source/locale/pot/accounts.pot - cloudstack-docs-admin - Git at Google

 # SOME DESCRIPTIVE TITLE.
 # Copyright (C)
 # This file is distributed under the same license as the Apache CloudStack Administration Documentation package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: Apache CloudStack Administration Documentation 4\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2014-03-31 14:08-0400\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

 #: ../../accounts.rst:18
 # 90951daa147540dab10f9d0c78d8c73b
 msgid "Managing Accounts, Users and Domains"
 msgstr ""

 #: ../../accounts.rst:21
 # 661635f04f94452db5ca9e4dd563cef7
 msgid "Accounts, Users, and Domains"
 msgstr ""

 #: ../../accounts.rst:24
 # a7494e04f72d469a86f3c67e958ed65f
 msgid "Accounts"
 msgstr ""

 #: ../../accounts.rst:26
 # 457dea8dff534d9aa75e2270c1e1ac6d
 msgid "An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account."
 msgstr ""

 #: ../../accounts.rst:31
 # b45cd9ee7d3e478cbb3c129943ce53d5
 msgid "Domains"
 msgstr ""

 #: ../../accounts.rst:33
 # 10ebf41c7dbf4e65b1be24934d043965
 msgid "Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller."
 msgstr ""

 #: ../../accounts.rst:39
 # 403c3bff584f41c6b9ee1d4ba5bc6241
 msgid "For each account created, the Cloud installation creates three different types of user accounts: root administrator, domain administrator, and user."
 msgstr ""

 #: ../../accounts.rst:44
 # 65e0965c3efe4beb825b48109a593375
 msgid "Users"
 msgstr ""

 #: ../../accounts.rst:46
 # 34892ebe1c424238b2d30be07cfbef77
 msgid "Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. The same user cannot belong to multiple accounts."
 msgstr ""

 #: ../../accounts.rst:52
 # 31c0da272edb4413bba06570446855e5
 msgid "Username is unique in a domain across accounts in that domain. The same username can exist in other domains, including sub-domains. Domain name can repeat only if the full pathname from root is unique. For example, you can create root/d1, as well as root/foo/d1, and root/sales/d1."
 msgstr ""

 #: ../../accounts.rst:57
 # 1754108df51d4b9aa2bfcab98e1b9bf0
 msgid "Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system."
 msgstr ""

 #: ../../accounts.rst:63
 # 12ec03346ad2491195e691d8d6e3139b
 msgid "Domain Administrators"
 msgstr ""

 #: ../../accounts.rst:65
 # 14a1bb86d2624ad3b4c82731fa8dd170
 msgid "Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains."
 msgstr ""

 #: ../../accounts.rst:70
 # 39f193590cb5492691994021f7591f2e
 msgid "Root Administrator"
 msgstr ""

 #: ../../accounts.rst:72
 # 97d51f9ba69843b5af3c3770b5e6a41d
 msgid "Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains"
 msgstr ""

 #: ../../accounts.rst:77
 # 0231216736c74923a934181f66c7be6d
 msgid "Resource Ownership"
 msgstr ""

 #: ../../accounts.rst:79
 # 72eb8676abfd416cb9bbb177a3de84f6
 msgid "Resources belong to the account, not individual users in that account. For example, billing, resource limits, and so on are maintained by the account, not the users. A user can operate on any resource in the account provided the user has privileges for that operation. The privileges are determined by the role. A root administrator can change the ownership of any virtual machine from one account to any other account by using the assignVirtualMachine API. A domain or sub-domain administrator can do the same for VMs within the domain from one account to any other account in the domain or any of its sub-domains."
 msgstr ""

 #: ../../accounts.rst:90
 # ff5d0b1e1c574c599f7af2c724e6fed1
 msgid "Dedicating Resources to Accounts and Domains"
 msgstr ""

 #: ../../accounts.rst:92
 # 0a4bdfeefcbc4e6b90e29d85882276e5
 msgid "The root administrator can dedicate resources to a specific domain or account that needs private infrastructure for additional security or performance guarantees. A zone, pod, cluster, or host can be reserved by the root administrator for a specific domain or account. Only users in that domain or its subdomain may use the infrastructure. For example, only users in a given domain can create guests in a zone dedicated to that domain."
 msgstr ""

 #: ../../accounts.rst:100
 # d6b26e49ebc04db7bc3a577de66cada3
 msgid "There are several types of dedication available:"
 msgstr ""

 #: ../../accounts.rst:104
 # dac518c9d097412c8fc411ea7ed6a9e7
 msgid "Explicit dedication. A zone, pod, cluster, or host is dedicated to an account or domain by the root administrator during initial deployment and configuration."
 msgstr ""

 #: ../../accounts.rst:110
 # 574012d1f1984a9a8d7a720f9ea1c4d6
 msgid "Strict implicit dedication. A host will not be shared across multiple accounts. For example, strict implicit dedication is useful for deployment of certain types of applications, such as desktops, where no host can be shared between different accounts without violating the desktop software's terms of license."
 msgstr ""

 #: ../../accounts.rst:118
 # a5988bb1ccf4413394ead18a5bf8d2b4
 msgid "Preferred implicit dedication. The VM will be deployed in dedicated infrastructure if possible. Otherwise, the VM can be deployed in shared infrastructure."
 msgstr ""

 #: ../../accounts.rst:123
 # 599bcac969ab4007b46f4a44e3aab507
 msgid "How to Dedicate a Zone, Cluster, Pod, or Host to an Account or Domain"
 msgstr ""

 #: ../../accounts.rst:125
 # 235f58f9b9bd48eab66c66dc94d93e40
 msgid "For explicit dedication: When deploying a new zone, pod, cluster, or host, the root administrator can click the Dedicated checkbox, then choose a domain or account to own the resource."
 msgstr ""

 #: ../../accounts.rst:129
 # 99189fbc5d704126a534a43918bd1cc9
 msgid "To explicitly dedicate an existing zone, pod, cluster, or host: log in as the root admin, find the resource in the UI, and click the Dedicate button. |button to dedicate a zone, pod,cluster, or host|"
 msgstr ""

 #: ../../accounts.rst:133
 # e7ebf6fbd7d048bf822061139e2b5a4c
 msgid "For implicit dedication: The administrator creates a compute service offering and in the Deployment Planner field, chooses ImplicitDedicationPlanner. Then in Planner Mode, the administrator specifies either Strict or Preferred, depending on whether it is permissible to allow some use of shared resources when dedicated resources are not available. Whenever a user creates a VM based on this service offering, it is allocated on one of the dedicated hosts."
 msgstr ""

 #: ../../accounts.rst:142
 # 57e1c25d97df4d22b88b35dc599e45f7
 msgid "How to Use Dedicated Hosts"
 msgstr ""

 #: ../../accounts.rst:144
 # b227acf3ae06498d99b21119713e2238
 msgid "To use an explicitly dedicated host, use the explicit-dedicated type of affinity group (see `“Affinity Groups” <virtual_machines.html#affinity-groups>`_). For example, when creating a new VM, an end user can choose to place it on dedicated infrastructure. This operation will succeed only if some infrastructure has already been assigned as dedicated to the user's account or domain."
 msgstr ""

 #: ../../accounts.rst:152
 # f9c5cb26d6904347ad48d4ceba1481a6
 msgid "Behavior of Dedicated Hosts, Clusters, Pods, and Zones"
 msgstr ""

 #: ../../accounts.rst:154
 # 05b28e9607634f78abda79633a1403cf
 msgid "The administrator can live migrate VMs away from dedicated hosts if desired, whether the destination is a host reserved for a different account/domain or a host that is shared (not dedicated to any particular account or domain). CloudStack will generate an alert, but the operation is allowed."
 msgstr ""

 #: ../../accounts.rst:160
 # ce25fc9a198a4cbeaabd2e2405325e9c
 msgid "Dedicated hosts can be used in conjunction with host tags. If both a host tag and dedication are requested, the VM will be placed only on a host that meets both requirements. If there is no dedicated resource available to that user that also has the host tag requested by the user, then the VM will not deploy."
 msgstr ""

 #: ../../accounts.rst:166
 # aeb33b23037c45be909c3768cc8966b6
 msgid "If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it are freed up. They will now be available to be shared by any account or domain, or the administrator may choose to re-dedicate them to a different account or domain."
 msgstr ""

 #: ../../accounts.rst:171
 # 1ce4e0516a79477a817eb0619fbfb51e
 msgid "System VMs and virtual routers affect the behavior of host dedication. System VMs and virtual routers are owned by the CloudStack system account, and they can be deployed on any host. They do not adhere to explicit dedication. The presence of system vms and virtual routers on a host makes it unsuitable for strict implicit dedication. The host can not be used for strict implicit dedication, because the host already has VMs of a specific account (the default system account). However, a host with system VMs or virtual routers can be used for preferred implicit dedication."
 msgstr ""

 #: ../../accounts.rst:182
 # ad8c17e1de7c4cb4af2c8b55ee0a851c
 msgid "Using an LDAP Server for User Authentication"
 msgstr ""

 #: ../../accounts.rst:184
 # d3eb07c14a05493ba2ff39ea53010821
 msgid "You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudStack end-users. Just map CloudStack accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudStack for matching common values such as the user’s email address and name. CloudStack will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user.."
 msgstr ""

 #: ../../accounts.rst:195
 # efbc795d47b644b592c065f9221a5ecc
 msgid "To set up LDAP authentication in CloudStack, call the CloudStack API command ldapConfig and provide the following:"
 msgstr ""

 #: ../../accounts.rst:200
 # 7826c9574e864a3fa3927d2452d6f247
 msgid "Hostname or IP address and listening port of the LDAP server"
 msgstr ""

 #: ../../accounts.rst:204
 # 70b92e095a0749628ec280152921d951
 msgid "Base directory and query filter"
 msgstr ""

 #: ../../accounts.rst:208
 # 4fe250c5d3ac44ab883b8c10af24f1fe
 msgid "Search user DN credentials, which give CloudStack permission to search on the LDAP server"
 msgstr ""

 #: ../../accounts.rst:213
 # 2ceaa9828892484ebd391520d745991d
 msgid "SSL keystore and password, if SSL is used"
 msgstr ""

 #: ../../accounts.rst:216
 # 26d8fb1d67a74f8387452da5b3cce675
 msgid "Example LDAP Configuration Commands"
 msgstr ""

 #: ../../accounts.rst:218
 # 1c19000335be4f7ebdab1d79a7c4658c
 msgid "To understand the examples in this section, you need to know the basic concepts behind calling the CloudStack API, which are explained in the Developer’s Guide."
 msgstr ""

 #: ../../accounts.rst:222
 # d7aafed8ded6431d8129d3bbe41769aa
 msgid "The following shows an example invocation of ldapConfig with an ApacheDS LDAP server"
 msgstr ""

 #: ../../accounts.rst:229
 # 7214405299e94877a1c09f6c6287ee10
 msgid "The command must be URL-encoded. Here is the same example without the URL encoding:"
 msgstr ""

 #: ../../accounts.rst:247
 # 74c45748c7614774911829b534605cc1
 msgid "The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address."
 msgstr ""

 #: ../../accounts.rst:255
 # e42d0dbce6674c9ba00d73998fb30e71
 msgid "The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters."
 msgstr ""

 #: ../../accounts.rst:259
 # a47324fc43df41cdbcae97f676f2536f
 msgid "Search Base"
 msgstr ""

 #: ../../accounts.rst:261
 # f44d14b0d741402087e0cc706bbb068e
 msgid "An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found. The users can be in the immediate base directory or in some subdirectory. The search base may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department.."
 msgstr ""

 #: ../../accounts.rst:272
 #: ../../accounts.rst:328
 # c824c6d3616243eaa848cc45808ec373
 # 46c8c55831674fd3a12caa7352108fa4
 msgid "LDAP Server"
 msgstr ""

 #: ../../accounts.rst:272
 # bf34c451c0994186b556742324006c30
 msgid "Example Search Base DN"
 msgstr ""

 #: ../../accounts.rst:274
 #: ../../accounts.rst:330
 # c6940ea324fb4c99895c4d2152bfd32e
 # 359bafef7f4044e380b30643767ad285
 msgid "ApacheDS"
 msgstr ""

 #: ../../accounts.rst:274
 # 2253d38b2ae84eeab805635117cf368c
 msgid "OU=testing, O=project"
 msgstr ""

 #: ../../accounts.rst:275
 #: ../../accounts.rst:331
 # ddf11f35901948058a34dff9cbca8c3d
 # 6d6eab10b7674a65aedf6c1f41312bf8
 msgid "Active Directory"
 msgstr ""

 #: ../../accounts.rst:275
 # 0fdc037b3c2746e0b455bd0594bf0bee
 msgid "OU=testing, DC=company"
 msgstr ""

 #: ../../accounts.rst:279
 # 03d46aff89114039bebeeea32fbcda86
 msgid "Query Filter"
 msgstr ""

 #: ../../accounts.rst:281
 # 93b867a441bc4cddad5a72d6b9e51abf
 msgid "The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the CloudStack user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server."
 msgstr ""

 #: ../../accounts.rst:286
 # 94920970089b494395b1e5410ad30bb1
 msgid "The CloudStack query filter wildcards are:"
 msgstr ""

 #: ../../accounts.rst:289
 # f7c82cdd777a4284b5adc6a920065f32
 msgid "Query Filter Wildcard"
 msgstr ""

 #: ../../accounts.rst:289
 # 2e1c45a30d2648c6878074583a6a4c7b
 msgid "Description"
 msgstr ""

 #: ../../accounts.rst:291
 # b636b6a26b4942d390e3083bb99636ec
 msgid "%u"
 msgstr ""

 #: ../../accounts.rst:291
 # b85fa10a6f7c473f9579fbee87abc7dc
 msgid "User name"
 msgstr ""

 #: ../../accounts.rst:292
 # aaca04ef47ce4a6d957d7f999021beec
 msgid "%e"
 msgstr ""

 #: ../../accounts.rst:292
 # 04104fb07bb94de38b10667d6fdadf04
 msgid "Email address"
 msgstr ""

 #: ../../accounts.rst:293
 # ae0690d61f774148a22980a6ed2d4c98
 msgid "%n"
 msgstr ""

 #: ../../accounts.rst:293
 # 5c8df2d1e58b4c88b7f6f76691f54e32
 msgid "First and last name"
 msgstr ""

 #: ../../accounts.rst:296
 # fb24e5d77b0b4a369c988a18859c27b5
 msgid "The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema."
 msgstr ""

 #: ../../accounts.rst:299
 # 53d9ff57793f490ea016d5c0dd2235e1
 msgid "If the CloudStack user name is the same as the LDAP user ID:"
 msgstr ""

 #: ../../accounts.rst:305
 # fe9b3901fa4c442dbba0966d900dc335
 msgid "If the CloudStack user name is the LDAP display name:"
 msgstr ""

 #: ../../accounts.rst:311
 # 67bfee8945324987bfa2debd1cbd0f29
 msgid "To find a user by email address:"
 msgstr ""

 #: ../../accounts.rst:318
 # 0a2a4f3d28a447ccafdcade93acec26e
 msgid "Search User Bind DN"
 msgstr ""

 #: ../../accounts.rst:320
 # 9d07ca9ffe4d45e1a14848570aad2f64
 msgid "The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudStack user with an LDAP bind. A full discussion of bind DNs is outside the scope of our documentation. The following table shows some examples of bind DNs."
 msgstr ""

 #: ../../accounts.rst:328
 # 3b0b6b5b036945e6bb5442cb94a46fcd
 msgid "Example Bind DN"
 msgstr ""

 #: ../../accounts.rst:330
 # 1cd4f20b644c4fd68eb8a37ef35f7b47
 msgid "CN=Administrator,DC=testing,OU=project,OU=org"
 msgstr ""

 #: ../../accounts.rst:331
 # 2e60a99cfddd494c9de480a48304dfe3
 msgid "CN=Administrator, OU=testing, DC=company, DC=com"
 msgstr ""

 #: ../../accounts.rst:336
 # 16cd1707b0594271ae8a6ae3884ec80e
 msgid "SSL Keystore Path and Password"
 msgstr ""

 #: ../../accounts.rst:338
 # 074f3d04369241be9e56096bb7dded79
 msgid "If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password."
 msgstr ""
	# SOME DESCRIPTIVE TITLE.
	# Copyright (C)
	# This file is distributed under the same license as the Apache CloudStack Administration Documentation package.
	# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
	#
	#, fuzzy
	msgid ""
	msgstr ""
	"Project-Id-Version: Apache CloudStack Administration Documentation 4\n"
	"Report-Msgid-Bugs-To: \n"
	"POT-Creation-Date: 2014-03-31 14:08-0400\n"
	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
	"Language-Team: LANGUAGE <LL@li.org>\n"
	"MIME-Version: 1.0\n"
	"Content-Type: text/plain; charset=UTF-8\n"
	"Content-Transfer-Encoding: 8bit\n"

	#: ../../accounts.rst:18
	# 90951daa147540dab10f9d0c78d8c73b
	msgid "Managing Accounts, Users and Domains"
	msgstr ""

	#: ../../accounts.rst:21
	# 661635f04f94452db5ca9e4dd563cef7
	msgid "Accounts, Users, and Domains"
	msgstr ""

	#: ../../accounts.rst:24
	# a7494e04f72d469a86f3c67e958ed65f
	msgid "Accounts"
	msgstr ""

	#: ../../accounts.rst:26
	# 457dea8dff534d9aa75e2270c1e1ac6d
	msgid "An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account."
	msgstr ""

	#: ../../accounts.rst:31
	# b45cd9ee7d3e478cbb3c129943ce53d5
	msgid "Domains"
	msgstr ""

	#: ../../accounts.rst:33
	# 10ebf41c7dbf4e65b1be24934d043965
	msgid "Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller."
	msgstr ""

	#: ../../accounts.rst:39
	# 403c3bff584f41c6b9ee1d4ba5bc6241
	msgid "For each account created, the Cloud installation creates three different types of user accounts: root administrator, domain administrator, and user."
	msgstr ""

	#: ../../accounts.rst:44
	# 65e0965c3efe4beb825b48109a593375
	msgid "Users"
	msgstr ""

	#: ../../accounts.rst:46
	# 34892ebe1c424238b2d30be07cfbef77
	msgid "Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. The same user cannot belong to multiple accounts."
	msgstr ""

	#: ../../accounts.rst:52
	# 31c0da272edb4413bba06570446855e5
	msgid "Username is unique in a domain across accounts in that domain. The same username can exist in other domains, including sub-domains. Domain name can repeat only if the full pathname from root is unique. For example, you can create root/d1, as well as root/foo/d1, and root/sales/d1."
	msgstr ""

	#: ../../accounts.rst:57
	# 1754108df51d4b9aa2bfcab98e1b9bf0
	msgid "Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system."
	msgstr ""

	#: ../../accounts.rst:63
	# 12ec03346ad2491195e691d8d6e3139b
	msgid "Domain Administrators"
	msgstr ""

	#: ../../accounts.rst:65
	# 14a1bb86d2624ad3b4c82731fa8dd170
	msgid "Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains."
	msgstr ""

	#: ../../accounts.rst:70
	# 39f193590cb5492691994021f7591f2e
	msgid "Root Administrator"
	msgstr ""

	#: ../../accounts.rst:72
	# 97d51f9ba69843b5af3c3770b5e6a41d
	msgid "Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains"
	msgstr ""

	#: ../../accounts.rst:77
	# 0231216736c74923a934181f66c7be6d
	msgid "Resource Ownership"
	msgstr ""

	#: ../../accounts.rst:79
	# 72eb8676abfd416cb9bbb177a3de84f6
	msgid "Resources belong to the account, not individual users in that account. For example, billing, resource limits, and so on are maintained by the account, not the users. A user can operate on any resource in the account provided the user has privileges for that operation. The privileges are determined by the role. A root administrator can change the ownership of any virtual machine from one account to any other account by using the assignVirtualMachine API. A domain or sub-domain administrator can do the same for VMs within the domain from one account to any other account in the domain or any of its sub-domains."
	msgstr ""

	#: ../../accounts.rst:90
	# ff5d0b1e1c574c599f7af2c724e6fed1
	msgid "Dedicating Resources to Accounts and Domains"
	msgstr ""

	#: ../../accounts.rst:92
	# 0a4bdfeefcbc4e6b90e29d85882276e5
	msgid "The root administrator can dedicate resources to a specific domain or account that needs private infrastructure for additional security or performance guarantees. A zone, pod, cluster, or host can be reserved by the root administrator for a specific domain or account. Only users in that domain or its subdomain may use the infrastructure. For example, only users in a given domain can create guests in a zone dedicated to that domain."
	msgstr ""

	#: ../../accounts.rst:100
	# d6b26e49ebc04db7bc3a577de66cada3
	msgid "There are several types of dedication available:"
	msgstr ""

	#: ../../accounts.rst:104
	# dac518c9d097412c8fc411ea7ed6a9e7
	msgid "Explicit dedication. A zone, pod, cluster, or host is dedicated to an account or domain by the root administrator during initial deployment and configuration."
	msgstr ""

	#: ../../accounts.rst:110
	# 574012d1f1984a9a8d7a720f9ea1c4d6
	msgid "Strict implicit dedication. A host will not be shared across multiple accounts. For example, strict implicit dedication is useful for deployment of certain types of applications, such as desktops, where no host can be shared between different accounts without violating the desktop software's terms of license."
	msgstr ""

	#: ../../accounts.rst:118
	# a5988bb1ccf4413394ead18a5bf8d2b4
	msgid "Preferred implicit dedication. The VM will be deployed in dedicated infrastructure if possible. Otherwise, the VM can be deployed in shared infrastructure."
	msgstr ""

	#: ../../accounts.rst:123
	# 599bcac969ab4007b46f4a44e3aab507
	msgid "How to Dedicate a Zone, Cluster, Pod, or Host to an Account or Domain"
	msgstr ""

	#: ../../accounts.rst:125
	# 235f58f9b9bd48eab66c66dc94d93e40
	msgid "For explicit dedication: When deploying a new zone, pod, cluster, or host, the root administrator can click the Dedicated checkbox, then choose a domain or account to own the resource."
	msgstr ""

	#: ../../accounts.rst:129
	# 99189fbc5d704126a534a43918bd1cc9
	msgid "To explicitly dedicate an existing zone, pod, cluster, or host: log in as the root admin, find the resource in the UI, and click the Dedicate button. \|button to dedicate a zone, pod,cluster, or host\|"
	msgstr ""

	#: ../../accounts.rst:133
	# e7ebf6fbd7d048bf822061139e2b5a4c
	msgid "For implicit dedication: The administrator creates a compute service offering and in the Deployment Planner field, chooses ImplicitDedicationPlanner. Then in Planner Mode, the administrator specifies either Strict or Preferred, depending on whether it is permissible to allow some use of shared resources when dedicated resources are not available. Whenever a user creates a VM based on this service offering, it is allocated on one of the dedicated hosts."
	msgstr ""

	#: ../../accounts.rst:142
	# 57e1c25d97df4d22b88b35dc599e45f7
	msgid "How to Use Dedicated Hosts"
	msgstr ""

	#: ../../accounts.rst:144
	# b227acf3ae06498d99b21119713e2238
	msgid "To use an explicitly dedicated host, use the explicit-dedicated type of affinity group (see `“Affinity Groups” <virtual_machines.html#affinity-groups>`_). For example, when creating a new VM, an end user can choose to place it on dedicated infrastructure. This operation will succeed only if some infrastructure has already been assigned as dedicated to the user's account or domain."
	msgstr ""

	#: ../../accounts.rst:152
	# f9c5cb26d6904347ad48d4ceba1481a6
	msgid "Behavior of Dedicated Hosts, Clusters, Pods, and Zones"
	msgstr ""

	#: ../../accounts.rst:154
	# 05b28e9607634f78abda79633a1403cf
	msgid "The administrator can live migrate VMs away from dedicated hosts if desired, whether the destination is a host reserved for a different account/domain or a host that is shared (not dedicated to any particular account or domain). CloudStack will generate an alert, but the operation is allowed."
	msgstr ""

	#: ../../accounts.rst:160
	# ce25fc9a198a4cbeaabd2e2405325e9c
	msgid "Dedicated hosts can be used in conjunction with host tags. If both a host tag and dedication are requested, the VM will be placed only on a host that meets both requirements. If there is no dedicated resource available to that user that also has the host tag requested by the user, then the VM will not deploy."
	msgstr ""

	#: ../../accounts.rst:166
	# aeb33b23037c45be909c3768cc8966b6
	msgid "If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it are freed up. They will now be available to be shared by any account or domain, or the administrator may choose to re-dedicate them to a different account or domain."
	msgstr ""

	#: ../../accounts.rst:171
	# 1ce4e0516a79477a817eb0619fbfb51e
	msgid "System VMs and virtual routers affect the behavior of host dedication. System VMs and virtual routers are owned by the CloudStack system account, and they can be deployed on any host. They do not adhere to explicit dedication. The presence of system vms and virtual routers on a host makes it unsuitable for strict implicit dedication. The host can not be used for strict implicit dedication, because the host already has VMs of a specific account (the default system account). However, a host with system VMs or virtual routers can be used for preferred implicit dedication."
	msgstr ""

	#: ../../accounts.rst:182
	# ad8c17e1de7c4cb4af2c8b55ee0a851c
	msgid "Using an LDAP Server for User Authentication"
	msgstr ""

	#: ../../accounts.rst:184
	# d3eb07c14a05493ba2ff39ea53010821
	msgid "You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudStack end-users. Just map CloudStack accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudStack for matching common values such as the user’s email address and name. CloudStack will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user.."
	msgstr ""

	#: ../../accounts.rst:195
	# efbc795d47b644b592c065f9221a5ecc
	msgid "To set up LDAP authentication in CloudStack, call the CloudStack API command ldapConfig and provide the following:"
	msgstr ""

	#: ../../accounts.rst:200
	# 7826c9574e864a3fa3927d2452d6f247
	msgid "Hostname or IP address and listening port of the LDAP server"
	msgstr ""

	#: ../../accounts.rst:204
	# 70b92e095a0749628ec280152921d951
	msgid "Base directory and query filter"
	msgstr ""

	#: ../../accounts.rst:208
	# 4fe250c5d3ac44ab883b8c10af24f1fe
	msgid "Search user DN credentials, which give CloudStack permission to search on the LDAP server"
	msgstr ""

	#: ../../accounts.rst:213
	# 2ceaa9828892484ebd391520d745991d
	msgid "SSL keystore and password, if SSL is used"
	msgstr ""

	#: ../../accounts.rst:216
	# 26d8fb1d67a74f8387452da5b3cce675
	msgid "Example LDAP Configuration Commands"
	msgstr ""

	#: ../../accounts.rst:218
	# 1c19000335be4f7ebdab1d79a7c4658c
	msgid "To understand the examples in this section, you need to know the basic concepts behind calling the CloudStack API, which are explained in the Developer’s Guide."
	msgstr ""

	#: ../../accounts.rst:222
	# d7aafed8ded6431d8129d3bbe41769aa
	msgid "The following shows an example invocation of ldapConfig with an ApacheDS LDAP server"
	msgstr ""

	#: ../../accounts.rst:229
	# 7214405299e94877a1c09f6c6287ee10
	msgid "The command must be URL-encoded. Here is the same example without the URL encoding:"
	msgstr ""

	#: ../../accounts.rst:247
	# 74c45748c7614774911829b534605cc1
	msgid "The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address."
	msgstr ""

	#: ../../accounts.rst:255
	# e42d0dbce6674c9ba00d73998fb30e71
	msgid "The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters."
	msgstr ""

	#: ../../accounts.rst:259
	# a47324fc43df41cdbcae97f676f2536f
	msgid "Search Base"
	msgstr ""

	#: ../../accounts.rst:261
	# f44d14b0d741402087e0cc706bbb068e
	msgid "An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found. The users can be in the immediate base directory or in some subdirectory. The search base may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department.."
	msgstr ""

	#: ../../accounts.rst:272
	#: ../../accounts.rst:328
	# c824c6d3616243eaa848cc45808ec373
	# 46c8c55831674fd3a12caa7352108fa4
	msgid "LDAP Server"
	msgstr ""

	#: ../../accounts.rst:272
	# bf34c451c0994186b556742324006c30
	msgid "Example Search Base DN"
	msgstr ""

	#: ../../accounts.rst:274
	#: ../../accounts.rst:330
	# c6940ea324fb4c99895c4d2152bfd32e
	# 359bafef7f4044e380b30643767ad285
	msgid "ApacheDS"
	msgstr ""

	#: ../../accounts.rst:274
	# 2253d38b2ae84eeab805635117cf368c
	msgid "OU=testing, O=project"
	msgstr ""

	#: ../../accounts.rst:275
	#: ../../accounts.rst:331
	# ddf11f35901948058a34dff9cbca8c3d
	# 6d6eab10b7674a65aedf6c1f41312bf8
	msgid "Active Directory"
	msgstr ""

	#: ../../accounts.rst:275
	# 0fdc037b3c2746e0b455bd0594bf0bee
	msgid "OU=testing, DC=company"
	msgstr ""

	#: ../../accounts.rst:279
	# 03d46aff89114039bebeeea32fbcda86
	msgid "Query Filter"
	msgstr ""

	#: ../../accounts.rst:281
	# 93b867a441bc4cddad5a72d6b9e51abf
	msgid "The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the CloudStack user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server."
	msgstr ""

	#: ../../accounts.rst:286
	# 94920970089b494395b1e5410ad30bb1
	msgid "The CloudStack query filter wildcards are:"
	msgstr ""

	#: ../../accounts.rst:289
	# f7c82cdd777a4284b5adc6a920065f32
	msgid "Query Filter Wildcard"
	msgstr ""

	#: ../../accounts.rst:289
	# 2e1c45a30d2648c6878074583a6a4c7b
	msgid "Description"
	msgstr ""

	#: ../../accounts.rst:291
	# b636b6a26b4942d390e3083bb99636ec
	msgid "%u"
	msgstr ""

	#: ../../accounts.rst:291
	# b85fa10a6f7c473f9579fbee87abc7dc
	msgid "User name"
	msgstr ""

	#: ../../accounts.rst:292
	# aaca04ef47ce4a6d957d7f999021beec
	msgid "%e"
	msgstr ""

	#: ../../accounts.rst:292
	# 04104fb07bb94de38b10667d6fdadf04
	msgid "Email address"
	msgstr ""

	#: ../../accounts.rst:293
	# ae0690d61f774148a22980a6ed2d4c98
	msgid "%n"
	msgstr ""

	#: ../../accounts.rst:293
	# 5c8df2d1e58b4c88b7f6f76691f54e32
	msgid "First and last name"
	msgstr ""

	#: ../../accounts.rst:296
	# fb24e5d77b0b4a369c988a18859c27b5
	msgid "The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema."
	msgstr ""

	#: ../../accounts.rst:299
	# 53d9ff57793f490ea016d5c0dd2235e1
	msgid "If the CloudStack user name is the same as the LDAP user ID:"
	msgstr ""

	#: ../../accounts.rst:305
	# fe9b3901fa4c442dbba0966d900dc335
	msgid "If the CloudStack user name is the LDAP display name:"
	msgstr ""

	#: ../../accounts.rst:311
	# 67bfee8945324987bfa2debd1cbd0f29
	msgid "To find a user by email address:"
	msgstr ""

	#: ../../accounts.rst:318
	# 0a2a4f3d28a447ccafdcade93acec26e
	msgid "Search User Bind DN"
	msgstr ""

	#: ../../accounts.rst:320
	# 9d07ca9ffe4d45e1a14848570aad2f64
	msgid "The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudStack user with an LDAP bind. A full discussion of bind DNs is outside the scope of our documentation. The following table shows some examples of bind DNs."
	msgstr ""

	#: ../../accounts.rst:328
	# 3b0b6b5b036945e6bb5442cb94a46fcd
	msgid "Example Bind DN"
	msgstr ""

	#: ../../accounts.rst:330
	# 1cd4f20b644c4fd68eb8a37ef35f7b47
	msgid "CN=Administrator,DC=testing,OU=project,OU=org"
	msgstr ""

	#: ../../accounts.rst:331
	# 2e60a99cfddd494c9de480a48304dfe3
	msgid "CN=Administrator, OU=testing, DC=company, DC=com"
	msgstr ""

	#: ../../accounts.rst:336
	# 16cd1707b0594271ae8a6ae3884ec80e
	msgid "SSL Keystore Path and Password"
	msgstr ""

	#: ../../accounts.rst:338
	# 074f3d04369241be9e56096bb7dded79
	msgid "If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password."
	msgstr ""