPassword', + 'description', + ), + ), + 'ppolicy' => $GLOBALS['pwdPolicyAccountAttrs_LSform_layout'], + ) // fin Layout + ), // fin LSform + 'LSsearch' => array ( 'attrs' => array ( 'uid', @@ -69,7 +88,7 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array ( ), // Attributes - 'attrs' => array ( + 'attrs' => array_merge($GLOBALS['pwdPolicyAccountAttrs'], array ( /* ----------- start -----------*/ 'uid' => array ( @@ -166,5 +185,5 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array ( ), /* ----------- end -----------*/ - ), // Fin args + )), // Fin attrs & array_merge() ); diff --git a/src/conf/LSobjects/config.LSobjects.common-pwdPolicyAccount.php b/src/conf/LSobjects/config.LSobjects.common-pwdPolicyAccount.php new file mode 100644 index 00000000..c5388b39 --- /dev/null +++ b/src/conf/LSobjects/config.LSobjects.common-pwdPolicyAccount.php @@ -0,0 +1,192 @@ + 'Password policy', + 'args' => array ( + 'pwdPolicySubentry', + 'pwdChangedTime', + 'pwdGraceUseTime', + 'pwdFailureTime', + 'pwdUniqueAttempts', + 'pwdAccountLockedTime', + 'pwdReset', + 'pwdHistory', + ), +); + +$GLOBALS['pwdPolicyAccountAttrs'] = array ( + /* ----------- start -----------*/ + 'pwdChangedTime' => array ( + 'label' => 'Password last change', + 'ldap_type' => 'date', + 'html_type' => 'date', + 'html_options' => array( + 'firstDayOfWeek' => 1, + ), + 'no_value_label' => 'Never', + 'rights' => array( + 'self' => 'r', + 'admin' => 'r', + 'LSsysaccount' => 'r', + ), + 'view' => 1, + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdGraceUseTime' => array ( + 'label' => 'Grace use of the expired password', + 'help_info' => 'List the time of each succesful authentications after the password has expired.', + 'ldap_type' => 'date', + 'html_type' => 'date', + 'html_options' => array( + 'firstDayOfWeek' => 1, + ), + 'no_value_label' => 'Never', + 'multiple' => 1, + 'rights' => array( + 'self' => 'r', + 'admin' => 'r', + 'LSsysaccount' => 'r', + ), + 'view' => 1, + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdFailureTime' => array ( + 'label' => 'Last failed connection attempts', + 'ldap_type' => 'date', + 'ldap_options' => array( + 'format' => 'YmdHis.uO', + ), + 'html_type' => 'date', + 'html_options' => array( + 'firstDayOfWeek' => 1, + ), + 'no_value_label' => 'Never', + 'multiple' => 1, + 'rights' => array( + 'self' => 'r', + 'admin' => 'r', + 'LSsysaccount' => 'r', + ), + 'view' => 1, + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdAccountLockedTime' => array ( + 'label' => 'Locked time', + 'help_info' => 'Indicates the time the account was locked time. Delete this date and set pwdReset attribute to unlock the account.', + 'ldap_type' => 'date', + 'html_type' => 'date', + 'html_options' => array( + 'firstDayOfWeek' => 1, + ), + 'no_value_label' => 'Not locked', + 'rights' => array( + 'self' => 'r', + 'admin' => 'w', + 'LSsysaccount' => 'r', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdHistory' => array ( + 'label' => 'Passwords in history', + 'ldap_type' => 'pwdHistory', + 'html_type' => 'jsonCompositeAttribute', + 'html_options' => array ( + 'components' => array ( + 'time' => array ( + 'label' => 'Date added to history', + 'type' => 'text', + 'required' => true, + 'multiple' => false, + ), + 'syntaxOID' => array ( + 'label' => 'Syntax OID', + 'type' => 'text', + 'required' => true, + 'multiple' => false, + ), + 'length' => array ( + 'label' => 'Length', + 'type' => 'text', + 'required' => true, + 'multiple' => false, + ), + 'hashed_password' => array ( + 'label' => 'Hashed password', + 'type' => 'text', + 'required' => true, + 'multiple' => false, + ), + ), + 'fullWidth' => true, + ), + 'no_value_label' => 'History is empty.', + 'multiple' => 1, + 'rights' => array( + 'admin' => 'r', + ), + 'view' => 1, + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdReset' => array ( + 'label' => 'User must change its password before next connection', + 'help_info' => 'Set this attribute and delete pwdAccountLockedTime attribute value to unlock the account.', + 'ldap_type' => 'boolean', + 'html_type' => 'boolean', + 'no_value_label' => 'Not set', + 'rights' => array( + 'admin' => 'w', + 'LSsysaccount' => 'r', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdPolicySubentry' => array ( + 'label' => 'Password policy', + 'ldap_type' => 'ascii', + 'html_type' => 'select_object', + 'html_options' => array( + 'selectable_object' => array( + 'object_type' => 'pwdPolicy', + 'display_name_format' => '%{cn}', + 'value_attribute' => 'dn', + ), + ), + 'no_value_label' => 'Default policy', + 'validation' => array ( + array ( + 'object_type' => 'pwdPolicy', + 'basedn' => '%{val}', + 'result' => 1, + ), + ), + 'view' => 1, + 'rights' => array( + 'admin' => 'w', + 'LSsysaccount' => 'r', + ), + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ +); diff --git a/src/conf/LSobjects/config.LSobjects.pwdPolicy.php b/src/conf/LSobjects/config.LSobjects.pwdPolicy.php new file mode 100644 index 00000000..5bb3a6f8 --- /dev/null +++ b/src/conf/LSobjects/config.LSobjects.pwdPolicy.php @@ -0,0 +1,526 @@ + array( + 'top', + 'device', + 'pwdPolicy', + 'pwdPolicyChecker', + ), + 'rdn' => 'cn', + 'container_dn' => 'ou=ppolicies', + + 'display_name_format' => '%{cn}', + 'displayAttrName' => true, + 'label' => 'Password policies', + + 'customActions' => array ( + 'showTechInfo' => array ( + 'function' => 'showTechInfo', + 'label' => 'Show technical information', + 'hideLabel' => True, + 'noConfirmation' => true, + 'disableOnSuccessMsg' => true, + 'icon' => 'tech_info', + 'rights' => array ( + 'admin', + ), + ), + ), + + // LSform + 'LSform' => array ( + 'ajaxSubmit' => 1, + // Layout + 'layout' => array ( + 'general' => array( + 'label' => 'General information', + 'args' => array ( + 'cn', + 'pwdAttribute', + 'pwdAllowUserChange', + 'pwdSafeModify', + 'pwdInHistory', + ), + ), + 'quality' => array ( + 'label' => 'Password quality', + 'args' => array ( + 'pwdCheckQuality', + 'pwdMinLength', + 'pwdCheckModule', + ), + ), + 'expiration' => array ( + 'label' => 'Password expiration', + 'args' => array ( + 'pwdMaxAge', + 'pwdMinAge', + 'pwdExpireWarning', + 'pwdGraceAuthNLimit', + ), + ), + 'bruteforce' => array ( + 'label' => 'Brute-force attacks protection', + 'args' => array ( + 'pwdLockout', + 'pwdMaxFailure', + 'pwdMaxRecordedFailure', + 'pwdLockoutDuration', + 'pwdFailureCountInterval', + 'pwdMustChange', + ), + ), + ) // fin Layout + ), // fin LSform + + 'LSsearch' => array ( + 'attrs' => array ( + 'cn', + ), + 'params' => array ( + 'sortBy' => 'displayName', + ), + ), + + // Attributes + 'attrs' => array ( + + /* ----------- start -----------*/ + 'cn' => array ( + 'label' => 'Name', + 'ldap_type' => 'ascii', + 'html_type' => 'text', + 'required' => 1, + 'validation' => array ( + array ( + 'filter' => 'cn=%{val}', + 'object_type' => 'pwdPolicy', + 'result' => 0, + 'msg' => 'This name is already used.', + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdAttribute' => array ( + 'label' => 'Password attribute', + 'ldap_type' => 'ascii', + 'html_type' => 'text', + 'required' => 1, + 'default_value' => 'userPassword', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdAllowUserChange' => array ( + 'label' => 'User can change its password', + 'ldap_type' => 'boolean', + 'html_type' => 'boolean', + 'no_value_label' => 'Yes (default)', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdSafeModify' => array ( + 'label' => 'User must provide its old password to change it', + 'help_info' => 'Default: No.', + 'ldap_type' => 'boolean', + 'html_type' => 'boolean', + 'no_value_label' => 'No (default)', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdInHistory' => array ( + 'label' => 'Number of old passwords kept in history', + 'help_info' => "User can't reused an old password in its history. Default: zero.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No history (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* + ******************************************************************************************* + * Check password quality + ******************************************************************************************* + */ + + /* ----------- start -----------*/ + 'pwdCheckQuality' => array ( + 'label' => 'Check password quality', + 'ldap_type' => 'ascii', + 'html_type' => 'select_box', + 'html_options' => array ( + 'possible_values' => array ( + '0' => 'Disabled (default)', + '1' => "If password is already hashed (can't check it), accept it", + '2' => "If password is already hashed (can't check it), refuse it", + ), + ), + 'no_value_label' => 'Disabled (default)', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdMinLength' => array ( + 'label' => 'Minimum length a password', + 'help_info' => "If zero (default), no minimum length. Note: if password is provided already hashed, this check could not be performed and the policy define by the attribute pwdCheckQuality is applied.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No minimum length (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdCheckModule' => array ( + 'label' => 'Check OpenLDAP module to used', + 'help_info' => 'Used with caution ! The name of the OpenLDAP module to used to check the password quality.', + 'ldap_type' => 'ascii', + 'html_type' => 'text', + 'no_value_label' => 'Only length check (default)', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* + ******************************************************************************************* + * Password expiration + ******************************************************************************************* + */ + + /* ----------- start -----------*/ + 'pwdMaxAge' => array ( + 'label' => 'Maximum validity duration of a password', + 'help_info' => "In second. After this delay, the password will expired and must be changed. If zero (default), no password expiration.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No password expiration (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdMinAge' => array ( + 'label' => 'Minimum time between two password changes', + 'help_info' => "In second. If zero (default), no minimum time.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No minimum time (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdExpireWarning' => array ( + 'label' => 'Warning delay before password expiration', + 'help_info' => 'In seconds. Put zero to disabled.', + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No warning (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdGraceAuthNLimit' => array ( + 'label' => 'Grace delay after password expiration', + 'help_info' => "Number of time that a user can log in with its expired password. If zero (default), no grace delay and the user can't log in with its expired password.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No grace delay (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + + /* + ******************************************************************************************* + * Blocking brute-force attacks, + ******************************************************************************************* + */ + + + /* ----------- start -----------*/ + 'pwdLockout' => array ( + 'label' => 'Lock account after too many login failures', + 'help_info' => 'The limit is configured using pwdMaxFailure attribute.', + 'ldap_type' => 'boolean', + 'html_type' => 'boolean', + 'no_value_label' => 'No (default)', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdMaxFailure' => array ( + 'label' => 'Maximum allowed login failures', + 'help_info' => "After the number of login failures, the action defined by attribute pwdLockout will be executed. If zero (default), no limit.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'No limit (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdMaxRecordedFailure' => array ( + 'label' => 'Maximum number of failed connections to store', + 'help_info' => "Define the maximum number of failed connections to store for a user. If zero (default), the Maximum allowed login failures (pwdMaxFailure) value is used, or 5 if it's also zero.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'Default (see pwdMaxFailure if defined, otherwise: 5)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('min' => 0), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdLockoutDuration' => array ( + 'label' => 'Lock duration of an account', + 'help_info' => "In second. After this delay, the account will be automatically unlocked. If zero (default), the account will be locked until an administrator manually unlock it.", + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'Until an administrator manually unlock it (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdFailureCountInterval' => array ( + 'label' => 'Delay before reseting authentication fail count', + 'help_info' => 'In seconds. After this delay, authentication fail count will be reseted if no fail occured in the meantime. If zero (default), authentication fail count will be reseted only after a successful connection.', + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'no_value_label' => 'After successful connection (default)', + 'check_data' => array ( + 'integer' => array( + 'msg' => "Must be a positive integer.", + 'params' => array('positive' => true), + ), + ), + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'pwdMustChange' => array ( + 'label' => 'User must change its password after administrator unlock it', + 'help_info' => 'Default: No. Note: if the pwdReset attribute of the account is defined, its value override this parameter.', + 'ldap_type' => 'boolean', + 'html_type' => 'boolean', + 'no_value_label' => 'No (default)', + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + ) // Fin args +); diff --git a/src/conf/config.inc.php b/src/conf/config.inc.php index 68907fdf..e3a70132 100644 --- a/src/conf/config.inc.php +++ b/src/conf/config.inc.php @@ -97,6 +97,7 @@ $GLOBALS['LSconfig'] = array( 'LSpeople', 'LSgroup', 'LSsysaccount', + 'pwdPolicy', ), 'recoverPassword' => array( 'mailAttr' => 'mail', diff --git a/src/lang/fr_FR.UTF8/lang.php b/src/lang/fr_FR.UTF8/lang.php index 7cb4cab6..90704f5b 100644 --- a/src/lang/fr_FR.UTF8/lang.php +++ b/src/lang/fr_FR.UTF8/lang.php @@ -2,6 +2,10 @@ $GLOBALS['LSlang'] = array ( +# LSobjects.pwdPolicy.attrs.pwdCheckModule.help_info +"Used with caution ! The name of the OpenLDAP module to used to check the password quality." => + "À utiliser avec vigilance ! Nom du module pour OpenLDAP à utiliser pour vérifier la qualité du mot de passe.", + # LSobjects.LSpeople.attrs.lsGodfatherDn.label # LSobjects.LSgroup.attrs.lsGodfatherDn.label # LSobjects.LScompany.attrs.lsGodfatherDn.label @@ -12,6 +16,14 @@ $GLOBALS['LSlang'] = array ( "Administrator" => "Administrateur", +# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.no_value_label +"After successful connection (default)" => + "Après une connexion réussie (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdMaxFailure.help_info +"After the number of login failures, the action defined by attribute pwdLockout will be executed. If zero (default), no limit." => + "Après le nombre de connexions en échécs, l'action définie par l'attribut pwdLockout sera exécutée. Si zéro (par défaut), pas de limite.", + # LSobjects.LSpeople.attrs.loginShell.help_info "Allow user to connect a POSIX system." => "Autorisie l'utilisateur à se connecter aux systèmes POSIX.", @@ -29,6 +41,18 @@ $GLOBALS['LSlang'] = array ( "Belongs to groups ..." => "Appartient aux groupes ...", +# LSobjects.pwdPolicy.LSform.layout.bruteforce.label +"Brute-force attacks protection" => + "Proctection anti brute-force", + +# LSobjects.pwdPolicy.attrs.pwdCheckModule.label +"Check OpenLDAP module to used" => + "Module OpenLDAP de vérification à utiliser", + +# LSobjects.pwdPolicy.attrs.pwdCheckQuality.label +"Check password quality" => + "Vérifier la qualité du mot de passe", + # LSobjects.LSpeople.LSform.layout.Civilite.label # LSobjects.LSpeople.attrs.personalTitle.label "Civility" => @@ -46,15 +70,45 @@ $GLOBALS['LSlang'] = array ( "Company" => "Société", +# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.time.label +# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.time.label +"Date added to history" => + "Date d'ajout dans l'historique", + # LSobjects.LSpeople.attrs.sambaKickoffTime.no_value_label # LSobjects.LSpeople.attrs.sambaPwdMustChange.no_value_label "Default (never)" => "Par défaut (jamais)", +# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.no_value_label +"Default (see pwdMaxFailure if defined, otherwise: 5)" => + "Par défaut (voir pwdMaxFailure si défini, sinon : 5)", + # LSobjects.LSpeople.attrs.sambaPwdCanChange.no_value_label "Default (whenever)" => "Par défaut (n'importe quand)", +# LSobjects.LSpeople.attrs.pwdPolicySubentry.no_value_label +# LSobjects.LSsysaccount.attrs.pwdPolicySubentry.no_value_label +"Default policy" => + "Politique par défaut", + +# LSobjects.pwdPolicy.attrs.pwdSafeModify.help_info +"Default: No." => + "Par défaut : Non.", + +# LSobjects.pwdPolicy.attrs.pwdMustChange.help_info +"Default: No. Note: if the pwdReset attribute of the account is defined, its value override this parameter." => + "Par défaut : None. Remarque : si l'attribut pwdReset du compte est défini, sa valeur prévaut sur ce paramètre.", + +# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.help_info +"Define the maximum number of failed connections to store for a user. If zero (default), the Maximum allowed login failures (pwdMaxFailure) value is used, or 5 if it's also zero." => + "Défini le nombre maximum d'échecs de connexion historisés pour un utilisateur. Si zéro (par défaut), la valeur du nombre maximun d'échecs de connexion autorisés (pwdMaxFailure) est utilisé (ou 5 si il est également à zéro)", + +# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.label +"Delay before reseting authentication fail count" => + "Délais avant réinitialisation du nombre d'échecs d'authentification", + # LSobjects.LSpeople.attrs.description.label # LSobjects.LSgroup.attrs.description.label # LSobjects.LSsysaccount.attrs.description.label @@ -62,6 +116,10 @@ $GLOBALS['LSlang'] = array ( "Description" => "Description", +# LSobjects.pwdPolicy.attrs.pwdCheckQuality.no_value_label +"Disabled (default)" => + "Désactivé (par défaut)", + # LSobjects.LSpeople.attrs.userPassword.html_options.confirmChangeQuestion "Do you confirm change of this user's password?" => "Confirmez-vous le changement du mot de passe de cet utilisateur ?", @@ -95,10 +153,6 @@ $GLOBALS['LSlang'] = array ( "First Name" => "Prénom", -# templates/default/import.tpl:13 -"Format" => - "Format", - # LSobjects.LSpeople.attrs.cn.label "Full Name" => "Nom complet", @@ -107,6 +161,11 @@ $GLOBALS['LSlang'] = array ( "Gecos" => "Gecos", +# LSobjects.LSsysaccount.LSform.layout.general.label +# LSobjects.pwdPolicy.LSform.layout.general.label +"General information" => + "Informations générales", + # LSobjects.LSpeople.attrs.mail.check_data.email.msg "Given email address is invalid." => "L'adresse mail saisie est invalide.", @@ -119,10 +178,29 @@ $GLOBALS['LSlang'] = array ( "Godfather of ..." => "Parrain de ...", +# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.label +"Grace delay after password expiration" => + "Délai de grâce après l'expiration du mot de passe", + +# LSobjects.LSpeople.attrs.pwdGraceUseTime.label +# LSobjects.LSsysaccount.attrs.pwdGraceUseTime.label +"Grace use of the expired password" => + "Utilisation du délai de grâce après expiration du mot de passe", + # LSobjects.LSgroup.label "Groups" => "Groupes", +# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.hashed_password.label +# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.hashed_password.label +"Hashed password" => + "Mot de passe hâché", + +# LSobjects.LSpeople.attrs.pwdHistory.no_value_label +# LSobjects.LSsysaccount.attrs.pwdHistory.no_value_label +"History is empty." => + "L'historique est vide.", + # LSobjects.LSpeople.attrs.homeDirectory.label "Home Directory" => "Dossier personnel", @@ -136,10 +214,47 @@ $GLOBALS['LSlang'] = array ( "If not set, the user will be free to change his password whenever he wants." => "Si non défini, l'utilisateur pourra changer son mot de passe quand il le veut.", +# LSobjects.pwdPolicy.attrs.pwdCheckQuality.html_options.possible_values.1 +"If password is already hashed (can't check it), accept it" => + "Si le mot de passe est déjà hâché (vérification impossible), l'accepter", + +# LSobjects.pwdPolicy.attrs.pwdCheckQuality.html_options.possible_values.2 +"If password is already hashed (can't check it), refuse it" => + "Si le mot de passe est déjà hâché (vérification impossible), le refuser", + +# LSobjects.pwdPolicy.attrs.pwdMinLength.help_info +"If zero (default), no minimum length. Note: if password is provided already hashed, this check could not be performed and the policy define by the attribute pwdCheckQuality is applied." => + "Si zéro (par défaut), pas de longueur minimum. Remarque : si le mot de passe est fourni hâché, cette vérification sera impossible et la politique définie par l'attribut pwdCheckQuality sera appliquée.", + +# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.help_info +"In second. After this delay, the account will be automatically unlocked. If zero (default), the account will be locked until an administrator manually unlock it." => + "En seconde. Passé ce délai, le compte de sera automatiquement débloqué. Si zéro (par défaut), le compte sera bloqué tant qu'un administrateur ne le débloque pas manuellement.", + +# LSobjects.pwdPolicy.attrs.pwdMaxAge.help_info +"In second. After this delay, the password will expired and must be changed. If zero (default), no password expiration." => + "En seconde. Passé ce délai, le mot de passe expirera et devra être changé. Si zéro (par défaut), pas d'expiration du mot de passe.", + +# LSobjects.pwdPolicy.attrs.pwdMinAge.help_info +"In second. If zero (default), no minimum time." => + "En seconde. Si zéro (par défaut), pas de durée minimum.", + +# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.help_info +"In seconds. After this delay, authentication fail count will be reseted if no fail occured in the meantime. If zero (default), authentication fail count will be reseted only after a successful connection." => + "En seconde. Passé ce délai, le nombre d'échecs d'authentification sera réinitialisé si aucune tentative en échec n'a eut lieu entre-temps. Si zéro (par défaut), le nombre d'échecs d'authentification sera réinitialisé qu'après une connexion réussie.", + +# LSobjects.pwdPolicy.attrs.pwdExpireWarning.help_info +"In seconds. Put zero to disabled." => + "En seconde. Saisir zéro pour désactiver.", + # LSobjects.LSpeople.attrs.shadowInactive.label "Inactivity allowed (in days)" => "Durée d'inactivité autorisée (en jours)", +# LSobjects.LSpeople.attrs.pwdAccountLockedTime.help_info +# LSobjects.LSsysaccount.attrs.pwdAccountLockedTime.help_info +"Indicates the time the account was locked time. Delete this date and set pwdReset attribute to unlock the account." => + "Indique la durée de blocage du compte. Supprimez cette date et définissez l'attribut pwdReset pour débloquer le compte.", + # LSobjects.LSpeople.attrs.gidNumber.html_options.possible_values.1.label "LDAP Groups" => "Groupes LDAP", @@ -167,6 +282,34 @@ $GLOBALS['LSlang'] = array ( "Last Name" => "Nom", +# LSobjects.LSpeople.attrs.pwdFailureTime.label +# LSobjects.LSsysaccount.attrs.pwdFailureTime.label +"Last failed connection attempts" => + "Derniers échecs de connexion", + +# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.length.label +# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.length.label +"Length" => + "Longeur", + +# LSobjects.LSpeople.attrs.pwdGraceUseTime.help_info +# LSobjects.LSsysaccount.attrs.pwdGraceUseTime.help_info +"List the time of each succesful authentications after the password has expired." => + "Liste les heures des authentifications réussies après l'expiration du mot de passe.", + +# LSobjects.pwdPolicy.attrs.pwdLockout.label +"Lock account after too many login failures" => + "Bloquer le compte après un trop grand nombre d'échecs de connexion", + +# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.label +"Lock duration of an account" => + "Durée de blocage d'un compte", + +# LSobjects.LSpeople.attrs.pwdAccountLockedTime.label +# LSobjects.LSsysaccount.attrs.pwdAccountLockedTime.label +"Locked time" => + "Date du blocage", + # LSobjects.LSpeople.LSsearch.extraDisplayedColumns.mail.label "Mail" => "Mail", @@ -175,10 +318,30 @@ $GLOBALS['LSlang'] = array ( "Main group" => "Groupe principal", +# LSobjects.pwdPolicy.attrs.pwdMaxFailure.label +"Maximum allowed login failures" => + "Nombre maximun d'échecs de connexion autorisés", + +# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.label +"Maximum number of failed connections to store" => + "Nombre maximum d'échecs de connexion historisés", + +# LSobjects.pwdPolicy.attrs.pwdMaxAge.label +"Maximum validity duration of a password" => + "Durée maximum de validité du mot de passe", + # LSobjects.LSgroup.attrs.uniqueMember.label "Members" => "Membres", +# LSobjects.pwdPolicy.attrs.pwdMinLength.label +"Minimum length a password" => + "Longueur minimum d'un mot de passe", + +# LSobjects.pwdPolicy.attrs.pwdMinAge.label +"Minimum time between two password changes" => + "Durée minimum entre deux modifications du mot de passe", + # LSobjects.LSpeople.attrs.personalTitle.html_options.possible_values.M. "Mr" => "M.", @@ -191,7 +354,21 @@ $GLOBALS['LSlang'] = array ( "Ms" => "Mlle", +# LSobjects.pwdPolicy.attrs.pwdInHistory.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdMinLength.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdMaxAge.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdMinAge.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdExpireWarning.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdMaxFailure.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdMaxRecordedFailure.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.check_data.integer.msg +# LSobjects.pwdPolicy.attrs.pwdFailureCountInterval.check_data.integer.msg +"Must be a positive integer." => + "Doit être un entier positif.", + # LSobjects.LSgroup.attrs.cn.label +# LSobjects.pwdPolicy.attrs.cn.label # LSobjects.LScompany.attrs.ou.label "Name" => "Nom", @@ -200,10 +377,9 @@ $GLOBALS['LSlang'] = array ( "Name must contain alphanumeric values only." => "Le nom doit contenir uniquement des valeurs alpha-numériques.", -# templates/default/viewSearch.tpl:113 -"Nb / page :" => - "Nb / page :", - +# LSobjects.LSpeople.attrs.pwdChangedTime.no_value_label +# LSobjects.LSpeople.attrs.pwdGraceUseTime.no_value_label +# LSobjects.LSpeople.attrs.pwdFailureTime.no_value_label # LSobjects.LSpeople.attrs.shadowLastChange.no_value_label # LSobjects.LSpeople.attrs.sambaLogonTime.no_value_label # LSobjects.LSpeople.attrs.sambaLogoffTime.no_value_label @@ -211,9 +387,64 @@ $GLOBALS['LSlang'] = array ( # LSobjects.LSpeople.attrs.sambaPwdLastSet.no_value_label # LSobjects.LSpeople.attrs.sambaPwdMustChange.html_options.special_values.2147483647 # LSobjects.LSpeople.attrs.sambaPwdCanChange.html_options.special_values.2147483647 +# LSobjects.LSsysaccount.attrs.pwdChangedTime.no_value_label +# LSobjects.LSsysaccount.attrs.pwdGraceUseTime.no_value_label +# LSobjects.LSsysaccount.attrs.pwdFailureTime.no_value_label "Never" => "Jamais", +# LSobjects.pwdPolicy.attrs.pwdSafeModify.no_value_label +# LSobjects.pwdPolicy.attrs.pwdLockout.no_value_label +# LSobjects.pwdPolicy.attrs.pwdMustChange.no_value_label +"No (default)" => + "Non (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.no_value_label +"No grace delay (default)" => + "Aucun délai de grâce (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdInHistory.no_value_label +"No history (default)" => + "Pas d'historique (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdMaxFailure.no_value_label +"No limit (default)" => + "Pas de limite (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdMinLength.no_value_label +"No minimum length (default)" => + "Pas de longueur minimum (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdMinAge.no_value_label +"No minimum time (default)" => + "Pas de durée minimum (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdMaxAge.no_value_label +"No password expiration (default)" => + "Pas d'expiration du mot de passe (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdExpireWarning.no_value_label +"No warning (default)" => + "Pas d'alerte (par défaut)", + +# LSobjects.LSpeople.attrs.pwdAccountLockedTime.no_value_label +# LSobjects.LSsysaccount.attrs.pwdAccountLockedTime.no_value_label +"Not locked" => + "Non-bloqué", + +# LSobjects.LSpeople.attrs.pwdReset.no_value_label +# LSobjects.LSsysaccount.attrs.pwdReset.no_value_label +"Not set" => + "Non défini", + +# LSobjects.pwdPolicy.attrs.pwdInHistory.label +"Number of old passwords kept in history" => + "Nombre d'anciens mots de passe à conserver dans l'historique", + +# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.help_info +"Number of time that a user can log in with its expired password. If zero (default), no grace delay and the user can't log in with its expired password." => + "Nombre de fois qu'un utilisateur peut se connecter avec son mot de passe expiré. Si zéro (par défaut), pas de délai de grâce et l'utilisateur ne pourra pas se connecter avec son mot de passe expiré.", + # LSobjects.LSpeople.attrs.uidNumber.label "Numeric identifier" => "Identifiant numérique", @@ -227,14 +458,43 @@ $GLOBALS['LSlang'] = array ( "One or several users don't exist." => "Un ou plusieurs utilisateurs n'existent pas.", +# LSobjects.pwdPolicy.attrs.pwdCheckModule.no_value_label +"Only length check (default)" => + "Uniquement une vérification de la longueur du mot de passe (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdAttribute.label +"Password attribute" => + "Attribut mot de passe", + # LSobjects.LSpeople.attrs.shadowExpire.label +# LSobjects.pwdPolicy.LSform.layout.expiration.label "Password expiration" => "Expiration du mot de passe", +# LSobjects.LSpeople.attrs.pwdChangedTime.label +# LSobjects.LSsysaccount.attrs.pwdChangedTime.label +"Password last change" => + "Dernière modification du mot de passe", + # LSobjects.LSpeople.attrs.shadowLastChange.label "Password last change time" => "Dernière modification du mot de passe", +# LSobjects.pwdPolicy.label +"Password policies" => + "Politiques des mots de passe", + +# LSobjects.LSpeople.LSform.layout.ppolicy.label +# LSobjects.LSpeople.attrs.pwdPolicySubentry.label +# LSobjects.LSsysaccount.LSform.layout.ppolicy.label +# LSobjects.LSsysaccount.attrs.pwdPolicySubentry.label +"Password policy" => + "Politique de mot de passe", + +# LSobjects.pwdPolicy.LSform.layout.quality.label +"Password quality" => + "Qualité du mot de passe", + # LSobjects.LSpeople.attrs.lsRecoveryHash.label "Password recovery hash" => "Hash de récupération de mot de passe", @@ -243,6 +503,11 @@ $GLOBALS['LSlang'] = array ( "Password validity (in days)" => "Durée de validité du mot de passe (en jours)", +# LSobjects.LSpeople.attrs.pwdHistory.label +# LSobjects.LSsysaccount.attrs.pwdHistory.label +"Passwords in history" => + "Mots de passe dans l'historique", + # LSobjects.LSpeople.attrs.jpegPhoto.label "Picture" => "Image", @@ -319,9 +584,15 @@ $GLOBALS['LSlang'] = array ( "Samba primary group identifier" => "Identifiant du groupe primaire Samba", +# LSobjects.LSpeople.attrs.pwdReset.help_info +# LSobjects.LSsysaccount.attrs.pwdReset.help_info +"Set this attribute and delete pwdAccountLockedTime attribute value to unlock the account." => + "Définissez cet attribut et supprimez l'attribut pwdAccountLockedTime pour débloquer le compte.", + # LSobjects.LSpeople.customActions.showTechInfo.label # LSobjects.LSgroup.customActions.showTechInfo.label # LSobjects.LSsysaccount.customActions.showTechInfo.label +# LSobjects.pwdPolicy.customActions.showTechInfo.label # LSobjects.LScompany.customActions.showTechInfo.label "Show technical information" => "Afficher les informations techniques", @@ -334,6 +605,11 @@ $GLOBALS['LSlang'] = array ( "Specifies the time when the user will be locked down and cannot login any longer." => "Détermine la date à partir de laquelle l'utilisateur sera bloqué et ne pourra plus se connecter.", +# LSobjects.LSpeople.attrs.pwdHistory.html_options.components.syntaxOID.label +# LSobjects.LSsysaccount.attrs.pwdHistory.html_options.components.syntaxOID.label +"Syntax OID" => + "OID de la syntaxe", + # LSobjects.LSsysaccount.label "System accounts" => "Comptes systèmes", @@ -346,6 +622,10 @@ $GLOBALS['LSlang'] = array ( "The inactivity allowed must be an positive integer." => "La durée d'inactivité autorisée doit être un entier positif.", +# LSobjects.pwdPolicy.attrs.pwdLockout.help_info +"The limit is configured using pwdMaxFailure attribute." => + "La limite est configuré par l'attribut pwdMaxFailure.", + # LSobjects.LSpeople.attrs.shadowMax.help_info "The maximum number of days the password is valid." => "Le nombre de jours maximum durant lequel le mot de passe sera valide.", @@ -371,6 +651,10 @@ $GLOBALS['LSlang'] = array ( "This identifier is already used." => "Cet identifiant est déjà utilisé.", +# LSobjects.pwdPolicy.attrs.cn.validation.0.msg +"This name is already used." => + "Ce nom est déjà utilisé.", + # LSobjects.LSsysaccount.attrs.userPassword.check_data.password.msg "This password must contain at least 12 characters." => "Ce mot de passe doit contenir au moins 12 caractères.", @@ -386,10 +670,39 @@ $GLOBALS['LSlang'] = array ( "Pour poursuivre la procédure de récupération de mot de passe, merci de suivre ce lien : %{url}", +# LSobjects.pwdPolicy.attrs.pwdLockoutDuration.no_value_label +"Until an administrator manually unlock it (default)" => + "Tant qu'un administrateur ne le débloque pas (par défaut)", + +# LSobjects.pwdPolicy.attrs.pwdAllowUserChange.label +"User can change its password" => + "L'utilisateur peut changer son mot de passe", + +# LSobjects.pwdPolicy.attrs.pwdInHistory.help_info +"User can't reused an old password in its history. Default: zero." => + "L'utilisateur ne peut réutiliser un ancien mot de passe encore dans l'historique. Par défaut : zéro.", + +# LSobjects.pwdPolicy.attrs.pwdMustChange.label +"User must change its password after administrator unlock it" => + "L'utilisateur doit changer son mot de passe après déblocage par l'administrateur", + +# LSobjects.LSpeople.attrs.pwdReset.label +# LSobjects.LSsysaccount.attrs.pwdReset.label +"User must change its password before next connection" => + "L'utilisateur doit changé son mot de passe avant la prochaine connexion", + +# LSobjects.pwdPolicy.attrs.pwdSafeModify.label +"User must provide its old password to change it" => + "L'utilisateur doit fournir son mot de passe actuell pour le changer", + # LSobjects.LSpeople.label "Users" => "Utilisateurs", +# LSobjects.pwdPolicy.attrs.pwdExpireWarning.label +"Warning delay before password expiration" => + "Délai d'avertissement avec expiration du mot de passe", + # LSobjects.LSpeople.attrs.sambaPwdCanChange.html_options.special_values.0 "Whenever" => "N'importe quand", @@ -402,6 +715,10 @@ $GLOBALS['LSlang'] = array ( "Without photo" => "Sans photo", +# LSobjects.pwdPolicy.attrs.pwdAllowUserChange.no_value_label +"Yes (default)" => + "Oui (par défaut)", + # ldap_servers.0.recoverPassword.newPasswordMail.msg # ldap_servers.1.recoverPassword.newPasswordMail.msg "Your new password : %{mdp}" =>