| # SOME DESCRIPTIVE TITLE. |
| # Copyright (C) |
| # This file is distributed under the same license as the Apache CloudStack Administration Documentation package. |
| # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
| # |
| #, fuzzy |
| msgid "" |
| msgstr "" |
| "Project-Id-Version: Apache CloudStack Administration Documentation 4\n" |
| "Report-Msgid-Bugs-To: \n" |
| "POT-Creation-Date: 2014-03-31 14:08-0400\n" |
| "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
| "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
| "Language-Team: LANGUAGE <LL@li.org>\n" |
| "MIME-Version: 1.0\n" |
| "Content-Type: text/plain; charset=UTF-8\n" |
| "Content-Transfer-Encoding: 8bit\n" |
| |
| #: ../../accounts.rst:18 |
| # 90951daa147540dab10f9d0c78d8c73b |
| msgid "Managing Accounts, Users and Domains" |
| msgstr "" |
| |
| #: ../../accounts.rst:21 |
| # 661635f04f94452db5ca9e4dd563cef7 |
| msgid "Accounts, Users, and Domains" |
| msgstr "" |
| |
| #: ../../accounts.rst:24 |
| # a7494e04f72d469a86f3c67e958ed65f |
| msgid "Accounts" |
| msgstr "" |
| |
| #: ../../accounts.rst:26 |
| # 457dea8dff534d9aa75e2270c1e1ac6d |
| msgid "An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account." |
| msgstr "" |
| |
| #: ../../accounts.rst:31 |
| # b45cd9ee7d3e478cbb3c129943ce53d5 |
| msgid "Domains" |
| msgstr "" |
| |
| #: ../../accounts.rst:33 |
| # 10ebf41c7dbf4e65b1be24934d043965 |
| msgid "Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller." |
| msgstr "" |
| |
| #: ../../accounts.rst:39 |
| # 403c3bff584f41c6b9ee1d4ba5bc6241 |
| msgid "For each account created, the Cloud installation creates three different types of user accounts: root administrator, domain administrator, and user." |
| msgstr "" |
| |
| #: ../../accounts.rst:44 |
| # 65e0965c3efe4beb825b48109a593375 |
| msgid "Users" |
| msgstr "" |
| |
| #: ../../accounts.rst:46 |
| # 34892ebe1c424238b2d30be07cfbef77 |
| msgid "Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. The same user cannot belong to multiple accounts." |
| msgstr "" |
| |
| #: ../../accounts.rst:52 |
| # 31c0da272edb4413bba06570446855e5 |
| msgid "Username is unique in a domain across accounts in that domain. The same username can exist in other domains, including sub-domains. Domain name can repeat only if the full pathname from root is unique. For example, you can create root/d1, as well as root/foo/d1, and root/sales/d1." |
| msgstr "" |
| |
| #: ../../accounts.rst:57 |
| # 1754108df51d4b9aa2bfcab98e1b9bf0 |
| msgid "Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system." |
| msgstr "" |
| |
| #: ../../accounts.rst:63 |
| # 12ec03346ad2491195e691d8d6e3139b |
| msgid "Domain Administrators" |
| msgstr "" |
| |
| #: ../../accounts.rst:65 |
| # 14a1bb86d2624ad3b4c82731fa8dd170 |
| msgid "Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains." |
| msgstr "" |
| |
| #: ../../accounts.rst:70 |
| # 39f193590cb5492691994021f7591f2e |
| msgid "Root Administrator" |
| msgstr "" |
| |
| #: ../../accounts.rst:72 |
| # 97d51f9ba69843b5af3c3770b5e6a41d |
| msgid "Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains" |
| msgstr "" |
| |
| #: ../../accounts.rst:77 |
| # 0231216736c74923a934181f66c7be6d |
| msgid "Resource Ownership" |
| msgstr "" |
| |
| #: ../../accounts.rst:79 |
| # 72eb8676abfd416cb9bbb177a3de84f6 |
| msgid "Resources belong to the account, not individual users in that account. For example, billing, resource limits, and so on are maintained by the account, not the users. A user can operate on any resource in the account provided the user has privileges for that operation. The privileges are determined by the role. A root administrator can change the ownership of any virtual machine from one account to any other account by using the assignVirtualMachine API. A domain or sub-domain administrator can do the same for VMs within the domain from one account to any other account in the domain or any of its sub-domains." |
| msgstr "" |
| |
| #: ../../accounts.rst:90 |
| # ff5d0b1e1c574c599f7af2c724e6fed1 |
| msgid "Dedicating Resources to Accounts and Domains" |
| msgstr "" |
| |
| #: ../../accounts.rst:92 |
| # 0a4bdfeefcbc4e6b90e29d85882276e5 |
| msgid "The root administrator can dedicate resources to a specific domain or account that needs private infrastructure for additional security or performance guarantees. A zone, pod, cluster, or host can be reserved by the root administrator for a specific domain or account. Only users in that domain or its subdomain may use the infrastructure. For example, only users in a given domain can create guests in a zone dedicated to that domain." |
| msgstr "" |
| |
| #: ../../accounts.rst:100 |
| # d6b26e49ebc04db7bc3a577de66cada3 |
| msgid "There are several types of dedication available:" |
| msgstr "" |
| |
| #: ../../accounts.rst:104 |
| # dac518c9d097412c8fc411ea7ed6a9e7 |
| msgid "Explicit dedication. A zone, pod, cluster, or host is dedicated to an account or domain by the root administrator during initial deployment and configuration." |
| msgstr "" |
| |
| #: ../../accounts.rst:110 |
| # 574012d1f1984a9a8d7a720f9ea1c4d6 |
| msgid "Strict implicit dedication. A host will not be shared across multiple accounts. For example, strict implicit dedication is useful for deployment of certain types of applications, such as desktops, where no host can be shared between different accounts without violating the desktop software's terms of license." |
| msgstr "" |
| |
| #: ../../accounts.rst:118 |
| # a5988bb1ccf4413394ead18a5bf8d2b4 |
| msgid "Preferred implicit dedication. The VM will be deployed in dedicated infrastructure if possible. Otherwise, the VM can be deployed in shared infrastructure." |
| msgstr "" |
| |
| #: ../../accounts.rst:123 |
| # 599bcac969ab4007b46f4a44e3aab507 |
| msgid "How to Dedicate a Zone, Cluster, Pod, or Host to an Account or Domain" |
| msgstr "" |
| |
| #: ../../accounts.rst:125 |
| # 235f58f9b9bd48eab66c66dc94d93e40 |
| msgid "For explicit dedication: When deploying a new zone, pod, cluster, or host, the root administrator can click the Dedicated checkbox, then choose a domain or account to own the resource." |
| msgstr "" |
| |
| #: ../../accounts.rst:129 |
| # 99189fbc5d704126a534a43918bd1cc9 |
| msgid "To explicitly dedicate an existing zone, pod, cluster, or host: log in as the root admin, find the resource in the UI, and click the Dedicate button. |button to dedicate a zone, pod,cluster, or host|" |
| msgstr "" |
| |
| #: ../../accounts.rst:133 |
| # e7ebf6fbd7d048bf822061139e2b5a4c |
| msgid "For implicit dedication: The administrator creates a compute service offering and in the Deployment Planner field, chooses ImplicitDedicationPlanner. Then in Planner Mode, the administrator specifies either Strict or Preferred, depending on whether it is permissible to allow some use of shared resources when dedicated resources are not available. Whenever a user creates a VM based on this service offering, it is allocated on one of the dedicated hosts." |
| msgstr "" |
| |
| #: ../../accounts.rst:142 |
| # 57e1c25d97df4d22b88b35dc599e45f7 |
| msgid "How to Use Dedicated Hosts" |
| msgstr "" |
| |
| #: ../../accounts.rst:144 |
| # b227acf3ae06498d99b21119713e2238 |
| msgid "To use an explicitly dedicated host, use the explicit-dedicated type of affinity group (see `“Affinity Groups” <virtual_machines.html#affinity-groups>`_). For example, when creating a new VM, an end user can choose to place it on dedicated infrastructure. This operation will succeed only if some infrastructure has already been assigned as dedicated to the user's account or domain." |
| msgstr "" |
| |
| #: ../../accounts.rst:152 |
| # f9c5cb26d6904347ad48d4ceba1481a6 |
| msgid "Behavior of Dedicated Hosts, Clusters, Pods, and Zones" |
| msgstr "" |
| |
| #: ../../accounts.rst:154 |
| # 05b28e9607634f78abda79633a1403cf |
| msgid "The administrator can live migrate VMs away from dedicated hosts if desired, whether the destination is a host reserved for a different account/domain or a host that is shared (not dedicated to any particular account or domain). CloudStack will generate an alert, but the operation is allowed." |
| msgstr "" |
| |
| #: ../../accounts.rst:160 |
| # ce25fc9a198a4cbeaabd2e2405325e9c |
| msgid "Dedicated hosts can be used in conjunction with host tags. If both a host tag and dedication are requested, the VM will be placed only on a host that meets both requirements. If there is no dedicated resource available to that user that also has the host tag requested by the user, then the VM will not deploy." |
| msgstr "" |
| |
| #: ../../accounts.rst:166 |
| # aeb33b23037c45be909c3768cc8966b6 |
| msgid "If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it are freed up. They will now be available to be shared by any account or domain, or the administrator may choose to re-dedicate them to a different account or domain." |
| msgstr "" |
| |
| #: ../../accounts.rst:171 |
| # 1ce4e0516a79477a817eb0619fbfb51e |
| msgid "System VMs and virtual routers affect the behavior of host dedication. System VMs and virtual routers are owned by the CloudStack system account, and they can be deployed on any host. They do not adhere to explicit dedication. The presence of system vms and virtual routers on a host makes it unsuitable for strict implicit dedication. The host can not be used for strict implicit dedication, because the host already has VMs of a specific account (the default system account). However, a host with system VMs or virtual routers can be used for preferred implicit dedication." |
| msgstr "" |
| |
| #: ../../accounts.rst:182 |
| # ad8c17e1de7c4cb4af2c8b55ee0a851c |
| msgid "Using an LDAP Server for User Authentication" |
| msgstr "" |
| |
| #: ../../accounts.rst:184 |
| # d3eb07c14a05493ba2ff39ea53010821 |
| msgid "You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudStack end-users. Just map CloudStack accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudStack for matching common values such as the user’s email address and name. CloudStack will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user.." |
| msgstr "" |
| |
| #: ../../accounts.rst:195 |
| # efbc795d47b644b592c065f9221a5ecc |
| msgid "To set up LDAP authentication in CloudStack, call the CloudStack API command ldapConfig and provide the following:" |
| msgstr "" |
| |
| #: ../../accounts.rst:200 |
| # 7826c9574e864a3fa3927d2452d6f247 |
| msgid "Hostname or IP address and listening port of the LDAP server" |
| msgstr "" |
| |
| #: ../../accounts.rst:204 |
| # 70b92e095a0749628ec280152921d951 |
| msgid "Base directory and query filter" |
| msgstr "" |
| |
| #: ../../accounts.rst:208 |
| # 4fe250c5d3ac44ab883b8c10af24f1fe |
| msgid "Search user DN credentials, which give CloudStack permission to search on the LDAP server" |
| msgstr "" |
| |
| #: ../../accounts.rst:213 |
| # 2ceaa9828892484ebd391520d745991d |
| msgid "SSL keystore and password, if SSL is used" |
| msgstr "" |
| |
| #: ../../accounts.rst:216 |
| # 26d8fb1d67a74f8387452da5b3cce675 |
| msgid "Example LDAP Configuration Commands" |
| msgstr "" |
| |
| #: ../../accounts.rst:218 |
| # 1c19000335be4f7ebdab1d79a7c4658c |
| msgid "To understand the examples in this section, you need to know the basic concepts behind calling the CloudStack API, which are explained in the Developer’s Guide." |
| msgstr "" |
| |
| #: ../../accounts.rst:222 |
| # d7aafed8ded6431d8129d3bbe41769aa |
| msgid "The following shows an example invocation of ldapConfig with an ApacheDS LDAP server" |
| msgstr "" |
| |
| #: ../../accounts.rst:229 |
| # 7214405299e94877a1c09f6c6287ee10 |
| msgid "The command must be URL-encoded. Here is the same example without the URL encoding:" |
| msgstr "" |
| |
| #: ../../accounts.rst:247 |
| # 74c45748c7614774911829b534605cc1 |
| msgid "The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address." |
| msgstr "" |
| |
| #: ../../accounts.rst:255 |
| # e42d0dbce6674c9ba00d73998fb30e71 |
| msgid "The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters." |
| msgstr "" |
| |
| #: ../../accounts.rst:259 |
| # a47324fc43df41cdbcae97f676f2536f |
| msgid "Search Base" |
| msgstr "" |
| |
| #: ../../accounts.rst:261 |
| # f44d14b0d741402087e0cc706bbb068e |
| msgid "An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found. The users can be in the immediate base directory or in some subdirectory. The search base may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department.." |
| msgstr "" |
| |
| #: ../../accounts.rst:272 |
| #: ../../accounts.rst:328 |
| # c824c6d3616243eaa848cc45808ec373 |
| # 46c8c55831674fd3a12caa7352108fa4 |
| msgid "LDAP Server" |
| msgstr "" |
| |
| #: ../../accounts.rst:272 |
| # bf34c451c0994186b556742324006c30 |
| msgid "Example Search Base DN" |
| msgstr "" |
| |
| #: ../../accounts.rst:274 |
| #: ../../accounts.rst:330 |
| # c6940ea324fb4c99895c4d2152bfd32e |
| # 359bafef7f4044e380b30643767ad285 |
| msgid "ApacheDS" |
| msgstr "" |
| |
| #: ../../accounts.rst:274 |
| # 2253d38b2ae84eeab805635117cf368c |
| msgid "OU=testing, O=project" |
| msgstr "" |
| |
| #: ../../accounts.rst:275 |
| #: ../../accounts.rst:331 |
| # ddf11f35901948058a34dff9cbca8c3d |
| # 6d6eab10b7674a65aedf6c1f41312bf8 |
| msgid "Active Directory" |
| msgstr "" |
| |
| #: ../../accounts.rst:275 |
| # 0fdc037b3c2746e0b455bd0594bf0bee |
| msgid "OU=testing, DC=company" |
| msgstr "" |
| |
| #: ../../accounts.rst:279 |
| # 03d46aff89114039bebeeea32fbcda86 |
| msgid "Query Filter" |
| msgstr "" |
| |
| #: ../../accounts.rst:281 |
| # 93b867a441bc4cddad5a72d6b9e51abf |
| msgid "The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the CloudStack user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server." |
| msgstr "" |
| |
| #: ../../accounts.rst:286 |
| # 94920970089b494395b1e5410ad30bb1 |
| msgid "The CloudStack query filter wildcards are:" |
| msgstr "" |
| |
| #: ../../accounts.rst:289 |
| # f7c82cdd777a4284b5adc6a920065f32 |
| msgid "Query Filter Wildcard" |
| msgstr "" |
| |
| #: ../../accounts.rst:289 |
| # 2e1c45a30d2648c6878074583a6a4c7b |
| msgid "Description" |
| msgstr "" |
| |
| #: ../../accounts.rst:291 |
| # b636b6a26b4942d390e3083bb99636ec |
| msgid "%u" |
| msgstr "" |
| |
| #: ../../accounts.rst:291 |
| # b85fa10a6f7c473f9579fbee87abc7dc |
| msgid "User name" |
| msgstr "" |
| |
| #: ../../accounts.rst:292 |
| # aaca04ef47ce4a6d957d7f999021beec |
| msgid "%e" |
| msgstr "" |
| |
| #: ../../accounts.rst:292 |
| # 04104fb07bb94de38b10667d6fdadf04 |
| msgid "Email address" |
| msgstr "" |
| |
| #: ../../accounts.rst:293 |
| # ae0690d61f774148a22980a6ed2d4c98 |
| msgid "%n" |
| msgstr "" |
| |
| #: ../../accounts.rst:293 |
| # 5c8df2d1e58b4c88b7f6f76691f54e32 |
| msgid "First and last name" |
| msgstr "" |
| |
| #: ../../accounts.rst:296 |
| # fb24e5d77b0b4a369c988a18859c27b5 |
| msgid "The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema." |
| msgstr "" |
| |
| #: ../../accounts.rst:299 |
| # 53d9ff57793f490ea016d5c0dd2235e1 |
| msgid "If the CloudStack user name is the same as the LDAP user ID:" |
| msgstr "" |
| |
| #: ../../accounts.rst:305 |
| # fe9b3901fa4c442dbba0966d900dc335 |
| msgid "If the CloudStack user name is the LDAP display name:" |
| msgstr "" |
| |
| #: ../../accounts.rst:311 |
| # 67bfee8945324987bfa2debd1cbd0f29 |
| msgid "To find a user by email address:" |
| msgstr "" |
| |
| #: ../../accounts.rst:318 |
| # 0a2a4f3d28a447ccafdcade93acec26e |
| msgid "Search User Bind DN" |
| msgstr "" |
| |
| #: ../../accounts.rst:320 |
| # 9d07ca9ffe4d45e1a14848570aad2f64 |
| msgid "The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudStack user with an LDAP bind. A full discussion of bind DNs is outside the scope of our documentation. The following table shows some examples of bind DNs." |
| msgstr "" |
| |
| #: ../../accounts.rst:328 |
| # 3b0b6b5b036945e6bb5442cb94a46fcd |
| msgid "Example Bind DN" |
| msgstr "" |
| |
| #: ../../accounts.rst:330 |
| # 1cd4f20b644c4fd68eb8a37ef35f7b47 |
| msgid "CN=Administrator,DC=testing,OU=project,OU=org" |
| msgstr "" |
| |
| #: ../../accounts.rst:331 |
| # 2e60a99cfddd494c9de480a48304dfe3 |
| msgid "CN=Administrator, OU=testing, DC=company, DC=com" |
| msgstr "" |
| |
| #: ../../accounts.rst:336 |
| # 16cd1707b0594271ae8a6ae3884ec80e |
| msgid "SSL Keystore Path and Password" |
| msgstr "" |
| |
| #: ../../accounts.rst:338 |
| # 074f3d04369241be9e56096bb7dded79 |
| msgid "If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password." |
| msgstr "" |
| |