| # SOME DESCRIPTIVE TITLE. |
| # Copyright (C) |
| # This file is distributed under the same license as the Apache CloudStack |
| # Administration Documentation package. |
| # |
| # Translators: |
| msgid "" |
| msgstr "" |
| "Project-Id-Version: Apache CloudStack Administration RTD\n" |
| "Report-Msgid-Bugs-To: \n" |
| "POT-Creation-Date: 2016-08-22 13:55+0200\n" |
| "PO-Revision-Date: 2014-06-30 12:03+0000\n" |
| "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
| "Language-Team: Chinese (China) (http://www.transifex.com/projects/p" |
| "/apache-cloudstack-administration-rtd/language/zh_CN/)\n" |
| "MIME-Version: 1.0\n" |
| "Content-Type: text/plain; charset=utf-8\n" |
| "Content-Transfer-Encoding: 8bit\n" |
| "Generated-By: Babel 2.3.4\n" |
| |
| #: ../../accounts.rst:18 |
| #, fuzzy |
| msgid "Managing Roles, Accounts, Users and Domains" |
| msgstr "管理账户,用户和域" |
| |
| #: ../../accounts.rst:21 |
| #, fuzzy |
| msgid "Roles, Accounts, Users, and Domains" |
| msgstr "账户,用户,域" |
| |
| #: ../../accounts.rst:24 |
| msgid "Roles" |
| msgstr "" |
| |
| #: ../../accounts.rst:26 |
| msgid "" |
| "A role represents a set of allowed functions. All CloudStack accounts " |
| "have a role attached to them that enforce access rules on them to be " |
| "allowed or disallowed to make an API request. Typically there are four " |
| "default roles: root admin, resource admin, domain admin and user." |
| msgstr "" |
| |
| #: ../../accounts.rst:33 |
| msgid "Accounts" |
| msgstr "账户" |
| |
| #: ../../accounts.rst:35 |
| msgid "" |
| "An account typically represents a customer of the service provider or a " |
| "department in a large organization. Multiple users can exist in an " |
| "account." |
| msgstr "一个账户通常代表一个客户的服务提供者或一个大组织中的一个部门。一个账户可存在多个用户。" |
| |
| #: ../../accounts.rst:41 |
| msgid "Domains" |
| msgstr "域" |
| |
| #: ../../accounts.rst:43 |
| msgid "" |
| "Accounts are grouped by domains. Domains usually contain multiple " |
| "accounts that have some logical relationship to each other and a set of " |
| "delegated administrators with some authority over the domain and its " |
| "subdomains. For example, a service provider with several resellers could " |
| "create a domain for each reseller." |
| msgstr "帐户通常按域进行分组。域中经常包含多个账户,这些账户间存在一些逻辑上关系和一系列该域和其子域下的委派的管理员(这段的意思就是说在逻辑上域下可以有管理员,子域下也可以有管理员)。比如,一个服务提供商可有多个分销商这样的服务提供商就能为每一个分销商创建一个域" |
| |
| #: ../../accounts.rst:49 |
| msgid "" |
| "For each account created, the Cloud installation creates three different " |
| "types of user accounts: root administrator, domain administrator, and " |
| "user." |
| msgstr "对于每个账户的创建,Cloud的安装过程中创建了三种不同类型的用户账户:根管理员,域管理员,普通用户。" |
| |
| #: ../../accounts.rst:55 |
| msgid "Users" |
| msgstr "普通用户" |
| |
| #: ../../accounts.rst:57 |
| msgid "" |
| "Users are like aliases in the account. Users in the same account are not " |
| "isolated from each other, but they are isolated from users in other " |
| "accounts. Most installations need not surface the notion of users; they " |
| "just have one user per account. The same user cannot belong to multiple " |
| "accounts." |
| msgstr "用户就像是账户的别名。在同一账户下的用户彼此之间并非隔离的。但是他们与不同账户下的用户是相互隔离的。大多数安装不需要用户的表面概念;他们只是每一个帐户的用户。同一用户不能属于多个帐户。" |
| |
| #: ../../accounts.rst:63 |
| msgid "" |
| "Username is unique in a domain across accounts in that domain. The same " |
| "username can exist in other domains, including sub-domains. Domain name " |
| "can repeat only if the full pathname from root is unique. For example, " |
| "you can create root/d1, as well as root/foo/d1, and root/sales/d1." |
| msgstr "多个账户中的用户名在域中应该是唯一的。相同的用户名能在其他的域中存在,包括子域。域名只有在全路径名唯一的时候才能重复。比如,你能创建一个root/d1,也可以创建root/foo/d1和root/sales/d1。" |
| |
| #: ../../accounts.rst:68 |
| msgid "" |
| "Administrators are accounts with special privileges in the system. There " |
| "may be multiple administrators in the system. Administrators can create " |
| "or delete other administrators, and change the password for any user in " |
| "the system." |
| msgstr "管理员在系统中是拥有特权的账户。可能有多个管理员在系统中,管理员能创建删除其他管理员,并且修改系统中任意用户的密码。" |
| |
| #: ../../accounts.rst:75 |
| msgid "Domain Administrators" |
| msgstr "域管理员" |
| |
| #: ../../accounts.rst:77 |
| msgid "" |
| "Domain administrators can perform administrative operations for users who" |
| " belong to that domain. Domain administrators do not have visibility into" |
| " physical servers or other domains." |
| msgstr "域管理员可以对属于该域的用户进行管理操作。域管理员在物理服务器或其他域中不可见。" |
| |
| #: ../../accounts.rst:83 |
| msgid "Root Administrator" |
| msgstr "根管理员" |
| |
| #: ../../accounts.rst:85 |
| msgid "" |
| "Root administrators have complete access to the system, including " |
| "managing templates, service offerings, customer care administrators, and " |
| "domains" |
| msgstr "根管理员拥有系统完全访问权限,包括管理模板,服务方案,客户服务管理员和域。" |
| |
| #: ../../accounts.rst:91 |
| msgid "Resource Ownership" |
| msgstr "资源所有权" |
| |
| #: ../../accounts.rst:93 |
| msgid "" |
| "Resources belong to the account, not individual users in that account. " |
| "For example, billing, resource limits, and so on are maintained by the " |
| "account, not the users. A user can operate on any resource in the account" |
| " provided the user has privileges for that operation. The privileges are " |
| "determined by the role. A root administrator can change the ownership of " |
| "any virtual machine from one account to any other account by using the " |
| "assignVirtualMachine API. A domain or sub-domain administrator can do the" |
| " same for VMs within the domain from one account to any other account in " |
| "the domain or any of its sub-domains." |
| msgstr "" |
| "资源属于帐户,而不是帐户中的单个用户。例如,账单、资源限制等由帐户维护,而不是用户维护。用户有权限操作任何在帐户中提供的资源。权限有角色决定。根管理员通过使用assignVirtualMachine" |
| " API可以将任何虚拟机的所有权从一个帐户调整到另一个帐户。域或子域管理员可以对域中的VMs做同样的操作,包括子域。" |
| |
| #: ../../accounts.rst:105 |
| msgid "Using Dynamic Roles" |
| msgstr "" |
| |
| #: ../../accounts.rst:107 |
| msgid "" |
| "In addition to the four default roles, the dynamic role-based API checker" |
| " feature allows CloudStack root admins to create new roles with " |
| "customized permissions. The allow/deny rules can be configured " |
| "dynamically during runtime without restarting the management server(s)." |
| msgstr "" |
| |
| #: ../../accounts.rst:112 |
| msgid "" |
| "For backward compatiblity, all roles resolve to one of the four role " |
| "types: admin, resource admin, domain admin and user. A new role can be " |
| "created using the roles tab in the UI and specifying a name, a role type " |
| "and optionally a description." |
| msgstr "" |
| |
| #: ../../accounts.rst:117 |
| msgid "" |
| "Role specific rules can be configured through the rules tab on role " |
| "specific details page. A rule is either an API name or a wildcard string " |
| "that are one of allow or deny permission and optionally a description." |
| msgstr "" |
| |
| #: ../../accounts.rst:121 |
| msgid "" |
| "When a user makes an API request, the backend checks the requested API " |
| "against configured rules (in the order the rules were configured) for the" |
| " caller user-account's role. It will iterate through the rules and would " |
| "allow the API request if the API matches an allow rule, else if it " |
| "matches a deny rule it would deny the request. Next, if the request API " |
| "fails to match any of the configured rules it would allow if the " |
| "requested API's default authorized annotaions allow that user role type " |
| "and finally deny the user API request if it fails to be explicitly " |
| "allowed/denied by the role permission rules or the default API authorize " |
| "annotations. Note: to avoid root admin being locked out of the system, " |
| "all root admin accounts are allowed all APIs." |
| msgstr "" |
| |
| #: ../../accounts.rst:132 |
| msgid "" |
| "The dynamic-roles feature is enabled by default only for all new " |
| "CloudStack installations since version `4.9.x " |
| "<https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack>`_." |
| msgstr "" |
| |
| #: ../../accounts.rst:135 |
| msgid "" |
| "After an upgrade, existing deployments can be migrated to use this " |
| "feature by running a migration tool by the CloudStack admin. The " |
| "migration tool is located at ``/usr/share/cloudstack-common/scripts/util" |
| "/migrate-dynamicroles.py``." |
| msgstr "" |
| |
| #: ../../accounts.rst:139 |
| msgid "" |
| "During migration, this tool enables an internal flag in the database, " |
| "copies existing static role-based rules from provided commands.properties" |
| " file (typically at ``/etc/cloudstack/management/commands.properties``) " |
| "to the database and renames the commands.properties file (typically to " |
| "/etc/cloudstack/management/commands.properties.deprecated). The migration" |
| " process does not require restarting the management server(s)." |
| msgstr "" |
| |
| #: ../../accounts.rst:146 |
| msgid "Usage: ``migrate-dynamicroles.py`` [options] [-h for help]" |
| msgstr "" |
| |
| #: ../../accounts.rst:148 |
| msgid "Options:" |
| msgstr "" |
| |
| #: ../../accounts.rst:151 |
| msgid "The name of the database, default: cloud" |
| msgstr "" |
| |
| #: ../../accounts.rst:153 |
| msgid "User name a MySQL user with privileges on cloud database, default: cloud" |
| msgstr "" |
| |
| #: ../../accounts.rst:155 |
| msgid "Password of a MySQL user with privileges on cloud database" |
| msgstr "" |
| |
| #: ../../accounts.rst:157 |
| msgid "Host or IP of the MySQL server" |
| msgstr "" |
| |
| #: ../../accounts.rst:159 |
| msgid "Host or IP of the MySQL server, default: 3306" |
| msgstr "" |
| |
| #: ../../accounts.rst:161 |
| msgid "" |
| "The commands.properties file, default: " |
| "/etc/cloudstack/management/commands.properties" |
| msgstr "" |
| |
| #: ../../accounts.rst:163 |
| msgid "Dry run and debug operations this tool will perform" |
| msgstr "" |
| |
| #: ../../accounts.rst:166 |
| msgid "Example:" |
| msgstr "" |
| |
| #: ../../accounts.rst:168 |
| msgid "" |
| "sudo python /usr/share/cloudstack-common/scripts/util/migrate-" |
| "dynamicroles.py -u cloud -p cloud -h localhost -p 3006 -f " |
| "/etc/cloudstack/management/commands.properties" |
| msgstr "" |
| |
| #: ../../accounts.rst:170 |
| msgid "" |
| "If you've multiple management servers, remove or rename the " |
| "commands.properties file on all management servers typically in " |
| "/etc/cloudstack/management path, after running the migration tool for the" |
| " first management server" |
| msgstr "" |
| |
| #: ../../accounts.rst:176 |
| msgid "Dedicating Resources to Accounts and Domains" |
| msgstr "给帐户和域分配专用资源" |
| |
| #: ../../accounts.rst:178 |
| msgid "" |
| "The root administrator can dedicate resources to a specific domain or " |
| "account that needs private infrastructure for additional security or " |
| "performance guarantees. A zone, pod, cluster, or host can be reserved by " |
| "the root administrator for a specific domain or account. Only users in " |
| "that domain or its subdomain may use the infrastructure. For example, " |
| "only users in a given domain can create guests in a zone dedicated to " |
| "that domain." |
| msgstr "根管理员可以将资源分配给指定的域或为了保证额外的安全或性能从而需要单独基础架构帐户。为了一个指定的域或账号,区域、机架、群集或者主机可以被根管理员保留。只有域或它的子域中的用户可以使用这个基础架构。比如,只有域中的用户可以在其中的区域中创建来宾虚机。" |
| |
| #: ../../accounts.rst:186 |
| msgid "There are several types of dedication available:" |
| msgstr "这里有几种有效的分配方式:" |
| |
| #: ../../accounts.rst:188 |
| msgid "" |
| "Explicit dedication. A zone, pod, cluster, or host is dedicated to an " |
| "account or domain by the root administrator during initial deployment and" |
| " configuration." |
| msgstr "明确的专用。根管理员在初始部署和配置期间给一个帐户或者域分配了一个区域、机架、群集或者主机。" |
| |
| #: ../../accounts.rst:192 |
| msgid "" |
| "Strict implicit dedication. A host will not be shared across multiple " |
| "accounts. For example, strict implicit dedication is useful for " |
| "deployment of certain types of applications, such as desktops, where no " |
| "host can be shared between different accounts without violating the " |
| "desktop software's terms of license." |
| msgstr "严格的潜在专用:一个主机禁止通过多个账号共享。例如,严格私自共享对于部署的某些应用是有用处的,像没有软件授权主机不能在不同账号间进行桌面共享。" |
| |
| #: ../../accounts.rst:198 |
| msgid "" |
| "Preferred implicit dedication. The VM will be deployed in dedicated " |
| "infrastructure if possible. Otherwise, the VM can be deployed in shared " |
| "infrastructure." |
| msgstr "优先的潜在专用。如果可以的话,VM会被部署在专用的基础架构中。否则,VM可被部署在共享基础架构中。" |
| |
| #: ../../accounts.rst:204 |
| msgid "How to Dedicate a Zone, Cluster, Pod, or Host to an Account or Domain" |
| msgstr "如何给帐户或者域指定一个区域、群集、机架或者主机" |
| |
| #: ../../accounts.rst:206 |
| msgid "" |
| "For explicit dedication: When deploying a new zone, pod, cluster, or " |
| "host, the root administrator can click the Dedicated checkbox, then " |
| "choose a domain or account to own the resource." |
| msgstr "对于明确的专用:当部署一个新的区域、机架、群集或者主机的时候,根管理员可以点击Dedicated选框,然后选择域或者帐户来拥有这些资源。" |
| |
| #: ../../accounts.rst:210 |
| msgid "" |
| "To explicitly dedicate an existing zone, pod, cluster, or host: log in as" |
| " the root admin, find the resource in the UI, and click the Dedicate " |
| "button. |button to dedicate a zone, pod,cluster, or host|" |
| msgstr "" |
| "对于明确的专用一个已存在的区域、机架、群集或者主机:使用根管理员登录,在UI中找到资源,然后点击Dedicate按钮。|button to " |
| "dedicate a zone, pod,cluster, or host|" |
| |
| #: ../../accounts.rst:214 |
| msgid "" |
| "For implicit dedication: The administrator creates a compute service " |
| "offering and in the Deployment Planner field, chooses " |
| "ImplicitDedicationPlanner. Then in Planner Mode, the administrator " |
| "specifies either Strict or Preferred, depending on whether it is " |
| "permissible to allow some use of shared resources when dedicated " |
| "resources are not available. Whenever a user creates a VM based on this " |
| "service offering, it is allocated on one of the dedicated hosts." |
| msgstr "对于隐式的专用:管理员创建的计算服务方案和在部署规划区域选择ImplicitDedicationPlanner。然后在规划模型中,管理员按照是否允许一些人当没有专用资源可用的时候使用共享资源来选择严格的或者优先的。无论何时,用户基于这个服务方案创建的VM都会位于专用主机。" |
| |
| #: ../../accounts.rst:224 |
| msgid "How to Use Dedicated Hosts" |
| msgstr "如何使用专用主机" |
| |
| #: ../../accounts.rst:226 |
| msgid "" |
| "To use an explicitly dedicated host, use the explicit-dedicated type of " |
| "affinity group (see `“Affinity Groups” <virtual_machines.html#affinity-" |
| "groups>`_). For example, when creating a new VM, an end user can choose " |
| "to place it on dedicated infrastructure. This operation will succeed only" |
| " if some infrastructure has already been assigned as dedicated to the " |
| "user's account or domain." |
| msgstr "" |
| "要使用明确专用主机,在关联组 (参阅 `“关联组” <virtual_machines.html#affinity-groups>`_" |
| ")中选择explicit-dedicated " |
| "类型。比如,当创建新VM的时候,终端用户可以选择将其运行在专用基础架构上。如果一些基础架构已经被分配给专用的用户帐号或域,那么这个操作才能成功。" |
| |
| #: ../../accounts.rst:235 |
| msgid "Behavior of Dedicated Hosts, Clusters, Pods, and Zones" |
| msgstr "专用主机、群集、机架和区域的行为" |
| |
| #: ../../accounts.rst:237 |
| msgid "" |
| "The administrator can live migrate VMs away from dedicated hosts if " |
| "desired, whether the destination is a host reserved for a different " |
| "account/domain or a host that is shared (not dedicated to any particular " |
| "account or domain). CloudStack will generate an alert, but the operation " |
| "is allowed." |
| msgstr "管理员可以将VMs从专用主机上迁移到任何想要的地方,不管目标主机是不同帐号/域专用的还是共享的主机(不对任何特殊帐号或域专用)。CloudStack将生成一个警告,不过操作还是允许的。" |
| |
| #: ../../accounts.rst:243 |
| msgid "" |
| "Dedicated hosts can be used in conjunction with host tags. If both a host" |
| " tag and dedication are requested, the VM will be placed only on a host " |
| "that meets both requirements. If there is no dedicated resource available" |
| " to that user that also has the host tag requested by the user, then the " |
| "VM will not deploy." |
| msgstr "专用主机可用主机标签连接。如果同时需要主机标签和专用,那么VM将只会在匹配所有需求的主机上运行。如果没有专用资源可用于这类用户,那么VM就不会被不部署。" |
| |
| #: ../../accounts.rst:249 |
| msgid "" |
| "If you delete an account or domain, any hosts, clusters, pods, and zones " |
| "that were dedicated to it are freed up. They will now be available to be " |
| "shared by any account or domain, or the administrator may choose to re-" |
| "dedicate them to a different account or domain." |
| msgstr "如果你删除了一个指定了专用资源的帐号或者域,那么其中的任何主机、群集、机架和区域就会被释放。它们会变成可被任何帐户或者域共享,或者管理员可选择重新把它们指定给不同的帐号或域。" |
| |
| #: ../../accounts.rst:254 |
| msgid "" |
| "System VMs and virtual routers affect the behavior of host dedication. " |
| "System VMs and virtual routers are owned by the CloudStack system " |
| "account, and they can be deployed on any host. They do not adhere to " |
| "explicit dedication. The presence of system vms and virtual routers on a " |
| "host makes it unsuitable for strict implicit dedication. The host can not" |
| " be used for strict implicit dedication, because the host already has VMs" |
| " of a specific account (the default system account). However, a host with" |
| " system VMs or virtual routers can be used for preferred implicit " |
| "dedication." |
| msgstr "系统VMs和虚拟路由器影响专用主机的行为。系统VMs和虚拟路由器由CloudStack系统账号拥有,并且它们可在任何主机上部署。它们不会伴随着明确专用主机。主机上的系统虚机和虚拟路由器使其不再适合作为严格的潜在专用主机。主机之所以不能用于严格的潜在专用主机,是因为主机已经有针对帐号(默认系统账号)的VMs。尽管如此,运行着系统VMs或虚拟路由器的主机可以被用于优先的潜在专用。" |
| |
| #: ../../accounts.rst:266 |
| msgid "Using an LDAP Server for User Authentication" |
| msgstr "使用LDAP服务器用于用户验证" |
| |
| #: ../../accounts.rst:268 |
| msgid "" |
| "You can use an external LDAP server such as Microsoft Active Directory or" |
| " ApacheDS to authenticate CloudStack end-users. CloudStack will search " |
| "the external LDAP directory tree starting at a specified base directory " |
| "and gets user info such as first name, last name, email and username." |
| msgstr "" |
| |
| #: ../../accounts.rst:273 |
| msgid "" |
| "To authenticate, username and password entered by the user are used. " |
| "Cloudstack does a search for a user with the given username. If it " |
| "exists, it does a bind request with DN and password." |
| msgstr "" |
| |
| #: ../../accounts.rst:277 |
| msgid "" |
| "To set up LDAP authentication in CloudStack, call the CloudStack API " |
| "command ``addLdapConfiguration`` and provide Hostname or IP address and " |
| "listening port of the LDAP server. You could configure multiple servers " |
| "as well. These are expected to be replicas. If one fails, the next one is" |
| " used." |
| msgstr "" |
| |
| #: ../../accounts.rst:283 |
| msgid "" |
| "The following global configurations should also be configured (the " |
| "default values are for openldap)" |
| msgstr "" |
| |
| #: ../../accounts.rst:286 |
| msgid "" |
| "``ldap.basedn``: Sets the basedn for LDAP. Ex: " |
| "**OU=APAC,DC=company,DC=com**" |
| msgstr "" |
| |
| #: ../../accounts.rst:288 |
| msgid "" |
| "``ldap.bind.principal``, ``ldap.bind.password``: DN and password for a " |
| "user who can list all the users in the above basedn. Ex: " |
| "**CN=Administrator, OU=APAC, DC=company, DC=com**" |
| msgstr "" |
| |
| #: ../../accounts.rst:292 |
| msgid "" |
| "``ldap.user.object``: object type of users within LDAP. Defaults value is" |
| " **user** for AD and **inetorgperson** for openldap." |
| msgstr "" |
| |
| #: ../../accounts.rst:295 |
| msgid "" |
| "``ldap.email.attribute``: email attribute within ldap for a user. Default" |
| " value for AD and openldap is **mail**." |
| msgstr "" |
| |
| #: ../../accounts.rst:298 |
| msgid "" |
| "``ldap.firstname.attribute``: firstname attribute within ldap for a user." |
| " Default value for AD and openldap is **givenname**." |
| msgstr "" |
| |
| #: ../../accounts.rst:301 |
| msgid "" |
| "``ldap.lastname.attribute``: lastname attribute within ldap for a user. " |
| "Default value for AD and openldap is **sn**." |
| msgstr "" |
| |
| #: ../../accounts.rst:304 |
| msgid "" |
| "``ldap.username.attribute``: username attribute for a user within LDAP. " |
| "Default value is **SAMAccountName** for AD and **uid** for openldap." |
| msgstr "" |
| |
| #: ../../accounts.rst:309 |
| msgid "Restricting LDAP users to a group:" |
| msgstr "" |
| |
| #: ../../accounts.rst:311 |
| msgid "" |
| "``ldap.search.group.principle``: this is optional and if set only users " |
| "from this group are listed." |
| msgstr "" |
| |
| #: ../../accounts.rst:316 |
| msgid "LDAP SSL:" |
| msgstr "" |
| |
| #: ../../accounts.rst:318 |
| msgid "" |
| "If the LDAP server requires SSL, you need to enable the below " |
| "configurations. Before enabling SSL for LDAP, you need to get the " |
| "certificate which the LDAP server is using and add it to a trusted " |
| "keystore. You will need to know the path to the keystore and the " |
| "password." |
| msgstr "" |
| |
| #: ../../accounts.rst:322 |
| msgid "``ldap.truststore`` : truststore path" |
| msgstr "" |
| |
| #: ../../accounts.rst:323 |
| msgid "``ldap.truststore.password`` : truststore password" |
| msgstr "" |
| |
| #: ../../accounts.rst:327 |
| msgid "LDAP groups:" |
| msgstr "" |
| |
| #: ../../accounts.rst:329 |
| msgid "" |
| "``ldap.group.object``: object type of groups within LDAP. Default value " |
| "is group for AD and **groupOfUniqueNames** for openldap." |
| msgstr "" |
| |
| #: ../../accounts.rst:332 |
| msgid "" |
| "``ldap.group.user.uniquemember``: attribute for uniquemembers within a " |
| "group. Default value is **member** for AD and **uniquemember** for " |
| "openldap." |
| msgstr "" |
| |
| #: ../../accounts.rst:335 |
| msgid "" |
| "Once configured, on Add Account page, you will see an \"Add LDAP " |
| "Account\" button which opens a dialog and the selected users can be " |
| "imported." |
| msgstr "" |
| |
| #: ../../accounts.rst:342 |
| msgid "" |
| "You could also use api commands: ``listLdapUsers``, ``ldapCreateAccount``" |
| " and ``importLdapUsers``." |
| msgstr "" |
| |
| #: ../../accounts.rst:345 |
| msgid "" |
| "Once LDAP is enabled, the users will not be allowed to changed password " |
| "directly in cloudstack." |
| msgstr "" |
| |
| #: ../../accounts.rst:353 |
| #, fuzzy |
| msgid "Using a SAML 2.0 Identity Provider for User Authentication" |
| msgstr "使用LDAP服务器用于用户验证" |
| |
| #: ../../accounts.rst:355 |
| msgid "" |
| "You can use a SAML 2.0 Identity Provider with CloudStack for user " |
| "authentication. This will require enabling the SAML 2.0 service provider " |
| "plugin in CloudStack. To do that first, enable the SAML plugin by setting" |
| " ``saml2.enabled`` to ``true`` and restart management server." |
| msgstr "" |
| |
| #: ../../accounts.rst:360 |
| msgid "" |
| "Starting 4.5.2, the SAML plugin uses an authorization workflow where " |
| "users should be authorized by an admin using ``authorizeSamlSso`` API " |
| "before those users can use Single Sign On against a specific IDP. This " |
| "can be done by ticking the enable SAML Single Sign On checkbox and " |
| "selecting a IDP when adding or importing users. For existing users, admin" |
| " can go to the user's page and click on configure SAML SSO option to " |
| "enable/disable SSO for a user and select a Identity Provider. A user can " |
| "be authorized to authenticate against only one IDP." |
| msgstr "" |
| |
| #: ../../accounts.rst:368 |
| msgid "" |
| "The CloudStack service provider metadata is accessible using the " |
| "``getSPMetadata`` API command, or from the URL http://acs-" |
| "server:8080/client/api?command=getSPMetadata where acs-server is the " |
| "domain name or IP address of the management server. The IDP administrator" |
| " can get the SP metadata from CloudStack and add it to their IDP server." |
| msgstr "" |
| |
| #: ../../accounts.rst:374 |
| msgid "" |
| "To start a SAML 2.0 Single Sign-On authentication, on the login page " |
| "users need to select the Identity Provider or Institution/Department they" |
| " can authenticate with and click on Login button. This action call the " |
| "``samlsso`` API command which will redirect the user to the Identity " |
| "Provider's login page. Upon successful authentication, the IdP will " |
| "redirect the user to CloudStack. In case a user has multiple user " |
| "accounts with the same username (across domains) for the same authorized " |
| "IDP, that user would need to specify domainpath after selecting their IDP" |
| " server from the dropdown list. By default, users don't need to specify " |
| "any domain path. After a user is successfully authenticated by an IDP " |
| "server, the SAML authentication plugin finds user accounts whose username" |
| " match the username attribute value returned by the SAML authentication " |
| "response; it fails only when it finds that there are multiple user " |
| "accounts with the same user name for the specific IDP otherwise the " |
| "unique useraccount is allowed to proceed and the user is logged into " |
| "their account." |
| msgstr "" |
| |
| #: ../../accounts.rst:389 |
| msgid "Limitations:" |
| msgstr "" |
| |
| #: ../../accounts.rst:391 |
| msgid "" |
| "The plugin uses a user attribute returned by the IDP server in the SAML " |
| "response to find and map the authorized user in CloudStack. The default " |
| "attribute is `uid`." |
| msgstr "" |
| |
| #: ../../accounts.rst:394 |
| msgid "" |
| "The SAML authentication plugin supports HTTP-Redirect and HTTP-Post " |
| "bindings." |
| msgstr "" |
| |
| #: ../../accounts.rst:396 |
| msgid "" |
| "Tested with Shibboleth 2.4, SSOCircle, Microsoft ADFS, OneLogin, Feide " |
| "OpenIDP, PingIdentity." |
| msgstr "" |
| |
| #: ../../accounts.rst:399 |
| msgid "The following global configuration should be configured:" |
| msgstr "" |
| |
| #: ../../accounts.rst:401 |
| msgid "" |
| "``saml2.enabled``: Indicates whether SAML SSO plugin is enabled or not " |
| "true. Default is **false**" |
| msgstr "" |
| |
| #: ../../accounts.rst:403 |
| msgid "``saml2.sp.id``: SAML2 Service Provider Identifier string" |
| msgstr "" |
| |
| #: ../../accounts.rst:405 |
| msgid "" |
| "``saml2.idp.metadata.url``: SAML2 Identity Provider Metadata XML Url or " |
| "Filename. If a URL is not provided, it will look for a file in the config" |
| " directory /etc/cloudstack/management" |
| msgstr "" |
| |
| #: ../../accounts.rst:407 |
| msgid "" |
| "``saml2.default.idpid``: The default IdP entity ID to use only in case of" |
| " multiple IdPs" |
| msgstr "" |
| |
| #: ../../accounts.rst:409 |
| msgid "" |
| "``saml2.sigalg``: The algorithm to use to when signing a SAML request. " |
| "Default is SHA1, allowed algorithms: SHA1, SHA256, SHA384, SHA512." |
| msgstr "" |
| |
| #: ../../accounts.rst:411 |
| msgid "" |
| "``saml2.redirect.url``: The CloudStack UI url the SSO should redirected " |
| "to when successful. Default is **http://localhost:8080/client**" |
| msgstr "" |
| |
| #: ../../accounts.rst:413 |
| msgid "``saml2.sp.org.name``: SAML2 Service Provider Organization Name" |
| msgstr "" |
| |
| #: ../../accounts.rst:415 |
| msgid "``saml2.sp.org.url``: SAML2 Service Provider Organization URL" |
| msgstr "" |
| |
| #: ../../accounts.rst:417 |
| msgid "``saml2.sp.contact.email``: SAML2 Service Provider Contact Email Address" |
| msgstr "" |
| |
| #: ../../accounts.rst:419 |
| msgid "``saml2.sp.contact.person``: SAML2 Service Provider Contact Person Name" |
| msgstr "" |
| |
| #: ../../accounts.rst:421 |
| msgid "``saml2.sp.slo.url``: SAML2 CloudStack Service Provider Single Log Out URL" |
| msgstr "" |
| |
| #: ../../accounts.rst:423 |
| msgid "``saml2.sp.sso.url``: SAML2 CloudStack Service Provider Single Sign On URL" |
| msgstr "" |
| |
| #: ../../accounts.rst:425 |
| msgid "" |
| "``saml2.user.attribute``: Attribute name to be looked for in SAML " |
| "response that will contain the username. Default is **uid**" |
| msgstr "" |
| |
| #: ../../accounts.rst:427 |
| msgid "" |
| "``saml2.timeout``: SAML2 IDP Metadata refresh interval in seconds, " |
| "minimum value is set to 300. Default is 1800" |
| msgstr "" |
| |
| # 4c358cdbd0ef4ea8bae9aa240f1b4e4a |
| #~ msgid "" |
| #~ "You can use an external LDAP " |
| #~ "server such as Microsoft Active " |
| #~ "Directory or ApacheDS to authenticate " |
| #~ "CloudStack end-users. Just map " |
| #~ "CloudStack accounts to the corresponding " |
| #~ "LDAP accounts using a query filter. " |
| #~ "The query filter is written using " |
| #~ "the query syntax of the particular " |
| #~ "LDAP server, and can include special " |
| #~ "wildcard characters provided by CloudStack " |
| #~ "for matching common values such as " |
| #~ "the user’s email address and name. " |
| #~ "CloudStack will search the external LDAP" |
| #~ " directory tree starting at a " |
| #~ "specified base directory and return the" |
| #~ " distinguished name (DN) and password " |
| #~ "of the matching user. This information" |
| #~ " along with the given password is " |
| #~ "used to authenticate the user.." |
| #~ msgstr "你可以使用一个外部LDAP服务器,例如微软活动目录或ApacheDS进行CloudStack的终端用户验证。仅仅使用查询过滤器映射CloudStack账户与对应的LDAP帐户。查询过滤器是使用查询语法写的特别的LDAP服务器,可以包括用CloudStack提供的特殊通配符匹配通用的像用户的电子邮件地址和名称这种值。CloudStack将在外部LDAP目录树中从一个指定的基目搜索录并返回专有名称(DN)和密码匹配用户。这个信息以及给定的密码是用于验证用户。。" |
| |
| # 14c749c7da61408588c8e8cdaa11796c |
| #~ msgid "" |
| #~ "To set up LDAP authentication in " |
| #~ "CloudStack, call the CloudStack API " |
| #~ "command ldapConfig and provide the " |
| #~ "following:" |
| #~ msgstr "在CloudStack中设置LDAP验证,调用CloudStack API指令ldapConfig,并提供如下:" |
| |
| # c4708aa56b75423080f17f84ec2a37a4 |
| #~ msgid "Hostname or IP address and listening port of the LDAP server" |
| #~ msgstr "LDAP服务器的主机名或IP地址和监听端口" |
| |
| # ff4d11fcc40f4d5c86ce032c3d6e6a76 |
| #~ msgid "Base directory and query filter" |
| #~ msgstr "基本目录和查询过滤器" |
| |
| # 0b5fce75930e49b19cf1d00062c78539 |
| #~ msgid "" |
| #~ "Search user DN credentials, which give" |
| #~ " CloudStack permission to search on " |
| #~ "the LDAP server" |
| #~ msgstr "搜索用户DN 凭证,这个凭证是授予CloudStack允许搜索LDAP服务器上的凭证" |
| |
| # c3d66516470141c3af861a4b24f45150 |
| #~ msgid "SSL keystore and password, if SSL is used" |
| #~ msgstr "SSL密钥库和密码,如果使用了SSL" |
| |
| # 6e565fd7b02d4a97b86b380e839f129f |
| #~ msgid "Example LDAP Configuration Commands" |
| #~ msgstr "LDAP配置命令示例" |
| |
| # ee72e29a6b33456684ebcbfd012c075a |
| #~ msgid "" |
| #~ "To understand the examples in this " |
| #~ "section, you need to know the " |
| #~ "basic concepts behind calling the " |
| #~ "CloudStack API, which are explained in" |
| #~ " the Developer’s Guide." |
| #~ msgstr "为了明白本章节的示例, 你需要知道调用CloudStack API的基本概念,这在开发者文档中有讲解。" |
| |
| # 065e58a0d0f74c8d84670251cf00c487 |
| #~ msgid "" |
| #~ "The following shows an example " |
| #~ "invocation of ldapConfig with an " |
| #~ "ApacheDS LDAP server" |
| #~ msgstr "以下展示了通过ApacheDS LDAP服务器调用 ldapConfig命令的示例" |
| |
| # 31d88144f8004adf8efd11cf7f9db7bd |
| #~ msgid "" |
| #~ "The command must be URL-encoded. " |
| #~ "Here is the same example without " |
| #~ "the URL encoding:" |
| #~ msgstr "命令调用的URL必须进行编码. 这里是一个没有进行URL编码的示例:" |
| |
| # 884cde7f5dbd499ba1c28ff09380c692 |
| #~ msgid "" |
| #~ "The following shows a similar command" |
| #~ " for Active Directory. Here, the " |
| #~ "search base is the testing group " |
| #~ "within a company, and the users " |
| #~ "are matched up based on email " |
| #~ "address." |
| #~ msgstr "以下展示了与活动目录类似的命令。这里,搜索是基于一个公司的测试组,用户是根据邮件地址进行查找。" |
| |
| # d2675a267aa34f4ea3fe2bba2300b61c |
| #~ msgid "" |
| #~ "The next few sections explain some " |
| #~ "of the concepts you will need to" |
| #~ " know when filling out the ldapConfig" |
| #~ " parameters." |
| #~ msgstr "接下来的几个章节解释了当填写ldapConfig参数时你需要知道的一些概念。" |
| |
| # befdce0cfd624549844139c917a82bb4 |
| #~ msgid "Search Base" |
| #~ msgstr "搜索基础目录" |
| |
| # 1522f19d5a2a4e35a8bedc5d147a1af1 |
| #~ msgid "" |
| #~ "An LDAP query is relative to a " |
| #~ "given node of the LDAP directory " |
| #~ "tree, called the search base. The " |
| #~ "search base is the distinguished name" |
| #~ " (DN) of a level of the " |
| #~ "directory tree below which all users " |
| #~ "can be found. The users can be " |
| #~ "in the immediate base directory or " |
| #~ "in some subdirectory. The search base" |
| #~ " may be equivalent to the " |
| #~ "organization, group, or domain name. The" |
| #~ " syntax for writing a DN varies " |
| #~ "depending on which LDAP server you " |
| #~ "are using. A full discussion of " |
| #~ "distinguished names is outside the scope" |
| #~ " of our documentation. The following " |
| #~ "table shows some examples of search " |
| #~ "bases to find users in the testing" |
| #~ " department.." |
| #~ msgstr "" |
| #~ "LDAP查询与一个LDAP目录树中的节点有关,称之为做搜索基础目录。搜索基础目录是目录库中的一级的distinguished " |
| #~ "name(DN),在这里能找到所有用户。用户可以直属于根目录或者一些子目录。搜索基础目录可能是组织、组或者域用户名。用于写DN变量的语法取决于你所使用的LDAP服务。再深入全面的讨论distinguished" |
| #~ " names超出了我们文档的范围。以下表格中展示了一些在搜索基础目录中查找测试部门中用户的示例。" |
| |
| # 3649e87915d24059beec30463e0abd10 |
| # eb0f32160dd24b21991c2f454df60742 |
| #~ msgid "LDAP Server" |
| #~ msgstr "LDAP服务器" |
| |
| # d8fb5f498afb4ee1aa6669b39f1e34be |
| #~ msgid "Example Search Base DN" |
| #~ msgstr "搜索基本DN示例" |
| |
| # 2e421fc0d49d4a819b31999dc3cae2e0 |
| # a0327a00878d45dab6dc0bc777814674 |
| #~ msgid "ApacheDS" |
| #~ msgstr "ApacheDS" |
| |
| # 6c854d5e6cdd4e3aadda7dd9be769a53 |
| #~ msgid "OU=testing, O=project" |
| #~ msgstr "OU=testing, O=project" |
| |
| # a1fbaf989c584a248386911c51fd2fba |
| # c776e850eb3e4d64b262a32a9d302bfb |
| #~ msgid "Active Directory" |
| #~ msgstr "Active Directory" |
| |
| # 5d0095ff2d7044e7b60bc1754210dd3c |
| #~ msgid "OU=testing, DC=company" |
| #~ msgstr "OU=testing, DC=company" |
| |
| # 8309dae488944f0aae3e84a8e1a97ac3 |
| #~ msgid "Query Filter" |
| #~ msgstr "查询过滤" |
| |
| # c523dbbf5dd94c62a2e3927a8f3123dc |
| #~ msgid "" |
| #~ "The query filter is used to find" |
| #~ " a mapped user in the external " |
| #~ "LDAP server. The query filter should " |
| #~ "uniquely map the CloudStack user to " |
| #~ "LDAP user for a meaningful " |
| #~ "authentication. For more information about " |
| #~ "query filter syntax, consult the " |
| #~ "documentation for your LDAP server." |
| #~ msgstr "查询过滤器用于在外部LDAP服务器中查找一个映射的用户。为实现有效认证,查询过滤器应该将CloudStack的用户唯一映射到LDAP用户。关于查询过滤器的语法,请参考您使用的LDAP服务器文档。" |
| |
| # f4f9c13ceefa4163962bd3cfab257852 |
| #~ msgid "The CloudStack query filter wildcards are:" |
| #~ msgstr "CloudStack查询过滤的通配符有:" |
| |
| # bab683973b9045339c8df3488bc5dd1c |
| #~ msgid "Query Filter Wildcard" |
| #~ msgstr "查询过滤通配符" |
| |
| # a94af335cc864d9a962f1fb9b7b5f72c |
| #~ msgid "Description" |
| #~ msgstr "描述" |
| |
| # 334393ba6786415e91a2ed1a22d26adb |
| #~ msgid "%u" |
| #~ msgstr "%u" |
| |
| # 151cd28e952d4ff98ff9d1544698ccb8 |
| #~ msgid "User name" |
| #~ msgstr "用户名" |
| |
| # f1f86cbcf39e412fb298da7653a123d3 |
| #~ msgid "%e" |
| #~ msgstr "%e" |
| |
| # fdf52531788c41fabb814f45f07b178a |
| #~ msgid "Email address" |
| #~ msgstr "邮件地址" |
| |
| # 6e5b529e3da248ee85f1e20f81bd8e1c |
| #~ msgid "%n" |
| #~ msgstr "%n" |
| |
| # 4704eb3b3e494ad3bc2105d98a3c84a9 |
| #~ msgid "First and last name" |
| #~ msgstr "姓名" |
| |
| # 51612c6475e246f7b7d8a156605a2323 |
| #~ msgid "" |
| #~ "The following examples assume you are" |
| #~ " using Active Directory, and refer to" |
| #~ " user attributes from the Active " |
| #~ "Directory schema." |
| #~ msgstr "下面的示例假设你使用活动目录, 并从活动目录架构中获得用户属性." |
| |
| # d853815e3f894dcdbb92be883305dc5b |
| #~ msgid "If the CloudStack user name is the same as the LDAP user ID:" |
| #~ msgstr "如果 CloudStack 的用户名与LDAP中的用户ID一致:" |
| |
| # d0bb623240d0410eb8d70ed22ba5a2f8 |
| #~ msgid "If the CloudStack user name is the LDAP display name:" |
| #~ msgstr "如果CloudStack的用户名是LDAP中的显示名字:" |
| |
| # 0a96c3c2516946c1b4260fd4d4d6ffb7 |
| #~ msgid "To find a user by email address:" |
| #~ msgstr "使用邮件地址查找用户:" |
| |
| # 5b63c901fb5a4d208df8e362234d1cba |
| #~ msgid "Search User Bind DN" |
| #~ msgstr "搜索用户绑定的DN" |
| |
| # 92769f4cb5be444cab0bcb685ebe1cc4 |
| #~ msgid "" |
| #~ "The bind DN is the user on " |
| #~ "the external LDAP server permitted to" |
| #~ " search the LDAP directory within the" |
| #~ " defined search base. When the DN " |
| #~ "is returned, the DN and passed " |
| #~ "password are used to authenticate the" |
| #~ " CloudStack user with an LDAP bind." |
| #~ " A full discussion of bind DNs " |
| #~ "is outside the scope of our " |
| #~ "documentation. The following table shows " |
| #~ "some examples of bind DNs." |
| #~ msgstr "" |
| #~ "bind " |
| #~ "DN是位于外部被允许在定义的搜索基础目录中搜索LDAP目录的LDAP服务器上的用户。当DN返回值的时候,DN和通过的密码就与LDAPbind一起被用于验证CloudStack" |
| #~ " 用户。再深入完全的讨论bind DNs超出了文档的范围。下面的表格展示了一些bind DNs的实例。" |
| |
| # 7fcc45a0be9241b09a01d2287541d652 |
| #~ msgid "Example Bind DN" |
| #~ msgstr "绑定DN示例" |
| |
| # b4c0b2f84be54e32820cac392b6c9c75 |
| #~ msgid "CN=Administrator,DC=testing,OU=project,OU=org" |
| #~ msgstr "CN=Administrator,DC=testing,OU=project,OU=org" |
| |
| # 46e145ddbc9f47e08b21fa2631ed9fa7 |
| #~ msgid "CN=Administrator, OU=testing, DC=company, DC=com" |
| #~ msgstr "CN=Administrator, OU=testing, DC=company, DC=com" |
| |
| # cbaaf7054abf480eb88b336ba62a097b |
| #~ msgid "SSL Keystore Path and Password" |
| #~ msgstr "SSL 密钥库路径和密码" |
| |
| # 8a6a84c57cc144edb9a20e63c71ddedc |
| #~ msgid "" |
| #~ "If the LDAP server requires SSL, " |
| #~ "you need to enable it in the " |
| #~ "ldapConfig command by setting the " |
| #~ "parameters ssl, truststore, and " |
| #~ "truststorepass. Before enabling SSL for " |
| #~ "ldapConfig, you need to get the " |
| #~ "certificate which the LDAP server is " |
| #~ "using and add it to a trusted " |
| #~ "keystore. You will need to know " |
| #~ "the path to the keystore and the" |
| #~ " password." |
| #~ msgstr "" |
| #~ "如果LDAP 服务器要求SSL, 你需要在ldapConfig命令中通过设置参数ssl, " |
| #~ "truststore和truststorepass使其生效。在使SSL 对ldapConfig " |
| #~ "生效之前,你需要得到LDAP服务器在使用的证书并把它加到被信任的密钥库中。你将需要知道到密钥库和密码的路径。" |
| |