# These templates have been reviewed by the debian-l10n-english
# team
#
# If modifications/additions/rewording are needed, please ask
# debian-l10n-english@lists.debian.org for advice.
#
# Even minor modifications require translation updates and such
# changes should be coordinated with translators and reviewers.

Template: libpam-ldap/rootbinddn
Type: string
Default: cn=manager,dc=example,dc=net
_Description: LDAP administrative account:
 Please enter the name of the LDAP administrative account.
 .
 This account will be used automatically for database management, so
 it must have the appropriate administrative privileges.

Template: libpam-ldap/rootbindpw
Type: password
#flag:comment:3
# Translators: do not translate "${filename}"
_Description: LDAP administrative password:
 Please enter the password of the administrative account.
 .
 The password will be stored in the file ${filename}.
 This will be made readable to root only, and will allow ${package}
 to carry out automatic database management logins.
 .
 If this field is left empty, the previously stored password will
 be re-used.

Template: libpam-ldap/dblogin
Type: boolean
Default: false
_Description: Does the LDAP database require login?
 Please choose whether the LDAP server enforces a login before
 retrieving entries.
 .
 Such a setup is not usually needed.

Template: shared/ldapns/base-dn
Type: string
Default: dc=example,dc=net
_Description: Distinguished name of the search base:
 Please enter the distinguished name of the LDAP search base. Many sites
 use the components of their domain names for this purpose. For example,
 the domain "example.net" would use "dc=example,dc=net" as the
 distinguished name of the search base.

Template: libpam-ldap/pam_password
Type: select
__Choices: clear, crypt, nds, ad, exop, md5
Default: crypt
_Description: Local encryption algorithm to use for passwords:
 The PAM module can encrypt the password locally when changing it,
 which is recommended:
  * clear: no encryption. This should be chosen when LDAP servers
    automatically encrypt the userPassword entry;
  * crypt: make userPassword use the same format as the flat
    local password database. If in doubt, you should choose this option;
  * nds: use Novell Directory Services-style updating. The old
    password is first removed, then updated;
  * ad: Active Directory-style. This creates a Unicode password and
    updates the unicodePwd attribute;
  * exop: use the OpenLDAP password change extended operation to update the
    password.

Template: shared/ldapns/ldap_version
Type: select
Choices: 3, 2
Default: 3
_Description: LDAP version to use:
 Please choose the version of the LDAP protocol that should be used by
 ldapns. Using the highest available version number is recommended.

Template: libpam-ldap/binddn
Type: string
Default: cn=proxyuser,dc=example,dc=net
_Description: LDAP login user account:
 Please enter the name of the LDAP account that should be used for
 non-administrative (read-only) database logins.
 .
 It is highly recommended to use an unprivileged account, because
 the configuration file that contains the account name and password
 must be world-readable.

Template: libpam-ldap/dbrootlogin
Type: boolean
Default: true
_Description: Allow LDAP admin account to behave like local root?
 This option will allow password utilities that use PAM to
 change local passwords.
 .
 The LDAP admin account password will be stored in a separate file which will be made
 readable to root only.
 .
 If /etc is mounted by NFS, this option should be disabled.

Template: shared/ldapns/ldap-server
Type: string
Default: ldapi:///
_Description: LDAP server URI:
 Please enter the Uniform Resource Identifier of the LDAP server.
 The format is 'ldap://<hostname_or_IP>:<port>/'. Alternatively,
 'ldaps://' or 'ldapi://' can be used. The port number is optional.
 .
 Using an IP address is recommended to avoid failures when
 domain name services are unavailable.

Template: libpam-ldap/bindpw
Type: password
_Description: Password for LDAP login user:
 Please enter the password for the nonadministrative LDAP login account.

Template: libpam-ldap/override
Type: boolean
Default: true
_Description: Manage libpam-ldap configuration automatically?
 The libpam-ldap package configuration may be managed automatically
 using answers to questions asked during the configuration process.
 The resulting configuration file may overwrite local changes.
 .
 If you do not choose this option, no further questions will be asked
 and the configuration will need to be done manually.

