# SQL realm has special edit logic; don't bother with full list
module.sql.name=Database (SQL) Realm
module.sql.class=org.apache.geronimo.security.realm.providers.SQLLoginModule
# Properties File
module.props.name=Properties File Realm
module.props.class=org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
module.props.field.usersURI.displayOrder=1
module.props.field.usersURI.displayName=Users File URI
module.props.field.usersURI.description=The location of a properties file (relative to the Geronimo home dir) holding user/password information. The format of each line should be username=password.
module.props.field.usersURI.length=50
module.props.field.groupsURI.displayOrder=2
module.props.field.groupsURI.displayName=Groups File URI
module.props.field.groupsURI.description=The location of a properties file (relative to the Geronimo home dir) holding group information. The format of each line should be group=user,user,....
module.props.field.groupsURI.length=50
# LDAP
module.ldap.name=LDAP Realm
module.ldap.class=org.apache.geronimo.security.realm.providers.LDAPLoginModule
module.ldap.field.initialContextFactory.displayOrder=1
module.ldap.field.initialContextFactory.displayName=Initial Context Factory
module.ldap.field.initialContextFactory.description=The fully-qualified class name of the initial context factory. If you don't know what to use here, you should use com.sun.jndi.ldap.LdapCtxFactory.
module.ldap.field.initialContextFactory.length=60
module.ldap.field.connectionURL.displayOrder=2
module.ldap.field.connectionURL.displayName=Connection URL
module.ldap.field.connectionURL.description=A URL the describes how to connect to the LDAP server. Normally this would be ldap://ldap-server-hostname:389 (or for the Apache directory server included with Geronimo, ldap://localhost:1389).
module.ldap.field.connectionURL.length=50
module.ldap.field.connectionUsername.displayOrder=3
module.ldap.field.connectionUsername.displayName=Connect Username
module.ldap.field.connectionUsername.description=The user name used to connect to the LDAP server. Should be an administrator or Directory manager that has access to examine other users' passwords.
module.ldap.field.connectionUsername.length=20
module.ldap.field.connectionPassword.displayOrder=4
module.ldap.field.connectionPassword.displayName=Connect Password
module.ldap.field.connectionPassword.password=true
module.ldap.field.connectionPassword.description=The password used to connect to the LDAP server.
module.ldap.field.connectionPassword.length=20
module.ldap.field.connectionProtocol.displayOrder=5
module.ldap.field.connectionProtocol.displayName=Connect Protocol
module.ldap.field.connectionProtocol.description=The connection protocol used to communicate with the LDAP server. Normally left blank, though it can be set to ssl if the server supports it.
module.ldap.field.connectionProtocol.length=10
module.ldap.field.authentication.displayOrder=6
module.ldap.field.authentication.displayName=Authentication
module.ldap.field.authentication.description=The security level to use, which can be none, simple, or strong (the usual value is simple. If this property is unspecified, the behavior is determined by the service provider.
module.ldap.field.authentication.length=10
module.ldap.field.userBase.displayOrder=7
module.ldap.field.userBase.displayName=User Base
module.ldap.field.userBase.description=The base LDAP context (location) to search for users. The search may look in this location only, or there and all subcontexts, depending on the settings for "User Search Subtree" below.
module.ldap.field.userBase.length=40
module.ldap.field.userSearchMatching.displayOrder=8
module.ldap.field.userSearchMatching.displayName=User Search Matching
module.ldap.field.userSearchMatching.description=The LDAP attribute search string used to find the user. RFC 2254 filters are allowed, and normally the parameter {0} is used to identify the username. A typical value would be (uid={0}) or (cn={0}).
module.ldap.field.userSearchMatching.length=20
module.ldap.field.userSearchSubtree.displayOrder=9
module.ldap.field.userSearchSubtree.displayName=User Search Subtree
module.ldap.field.userSearchSubtree.description=If set to true, then subtrees under the "User Base" will be searched for users too. If set to false, then only the "User Base" location itself will be searched.
module.ldap.field.userSearchSubtree.length=10
module.ldap.field.roleBase.displayOrder=10
module.ldap.field.roleBase.displayName=Role Base
module.ldap.field.roleBase.description=The base LDAP context (location) to search for roles. The search may look in this location only, or there and all subcontexts, depending on the settings for "Role Search Subtree" below.
module.ldap.field.roleBase.length=40
module.ldap.field.roleName.displayOrder=11
module.ldap.field.roleName.displayName=Role Name
module.ldap.field.roleName.description=The LDAP attribute type that corresponds to the the role name. Often set to cn.
module.ldap.field.roleName.length=20
module.ldap.field.roleSearchMatching.displayOrder=12
module.ldap.field.roleSearchMatching.displayName=Role User Search String
module.ldap.field.roleSearchMatching.description=The LDAP attribute search string used on a role to find the users who are members of the role. This is used when the role has many attributes with the same name, but with different values (one per user). Normally the parameter {0} is used to identify the username. A typical value would be (member={0}) or (memberUID={0}).
module.ldap.field.roleSearchMatching.length=20
module.ldap.field.roleSearchSubtree.displayOrder=13
module.ldap.field.roleSearchSubtree.displayName=Role Search Subtree
module.ldap.field.roleSearchSubtree.description=If set to true, then subtrees under the "Role Base" will be searched for roles too. If set to false, then only the "Role Base" location itself will be searched.
module.ldap.field.roleSearchSubtree.length=10
module.ldap.field.userRoleName.displayOrder=14
module.ldap.field.userRoleName.displayName=User Role Search String
module.ldap.field.userRoleName.description=If the role entry does not have an attribute for users, but instead the user entry has an attribute for roles, this should be used instead of the "Role User Search String". It names the attribute on a user that lists a role that user is in. A typical value would be (memberOf={0}).
module.ldap.field.userRoleName.length=20
# Certificate Properties File
module.certprops.name=Certificate Properties File Realm
module.certprops.class=org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule
module.certprops.field.usersURI.displayOrder=1
module.certprops.field.usersURI.displayName=Users File URI
module.certprops.field.usersURI.description=The location of a properties file (relative to the Geronimo home dir) holding certificate to user mapping information. The format of each line should be username=certificatename where certificate name is X509Certificate.getSubjectX500Principal().getName()
module.certprops.field.usersURI.length=50
module.certprops.field.groupsURI.displayOrder=2
module.certprops.field.groupsURI.displayName=Groups File URI
module.certprops.field.groupsURI.description=The location of a properties file (relative to the Geronimo home dir) holding group information. The format of each line should be group=user,user,....
module.certprops.field.groupsURI.length=50
# TODO: Sun Kerberos Login Module & Properties
# Other realm has special edit logic; don't bother with much at all
module.other.name=Other