canaille-globuzma/doc/gettext/tutorial.pot

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2024, Yaal Coop
# This file is distributed under the same license as the canaille package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: canaille 0.0.56\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-22 17:21+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../tutorial/databases.rst:2
#: 34b6a5df315e4629b9710884e3f5be9e
msgid "Databases"
msgstr ""

#: ../tutorial/databases.rst:4
#: 31f93a60c87648478dfe7a6c74d5f36a
msgid "Canaille can read and save data in different databases. This page presents the different database backends and their specificities:"
msgstr ""

#: ../tutorial/databases.rst:8
#: 8dc081315c7a4eea8be2e81b8a049162
msgid "Memory"
msgstr ""

#: ../tutorial/databases.rst:10
#: 08608b21b52a4a22ac26b3a2a2d29f6a
msgid "Canaille comes with a lightweight inmemory backend by default. It is used when no other backend has been configured."
msgstr ""

#: ../tutorial/databases.rst:13
#: dbb9009fcf724d6290135aa1d6a32026
msgid "This backend is only for test purpose and should not be used in production environments."
msgstr ""

#: ../tutorial/databases.rst:16
#: 06113268bf4a49d0880cdae75f961fc5
msgid "SQL"
msgstr ""

#: ../tutorial/databases.rst:18
#: 2bb9cb1d3c4f4e4f93d649960bca123d
msgid "Canaille can use any database supported by `SQLAlchemy <https://www.sqlalchemy.org/>`_, such as sqlite, postgresql or mariadb."
msgstr ""

#: ../tutorial/databases.rst:21
#: bb4ec73e439d430aa8dbdddb0301bf5b
msgid "It is used when the ``CANAILLE_SQL`` configuration parameter is defined. For instance:"
msgstr ""

#: ../tutorial/databases.rst:23
#: ../tutorial/databases.rst:37
#: 7de375f96b054244a9fb0c7c60663f32
#: ebab073f2f894dfb87705d06ebb870af
msgid "config.toml"
msgstr ""

#: ../tutorial/databases.rst:29
#: 6e78f6be25cb4151951a1bc6994643a9
msgid "You can find more details on the SQL configuration in the :class:`dedicated section <canaille.backends.sql.configuration.SQLSettings>`."
msgstr ""

#: ../tutorial/databases.rst:32
#: bcfa707ba3b2494ab1af853bcdc7673f
msgid "LDAP"
msgstr ""

#: ../tutorial/databases.rst:34
#: 426e632fa07a44369bdadb8a290672bf
msgid "Canaille can use OpenLDAP as its main database. It is used when the ``CANAILLE_LDAP`` configuration parameter is defined. For instance:"
msgstr ""

#: ../tutorial/databases.rst:52
#: 0c319bcdd3b649569745572bb2944fec
msgid "You can find more details on the LDAP configuration in the :class:`dedicated section <canaille.backends.ldap.configuration.LDAPSettings>`."
msgstr ""

#: ../tutorial/databases.rst:55
#: ebc6e35e9a6049be8bc66eb127adf882
msgid "Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome."
msgstr ""

#: ../tutorial/databases.rst:60
#: 6a9ec2b8bf724122b5752c753bdaea7a
msgid "OpenLDAP overlays integration"
msgstr ""

#: ../tutorial/databases.rst:62
#: ce6daa0ac4974084990221c2806a5549
msgid "Canaille can integrate with several OpenLDAP overlays:"
msgstr ""

#: ../tutorial/databases.rst:65
#: 24a7dc4d61504545ac841910fbaca48b
msgid "memberof / refint"
msgstr ""

#: ../tutorial/databases.rst:67
#: d24183e3349f42bfbbecde663f03f846
msgid "`memberof <https://www.openldap.org/doc/admin26/overlays.html#Reverse%20Group%20Membership%20Maintenance>`_ and `refint <https://www.openldap.org/doc/admin26/overlays.html#Referential%20Integrity>`_ overlays are needed for the Canaille group membership to work correctly."
msgstr ""

#: ../tutorial/databases.rst:71
#: ../tutorial/databases.rst:94
#: 65357e9c96e341128f9448507ce02f1b
#: 692bdeebfc9c40999c9b09c8d9371e52
msgid "Here is a configuration example compatible with canaille:"
msgstr ""

#: ../tutorial/databases.rst:73
#: 511312387435410987a190cf7b68f2ab
msgid "memberof-config.ldif"
msgstr ""

#: ../tutorial/databases.rst:77
#: c95e78d9dde84102b1a97c2399430c23
msgid "refint-config.ldif"
msgstr ""

#: ../tutorial/databases.rst:81
#: ../tutorial/databases.rst:104
#: 2e0fddced7e949f8a66653530c8a120b
#: 8686380cd79949259b48f68fe6c4d3b8
msgid "You can adapt and load those configuration files with:"
msgstr ""

#: ../tutorial/databases.rst:90
#: af864ca7a8ef4d128d3fbe54749a944c
msgid "ppolicy"
msgstr ""

#: ../tutorial/databases.rst:92
#: fc8d77f8ca4d48de9eba6c408a9f5fc2
msgid "If the `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.html>`_ overlay is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the :attr:`~canaille.core.models.User.lock_date` attribute."
msgstr ""

#: ../tutorial/databases.rst:96
#: 15e6cfdc691149efbbdc2f3834c7a3d0
msgid "ppolicy-config.ldif"
msgstr ""

#: ../tutorial/databases.rst:100
#: ef7f7bd8dd0445be8596864cb1b50fa5
msgid "ppolicy.ldif"
msgstr ""

#: ../tutorial/deployment.rst:2
#: a7ef8cd4696b4e53a1ffdb87fb18c375
msgid "Deployment"
msgstr ""

#: ../tutorial/deployment.rst:5
#: 0f1f7c0caa8a4dfcb659c15bedda5aae
msgid "Application service"
msgstr ""

#: ../tutorial/deployment.rst:7
#: b93527ef33ad4a65af273da09bb780f3
msgid "After having finished Canaille installation you have to run it in a WSGI application server. Here are some WSGI server configuration examples you can pick. Do not forget to update the paths."
msgstr ""

#: ../tutorial/deployment.rst:11
#: 1ffbe89a8ff744fc9686484ce526e541
msgid "gunicorn"
msgstr ""

#: ../tutorial/deployment.rst:13
#: 418a0ab3603442f2b0a515962f003029
msgid "Todo"
msgstr ""

#: ../tutorial/deployment.rst:15
#: c40ad558fd584c01a6c564f8f72d12f3
msgid "Write a gunicorn configuration sample file."
msgstr ""

#: ../tutorial/deployment.rst:18
#: ec3a0c7c05b74be6b1640ff6a4090aec
msgid "uwsgi"
msgstr ""

#: ../tutorial/deployment.rst:42
#: 5c4862bc3810432195a2e9a353f60b54
msgid "Webserver"
msgstr ""

#: ../tutorial/deployment.rst:44
#: 94e56452db9741f0a3eee45f672e73a8
msgid "Now you have to plug your WSGI application server to your webserver so it is accessible on the internet. Here are some webserver configuration examples you can pick:"
msgstr ""

#: ../tutorial/deployment.rst:48
#: 7c4ae615fbd44c3f8ab3ece2d0201ed7
msgid "Nginx"
msgstr ""

#: ../tutorial/deployment.rst:114
#: ac66da9f7d1342bdad81dbdf97218b4e
msgid "Apache"
msgstr ""

#: ../tutorial/deployment.rst:153
#: ad13e4fdf804422facdde8b1b619e9a2
msgid "Recurrent jobs"
msgstr ""

#: ../tutorial/deployment.rst:155
#: b9ba07959e7f4d57846b44490735d913
msgid "You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:"
msgstr ""

#: ../tutorial/deployment.rst:164
#: 4a9929824eba46a883f1147dcdaa526e
msgid "Webfinger"
msgstr ""

#: ../tutorial/deployment.rst:166
#: cbd15001d4a043e5a0ec93a5eff80b9f
msgid "You may want to configure a `WebFinger`_ endpoint on your main website to allow the automatic discovery of your Canaille installation based on the account name of one of your users. For instance, suppose your domain is ``mydomain.example`` and your Canaille domain is ``auth.mydomain.example`` and there is a user ``john.doe``. A third-party application could require to authenticate the user and ask them for a user account. The user would give their account ``john.doe@mydomain.example``, then the application would perform a WebFinger request at ``https://mydomain.example/.well-known/webfinger`` and the response would contain the address of the authentication server ``https://auth.mydomain.example``. With this information the third party application can redirect the user to the Canaille authentication page."
msgstr ""

#: ../tutorial/deployment.rst:168
#: e515d97f8d8248f98081746a9b723611
msgid "The difficulty here is that the WebFinger endpoint must be hosted at the top-level domain (i.e. ``mydomain.example``) while the authentication server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). Canaille provides a WebFinger endpoint, but if it is not hosted at the top-level domain, a web redirection is required on the ``/.well-known/webfinger`` path."
msgstr ""

#: ../tutorial/deployment.rst:170
#: 3c7cb4cd4a2d498098fe4387a5ae3b2a
msgid "Here are configuration examples for Nginx or Apache:"
msgstr ""

#: ../tutorial/deployment.rst:172
#: a11ff6002ffc46b7b401b29c222cb984
msgid "Nginx webfinger configuration for a top level domain"
msgstr ""

#: ../tutorial/deployment.rst:181
#: cc81b2ca58b842bab2583d46cd8ac1dc
msgid "Apache webfinger configuration for a top level domain"
msgstr ""

#: ../tutorial/deployment.rst:191
#: b9b3713c6f724e5cb3cad50756e8211c
msgid "Create the first user"
msgstr ""

#: ../tutorial/deployment.rst:193
#: 02df7f55e6df4452ac60d899b5a98cc2
msgid "Once canaille is installed, soon enough you will need to add users. To create your first user you can use the :ref:`canaille create <cli_create>` CLI."
msgstr ""

#: ../tutorial/index.rst:2
#: 3deeb02f520e41b4a510d72bdd446046
msgid "Tutorial"
msgstr ""

#: ../tutorial/install.rst:2
#: 36b529fead5242468a36bdbbbdd28544
msgid "Installation"
msgstr ""

#: ../tutorial/install.rst:6
#: c717982f410e46a28e3f97a9a1096146
msgid "Canaille is under heavy development and may not fit a production environment yet."
msgstr ""

#: ../tutorial/install.rst:8
#: 6e7bc4fde5d74dceb03c1f03a95fa779
msgid "The installation of canaille consist in several steps, some of which you can do manually or with command line tool:"
msgstr ""

#: ../tutorial/install.rst:11
#: 25f53875201f4538b26df4d537d355ea
msgid "Get the code"
msgstr ""

#: ../tutorial/install.rst:13
#: ac342d74e14244c4badfab8c1f829d94
msgid "As the moment there is no distribution package for canaille. However, it can be installed with the ``pip`` package manager. Let us choose a place for the canaille environment, like ``/opt/canaille/env``."
msgstr ""

#: ../tutorial/install.rst:24
#: 15d4a0b372c44934a05f1ed6eb327a87
msgid "Extras"
msgstr ""

#: ../tutorial/install.rst:26
#: 6c563bb9847e4766a5c3d0d461a35c2f
msgid "Canaille provides different package options:"
msgstr ""

#: ../tutorial/install.rst:28
#: 65dbf1cc88e14dcda675a7a20f71477b
msgid "`front` provides all the things needed to produce the user interface;"
msgstr ""

#: ../tutorial/install.rst:29
#: 932751ee90ac445f8271d5f0bf062139
msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;"
msgstr ""

#: ../tutorial/install.rst:30
#: 33ba6546cbf94064ab5290438b1120a8
msgid "`ldap` provides the dependencies to enable the LDAP backend;"
msgstr ""

#: ../tutorial/install.rst:31
#: e65f505181e448e58b1aa158e8af5d42
msgid "`sqlite` provides the dependencies to enable the SQLite backend;"
msgstr ""

#: ../tutorial/install.rst:32
#: f3fa4d1a59674077b16bdc0e432f326e
msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;"
msgstr ""

#: ../tutorial/install.rst:33
#: f914db4dca274ab9bc725faba6cc6e86
msgid "`mysql` provides the dependencies to enable the MySQL backend;"
msgstr ""

#: ../tutorial/install.rst:34
#: 7dad7a35aea54e549ac3328577c8e3e1
msgid "`sentry` provides sentry integration to watch Canaille exceptions;"
msgstr ""

#: ../tutorial/install.rst:35
#: 1cd7e38d50bd4f439e285c870a8b005c
msgid "`all` provides all the extras above."
msgstr ""

#: ../tutorial/install.rst:37
#: cf6a1f2144114c7abfe4177c427d72f8
msgid "They can be installed with:"
msgstr ""

#: ../tutorial/install.rst:44
#: 51d6f24a101c4511aa3d49db1914fa3a
msgid "Configure"
msgstr ""

#: ../tutorial/install.rst:46
#: 4efc51c21f274c449ecdd33dcc439625
msgid "Choose a path where to store your configuration file. You can pass any configuration path with the ``CONFIG`` environment variable."
msgstr ""

#: ../tutorial/install.rst:54
#: 90dd73339c3e43f18395eb80d9749456
msgid "You should then edit your configuration file to adapt the values to your needs. Look at the configuration details in the :doc:`configuration <../references/configuration>` page."
msgstr ""

#: ../tutorial/install.rst:57
#: 3ff3b9dbf5904b3dbb2494ee61825d15
msgid "Install"
msgstr ""

#: ../tutorial/install.rst:59
#: 56e161c2e2ed4ae7a7d55bcc024135a1
msgid "The :ref:`install command <cli_install>` will apply most of the things needed to get Canaille working. Depending on the configured :doc:`database <databases>` it will create the SQL tables, or install the LDAP schemas for instance."
msgstr ""

#: ../tutorial/install.rst:68
#: e4b60f64108549189d9627699af12a91
msgid "Check"
msgstr ""

#: ../tutorial/install.rst:70
#: 1a9056c774724a0491bcb5060e8903f2
msgid "After a manual installation, you can check your configuration file using the :ref:`check command <cli_install>`:"
msgstr ""

#: ../tutorial/troubleshooting.rst:2
#: 8e2c5e7ea5f14416a11a2ec648a32593
msgid "Troubleshooting"
msgstr ""

#: ../tutorial/troubleshooting.rst:5
#: d1d6667b4caa4506a5be55cc7c4df22a
msgid "The web interface throws useless error messages"
msgstr ""

#: ../tutorial/troubleshooting.rst:7
#: a71c850aa84d41e99550cc54f23e5441
msgid "Unless the current user has admin :class:`permissions <canaille.core.configuration.Permission>`, or the installation is in :attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error messages won't be too technical. For instance, you can see *The request you made is invalid*. To enable detailed error messages, you can **temporarily** enable the :attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration parameter."
msgstr ""

#: ../tutorial/troubleshooting.rst:12
#: cc846be11ca448ddb1c1913d1e41ccbf
msgid "How to manually install LDAP schemas?"
msgstr ""

#: ../tutorial/troubleshooting.rst:16
#: c9a20d92290541c0b5536e5cd150999d
msgid "Schema installation can be automatically done using the :ref:`install command <cli_install>`."
msgstr ""

#: ../tutorial/troubleshooting.rst:18
#: 830b3a72844a44d386308540cc44f1e4
msgid "As of OpenLDAP 2.4, two configuration methods are available:"
msgstr ""

#: ../tutorial/troubleshooting.rst:20
#: 02db4b758cfd40f7b64bfb79bea9f5c3
msgid "The `deprecated <https://www.openldap.org/doc/admin26/slapdconf2.html>`_ one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);"
msgstr ""

#: ../tutorial/troubleshooting.rst:21
#: 0b24de0faa944ae3b1af5c604a71098f
msgid "The new one, based on a configuration directory (generally ``/etc/ldap/slapd.d``)."
msgstr ""

#: ../tutorial/troubleshooting.rst:23
#: 7acd99c26fd7480e8733523fbd29db13
msgid "Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:"
msgstr ""

#: ../tutorial/troubleshooting.rst:26
#: 3917d45c79604f16ba0aca4887ff6dac
msgid "Old fashion: Copy the schemas in your filesystem"
msgstr ""

#: ../tutorial/troubleshooting.rst:35
#: 430b74fa77a94624bcae8606289222a3
msgid "New fashion: Use slapadd to add the schemas"
msgstr ""

#: ../tutorial/troubleshooting.rst:37
#: 9fdc2c09b2dc44b3b5e45ed1271b3e7c
msgid "Be careful to stop your ldap server before running ``slapadd``"
msgstr ""

#: ../tutorial/troubleshooting.rst:46
#: cc6bfd549bd541eead7a37af15a25aef
msgid "How to manually generate the OIDC keypair?"
msgstr ""

#: ../tutorial/troubleshooting.rst:50
#: 6dc2d317536b41ff839d98287a84f358
msgid "The keypair generation can be automatically done using the :ref:`install command <cli_install>`."
msgstr ""

#: ../tutorial/troubleshooting.rst:52
#: 31db4facc32b4691b3625065562ef5c3
msgid "Canaille needs a key pair to sign OIDC tokens. You can customize those commands, as long as they match the ``JWT`` section of your configuration file."
msgstr ""