Units
Translation components API.
See the Weblate's Web API documentation for detailed description of the API.
GET /api/translations/freeipa/ipa-4-8/zh_CN/units/?format=api&page=93
{ "count": 4657, "next": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/units/?format=api&page=94", "previous": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/units/?format=api&page=92", "results": [ { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nID ranges\n\nManage ID ranges used to map Posix IDs to SIDs and back.\n\nThere are two type of ID ranges which are both handled by this utility:\n\n - the ID ranges of the local domain\n - the ID ranges of trusted remote domains\n\nBoth types have the following attributes in common:\n\n - base-id: the first ID of the Posix ID range\n - range-size: the size of the range\n\nWith those two attributes a range object can reserve the Posix IDs starting\nwith base-id up to but not including base-id+range-size exclusively.\n\nAdditionally an ID range of the local domain may set\n - rid-base: the first RID(*) of the corresponding RID range\n - secondary-rid-base: first RID of the secondary RID range\n\nand an ID range of a trusted domain must set\n - rid-base: the first RID of the corresponding RID range\n - sid: domain SID of the trusted domain\n\n\n\nEXAMPLE: Add a new ID range for a trusted domain\n\nSince there might be more than one trusted domain the domain SID must be given\nwhile creating the ID range.\n\n ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n\nThis ID range is then used by the IPA server and the SSSD IPA provider to\nassign Posix UIDs to users from the trusted domain.\n\nIf e.g. a range for a trusted domain is configured with the following values:\n base-id = 1200000\n range-size = 200000\n rid-base = 0\nthe RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. So\nRID 1000 <-> Posix ID 1201000\n\n\n\nEXAMPLE: Add a new ID range for the local domain\n\nTo create an ID range for the local domain it is not necessary to specify a\ndomain SID. But since it is possible that a user and a group can have the same\nvalue as Posix ID a second RID interval is needed to handle conflicts.\n\n ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 --secondary-rid-base=1000000 local_range\n\nThe data from the ID ranges of the local domain are used by the IPA server\ninternally to assign SIDs to IPA users and groups. The SID will then be stored\nin the user or group objects.\n\nIf e.g. the ID range for the local domain is configured with the values from\nthe example above then a new user with the UID 1200007 will get the RID 1007.\nIf this RID is already used by a group the RID will be 1000007. This can only\nhappen if a user or a group object was created with a fixed ID because the\nautomatic assignment will not assign the same ID twice. Since there are only\nusers and groups sharing the same ID namespace it is sufficient to have only\none fallback range to handle conflicts.\n\nTo find the Posix ID for a given RID from the local domain it has to be\nchecked first if the RID falls in the primary or secondary RID range and\nthe rid-base or the secondary-rid-base has to be subtracted, respectively,\nand the base-id has to be added to get the Posix ID.\n\nTypically the creation of ID ranges happens behind the scenes and this CLI\nmust not be used at all. The ID range for the local domain will be created\nduring installation or upgrade from an older version. The ID range for a\ntrusted domain will be created together with the trust by 'ipa trust-add ...'.\n\nUSE CASES:\n\n Add an ID range from a transitively trusted domain\n\n If the trusted domain (A) trusts another domain (B) as well and this trust\n is transitive 'ipa trust-add domain-A' will only create a range for\n domain A. The ID range for domain B must be added manually.\n\n Add an additional ID range for the local domain\n\n If the ID range of the local domain is exhausted, i.e. no new IDs can be\n assigned to Posix users or groups by the DNA plugin, a new range has to be\n created to allow new users and groups to be added. (Currently there is no\n connection between this range CLI and the DNA plugin, but a future version\n might be able to modify the configuration of the DNS plugin as well)\n\nIn general it is not necessary to modify or delete ID ranges. If there is no\nother way to achieve a certain configuration than to modify or delete an ID\nrange it should be done with great care. Because UIDs are stored in the file\nsystem and are used for access control it might be possible that users are\nallowed to access files of other users if an ID range got deleted and reused\nfor a different domain.\n\n(*) The RID is typically the last integer of a user or group SID which follows\nthe domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user from\nthis domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the\nuser. RIDs are unique in a domain, 32bit values and are used for users and\ngroups.\n\nWARNING:\n\nDNA plugin in 389-ds will allocate IDs based on the ranges configured for the\nlocal domain. Currently the DNA plugin *cannot* be reconfigured itself based\non the local ranges set via this family of commands.\n\nManual configuration change has to be done in the DNA plugin configuration for\nthe new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\nIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\nmodified to match the new range.\n" ], "previous_source": "", "target": [ "" ], "id_hash": 2100861487553895582, "content_hash": 2100861487553895582, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1580, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 898, "source_unit": "https://translate.fedoraproject.org/api/units/4672283/?format=api", "priority": 100, "id": 4803439, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=9d27c2645ff2dc9e", "url": "https://translate.fedoraproject.org/api/units/4803439/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:56.859620Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nAdd new ID range.\n\n To add a new ID range you always have to specify\n\n --base-id\n --range-size\n\n Additionally\n\n --rid-base\n --secondary-rid-base\n\n may be given for a new ID range for the local domain while\n\n --rid-base\n --dom-sid\n\n must be given to add a new range for a trusted AD domain.\n\n WARNING:\n\n DNA plugin in 389-ds will allocate IDs based on the ranges configured for the\n local domain. Currently the DNA plugin *cannot* be reconfigured itself based\n on the local ranges set via this family of commands.\n\n Manual configuration change has to be done in the DNA plugin configuration for\n the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\n modified to match the new range.\n " ], "previous_source": "", "target": [ "" ], "id_hash": -7673449281923951434, "content_hash": -7673449281923951434, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1589, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 120, "source_unit": "https://translate.fedoraproject.org/api/units/2722307/?format=api", "priority": 100, "id": 4803440, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=15826e88a4f254b6", "url": "https://translate.fedoraproject.org/api/units/4803440/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:56.898920Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nManage CA ACL rules.\n\nThis plugin is used to define rules governing which principals are\npermitted to have certificates issued using a given certificate\nprofile.\n\nPROFILE ID SYNTAX:\n\nA Profile ID is a string without spaces or punctuation starting with a letter\nand followed by a sequence of letters, digits or underscore (\"_\").\n\nEXAMPLES:\n\n Create a CA ACL \"test\" that grants all users access to the\n \"UserCert\" profile:\n ipa caacl-add test --usercat=all\n ipa caacl-add-profile test --certprofiles UserCert\n\n Display the properties of a named CA ACL:\n ipa caacl-show test\n\n Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n ipa caacl-add-user alice_dnp3 --user=alice\n\n Disable a CA ACL:\n ipa caacl-disable test\n\n Remove a CA ACL:\n ipa caacl-del test\n" ], "previous_source": "", "target": [ "" ], "id_hash": 5880785516233677704, "content_hash": 5880785516233677704, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1596, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 123, "source_unit": "https://translate.fedoraproject.org/api/units/2722370/?format=api", "priority": 100, "id": 4803442, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=d19cbf44ef5edb88", "url": "https://translate.fedoraproject.org/api/units/4803442/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:56.937445Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nManage Certificate Profiles\n\nCertificate Profiles are used by Certificate Authority (CA) in the signing of\ncertificates to determine if a Certificate Signing Request (CSR) is acceptable,\nand if so what features and extensions will be present on the certificate.\n\nThe Certificate Profile format is the property-list format understood by the\nDogtag or Red Hat Certificate System CA.\n\nPROFILE ID SYNTAX:\n\nA Profile ID is a string without spaces or punctuation starting with a letter\nand followed by a sequence of letters, digits or underscore (\"_\").\n\nEXAMPLES:\n\n Import a profile that will not store issued certificates:\n ipa certprofile-import ShortLivedUserCert --file UserCert.profile --desc \"User Certificates\" --store=false\n\n Delete a certificate profile:\n ipa certprofile-del ShortLivedUserCert\n\n Show information about a profile:\n ipa certprofile-show ShortLivedUserCert\n\n Save profile configuration to a file:\n ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n\n Search for profiles that do not store certificates:\n ipa certprofile-find --store=false\n\nPROFILE CONFIGURATION FORMAT:\n\nThe profile configuration format is the raw property-list format\nused by Dogtag Certificate System. The XML format is not supported.\n\nThe following restrictions apply to profiles managed by FreeIPA:\n\n- When importing a profile the \"profileId\" field, if present, must\n match the ID given on the command line.\n\n- The \"classId\" field must be set to \"caEnrollImpl\"\n\n- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n\n- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n class must be used.\n" ], "previous_source": "", "target": [ "" ], "id_hash": -95608496639423207, "content_hash": -95608496639423207, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1622, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 222, "source_unit": "https://translate.fedoraproject.org/api/units/2727880/?format=api", "priority": 100, "id": 4803444, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=7eac5494304c4d19", "url": "https://translate.fedoraproject.org/api/units/4803444/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:56.999248Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nIPA servers\n\nGet information about installed IPA servers.\n\nEXAMPLES:\n\n Find all servers:\n ipa server-find\n\n Show specific server:\n ipa server-show ipa.example.com\n" ], "previous_source": "", "target": [ "" ], "id_hash": 3072663002766020125, "content_hash": 3072663002766020125, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1657, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 20, "source_unit": "https://translate.fedoraproject.org/api/units/2727861/?format=api", "priority": 100, "id": 4803446, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=aaa44ab8aa5a8e1d", "url": "https://translate.fedoraproject.org/api/units/4803446/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.029033Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nService Constrained Delegation\n\nManage rules to allow constrained delegation of credentials so\nthat a service can impersonate a user when communicating with another\nservice without requiring the user to actually forward their TGT.\nThis makes for a much better method of delegating credentials as it\nprevents exposure of the short term secret of the user.\n\nThe naming convention is to append the word \"target\" or \"targets\" to\na matching rule name. This is not mandatory but helps conceptually\nto associate rules and targets.\n\nA rule consists of two things:\n - A list of targets the rule applies to\n - A list of memberPrincipals that are allowed to delegate for\n those targets\n\nA target consists of a list of principals that can be delegated.\n\nIn English, a rule says that this principal can delegate as this\nlist of principals, as defined by these targets.\n\nEXAMPLES:\n\n Add a new constrained delegation rule:\n ipa servicedelegationrule-add ftp-delegation\n\n Add a new constrained delegation target:\n ipa servicedelegationtarget-add ftp-delegation-target\n\n Add a principal to the rule:\n ipa servicedelegationrule-add-member --principals=ftp/ipa.example.com ftp-delegation\n\n Add our target to the rule:\n ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-delegation-target ftp-delegation\n\n Add a principal to the target:\n ipa servicedelegationtarget-add-member --principals=ldap/ipa.example.com ftp-delegation-target\n\n Display information about a named delegation rule and target:\n ipa servicedelegationrule_show ftp-delegation\n ipa servicedelegationtarget_show ftp-delegation-target\n\n Remove a constrained delegation:\n ipa servicedelegationrule-del ftp-delegation-target\n ipa servicedelegationtarget-del ftp-delegation\n\nIn this example the ftp service can get a TGT for the ldap service on\nthe bound user's behalf.\n\nIt is strongly discouraged to modify the delegations that ship with\nIPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\nipa-ldap-delegation-targets. Incorrect changes can remove the ability\nto delegate, causing the framework to stop functioning.\n" ], "previous_source": "", "target": [ "" ], "id_hash": -4827466967722214768, "content_hash": -4827466967722214768, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1670, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 269, "source_unit": "https://translate.fedoraproject.org/api/units/2722416/?format=api", "priority": 100, "id": 4803448, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=3d01645eaffc3a90", "url": "https://translate.fedoraproject.org/api/units/4803448/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.071640Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nStageusers\n\nManage stage user entries.\n\nStage user entries are directly under the container: \"cn=stage users,\ncn=accounts, cn=provisioning, SUFFIX\".\nUser can not authenticate with those entries (even if the entries\ncontain credentials) and are candidate to become Active entries.\n\nActive user entries are Posix users directly under the container: \"cn=accounts, SUFFIX\".\nUser can authenticate with Active entries, at the condition they have\ncredentials\n\nDelete user entries are Posix users directly under the container: \"cn=deleted users,\ncn=accounts, cn=provisioning, SUFFIX\".\nUser can not authenticate with those entries (even if the entries contain credentials)\n\nThe stage user container contains entries\n - created by 'stageuser-add' commands that are Posix users\n - created by external provisioning system\n\nA valid stage user entry MUST:\n - entry RDN is 'uid'\n - ipaUniqueID is 'autogenerate'\n\nIPA supports a wide range of username formats, but you need to be aware of any\nrestrictions that may apply to your particular environment. For example,\nusernames that start with a digit or usernames that exceed a certain length\nmay cause problems for some UNIX systems.\nUse 'ipa config-mod' to change the username format allowed by IPA tools.\n\n\nEXAMPLES:\n\n Add a new stageuser:\n ipa stageuser-add --first=Tim --last=User --password tuser1\n\n Add a stageuser from the Delete container\n ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n" ], "previous_source": "", "target": [ "" ], "id_hash": -6243864614975504312, "content_hash": -6243864614975504312, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1693, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 208, "source_unit": "https://translate.fedoraproject.org/api/units/2727961/?format=api", "priority": 100, "id": 4803451, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=29595636cec10048", "url": "https://translate.fedoraproject.org/api/units/4803451/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.174278Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nTopology\n\nManagement of a replication topology.\n\nRequires minimum domain level 1.\n" ], "previous_source": "\nTopology\n\nManagement of a replication topology at domain level 1.\n", "target": [ "\n拓扑\n\n域级别为1的复制拓扑的管理。\n" ], "id_hash": -7605089279202908543, "content_hash": -7605089279202908543, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 1712, "has_suggestion": false, "has_comment": false, "has_failing_check": true, "num_words": 11, "source_unit": "https://translate.fedoraproject.org/api/units/2722442/?format=api", "priority": 100, "id": 4803455, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=16754b9813faa681", "url": "https://translate.fedoraproject.org/api/units/4803455/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.324523Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Search for topology suffices." ], "previous_source": "Search for topology suffixes.", "target": [ "查找拓扑后缀。" ], "id_hash": 7281011079600376873, "content_hash": 7281011079600376873, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 1744, "has_suggestion": true, "has_comment": false, "has_failing_check": false, "num_words": 4, "source_unit": "https://translate.fedoraproject.org/api/units/2725482/?format=api", "priority": 100, "id": 4803457, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=e50b59001d438c29", "url": "https://translate.fedoraproject.org/api/units/4803457/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.373872Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nVerify replication topology for suffix.\n\nChecks done:\n 1. check if a topology is not disconnected. In other words if there are\n replication paths between all servers.\n 2. check if servers don't have more than the recommended number of\n replication agreements\n " ], "previous_source": "\nVerify replication topology for suffix.\n\nChecks done:\n 1. check if a topology is not disconnected. In other words if there are\n replication paths between all servers.\n 2. check if servers don't have more than the recommended number of\n replication agreements\n", "target": [ "\n验证复制拓扑的后缀。\n检查完成:\n 1. 检查是否还有没有连接的拓扑。换句话说,是否在所有服务器之间存在复制路径。\n 2. 检查是否服务器没有超过推荐的副本协议数\n" ], "id_hash": 5842981302331114739, "content_hash": 5842981302331114739, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 1747, "has_suggestion": true, "has_comment": false, "has_failing_check": true, "num_words": 40, "source_unit": "https://translate.fedoraproject.org/api/units/2728000/?format=api", "priority": 100, "id": 4803458, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=d11670897ab204f3", "url": "https://translate.fedoraproject.org/api/units/4803458/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.398293Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nVaults\n\nManage vaults.\n\nVault is a secure place to store a secret.\n\nBased on the ownership there are three vault categories:\n* user/private vault\n* service vault\n* shared vault\n\nUser vaults are vaults owned used by a particular user. Private\nvaults are vaults owned the current user. Service vaults are\nvaults owned by a service. Shared vaults are owned by the admin\nbut they can be used by other users or services.\n\nBased on the security mechanism there are three types of\nvaults:\n* standard vault\n* symmetric vault\n* asymmetric vault\n\nStandard vault uses a secure mechanism to transport and\nstore the secret. The secret can only be retrieved by users\nthat have access to the vault.\n\nSymmetric vault is similar to the standard vault, but it\npre-encrypts the secret using a password before transport.\nThe secret can only be retrieved using the same password.\n\nAsymmetric vault is similar to the standard vault, but it\npre-encrypts the secret using a public key before transport.\nThe secret can only be retrieved using the private key.\n\nEXAMPLES:\n\n List vaults:\n ipa vault-find\n [--user <user>|--service <service>|--shared]\n\n Add a standard vault:\n ipa vault-add <name>\n [--user <user>|--service <service>|--shared]\n --type standard\n\n Add a symmetric vault:\n ipa vault-add <name>\n [--user <user>|--service <service>|--shared]\n --type symmetric --password-file password.txt\n\n Add an asymmetric vault:\n ipa vault-add <name>\n [--user <user>|--service <service>|--shared]\n --type asymmetric --public-key-file public.pem\n\n Show a vault:\n ipa vault-show <name>\n [--user <user>|--service <service>|--shared]\n\n Modify vault description:\n ipa vault-mod <name>\n [--user <user>|--service <service>|--shared]\n --desc <description>\n\n Modify vault type:\n ipa vault-mod <name>\n [--user <user>|--service <service>|--shared]\n --type <type>\n [old password/private key]\n [new password/public key]\n\n Modify symmetric vault password:\n ipa vault-mod <name>\n [--user <user>|--service <service>|--shared]\n --change-password\n ipa vault-mod <name>\n [--user <user>|--service <service>|--shared]\n --old-password <old password>\n --new-password <new password>\n ipa vault-mod <name>\n [--user <user>|--service <service>|--shared]\n --old-password-file <old password file>\n --new-password-file <new password file>\n\n Modify asymmetric vault keys:\n ipa vault-mod <name>\n [--user <user>|--service <service>|--shared]\n --private-key-file <old private key file>\n --public-key-file <new public key file>\n\n Delete a vault:\n ipa vault-del <name>\n [--user <user>|--service <service>|--shared]\n\n Display vault configuration:\n ipa vaultconfig-show\n\n Archive data into standard vault:\n ipa vault-archive <name>\n [--user <user>|--service <service>|--shared]\n --in <input file>\n\n Archive data into symmetric vault:\n ipa vault-archive <name>\n [--user <user>|--service <service>|--shared]\n --in <input file>\n --password-file password.txt\n\n Archive data into asymmetric vault:\n ipa vault-archive <name>\n [--user <user>|--service <service>|--shared]\n --in <input file>\n\n Retrieve data from standard vault:\n ipa vault-retrieve <name>\n [--user <user>|--service <service>|--shared]\n --out <output file>\n\n Retrieve data from symmetric vault:\n ipa vault-retrieve <name>\n [--user <user>|--service <service>|--shared]\n --out <output file>\n --password-file password.txt\n\n Retrieve data from asymmetric vault:\n ipa vault-retrieve <name>\n [--user <user>|--service <service>|--shared]\n --out <output file> --private-key-file private.pem\n\n Add vault owners:\n ipa vault-add-owner <name>\n [--user <user>|--service <service>|--shared]\n [--users <users>] [--groups <groups>] [--services <services>]\n\n Delete vault owners:\n ipa vault-remove-owner <name>\n [--user <user>|--service <service>|--shared]\n [--users <users>] [--groups <groups>] [--services <services>]\n\n Add vault members:\n ipa vault-add-member <name>\n [--user <user>|--service <service>|--shared]\n [--users <users>] [--groups <groups>] [--services <services>]\n\n Delete vault members:\n ipa vault-remove-member <name>\n [--user <user>|--service <service>|--shared]\n [--users <users>] [--groups <groups>] [--services <services>]\n" ], "previous_source": "", "target": [ "" ], "id_hash": -794037724542937281, "content_hash": -794037724542937281, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1753, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 482, "source_unit": "https://translate.fedoraproject.org/api/units/2727997/?format=api", "priority": 100, "id": 4803460, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=74fb02e5825bd73f", "url": "https://translate.fedoraproject.org/api/units/4803460/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.437257Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nID ranges\n\nManage ID ranges used to map Posix IDs to SIDs and back.\n\nThere are two type of ID ranges which are both handled by this utility:\n\n - the ID ranges of the local domain\n - the ID ranges of trusted remote domains\n\nBoth types have the following attributes in common:\n\n - base-id: the first ID of the Posix ID range\n - range-size: the size of the range\n\nWith those two attributes a range object can reserve the Posix IDs starting\nwith base-id up to but not including base-id+range-size exclusively.\n\nAdditionally an ID range of the local domain may set\n - rid-base: the first RID(*) of the corresponding RID range\n - secondary-rid-base: first RID of the secondary RID range\n\nand an ID range of a trusted domain must set\n - rid-base: the first RID of the corresponding RID range\n - sid: domain SID of the trusted domain\n\n\n\nEXAMPLE: Add a new ID range for a trusted domain\n\nSince there might be more than one trusted domain the domain SID must be given\nwhile creating the ID range.\n\n ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n\nThis ID range is then used by the IPA server and the SSSD IPA provider to\nassign Posix UIDs to users from the trusted domain.\n\nIf e.g. a range for a trusted domain is configured with the following values:\n base-id = 1200000\n range-size = 200000\n rid-base = 0\nthe RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. So\nRID 1000 <-> Posix ID 1201000\n\n\n\nEXAMPLE: Add a new ID range for the local domain\n\nTo create an ID range for the local domain it is not necessary to specify a\ndomain SID. But since it is possible that a user and a group can have the same\nvalue as Posix ID a second RID interval is needed to handle conflicts.\n\n ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 --secondary-rid-base=1000000 local_range\n\nThe data from the ID ranges of the local domain are used by the IPA server\ninternally to assign SIDs to IPA users and groups. The SID will then be stored\nin the user or group objects.\n\nIf e.g. the ID range for the local domain is configured with the values from\nthe example above then a new user with the UID 1200007 will get the RID 1007.\nIf this RID is already used by a group the RID will be 1000007. This can only\nhappen if a user or a group object was created with a fixed ID because the\nautomatic assignment will not assign the same ID twice. Since there are only\nusers and groups sharing the same ID namespace it is sufficient to have only\none fallback range to handle conflicts.\n\nTo find the Posix ID for a given RID from the local domain it has to be\nchecked first if the RID falls in the primary or secondary RID range and\nthe rid-base or the secondary-rid-base has to be subtracted, respectively,\nand the base-id has to be added to get the Posix ID.\n\nTypically the creation of ID ranges happens behind the scenes and this CLI\nmust not be used at all. The ID range for the local domain will be created\nduring installation or upgrade from an older version. The ID range for a\ntrusted domain will be created together with the trust by 'ipa trust-add ...'.\n\nUSE CASES:\n\n Add an ID range from a transitively trusted domain\n\n If the trusted domain (A) trusts another domain (B) as well and this trust\n is transitive 'ipa trust-add domain-A' will only create a range for\n domain A. The ID range for domain B must be added manually.\n\n Add an additional ID range for the local domain\n\n If the ID range of the local domain is exhausted, i.e. no new IDs can be\n assigned to Posix users or groups by the DNA plugin, a new range has to be\n created to allow new users and groups to be added. (Currently there is no\n connection between this range CLI and the DNA plugin, but a future version\n might be able to modify the configuration of the DNS plugin as well)\n\nIn general it is not necessary to modify or delete ID ranges. If there is no\nother way to achieve a certain configuration than to modify or delete an ID\nrange it should be done with great care. Because UIDs are stored in the file\nsystem and are used for access control it might be possible that users are\nallowed to access files of other users if an ID range got deleted and reused\nfor a different domain.\n\n(*) The RID is typically the last integer of a user or group SID which follows\nthe domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user from\nthis domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the\nuser. RIDs are unique in a domain, 32bit values and are used for users and\ngroups.\n\n=======\nWARNING:\n\nDNA plugin in 389-ds will allocate IDs based on the ranges configured for the\nlocal domain. Currently the DNA plugin *cannot* be reconfigured itself based\non the local ranges set via this family of commands.\n\nManual configuration change has to be done in the DNA plugin configuration for\nthe new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\nIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\nmodified to match the new range.\n=======\n" ], "previous_source": "", "target": [ "" ], "id_hash": 160957291323804816, "content_hash": 160957291323804816, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1799, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 900, "source_unit": "https://translate.fedoraproject.org/api/units/4672324/?format=api", "priority": 100, "id": 4803463, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=823bd5cdbd5d4c90", "url": "https://translate.fedoraproject.org/api/units/4803463/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.485971Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nAdd new ID range.\n\n To add a new ID range you always have to specify\n\n --base-id\n --range-size\n\n Additionally\n\n --rid-base\n --secondary-rid-base\n\n may be given for a new ID range for the local domain while\n\n --rid-base\n --dom-sid\n\n must be given to add a new range for a trusted AD domain.\n\n=======\nWARNING:\n\nDNA plugin in 389-ds will allocate IDs based on the ranges configured for the\nlocal domain. Currently the DNA plugin *cannot* be reconfigured itself based\non the local ranges set via this family of commands.\n\nManual configuration change has to be done in the DNA plugin configuration for\nthe new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\nIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\nmodified to match the new range.\n=======\n " ], "previous_source": "", "target": [ "" ], "id_hash": -7194871590498221111, "content_hash": -7194871590498221111, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1800, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 122, "source_unit": "https://translate.fedoraproject.org/api/units/2727773/?format=api", "priority": 100, "id": 4803464, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=1c26ae6893cdc3c9", "url": "https://translate.fedoraproject.org/api/units/4803464/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.510683Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nModify ID range.\n\n=======\nWARNING:\n\nDNA plugin in 389-ds will allocate IDs based on the ranges configured for the\nlocal domain. Currently the DNA plugin *cannot* be reconfigured itself based\non the local ranges set via this family of commands.\n\nManual configuration change has to be done in the DNA plugin configuration for\nthe new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\nIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\nmodified to match the new range.\n=======\n " ], "previous_source": "", "target": [ "" ], "id_hash": -6371281274070293621, "content_hash": -6371281274070293621, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1801, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 77, "source_unit": "https://translate.fedoraproject.org/api/units/2727894/?format=api", "priority": 100, "id": 4803466, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=2794a9700ef1238b", "url": "https://translate.fedoraproject.org/api/units/4803466/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.537454Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nGroups of users\n\nManage groups of users. By default, new groups are POSIX groups. You\ncan add the --nonposix option to the group-add command to mark a new group\nas non-POSIX. You can use the --posix argument with the group-mod command\nto convert a non-POSIX group into a POSIX group. POSIX groups cannot be\nconverted to non-POSIX groups.\n\nEvery group must have a description.\n\nPOSIX groups must have a Group ID (GID) number. Changing a GID is\nsupported but can have an impact on your file permissions. It is not necessary\nto supply a GID when creating a group. IPA will generate one automatically\nif it is not provided.\n\nEXAMPLES:\n\n Add a new group:\n ipa group-add --desc='local administrators' localadmins\n\n Add a new non-POSIX group:\n ipa group-add --nonposix --desc='remote administrators' remoteadmins\n\n Convert a non-POSIX group to posix:\n ipa group-mod --posix remoteadmins\n\n Add a new POSIX group with a specific Group ID number:\n ipa group-add --gid=500 --desc='unix admins' unixadmins\n\n Add a new POSIX group and let IPA assign a Group ID number:\n ipa group-add --desc='printer admins' printeradmins\n\n Remove a group:\n ipa group-del unixadmins\n\n To add the \"remoteadmins\" group to the \"localadmins\" group:\n ipa group-add-member --groups=remoteadmins localadmins\n\n Add multiple users to the \"localadmins\" group:\n ipa group-add-member --users=test1 --users=test2 localadmins\n\n Remove a user from the \"localadmins\" group:\n ipa group-remove-member --users=test2 localadmins\n\n Display information about a named group.\n ipa group-show localadmins\n\nExternal group membership is designed to allow users from trusted domains\nto be mapped to local POSIX groups in order to actually use IPA resources.\nExternal members should be added to groups that specifically created as\nexternal and non-POSIX. Such group later should be included into one of POSIX\ngroups.\n\nAn external group member is currently a Security Identifier (SID) as defined by\nthe trusted domain. When adding external group members, it is possible to\nspecify them in either SID, or DOM\name, or name@domain format. IPA will attempt\nto resolve passed name to SID with the use of Global Catalog of the trusted domain.\n\nExample:\n\n1. Create group for the trusted domain admins' mapping and their local POSIX group:\n\n ipa group-add --desc='<ad.domain> admins external map' ad_admins_external --external\n ipa group-add --desc='<ad.domain> admins' ad_admins\n\n2. Add security identifier of Domain Admins of the <ad.domain> to the ad_admins_external\n group:\n\n ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n\n3. Allow members of ad_admins_external group to be associated with ad_admins POSIX group:\n\n ipa group-add-member ad_admins --groups ad_admins_external\n\n4. List members of external members of ad_admins_external group to see their SIDs:\n\n ipa group-show ad_admins_external\n" ], "previous_source": "", "target": [ "" ], "id_hash": 6868521823390194853, "content_hash": 6868521823390194853, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1806, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 413, "source_unit": "https://translate.fedoraproject.org/api/units/2722349/?format=api", "priority": 100, "id": 4803468, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=df51e4351730dca5", "url": "https://translate.fedoraproject.org/api/units/4803468/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.562039Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nSimulate use of Host-based access controls\n\nHBAC rules control who can access what services on what hosts.\nYou can use HBAC to control which users or groups can access a service,\nor group of services, on a target host.\n\nSince applying HBAC rules implies use of a production environment,\nthis plugin aims to provide simulation of HBAC rules evaluation without\nhaving access to the production environment.\n\n Test user coming to a service on a named host against\n existing enabled rules.\n\n ipa hbactest --user= --host= --service=\n [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n [--sizelimit= ]\n\n --user, --host, and --service are mandatory, others are optional.\n\n If --rules is specified simulate enabling of the specified rules and test\n the login of the user using only these rules.\n\n If --enabled is specified, all enabled HBAC rules will be added to simulation\n\n If --disabled is specified, all disabled HBAC rules will be added to simulation\n\n If --nodetail is specified, do not return information about rules matched/not matched.\n\n If both --rules and --enabled are specified, apply simulation to --rules _and_\n all IPA enabled rules.\n\n If no --rules specified, simulation is run against all IPA enabled rules.\n By default there is a IPA-wide limit to number of entries fetched, you can change it\n with --sizelimit option.\n\nEXAMPLES:\n\n 1. Use all enabled HBAC rules in IPA database to simulate:\n $ ipa hbactest --user=a1a --host=bar --service=sshd\n --------------------\n Access granted: True\n --------------------\n Not matched rules: my-second-rule\n Not matched rules: my-third-rule\n Not matched rules: myrule\n Matched rules: allow_all\n\n 2. Disable detailed summary of how rules were applied:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n --------------------\n Access granted: True\n --------------------\n\n 3. Test explicitly specified HBAC rules:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=myrule --rules=my-second-rule\n ---------------------\n Access granted: False\n ---------------------\n Not matched rules: my-second-rule\n Not matched rules: myrule\n\n 4. Use all enabled HBAC rules in IPA database + explicitly specified rules:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=myrule --rules=my-second-rule --enabled\n --------------------\n Access granted: True\n --------------------\n Not matched rules: my-second-rule\n Not matched rules: my-third-rule\n Not matched rules: myrule\n Matched rules: allow_all\n\n 5. Test all disabled HBAC rules in IPA database:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n ---------------------\n Access granted: False\n ---------------------\n Not matched rules: new-rule\n\n 6. Test all disabled HBAC rules in IPA database + explicitly specified rules:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=myrule --rules=my-second-rule --disabled\n ---------------------\n Access granted: False\n ---------------------\n Not matched rules: my-second-rule\n Not matched rules: my-third-rule\n Not matched rules: myrule\n\n 7. Test all (enabled and disabled) HBAC rules in IPA database:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled --disabled\n --------------------\n Access granted: True\n --------------------\n Not matched rules: my-second-rule\n Not matched rules: my-third-rule\n Not matched rules: myrule\n Not matched rules: new-rule\n Matched rules: allow_all\n\n\nHBACTEST AND TRUSTED DOMAINS\n\nWhen an external trusted domain is configured in IPA, HBAC rules are also applied\non users accessing IPA resources from the trusted domain. Trusted domain users and\ngroups (and their SIDs) can be then assigned to external groups which can be\nmembers of POSIX groups in IPA which can be used in HBAC rules and thus allowing\naccess to resources protected by the HBAC system.\n\nhbactest plugin is capable of testing access for both local IPA users and users\nfrom the trusted domains, either by a fully qualified user name or by user SID.\nSuch user names need to have a trusted domain specified as a short name\n(DOMAIN\\Administrator) or with a user principal name (UPN), Administrator@ad.test.\n\nPlease note that hbactest executed with a trusted domain user as --user parameter\ncan be only run by members of \"trust admins\" group.\n\nEXAMPLES:\n\n 1. Test if a user from a trusted domain specified by its shortname matches any\n rule:\n\n $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --service sshd\n --------------------\n Access granted: True\n --------------------\n Matched rules: allow_all\n Matched rules: can_login\n\n 2. Test if a user from a trusted domain specified by its domain name matches\n any rule:\n\n $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --service sshd\n --------------------\n Access granted: True\n --------------------\n Matched rules: allow_all\n Matched rules: can_login\n\n 3. Test if a user from a trusted domain specified by its SID matches any rule:\n\n $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 --host `hostname` --service sshd\n --------------------\n Access granted: True\n --------------------\n Matched rules: allow_all\n Matched rules: can_login\n\n 4. Test if other user from a trusted domain specified by its SID matches any rule:\n\n $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 --host `hostname` --service sshd\n --------------------\n Access granted: True\n --------------------\n Matched rules: allow_all\n Not matched rules: can_login\n\n 5. Test if other user from a trusted domain specified by its shortname matches\n any rule:\n\n $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service sshd\n --------------------\n Access granted: True\n --------------------\n Matched rules: allow_all\n Not matched rules: can_login\n" ], "previous_source": "", "target": [ "" ], "id_hash": 4990478087492997847, "content_hash": 4990478087492997847, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1807, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 769, "source_unit": "https://translate.fedoraproject.org/api/units/2727956/?format=api", "priority": 100, "id": 4803469, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=c541bd61406412d7", "url": "https://translate.fedoraproject.org/api/units/4803469/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.595587Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nTopology\n\nManagement of a replication topology at domain level 1.\n\nIPA server's data is stored in LDAP server in two suffixes:\n* domain suffix, e.g., 'dc=example,dc=com', contains all domain related data\n* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n contains data for Certificate Server component\n\nData stored on IPA servers is replicated to other IPA servers. The way it is\nreplicated is defined by replication agreements. Replication agreements needs\nto be set for both suffixes separately. On domain level 0 they are managed\nusing ipa-replica-manage and ipa-csreplica-manage tools. With domain level 1\nthey are managed centrally using `ipa topology*` commands.\n\nAgreements are represented by topology segments. By default topology segment\nrepresents 2 replication agreements - one for each direction, e.g., A to B and\nB to A. Creation of unidirectional segments is not allowed.\n\nTo verify that no server is disconnected in the topology of the given suffix,\nuse:\n ipa topologysuffix-verify $suffix\n\n\nExamples:\n Find all IPA servers:\n ipa server-find\n\n Find all suffixes:\n ipa topologysuffix-find\n\n Add topology segment to 'domain' suffix:\n ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n\n Add topology segment to 'ca' suffix:\n ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n\n List all topology segments in 'domain' suffix:\n ipa topologysegment-find domain\n\n List all topology segments in 'ca' suffix:\n ipa topologysegment-find ca\n\n Delete topology segment in 'domain' suffix:\n ipa topologysegment-del domain segment_name\n\n Delete topology segment in 'ca' suffix:\n ipa topologysegment-del ca segment_name\n\n Verify topology of 'domain' suffix:\n ipa topologysuffix-verify domain\n\n Verify topology of 'ca' suffix:\n ipa topologysuffix-verify ca\n" ], "previous_source": "", "target": [ "" ], "id_hash": 1909699744103143581, "content_hash": 1909699744103143581, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1817, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 251, "source_unit": "https://translate.fedoraproject.org/api/units/2727986/?format=api", "priority": 100, "id": 4803472, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=9a809dcc9aec189d", "url": "https://translate.fedoraproject.org/api/units/4803472/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.645817Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nDirectory Server Access Control Instructions (ACIs)\n\nACIs are used to allow or deny access to information. This module is\ncurrently designed to allow, not deny, access.\n\nThe aci commands are designed to grant permissions that allow updating\nexisting entries or adding or deleting new ones. The goal of the ACIs\nthat ship with IPA is to provide a set of low-level permissions that\ngrant access to special groups called taskgroups. These low-level\npermissions can be combined into roles that grant broader access. These\nroles are another type of group, roles.\n\nFor example, if you have taskgroups that allow adding and modifying users you\ncould create a role, useradmin. You would assign users to the useradmin\nrole to allow them to do the operations defined by the taskgroups.\n\nYou can create ACIs that delegate permission so users in group A can write\nattributes on group B.\n\nThe type option is a map that applies to all entries in the users, groups or\nhost location. It is primarily designed to be used when granting add\npermissions (to write new entries).\n\nAn ACI consists of three parts:\n1. target\n2. permissions\n3. bind rules\n\nThe target is a set of rules that define which LDAP objects are being\ntargeted. This can include a list of attributes, an area of that LDAP\ntree or an LDAP filter.\n\nThe targets include:\n- attrs: list of attributes affected\n- type: an object type (user, group, host, service, etc)\n- memberof: members of a group\n- targetgroup: grant access to modify a specific group. This is primarily\n designed to enable users to add or remove members of a specific group.\n- filter: A legal LDAP filter used to narrow the scope of the target.\n- subtree: Used to apply a rule across an entire set of objects. For example,\n to allow adding users you need to grant \"add\" permission to the subtree\n ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n is a fail-safe for objects that may not be covered by the type option.\n\nThe permissions define what the ACI is allowed to do, and are one or\nmore of:\n1. write - write one or more attributes\n2. read - read one or more attributes\n3. add - add a new entry to the tree\n4. delete - delete an existing entry\n5. all - all permissions are granted\n\nNote the distinction between attributes and entries. The permissions are\nindependent, so being able to add a user does not mean that the user will\nbe editable.\n\nThe bind rule defines who this ACI grants permissions to. The LDAP server\nallows this to be any valid LDAP entry but we encourage the use of\ntaskgroups so that the rights can be easily shared through roles.\n\nFor a more thorough description of access controls see\nhttp://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control.html\n\nEXAMPLES:\n\nNOTE: ACIs are now added via the permission plugin. These examples are to\ndemonstrate how the various options work but this is done via the permission\ncommand-line now (see last example).\n\n Add an ACI so that the group \"secretaries\" can update the address on any user:\n ipa group-add --desc=\"Office secretaries\" secretaries\n ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries --permissions=write --prefix=none \"Secretaries write addresses\"\n\n Show the new ACI:\n ipa aci-show --prefix=none \"Secretaries write addresses\"\n\n Add an ACI that allows members of the \"addusers\" permission to add new users:\n ipa aci-add --type=user --permission=addusers --permissions=add --prefix=none \"Add new users\"\n\n Add an ACI that allows members of the editors manage members of the admins group:\n ipa aci-add --permissions=write --attrs=member --targetgroup=admins --group=editors --prefix=none \"Editors manage admins\"\n\n Add an ACI that allows members of the admins group to manage the street and zip code of those in the editors group:\n ipa aci-add --permissions=write --memberof=editors --group=admins --attrs=street,postalcode --prefix=none \"admins edit the address of editors\"\n\n Add an ACI that allows the admins group manage the street and zipcode of those who work for the boss:\n ipa aci-add --permissions=write --group=admins --attrs=street,postalcode --filter=\"(manager=uid=boss,cn=users,cn=accounts,dc=example,dc=com)\" --prefix=none \"Edit the address of those who work for the boss\"\n\n Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission:\n ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange,cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n\n\nThe show command shows the raw 389-ds ACI.\n\nIMPORTANT: When modifying the target attributes of an existing ACI you\nmust include all existing attributes as well. When doing an aci-mod the\ntargetattr REPLACES the current attributes, it does not add to them.\n" ], "previous_source": "", "target": [ "" ], "id_hash": -4448344688745965227, "content_hash": -4448344688745965227, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1822, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 728, "source_unit": "https://translate.fedoraproject.org/api/units/2727807/?format=api", "priority": 100, "id": 4803473, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=42444e12eccd1955", "url": "https://translate.fedoraproject.org/api/units/4803473/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.673553Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nAuto Membership Rule.\n\nBring clarity to the membership of hosts and users by configuring inclusive\nor exclusive regex patterns, you can automatically assign a new entries into\na group or hostgroup based upon attribute information.\n\nA rule is directly associated with a group by name, so you cannot create\na rule without an accompanying group or hostgroup.\n\nA condition is a regular expression used by 389-ds to match a new incoming\nentry with an automember rule. If it matches an inclusive rule then the\nentry is added to the appropriate group or hostgroup.\n\nA default group or hostgroup could be specified for entries that do not\nmatch any rule. In case of user entries this group will be a fallback group\nbecause all users are by default members of group specified in IPA config.\n\n\nEXAMPLES:\n\n Add the initial group or hostgroup:\n ipa hostgroup-add --desc=\"Web Servers\" webservers\n ipa group-add --desc=\"Developers\" devel\n\n Add the initial rule:\n ipa automember-add --type=hostgroup webservers\n ipa automember-add --type=group devel\n\n Add a condition to the rule:\n ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\\.example\\.com webservers\n ipa automember-add-condition --key=manager --type=group --inclusive-regex=^uid=mscott devel\n\n Add an exclusive condition to the rule to prevent auto assignment:\n ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-regex=^web5\\.example\\.com webservers\n\n Add a host:\n ipa host-add web1.example.com\n\n Add a user:\n ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n\n Verify automembership:\n ipa hostgroup-show webservers\n Host-group: webservers\n Description: Web Servers\n Member hosts: web1.example.com\n\n ipa group-show devel\n Group name: devel\n Description: Developers\n GID: 1004200000\n Member users: tuser\n\n Remove a condition from the rule:\n ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\\.example\\.com webservers\n\n Modify the automember rule:\n ipa automember-mod\n\n Set the default (fallback) target group:\n ipa automember-default-group-set --default-group=webservers --type=hostgroup\n ipa automember-default-group-set --default-group=ipausers --type=group\n\n Remove the default (fallback) target group:\n ipa automember-default-group-remove --type=hostgroup\n ipa automember-default-group-remove --type=group\n\n Show the default (fallback) target group:\n ipa automember-default-group-show --type=hostgroup\n ipa automember-default-group-show --type=group\n\n Find all of the automember rules:\n ipa automember-find\n\n Display a automember rule:\n ipa automember-show --type=hostgroup webservers\n ipa automember-show --type=group devel\n\n Delete an automember rule:\n ipa automember-del --type=hostgroup webservers\n ipa automember-del --type=group devel\n" ], "previous_source": "", "target": [ "" ], "id_hash": -3296921653643209388, "content_hash": -3296921653643209388, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1825, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 327, "source_unit": "https://translate.fedoraproject.org/api/units/2727783/?format=api", "priority": 100, "id": 4803475, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=523efb394e4d9554", "url": "https://translate.fedoraproject.org/api/units/4803475/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.724536Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nIPA certificate operations\n\nImplements a set of commands for managing server SSL certificates.\n\nCertificate requests exist in the form of a Certificate Signing Request (CSR)\nin PEM format.\n\nIf using the selfsign back end then the subject in the CSR needs to match\nthe subject configured in the server. The dogtag CA uses just the CN\nvalue of the CSR and forces the rest of the subject.\n\nA certificate is stored with a service principal and a service principal\nneeds a host.\n\nIn order to request a certificate:\n\n* The host must exist\n* The service must exist (or you use the --add option to automatically add it)\n\nEXAMPLES:\n\n Request a new certificate and add the principal:\n ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n\n Retrieve an existing certificate:\n ipa cert-show 1032\n\n Revoke a certificate (see RFC 5280 for reason details):\n ipa cert-revoke --revocation-reason=6 1032\n\n Remove a certificate from revocation hold status:\n ipa cert-remove-hold 1032\n\n Check the status of a signing request:\n ipa cert-status 10\n\nIPA currently immediately issues (or declines) all certificate requests so\nthe status of a request is not normally useful. This is for future use\nor the case where a CA does not immediately issue a certificate.\n\nThe following revocation reasons are supported:\n\n * 0 - unspecified\n * 1 - keyCompromise\n * 2 - cACompromise\n * 3 - affiliationChanged\n * 4 - superseded\n * 5 - cessationOfOperation\n * 6 - certificateHold\n * 8 - removeFromCRL\n * 9 - privilegeWithdrawn\n * 10 - aACompromise\n\nNote that reason code 7 is not used. See RFC 5280 for more details:\n\nhttp://www.ietf.org/rfc/rfc5280.txt\n" ], "previous_source": "", "target": [ "" ], "id_hash": 7167776203398983793, "content_hash": 7167776203398983793, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1826, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 259, "source_unit": "https://translate.fedoraproject.org/api/units/2727852/?format=api", "priority": 100, "id": 4803476, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=e3790e7b01183071", "url": "https://translate.fedoraproject.org/api/units/4803476/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.746399Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nGroup to Group Delegation\n\nA permission enables fine-grained delegation of permissions. Access Control\nRules, or instructions (ACIs), grant permission to permissions to perform\ngiven tasks such as adding a user, modifying a group, etc.\n\nGroup to Group Delegations grants the members of one group to update a set\nof attributes of members of another group.\n\nEXAMPLES:\n\n Add a delegation rule to allow managers to edit employee's addresses:\n ipa delegation-add --attrs=street --group=managers --membergroup=employees \"managers edit employees' street\"\n\n When managing the list of attributes you need to include all attributes\n in the list, including existing ones. Add postalCode to the list:\n ipa delegation-mod --attrs=street,postalCode --group=managers --membergroup=employees \"managers edit employees' street\"\n\n Display our updated rule:\n ipa delegation-show \"managers edit employees' street\"\n\n Delete a rule:\n ipa delegation-del \"managers edit employees' street\"\n" ], "previous_source": "", "target": [ "" ], "id_hash": 3718650907369577619, "content_hash": 3718650907369577619, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1827, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 127, "source_unit": "https://translate.fedoraproject.org/api/units/2727822/?format=api", "priority": 100, "id": 4803478, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=b39b4d4c49729c93", "url": "https://translate.fedoraproject.org/api/units/4803478/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.769137Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nDomain Name System (DNS)\n\nManage DNS zone and resource records.\n\n\nUSING STRUCTURED PER-TYPE OPTIONS\n\nThere are many structured DNS RR types where DNS data stored in LDAP server\nis not just a scalar value, for example an IP address or a domain name, but\na data structure which may be often complex. A good example is a LOC record\n[RFC1876] which consists of many mandatory and optional parts (degrees,\nminutes, seconds of latitude and longitude, altitude or precision).\n\nIt may be difficult to manipulate such DNS records without making a mistake\nand entering an invalid value. DNS module provides an abstraction over these\nraw records and allows to manipulate each RR type with specific options. For\neach supported RR type, DNS module provides a standard option to manipulate\na raw records with format --<rrtype>-rec, e.g. --mx-rec, and special options\nfor every part of the RR structure with format --<rrtype>-<partname>, e.g.\n--mx-preference and --mx-exchanger.\n\nWhen adding a record, either RR specific options or standard option for a raw\nvalue can be used, they just should not be combined in one add operation. When\nmodifying an existing entry, new RR specific options can be used to change\none part of a DNS record, where the standard option for raw value is used\nto specify the modified value. The following example demonstrates\na modification of MX record preference from 0 to 1 in a record without\nmodifying the exchanger:\nipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n\n\nEXAMPLES:\n\n Add new zone:\n ipa dnszone-add example.com --name-server=ns --admin-email=admin@example.com --ip-address=10.0.0.1\n\n Add system permission that can be used for per-zone privilege delegation:\n ipa dnszone-add-permission example.com\n\n Modify the zone to allow dynamic updates for hosts own records in realm EXAMPLE.COM:\n ipa dnszone-mod example.com --dynamic-update=TRUE\n\n This is the equivalent of:\n ipa dnszone-mod example.com --dynamic-update=TRUE --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n\n Modify the zone to allow zone transfers for local network only:\n ipa dnszone-mod example.com --allow-transfer=10.0.0.0/8\n\n Add new reverse zone specified by network IP address:\n ipa dnszone-add --name-from-ip=80.142.15.0/24 --name-server=ns.example.com.\n\n Add second nameserver for example.com:\n ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n\n Add a mail server for example.com:\n ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n\n Add another record using MX record specific options:\n ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n\n Add another record using interactive mode (started when dnsrecord-add, dnsrecord-mod,\n or dnsrecord-del are executed with no options):\n ipa dnsrecord-add example.com @\n Please choose a type of DNS resource record to be added\n The most common types for this type of zone are: NS, MX, LOC\n\n DNS resource record type: MX\n MX Preference: 30\n MX Exchanger: mail3\n Record name: example.com\n MX record: 10 mail1, 20 mail2, 30 mail3\n NS record: nameserver.example.com., nameserver2.example.com.\n\n Delete previously added nameserver from example.com:\n ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n\n Add LOC record for example.com:\n ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E 227.64m\"\n\n Add new A record for www.example.com. Create a reverse record in appropriate\n reverse zone as well. In this case a PTR record \"2\" pointing to www.example.com\n will be created in zone 15.142.80.in-addr.arpa.\n ipa dnsrecord-add example.com www --a-rec=80.142.15.2 --a-create-reverse\n\n Add new PTR record for www.example.com\n ipa dnsrecord-add 15.142.80.in-addr.arpa. 2 --ptr-rec=www.example.com.\n\n Add new SRV records for LDAP servers. Three quarters of the requests\n should go to fast.example.com, one quarter to slow.example.com. If neither\n is available, switch to backup.example.com.\n ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example.com\"\n ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example.com\"\n ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup.example.com\"\n\n The interactive mode can be used for easy modification:\n ipa dnsrecord-mod example.com _ldap._tcp\n No option to modify specific record provided.\n Current DNS record contents:\n\n SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 backup.example.com\n\n Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n SRV Priority [0]: (keep the default value)\n SRV Weight [1]: 2 (modified value)\n SRV Port [389]: (keep the default value)\n SRV Target [slow.example.com]: (keep the default value)\n 1 SRV record skipped. Only one value per DNS record type can be modified at one time.\n Record name: _ldap._tcp\n SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 389 slow.example.com\n\n After this modification, three fifths of the requests should go to\n fast.example.com and two fifths to slow.example.com.\n\n An example of the interactive mode for dnsrecord-del command:\n ipa dnsrecord-del example.com www\n No option to delete specific record provided.\n Delete all? Yes/No (default No): (do not delete all records)\n Current DNS record contents:\n\n A record: 1.2.3.4, 11.22.33.44\n\n Delete A record '1.2.3.4'? Yes/No (default No):\n Delete A record '11.22.33.44'? Yes/No (default No): y\n Record name: www\n A record: 1.2.3.4 (A record 11.22.33.44 has been deleted)\n\n Show zone example.com:\n ipa dnszone-show example.com\n\n Find zone with \"example\" in its domain name:\n ipa dnszone-find example\n\n Find records for resources with \"www\" in their name in zone example.com:\n ipa dnsrecord-find example.com www\n\n Find A records with value 10.10.0.1 in zone example.com\n ipa dnsrecord-find example.com --a-rec=10.10.0.1\n\n Show records for resource www in zone example.com\n ipa dnsrecord-show example.com www\n\n Delegate zone sub.example to another nameserver:\n ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5\n ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n\n If global forwarder is configured, all requests to sub.example.com will be\n routed through the global forwarder. To change the behavior for example.com\n zone only and forward the request directly to ns.sub.example.com., global\n forwarding may be disabled per-zone:\n ipa dnszone-mod example.com --forward-policy=none\n\n Forward all requests for the zone external.com to another nameserver using\n a \"first\" policy (it will send the queries to the selected forwarder and if\n not answered it will use global resolvers):\n ipa dnszone-add external.com\n ipa dnszone-mod external.com --forwarder=10.20.0.1 --forward-policy=first\n\n Delete zone example.com with all resource records:\n ipa dnszone-del example.com\n\n Resolve a host name to see if it exists (will add default IPA domain\n if one is not included):\n ipa dns-resolve www.example.com\n ipa dns-resolve www\n\n\nGLOBAL DNS CONFIGURATION\n\nDNS configuration passed to command line install script is stored in a local\nconfiguration file on each IPA server where DNS service is configured. These\nlocal settings can be overridden with a common configuration stored in LDAP\nserver:\n\n Show global DNS configuration:\n ipa dnsconfig-show\n\n Modify global DNS configuration and set a list of global forwarders:\n ipa dnsconfig-mod --forwarder=10.0.0.1\n" ], "previous_source": "", "target": [ "" ], "id_hash": -4853321902092799017, "content_hash": -4853321902092799017, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1829, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 1024, "source_unit": "https://translate.fedoraproject.org/api/units/2727810/?format=api", "priority": 100, "id": 4803479, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=3ca58971ad22b3d7", "url": "https://translate.fedoraproject.org/api/units/4803479/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:57.806792Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nEntitlements\n\nManage entitlements for client machines\n\nEntitlements can be managed either by registering with an entitlement\nserver with a username and password or by manually importing entitlement\ncertificates. An entitlement certificate contains embedded information\nsuch as the product being entitled, the quantity and the validity dates.\n\nAn entitlement server manages the number of client entitlements available.\nTo mark these entitlements as used by the IPA server you provide a quantity\nand they are marked as consumed on the entitlement server.\n\n Register with an entitlement server:\n ipa entitle-register consumer\n\n Import an entitlement certificate:\n ipa entitle-import /home/user/ipaclient.pem\n\n Display current entitlements:\n ipa entitle-status\n\n Retrieve details on entitlement certificates:\n ipa entitle-get\n\n Consume some entitlements from the entitlement server:\n ipa entitle-consume 50\n\nThe registration ID is a Unique Identifier (UUID). This ID will be\nIMPORTED if you have used entitle-import.\n\nChanges to /etc/rhsm/rhsm.conf require a restart of the httpd service.\n" ], "previous_source": "", "target": [ "" ], "id_hash": -7011897585510023390, "content_hash": -7011897585510023390, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1908, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 145, "source_unit": "https://translate.fedoraproject.org/api/units/2717716/?format=api", "priority": 100, "id": 4803498, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=1eb0bc4bee417f22", "url": "https://translate.fedoraproject.org/api/units/4803498/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.589274Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Consume an entitlement." ], "previous_source": "Display current entitlements.", "target": [ "显示当前权利。" ], "id_hash": 7199468999362154754, "content_hash": 7199468999362154754, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 1909, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 3, "source_unit": "https://translate.fedoraproject.org/api/units/2718607/?format=api", "priority": 100, "id": 4803499, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=e3e9a6e9166b1102", "url": "https://translate.fedoraproject.org/api/units/4803499/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.615787Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "UUID" ], "previous_source": "", "target": [ "" ], "id_hash": 5465967730812837355, "content_hash": 5465967730812837355, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1914, "has_suggestion": true, "has_comment": false, "has_failing_check": false, "num_words": 1, "source_unit": "https://translate.fedoraproject.org/api/units/2714908/?format=api", "priority": 100, "id": 4803502, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=cbdb04b0f4d8ddeb", "url": "https://translate.fedoraproject.org/api/units/4803502/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.676120Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Register to the entitlement system." ], "previous_source": "Retrieve the entitlement certs.", "target": [ "检索权利证书。" ], "id_hash": 8259264129170589406, "content_hash": 8259264129170589406, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 1916, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 5, "source_unit": "https://translate.fedoraproject.org/api/units/2720491/?format=api", "priority": 100, "id": 4803504, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=f29eccf74d56c6de", "url": "https://translate.fedoraproject.org/api/units/4803504/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.716911Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nGroups of users\n\nManage groups of users. By default, new groups are POSIX groups. You\ncan add the --nonposix option to the group-add command to mark a new group\nas non-POSIX. You can use the --posix argument with the group-mod command\nto convert a non-POSIX group into a POSIX group. POSIX groups cannot be\nconverted to non-POSIX groups.\n\nEvery group must have a description.\n\nPOSIX groups must have a Group ID (GID) number. Changing a GID is\nsupported but can have an impact on your file permissions. It is not necessary\nto supply a GID when creating a group. IPA will generate one automatically\nif it is not provided.\n\nEXAMPLES:\n\n Add a new group:\n ipa group-add --desc='local administrators' localadmins\n\n Add a new non-POSIX group:\n ipa group-add --nonposix --desc='remote administrators' remoteadmins\n\n Convert a non-POSIX group to posix:\n ipa group-mod --posix remoteadmins\n\n Add a new POSIX group with a specific Group ID number:\n ipa group-add --gid=500 --desc='unix admins' unixadmins\n\n Add a new POSIX group and let IPA assign a Group ID number:\n ipa group-add --desc='printer admins' printeradmins\n\n Remove a group:\n ipa group-del unixadmins\n\n To add the \"remoteadmins\" group to the \"localadmins\" group:\n ipa group-add-member --groups=remoteadmins localadmins\n\n Add a list of users to the \"localadmins\" group:\n ipa group-add-member --users=test1,test2 localadmins\n\n Remove a user from the \"localadmins\" group:\n ipa group-remove-member --users=test2 localadmins\n\n Display information about a named group.\n ipa group-show localadmins\n\nExternal group membership is designed to allow users from trusted domains\nto be mapped to local POSIX groups in order to actually use IPA resources.\nExternal members should be added to groups that specifically created as\nexternal and non-POSIX. Such group later should be included into one of POSIX\ngroups.\n\nAn external group member is currently a Security Identifier (SID) as defined by\nthe trusted domain. When adding external group members, it is possible to\nspecify them in either SID, or DOM\name, or name@domain format. IPA will attempt\nto resolve passed name to SID with the use of Global Catalog of the trusted domain.\n\nExample:\n\n1. Create group for the trusted domain admins' mapping and their local POSIX group:\n\n ipa group-add --desc='<ad.domain> admins external map' ad_admins_external --external\n ipa group-add --desc='<ad.domain> admins' ad_admins\n\n2. Add security identifier of Domain Admins of the <ad.domain> to the ad_admins_external\n group:\n\n ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n\n3. Allow members of ad_admins_external group to be associated with ad_admins POSIX group:\n\n ipa group-add-member ad_admins --groups ad_admins_external\n\n4. List members of external members of ad_admins_external group to see their SIDs:\n\n ipa group-show ad_admins_external\n" ], "previous_source": "", "target": [ "" ], "id_hash": -1895809424331472978, "content_hash": -1895809424331472978, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1922, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 414, "source_unit": "https://translate.fedoraproject.org/api/units/2727830/?format=api", "priority": 100, "id": 4803507, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=65b0bb5f7ce27fae", "url": "https://translate.fedoraproject.org/api/units/4803507/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.794072Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nHost-based access control\n\nControl who can access what services on what hosts and from where. You\ncan use HBAC to control which users or groups on a source host can\naccess a service, or group of services, on a target host.\n\nYou can also specify a category of users, target hosts, and source\nhosts. This is currently limited to \"all\", but might be expanded in the\nfuture.\n\nTarget hosts and source hosts in HBAC rules must be hosts managed by IPA.\n\nThe available services and groups of services are controlled by the\nhbacsvc and hbacsvcgroup plug-ins respectively.\n\nEXAMPLES:\n\n Create a rule, \"test1\", that grants all users access to the host \"server\" from\n anywhere:\n ipa hbacrule-add --usercat=all --srchostcat=all test1\n ipa hbacrule-add-host --hosts=server.example.com test1\n\n Display the properties of a named HBAC rule:\n ipa hbacrule-show test1\n\n Create a rule for a specific service. This lets the user john access\n the sshd service on any machine from any machine:\n ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd\n ipa hbacrule-add-user --users=john john_sshd\n ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n\n Create a rule for a new service group. This lets the user john access\n the FTP service on any machine from any machine:\n ipa hbacsvcgroup-add ftpers\n ipa hbacsvc-add sftp\n ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers\n ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp\n ipa hbacrule-add-user --users=john john_ftp\n ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n\n Disable a named HBAC rule:\n ipa hbacrule-disable test1\n\n Remove a named HBAC rule:\n ipa hbacrule-del allow_server\n" ], "previous_source": "", "target": [ "" ], "id_hash": -8085708722731480176, "content_hash": -8085708722731480176, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1928, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 230, "source_unit": "https://translate.fedoraproject.org/api/units/2727841/?format=api", "priority": 100, "id": 4803509, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=0fc9cac1b0500b90", "url": "https://translate.fedoraproject.org/api/units/4803509/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.873690Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nHBAC Service Groups\n\nHBAC service groups can contain any number of individual services,\nor \"members\". Every group must have a description.\n\nEXAMPLES:\n\n Add a new HBAC service group:\n ipa hbacsvcgroup-add --desc=\"login services\" login\n\n Add members to an HBAC service group:\n ipa hbacsvcgroup-add-member --hbacsvcs=sshd,login login\n\n Display information about a named group:\n ipa hbacsvcgroup-show login\n\n Add a new group to the \"login\" group:\n ipa hbacsvcgroup-add --desc=\"switch users\" login\n ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l login\n\n Delete an HBAC service group:\n ipa hbacsvcgroup-del login\n" ], "previous_source": "", "target": [ "" ], "id_hash": 3482303508967530208, "content_hash": 3482303508967530208, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1943, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 78, "source_unit": "https://translate.fedoraproject.org/api/units/2727836/?format=api", "priority": 100, "id": 4803513, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=b053a097641b1ee0", "url": "https://translate.fedoraproject.org/api/units/4803513/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:58.992417Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nSimulate use of Host-based access controls\n\nHBAC rules control who can access what services on what hosts and from where.\nYou can use HBAC to control which users or groups can access a service,\nor group of services, on a target host.\n\nSince applying HBAC rules implies use of a production environment,\nthis plugin aims to provide simulation of HBAC rules evaluation without\nhaving access to the production environment.\n\n Test user coming to a service on a named host against\n existing enabled rules.\n\n ipa hbactest --user= --host= --service=\n [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n [--srchost= ] [--sizelimit= ]\n\n --user, --host, and --service are mandatory, others are optional.\n\n If --rules is specified simulate enabling of the specified rules and test\n the login of the user using only these rules.\n\n If --enabled is specified, all enabled HBAC rules will be added to simulation\n\n If --disabled is specified, all disabled HBAC rules will be added to simulation\n\n If --nodetail is specified, do not return information about rules matched/not matched.\n\n If both --rules and --enabled are specified, apply simulation to --rules _and_\n all IPA enabled rules.\n\n If no --rules specified, simulation is run against all IPA enabled rules.\n By default there is a IPA-wide limit to number of entries fetched, you can change it\n with --sizelimit option.\n\n If --srchost is specified, it will be ignored. It is left because of compatibility reasons only.\n\nEXAMPLES:\n\n 1. Use all enabled HBAC rules in IPA database to simulate:\n $ ipa hbactest --user=a1a --host=bar --service=sshd\n --------------------\n Access granted: True\n --------------------\n notmatched: my-second-rule\n notmatched: my-third-rule\n notmatched: myrule\n matched: allow_all\n\n 2. Disable detailed summary of how rules were applied:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n --------------------\n Access granted: True\n --------------------\n\n 3. Test explicitly specified HBAC rules:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-second-rule,myrule\n ---------------------\n Access granted: False\n ---------------------\n notmatched: my-second-rule\n notmatched: myrule\n\n 4. Use all enabled HBAC rules in IPA database + explicitly specified rules:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-second-rule,myrule --enabled\n --------------------\n Access granted: True\n --------------------\n notmatched: my-second-rule\n notmatched: my-third-rule\n notmatched: myrule\n matched: allow_all\n\n 5. Test all disabled HBAC rules in IPA database:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n ---------------------\n Access granted: False\n ---------------------\n notmatched: new-rule\n\n 6. Test all disabled HBAC rules in IPA database + explicitly specified rules:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-second-rule,myrule --disabled\n ---------------------\n Access granted: False\n ---------------------\n notmatched: my-second-rule\n notmatched: my-third-rule\n notmatched: myrule\n\n 7. Test all (enabled and disabled) HBAC rules in IPA database:\n $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled --disabled\n --------------------\n Access granted: True\n --------------------\n notmatched: my-second-rule\n notmatched: my-third-rule\n notmatched: myrule\n notmatched: new-rule\n matched: allow_all\n" ], "previous_source": "", "target": [ "" ], "id_hash": 7008914484134093664, "content_hash": 7008914484134093664, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1944, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 424, "source_unit": "https://translate.fedoraproject.org/api/units/2727954/?format=api", "priority": 100, "id": 4803515, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=e144aa96a7e72360", "url": "https://translate.fedoraproject.org/api/units/4803515/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.013663Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nHosts/Machines\n\nA host represents a machine. It can be used in a number of contexts:\n- service entries are associated with a host\n- a host stores the host/ service principal\n- a host can be used in Host-based Access Control (HBAC) rules\n- every enrolled client generates a host entry\n\nENROLLMENT:\n\nThere are three enrollment scenarios when enrolling a new client:\n\n1. You are enrolling as a full administrator. The host entry may exist\n or not. A full administrator is a member of the hostadmin role\n or the admins group.\n2. You are enrolling as a limited administrator. The host must already\n exist. A limited administrator is a member a role with the\n Host Enrollment privilege.\n3. The host has been created with a one-time password.\n\nA host can only be enrolled once. If a client has enrolled and needs to\nbe re-enrolled, the host entry must be removed and re-created. Note that\nre-creating the host entry will result in all services for the host being\nremoved, and all SSL certificates associated with those services being\nrevoked.\n\nA host can optionally store information such as where it is located,\nthe OS that it runs, etc.\n\nEXAMPLES:\n\n Add a new host:\n ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example.com\n\n Delete a host:\n ipa host-del test.example.com\n\n Add a new host with a one-time password:\n ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n\n Add a new host with a random one-time password:\n ipa host-add --os='Fedora 12' --random test.example.com\n\n Modify information about a host:\n ipa host-mod --os='Fedora 12' test.example.com\n\n Remove SSH public keys of a host and update DNS to reflect this change:\n ipa host-mod --sshpubkey= --updatedns test.example.com\n\n Disable the host Kerberos key, SSL certificate and all of its services:\n ipa host-disable test.example.com\n\n Add a host that can manage this host's keytab and certificate:\n ipa host-add-managedby --hosts=test2 test\n" ], "previous_source": "", "target": [ "" ], "id_hash": 5530307027032549686, "content_hash": 5530307027032549686, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1946, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 302, "source_unit": "https://translate.fedoraproject.org/api/units/2727845/?format=api", "priority": 100, "id": 4803516, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=ccbf98f0b51f2936", "url": "https://translate.fedoraproject.org/api/units/4803516/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.041588Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nGroups of hosts.\n\nManage groups of hosts. This is useful for applying access control to a\nnumber of hosts by using Host-based Access Control.\n\nEXAMPLES:\n\n Add a new host group:\n ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n\n Add another new host group:\n ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n\n Add members to the hostgroup:\n ipa hostgroup-add-member --hosts=box1,box2,box3 baltimore\n\n Add a hostgroup as a member of another hostgroup:\n ipa hostgroup-add-member --hostgroups=baltimore maryland\n\n Remove a host from the hostgroup:\n ipa hostgroup-remove-member --hosts=box2 baltimore\n\n Display a host group:\n ipa hostgroup-show baltimore\n\n Delete a hostgroup:\n ipa hostgroup-del baltimore\n" ], "previous_source": "", "target": [ "" ], "id_hash": 2740767332150940521, "content_hash": 2740767332150940521, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1947, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 90, "source_unit": "https://translate.fedoraproject.org/api/units/2727828/?format=api", "priority": 100, "id": 4803518, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=a609295e0cda1369", "url": "https://translate.fedoraproject.org/api/units/4803518/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.070730Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nNetgroups\n\nA netgroup is a group used for permission checking. It can contain both\nuser and host values.\n\nEXAMPLES:\n\n Add a new netgroup:\n ipa netgroup-add --desc=\"NFS admins\" admins\n\n Add members to the netgroup:\n ipa netgroup-add-member --users=tuser1,tuser2 admins\n\n Remove a member from the netgroup:\n ipa netgroup-remove-member --users=tuser2 admins\n\n Display information about a netgroup:\n ipa netgroup-show admins\n\n Delete a netgroup:\n ipa netgroup-del admins\n" ], "previous_source": "", "target": [ "" ], "id_hash": -1194418822336998589, "content_hash": -1194418822336998589, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1956, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 61, "source_unit": "https://translate.fedoraproject.org/api/units/2727899/?format=api", "priority": 100, "id": 4803521, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=6f6c9268cd901343", "url": "https://translate.fedoraproject.org/api/units/4803521/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.186523Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nPermissions\n\nA permission enables fine-grained delegation of rights. A permission is\na human-readable form of a 389-ds Access Control Rule, or instruction (ACI).\nA permission grants the right to perform a specific task such as adding a\nuser, modifying a group, etc.\n\nA permission may not contain other permissions.\n\n* A permission grants access to read, write, add or delete.\n* A privilege combines similar permissions (for example all the permissions\n needed to add a user).\n* A role grants a set of privileges to users, groups, hosts or hostgroups.\n\nA permission is made up of a number of different parts:\n\n1. The name of the permission.\n2. The target of the permission.\n3. The rights granted by the permission.\n\nRights define what operations are allowed, and may be one or more\nof the following:\n1. write - write one or more attributes\n2. read - read one or more attributes\n3. add - add a new entry to the tree\n4. delete - delete an existing entry\n5. all - all permissions are granted\n\nRead permission is granted for most attributes by default so the read\npermission is not expected to be used very often.\n\nNote the distinction between attributes and entries. The permissions are\nindependent, so being able to add a user does not mean that the user will\nbe editable.\n\nThere are a number of allowed targets:\n1. type: a type of object (user, group, etc).\n2. memberof: a member of a group or hostgroup\n3. filter: an LDAP filter\n4. subtree: an LDAP filter specifying part of the LDAP DIT. This is a\n super-set of the \"type\" target.\n5. targetgroup: grant access to modify a specific group (such as granting\n the rights to manage group membership)\n\nEXAMPLES:\n\n Add a permission that grants the creation of users:\n ipa permission-add --type=user --permissions=add \"Add Users\"\n\n Add a permission that grants the ability to manage group membership:\n ipa permission-add --attrs=member --permissions=write --type=group \"Manage Group Members\"\n" ], "previous_source": "", "target": [ "" ], "id_hash": -4788718596259920140, "content_hash": -4788718596259920140, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1959, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 325, "source_unit": "https://translate.fedoraproject.org/api/units/2717792/?format=api", "priority": 100, "id": 4803523, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=3d8b0dcef49ec6f4", "url": "https://translate.fedoraproject.org/api/units/4803523/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.232172Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nPing the remote IPA server to ensure it is running.\n\nThe ping command sends an echo request to an IPA server. The server\nreturns its version information. This is used by an IPA client\nto confirm that the server is available and accepting requests.\n\nThe server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\nIf it does not respond then the client will contact any servers defined\nby ldap SRV records in DNS.\n\nEXAMPLES:\n\n Ping an IPA server:\n ipa ping\n ------------------------------------------\n IPA server version 2.1.9. API version 2.20\n ------------------------------------------\n\n Ping an IPA server verbosely:\n ipa -v ping\n ipa: INFO: trying https://ipa.example.com/ipa/xml\n ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/xml'\n -----------------------------------------------------\n IPA server version 2.1.9. API version 2.20\n -----------------------------------------------------\n" ], "previous_source": "", "target": [ "" ], "id_hash": 5087946789067984707, "content_hash": 5087946789067984707, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1968, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 116, "source_unit": "https://translate.fedoraproject.org/api/units/2717798/?format=api", "priority": 100, "id": 4803526, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=c69c04a5c67c8f43", "url": "https://translate.fedoraproject.org/api/units/4803526/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.333048Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nSelf-service Permissions\n\nA permission enables fine-grained delegation of permissions. Access Control\nRules, or instructions (ACIs), grant permission to permissions to perform\ngiven tasks such as adding a user, modifying a group, etc.\n\nA Self-service permission defines what an object can change in its own entry.\n\n\nEXAMPLES:\n\n Add a self-service rule to allow users to manage their address:\n ipa selfservice-add --permissions=write --attrs=street,postalCode,l,c,st \"Users manage their own address\"\n\n When managing the list of attributes you need to include all attributes\n in the list, including existing ones. Add telephoneNumber to the list:\n ipa selfservice-mod --attrs=street,postalCode,l,c,st,telephoneNumber \"Users manage their own address\"\n\n Display our updated rule:\n ipa selfservice-show \"Users manage their own address\"\n\n Delete a rule:\n ipa selfservice-del \"Users manage their own address\"\n" ], "previous_source": "", "target": [ "" ], "id_hash": -130140641994351122, "content_hash": -130140641994351122, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1973, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 118, "source_unit": "https://translate.fedoraproject.org/api/units/2717828/?format=api", "priority": 100, "id": 4803529, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=7e31a5c68f15ddee", "url": "https://translate.fedoraproject.org/api/units/4803529/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.393469Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nServices\n\nA IPA service represents a service that runs on a host. The IPA service\nrecord can store a Kerberos principal, an SSL certificate, or both.\n\nAn IPA service can be managed directly from a machine, provided that\nmachine has been given the correct permission. This is true even for\nmachines other than the one the service is associated with. For example,\nrequesting an SSL certificate using the host service principal credentials\nof the host. To manage a service using host credentials you need to\nkinit as the host:\n\n # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n\nAdding an IPA service allows the associated service to request an SSL\ncertificate or keytab, but this is performed as a separate step; they\nare not produced as a result of adding the service.\n\nOnly the public aspect of a certificate is stored in a service record;\nthe private key is not stored.\n\nEXAMPLES:\n\n Add a new IPA service:\n ipa service-add HTTP/web.example.com\n\n Allow a host to manage an IPA service certificate:\n ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n ipa role-add-member --hosts=web.example.com certadmin\n\n Override a default list of supported PAC types for the service:\n ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n\n Delete an IPA service:\n ipa service-del HTTP/web.example.com\n\n Find all IPA services associated with a host:\n ipa service-find web.example.com\n\n Find all HTTP services:\n ipa service-find HTTP\n\n Disable the service Kerberos key and SSL certificate:\n ipa service-disable HTTP/web.example.com\n\n Request a certificate for an IPA service:\n ipa cert-request --principal=HTTP/web.example.com example.csr\n\n Generate and retrieve a keytab for an IPA service:\n ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/httpd.keytab\n" ], "previous_source": "", "target": [ "" ], "id_hash": -8249761538065651413, "content_hash": -8249761538065651413, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1974, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 251, "source_unit": "https://translate.fedoraproject.org/api/units/2717832/?format=api", "priority": 100, "id": 4803531, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=0d82f59719eaa92b", "url": "https://translate.fedoraproject.org/api/units/4803531/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.421747Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nGroups of Sudo Commands\n\nManage groups of Sudo Commands.\n\nEXAMPLES:\n\n Add a new Sudo Command Group:\n ipa sudocmdgroup-add --desc='administrators commands' admincmds\n\n Remove a Sudo Command Group:\n ipa sudocmdgroup-del admincmds\n\n Manage Sudo Command Group membership, commands:\n ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less,/usr/bin/vim admincmds\n\n Manage Sudo Command Group membership, commands:\n ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n\n Show a Sudo Command Group:\n ipa group-show localadmins\n" ], "previous_source": "", "target": [ "" ], "id_hash": 383893297885557528, "content_hash": 383893297885557528, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1976, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 57, "source_unit": "https://translate.fedoraproject.org/api/units/2717724/?format=api", "priority": 100, "id": 4803532, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=8553dceba41f3318", "url": "https://translate.fedoraproject.org/api/units/4803532/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.461643Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nSudo Rules\n\nSudo (su \"do\") allows a system administrator to delegate authority to\ngive certain users (or groups of users) the ability to run some (or all)\ncommands as root or another user while providing an audit trail of the\ncommands and their arguments.\n\nFreeIPA provides a means to configure the various aspects of Sudo:\n Users: The user(s)/group(s) allowed to invoke Sudo.\n Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke Sudo.\n Allow Command: The specific command(s) permitted to be run via Sudo.\n Deny Command: The specific command(s) prohibited to be run via Sudo.\n RunAsUser: The user(s) or group(s) of users whose rights Sudo will be invoked with.\n RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n Options: The various Sudoers Options that can modify Sudo's behavior.\n\nAn order can be added to a sudorule to control the order in which they\nare evaluated (if the client supports it). This order is an integer and\nmust be unique.\n\nFreeIPA provides a designated binddn to use with Sudo located at:\nuid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n\nTo enable the binddn run the following command to set the password:\nLDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n\nFor more information, see the FreeIPA Documentation to Sudo.\n" ], "previous_source": "", "target": [ "" ], "id_hash": 5286877255075372738, "content_hash": 5286877255075372738, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1979, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 206, "source_unit": "https://translate.fedoraproject.org/api/units/2717844/?format=api", "priority": 100, "id": 4803534, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=c95ec2da37dc1ec2", "url": "https://translate.fedoraproject.org/api/units/4803534/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.512187Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nID ranges\n\nManage ID ranges used to map Posix IDs to SIDs and back.\n\nThere are two type of ID ranges which are both handled by this utility:\n\n - the ID ranges of the local domain\n - the ID ranges of trusted remote domains\n\nBoth types have the following attributes in common:\n\n - base-id: the first ID of the Posix ID range\n - range-size: the size of the range\n\nWith those two attributes a range object can reserve the Posix IDs starting\nwith base-id up to but not including base-id+range-size exclusively.\n\nAdditionally an ID range of the local domain may set\n - rid-base: the first RID(*) of the corresponding RID range\n - secondary-rid-base: first RID of the secondary RID range\n\nand an ID range of a trusted domain must set\n - rid-base: the first RID of the corresponding RID range\n - dom_sid: domain SID of the trusted domain\n\n\n\nEXAMPLE: Add a new ID range for a trusted domain\n\nSince there might be more than one trusted domain the domain SID must be given\nwhile creating the ID range.\n\n ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n\nThis ID range is then used by the IPA server and the SSSD IPA provider to\nassign Posix UIDs to users from the trusted domain.\n\nIf e.g. a range for a trusted domain is configured with the following values:\n base-id = 1200000\n range-size = 200000\n rid-base = 0\nthe RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. So\nRID 1000 <-> Posix ID 1201000\n\n\n\nEXAMPLE: Add a new ID range for the local domain\n\nTo create an ID range for the local domain it is not necessary to specify a\ndomain SID. But since it is possible that a user and a group can have the same\nvalue as Posix ID a second RID interval is needed to handle conflicts.\n\n ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 --secondary-rid-base=1000000 local_range\n\nThe data from the ID ranges of the local domain are used by the IPA server\ninternally to assign SIDs to IPA users and groups. The SID will then be stored\nin the user or group objects.\n\nIf e.g. the ID range for the local domain is configured with the values from\nthe example above then a new user with the UID 1200007 will get the RID 1007.\nIf this RID is already used by a group the RID will be 1000007. This can only\nhappen if a user or a group object was created with a fixed ID because the\nautomatic assignment will not assign the same ID twice. Since there are only\nusers and groups sharing the same ID namespace it is sufficient to have only\none fallback range to handle conflicts.\n\nTo find the Posix ID for a given RID from the local domain it has to be\nchecked first if the RID falls in the primary or secondary RID range and\nthe rid-base or the secondary-rid-base has to be subtracted, respectively,\nand the base-id has to be added to get the Posix ID.\n\nTypically the creation of ID ranges happens behind the scenes and this CLI\nmust not be used at all. The ID range for the local domain will be created\nduring installation or upgrade from an older version. The ID range for a\ntrusted domain will be created together with the trust by 'ipa trust-add ...'.\n\nUSE CASES:\n\n Add an ID range from a transitively trusted domain\n\n If the trusted domain (A) trusts another domain (B) as well and this trust\n is transitive 'ipa trust-add domain-A' will only create a range for\n domain A. The ID range for domain B must be added manually.\n\n Add an additional ID range for the local domain\n\n If the ID range of the local domain is exhausted, i.e. no new IDs can be\n assigned to Posix users or groups by the DNA plugin, a new range has to be\n created to allow new users and groups to be added. (Currently there is no\n connection between this range CLI and the DNA plugin, but a future version\n might be able to modify the configuration of the DNS plugin as well)\n\nIn general it is not necessary to modify or delete ID ranges. If there is no\nother way to achieve a certain configuration than to modify or delete an ID\nrange it should be done with great care. Because UIDs are stored in the file\nsystem and are used for access control it might be possible that users are\nallowed to access files of other users if an ID range got deleted and reused\nfor a different domain.\n\n(*) The RID is typically the last integer of a user or group SID which follows\nthe domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user from\nthis domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the\nuser. RIDs are unique in a domain, 32bit values and are used for users and\ngroups.\n\nWARNING:\n\nDNA plugin in 389-ds will allocate IDs based on the ranges configured for the\nlocal domain. Currently the DNA plugin *cannot* be reconfigured itself based\non the local ranges set via this family of commands.\n\nManual configuration change has to be done in the DNA plugin configuration for\nthe new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\nIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\nmodified to match the new range.\n" ], "previous_source": "", "target": [ "" ], "id_hash": -7353764572084977758, "content_hash": -7353764572084977758, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1984, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 898, "source_unit": "https://translate.fedoraproject.org/api/units/4672487/?format=api", "priority": 100, "id": 4803537, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=19f22e156705bfa2", "url": "https://translate.fedoraproject.org/api/units/4803537/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.575226Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nAdd new ID range.\n\n To add a new ID range you always have to specify\n\n --base-id\n --range-size\n\n Additionally\n\n --rid-base\n --secondary-rid-base\n\n may be given for a new ID range for the local domain while\n\n --rid-bas\n --dom-sid\n\n must be given to add a new range for a trusted AD domain.\n\n WARNING:\n\n DNA plugin in 389-ds will allocate IDs based on the ranges configured for the\n local domain. Currently the DNA plugin *cannot* be reconfigured itself based\n on the local ranges set via this family of commands.\n\n Manual configuration change has to be done in the DNA plugin configuration for\n the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be\n modified to match the new range.\n " ], "previous_source": "", "target": [ "" ], "id_hash": -556278919148005451, "content_hash": -556278919148005451, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 1985, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 120, "source_unit": "https://translate.fedoraproject.org/api/units/2717668/?format=api", "priority": 100, "id": 4803538, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=7847b345342517b5", "url": "https://translate.fedoraproject.org/api/units/4803538/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.604741Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "\nRoutines for constructing certificate signing requests using IPA data and\nstored templates.\n" ], "previous_source": "", "target": [ "" ], "id_hash": 8371975924546677059, "content_hash": 8371975924546677059, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 2001, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 12, "source_unit": "https://translate.fedoraproject.org/api/units/2727933/?format=api", "priority": 100, "id": 4803540, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=f42f3bbf2aba2943", "url": "https://translate.fedoraproject.org/api/units/4803540/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.625509Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Required CSR generation rule %(name)s is missing data" ], "previous_source": "", "target": [ "" ], "id_hash": -3211416550007234244, "content_hash": -3211416550007234244, "location": "", "context": "", "note": "", "flags": "python-format", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 2002, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 8, "source_unit": "https://translate.fedoraproject.org/api/units/2731337/?format=api", "priority": 100, "id": 4803542, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=536ec1a99f02213c", "url": "https://translate.fedoraproject.org/api/units/4803542/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.644877Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Template error when formatting certificate data" ], "previous_source": "Search for existing certificates.", "target": [ "查找已存在的证书。" ], "id_hash": 7252972111617105969, "content_hash": 7252972111617105969, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 2003, "has_suggestion": false, "has_comment": false, "has_failing_check": true, "num_words": 6, "source_unit": "https://translate.fedoraproject.org/api/units/2732025/?format=api", "priority": 100, "id": 4803543, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=e4a7bbb526c0a031", "url": "https://translate.fedoraproject.org/api/units/4803543/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.661000Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "No generation rule %(rulename)s found." ], "previous_source": "HBAC rule %(rule)s not found", "target": [ "HBAC规则%(rule)s没有找到" ], "id_hash": -32418648676780664, "content_hash": -32418648676780664, "location": "", "context": "", "note": "", "flags": "python-format", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 2004, "has_suggestion": false, "has_comment": false, "has_failing_check": true, "num_words": 5, "source_unit": "https://translate.fedoraproject.org/api/units/2730545/?format=api", "priority": 100, "id": 4803545, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=7f8cd3692985b588", "url": "https://translate.fedoraproject.org/api/units/4803545/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.709657Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Generation rule \"%(rulename)s\" is missing the \"rule\" key" ], "previous_source": "", "target": [ "" ], "id_hash": -8375471337446413279, "content_hash": -8375471337446413279, "location": "", "context": "", "note": "", "flags": "python-format", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 2005, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 8, "source_unit": "https://translate.fedoraproject.org/api/units/2729797/?format=api", "priority": 100, "id": 4803547, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=0bc45931990a6c21", "url": "https://translate.fedoraproject.org/api/units/4803547/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.751258Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "No CSR generation rules are defined for profile %(profile_id)s" ], "previous_source": "", "target": [ "" ], "id_hash": 6376652705047576493, "content_hash": 6376652705047576493, "location": "", "context": "", "note": "", "flags": "python-format", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 2006, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 9, "source_unit": "https://translate.fedoraproject.org/api/units/2730533/?format=api", "priority": 100, "id": 4803549, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=d87e6bd9ac64ffad", "url": "https://translate.fedoraproject.org/api/units/4803549/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-08-04T08:48:59.774342Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Password or Password+One-Time Password" ], "previous_source": "Password or Password+One-Time-Password", "target": [ "密码或密码+一次性密码" ], "id_hash": -4247357508098309899, "content_hash": -4247357508098309899, "location": "", "context": "", "note": "", "flags": "", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 3170, "has_suggestion": true, "has_comment": false, "has_failing_check": false, "num_words": 4, "source_unit": "https://translate.fedoraproject.org/api/units/5861829/?format=api", "priority": 100, "id": 5863574, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=450e5ad98fb640f5", "url": "https://translate.fedoraproject.org/api/units/5863574/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-09-04T16:50:47.782587Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Add user ID override into user group '${primary_key}'" ], "previous_source": "Certificate for ${entity} ${primary_key}", "target": [ "${entity} ${primary_key}证书" ], "id_hash": -3843552410020246933, "content_hash": -3843552410020246933, "location": "", "context": "", "note": "", "flags": "python-brace-format", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 3405, "has_suggestion": false, "has_comment": false, "has_failing_check": true, "num_words": 8, "source_unit": "https://translate.fedoraproject.org/api/units/5861860/?format=api", "priority": 100, "id": 5863575, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=4aa8f57275258a6b", "url": "https://translate.fedoraproject.org/api/units/5863575/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-09-04T16:50:50.208244Z" }, { "translation": "https://translate.fedoraproject.org/api/translations/freeipa/ipa-4-8/zh_CN/?format=api", "source": [ "Remove user ID overrides from user group '${primary_key}'" ], "previous_source": "Remove service and service groups from an HBAC rule.", "target": [ "从一个HBAC规则中移除服务和服务组。" ], "id_hash": 8787234189241139571, "content_hash": 8787234189241139571, "location": "", "context": "", "note": "", "flags": "python-brace-format", "labels": [], "state": 10, "fuzzy": true, "translated": false, "approved": false, "position": 3423, "has_suggestion": false, "has_comment": false, "has_failing_check": true, "num_words": 8, "source_unit": "https://translate.fedoraproject.org/api/units/5861874/?format=api", "priority": 100, "id": 5863576, "web_url": "https://translate.fedoraproject.org/translate/freeipa/ipa-4-8/zh_CN/?checksum=f9f286f037e2c173", "url": "https://translate.fedoraproject.org/api/units/5863576/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2020-09-04T16:50:50.458317Z" } ] }