summaryrefslogtreecommitdiffstats
path: root/src/man/po/sssd-docs.pot
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-01-14 15:11:40 -0500
committerStephen Gallagher <sgallagh@redhat.com>2011-01-14 15:16:10 -0500
commitcbe7c54c2caf718bdea7ca6660ba8193d759d2d5 (patch)
treef904130889a381a4425d36fcc3a7f273d1f6bc66 /src/man/po/sssd-docs.pot
parent055701c59d684fbb3c8be4a129bb8fd4cfb4ffe8 (diff)
downloadsssd-cbe7c54c2caf718bdea7ca6660ba8193d759d2d5.tar.gz
sssd-cbe7c54c2caf718bdea7ca6660ba8193d759d2d5.tar.xz
sssd-cbe7c54c2caf718bdea7ca6660ba8193d759d2d5.zip
Regenerate manpage po[t] files
Fixed several typos
Diffstat (limited to 'src/man/po/sssd-docs.pot')
-rw-r--r--src/man/po/sssd-docs.pot2793
1 files changed, 1580 insertions, 1213 deletions
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index c9fcca5a6..24beddc92 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,37 +6,38 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.5.0\n"
+"Project-Id-Version: sssd-docs 1.5.1\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2010-11-29 15:33+0100\n"
+"POT-Creation-Date: 2011-01-14 15:11-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
-"Content-Transfer-Encoding: ENCODING"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
-# type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sss_useradd.8.xml:5 sss_obfuscate.8.xml:5 sssd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
msgid "SSSD Manual pages"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
msgid "sss_groupmod"
msgstr ""
-# type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 sss_useradd.8.xml:11 sss_obfuscate.8.xml:11 sssd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
msgid "8"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupmod.8.xml:16
msgid "modify a group"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupmod.8.xml:21
msgid ""
"<command>sss_groupmod</command> <arg choice='opt'> "
@@ -44,31 +45,31 @@ msgid ""
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sss_useradd.8.xml:30 sss_obfuscate.8.xml:30 sssd.8.xml:29 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
msgid "DESCRIPTION"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupmod.8.xml:32
msgid ""
"<command>sss_groupmod</command> modifies the group to reflect the changes "
"that are specified on the command line."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sss_useradd.8.xml:39 sss_obfuscate.8.xml:59 sssd.8.xml:42 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:59 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
msgid "OPTIONS"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
msgid ""
"<option>-a</option>,<option>--append-group</option> "
"<replaceable>GROUPS</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupmod.8.xml:48
msgid ""
"Append this group to groups specified by the "
@@ -77,26 +78,26 @@ msgid ""
"group names."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
msgid ""
"<option>-r</option>,<option>--remove-group</option> "
"<replaceable>GROUPS</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupmod.8.xml:62
msgid ""
"Remove this group from groups specified by the "
"<replaceable>GROUPS</replaceable> parameter."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:963 sssd-ldap.5.xml:1151 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:113 sssd-ipa.5.xml:178 sss_useradd.8.xml:167 sss_obfuscate.8.xml:104 sssd.8.xml:166 sssd-krb5.5.xml:294 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:990 sssd-ldap.5.xml:1275 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:178 sssd.8.xml:166 sss_obfuscate.8.xml:104 sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
msgid "SEE ALSO"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupmod.8.xml:74
msgid ""
"<citerefentry> "
@@ -114,32 +115,32 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
msgid "sssd.conf"
msgstr ""
-# type: Content of: <reference><refentry><refmeta><manvolnum>
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
msgid "5"
msgstr ""
-# type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
+#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:21
msgid "FILE FORMAT"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><programlisting>
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:29
#, no-wrap
msgid ""
@@ -151,108 +152,108 @@ msgid ""
" "
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:24
msgid ""
"The file has an ini-style syntax and consists of sections and parameters. A "
"section begins with the name of the section in square brackets and continues "
"until the next section begins. An example of section with single and "
-"multi-valued parameters: <placeholder0>"
+"multi-valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:36
msgid ""
"The data types used are string (no quotes needed), integer and bool (with "
"values of <quote>TRUE/FALSE</quote>)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:41
msgid ""
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
"(<quote>;</quote>)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:46
msgid ""
"All sections can have an optional <replaceable>description</replaceable> "
"parameter. Its function is only as a label for the section."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:52
msgid ""
"<filename>sssd.conf</filename> must be a regular file, owned by root and "
"only root may read from or write to the file."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
+#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:58
msgid "SPECIAL SECTIONS"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><title>
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:61
msgid "The [sssd] section"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:809
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:836
msgid "Section parameters"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:72
msgid "config_file_version (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:75
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:81
msgid "services"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:84
msgid "Comma separated list of services that are started when sssd itself starts."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid "Supported services: nss, pam"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:93 sssd.conf.5.xml:234
msgid "reconnection_retries (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:96 sssd.conf.5.xml:237
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:101 sssd.conf.5.xml:242
msgid "Default: 3"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:106
msgid "domains"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:109
msgid ""
"A domain is a database containing user information. SSSD can use more "
@@ -261,19 +262,19 @@ msgid ""
"them to be queried."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:119
msgid "re_expression (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:122
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:126
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
@@ -281,27 +282,27 @@ msgid ""
"sign, the domain everything after that\""
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:131
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all plattforms (e.g. RHEL5 and SLES10). Only plattforms with libpcre "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
"version 7 or higher can support non-unique named subpatterns."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:138
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P&lt;name&gt;) to label subpatterns."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:145
msgid "full_name_format (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:148
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
@@ -309,17 +310,17 @@ msgid ""
"how to translate a (name, domain) tuple into a fully qualified name."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:156
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:161
msgid "try_inotify (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:164
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
@@ -328,7 +329,7 @@ msgid ""
"inotify cannot be used."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:172
msgid ""
"There are some limited situations where it is preferred that we should skip "
@@ -336,36 +337,37 @@ msgid ""
"to 'false'"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:178
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:182
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
"managed by a special service frequently called <quote>monitor</quote>. The "
"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains. <placeholder0>"
+"some other important options like the identity domains. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
+#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:195
msgid "SERVICES SECTIONS"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:197
msgid ""
"Settings that can be used to configure different services are described in "
@@ -374,54 +376,54 @@ msgid ""
"<quote>[nss]</quote>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><title>
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:204
msgid "General service configuration options"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:206
msgid "These options can be used to configure any service."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:210
msgid "debug_level (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:213
msgid ""
"Sets the debug level for the service. The value can be in range from 0 (only "
"critical messages) to 10 (very verbose)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:218 sssd.conf.5.xml:312
msgid "Default: 0"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:223 sssd.8.xml:58
msgid "debug_timestamps (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:226 sssd.8.xml:61
msgid "Add a timestamp to the debug messages"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:872 sssd-ldap.5.xml:966 sssd-ipa.5.xml:142
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1019 sssd-ipa.5.xml:142
msgid "Default: true"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:247
msgid "command (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:250
msgid ""
"By default, the executable representing this service is called "
@@ -430,46 +432,46 @@ msgid ""
"the default values should suffice."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:258
msgid "Default: <command>sssd_${service_name}</command>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><title>
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:266
msgid "NSS configuration options"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:268
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:273
msgid "enum_cache_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:276
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:280
msgid "Default: 120"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:285
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:288
msgid ""
"The entry cache can be set to automatically update entries in the background "
@@ -477,7 +479,7 @@ msgid ""
"for the domain."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:294
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
@@ -487,7 +489,7 @@ msgid ""
"requests will not need to block waiting for a cache update."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:304
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
@@ -496,12 +498,12 @@ msgid ""
"disables this feature)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:317
msgid "entry_negative_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:320
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
@@ -509,94 +511,94 @@ msgid ""
"before asking the back end again."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:326 sssd-krb5.5.xml:218
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:331
msgid "filter_users, filter_groups (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:334
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
-"particulary useful for system accounts. This option can also be set "
+"particularly useful for system accounts. This option can also be set "
"per-domain or include fully-qualified names to filter only users from the "
"particular domain."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:341
msgid "Default: root"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:346
msgid "filter_users_in_groups (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:349
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><title>
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:360
msgid "PAM configuration options"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:362
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:367
msgid "offline_credentials_expiration (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:370
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
msgid "Default: 0 (No limit)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:381
msgid "offline_failed_login_attempts (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:384
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:394
msgid "offline_failed_login_delay (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:397
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:402
msgid ""
"If set to 0 the user cannot authenticate offline if "
@@ -604,72 +606,95 @@ msgid ""
"authentication can enable enable offline authentication again."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd.conf.5.xml:748
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:775
msgid "Default: 5"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:414
msgid "pam_verbosity (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:417
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:422
msgid "Currently sssd supports the following values:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:425
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:428
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:432
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:435
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:439
msgid "Default: 1"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:448
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:444
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:447
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a "
+"per-client-application basis) how long (in seconds) we can cache the "
+"identity information to avoid excessive round-trips to the identity "
+"provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:470
msgid "DOMAIN SECTIONS"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:455
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:477
msgid "min_id,max_id (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:480
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:463
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:485
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -677,57 +702,57 @@ msgid ""
"expected."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:492
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:476
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:498
msgid "timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:479
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:501
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:484
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:506
msgid "Default: 10"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:490
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:512
msgid "enumerate (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:493
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:515
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:497
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:519
msgid "TRUE = Users and groups are enumerated"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:500
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:522
msgid "FALSE = No enumerations for this domain"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:503 sssd.conf.5.xml:546 sssd.conf.5.xml:600
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:525 sssd.conf.5.xml:573 sssd.conf.5.xml:627
msgid "Default: FALSE"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:506
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -736,8 +761,15 @@ msgid ""
"heavy enumeration processing."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:516
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:543
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -745,40 +777,40 @@ msgid ""
"to the man pages for the specific id_provider in use."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:527
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:554
msgid "entry_cache_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:530
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:557
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:561
msgid "Default: 5400"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:539
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:566
msgid "cache_credentials (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:542
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:569
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:551
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:578
msgid "account_cache_expiration (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:581
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -786,48 +818,48 @@ msgid ""
"offline_credentials_expiration."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:588
msgid "Default: 0 (unlimited)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:567
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:594
msgid "id_provider (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:570
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:597
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:574
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:601
msgid "Supported backends:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:604
msgid "proxy: Support a legacy NSS provider"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:580
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:607
msgid "local: SSSD internal local provider"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:583
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:610
msgid "ldap: LDAP provider"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:589
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:616
msgid "use_fully_qualified_names (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:592
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:619
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -835,76 +867,76 @@ msgid ""
"<command>getent passwd test@LOCAL</command> would."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:605
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:632
msgid "auth_provider (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:635
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:612
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:639
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> for more information on configuring LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:619
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:646
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> for more information on configuring Kerberos."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:626
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:653
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:629
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:656
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:632
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:638
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:665
msgid "access_provider (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
"Internal special providers are:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:674
msgid "<quote>permit</quote> always allow access."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:650
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:677
msgid "<quote>deny</quote> always deny access."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:680
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -912,25 +944,25 @@ msgid ""
"the simple access module."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:660
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:687
msgid "Default: <quote>permit</quote>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:665
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:692
msgid "chpass_provider (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:668
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:695
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:673
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:700
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -938,8 +970,8 @@ msgid ""
"IPA."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:708
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -947,245 +979,248 @@ msgid ""
"LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:716
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> for more information on configuring Kerberos."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:724
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:728
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:731
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:711
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:738
msgid "lookup_family_order (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:714
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:741
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:745
msgid "Supported values:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:721
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:748
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:751
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:754
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:730
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:757
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:760
msgid "Default: ipv4_first"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:739
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:766
msgid "dns_resolver_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:742
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:769
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
"the domain will continue to operate in offline mode."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:754
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:781
msgid "dns_discovery_domain (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:757
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:784
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:761
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:788
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:450
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:472
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
-"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder0>"
+"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:773
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:800
msgid "proxy_pam_target (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:776
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:803
msgid "The proxy target PAM proxies to."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:806
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:814
msgid "proxy_lib_name (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:817
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:769
-msgid "Options valid for proxy domains. <placeholder0>"
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:796
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:802
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:829
msgid "The local domain section"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:804
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:831
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
"<replaceable>id_provider=local</replaceable>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:811
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:838
msgid "default_shell (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:814
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:841
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:845
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:823
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:850
msgid "base_directory (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:826
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:853
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:858
msgid "Default: <filename>/home</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:836
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:863
msgid "create_homedir (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:839
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:866
msgid ""
"Indicate if a home directory should be created by default for new users. "
-"Can be overriden on command line."
+"Can be overridden on command line."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843 sssd.conf.5.xml:855
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:870 sssd.conf.5.xml:882
msgid "Default: TRUE"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:848
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:875
msgid "remove_homedir (bool)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:851
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:878
msgid ""
"Indicate if a home directory should be removed by default for deleted "
-"users. Can be overriden on command line."
+"users. Can be overridden on command line."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:887
msgid "homedir_umask (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:890
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
"on a newly created home directory."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:898
msgid "Default: 077"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:876
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:903
msgid "skel_dir (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:906
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1193,54 +1228,54 @@ msgid ""
"<manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:916
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:894
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:921
msgid "mail_dir (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:897
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:924
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
"default value is used."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:931
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
msgid "userdel_cmd (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
"return code of the command is not taken into account."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:945
msgid "Default: None, no command is run"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:928 sssd-ldap.5.xml:1119 sssd-simple.5.xml:96 sssd-ipa.5.xml:160 sssd-krb5.5.xml:275
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:955 sssd-ldap.5.xml:1243 sssd-simple.5.xml:126 sssd-ipa.5.xml:160 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:934
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:961
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1269,16 +1304,17 @@ msgid ""
"enumerate = False\n"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:930
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:957
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details. <placeholder0>"
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:965
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:992
msgid ""
"<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
@@ -1301,12 +1337,12 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
msgid "sssd-ldap"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
"This manual page describes the configuration of LDAP domains for "
@@ -1317,12 +1353,12 @@ msgid ""
"information."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:35
msgid "You can configure SSSD to use more than one LDAP domain."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:38
msgid ""
"LDAP back end supports id, auth, access and chpass providers. If you want to "
@@ -1334,17 +1370,17 @@ msgid ""
"using LDAP as an access provider."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:60 sssd-ipa.5.xml:61 sssd-krb5.5.xml:63
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:60
msgid "ldap_uri (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:63
msgid ""
"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
@@ -1354,18 +1390,42 @@ msgid ""
"<quote>SERVICE DISCOVERY</quote> section."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:73
-msgid "ldap_search_base (string)"
+msgid "ldap_chpass_uri (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:76
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference to change the password of a user. Refer to the "
+"<quote>FAILOVER</quote> section for more information on failover and server "
+"redundancy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:83
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:87
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:93
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:96
msgid "The default base DN to use for performing LDAP user operations."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:80
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:100
msgid ""
"Default: If not set the value of the defaultNamingContext or namingContexts "
"attribute from the RootDSE of the LDAP server is used. If "
@@ -1375,13 +1435,13 @@ msgid ""
"are not supported."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:94
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:114
msgid "ldap_schema (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:97
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:117
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
@@ -1394,202 +1454,202 @@ msgid ""
"attribute."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:136
msgid "Default: rfc2307"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:142
msgid "ldap_default_bind_dn (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:125
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:145
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:132
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:152
msgid "ldap_default_authtok_type (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:135
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:155
msgid "The type of the authentication token of the default bind DN."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:139
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:159
msgid "The two mechanisms currently supported are:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:142
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:162
msgid "password"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:145
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:165
msgid "obfuscated_password"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:151
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:171
msgid "ldap_default_authtok (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:154
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:174
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:161
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:181
msgid "ldap_user_object_class (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:164
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:184
msgid "The object class of a user entry in LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:167
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:187
msgid "Default: posixAccount"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:173
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:193
msgid "ldap_user_name (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:176
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:196
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:200
msgid "Default: uid"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:206
msgid "ldap_user_uid_number (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:209
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:193
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:213
msgid "Default: uidNumber"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:199
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
msgid "ldap_user_gid_number (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:202
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206 sssd-ldap.5.xml:538
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:580
msgid "Default: gidNumber"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:212
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:232
msgid "ldap_user_gecos (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:215
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:219
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:239
msgid "Default: gecos"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:225
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:245
msgid "ldap_user_home_directory (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:228
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:248
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:232
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:252
msgid "Default: homeDirectory"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:238
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:258
msgid "ldap_user_shell (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:241
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:261
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:245
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:265
msgid "Default: loginShell"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:251
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:271
msgid "ldap_user_uuid (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:254
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:274
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:258 sssd-ldap.5.xml:564 sssd-ldap.5.xml:657
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:606 sssd-ldap.5.xml:699
msgid "Default: nsUniqueId"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:264
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:284
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:267 sssd-ldap.5.xml:573 sssd-ldap.5.xml:666
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:615 sssd-ldap.5.xml:708
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:271 sssd-ldap.5.xml:577 sssd-ldap.5.xml:670
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:619 sssd-ldap.5.xml:712
msgid "Default: modifyTimestamp"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:277
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:297
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:280
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:300
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -1597,18 +1657,18 @@ msgid ""
"</citerefentry> counterpart (date of the last password change)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:290
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:310
msgid "Default: shadowLastChange"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:296
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:316
msgid "ldap_user_shadow_min (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:319
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -1616,18 +1676,18 @@ msgid ""
"</citerefentry> counterpart (minimum password age)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:328
msgid "Default: shadowMin"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:314
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:334
msgid "ldap_user_shadow_max (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:317
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -1635,18 +1695,18 @@ msgid ""
"</citerefentry> counterpart (maximum password age)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:326
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:346
msgid "Default: shadowMax"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:332
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:352
msgid "ldap_user_shadow_warning (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:335
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:355
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -1654,18 +1714,18 @@ msgid ""
"</citerefentry> counterpart (password warning period)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:345
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:365
msgid "Default: shadowWarning"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:351
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:371
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:354
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:374
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -1673,89 +1733,90 @@ msgid ""
"</citerefentry> counterpart (password inactivity period)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:384
msgid "Default: shadowInactive"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:370
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:390
msgid "ldap_user_shadow_expire (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:393
msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> "
-"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
-"</citerefentry> counterpart (account expiration date)."
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
+"parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration "
+"date)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:382
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:403
msgid "Default: shadowExpire"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:388
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:409
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:391
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:412
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
"kerberos."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:397
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:418
msgid "Default: krbLastPwdChange"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:403
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:424
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:406
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:427
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:433
msgid "Default: krbPasswordExpiration"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:439
msgid "ldap_user_principal (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:442
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:425
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:446
msgid "Default: krbPrincipalName"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:431
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:452
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:434
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:455
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -1763,241 +1824,266 @@ msgid ""
"realm."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:441 sssd-ldap.5.xml:818 sssd-ipa.5.xml:115 sssd.8.xml:64 sssd-krb5.5.xml:230 sssd-krb5.5.xml:261
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:462 sssd-ldap.5.xml:860 sssd-ipa.5.xml:115 sssd.8.xml:64 sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
msgid "Default: false"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:447
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:468
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:471
msgid ""
"The LDAP attribute that contains how many seconds SSSD has to wait before "
"refreshing its cache of enumerated records."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:455
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:476
msgid "Default: 300"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:461
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:482
msgid "ldap_purge_cache_timeout"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:464
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:485
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
"space."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:470
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:491
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:495
msgid "Default: 10800 (12 hours)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:480
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:501
msgid "ldap_user_fullname (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:483
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:487 sssd-ldap.5.xml:525 sssd-ldap.5.xml:618
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:508 sssd-ldap.5.xml:567 sssd-ldap.5.xml:660
msgid "Default: cn"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:493
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:514
msgid "ldap_user_member_of (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:496
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:517
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:500
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:521
msgid "Default: memberOf"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:506
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:527
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:530
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry "
+"to determine access privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:537
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:542
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:548
msgid "ldap_group_object_class (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:509
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:551
msgid "The object class of a group entry in LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:512
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:554
msgid "Default: posixGroup"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:518
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:560
msgid "ldap_group_name (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:521
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:563
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:531
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:573
msgid "ldap_group_gid_number (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:534
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:576
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:544
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:586
msgid "ldap_group_member (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:547
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:589
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:551
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:593
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:557
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:599
msgid "ldap_group_uuid (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:560
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:602
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:570
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:612
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:583
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:625
msgid "ldap_group_nesting_level (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:586
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
msgid ""
"If ldap_schema is set to a schema format that supports nested groups "
"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
"will follow. This option has no effect on the RFC2307 schema."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:593
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:635
msgid "Default: 2"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:641
msgid "ldap_netgroup_object_class (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:602
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:644
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:605
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:647
msgid "Default: nisNetgroup"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:611
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:653
msgid "ldap_netgroup_name (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:614
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:656
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:624
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:666
msgid "ldap_netgroup_member (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:627
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:669
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:673
msgid "Default: memberNisNetgroup"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:637
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:679
msgid "ldap_netgroup_triple (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:640
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:682
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:686
msgid "Default: nisNetgroupTriple"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:650
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:692
msgid "ldap_netgroup_uuid (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:653
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:695
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:663
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:705
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:676
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:718
msgid "ldap_search_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:679
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:721
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2006,18 +2092,18 @@ msgid ""
"for specific lookup types."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:689
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:731
msgid "Default: 60"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:695
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:737
msgid "ldap_network_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:698
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:740
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -2027,103 +2113,103 @@ msgid ""
"</citerefentry> returns in case of no activity."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715 sssd-ldap.5.xml:730
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:757 sssd-ldap.5.xml:772
msgid "Default: 6"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:721
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:763
msgid "ldap_opt_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:724
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:766
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
"communicating with the KDC in case of SASL bind."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:736
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:778
msgid "ldap_tls_reqcert (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:739
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:781
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:745
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:787
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:791
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
"is provided, it will be ignored and the session proceeds normally."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:756
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:798
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
"is provided, the session is immediately terminated."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:804
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
"immediately terminated."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:768
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:810
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:772
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
msgid "Default: hard"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:778
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:820
msgid "ldap_tls_cacert (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:781
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:823
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:786 sssd-ldap.5.xml:804
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:828 sssd-ldap.5.xml:846
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:793
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:835
msgid "ldap_tls_cacertdir (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:796
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:838
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2131,102 +2217,102 @@ msgid ""
"<command>cacertdir_rehash</command> can be used to create the correct names."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:853
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:856
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:866
msgid "ldap_sasl_mech (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:869
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:831 sssd-ldap.5.xml:948
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:873 sssd-ldap.5.xml:1001
msgid "Default: none"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:837
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:879
msgid "ldap_sasl_authid (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:882
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:887
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:893
msgid "ldap_krb5_keytab (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:896
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:857
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:899
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:863
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:905
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
"GSSAPI."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:878
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:920
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:881
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:923
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:927
msgid "Default: 86400 (24 hours)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:891
-msgid "krb5_kdcip (string)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:933 sssd-krb5.5.xml:74
+msgid "krb5_server (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-krb5.5.xml:77
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:936 sssd-krb5.5.xml:77
msgid ""
"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -2236,42 +2322,59 @@ msgid ""
"more information, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:909 sssd-krb5.5.xml:98
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches "
+"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
+"none are found."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:953 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
+"SSSD. While the legacy name is recognized for the time being, users are "
+"advised to migrate their config files to use <quote>krb5_server</quote> "
+"instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:962 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:912
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:965
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:968
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:921
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:974
msgid "ldap_pwd_policy (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:924
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:977
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:982
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:987
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -2280,53 +2383,70 @@ msgid ""
"this attribute during a password change."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:942
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:995
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1007
msgid "ldap_referrals (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1010
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:961
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1014
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:972
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1025
msgid "ldap_dns_service_name (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:975
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1028
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1032
msgid "Default: ldap"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:985
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1038
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1041
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1046
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1052
msgid "ldap_access_filter (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:988
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1055
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -2335,13 +2455,13 @@ msgid ""
"to change this default behavior."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:998
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1065
msgid "Example:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1001
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1068
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -2349,15 +2469,15 @@ msgid ""
" "
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1005
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1072
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1077
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -2365,124 +2485,195 @@ msgid ""
"while offline and vice-versa."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1018
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1085 sssd-ldap.5.xml:1113
msgid "Default: Empty"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1024
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1091
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1094
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1098
+msgid ""
+"Please note that it is always recommended to use server side access control, "
+"i.e. the LDAP server should deny the bind request with a suitable error code "
+"even if the password is correct."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1105
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1108
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1119
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1122
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1126
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1129
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
+"to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1138
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1141
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1148
msgid "ldap_deref (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1027
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1151
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1156
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1160
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1165
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1046
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1170
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1175
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:51
msgid ""
"All of the common configuration options that apply to SSSD domains also "
"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
-"<placeholder0>"
+"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1063
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1187
msgid "ADVANCED OPTIONS"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1070
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1194
msgid "ldap_netgroup_search_base (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1197
msgid "An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1077 sssd-ldap.5.xml:1091 sssd-ldap.5.xml:1105
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1201 sssd-ldap.5.xml:1215 sssd-ldap.5.xml:1229
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1084
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1208
msgid "ldap_user_search_base (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1211
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1222
msgid "ldap_group_search_base (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1225
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1065
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1189
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
-"are doing. <placeholder0>"
+"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1121
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1245
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
"section."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1127
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:1251
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -2495,18 +2686,18 @@ msgid ""
" enumerate = true\n"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1126 sssd-simple.5.xml:104 sssd-ipa.5.xml:168 sssd-krb5.5.xml:284
-msgid "<placeholder0>"
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1250 sssd-simple.5.xml:134 sssd-ipa.5.xml:168 sssd-krb5.5.xml:414
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1140 sssd_krb5_locator_plugin.8.xml:61
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1264 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1142
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1266
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -2514,8 +2705,8 @@ msgid ""
"distribution."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1153
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1277
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -2525,24 +2716,24 @@ msgid ""
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <refentryinfo>
+#. type: Content of: <refentryinfo>
#: pam_sss.8.xml:8 include/upstream.xml:2
msgid ""
"<productname>SSSD</productname> <orgname>The SSSD upstream - "
"http://fedorahosted.org/sssd</orgname>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: pam_sss.8.xml:13 pam_sss.8.xml:18
msgid "pam_sss"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: pam_sss.8.xml:19
msgid "PAM module for SSSD"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> "
@@ -2552,7 +2743,7 @@ msgid ""
"<replaceable>retry=N</replaceable> </arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:42
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
@@ -2560,24 +2751,24 @@ msgid ""
"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:52
msgid "<option>forward_pass</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:55
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:62
msgid "<option>use_first_pass</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:65
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
@@ -2586,31 +2777,31 @@ msgid ""
"access."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:73
msgid "<option>use_authtok</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:76
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:83
msgid "<option>retry=N</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:86
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:88
msgid ""
"Please note that this option might not work as expected if the application "
@@ -2618,24 +2809,24 @@ msgid ""
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
+#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:99
msgid "MODULE TYPES PROVIDED"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:100
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
+#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:106
msgid "FILES"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:107
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
@@ -2644,7 +2835,7 @@ msgid ""
"password."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:112
msgid ""
"The message is read from the file "
@@ -2657,7 +2848,7 @@ msgid ""
"while all other users must have only read permisssions."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:122
msgid ""
"These files are searched in the directory "
@@ -2665,7 +2856,7 @@ msgid ""
"is present a generic message is displayed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:130
msgid ""
"<citerefentry> "
@@ -2673,12 +2864,12 @@ msgid ""
"</citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
msgid "sssd_krb5_locator_plugin"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
@@ -2694,18 +2885,18 @@ msgid ""
"</citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:48
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the enviroment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
"libraries it reads and evaluates these variable and returns them to the "
"libraries."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:63
msgid ""
"Not all Kerberos implementations support the use of plugins. If "
@@ -2713,14 +2904,14 @@ msgid ""
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:69
msgid ""
-"If the enviroment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value debug "
-"messages will be sent to stderr."
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:77
msgid ""
"<citerefentry> "
@@ -2731,17 +2922,17 @@ msgid ""
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
msgid "sssd-simple"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-simple.5.xml:17
msgid "the configuration file for SSSD's 'simple' access-control provider"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:24
msgid ""
"This manual page describes the configuration of the simple access-control "
@@ -2752,77 +2943,102 @@ msgid ""
"</citerefentry> manual page."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:38
msgid ""
"The simple access provider grants or denies access based on an access or "
-"deny list of user names. Here to following rules apply:"
+"deny list of user or group names. The following rules apply:"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:42
-msgid "If both lists are empty, access is granted"
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:45
-msgid "If simple_allow_users is set, only users from this list are allowed access."
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
msgid ""
-"This setting supersedes the simple_deny_users list (which would be "
-"redundant)."
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:51
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
msgid ""
-"If the simple_allow_users list is empty, users are allowed access unless "
-"they appear in the simple_deny_users list"
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:69
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
msgid "simple_allow_users (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:72
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
msgid "Comma separated list of users who are allowed to log in."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:79
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
msgid "simple_deny_users (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:82
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only "
+"to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
msgid ""
-"Comma separated list of users who are rejected if simple_allow_users is not "
-"set."
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:61 sssd-ipa.5.xml:62
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> manual page for details on the configuration of an SSSD "
-"domain. <placeholder0>"
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:90
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
msgid ""
"Please note that it is an configuration error if both, simple_allow_users "
"and simple_deny_users, are defined."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:98
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:128
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -2830,8 +3046,8 @@ msgid ""
"options."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:105
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:135
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -2839,8 +3055,8 @@ msgid ""
" simple_allow_users = user1, user2\n"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:115
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:145
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -2848,12 +3064,12 @@ msgid ""
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
msgid "sssd-ipa"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
"This manual page describes the configuration of the IPA provider for "
@@ -2864,7 +3080,7 @@ msgid ""
"</citerefentry> manual page."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:36
msgid ""
"The IPA provider is a back end used to connect to an IPA server. (Refer to "
@@ -2873,7 +3089,7 @@ msgid ""
"almost entirely self-discovered and obtained directly from the server."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
msgid ""
"The IPA provider accepts the same options used by the <citerefentry> "
@@ -2888,24 +3104,24 @@ msgid ""
"side."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:69
msgid "ipa_domain (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:72
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:80
msgid "ipa_server (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:83
msgid ""
"The list of IP addresses or hostnames of the IPA servers to which SSSD "
@@ -2915,67 +3131,67 @@ msgid ""
"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:96
msgid "ipa_hostname (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:99
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:107
msgid "ipa_dyndns_update (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:110
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:121
msgid "ipa_dyndns_iface (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:124
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:129
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135 sssd-krb5.5.xml:224
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:135 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138 sssd-krb5.5.xml:227
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:138 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:145
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:162
msgid ""
"The following example assumes that SSSD is correctly configured and "
@@ -2983,7 +3199,7 @@ msgid ""
"section. This examples shows only the ipa provider-specific options."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><programlisting>
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ipa.5.xml:169
#, no-wrap
msgid ""
@@ -2993,7 +3209,7 @@ msgid ""
" ipa_hostname = myhost.example.com\n"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:180
msgid ""
"<citerefentry> "
@@ -3006,190 +3222,183 @@ msgid ""
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> "
-"<replaceable>options</replaceable> </arg> <arg "
-"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+"<command>sssd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
+"<command>SSSD</command> provides a set of daemons to manage access to remote "
+"directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> "
+"<replaceable>LEVEL</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:51
msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
-"not given, it is chosen automatically."
+"Debug level to run the daemon with. 0 is the default as well as the lowest "
+"allowed value, 10 is the most verbose mode. This setting overrides the "
+"settings from config file. This parameter implies <option>-i</option>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> "
-"<replaceable>COMMENT</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:70
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:74
msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> "
-"<replaceable>HOME_DIR</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:82
+msgid "<option>-D</option>,<option>--daemon</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account. The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory. The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with "
-"<quote>user_defaults/baseDirectory</quote> setting in sssd.conf."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:86
+msgid "Become a daemon after starting up."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> "
-"<replaceable>SHELL</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:92
+msgid "<option>-i</option>,<option>--interactive</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently "
-"<filename>/bin/bash</filename>. The default can be changed with "
-"<quote>user_defaults/defaultShell</quote> setting in sssd.conf."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:96
+msgid "Run in the foreground, don't become a daemon."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> "
-"<replaceable>GROUPS</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:102
+msgid "<option>-c</option>,<option>--config</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:106
+msgid ""
+"Specify a non-default config file. The default is "
+"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
+"syntax and options, consult the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:122
+msgid "Signals"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:125
+msgid "SIGTERM/SIGINT"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:128
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then "
+"shut down the monitor."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid "Do not create the user's home directory. Overrides configuration settings."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:134
+msgid "SIGHUP"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:137
msgid ""
-"<option>-k</option>,<option>--skel</option> "
-"<replaceable>SKELDIR</replaceable>"
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs "
+"like logrotate."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:145
+msgid "SIGUSR1"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:148
msgid ""
-"This option is only valid if the <option>-m</option> (or "
-"<option>--create-home</option>) option is specified, or creation of home "
-"directories is set to TRUE in the configuration."
+"Tells the SSSD to simulate offline operation for one minute. This is mostly "
+"useful for testing purposes."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:154
+msgid "SIGUSR2"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:157
msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
+"Tells the SSSD to go online immediately. This is mostly useful for testing "
+"purposes."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:168
msgid ""
"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
-"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_obfuscate.8.xml:16
msgid "obfuscate a clear text password"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_obfuscate.8.xml:21
msgid ""
"<command>sss_obfuscate</command> <arg choice='opt'> "
@@ -3197,7 +3406,7 @@ msgid ""
"choice='plain'><replaceable>[PASSWORD]</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:32
msgid ""
"<command>sss_obfuscate</command> converts a given password into "
@@ -3205,7 +3414,7 @@ msgid ""
"SSSD config file."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:37
msgid ""
"The cleartext password can be specified as an extra argument to the program "
@@ -3217,7 +3426,7 @@ msgid ""
"</citerefentry> for more details on these parameters."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:50
msgid ""
"Please note that obfuscating the password provides <emphasis>no real "
@@ -3227,211 +3436,218 @@ msgid ""
"advised."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:64
msgid "<option>-s</option>,<option>--stdin</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:68
msgid "The password to obfuscate will be read from standard input."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:75
msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>DOMAIN</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:80
msgid ""
"The SSSD domain to use the password in. The default name is "
"<quote>default</quote>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:87
msgid "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:92
msgid "Read the config file specified by the positional parameter."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:96
msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:106
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
msgid ""
-"<command>sssd</command> <arg choice='opt'> "
-"<replaceable>options</replaceable> </arg>"
+"<command>sss_useradd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> "
-"<replaceable>LEVEL</replaceable>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43
+msgid "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:51
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
msgid ""
-"Debug level to run the daemon with. 0 is the default as well as the lowest "
-"allowed value, 10 is the most verbose mode. This setting overrides the "
-"settings from config file. This parameter implies <option>-i</option>."
-msgstr ""
-
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:70
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
+"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
+"not given, it is chosen automatically."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:74
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
+"<option>-c</option>,<option>--gecos</option> "
+"<replaceable>COMMENT</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:82
-msgid "<option>-D</option>,<option>--daemon</option>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:86
-msgid "Become a daemon after starting up."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
+msgid ""
+"<option>-h</option>,<option>--home</option> "
+"<replaceable>HOME_DIR</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:92
-msgid "<option>-i</option>,<option>--interactive</option>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account. The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory. The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with "
+"<quote>user_defaults/baseDirectory</quote> setting in sssd.conf."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:96
-msgid "Run in the foreground, don't become a daemon."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
+msgid ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>SHELL</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:102
-msgid "<option>-c</option>,<option>--config</option>"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently "
+"<filename>/bin/bash</filename>. The default can be changed with "
+"<quote>user_defaults/defaultShell</quote> setting in sssd.conf."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:106
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
msgid ""
-"Specify a non-default config file. The default is "
-"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
-"syntax and options, consult the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
-"</citerefentry> manual page."
+"<option>-G</option>,<option>--groups</option> "
+"<replaceable>GROUPS</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:122
-msgid "Signals"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:125
-msgid "SIGTERM/SIGINT"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:128
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:134
-msgid "SIGHUP"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:137
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid "Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>SKELDIR</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:145
-msgid "SIGUSR1"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:148
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
+"This option is only valid if the <option>-m</option> (or "
+"<option>--create-home</option>) option is specified, or creation of home "
+"directories is set to TRUE in the configuration."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:154
-msgid "SIGUSR2"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:157
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:157
msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:168
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:169
msgid ""
"<citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
-"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
@@ -3439,12 +3655,12 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
msgid "sssd-krb5"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
"This manual page describes the configuration of the Kerberos 5 "
@@ -3456,7 +3672,7 @@ msgid ""
"</citerefentry> manual page"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:36
msgid ""
"The Kerberos 5 authentication backend contains auth and chpass providers. It "
@@ -3469,7 +3685,7 @@ msgid ""
"this."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:47
msgid ""
"This backend also provides access control based on the .k5login file in the "
@@ -3480,7 +3696,7 @@ msgid ""
"'access_provider = krb5' in your sssd configuration."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:55
msgid ""
"In the case where the UPN is not available in the identity backend "
@@ -3488,42 +3704,28 @@ msgid ""
"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:89
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
-"SSSD. While the legacy name is recognized for the time being, users are "
-"advised to migrate their config files to use <quote>krb5_server</quote> "
-"instead."
-msgstr ""
-
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:101
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
msgid ""
"The name of the Kerberos realm. This option is required and must be "
"specified."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:108
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
msgid "krb5_kpasswd (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:111
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
msgid ""
"If the change password service is not running on the KDC alternative servers "
"can be defined here. An optional port number (preceded by a colon) may be "
"appended to the addresses or hostnames."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:117
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
msgid ""
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. Please note that even if there are no more "
@@ -3531,18 +3733,18 @@ msgid ""
"authentication against the KDC is still possible."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:124
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
msgid "Default: Use the KDC"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:130
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
msgid "krb5_ccachedir (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:133
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
"krb5_ccname_template can be used here, too, except %d and %P. If the "
@@ -3553,168 +3755,316 @@ msgid ""
"</citerefentry> for details) is created."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:146
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:151
msgid "Default: /tmp"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:152
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:157
msgid "krb5_ccname_template (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:161
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:162
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:165
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:166
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:171
msgid "login UID"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:169
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:174
msgid "%p"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:170
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:175
msgid "principal name"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:179
msgid "%r"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:180
msgid "realm name"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:178
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:183
msgid "%h"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:179
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:184
msgid "home directory"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:194
msgid "%P"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:195
msgid "the process ID of the sssd client"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:195
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:196
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:155
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:160
msgid ""
"Location of the user's credential cache. Currently only file based "
"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder0> If the template ends with 'XXXXXX' mkstemp(3) is "
-"used to create a unique filename in a safe way."
+"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
+"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
+"way."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:204
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:209
msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:210
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:215
msgid "krb5_auth_timeout (integer)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:213
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:218
msgid ""
"Timeout in seconds after an online authentication or change password request "
"is aborted. If possible the authentication request is continued offline."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:236
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:241
msgid "krb5_keytab (string)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:239
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:244
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:243
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:248
msgid "Default: /etc/krb5.keytab"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:249
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:254
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:252
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider gets online again."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid "Please note that this feature currently only available on a Linux plattform."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:262
+msgid "Please note that this feature currently only available on a Linux platform."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"Request a renewable ticket with a total lifetime given by an integer "
+"immediately followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
+msgid "<emphasis>s</emphasis> seconds"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
+msgid "<emphasis>m</emphasis> minutes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
+msgid "<emphasis>h</emphasis> hours"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
+msgid "<emphasis>d</emphasis> days."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
+msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:296
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"renewable lifetime to one and a half hours please use '90m' instead of "
+"'1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:302
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:308
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:311
+msgid ""
+"Request ticket with a with a lifetime given by an integer immediately "
+"followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:332
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"lifetime to one and a half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:337
+msgid "Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:344
+msgid "krb5_renew_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:347
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:352
+msgid "If this option is not set or 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:356
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:362
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:365
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos "
+"pre-authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:370
+msgid ""
+"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
+"option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:374
+msgid ""
+"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
+"continue without."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:378
+msgid ""
+"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
+"fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:382
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:385
+msgid "Please note that a keytab is required to use fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:388
+msgid ""
+"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
+"and above. If sssd used used with an older version using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:65
msgid ""
"If the auth-module krb5 is used in a SSSD domain, the following options must "
"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
"SECTIONS</quote> for details on the configuration of a SSSD domain. "
-"<placeholder0>"
+"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:277
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:407
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -3722,8 +4072,8 @@ msgid ""
"include any identity provider."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:285
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:415
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -3732,8 +4082,8 @@ msgid ""
" krb5_realm = EXAMPLE.COM\n"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:296
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:426
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -3743,17 +4093,17 @@ msgid ""
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
msgid "sss_groupadd"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupadd.8.xml:16
msgid "create a new group"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupadd.8.xml:21
msgid ""
"<command>sss_groupadd</command> <arg choice='opt'> "
@@ -3761,7 +4111,7 @@ msgid ""
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:32
msgid ""
"<command>sss_groupadd</command> creates a new group. These groups are "
@@ -3769,19 +4119,19 @@ msgid ""
"contain other groups as members."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupadd.8.xml:43
msgid "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupadd.8.xml:48
msgid ""
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:60
msgid ""
"<citerefentry> "
@@ -3799,17 +4149,17 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
msgid "sss_userdel"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_userdel.8.xml:16
msgid "delete a user account"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_userdel.8.xml:21
msgid ""
"<command>sss_userdel</command> <arg choice='opt'> "
@@ -3817,60 +4167,60 @@ msgid ""
"choice='plain'><replaceable>LOGIN</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:32
msgid ""
"<command>sss_userdel</command> deletes a user identified by login name "
"<replaceable>LOGIN</replaceable> from the system."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:44
msgid "<option>-r</option>,<option>--remove</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:48
msgid ""
"Files in the user's home directory will be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:56
msgid "<option>-R</option>,<option>--no-remove</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:60
msgid ""
"Files in the user's home directory will NOT be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:68
msgid "<option>-f</option>,<option>--force</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:72
msgid ""
"This option forces <command>sss_userdel</command> to remove the user's home "
"directory and mail spool, even if they are not owned by the specified user."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:80
msgid "<option>-k</option>,<option>--kick</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:84
msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:95
msgid ""
"<citerefentry> "
@@ -3888,17 +4238,17 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
msgid "sss_groupdel"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupdel.8.xml:16
msgid "delete a group"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupdel.8.xml:21
msgid ""
"<command>sss_groupdel</command> <arg choice='opt'> "
@@ -3906,14 +4256,14 @@ msgid ""
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:32
msgid ""
"<command>sss_groupdel</command> deletes a group identified by its name "
"<replaceable>GROUP</replaceable> from the system."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:48
msgid ""
"<citerefentry> "
@@ -3931,17 +4281,17 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
msgid "sss_groupshow"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupshow.8.xml:16
msgid "print properties of a group"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupshow.8.xml:21
msgid ""
"<command>sss_groupshow</command> <arg choice='opt'> "
@@ -3949,7 +4299,7 @@ msgid ""
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:32
msgid ""
"<command>sss_groupshow</command> displays information about a group "
@@ -3957,12 +4307,12 @@ msgid ""
"includes the group ID number, members of the group and the parent group."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupshow.8.xml:43
msgid "<option>-R</option>,<option>--recursive</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupshow.8.xml:47
msgid ""
"Also print indirect group members in a tree-like hierarchy. Note that this "
@@ -3970,7 +4320,7 @@ msgid ""
"direct parent will be printed."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:60
msgid ""
"<citerefentry> "
@@ -3986,17 +4336,17 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refname>
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
msgid "sss_usermod"
msgstr ""
-# type: Content of: <reference><refentry><refnamediv><refpurpose>
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_usermod.8.xml:16
msgid "modify a user account"
msgstr ""
-# type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_usermod.8.xml:21
msgid ""
"<command>sss_usermod</command> <arg choice='opt'> "
@@ -4004,7 +4354,7 @@ msgid ""
"choice='plain'><replaceable>LOGIN</replaceable></arg>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:32
msgid ""
"<command>sss_usermod</command> modifies the account specified by "
@@ -4012,17 +4362,17 @@ msgid ""
"on the command line."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:60
msgid "The home directory of the user account."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:71
msgid "The user's login shell."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:82
msgid ""
"Append this user to groups specified by the "
@@ -4031,39 +4381,39 @@ msgid ""
"group names."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:96
msgid ""
"Remove this user from groups specified by the "
"<replaceable>GROUPS</replaceable> parameter."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:103
msgid "<option>-l</option>,<option>--lock</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:107
msgid "Lock the user account. The user won't be able to log in."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:114
msgid "<option>-u</option>,<option>--unlock</option>"
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:118
msgid "Unlock the user account."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:129
msgid "The SELinux user for the user's login."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
+#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:140
msgid ""
"<citerefentry> "
@@ -4081,24 +4431,24 @@ msgid ""
"</citerefentry>."
msgstr ""
-# type: Content of: <refsect1><title>
+#. type: Content of: <refsect1><title>
#: include/service_discovery.xml:2
msgid "SERVICE DISCOVERY"
msgstr ""
-# type: Content of: <refsect1><para>
+#. type: Content of: <refsect1><para>
#: include/service_discovery.xml:4
msgid ""
"The service discovery feature allows back ends to automatically find the "
"appropriate servers to connect to using a special DNS query."
msgstr ""
-# type: Content of: <refsect1><refsect2><title>
+#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:9
msgid "Configuration"
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:11
msgid ""
"If no servers are specified, the back end automatically uses service "
@@ -4110,47 +4460,64 @@ msgid ""
"specific server when no servers can be discovered using DNS."
msgstr ""
-# type: Content of: <refsect1><refsect2><title>
+#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:23
msgid "The domain name"
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:25
msgid ""
"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page for more defails."
+"<manvolnum>5</manvolnum> </citerefentry> manual page for more details."
msgstr ""
-# type: Content of: <refsect1><refsect2><title>
+#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:35
-msgid "See Also"
+msgid "The protocol"
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
msgid "For more information on the service discovery mechanism, refer to RFC 2782."
msgstr ""
-# type: Content of: <refsect1><title>
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
#: include/failover.xml:2
msgid "FAILOVER"
msgstr ""
-# type: Content of: <refsect1><para>
+#. type: Content of: <refsect1><para>
#: include/failover.xml:4
msgid ""
"The failover feature allows back ends to automatically switch to a different "
"server if the primary server fails."
msgstr ""
-# type: Content of: <refsect1><refsect2><title>
+#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:8
msgid "Failover Syntax"
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:10
msgid ""
"The list of servers is given as a comma-separated list; any number of spaces "
@@ -4158,12 +4525,12 @@ msgid ""
"preference. The list can contain any number of servers."
msgstr ""
-# type: Content of: <refsect1><refsect2><title>
+#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:17
msgid "The Failover Mechanism"
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:19
msgid ""
"The failover mechanism distinguishes between a machine and a service. The "
@@ -4177,7 +4544,7 @@ msgid ""
"and might still be tried for another service."
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:32
msgid ""
"Further connection attempts are made to machines or services marked as "
@@ -4185,19 +4552,19 @@ msgid ""
"seconds."
msgstr ""
-# type: Content of: <refsect1><refsect2><para>
+#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:37
msgid ""
"If there are no more machines to try, the back end as a whole switches to "
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
-# type: Content of: <varlistentry><term>
+#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
msgstr ""
-# type: Content of: <varlistentry><listitem><para>
+#. type: Content of: <varlistentry><listitem><para>
#: include/param_help.xml:7
msgid "Display help message and exit."
msgstr ""